tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SandboxLaunch.h (2511B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef mozilla_SandboxLaunch_h
      8 #define mozilla_SandboxLaunch_h
      9 
     10 #include "base/process_util.h"
     11 #include "mozilla/GeckoArgs.h"
     12 #include "mozilla/ipc/UtilityProcessSandboxing.h"
     13 #include "nsXULAppAPI.h"
     14 
     15 namespace mozilla {
     16 
     17 class SandboxLaunch final {
     18 public:
     19  SandboxLaunch();
     20  ~SandboxLaunch();
     21 
     22  SandboxLaunch(const SandboxLaunch&) = delete;
     23  SandboxLaunch& operator=(const SandboxLaunch&) = delete;
     24 
     25  using LaunchOptions = base::LaunchOptions;
     26  using SandboxingKind = ipc::SandboxingKind;
     27 
     28  // Decide what sandboxing features will be used for a process, and
     29  // modify `*aOptions` accordingly.  This does not allocate fds or
     30  // other OS resources (other than memory for strings).
     31  //
     32  // This is meant to be called in the parent process (even if the
     33  // fork server will be used), and if `aType` is Content then it must
     34  // be called on the main thread in order to access prefs.
     35  static bool Configure(GeckoProcessType aType, SandboxingKind aKind,
     36                        geckoargs::ChildProcessArgs& aExtraOpts,
     37                        LaunchOptions* aOptions);
     38 
     39  // Finish setting up for process launch, based on the information
     40  // from `Configure(...)`. Called in the process that will do the
     41  // launch (fork server if applicable, otherwise parent), and before
     42  // calling `FileDescriptorShuffle::Init`.
     43  //
     44  // This can allocate fds (owned by `*this`) and modify
     45  // `aOptions->fds_to_remap`, but does not access the
     46  // environment-related fields of `*aOptions`.
     47  bool Prepare(LaunchOptions* aOptions);
     48 
     49  // Launch the child process, similarly to `::fork()`; called after
     50  // `Configure` and `Prepare`.
     51  //
     52  // If launch-time sandboxing features are used, `pthread_atfork`
     53  // hooks are not currently supported in that case, and signal
     54  // handlers are reset in the child process.  If sandboxing is not
     55  // used, this is equivalent to `::fork()`.
     56  pid_t Fork();
     57 
     58 private:
     59  int mFlags;
     60  int mChrootServer;
     61 
     62  void StartChrootServer();
     63 };
     64 
     65 // This doesn't really belong in this header but it's used in both
     66 // SandboxLaunch and SandboxBrokerPolicyFactory.
     67 bool HasAtiDrivers();
     68 
     69 }  // namespace mozilla
     70 
     71 #endif  // mozilla_SandboxLaunch_h