Ejemplo n.º 1
0
/**
 * Starts the seccomp sandbox for this process.
 * Generally called just after SetCurrentProcessPrivileges.
 * Should be called only once, and before any potentially harmful content is loaded.
 *
 * Should normally make the process exit on failure.
*/
void
SetCurrentProcessSandbox(void)
{
#ifdef PR_LOGGING
  if (!gSeccompSandboxLog) {
    gSeccompSandboxLog = PR_NewLogModule("SeccompSandbox");
  }
  PR_ASSERT(gSeccompSandboxLog);
#endif

#ifdef MOZ_CONTENT_SANDBOX_REPORTER
  if (InstallSyscallReporter()) {
    PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_reporter() failed\n"));
    /* This is disabled so that we do not exit if seccomp-bpf is not available
     * This will be re-enabled when all B2G devices are required to support seccomp-bpf
     * See bug 880797 for reversal
     */

    /* _exit(127); */
  }

#endif

  if (InstallSyscallFilter()) {
    PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_filter() failed\n"));
    /* This is disabled so that we do not exit if seccomp-bpf is not available
     * This will be re-enabled when all B2G devices are required to support seccomp-bpf
     * See bug 880797 for reversal
     */

    /* _exit(127); */
  }

}
Ejemplo n.º 2
0
// Returns true if sandboxing was enabled, or false if sandboxing
// already was enabled.  Crashes if sandboxing could not be enabled.
static bool
SetThreadSandbox()
{
  if (prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) {
    InstallSyscallFilter(sSetSandboxFilter);
    return true;
  }
  return false;
}
Ejemplo n.º 3
0
// Returns true if sandboxing was enabled, or false if sandboxing
// already was enabled.  Crashes if sandboxing could not be enabled.
static bool
SetThreadSandbox()
{
    if (prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) {
        if (!InstallSyscallFilter(gSetSandboxFilter, false)) {
            MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)");
        }
        return true;
    }
    return false;
}
Ejemplo n.º 4
0
static void
ApplySandboxWithTSync(sock_fprog* aFilter)
{
    EnterChroot();
    // At this point we're committed to using tsync, because the signal
    // broadcast workaround needs to access procfs.  (Unless chroot
    // isn't used... but this failure shouldn't happen in the first
    // place, so let's not make extra special cases for it.)
    if (!InstallSyscallFilter(aFilter, true)) {
        MOZ_CRASH("seccomp+tsync failed, but kernel supports tsync");
    }
}
Ejemplo n.º 5
0
static bool
SetThreadSandbox()
{
  bool didAnything = false;

  if (PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX") == nullptr &&
      prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) {
    if (InstallSyscallFilter() == 0) {
      didAnything = true;
    }
    /*
     * Bug 880797: when all B2G devices are required to support
     * seccomp-bpf, this should exit/crash if InstallSyscallFilter
     * returns nonzero (ifdef MOZ_WIDGET_GONK).
     */
  }
  return didAnything;
}