/** * Starts the seccomp sandbox for this process. * Generally called just after SetCurrentProcessPrivileges. * Should be called only once, and before any potentially harmful content is loaded. * * Should normally make the process exit on failure. */ void SetCurrentProcessSandbox(void) { #ifdef PR_LOGGING if (!gSeccompSandboxLog) { gSeccompSandboxLog = PR_NewLogModule("SeccompSandbox"); } PR_ASSERT(gSeccompSandboxLog); #endif #ifdef MOZ_CONTENT_SANDBOX_REPORTER if (InstallSyscallReporter()) { PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_reporter() failed\n")); /* This is disabled so that we do not exit if seccomp-bpf is not available * This will be re-enabled when all B2G devices are required to support seccomp-bpf * See bug 880797 for reversal */ /* _exit(127); */ } #endif if (InstallSyscallFilter()) { PR_LOG(gSeccompSandboxLog, PR_LOG_ERROR, ("install_syscall_filter() failed\n")); /* This is disabled so that we do not exit if seccomp-bpf is not available * This will be re-enabled when all B2G devices are required to support seccomp-bpf * See bug 880797 for reversal */ /* _exit(127); */ } }
// Returns true if sandboxing was enabled, or false if sandboxing // already was enabled. Crashes if sandboxing could not be enabled. static bool SetThreadSandbox() { if (prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) { InstallSyscallFilter(sSetSandboxFilter); return true; } return false; }
// Returns true if sandboxing was enabled, or false if sandboxing // already was enabled. Crashes if sandboxing could not be enabled. static bool SetThreadSandbox() { if (prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) { if (!InstallSyscallFilter(gSetSandboxFilter, false)) { MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)"); } return true; } return false; }
static void ApplySandboxWithTSync(sock_fprog* aFilter) { EnterChroot(); // At this point we're committed to using tsync, because the signal // broadcast workaround needs to access procfs. (Unless chroot // isn't used... but this failure shouldn't happen in the first // place, so let's not make extra special cases for it.) if (!InstallSyscallFilter(aFilter, true)) { MOZ_CRASH("seccomp+tsync failed, but kernel supports tsync"); } }
static bool SetThreadSandbox() { bool didAnything = false; if (PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX") == nullptr && prctl(PR_GET_SECCOMP, 0, 0, 0, 0) == 0) { if (InstallSyscallFilter() == 0) { didAnything = true; } /* * Bug 880797: when all B2G devices are required to support * seccomp-bpf, this should exit/crash if InstallSyscallFilter * returns nonzero (ifdef MOZ_WIDGET_GONK). */ } return didAnything; }