Bug 1535704: Part 3 - Add an observer to sandboxTarget that fires once the main thread's token has been lowered; r=bobowen
authorAaron Klotz <aklotz@mozilla.com>
Tue, 23 Apr 2019 17:16:38 +0000
changeset 471884 d303f2ce387ee0c666aa9173ef3ba841493149c9
parent 471883 d49e716056f8835ac626f1bb9e6aaf2844c545fb
child 471885 496213852ce6d42886a992f729fb125be3fc98f2
push id84339
push useraklotz@mozilla.com
push dateTue, 30 Apr 2019 06:42:14 +0000
treeherderautoland@496213852ce6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbobowen
bugs1535704
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1535704: Part 3 - Add an observer to sandboxTarget that fires once the main thread's token has been lowered; r=bobowen This allows us to loosen the coupling between the sandbox and code that needs to run as soon as the token has been lowered. We use std::list here because the observer service is not yet initialized. Differential Revision: https://phabricator.services.mozilla.com/D28392
security/sandbox/common/moz.build
security/sandbox/win/src/sandboxtarget/sandboxTarget.cpp
security/sandbox/win/src/sandboxtarget/sandboxTarget.h
--- a/security/sandbox/common/moz.build
+++ b/security/sandbox/common/moz.build
@@ -2,25 +2,27 @@
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 with Files('**'):
     BUG_COMPONENT = ('Core', 'Security: Process Sandboxing')
 
-UNIFIED_SOURCES += ['SandboxSettings.cpp']
+UNIFIED_SOURCES += [
+    'SandboxSettings.cpp',
+]
 
 XPCOM_MANIFESTS += [
     'components.conf',
 ]
 
 XPIDL_SOURCES += [
     'mozISandboxSettings.idl',
 ]
 
 XPIDL_MODULE = 'sandbox'
 
 FINAL_LIBRARY = 'xul'
 
 EXPORTS.mozilla += [
-    'SandboxSettings.h'
+    'SandboxSettings.h',
 ]
--- a/security/sandbox/win/src/sandboxtarget/sandboxTarget.cpp
+++ b/security/sandbox/win/src/sandboxtarget/sandboxTarget.cpp
@@ -16,19 +16,32 @@ namespace mozilla {
 SandboxTarget* SandboxTarget::Instance() {
   static SandboxTarget sb;
   return &sb;
 }
 
 void SandboxTarget::StartSandbox() {
   if (mTargetServices) {
     mTargetServices->LowerToken();
+    NotifyStartObservers();
   }
 }
 
+void SandboxTarget::NotifyStartObservers() {
+  for (auto&& obs : mStartObservers) {
+    if (!obs) {
+      continue;
+    }
+
+    obs();
+  }
+
+  mStartObservers.clear();
+}
+
 bool SandboxTarget::BrokerDuplicateHandle(HANDLE aSourceHandle,
                                           DWORD aTargetProcessId,
                                           HANDLE* aTargetHandle,
                                           DWORD aDesiredAccess,
                                           DWORD aOptions) {
   if (!mTargetServices) {
     return false;
   }
--- a/security/sandbox/win/src/sandboxtarget/sandboxTarget.h
+++ b/security/sandbox/win/src/sandboxtarget/sandboxTarget.h
@@ -2,19 +2,23 @@
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __SECURITY_SANDBOX_SANDBOXTARGET_H__
 #define __SECURITY_SANDBOX_SANDBOXTARGET_H__
 
+#include <functional>
+#include <list>
+
 #include <windows.h>
 
 #include "mozilla/Assertions.h"
+#include "mozilla/Move.h"
 
 namespace sandbox {
 class TargetServices;
 }
 
 namespace mozilla {
 
 class SandboxTarget {
@@ -34,16 +38,21 @@ class SandboxTarget {
   void SetTargetServices(sandbox::TargetServices* aTargetServices) {
     MOZ_ASSERT(aTargetServices);
     MOZ_ASSERT(!mTargetServices,
                "Sandbox TargetServices must only be set once.");
 
     mTargetServices = aTargetServices;
   }
 
+  template <typename CallbackT>
+  void RegisterSandboxStartCallback(CallbackT aCallback) {
+    mStartObservers.push_back(std::forward<CallbackT>(aCallback));
+  }
+
   /**
    * Called by the library that wants to "start" the sandbox, i.e. change to the
    * more secure delayed / lockdown policy.
    */
   void StartSandbox();
 
   /**
    * Used to duplicate handles via the broker process. The permission for the
@@ -52,13 +61,17 @@ class SandboxTarget {
   bool BrokerDuplicateHandle(HANDLE aSourceHandle, DWORD aTargetProcessId,
                              HANDLE* aTargetHandle, DWORD aDesiredAccess,
                              DWORD aOptions);
 
  protected:
   SandboxTarget() : mTargetServices(nullptr) {}
 
   sandbox::TargetServices* mTargetServices;
+
+ private:
+  void NotifyStartObservers();
+  std::list<std::function<void()>> mStartObservers;
 };
 
 }  // namespace mozilla
 
 #endif