Bug 1431441 - Part 4 - ASSERT the sandbox is already enabled r=Alex_Gaynor
authorHaik Aftandilian <haftandilian@mozilla.com>
Thu, 18 Oct 2018 20:47:43 +0000
changeset 490777 abbae9f258346c8964babc3ee9e1ec061b749af1
parent 490776 03cb6cfc053da196a21da013bb51c135ec3a9ff8
child 490778 cd9c1a610dd7edf256945bccea8671cb2bd18f70
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
reviewersAlex_Gaynor
bugs1431441
milestone64.0a1
Bug 1431441 - Part 4 - ASSERT the sandbox is already enabled r=Alex_Gaynor When early initialization of the sandbox is enabled, assert that the sandbox has already been enabled in ContentProcess::Init(). Depends on D6720 Differential Revision: https://phabricator.services.mozilla.com/D6721
dom/ipc/ContentProcess.cpp
security/sandbox/mac/Sandbox.h
security/sandbox/mac/Sandbox.mm
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@@ -9,16 +9,17 @@
 #include "ContentProcess.h"
 #include "base/shared_memory.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Scheduler.h"
 #include "mozilla/recordreplay/ParentIPC.h"
 
 #if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
 #include <stdlib.h>
+#include "mozilla/Sandbox.h"
 #endif
 
 #if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
 #include "mozilla/SandboxSettings.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsDirectoryService.h"
 #include "nsDirectoryServiceDefs.h"
 #endif
@@ -291,17 +292,23 @@ ContentProcess::Init(int aArgc, char* aA
                 *parentBuildID,
                 IOThreadChild::channel(),
                 *childID,
                 *isForBrowser);
 
   mXREEmbed.Start();
 #if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
   mContent.SetProfileDir(profileDir);
-#endif
+#if defined(DEBUG)
+  if (IsContentSandboxEnabled() &&
+      Preferences::GetBool("security.sandbox.content.mac.earlyinit")) {
+    AssertMacSandboxEnabled();
+  }
+#endif /* DEBUG */
+#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
 
 #if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
   SetUpSandboxEnvironment();
 #endif
 
   return true;
 }
 
--- a/security/sandbox/mac/Sandbox.h
+++ b/security/sandbox/mac/Sandbox.h
@@ -73,12 +73,15 @@ typedef struct _MacSandboxInfo {
   bool shouldLog;
 } MacSandboxInfo;
 
 namespace mozilla {
 
 bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage);
 bool EarlyStartMacSandboxIfEnabled(int aArgc, char** aArgv,
                                    std::string &aErrorMessage);
+#ifdef DEBUG
+void AssertMacSandboxEnabled();
+#endif /* DEBUG */
 
 } // namespace mozilla
 
 #endif // mozilla_Sandbox_h
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -484,10 +484,25 @@ EarlyStartMacSandboxIfEnabled(int aArgc,
   info.type = MacSandboxType_Content;
   if (!GetContentSandboxParamsFromArgs(aArgc, aArgv, info)) {
     return false;
   }
 
   return StartMacSandbox(info, aErrorMessage);
 }
 
+#ifdef DEBUG
+/*
+ * Ensures that a process sandbox is enabled by attempting to enable
+ * a new sandbox policy and ASSERT'ing that this fails. This depends
+ * on sandbox_init() failing when called again after a sandbox has
+ * already been successfully enabled.
+ */
+void
+AssertMacSandboxEnabled()
+{
+  char *errorbuf = NULL;
+  int rv = sandbox_init("(version 1)(deny default)", 0, &errorbuf);
+  MOZ_ASSERT(rv != 0);
+}
+#endif /* DEBUG */
 
 } // namespace mozilla