Bug 935042 - Allow more than one process to be sandboxed from a single sandboxbroker. r=aklotz
authorBrian R. Bondy <netzen@gmail.com>
Tue, 05 Nov 2013 13:07:40 -0500
changeset 168223 979b83683ca7a9d21997a154b1dfe65b2d7ebad1
parent 168222 208198d2bbddfe9ae5896ee2ae912a1c6239e26c
child 168224 e078b92f7db1e699a9e2ac9f600b6f563afe2a67
push id3224
push userlsblakk@mozilla.com
push dateTue, 04 Feb 2014 01:06:49 +0000
treeherdermozilla-beta@60c04d0987f1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersaklotz
bugs935042
milestone28.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 935042 - Allow more than one process to be sandboxed from a single sandboxbroker. r=aklotz
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.h
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -6,54 +6,55 @@
 
 #include "sandboxBroker.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
 
 namespace mozilla
 {
 
-SandboxBroker::SandboxBroker() :
-  mBrokerService(nullptr)
+sandbox::BrokerServices *SandboxBroker::sBrokerService = nullptr;
+
+SandboxBroker::SandboxBroker()
 {
+  if (!sBrokerService) {
+    sBrokerService = sandbox::SandboxFactory::GetBrokerServices();
+    if (sBrokerService) {
+      sandbox::ResultCode result = sBrokerService->Init();
+      if (result != sandbox::SBOX_ALL_OK) {
+        sBrokerService = nullptr;
+      }
+    }
+  }
 }
 
 bool
 SandboxBroker::LaunchApp(const wchar_t *aPath,
                            const wchar_t *aArguments,
                            void **aProcessHandle)
 {
-  sandbox::ResultCode result;
-
   // If the broker service isn't already initialized, do it now
-  if (!mBrokerService) {
-    mBrokerService = sandbox::SandboxFactory::GetBrokerServices();
-    if (!mBrokerService) {
-      return false;
-    }
-
-    result = mBrokerService->Init();
-    if (result != sandbox::SBOX_ALL_OK) {
-      return false;
-    }
+  if (!sBrokerService) {
+    return false;
   }
 
   // Setup the sandbox policy, this is initially:
   // Medium integrity, unrestricted, in the same window station, within the
   // same desktop, and has no job object.
   // We'll start to increase the restrictions over time.
-  sandbox::TargetPolicy *policy = mBrokerService->CreatePolicy();
+  sandbox::TargetPolicy *policy = sBrokerService->CreatePolicy();
   policy->SetJobLevel(sandbox::JOB_NONE, 0);
   policy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                         sandbox::USER_RESTRICTED_SAME_ACCESS);
   policy->SetDelayedIntegrityLevel(sandbox::INTEGRITY_LEVEL_MEDIUM);
 
   // Ceate the sandboxed process
   PROCESS_INFORMATION targetInfo;
-  result = mBrokerService->SpawnTarget(aPath, aArguments, policy, &targetInfo);
+  sandbox::ResultCode result;
+  result = sBrokerService->SpawnTarget(aPath, aArguments, policy, &targetInfo);
 
   // The sandboxed process is started in a suspended state, resumeit now that
   // we'eve set things up.
   ResumeThread(targetInfo.hThread);
   CloseHandle(targetInfo.hThread);
 
   // Return the process handle to the caller
   *aProcessHandle = targetInfo.hProcess;
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@@ -23,14 +23,14 @@ class SANDBOX_EXPORT SandboxBroker
 {
 public:
   SandboxBroker();
   bool LaunchApp(const wchar_t *aPath, const wchar_t *aArguments,
                  void **aProcessHandle);
   virtual ~SandboxBroker();
 
 private:
-  sandbox::BrokerServices *mBrokerService;
+  static sandbox::BrokerServices *sBrokerService;
 };
 
 } // mozilla
 
 #endif