tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SandboxReporter.h (2907B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
      5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef mozilla_SandboxReporter_h
      8 #define mozilla_SandboxReporter_h
      9 
     10 #include "SandboxReporterCommon.h"
     11 
     12 #include "base/platform_thread.h"
     13 #include "mozilla/StaticPtr.h"
     14 #include "mozilla/Mutex.h"
     15 #include "mozilla/UniquePtr.h"
     16 #include "nsTArray.h"
     17 
     18 namespace mozilla {
     19 
     20 // This object collects the SandboxReport messages from all of the
     21 // child processes, submits them to Telemetry, and maintains a ring
     22 // buffer of the last kSandboxReporterBufferSize reports.
     23 class SandboxReporter final : public PlatformThread::Delegate {
     24 public:
     25  // For normal use, don't construct this directly; use the
     26  // Singleton() method.
     27  //
     28  // For unit testing, use this constructor followed by the Init
     29  // method; the object isn't usable unless Init returns true.
     30  explicit SandboxReporter();
     31  ~SandboxReporter();
     32 
     33  // See above; this method is not thread-safe.
     34  bool Init();
     35 
     36  // Used in GeckoChildProcessHost to connect the child process's
     37  // client to this report collector.
     38  int GetClientFileDescriptor() const;
     39 
     40  // A snapshot of the report ring buffer; element 0 of `mReports` is
     41  // the `mOffset`th report to be received, and so on.
     42  struct Snapshot {
     43    // The buffer has to fit in memory, but the total number of
     44    // reports received in the session can increase without bound and
     45    // could potentially overflow a uint32_t, so this is 64-bit.
     46    // (It's exposed to JS as a 53-bit int, effectively, but that
     47    // should also be large enough.)
     48    uint64_t mOffset;
     49    nsTArray<SandboxReport> mReports;
     50  };
     51 
     52  // Read the ring buffer contents; this method is thread-safe.
     53  Snapshot GetSnapshot();
     54 
     55  // Gets or creates the singleton report collector.  Crashes if
     56  // initialization fails (if a socketpair and/or thread can't be
     57  // created, there was almost certainly about to be a crash anyway).
     58  // Thread-safe as long as the pointer isn't used during/after XPCOM
     59  // shutdown.
     60  static SandboxReporter* Singleton();
     61 
     62 private:
     63  // These are constant over the life of the object:
     64  int mClientFd;
     65  int mServerFd;
     66  PlatformThreadHandle mThread;
     67 
     68  Mutex mMutex MOZ_UNANNOTATED;
     69  // These are protected by mMutex:
     70  UniquePtr<SandboxReport[]> mBuffer;
     71  uint64_t mCount;
     72 
     73  static StaticAutoPtr<SandboxReporter> sSingleton;
     74 
     75  void ThreadMain(void) override;
     76  void AddOne(const SandboxReport& aReport);
     77 };
     78 
     79 // This is a constant so the % operations can be optimized.  This is
     80 // exposed in the header so that unit tests can see it.
     81 static const size_t kSandboxReporterBufferSize = 32;
     82 
     83 }  // namespace mozilla
     84 
     85 #endif  // mozilla_SandboxReporter_h