Bug 1306239 - Add pref to toggle OS X sandbox violation debugging, default on. r=haik
authorDavid Parks <davidp99@gmail.com>
Tue, 17 Jan 2017 15:47:13 -0800
changeset 377353 36e32e9299a36322783280f310cd366e3186b1af
parent 377352 98ee7f4c3b1acb2ec084e5f4fb20a0a493783aae
child 377354 c619c89829a77ae64b0d205a8c03f49283db921c
push id1419
push userjlund@mozilla.com
push dateMon, 10 Apr 2017 20:44:07 +0000
treeherdermozilla-release@5e6801b73ef6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershaik
bugs1306239
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1306239 - Add pref to toggle OS X sandbox violation debugging, default on. r=haik Turns on sandbox denial logging if security.sandbox.logging.enabled is true. Removes most sandbox violation messages but some related messages generated by other processes will still get through.
browser/app/profile/firefox.js
dom/ipc/ContentChild.cpp
dom/media/gmp/GMPChild.cpp
security/sandbox/mac/Sandbox.h
security/sandbox/mac/Sandbox.mm
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1019,16 +1019,27 @@ pref("security.sandbox.content.level", 2
 #if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // ID (a UUID when set by gecko) that is used to form the name of a
 // sandbox-writable temporary directory to be used by content processes
 // when a temporary writable file is required in a level 1 sandbox.
 pref("security.sandbox.content.tempDirSuffix", "");
 #endif
 #endif
 
+#if defined(MOZ_SANDBOX)
+#if defined(XP_MACOSX)
+// This pref determines if messages relevant to sandbox violations are
+// logged.
+// At present, this setting refers only to mac sandbox messages sent to
+// the system console but the setting will be used on other platforms
+// in the future.
+pref("security.sandbox.logging.enabled", true);
+#endif
+#endif
+
 // This pref governs whether we attempt to work around problems caused by
 // plugins using OS calls to manipulate the cursor while running out-of-
 // process.  These workarounds all involve intercepting (hooking) certain
 // OS calls in the plugin process, then arranging to make certain OS calls
 // in the browser process.  Eventually plugins will be required to use the
 // NPAPI to manipulate the cursor, and these workarounds will be removed.
 // See bug 621117.
 #ifdef XP_MACOSX
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -1436,16 +1436,17 @@ StartMacOSContentSandbox()
     if (NS_FAILED(rv) || profileDirPath.IsEmpty()) {
       MOZ_CRASH("Failed to get profile path");
     }
   }
 
   MacSandboxInfo info;
   info.type = MacSandboxType_Content;
   info.level = info.level = sandboxLevel;
+  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled", true);
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
   info.appDir.assign(appDir.get());
   info.appTempDir.assign(tempDirPath.get());
 
   if (profileDir) {
     info.hasSandboxedProfile = true;
     info.profileDir.assign(profileDirPath.get());
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@@ -227,16 +227,17 @@ GMPChild::SetMacSandboxInfo(MacSandboxPl
   }
   nsAutoCString appPath, appBinaryPath;
   if (!GetAppPaths(appPath, appBinaryPath)) {
     return false;
   }
 
   MacSandboxInfo info;
   info.type = MacSandboxType_Plugin;
+  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled", true);
   info.pluginInfo.type = aPluginType;
   info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
   info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
 
   mGMPLoader->SetSandboxInfo(&info);
   return true;
--- a/security/sandbox/mac/Sandbox.h
+++ b/security/sandbox/mac/Sandbox.h
@@ -32,33 +32,34 @@ typedef struct _MacSandboxPluginInfo {
       pluginBinaryPath(other.pluginBinaryPath) {}
   MacSandboxPluginType type;
   std::string pluginPath;
   std::string pluginBinaryPath;
 } MacSandboxPluginInfo;
 
 typedef struct _MacSandboxInfo {
   _MacSandboxInfo()
-    : type(MacSandboxType_Default), level(0) {}
+    : type(MacSandboxType_Default), level(0), shouldLog(true) {}
   _MacSandboxInfo(const struct _MacSandboxInfo& other)
     : type(other.type), level(other.level),
       hasSandboxedProfile(other.hasSandboxedProfile),
       pluginInfo(other.pluginInfo),
       appPath(other.appPath), appBinaryPath(other.appBinaryPath),
       appDir(other.appDir), appTempDir(other.appTempDir),
-      profileDir(other.profileDir) {}
+      profileDir(other.profileDir), shouldLog(other.shouldLog) {}
   MacSandboxType type;
   int32_t level;
   bool hasSandboxedProfile;
   MacSandboxPluginInfo pluginInfo;
   std::string appPath;
   std::string appBinaryPath;
   std::string appDir;
   std::string appTempDir;
   std::string profileDir;
+  bool shouldLog;
 } MacSandboxInfo;
 
 namespace mozilla {
 
 bool StartMacSandbox(MacSandboxInfo aInfo, std::string &aErrorMessage);
 
 } // namespace mozilla
 
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -117,17 +117,17 @@ OSXVersion::GetVersionNumber()
   }
   return mOSXVersion;
 }
 
 namespace mozilla {
 
 static const char pluginSandboxRules[] =
   "(version 1)\n"
-  "(deny default)\n"
+  "(deny default %s)\n"
   "(allow signal (target self))\n"
   "(allow sysctl-read)\n"
   "(allow iokit-open (iokit-user-client-class \"IOHIDParamUserClient\"))\n"
   "(allow mach-lookup\n"
   "    (global-name \"com.apple.cfprefsd.agent\")\n"
   "    (global-name \"com.apple.cfprefsd.daemon\")\n"
   "    (global-name \"com.apple.system.opendirectoryd.libinfo\")\n"
   "    (global-name \"com.apple.system.logger\")\n"
@@ -190,17 +190,17 @@ static const char contentSandboxRules[] 
   "  file-write-data\n"
   "  file-ioctl\n"
   "  (literal \"/dev/dtracehelper\"))\n"
   "\n"
   "; Used to read hw.ncpu, hw.physicalcpu_max, kern.ostype, and others\n"
   "(allow sysctl-read)\n"
   "\n"
   "(begin\n"
-  "  (deny default)\n"
+  "  (deny default %s)\n"
   "  (debug deny)\n"
   "\n"
   "  (define resolving-literal literal)\n"
   "  (define resolving-subpath subpath)\n"
   "  (define resolving-regex regex)\n"
   "\n"
   "  (define container-path appPath)\n"
   "  (define appdir-path appDir)\n"
@@ -401,21 +401,24 @@ static const char contentSandboxRules[] 
   "  (allow network-outbound (literal \"/private/var/run/cupsd\"))\n"
 #ifdef DEBUG
   "\n"
   "; bug 1303987\n"
   "  (allow file-write* (var-folders-regex \"/\"))\n"
 #endif
   ")\n";
 
+static const char* NO_LOGGING_CMD = "(with no-log)";
+
 bool StartMacSandbox(MacSandboxInfo aInfo, std::string &aErrorMessage)
 {
   char *profile = NULL;
   if (aInfo.type == MacSandboxType_Plugin) {
     asprintf(&profile, pluginSandboxRules,
+             aInfo.shouldLog ? "" : NO_LOGGING_CMD,
              aInfo.pluginInfo.pluginBinaryPath.c_str(),
              aInfo.appPath.c_str(),
              aInfo.appBinaryPath.c_str());
 
     if (profile &&
       aInfo.pluginInfo.type == MacSandboxPluginType_GMPlugin_EME_Widevine) {
       char *widevineProfile = NULL;
       asprintf(&widevineProfile, "%s%s", profile,
@@ -430,17 +433,18 @@ bool StartMacSandbox(MacSandboxInfo aInf
       asprintf(&profile, contentSandboxRules, aInfo.level,
                OSXVersion::OSXVersionMinor(),
                aInfo.appPath.c_str(),
                aInfo.appBinaryPath.c_str(),
                aInfo.appDir.c_str(),
                aInfo.appTempDir.c_str(),
                aInfo.hasSandboxedProfile ? 1 : 0,
                aInfo.profileDir.c_str(),
-               getenv("HOME"));
+               getenv("HOME"),
+               aInfo.shouldLog ? "" : NO_LOGGING_CMD);
     } else {
       fprintf(stderr,
         "Content sandbox disabled due to sandbox level setting\n");
       return false;
     }
   }
   else {
     char *msg = NULL;