mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-30 08:12:05 +00:00
37 lines
1.4 KiB
C++
37 lines
1.4 KiB
C++
/* -*- Mode: C++; tab-width: 20; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef nsSandboxViolationSink_h_
|
|
#define nsSandboxViolationSink_h_
|
|
|
|
#include <stdint.h>
|
|
|
|
// Class for tracking sandbox violations. Currently it just logs them to
|
|
// stdout and the system console. In the future it may do more.
|
|
|
|
// What makes this possible is the fact that Apple' sandboxd calls
|
|
// notify_post("com.apple.sandbox.violation.*") whenever it's notified by the
|
|
// Sandbox kernel extension of a sandbox violation. We register to receive
|
|
// these notifications. But the notifications are empty, and are sent for
|
|
// every violation in every process. So we need to do more to get only "our"
|
|
// violations, and to find out what kind of violation they were. See the
|
|
// implementation of nsSandboxViolationSink::ViolationHandler().
|
|
|
|
#define SANDBOX_VIOLATION_QUEUE_NAME "org.mozilla.sandbox.violation.queue"
|
|
#define SANDBOX_VIOLATION_NOTIFICATION_NAME "com.apple.sandbox.violation.*"
|
|
|
|
class nsSandboxViolationSink
|
|
{
|
|
public:
|
|
static void Start();
|
|
static void Stop();
|
|
private:
|
|
static void ViolationHandler();
|
|
static int mNotifyToken;
|
|
static uint64_t mLastMsgReceived;
|
|
};
|
|
|
|
#endif // nsSandboxViolationSink_h_
|