/work/obj-fuzz/dist/include/mozilla/SandboxInfo.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
2 | | /* vim: set ts=8 sts=2 et sw=2 tw=80: */ |
3 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
4 | | * License, v. 2.0. If a copy of the MPL was not distributed with this file, |
5 | | * You can obtain one at http://mozilla.org/MPL/2.0/. */ |
6 | | |
7 | | #ifndef mozilla_SandboxInfo_h |
8 | | #define mozilla_SandboxInfo_h |
9 | | |
10 | | #include "mozilla/Types.h" |
11 | | |
12 | | // Information on what parts of sandboxing are enabled in this build |
13 | | // and/or supported by the system. |
14 | | |
15 | | namespace mozilla { |
16 | | |
17 | | class SandboxInfo { |
18 | | public: |
19 | | // No need to prevent copying; this is essentially just a const int. |
20 | 0 | SandboxInfo(const SandboxInfo& aOther) : mFlags(aOther.mFlags) { } |
21 | | |
22 | | // Flags are checked at initializer time; this returns them. |
23 | 99 | static const SandboxInfo& Get() { return sSingleton; } |
24 | | |
25 | | enum Flags { |
26 | | // System call filtering; kernel config option CONFIG_SECCOMP_FILTER. |
27 | | kHasSeccompBPF = 1 << 0, |
28 | | // Config flag MOZ_CONTENT_SANDBOX; runtime |
29 | | // mozilla::IsContentSandboxEnabled(). |
30 | | kEnabledForContent = 1 << 1, |
31 | | // Config flag MOZ_GMP_SANDBOX; env var MOZ_DISABLE_GMP_SANDBOX. |
32 | | kEnabledForMedia = 1 << 2, |
33 | | // Env var MOZ_SANDBOX_LOGGING. |
34 | | kVerbose = 1 << 3, |
35 | | // Kernel can atomically set system call filtering on entire thread group. |
36 | | kHasSeccompTSync = 1 << 4, |
37 | | // Can this process create user namespaces? (Man page user_namespaces(7).) |
38 | | kHasUserNamespaces = 1 << 5, |
39 | | // Could a more privileged process have user namespaces, even if we can't? |
40 | | kHasPrivilegedUserNamespaces = 1 << 6, |
41 | | // Env var MOZ_PERMISSIVE_CONTENT_SANDBOX |
42 | | kPermissive = 1 << 7, |
43 | | // (1 << 8) was kUnexpectedThreads |
44 | | }; |
45 | | |
46 | 99 | bool Test(Flags aFlag) const { return (mFlags & aFlag) == aFlag; } |
47 | | |
48 | | // Returns true if SetContentProcessSandbox may be called. |
49 | | bool CanSandboxContent() const |
50 | 0 | { |
51 | 0 | return !Test(kEnabledForContent) || Test(kHasSeccompBPF); |
52 | 0 | } |
53 | | |
54 | | // Returns true if SetMediaPluginSandbox may be called. |
55 | | bool CanSandboxMedia() const |
56 | 0 | { |
57 | 0 | return !Test(kEnabledForMedia) || Test(kHasSeccompBPF); |
58 | 0 | } |
59 | | |
60 | | // For telemetry / crash annotation uses. |
61 | 0 | uint32_t AsInteger() const { |
62 | 0 | return mFlags; |
63 | 0 | } |
64 | | |
65 | | private: |
66 | | enum Flags mFlags; |
67 | | static const MOZ_EXPORT SandboxInfo sSingleton; |
68 | | SandboxInfo(); |
69 | | }; |
70 | | |
71 | | } // namespace mozilla |
72 | | |
73 | | #endif // mozilla_SandboxInfo_h |