Exemplo n.º 1
0
/**
 * Starts the seccomp sandbox for this process.
 * Generally called just after SetCurrentProcessPrivileges.
 * Should be called only once, and before any potentially harmful content is loaded.
 *
 * Should normally make the process exit on failure.
*/
void
SetCurrentProcessSandbox(void)
{
#ifdef PR_LOGGING
  if (!gSeccompSandboxLog) {
    gSeccompSandboxLog = PR_NewLogModule("SeccompSandbox");
  }
  PR_ASSERT(gSeccompSandboxLog);
#endif

#ifdef MOZ_CONTENT_SANDBOX_REPORTER
  if (InstallSyscallReporter()) {
    PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_reporter() failed\n"));
    /* This is disabled so that we do not exit if seccomp-bpf is not available
     * This will be re-enabled when all B2G devices are required to support seccomp-bpf
     * See bug 880797 for reversal
     */

    /* _exit(127); */
  }

#endif

  if (InstallSyscallFilter()) {
    PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_filter() failed\n"));
    /* This is disabled so that we do not exit if seccomp-bpf is not available
     * This will be re-enabled when all B2G devices are required to support seccomp-bpf
     * See bug 880797 for reversal
     */

    /* _exit(127); */
  }

}
Exemplo n.º 2
0
// Common code for sandbox startup.
static void
SetCurrentProcessSandbox(SandboxType aType)
{
  if (InstallSyscallReporter()) {
    LOG_ERROR("install_syscall_reporter() failed\n");
  }

  BroadcastSetThreadSandbox(aType);
}
Exemplo n.º 3
0
// Common code for sandbox startup.
static void
SetCurrentProcessSandbox(SandboxType aType)
{
  MOZ_ASSERT(gSandboxCrashFunc);

  if (InstallSyscallReporter()) {
    SANDBOX_LOG_ERROR("install_syscall_reporter() failed\n");
  }

  BroadcastSetThreadSandbox(aType);
}
Exemplo n.º 4
0
// Common code for sandbox startup.
static void
SetCurrentProcessSandbox(SandboxType aType)
{
  MOZ_ASSERT(gSandboxCrashFunc);

  if (InstallSyscallReporter()) {
    SANDBOX_LOG_ERROR("install_syscall_reporter() failed\n");
  }

#ifdef MOZ_ASAN
  __sanitizer_sandbox_arguments asanArgs;
  asanArgs.coverage_sandboxed = 1;
  asanArgs.coverage_fd = -1;
  asanArgs.coverage_max_block_size = 0;
  __sanitizer_sandbox_on_notify(&asanArgs);
#endif

  BroadcastSetThreadSandbox(aType);
}
Exemplo n.º 5
0
/**
 * Starts the seccomp sandbox for this process and sets user/group-based privileges.
 * Should be called only once, and before any potentially harmful content is loaded.
 *
 * Should normally make the process exit on failure.
*/
void
SetCurrentProcessSandbox()
{
#if !defined(ANDROID) && defined(PR_LOGGING)
  if (!gSeccompSandboxLog) {
    gSeccompSandboxLog = PR_NewLogModule("SeccompSandbox");
  }
  PR_ASSERT(gSeccompSandboxLog);
#endif

#if defined(MOZ_CONTENT_SANDBOX_REPORTER)
  if (InstallSyscallReporter()) {
    LOG_ERROR("install_syscall_reporter() failed\n");
  }
#endif

  if (IsSandboxingSupported()) {
    BroadcastSetThreadSandbox();
  }
}