Bug 1498624 - pt1 - Implement OSX sandbox for RDD process. r=haik
authorMichael Froman <mfroman@mozilla.com>
Wed, 21 Nov 2018 00:11:20 +0000
changeset 503828 da37c7e24c90cd585bdf68dff8acc45aa4ba7c3c
parent 503827 fa0d05453365c26f404803117864654c59ff6d30
child 503829 6f3303d415f7920900d800869ce901eed060c889
push id10290
push userffxbld-merge
push dateMon, 03 Dec 2018 16:23:23 +0000
treeherdermozilla-beta@700bed2445e6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1498624
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1498624 - pt1 - Implement OSX sandbox for RDD process. r=haik Differential Revision: https://phabricator.services.mozilla.com/D12376
dom/media/ipc/RDDParent.cpp
dom/media/ipc/moz.build
--- a/dom/media/ipc/RDDParent.cpp
+++ b/dom/media/ipc/RDDParent.cpp
@@ -17,16 +17,23 @@
 #include "mozilla/TimeStamp.h"
 #include "mozilla/dom/MemoryReportRequest.h"
 #include "mozilla/ipc/CrashReporterClient.h"
 #include "mozilla/ipc/ProcessChild.h"
 
 #ifdef MOZ_GECKO_PROFILER
 #include "ChildProfilerController.h"
 #endif
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+#include "mozilla/Sandbox.h"
+#include "nsMacUtilsImpl.h"
+#include <Carbon/Carbon.h>  // for CGSSetDenyWindowServerConnections
+#endif
+
 #include "nsDebugImpl.h"
 #include "nsThreadManager.h"
 #include "ProcessUtils.h"
 
 namespace mozilla {
 
 using namespace ipc;
 
@@ -69,19 +76,65 @@ bool RDDParent::Init(base::ProcessId aPa
   if (NS_FAILED(NS_InitMinimalXPCOM())) {
     return false;
   }
 
   mozilla::ipc::SetThisProcessName("RDD Process");
   return true;
 }
 
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+extern "C" {
+CGError CGSSetDenyWindowServerConnections(bool);
+void CGSShutdownServerConnections();
+};
+
+static void StartRDDMacSandbox() {
+  // Close all current connections to the WindowServer. This ensures that the
+  // Activity Monitor will not label the content process as "Not responding"
+  // because it's not running a native event loop. See bug 1384336.
+  CGSShutdownServerConnections();
+
+  // Actual security benefits are only acheived when we additionally deny
+  // future connections.
+  CGError result = CGSSetDenyWindowServerConnections(true);
+  MOZ_DIAGNOSTIC_ASSERT(result == kCGErrorSuccess);
+#if !MOZ_DIAGNOSTIC_ASSERT_ENABLED
+  Unused << result;
+#endif
+
+  nsAutoCString appPath;
+  nsMacUtilsImpl::GetAppPath(appPath);
+
+  MacSandboxInfo info;
+  info.type = MacSandboxType_Plugin;
+  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
+                   PR_GetEnv("MOZ_SANDBOX_LOGGING");
+  info.appPath.assign(appPath.get());
+  // Per Haik, set appBinaryPath and pluginBinaryPath to '/dev/null' to
+  // make sure OSX sandbox policy isn't confused by empty strings for
+  // the paths.
+  info.appBinaryPath.assign("/dev/null");
+  info.pluginInfo.pluginBinaryPath.assign("/dev/null");
+  std::string err;
+  bool rv = mozilla::StartMacSandbox(info, err);
+  if (!rv) {
+    NS_WARNING(err.c_str());
+    MOZ_CRASH("mozilla::StartMacSandbox failed");
+  }
+}
+#endif
+
 mozilla::ipc::IPCResult RDDParent::RecvInit() {
   Unused << SendInitComplete();
 
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+  StartRDDMacSandbox();
+#endif
+
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult RDDParent::RecvInitProfiler(
     Endpoint<PProfilerChild>&& aEndpoint) {
 #ifdef MOZ_GECKO_PROFILER
   mProfilerController = ChildProfilerController::Create(std::move(aEndpoint));
 #endif
--- a/dom/media/ipc/moz.build
+++ b/dom/media/ipc/moz.build
@@ -47,12 +47,17 @@ SOURCES += [
     'RemoteVideoDecoderChild.cpp',
     'RemoteVideoDecoderParent.cpp',
     'VideoDecoderChild.cpp',
     'VideoDecoderManagerChild.cpp',
     'VideoDecoderManagerParent.cpp',
     'VideoDecoderParent.cpp',
 ]
 
+# so we can include nsMacUtilsImpl.h in RDDParent.cpp for sandboxing
+LOCAL_INCLUDES += [
+    '/xpcom/base',
+]
+
 include('/ipc/chromium/chromium-config.mozbuild')
 
 
 FINAL_LIBRARY = 'xul'