Confirmed users
394
edits
Security/Sandbox: Difference between revisions
Jump to navigation
Jump to search
→Documentation
| Line 17: | Line 17: | ||
** [[Security/Sandbox/Seccomp]] | ** [[Security/Sandbox/Seccomp]] | ||
* How does the Windows sandbox work? | * How does the Windows sandbox work? | ||
== Windows Sandbox overview == | |||
=== Source code overview === | |||
Relative to the root of mozilla-central, the sandbox exists at: | |||
./security/sandbox | |||
Linux related sandbox is inside the linux subfolder. | |||
The core of the Windows sandbox is Google's chromium sandbox. | |||
The chromium sandbox is based on the chromium base libraries (Gogole's code) which are located at: | |||
./security/sandbox/chromium (excluding ./security/sandbox/chromium/base/shim/ which overrides some functionality to make it compatible with our SDK build settings, which is Mozilla code) | |||
The chromiums Windows sandbox itself (Google's code) is inside ./security/sandbox/win/src (excluding ./security/sandbox/win/src/sandboxbroker and ./security/sandbox/win/src/sandboxtarget subfolders, which is Mozilla code) | |||
There are 2 processes when dealing with a sandboxed application: | |||
1) The broker: The parent process that starts sandboxed children | |||
2) The target: The child process that is sandboxed | |||
Both processes make use of the chromium sandbox library, but they make use of it indirectly through 2 libraries (Mozilla code). | |||
This indirect use of the library is due to header conflicts with the ipc layer where it has a different, much older, non compatible, copy of the chromium base library: | |||
1) For the broker, ./security/sandbox/win/src/sandboxbroker | |||
1) For the target, ./security/sandbox/win/src/sandboxtarget | |||
=== Build settings === | |||
To enable e10s you can use a normal mozilla-central build but you should enable this pref: | |||
browser.tabs.remote.autostart | |||
It's recommended to use a different profile for dev if you don't want to trash your existing profile. | |||
The sandbox is in use by our e10s code when you build with this in your mozconfig: | |||
ac_add_options --enable-content-sandbox | |||
You can add this environment variable to temporarily disable the content sandbox when e10s is enabled: | |||
MOZ_DISABLE_CONTENT_SANDBOX | |||
=== Key source code locations === | |||
The sandboxed target process lowers its own privliges after initialization via this call: | |||
http://dxr.mozilla.org/mozilla-central/source/ipc/app/MozillaRuntimeMain.cpp#78 | |||
The call that starts the sandboxed process in Firefox is: | |||
http://dxr.mozilla.org/mozilla-central/source/ipc/glue/GeckoChildProcessHost.cpp#784 | |||
All of the code that sets policies can be found here: | |||
http://dxr.mozilla.org/mozilla-central/source/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp | |||
= Roadmap (high-level) = | = Roadmap (high-level) = | ||