Bug 1580268: Sandbox GPU process on OpenBSD with pledge() r=gcp
authorjoshua stein <jcs@jcs.org>
Thu, 07 Nov 2019 09:56:07 +0000
changeset 501213 8e2be8ec03fc1f6eab748d35240c41c1656724f8
parent 501212 396a73e240dfcb4273ec0657df07284b172d9ca6
child 501214 faf2b623b315b7faf436ae69b9464f286f2ddd24
push id36783
push usermalexandru@mozilla.com
push dateFri, 08 Nov 2019 17:14:34 +0000
treeherdermozilla-central@478c5bf5ccb3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgcp
bugs1580268
milestone72.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1580268: Sandbox GPU process on OpenBSD with pledge() r=gcp Differential Revision: https://phabricator.services.mozilla.com/D51386
dom/ipc/ContentChild.cpp
gfx/ipc/GPUProcessImpl.cpp
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -4215,16 +4215,20 @@ bool StartOpenBSDSandbox(GeckoProcessTyp
     case GeckoProcessType_Default:
       OpenBSDFindPledgeFilePath("pledge.main", pledgeFile);
       break;
 
     case GeckoProcessType_Content:
       OpenBSDFindPledgeFilePath("pledge.content", pledgeFile);
       break;
 
+    case GeckoProcessType_GPU:
+      pledgeFile.Append("pledge.gpu");
+      break;
+
     default:
       MOZ_ASSERT(false, "unknown process type");
       return false;
   }
 
   if (NS_WARN_IF(NS_FAILED(OpenBSDPledgePromises(pledgeFile)))) {
     errx(1, "failed reading/parsing %s", pledgeFile.get());
   }
--- a/gfx/ipc/GPUProcessImpl.cpp
+++ b/gfx/ipc/GPUProcessImpl.cpp
@@ -5,31 +5,35 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "GPUProcessImpl.h"
 #include "mozilla/ipc/IOThreadChild.h"
 #include "nsXPCOM.h"
 #include "ProcessUtils.h"
 
 #if defined(OS_WIN) && defined(MOZ_SANDBOX)
 #  include "mozilla/sandboxTarget.h"
+#elif defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+#  include "mozilla/SandboxSettings.h"
 #endif
 
 namespace mozilla {
 namespace gfx {
 
 using namespace ipc;
 
 GPUProcessImpl::GPUProcessImpl(ProcessId aParentPid)
     : ProcessChild(aParentPid) {}
 
 GPUProcessImpl::~GPUProcessImpl() {}
 
 bool GPUProcessImpl::Init(int aArgc, char* aArgv[]) {
 #if defined(MOZ_SANDBOX) && defined(OS_WIN)
   mozilla::SandboxTarget::Instance()->StartSandbox();
+#elif defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+  StartOpenBSDSandbox(GeckoProcessType_GPU);
 #endif
   char* parentBuildID = nullptr;
   char* prefsHandle = nullptr;
   char* prefMapHandle = nullptr;
   char* prefsLen = nullptr;
   char* prefMapSize = nullptr;
   for (int i = 1; i < aArgc; i++) {
     if (!aArgv[i]) {