/work/obj-fuzz/dist/include/mozilla/SandboxReporterCommon.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ |
2 | | /* vim: set ts=8 sts=2 et sw=2 tw=80: */ |
3 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
4 | | * License, v. 2.0. If a copy of the MPL was not distributed with this file, |
5 | | * You can obtain one at http://mozilla.org/MPL/2.0/. */ |
6 | | |
7 | | #ifndef mozilla_SandboxReporterCommon_h |
8 | | #define mozilla_SandboxReporterCommon_h |
9 | | |
10 | | #include "mozilla/IntegerTypeTraits.h" |
11 | | #include "mozilla/Types.h" |
12 | | |
13 | | #include <sys/types.h> |
14 | | |
15 | | // Note: this is also used in libmozsandbox, so dependencies on |
16 | | // symbols from libxul probably won't work. |
17 | | |
18 | | namespace mozilla { |
19 | | static const size_t kSandboxSyscallArguments = 6; |
20 | | // fds 0-2: stdio; fd 3: IPC; fd 4: crash reporter. (The IPC child |
21 | | // process launching code will check that we don't try to use the same |
22 | | // fd twice.) |
23 | | static const int kSandboxReporterFileDesc = 5; |
24 | | |
25 | | // This struct represents a system call that was rejected by a |
26 | | // seccomp-bpf policy. |
27 | | struct SandboxReport { |
28 | | // In the future this may include finer distinctions than |
29 | | // GeckoProcessType -- e.g., whether a content process can load |
30 | | // file:/// URLs, or if it's reserved for content with certain |
31 | | // user-granted permissions. |
32 | | enum class ProcType : uint8_t { |
33 | | CONTENT, |
34 | | FILE, |
35 | | MEDIA_PLUGIN, |
36 | | }; |
37 | | |
38 | | // The syscall number and arguments are usually `unsigned long`, but |
39 | | // that causes ambiguous overload errors with nsACString::AppendInt. |
40 | | using ULong = UnsignedStdintTypeForSize<sizeof(unsigned long)>::Type; |
41 | | |
42 | | // This time uses CLOCK_MONOTONIC_COARSE. Displaying or reporting |
43 | | // it should usually be done relative to the current value of that |
44 | | // clock (or the time at some other event of interest, like a |
45 | | // subsequent crash). |
46 | | struct timespec mTime; |
47 | | |
48 | | // The pid/tid values, like every other field in this struct, aren't |
49 | | // authenticated and a compromised process could send anything, so |
50 | | // use the values with caution. |
51 | | pid_t mPid; |
52 | | pid_t mTid; |
53 | | ProcType mProcType; |
54 | | ULong mSyscall; |
55 | | ULong mArgs[kSandboxSyscallArguments]; |
56 | | |
57 | | SandboxReport() : mPid(0) { } |
58 | 0 | bool IsValid() const { return mPid > 0; } |
59 | | }; |
60 | | |
61 | | } // namespace mozilla |
62 | | |
63 | | #endif // mozilla_SandboxReporterCommon_h |