Bug 1268733 - Move sandbox interposition shims to their own static library. r=gcp r=glandium

This way they'll continue to be at the beginning of the symbol search path after mozsandbox returns to being a shared library instead of statically linked into plugin-container. --HG-- rename : security/sandbox/linux/SandboxHooks.cpp => security/sandbox/linux/interpose/SandboxHooks.cpp
2025-02-05 05:30:29 +00:00 · 2016-10-26 16:57:18 -06:00 · 2016-10-26 16:57:18 -06:00 · dce9969411
commit dce9969411
parent 13fea0b617
5 changed files with 15 additions and 13 deletions
--- a/ipc/app/moz.build
+++ b/ipc/app/moz.build
@ -66,6 +66,7 @@ if CONFIG['OS_ARCH'] == 'WINNT':
 if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ('Linux', 'Android'):
    USE_LIBS += [
        'mozsandbox',
+        'mozsandbox_interpose',
    ]

    # gcc lto likes to put the top level asm in syscall.cc in a different partition
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@ -69,7 +69,7 @@ __sanitizer_sandbox_on_notify(__sanitizer_sandbox_arguments *args);
 #endif // MOZ_ASAN

 // Signal number used to enable seccomp on each thread.
-int gSeccompTsyncBroadcastSignum = 0;
+MOZ_EXPORT int gSeccompTsyncBroadcastSignum = 0;

 namespace mozilla {

--- a/security/sandbox/linux/interpose/SandboxHooks.cpp
+++ b/security/sandbox/linux/interpose/SandboxHooks.cpp
@ -13,7 +13,7 @@
 #include <stdlib.h>

 // Signal number used to enable seccomp on each thread.
-extern int gSeccompTsyncBroadcastSignum;
+extern MOZ_EXPORT int gSeccompTsyncBroadcastSignum;

 // This file defines a hook for sigprocmask() and pthread_sigmask().
 // Bug 1176099: some threads block SIGSYS signal which breaks our seccomp-bpf
--- a/security/sandbox/linux/interpose/moz.build
+++ b/security/sandbox/linux/interpose/moz.build
@ -0,0 +1,11 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+Library("mozsandbox_interpose")
+
+SOURCES += [
+    'SandboxHooks.cpp',
+]
--- a/security/sandbox/linux/moz.build
+++ b/security/sandbox/linux/moz.build
@ -4,12 +4,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

-# WARNING: On desktop Linux, SandboxHooks.cpp must be statically compiled
-# into the main executable in order to function properly.
-# This is currently the case, but if mozsandbox is moved to its own
-# shared library, something needs to change regarding SandboxHooks.cpp.
-# See Bug 1176099 for further details.
-
 if CONFIG['OS_TARGET'] == 'Android':
    SharedLibrary('mozsandbox')
    USE_LIBS += [
@ -72,11 +66,6 @@ SOURCES += [
    'SandboxUtil.cpp',
 ]

-if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gonk':
-    SOURCES += [
-        'SandboxHooks.cpp',
-    ]
-
 # This copy of SafeSPrintf doesn't need to avoid the Chromium logging
 # dependency like the one in libxul does, but this way the behavior is
 # consistent.  See also the comment in SandboxLogging.h.
@ -121,6 +110,7 @@ DIRS += [
    'broker',
    'common',
    'glue',
+    'interpose',
 ]

 TEST_DIRS += [