tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

UtilityProcessSandboxing.cpp (2143B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 #include "UtilityProcessSandboxing.h"
      7 
      8 #include <vector>
      9 #include <string>
     10 
     11 #include "prenv.h"
     12 
     13 namespace mozilla::ipc {
     14 
     15 std::vector<std::string> split(const std::string& str, char s) {
     16  std::vector<std::string> rv;
     17  size_t last = 0;
     18  size_t i;
     19  size_t c = str.size();
     20  for (i = 0; i <= c; ++i) {
     21    if (i == c || str[i] == s) {
     22      rv.push_back(str.substr(last, i - last));
     23      last = i + 1;
     24    }
     25  }
     26  return rv;
     27 }
     28 
     29 bool IsUtilitySandboxEnabled(const char* envVar, SandboxingKind aKind) {
     30 #ifdef XP_WIN
     31  // Sandboxing the Windows file dialog is probably not useful.
     32  //
     33  // (Additionally, it causes failures in our test environments: when running
     34  // tests on windows-11-2009-qr machines, sandboxed child processes can't see
     35  // or interact with any other process's windows -- which means they can't
     36  // select a window from the parent process as the file dialog's parent. This
     37  // occurs regardless of the sandbox preferences, which is why we disable
     38  // sandboxing entirely rather than use a maximally permissive preference-set.
     39  // This behavior has not been seen in user-facing environments.)
     40  if (aKind == SandboxingKind::WINDOWS_FILE_DIALOG) {
     41    return false;
     42  }
     43 #endif
     44 
     45  if (envVar == nullptr) {
     46    return true;
     47  }
     48 
     49  const std::string disableUtility(envVar);
     50  if (disableUtility == "1") {
     51    return false;
     52  }
     53 
     54  std::vector<std::string> components = split(disableUtility, ',');
     55  const std::string thisKind = "utility:" + std::to_string(aKind);
     56  for (const std::string& thisOne : components) {
     57    if (thisOne == thisKind) {
     58      return false;
     59    }
     60  }
     61 
     62  return true;
     63 }
     64 
     65 bool IsUtilitySandboxEnabled(SandboxingKind aKind) {
     66  return IsUtilitySandboxEnabled(PR_GetEnv("MOZ_DISABLE_UTILITY_SANDBOX"),
     67                                 aKind);
     68 }
     69 
     70 }  // namespace mozilla::ipc