/** * Starts the seccomp sandbox for a content process. Should be called * only once, and before any potentially harmful content is loaded. * * Will normally make the process exit on failure. */ void SetContentProcessSandbox() { if (gSandboxFlags.isDisabledForContent) { return; } SetCurrentProcessSandbox(kSandboxContentProcess); }
/** * Starts the seccomp sandbox for a content process. Should be called * only once, and before any potentially harmful content is loaded. * * Will normally make the process exit on failure. */ void SetContentProcessSandbox() { if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForContent)) { return; } SetCurrentProcessSandbox(GetContentSandboxPolicy()); }
/** * Starts the seccomp sandbox for a content process. Should be called * only once, and before any potentially harmful content is loaded. * * Will normally make the process exit on failure. */ void SetContentProcessSandbox(int aBrokerFd) { if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForContent)) { if (aBrokerFd >= 0) { close(aBrokerFd); } return; } // This needs to live until the process exits. static Maybe<SandboxBrokerClient> sBroker; if (aBrokerFd >= 0) { sBroker.emplace(aBrokerFd); } SetCurrentProcessSandbox(GetContentSandboxPolicy(sBroker.ptrOr(nullptr))); }
/** * Starts the seccomp sandbox for a media plugin process. Should be * called only once, and before any potentially harmful content is * loaded -- including the plugin itself, if it's considered untrusted. * * The file indicated by aFilePath, if non-null, can be open()ed once * read-only after the sandbox starts; it should be the .so file * implementing the not-yet-loaded plugin. * * Will normally make the process exit on failure. */ void SetMediaPluginSandbox(const char *aFilePath) { if (gSandboxFlags.isDisabledForGMP) { return; } if (aFilePath) { gMediaPluginFilePath = strdup(aFilePath); gMediaPluginFileDesc = open(aFilePath, O_RDONLY | O_CLOEXEC); if (gMediaPluginFileDesc == -1) { LOG_ERROR("failed to open plugin file %s: %s", aFilePath, strerror(errno)); MOZ_CRASH(); } } // Finally, start the sandbox. SetCurrentProcessSandbox(kSandboxMediaPlugin); }
/** * Starts the seccomp sandbox for a media plugin process. Should be * called only once, and before any potentially harmful content is * loaded -- including the plugin itself, if it's considered untrusted. * * The file indicated by aFilePath, if non-null, can be open()ed once * read-only after the sandbox starts; it should be the .so file * implementing the not-yet-loaded plugin. * * Will normally make the process exit on failure. */ void SetMediaPluginSandbox(const char *aFilePath) { if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForMedia)) { return; } if (aFilePath) { gMediaPluginFilePath = strdup(aFilePath); gMediaPluginFileDesc = open(aFilePath, O_RDONLY | O_CLOEXEC); if (gMediaPluginFileDesc == -1) { SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath, strerror(errno)); MOZ_CRASH(); } } // Finally, start the sandbox. SetCurrentProcessSandbox(kSandboxMediaPlugin); }