From 36e8371ccff8f9f63b735fd44dd4bf41761c9b02 Mon Sep 17 00:00:00 2001
From: Chris Martin <cmartin@mozilla.com>
Date: Wed, 26 Oct 2022 19:23:13 +0000
Subject: [PATCH] Bug 1347710 - Add GPU sandbox to crash reporter annotations
r=handyman,gsvelto
Differential Revision: https://phabricator.services.mozilla.com/D160278
---
security/sandbox/common/SandboxSettings.cpp | 4 ++++
security/sandbox/common/SandboxSettings.h | 1 +
toolkit/crashreporter/CrashAnnotations.yaml | 5 +++++
toolkit/xre/nsAppRunner.cpp | 24 +++++++++++++++------
toolkit/xre/nsEmbedFunctions.cpp | 4 ++++
5 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/security/sandbox/common/SandboxSettings.cpp b/security/sandbox/common/SandboxSettings.cpp
index e2452f8fddedc..3dfa62d79d966 100644
--- a/security/sandbox/common/SandboxSettings.cpp
+++ b/security/sandbox/common/SandboxSettings.cpp
@@ -157,6 +157,10 @@ int GetEffectiveSocketProcessSandboxLevel() {
return level;
}
+int GetEffectiveGpuSandboxLevel() {
+ return StaticPrefs::security_sandbox_gpu_level();
+}
+
#if defined(XP_MACOSX)
int ClampFlashSandboxLevel(const int aLevel) {
const int minLevel = 0;
diff --git a/security/sandbox/common/SandboxSettings.h b/security/sandbox/common/SandboxSettings.h
index b21758dd8fb3e..12b55c8cd21ef 100644
--- a/security/sandbox/common/SandboxSettings.h
+++ b/security/sandbox/common/SandboxSettings.h
@@ -22,6 +22,7 @@ namespace mozilla {
// MOZ_DISABLE_CONTENT_SANDBOX is set.
int GetEffectiveContentSandboxLevel();
int GetEffectiveSocketProcessSandboxLevel();
+int GetEffectiveGpuSandboxLevel();
// Checks whether the effective content sandbox level is > 0.
bool IsContentSandboxEnabled();
diff --git a/toolkit/crashreporter/CrashAnnotations.yaml b/toolkit/crashreporter/CrashAnnotations.yaml
index cd7782d392106..20eaaddd99f60 100644
--- a/toolkit/crashreporter/CrashAnnotations.yaml
+++ b/toolkit/crashreporter/CrashAnnotations.yaml
@@ -219,6 +219,11 @@ ContentSandboxWin32kState:
Content sandbox Win32k state
type: string
+GpuSandboxLevel:
+ description: >
+ GPU sandbox level.
+ type: integer
+
CoUnmarshalInterfaceResult:
description: >
Annotation describing the error returned by trying to unmarshal an object
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 0bf744819352e..48bfdca7fd8be 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -5212,14 +5212,26 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
#if defined(MOZ_SANDBOX)
void AddSandboxAnnotations() {
- // Include the sandbox content level, regardless of platform
- int level = GetEffectiveContentSandboxLevel();
+ {
+ // Include the sandbox content level, regardless of platform
+ int level = GetEffectiveContentSandboxLevel();
- nsAutoCString levelString;
- levelString.AppendInt(level);
+ nsAutoCString levelString;
+ levelString.AppendInt(level);
- CrashReporter::AnnotateCrashReport(
- CrashReporter::Annotation::ContentSandboxLevel, levelString);
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::ContentSandboxLevel, levelString);
+ }
+
+ {
+ int level = GetEffectiveGpuSandboxLevel();
+
+ nsAutoCString levelString;
+ levelString.AppendInt(level);
+
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::GpuSandboxLevel, levelString);
+ }
// Include whether or not this instance is capable of content sandboxing
bool sandboxCapable = false;
diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
index 5e47309bcfd52..62677de2ef0a4 100644
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -282,6 +282,10 @@ void AddContentSandboxLevelAnnotation() {
int level = GetEffectiveContentSandboxLevel();
CrashReporter::AnnotateCrashReport(
CrashReporter::Annotation::ContentSandboxLevel, level);
+ } else if (XRE_GetProcessType() == GeckoProcessType_GPU) {
+ int level = GetEffectiveGpuSandboxLevel();
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::GpuSandboxLevel, level);
}
}
#endif /* MOZ_SANDBOX */
--
GitLab