tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

UtilityProcessImpl.cpp (4517B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 #include "UtilityProcessImpl.h"
      7 
      8 #include "mozilla/GeckoArgs.h"
      9 #include "mozilla/ProcInfo.h"
     10 
     11 #if defined(XP_WIN)
     12 #  include "nsExceptionHandler.h"
     13 #endif
     14 
     15 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
     16 #  include "mozilla/sandboxTarget.h"
     17 #  include "WMF.h"
     18 #  include "WMFDecoderModule.h"
     19 #endif
     20 
     21 #if defined(XP_OPENBSD) && defined(MOZ_SANDBOX)
     22 #  include "mozilla/SandboxSettings.h"
     23 #endif
     24 
     25 #if defined(MOZ_WMF_CDM) && defined(MOZ_SANDBOX)
     26 #  include "mozilla/MFCDMParent.h"
     27 #endif
     28 
     29 namespace mozilla::ipc {
     30 
     31 UtilityProcessImpl::~UtilityProcessImpl() = default;
     32 
     33 #if defined(XP_WIN)
     34 /* static */
     35 void UtilityProcessImpl::LoadLibraryOrCrash(LPCWSTR aLib) {
     36  // re-try a few times depending on the error we get ; inspired by both our
     37  // results on content process allocations as well as msys2:
     38  // https://github.com/git-for-windows/msys2-runtime/blob/b4fed42af089ab955286343835a97e287496b3f8/winsup/cygwin/autoload.cc#L323-L339
     39 
     40  const int kMaxRetries = 10;
     41  DWORD err;
     42 
     43  for (int i = 0; i < kMaxRetries; i++) {
     44    HMODULE module = ::LoadLibraryW(aLib);
     45    if (module) {
     46      return;
     47    }
     48 
     49    err = ::GetLastError();
     50 
     51    if (err != ERROR_NOACCESS && err != ERROR_DLL_INIT_FAILED) {
     52      break;
     53    }
     54 
     55    PR_Sleep(0);
     56  }
     57 
     58  switch (err) {
     59    /* case ERROR_ACCESS_DENIED: */
     60    /* case ERROR_BAD_EXE_FORMAT: */
     61    /* case ERROR_SHARING_VIOLATION: */
     62    case ERROR_MOD_NOT_FOUND:
     63    case ERROR_COMMITMENT_LIMIT:
     64      // We want to make it explicit in telemetry that this was in fact an
     65      // OOM condition, even though we could not detect it on our own
     66      CrashReporter::AnnotateOOMAllocationSize(1);
     67      break;
     68 
     69    default:
     70      break;
     71  }
     72 
     73  MOZ_CRASH_UNSAFE_PRINTF("Unable to preload module: 0x%lx", err);
     74 }
     75 #endif  // defined(XP_WIN)
     76 
     77 bool UtilityProcessImpl::Init(int aArgc, char* aArgv[]) {
     78  Maybe<uint64_t> sandboxingKind = geckoargs::sSandboxingKind.Get(aArgc, aArgv);
     79  if (sandboxingKind.isNothing()) {
     80    return false;
     81  }
     82 
     83  if (*sandboxingKind >= SandboxingKind::COUNT) {
     84    return false;
     85  }
     86 
     87 #if defined(MOZ_SANDBOX) && defined(XP_WIN)
     88  // We delay load winmm.dll so that its dependencies don't interfere with COM
     89  // initialization when win32k is locked down. We need to load it before we
     90  // lower the sandbox in processes where the policy will prevent loading.
     91  LoadLibraryOrCrash(L"winmm.dll");
     92 
     93  // Call this once before enabling the sandbox, it will cache its result
     94  // in a static variable.
     95  GetCpuFrequencyMHz();
     96 
     97  if (*sandboxingKind == SandboxingKind::GENERIC_UTILITY) {
     98    // Preload audio generic libraries required for ffmpeg only
     99    UtilityMediaServiceParent::GenericPreloadForSandbox();
    100  }
    101 
    102  if (*sandboxingKind == SandboxingKind::UTILITY_AUDIO_DECODING_WMF
    103 #  ifdef MOZ_WMF_MEDIA_ENGINE
    104      || *sandboxingKind == SandboxingKind::MF_MEDIA_ENGINE_CDM
    105 #  endif
    106  ) {
    107    UtilityMediaServiceParent::WMFPreloadForSandbox();
    108  }
    109 
    110  // Go for it
    111  mozilla::SandboxTarget::Instance()->StartSandbox();
    112 #elif defined(__OpenBSD__) && defined(MOZ_SANDBOX)
    113  if (*sandboxingKind != SandboxingKind::GENERIC_UTILITY) {
    114    StartOpenBSDSandbox(GeckoProcessType_Utility,
    115                        (SandboxingKind)*sandboxingKind);
    116  }
    117 #endif
    118 
    119 #if defined(MOZ_WMF_CDM) && defined(MOZ_SANDBOX)
    120  if (*sandboxingKind == MF_MEDIA_ENGINE_CDM) {
    121    Maybe<const char*> pluginPath = geckoargs::sPluginPath.Get(aArgc, aArgv);
    122    if (pluginPath) {
    123      MFCDMParent::SetWidevineL1Path(*pluginPath);
    124    } else {
    125      NS_WARNING("No Widevine L1 plugin for the utility process!");
    126    }
    127  }
    128 #endif
    129 
    130  Maybe<const char*> parentBuildID =
    131      geckoargs::sParentBuildID.Get(aArgc, aArgv);
    132  if (parentBuildID.isNothing()) {
    133    return false;
    134  }
    135 
    136  if (!ProcessChild::InitPrefs(aArgc, aArgv)) {
    137    return false;
    138  }
    139 
    140 #if defined(MOZ_MEMORY) && defined(DEBUG)
    141  jemalloc_stats_t stats;
    142  jemalloc_stats(&stats);
    143  MOZ_ASSERT(stats.opt_randomize_small,
    144             "Utility process should randomize small allocations");
    145 #endif
    146 
    147  return mUtility->Init(TakeInitialEndpoint(), nsCString(*parentBuildID),
    148                        *sandboxingKind);
    149 }
    150 
    151 void UtilityProcessImpl::CleanUp() { NS_ShutdownXPCOM(nullptr); }
    152 
    153 }  // namespace mozilla::ipc