/**
* Starts the seccomp sandbox for this process.
* Generally called just after SetCurrentProcessPrivileges.
* Should be called only once, and before any potentially harmful content is loaded.
*
* Should normally make the process exit on failure.
*/
void
SetCurrentProcessSandbox(void)
{
#ifdef PR_LOGGING
if (!gSeccompSandboxLog) {
gSeccompSandboxLog = PR_NewLogModule("SeccompSandbox");
}
PR_ASSERT(gSeccompSandboxLog);
#endif
#ifdef MOZ_CONTENT_SANDBOX_REPORTER
if (InstallSyscallReporter()) {
PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_reporter() failed\n"));
/* This is disabled so that we do not exit if seccomp-bpf is not available
* This will be re-enabled when all B2G devices are required to support seccomp-bpf
* See bug 880797 for reversal
*/
/* _exit(127); */
}
#endif
if (InstallSyscallFilter()) {
PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_filter() failed\n"));
/* This is disabled so that we do not exit if seccomp-bpf is not available
* This will be re-enabled when all B2G devices are required to support seccomp-bpf
* See bug 880797 for reversal
*/
/* _exit(127); */
}
}
// Returns true if sandboxing was enabled, or false if sandboxing
// already was enabled. Crashes if sandboxing could not be enabled.
static bool
SetThreadSandbox()
{
if (prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) {
InstallSyscallFilter(sSetSandboxFilter);
return true;
}
return false;
}
// Returns true if sandboxing was enabled, or false if sandboxing
// already was enabled. Crashes if sandboxing could not be enabled.
static bool
SetThreadSandbox()
{
if (prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) {
if (!InstallSyscallFilter(gSetSandboxFilter, false)) {
MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)");
}
return true;
}
return false;
}
static void
ApplySandboxWithTSync(sock_fprog* aFilter)
{
EnterChroot();
// At this point we're committed to using tsync, because the signal
// broadcast workaround needs to access procfs. (Unless chroot
// isn't used... but this failure shouldn't happen in the first
// place, so let's not make extra special cases for it.)
if (!InstallSyscallFilter(aFilter, true)) {
MOZ_CRASH("seccomp+tsync failed, but kernel supports tsync");
}
}
static bool
SetThreadSandbox()
{
bool didAnything = false;
if (PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX") == nullptr &&
prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) {
if (InstallSyscallFilter() == 0) {
didAnything = true;
}
/*
* Bug 880797: when all B2G devices are required to support
* seccomp-bpf, this should exit/crash if InstallSyscallFilter
* returns nonzero (ifdef MOZ_WIDGET_GONK).
*/
}
return didAnything;
}
