1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 #include "mozilla/ipc/IOThreadChild.h"
8 
9 #include "ContentProcess.h"
10 #include "base/shared_memory.h"
11 #include "mozilla/Preferences.h"
12 
13 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
14 #  include <stdlib.h>
15 #  include "mozilla/Sandbox.h"
16 #endif
17 
18 #if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_SANDBOX)
19 #  include "mozilla/SandboxSettings.h"
20 #  include "nsAppDirectoryServiceDefs.h"
21 #  include "nsDirectoryService.h"
22 #  include "nsDirectoryServiceDefs.h"
23 #endif
24 
25 #include "nsAppRunner.h"
26 #include "mozilla/ipc/BackgroundChild.h"
27 #include "mozilla/ipc/ProcessUtils.h"
28 
29 using mozilla::ipc::IOThreadChild;
30 
31 namespace mozilla::dom {
32 
33 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
SetTmpEnvironmentVariable(nsIFile * aValue)34 static void SetTmpEnvironmentVariable(nsIFile* aValue) {
35   // Save the TMP environment variable so that is is picked up by GetTempPath().
36   // Note that we specifically write to the TMP variable, as that is the first
37   // variable that is checked by GetTempPath() to determine its output.
38   nsAutoString fullTmpPath;
39   nsresult rv = aValue->GetPath(fullTmpPath);
40   if (NS_WARN_IF(NS_FAILED(rv))) {
41     return;
42   }
43   Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", fullTmpPath.get()));
44   // We also set TEMP in case there is naughty third-party code that is
45   // referencing the environment variable directly.
46   Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", fullTmpPath.get()));
47 }
48 #endif
49 
50 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
SetUpSandboxEnvironment()51 static void SetUpSandboxEnvironment() {
52   MOZ_ASSERT(
53       nsDirectoryService::gService,
54       "SetUpSandboxEnvironment relies on nsDirectoryService being initialized");
55 
56   // On Windows, a sandbox-writable temp directory is used whenever the sandbox
57   // is enabled.
58   if (!IsContentSandboxEnabled()) {
59     return;
60   }
61 
62   nsCOMPtr<nsIFile> sandboxedContentTemp;
63   nsresult rv = nsDirectoryService::gService->Get(
64       NS_APP_CONTENT_PROCESS_TEMP_DIR, NS_GET_IID(nsIFile),
65       getter_AddRefs(sandboxedContentTemp));
66   if (NS_WARN_IF(NS_FAILED(rv))) {
67     return;
68   }
69 
70   // Change the gecko defined temp directory to our sandbox-writable one.
71   // Undefine returns a failure if the property is not already set.
72   Unused << nsDirectoryService::gService->Undefine(NS_OS_TEMP_DIR);
73   rv = nsDirectoryService::gService->Set(NS_OS_TEMP_DIR, sandboxedContentTemp);
74   if (NS_WARN_IF(NS_FAILED(rv))) {
75     return;
76   }
77 
78   SetTmpEnvironmentVariable(sandboxedContentTemp);
79 }
80 #endif
81 
Init(int aArgc,char * aArgv[])82 bool ContentProcess::Init(int aArgc, char* aArgv[]) {
83   Maybe<uint64_t> childID;
84   Maybe<bool> isForBrowser;
85   Maybe<const char*> parentBuildID;
86   char* prefsHandle = nullptr;
87   char* prefMapHandle = nullptr;
88   char* prefsLen = nullptr;
89   char* prefMapSize = nullptr;
90   char* jsInitHandle = nullptr;
91   char* jsInitLen = nullptr;
92 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
93   nsCOMPtr<nsIFile> profileDir;
94 #endif
95 
96   for (int i = 1; i < aArgc; i++) {
97     if (!aArgv[i]) {
98       continue;
99     }
100 
101     if (strcmp(aArgv[i], "-appdir") == 0) {
102       if (++i == aArgc) {
103         return false;
104       }
105       nsDependentCString appDir(aArgv[i]);
106       mXREEmbed.SetAppDir(appDir);
107 
108     } else if (strcmp(aArgv[i], "-childID") == 0) {
109       if (++i == aArgc) {
110         return false;
111       }
112       char* str = aArgv[i];
113       childID = Some(strtoull(str, &str, 10));
114       if (str[0] != '\0') {
115         return false;
116       }
117 
118     } else if (strcmp(aArgv[i], "-isForBrowser") == 0) {
119       isForBrowser = Some(true);
120 
121     } else if (strcmp(aArgv[i], "-notForBrowser") == 0) {
122       isForBrowser = Some(false);
123 
124 #ifdef XP_WIN
125     } else if (strcmp(aArgv[i], "-prefsHandle") == 0) {
126       if (++i == aArgc) {
127         return false;
128       }
129       prefsHandle = aArgv[i];
130     } else if (strcmp(aArgv[i], "-prefMapHandle") == 0) {
131       if (++i == aArgc) {
132         return false;
133       }
134       prefMapHandle = aArgv[i];
135 #endif
136 
137     } else if (strcmp(aArgv[i], "-prefsLen") == 0) {
138       if (++i == aArgc) {
139         return false;
140       }
141       prefsLen = aArgv[i];
142     } else if (strcmp(aArgv[i], "-prefMapSize") == 0) {
143       if (++i == aArgc) {
144         return false;
145       }
146       prefMapSize = aArgv[i];
147 
148     } else if (strcmp(aArgv[i], "-jsInit") == 0) {
149       // command line: -jsInit [handle] length
150 #ifdef XP_WIN
151       if (++i == aArgc) {
152         return false;
153       }
154       jsInitHandle = aArgv[i];
155 #endif
156       if (++i == aArgc) {
157         return false;
158       }
159       jsInitLen = aArgv[i];
160     } else if (strcmp(aArgv[i], "-safeMode") == 0) {
161       gSafeMode = true;
162 
163     } else if (strcmp(aArgv[i], "-parentBuildID") == 0) {
164       if (++i == aArgc) {
165         return false;
166       }
167       parentBuildID = Some(aArgv[i]);
168 
169 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
170     } else if (strcmp(aArgv[i], "-profile") == 0) {
171       if (++i == aArgc) {
172         return false;
173       }
174       bool flag;
175       nsresult rv = XRE_GetFileFromPath(aArgv[i], getter_AddRefs(profileDir));
176       if (NS_FAILED(rv) || NS_FAILED(profileDir->Exists(&flag)) || !flag) {
177         NS_WARNING("Invalid profile directory passed to content process.");
178         profileDir = nullptr;
179       }
180 #endif /* XP_MACOSX && MOZ_SANDBOX */
181     }
182   }
183 
184   // Did we find all the mandatory flags?
185   if (childID.isNothing() || isForBrowser.isNothing() ||
186       parentBuildID.isNothing()) {
187     return false;
188   }
189 
190   ::mozilla::ipc::SharedPreferenceDeserializer deserializer;
191   if (!deserializer.DeserializeFromSharedMemory(prefsHandle, prefMapHandle,
192                                                 prefsLen, prefMapSize)) {
193     return false;
194   }
195 
196   if (!::mozilla::ipc::ImportSharedJSInit(jsInitHandle, jsInitLen)) {
197     return false;
198   }
199 
200   mContent.Init(ParentPid(), *parentBuildID, IOThreadChild::TakeInitialPort(),
201                 *childID, *isForBrowser);
202 
203   mXREEmbed.Start();
204 #if (defined(XP_MACOSX)) && defined(MOZ_SANDBOX)
205   mContent.SetProfileDir(profileDir);
206 #  if defined(DEBUG)
207   if (IsContentSandboxEnabled()) {
208     AssertMacSandboxEnabled();
209   }
210 #  endif /* DEBUG */
211 #endif   /* XP_MACOSX && MOZ_SANDBOX */
212 
213 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
214   SetUpSandboxEnvironment();
215 #endif
216 
217   // Do this as early as possible to get the parent process to initialize the
218   // background thread since we'll likely need database information very soon.
219   mozilla::ipc::BackgroundChild::Startup();
220 
221   return true;
222 }
223 
224 // Note: CleanUp() never gets called in non-debug builds because we exit early
225 // in ContentChild::ActorDestroy().
CleanUp()226 void ContentProcess::CleanUp() { mXREEmbed.Stop(); }
227 
228 }  // namespace mozilla::dom
229