Bug 776850: Kill subprocesses that fail backstop permission checks. r=jlebar

2024-12-04 11:26:09 +00:00 · 2012-09-05 15:18:48 -07:00 · 2012-09-05 15:18:48 -07:00 · c25e82678d
commit c25e82678d
parent a14ca7cbb4
3 changed files with 27 additions and 11 deletions
--- a/dom/ipc/AppProcessPermissions.cpp
+++ b/dom/ipc/AppProcessPermissions.cpp
@ -39,6 +39,8 @@ AppProcessHasPermission(PBrowserParent* aActor, const char* aPermission)
  if (!NS_SUCCEEDED(app->HasPermission(aPermission, &hasPermission)) ||
      !hasPermission) {
    printf_stderr("Security problem: App process does not have `%s' permission.  It will be killed.", aPermission);
+    ContentParent* process = static_cast<ContentParent*>(aActor->Manager());
+    process->KillHard();
  }
  return hasPermission;
 }
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -523,17 +523,8 @@ ContentParent::ProcessingError(Result what)
        // Messages sent after crashes etc. are not a big deal.
        return;
    }
-    // Other errors are big deals.  This ensures the process is
-    // eventually killed, but doesn't immediately KILLITWITHFIRE
-    // because we want to get a minidump if possible.  After a timeout
-    // though, the process is forceably killed.
-    if (!KillProcess(OtherProcess(), 1, false)) {
-        NS_WARNING("failed to kill subprocess!");
-    }
-    XRE_GetIOMessageLoop()->PostTask(
-        FROM_HERE,
-        NewRunnableFunction(&ProcessWatcher::EnsureProcessTerminated,
-                            OtherProcess(), /*force=*/true));
+    // Other errors are big deals.
+    KillHard();
 }

 namespace {
@ -1231,6 +1222,22 @@ ContentParent::GetOrCreateActorForBlob(nsIDOMBlob* aBlob)
  return actor;
 }

+void
+ContentParent::KillHard()
+{
+    // This ensures the process is eventually killed, but doesn't
+    // immediately KILLITWITHFIRE because we want to get a minidump if
+    // possible.  After a timeout though, the process is forceably
+    // killed.
+    if (!KillProcess(OtherProcess(), 1, false)) {
+        NS_WARNING("failed to kill subprocess!");
+    }
+    XRE_GetIOMessageLoop()->PostTask(
+        FROM_HERE,
+        NewRunnableFunction(&ProcessWatcher::EnsureProcessTerminated,
+                            OtherProcess(), /*force=*/true));
+}
+
 PCrashReporterParent*
 ContentParent::AllocPCrashReporter(const NativeThreadId& tid,
                                   const uint32_t& processType)
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@ -112,6 +112,13 @@ public:

    BlobParent* GetOrCreateActorForBlob(nsIDOMBlob* aBlob);

+    /**
+     * Kill our subprocess and make sure it dies.  Should only be used
+     * in emergency situations since it bypasses the normal shutdown
+     * process.
+     */
+    void KillHard();
+
 protected:
    void OnChannelConnected(int32 pid);
    virtual void ActorDestroy(ActorDestroyReason why);