Sandbox/Mac/Debugging: Difference between revisions

From MozillaWiki
< Sandbox‎ | Mac
Jump to navigation Jump to search
(opensnoop)
(Grammar)
Line 85: Line 85:


= Using opensnoop(1m) to Observe Content Process File I/O =
= Using opensnoop(1m) to Observe Content Process File I/O =
You can use opensnoop(1m) to see what files the content process is opening. For this listing, I had the opensnoop running when Nightly was started so some of these opens likely happened before the content process turned on the sandbox. Passing the -t option to opensnoop will get it to print the stack trace of the user program.
You can use opensnoop(1m) to see what files the content process is opening. For this listing, I had opensnoop running when Nightly was started so some of these opens likely happened before the content process turned on the sandbox. Passing the -t option to opensnoop will get it to print the stack trace of the user program.
<pre>
<pre>
~ $ sudo opensnoop -xve -n plugin-container 2>/dev/null
~ $ sudo opensnoop -xve -n plugin-container 2>/dev/null

Revision as of 18:30, 11 August 2016


Using the (trace <filename>) Option

~ $ cat test.sb 
(version 1)
(debug all)
(trace "trace.sb")
(deny default)

~ $ sandbox-exec -f ./test.sb ls /tmp
com.apple.launchd.TxO9Zrlk0Y	textmate-501.sock
com.apple.launchd.Wx9IMgekbf	wifi-Uy2Oqp.log

~ $ cat trace.sb
(version 1) ; Thu Aug 11 10:46:24 2016
(allow process-exec* (path "/bin/ls"))
(allow process-exec* (path "/bin/ls"))
(allow file-read-metadata (path "/usr/lib/libutil.dylib"))
(allow file-read-metadata (path "/usr/lib/libncurses.5.4.dylib"))
(allow file-read-metadata (path "/usr/lib/libSystem.B.dylib"))
(allow file-read-metadata (path "/usr/lib/libc++.1.dylib"))
(allow file-read-metadata (path "/usr/lib/libc++abi.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libcache.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libcommonCrypto.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libcompiler_rt.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libcopyfile.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libcorecrypto.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libdispatch.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libdyld.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libkeymgr.dylib"))
(allow file-read-metadata (path "/usr/lib/system/liblaunch.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libmacho.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libquarantine.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libremovefile.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_asl.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_blocks.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_c.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_configuration.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_coreservices.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_coretls.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_dnssd.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_info.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_kernel.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_m.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_malloc.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_network.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_networkextension.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_notify.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_platform.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_pthread.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_sandbox.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_secinit.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libsystem_trace.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libunc.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libunwind.dylib"))
(allow file-read-metadata (path "/usr/lib/system/libxpc.dylib"))
(allow file-read-metadata (path "/usr/lib/libobjc.A.dylib"))
(allow file-read-metadata (path "/usr/lib/libauto.dylib"))
(allow file-read-metadata (path "/usr/lib/libDiagnosticMessagesClient.dylib"))
(allow file-read-data (path "/dev/dtracehelper"))
(allow file-write-data (path "/dev/dtracehelper"))
(allow file-ioctl (path "/dev/dtracehelper"))
(allow sysctl-read (sysctl-name "kern.usrstack64"))
(allow file-read-metadata (path "/usr/share/locale/en_US.UTF-8/LC_COLLATE"))
(allow file-read-data (path "/usr/share/locale/la_LN.US-ASCII/LC_COLLATE"))
(allow file-read-metadata (path "/usr/share/locale/en_US.UTF-8/LC_CTYPE"))
(allow file-read-data (path "/usr/share/locale/UTF-8/LC_CTYPE"))
(allow file-read-metadata (path "/usr/share/locale/en_US.UTF-8/LC_MONETARY"))
(allow file-read-data (path "/usr/share/locale/en_US.ISO8859-1/LC_MONETARY"))
(allow file-read-metadata (path "/usr/share/locale/en_US.UTF-8/LC_NUMERIC"))
(allow file-read-data (path "/usr/share/locale/en_US.ISO8859-1/LC_NUMERIC"))
(allow file-read-metadata (path "/usr/share/locale/en_US.UTF-8/LC_TIME"))
(allow file-read-data (path "/usr/share/locale/en_US.ISO8859-1/LC_TIME"))
(allow file-read-metadata (path "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES"))
(allow file-read-data (path "/usr/share/locale/en_US.ISO8859-1/LC_MESSAGES/LC_MESSAGES"))
(allow file-read-metadata (path "/tmp"))
(allow file-read-metadata (path "/private/tmp"))
(allow file-read-data (path "/Users/haftandilian"))
(allow file-read-metadata (path "/tmp"))
(allow file-read-data (path "/private/tmp"))
(allow sysctl-read (sysctl-name "hw.pagesize_compat"))
~ $

Using opensnoop(1m) to Observe Content Process File I/O

You can use opensnoop(1m) to see what files the content process is opening. For this listing, I had opensnoop running when Nightly was started so some of these opens likely happened before the content process turned on the sandbox. Passing the -t option to opensnoop will get it to print the stack trace of the user program. 

~ $ sudo opensnoop -xve -n plugin-container 2>/dev/null
...
2016 Aug 11 11:25:32   501   2745 plugin-container  -1   2 /Users/haftandilian/Library/Autosave Information/org.mozilla.plugincontainer.plist 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AppleScript.component/Contents/Resources/Base.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AudioCodecs.component/Contents/Resources/Base.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AudioDSP.component/Contents/Resources/en.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AudioDSP.component/Contents/Resources/Base.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AUSpeechSynthesis.component/Contents/Resources 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AUSpeechSynthesis.component/Contents/Resources 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AUSpeechSynthesis.component/Contents/Resources/English.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/AUSpeechSynthesis.component/Contents/Resources/Base.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/CoreAudio.component/Contents/Resources/Base.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/JavaScript.component/Contents/Resources/Base.lproj 
2016 Aug 11 11:25:47   501   2743 plugin-container  -1   2 /System/Library/Components/JavaScript.component/Contents/Resources/English.lproj 
...
Retrieved from "https://wiki.mozilla.org/index.php?title=Sandbox/Mac/Debugging&oldid=1143634"