Bug 1454745: Skeletal bootstrap process; r=mhowell

2024-10-09 19:35:51 +00:00 · 2018-04-17 13:48:21 -06:00 · 2018-04-17 13:48:21 -06:00 · 415cd5e05e
commit 415cd5e05e
parent a1373c8d5a
6 changed files with 336 additions and 0 deletions
--- a/browser/app/LauncherProcessWin.cpp
+++ b/browser/app/LauncherProcessWin.cpp
@ -0,0 +1,147 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+#include "LauncherProcessWin.h"
+
+#include <string.h>
+
+#include "mozilla/Attributes.h"
+#include "mozilla/CmdLineAndEnvUtils.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/SafeMode.h"
+#include "mozilla/UniquePtr.h"
+#include "nsWindowsHelpers.h"
+
+#include <windows.h>
+
+#include "ProcThreadAttributes.h"
+
+/**
+ * At this point the child process has been created in a suspended state. Any
+ * additional startup work (eg, blocklist setup) should go here.
+ *
+ * @return true if browser startup should proceed, otherwise false.
+ */
+static bool
+PostCreationSetup(HANDLE aChildProcess, HANDLE aChildMainThread,
+                  const bool aIsSafeMode)
+{
+  return true;
+}
+
+/**
+ * Any mitigation policies that should be set on the browser process should go
+ * here.
+ */
+static void
+SetMitigationPolicies(mozilla::ProcThreadAttributes& aAttrs, const bool aIsSafeMode)
+{
+}
+
+static void
+ShowError(DWORD aError = ::GetLastError())
+{
+  if (aError == ERROR_SUCCESS) {
+    return;
+  }
+
+  LPWSTR rawMsgBuf = nullptr;
+  DWORD result = ::FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER |
+                                  FORMAT_MESSAGE_FROM_SYSTEM |
+                                  FORMAT_MESSAGE_IGNORE_INSERTS, nullptr,
+                                  aError, 0, reinterpret_cast<LPWSTR>(&rawMsgBuf),
+                                  0, nullptr);
+  if (!result) {
+    return;
+  }
+
+  ::MessageBoxW(nullptr, rawMsgBuf, L"Firefox", MB_OK | MB_ICONERROR);
+  ::LocalFree(rawMsgBuf);
+}
+
+namespace mozilla {
+
+// Eventually we want to be able to set a build config flag such that, when set,
+// this function will always return true.
+bool
+RunAsLauncherProcess(int& argc, wchar_t** argv)
+{
+  return CheckArg(argc, argv, L"launcher",
+                  static_cast<const wchar_t**>(nullptr),
+                  CheckArgFlag::CheckOSInt | CheckArgFlag::RemoveArg);
+}
+
+int
+LauncherMain(int argc, wchar_t* argv[])
+{
+  UniquePtr<wchar_t[]> cmdLine(MakeCommandLine(argc, argv));
+  if (!cmdLine) {
+    return 1;
+  }
+
+  const Maybe<bool> isSafeMode = IsSafeModeRequested(argc, argv,
+                                                     SafeModeFlag::None);
+  if (!isSafeMode) {
+    ShowError(ERROR_INVALID_PARAMETER);
+    return 1;
+  }
+
+  ProcThreadAttributes attrs;
+  SetMitigationPolicies(attrs, isSafeMode.value());
+
+  HANDLE stdHandles[] = {
+    ::GetStdHandle(STD_INPUT_HANDLE),
+    ::GetStdHandle(STD_OUTPUT_HANDLE),
+    ::GetStdHandle(STD_ERROR_HANDLE)
+  };
+
+  attrs.AddInheritableHandles(stdHandles);
+
+  DWORD creationFlags = CREATE_SUSPENDED | CREATE_UNICODE_ENVIRONMENT;
+
+  STARTUPINFOEXW siex;
+  Maybe<bool> attrsOk = attrs.AssignTo(siex);
+  if (!attrsOk) {
+    ShowError();
+    return 1;
+  }
+
+  BOOL inheritHandles = FALSE;
+
+  if (attrsOk.value()) {
+    creationFlags |= EXTENDED_STARTUPINFO_PRESENT;
+
+    siex.StartupInfo.dwFlags |= STARTF_USESTDHANDLES;
+    siex.StartupInfo.hStdInput = stdHandles[0];
+    siex.StartupInfo.hStdOutput = stdHandles[1];
+    siex.StartupInfo.hStdError = stdHandles[2];
+
+    // Since attrsOk == true, we have successfully set the handle inheritance
+    // whitelist policy, so only the handles added to attrs will be inherited.
+    inheritHandles = TRUE;
+  }
+
+  PROCESS_INFORMATION pi = {};
+  if (!::CreateProcessW(argv[0], cmdLine.get(), nullptr, nullptr, inheritHandles,
+                        creationFlags, nullptr, nullptr, &siex.StartupInfo, &pi)) {
+    ShowError();
+    return 1;
+  }
+
+  nsAutoHandle process(pi.hProcess);
+  nsAutoHandle mainThread(pi.hThread);
+
+  if (!PostCreationSetup(process.get(), mainThread.get(), isSafeMode.value()) ||
+      ::ResumeThread(mainThread.get()) == static_cast<DWORD>(-1)) {
+    ShowError();
+    ::TerminateProcess(process.get(), 1);
+    return 1;
+  }
+
+  return 0;
+}
+
+} // namespace mozilla
--- a/browser/app/LauncherProcessWin.h
+++ b/browser/app/LauncherProcessWin.h
@ -0,0 +1,18 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_LauncherProcessWin_h
+#define mozilla_LauncherProcessWin_h
+
+namespace mozilla {
+
+bool RunAsLauncherProcess(int& argc, wchar_t* argv[]);
+int LauncherMain(int argc, wchar_t* argv[]);
+
+} // namespace mozilla
+
+#endif // mozilla_LauncherProcessWin_h
+
--- a/browser/app/ProcThreadAttributes.h
+++ b/browser/app/ProcThreadAttributes.h
@ -0,0 +1,153 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_ProcThreadAttributes_h
+#define mozilla_ProcThreadAttributes_h
+
+#include "mozilla/Attributes.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/Move.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/Vector.h"
+
+#include <windows.h>
+
+namespace mozilla {
+
+class MOZ_RAII ProcThreadAttributes final
+{
+  struct ProcThreadAttributeListDeleter
+  {
+    void operator()(LPPROC_THREAD_ATTRIBUTE_LIST aList)
+    {
+      ::DeleteProcThreadAttributeList(aList);
+      delete[] reinterpret_cast<char*>(aList);
+    }
+  };
+
+  using ProcThreadAttributeListPtr =
+    UniquePtr<_PROC_THREAD_ATTRIBUTE_LIST, ProcThreadAttributeListDeleter>;
+
+public:
+  ProcThreadAttributes()
+    : mMitigationPolicies(0)
+  {
+  }
+
+  ~ProcThreadAttributes() = default;
+
+  ProcThreadAttributes(const ProcThreadAttributes&) = delete;
+  ProcThreadAttributes(ProcThreadAttributes&&) = delete;
+  ProcThreadAttributes& operator=(const ProcThreadAttributes&) = delete;
+  ProcThreadAttributes& operator=(ProcThreadAttributes&&) = delete;
+
+  void AddMitigationPolicy(DWORD64 aPolicy)
+  {
+    mMitigationPolicies |= aPolicy;
+  }
+
+  bool AddInheritableHandle(HANDLE aHandle)
+  {
+    return mInheritableHandles.append(aHandle);
+  }
+
+  template <size_t N>
+  bool AddInheritableHandles(HANDLE (&aHandles)[N])
+  {
+    return mInheritableHandles.append(aHandles, N);
+  }
+
+  /**
+   * @return Some(false) if the STARTUPINFOEXW::lpAttributeList was set to null
+   *                     as expected based on the state of |this|;
+   *         Some(true)  if the STARTUPINFOEXW::lpAttributeList was set to
+   *                     non-null;
+   *         Nothing()   if something went wrong in the assignment and we should
+   *                     not proceed.
+   */
+  Maybe<bool> AssignTo(STARTUPINFOEXW& aSiex)
+  {
+    ZeroMemory(&aSiex, sizeof(STARTUPINFOEXW));
+
+    // We'll set the size to sizeof(STARTUPINFOW) until we determine whether the
+    // extended fields will be used.
+    aSiex.StartupInfo.cb = sizeof(STARTUPINFOW);
+
+    DWORD numAttributes = 0;
+    if (mMitigationPolicies) {
+      ++numAttributes;
+    }
+
+    if (!mInheritableHandles.empty()) {
+      ++numAttributes;
+    }
+
+    if (!numAttributes) {
+      return Some(false);
+    }
+
+    SIZE_T listSize = 0;
+    if (!::InitializeProcThreadAttributeList(nullptr, numAttributes, 0,
+                                             &listSize) &&
+        ::GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
+      return Nothing();
+    }
+
+    auto buf = MakeUnique<char[]>(listSize);
+
+    LPPROC_THREAD_ATTRIBUTE_LIST tmpList =
+      reinterpret_cast<LPPROC_THREAD_ATTRIBUTE_LIST>(buf.get());
+
+    if (!::InitializeProcThreadAttributeList(tmpList, numAttributes, 0,
+                                             &listSize)) {
+      return Nothing();
+    }
+
+    // Transfer buf to a ProcThreadAttributeListPtr - now that the list is
+    // initialized, we are no longer dealing with a plain old char array. We
+    // must now deinitialize the attribute list before deallocating the
+    // underlying buffer.
+    ProcThreadAttributeListPtr
+      attrList(reinterpret_cast<LPPROC_THREAD_ATTRIBUTE_LIST>(buf.release()));
+
+    if (mMitigationPolicies) {
+      if (!::UpdateProcThreadAttribute(attrList.get(), 0,
+                                       PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY,
+                                       &mMitigationPolicies,
+                                       sizeof(mMitigationPolicies), nullptr,
+                                       nullptr)) {
+        return Nothing();
+      }
+    }
+
+    if (!mInheritableHandles.empty()) {
+      if (!::UpdateProcThreadAttribute(attrList.get(), 0,
+                                       PROC_THREAD_ATTRIBUTE_HANDLE_LIST,
+                                       mInheritableHandles.begin(),
+                                       mInheritableHandles.length() * sizeof(HANDLE),
+                                       nullptr, nullptr)) {
+        return Nothing();
+      }
+    }
+
+    mAttrList = Move(attrList);
+    aSiex.lpAttributeList = mAttrList.get();
+    aSiex.StartupInfo.cb = sizeof(STARTUPINFOEXW);
+    return Some(true);
+  }
+
+private:
+  static const uint32_t kNumInline = 3; // Inline storage for the std handles
+
+  DWORD64                     mMitigationPolicies;
+  Vector<HANDLE, kNumInline>  mInheritableHandles;
+  ProcThreadAttributeListPtr  mAttrList;
+};
+
+} // namespace mozilla
+
+#endif // mozilla_ProcThreadAttributes_h
+
--- a/browser/app/moz.build
+++ b/browser/app/moz.build
@ -62,6 +62,9 @@ if CONFIG['CC_TYPE'] in ('msvc', 'clang-cl'):
 if CONFIG['OS_ARCH'] == 'WINNT':
    RCINCLUDE = 'splash.rc'
    DEFINES['MOZ_PHOENIX'] = True
+    SOURCES += [
+        'LauncherProcessWin.cpp',
+    ]

 if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
    # For sandbox includes and the include dependencies those have
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@ -23,6 +23,8 @@
 #include "nsIFile.h"

 #ifdef XP_WIN
+#include "LauncherProcessWin.h"
+
 #define XRE_WANT_ENVIRON
 #define strcasecmp _stricmp
 #ifdef MOZ_SANDBOX
--- a/toolkit/xre/nsWindowsWMain.cpp
+++ b/toolkit/xre/nsWindowsWMain.cpp
@ -2,6 +2,9 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

+#ifndef nsWindowsWMain_cpp
+#define nsWindowsWMain_cpp
+
 // This file is a .cpp file meant to be included in nsBrowserApp.cpp and other
 // similar bootstrap code. It converts wide-character windows wmain into UTF-8
 // narrow-character strings.
@ -101,6 +104,14 @@ int wmain(int argc, WCHAR **argv)
  SanitizeEnvironmentVariables();
  SetDllDirectoryW(L"");

+  // Only run this code if LauncherProcessWin.h was included beforehand, thus
+  // signalling that the hosting process should support launcher mode.
+#if defined(mozilla_LauncherProcessWin_h)
+  if (mozilla::RunAsLauncherProcess(argc, argv)) {
+    return mozilla::LauncherMain(argc, argv);
+  }
+#endif // defined(mozilla_LauncherProcessWin_h)
+
  char **argvConverted = new char*[argc + 1];
  if (!argvConverted)
    return 127;
@ -134,3 +145,5 @@ int wmain(int argc, WCHAR **argv)

  return result;
 }
+
+#endif // nsWindowsWMain_cpp