Bug 1422053: Create Windows sandbox sLaunchErrors hashtable on the main thread. r=aklotz

2024-10-10 03:45:46 +00:00 · 2017-12-07 09:07:43 +00:00 · 2017-12-07 09:07:43 +00:00 · 8ba04e79f9
commit 8ba04e79f9
parent 6d7da06d47
4 changed files with 15 additions and 13 deletions
--- a/js/xpconnect/src/XPCShellImpl.cpp
+++ b/js/xpconnect/src/XPCShellImpl.cpp
@ -1307,7 +1307,7 @@ XRE_XPCShellMain(int argc, char** argv, char** envp,
        // Required for sandboxed child processes.
        if (aShellData->sandboxBrokerServices) {
          SandboxBroker::Initialize(aShellData->sandboxBrokerServices);
-          SandboxBroker::CacheRulesDirectories();
+          SandboxBroker::GeckoDependentInitialize();
        } else {
          NS_WARNING("Failed to initialize broker services, sandboxed "
                     "processes will fail to start.");
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@ -131,10 +131,12 @@ CacheDirAndAutoClear(nsIProperties* aDirSvc, const char* aDirKey,

 /* static */
 void
-SandboxBroker::CacheRulesDirectories()
+SandboxBroker::GeckoDependentInitialize()
 {
  MOZ_ASSERT(NS_IsMainThread());

+  // Cache directory paths for use in policy rules, because the directory
+  // service must be called on the main thread.
  nsresult rv;
  nsCOMPtr<nsIProperties> dirSvc =
    do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
@ -153,6 +155,11 @@ SandboxBroker::CacheRulesDirectories()
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
  CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR, &sUserExtensionsDir);
 #endif
+
+  // Create sLaunchErrors up front because ClearOnShutdown must be called on the
+  // main thread.
+  sLaunchErrors = MakeUnique<nsTHashtable<nsCStringHashKey>>();
+  ClearOnShutdown(&sLaunchErrors);
 }

 SandboxBroker::SandboxBroker()
@ -266,11 +273,6 @@ SandboxBroker::LaunchApp(const wchar_t *aPath,
    key.AppendLiteral("/0x");
    key.AppendInt(static_cast<uint32_t>(last_error), 16);

-    if (!sLaunchErrors) {
-      sLaunchErrors = MakeUnique<nsTHashtable<nsCStringHashKey>>();
-      ClearOnShutdown(&sLaunchErrors);
-    }
-
    // Only accumulate for each combination once per session.
    if (!sLaunchErrors->Contains(key)) {
      Telemetry::Accumulate(Telemetry::SANDBOX_FAILED_LAUNCH_KEYED, key, result);
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@ -27,10 +27,10 @@ public:
  static void Initialize(sandbox::BrokerServices* aBrokerServices);

  /**
-   * Cache directory paths for use in policy rules. Must be called on main
-   * thread.
+   * Do initialization that depends on parts of the Gecko machinery having been
+   * created first.
   */
-  static void CacheRulesDirectories();
+  static void GeckoDependentInitialize();

  bool LaunchApp(const wchar_t *aPath,
                 const wchar_t *aArguments,
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@ -4576,9 +4576,9 @@ XREMain::XRE_mainRun()
  }

 #if defined(MOZ_SANDBOX)
-  // Call SandboxBroker to cache directories needed for policy rules, this must
-  // be called after mDirProvider.DoStartup as it needs the profile dir.
-  SandboxBroker::CacheRulesDirectories();
+  // Call SandboxBroker to initialize things that depend on Gecko machinery like
+  // the directory provider.
+  SandboxBroker::GeckoDependentInitialize();
 #endif
 #endif