Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche
☠☠ backed out by dc9495156e2b ☠ ☠
authorGian-Carlo Pascutto <gcp@mozilla.com>
Wed, 18 May 2016 18:37:44 +0200
changeset 337746 767f65379fdf5940c45fa5c360d767f4ea12ac09
parent 337745 ee21562d144c762f0c087c75f4dfb22ddacc7607
child 337747 42a8ed44e75cf9fcd30e9a21d05624975c727ced
push id6249
push userjlund@mozilla.com
push dateMon, 01 Aug 2016 13:59:36 +0000
treeherdermozilla-beta@bad9d4f5bf7e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgfritzsche
bugs1098428
milestone49.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1098428 - Add Linux sandboxing information to Telemetry. r=gfritzsche MozReview-Commit-ID: GtIPsRqq5hr
security/sandbox/linux/common/SandboxInfo.cpp
security/sandbox/linux/common/SandboxInfo.h
toolkit/components/telemetry/Histograms.json
toolkit/xre/nsAppRunner.cpp
--- a/security/sandbox/linux/common/SandboxInfo.cpp
+++ b/security/sandbox/linux/common/SandboxInfo.cpp
@@ -14,16 +14,17 @@
 #include <sys/stat.h>
 #include <sys/syscall.h>
 #include <sys/wait.h>
 #include <unistd.h>
 
 #include "base/posix/eintr_wrapper.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/ArrayUtils.h"
+#include "mozilla/Telemetry.h"
 #include "sandbox/linux/seccomp-bpf/linux_seccomp.h"
 #include "sandbox/linux/services/linux_syscalls.h"
 
 // A note about assertions: in general, the worst thing this module
 // should be able to do is disable sandboxing features, so release
 // asserts or MOZ_CRASH should be avoided, even for seeming
 // impossibilities like an unimplemented syscall returning success
 // (which has happened: https://crbug.com/439795 ).
@@ -249,9 +250,33 @@ SandboxInfo::ThreadingCheck()
   // they wouldn't be using NSPR; we have to hope for the best.)
   setenv("MOZ_SANDBOX_UNEXPECTED_THREADS", "1", 0);
   int flags = sSingleton.mFlags;
   flags |= kUnexpectedThreads;
   flags &= ~(kHasUserNamespaces | kHasPrivilegedUserNamespaces);
   sSingleton.mFlags = static_cast<Flags>(flags);
 }
 
+/* static */ void
+SandboxInfo::SubmitTelemetry()
+{
+  SandboxInfo sandboxInfo = Get();
+  Telemetry::Accumulate(
+    Telemetry::SANDBOX_CAPABILITIES_SECCOMP_BPF,
+    sandboxInfo.Test(SandboxInfo::kHasSeccompBPF));
+  Telemetry::Accumulate(
+    Telemetry::SANDBOX_CAPABILITIES_SECCOMP_TSYNC,
+    sandboxInfo.Test(SandboxInfo::kHasSeccompTSync));
+  Telemetry::Accumulate(
+    Telemetry::SANDBOX_CAPABILITIES_USER_NAMESPACES_PRIVILEGED,
+    sandboxInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces));
+  Telemetry::Accumulate(
+    Telemetry::SANDBOX_CAPABILITIES_USER_NAMESPACES,
+    sandboxInfo.Test(SandboxInfo::kHasUserNamespaces));
+  Telemetry::Accumulate(
+    Telemetry::SANDBOX_CAPABILITIES_ENABLED_CONTENT,
+    sandboxInfo.Test(SandboxInfo::kEnabledForContent));
+  Telemetry::Accumulate(
+    Telemetry::SANDBOX_CAPABILITIES_ENABLED_MEDIA,
+    sandboxInfo.Test(SandboxInfo::kEnabledForMedia));
+}
+
 } // namespace mozilla
--- a/security/sandbox/linux/common/SandboxInfo.h
+++ b/security/sandbox/linux/common/SandboxInfo.h
@@ -52,16 +52,18 @@ public:
   }
 
   // Returns true if SetMediaPluginSandbox may be called.
   bool CanSandboxMedia() const
   {
     return !Test(kEnabledForMedia) || Test(kHasSeccompBPF);
   }
 
+  static void SubmitTelemetry();
+
   // For bug 1222500 or anything else like it: On desktop, this is
   // called in the parent process at a point when it should still be
   // single-threaded, to check that the SandboxEarlyInit() call in a
   // child process is early enough to be single-threaded.  If not,
   // kUnexpectedThreads is set and affected flags (user namespaces;
   // possibly others in the future) are cleared.
   static void ThreadingCheck();
 private:
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -10735,16 +10735,64 @@
   },
   "SANDBOX_BROKER_INITIALIZED": {
     "alert_emails": ["bowen@mozilla.com"],
     "bug_numbers": [1256992],
     "expires_in_version": "55",
     "kind": "boolean",
     "description": "Result of call to SandboxBroker::Initialize"
   },
+  "SANDBOX_CAPABILITIES_SECCOMP_BPF": {
+    "alert_emails": ["gcp@mozilla.com"],
+    "bug_numbers": [1098428],
+    "expires_in_version": "55",
+    "kind": "flag",
+    "cpp_guard": "XP_LINUX",
+    "description": "Whether the system has seccomp-bpf capability"
+  },
+  "SANDBOX_CAPABILITIES_SECCOMP_TSYNC": {
+    "alert_emails": ["gcp@mozilla.com"],
+    "bug_numbers": [1098428],
+    "expires_in_version": "55",
+    "kind": "flag",
+    "cpp_guard": "XP_LINUX",
+    "description": "Whether the system has seccomp-bpf thread-sync capability"
+  },
+  "SANDBOX_CAPABILITIES_USER_NAMESPACES": {
+    "alert_emails": ["gcp@mozilla.com"],
+    "bug_numbers": [1098428],
+    "expires_in_version": "55",
+    "kind": "flag",
+    "cpp_guard": "XP_LINUX",
+    "description": "Whether our process succedeed in creating a user namespace"
+  },
+  "SANDBOX_CAPABILITIES_USER_NAMESPACES_PRIVILEGED": {
+    "alert_emails": ["gcp@mozilla.com"],
+    "bug_numbers": [1098428],
+    "expires_in_version": "55",
+    "kind": "flag",
+    "cpp_guard": "XP_LINUX",
+    "description": "Whether the system has the capability to create privileged user namespaces"
+  },
+ "SANDBOX_CAPABILITIES_ENABLED_MEDIA": {
+    "alert_emails": ["gcp@mozilla.com"],
+    "bug_numbers": [1098428],
+    "expires_in_version": "55",
+    "kind": "flag",
+    "cpp_guard": "XP_LINUX",
+    "description": "Whether the sandbox is enabled for media/GMP plugins"
+  },
+ "SANDBOX_CAPABILITIES_ENABLED_CONTENT": {
+    "alert_emails": ["gcp@mozilla.com"],
+    "bug_numbers": [1098428],
+    "expires_in_version": "55",
+    "kind": "flag",
+    "cpp_guard": "XP_LINUX",
+    "description": "Whether the sandbox is enabled for the content process"
+  },
   "SYNC_WORKER_OPERATION": {
     "alert_emails": ["amarchesini@mozilla.com", "khuey@mozilla.com" ],
     "bug_numbers": [1267904],
     "expires_in_version": "never",
     "kind": "exponential",
     "high": 5000,
     "n_buckets": 20,
     "keyed": true,
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -4356,16 +4356,21 @@ XREMain::XRE_mainRun()
 
 #ifdef MOZ_INSTRUMENT_EVENT_LOOP
   if (PR_GetEnv("MOZ_INSTRUMENT_EVENT_LOOP")) {
     bool logToConsole = true;
     mozilla::InitEventTracing(logToConsole);
   }
 #endif /* MOZ_INSTRUMENT_EVENT_LOOP */
 
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
+  // If we're on Linux, we now have information about the OS capabilities
+  // available to us.
+  SandboxInfo::SubmitTelemetry();
+#endif
 #if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
   SetUpSandboxEnvironment();
 #endif
 
   {
     rv = appStartup->Run();
     if (NS_FAILED(rv)) {
       NS_ERROR("failed to run appstartup");