Bug 1431441 - Part 4 - ASSERT the sandbox is already enabled r=Alex_Gaynor
☠☠ backed out by d770ea2a1b25 ☠ ☠
authorHaik Aftandilian <haftandilian@mozilla.com>
Tue, 02 Oct 2018 19:41:30 +0000
changeset 495037 be7ec7438701daa43a0d767ce195a52fd548d7b3
parent 495036 db6b7ee0418703dab9ef0b1aa5bd7efc1d6b5e81
child 495038 94a1d1d67191e9115a4058160397a2e47156f738
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersAlex_Gaynor
bugs1431441
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1431441 - Part 4 - ASSERT the sandbox is already enabled r=Alex_Gaynor When early initialization of the sandbox is enabled, assert that the sandbox has already been enabled in ContentProcess::Init(). Depends on D6720 Differential Revision: https://phabricator.services.mozilla.com/D6721
dom/ipc/ContentProcess.cpp
security/sandbox/mac/Sandbox.h
security/sandbox/mac/Sandbox.mm
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@@ -9,16 +9,17 @@
 #include "ContentProcess.h"
 #include "base/shared_memory.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Scheduler.h"
 #include "mozilla/recordreplay/ParentIPC.h"
 
 #if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
 #include <stdlib.h>
+#include "mozilla/Sandbox.h"
 #endif
 
 #if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
 #include "mozilla/SandboxSettings.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsDirectoryService.h"
 #include "nsDirectoryServiceDefs.h"
 #endif
@@ -291,17 +292,23 @@ ContentProcess::Init(int aArgc, char* aA
                 *parentBuildID,
                 IOThreadChild::channel(),
                 *childID,
                 *isForBrowser);
 
   mXREEmbed.Start();
 #if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
   mContent.SetProfileDir(profileDir);
-#endif
+#if defined(DEBUG)
+  if (IsContentSandboxEnabled() &&
+      Preferences::GetBool("security.sandbox.content.mac.earlyinit")) {
+    AssertMacSandboxEnabled();
+  }
+#endif /* DEBUG */
+#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
 
 #if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
   SetUpSandboxEnvironment();
 #endif
 
   return true;
 }
 
--- a/security/sandbox/mac/Sandbox.h
+++ b/security/sandbox/mac/Sandbox.h
@@ -73,12 +73,15 @@ typedef struct _MacSandboxInfo {
   bool shouldLog;
 } MacSandboxInfo;
 
 namespace mozilla {
 
 bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage);
 bool EarlyStartMacSandboxIfEnabled(int aArgc, char** aArgv,
                                    std::string &aErrorMessage);
+#ifdef DEBUG
+void AssertMacSandboxEnabled();
+#endif /* DEBUG */
 
 } // namespace mozilla
 
 #endif // mozilla_Sandbox_h
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -484,10 +484,25 @@ EarlyStartMacSandboxIfEnabled(int aArgc,
   info.type = MacSandboxType_Content;
   if (!GetContentSandboxParamsFromArgs(aArgc, aArgv, info)) {
     return false;
   }
 
   return StartMacSandbox(info, aErrorMessage);
 }
 
+#ifdef DEBUG
+/*
+ * Ensures that a process sandbox is enabled by attempting to enable
+ * a new sandbox policy and ASSERT'ing that this fails. This depends
+ * on sandbox_init() failing when called again after a sandbox has
+ * already been successfully enabled.
+ */
+void
+AssertMacSandboxEnabled()
+{
+  char *errorbuf = NULL;
+  int rv = sandbox_init("(version 1)(deny default)", 0, &errorbuf);
+  MOZ_ASSERT(rv != 0);
+}
+#endif /* DEBUG */
 
 } // namespace mozilla