roytam1/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 13:58:49 +00:00
Code Issues Projects Releases Wiki Activity

Remove sandbox ductwork conditional code.

Browse Source
This commit is contained in:
wolfbeast
2018-05-03 01:24:31 +02:00
committed by Roy Tam
parent aa9ae963f6
commit c8462db202
44 changed files with 5 additions and 916 deletions
Download Patch File Download Diff File Expand all files Collapse all files
application/palemoon/app/nsBrowserApp.cpp
+1 -24
View File
@@ -31,9 +31,6 @@
#endif
#define XRE_WANT_ENVIRON
#define strcasecmp _stricmp
#ifdef MOZ_SANDBOX
#include "mozilla/sandboxing/SandboxInitialization.h"
#endif
#endif
#include "BinaryPath.h"
@@ -43,8 +40,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/WindowsDllBlocklist.h"
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \
&& !(defined(XP_LINUX) && defined(MOZ_SANDBOX))
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID)
#define MOZ_BROWSER_CAN_BE_CONTENTPROC
#include "../../ipc/contentproc/plugin-container.cpp"
#endif
@@ -207,10 +203,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
}
XREShellData shellData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
shellData.sandboxBrokerServices =
sandboxing::GetInitializedBrokerServices();
#endif
return XRE_XPCShellMain(--argc, argv, envp, &shellData);
}
@@ -262,12 +254,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0;
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
sandbox::BrokerServices* brokerServices =
sandboxing::GetInitializedBrokerServices();
appData.sandboxBrokerServices = brokerServices;
#endif
#ifdef LIBFUZZER
if (getenv("LIBFUZZER"))
XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main);
@@ -369,15 +355,6 @@ int main(int argc, char* argv[], char* envp[])
// We are launching as a content process, delegate to the appropriate
// main
if (argc > 1 && IsArg(argv[1], "contentproc")) {
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
// We need to initialize the sandbox TargetServices before InitXPCOMGlue
// because we might need the sandbox broker to give access to some files.
if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) {
Output("Failed to initialize the sandbox target services.");
return 255;
}
#endif
nsresult rv = InitXPCOMGlue(argv[0], nullptr);
if (NS_FAILED(rv)) {
return 255;
application/palemoon/installer/package-manifest.in
-15
View File
@@ -334,21 +334,6 @@
@RESPATH@/chrome/pippki@JAREXT@
@RESPATH@/chrome/pippki.manifest
; For process sandboxing
#if defined(MOZ_SANDBOX)
#if defined(XP_WIN)
#if defined(WOW_HELPER)
@BINPATH@/wow_helper.exe
#endif
#endif
#endif
#if defined(MOZ_SANDBOX)
#if defined(XP_LINUX)
@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@
#endif
#endif
; for Solaris SPARC
#ifdef SOLARIS
bin/libfreebl_32fpu_3.so
browser/app/moz.build
-16
View File
@@ -48,22 +48,6 @@ if CONFIG['OS_ARCH'] == 'WINNT':
for cdm in CONFIG['MOZ_EME_MODULES']:
DEFINES['MOZ_%s_EME' % cdm.upper()] = True
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'sandbox_s',
]
DELAYLOAD_DLLS += [
'winmm.dll',
'user32.dll',
]
# Control the default heap size.
# This is the heap returned by GetProcessHeap().
# As we use the CRT heap, the default size is too large and wastes VM.
browser/app/nsBrowserApp.cpp
+1 -25
View File
@@ -31,9 +31,6 @@
#endif
#define XRE_WANT_ENVIRON
#define strcasecmp _stricmp
#ifdef MOZ_SANDBOX
#include "mozilla/sandboxing/SandboxInitialization.h"
#endif
#endif
#include "BinaryPath.h"
@@ -43,8 +40,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/WindowsDllBlocklist.h"
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \
&& !(defined(XP_LINUX) && defined(MOZ_SANDBOX))
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID)
#define MOZ_BROWSER_CAN_BE_CONTENTPROC
#include "../../ipc/contentproc/plugin-container.cpp"
#endif
@@ -207,11 +203,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
}
XREShellData shellData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
shellData.sandboxBrokerServices =
sandboxing::GetInitializedBrokerServices();
#endif
return XRE_XPCShellMain(--argc, argv, envp, &shellData);
}
@@ -262,12 +253,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0;
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
sandbox::BrokerServices* brokerServices =
sandboxing::GetInitializedBrokerServices();
appData.sandboxBrokerServices = brokerServices;
#endif
#ifdef LIBFUZZER
if (getenv("LIBFUZZER"))
XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main);
@@ -369,15 +354,6 @@ int main(int argc, char* argv[], char* envp[])
// We are launching as a content process, delegate to the appropriate
// main
if (argc > 1 && IsArg(argv[1], "contentproc")) {
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
// We need to initialize the sandbox TargetServices before InitXPCOMGlue
// because we might need the sandbox broker to give access to some files.
if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) {
Output("Failed to initialize the sandbox target services.");
return 255;
}
#endif
nsresult rv = InitXPCOMGlue(argv[0], nullptr);
if (NS_FAILED(rv)) {
return 255;
browser/app/profile/firefox.js
-26
View File
@@ -921,32 +921,6 @@ pref("dom.ipc.shims.enabledWarnings", false);
pref("browser.tabs.remote.autostart", false);
pref("browser.tabs.remote.desktopbehavior", true);
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
// When this pref is true the Windows process sandbox will set up dummy
// interceptions and log to the browser console when calls fail in the sandboxed
// process and also if they are subsequently allowed by the broker process.
// This will require a restart.
pref("security.sandbox.windows.log", false);
// Controls whether and how the Windows NPAPI plugin process is sandboxed.
// To get a different setting for a particular plugin replace "default", with
// the plugin's nice file name, see: nsPluginTag::GetNiceFileName.
// On windows these levels are:
// 0 - no sandbox
// 1 - sandbox with USER_NON_ADMIN access token level
// 2 - a more strict sandbox, which might cause functionality issues. This now
// includes running at low integrity.
// 3 - the strongest settings we seem to be able to use without breaking
// everything, but will probably cause some functionality restrictions
pref("dom.ipc.plugins.sandbox-level.default", 0);
#if defined(_AMD64_)
// The lines in PluginModuleParent.cpp should be changed in line with this.
pref("dom.ipc.plugins.sandbox-level.flash", 2);
#else
pref("dom.ipc.plugins.sandbox-level.flash", 0);
#endif
#endif
// This pref governs whether we attempt to work around problems caused by
// plugins using OS calls to manipulate the cursor while running out-of-
// process. These workarounds all involve intercepting (hooking) certain
browser/installer/package-manifest.in
-15
View File
@@ -744,21 +744,6 @@
@RESPATH@/components/pipnss.xpt
@RESPATH@/components/pippki.xpt
; For process sandboxing
#if defined(MOZ_SANDBOX)
#if defined(XP_WIN)
#if defined(WOW_HELPER)
@BINPATH@/wow_helper.exe
#endif
#endif
#endif
#if defined(MOZ_SANDBOX)
#if defined(XP_LINUX)
@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@
#endif
#endif
; for Solaris SPARC
#ifdef SOLARIS
bin/libfreebl_32fpu_3.so
build/directive4.py
-1
View File
@@ -33,7 +33,6 @@ if ('MOZ_OFFICIAL_BRANDING' in listConfig) or (strBrandingDirectory.endswith("br
# Applies to Pale Moon and Basilisk
if ('MC_BASILISK' in listConfig) or ('MC_PALEMOON' in listConfig):
listViolations += [
'MOZ_SANDBOX',
'MOZ_SYSTEM_LIBEVENT',
'MOZ_SYSTEM_NSS',
'MOZ_SYSTEM_NSPR',
dom/ipc/moz.build
-6
View File
@@ -140,12 +140,6 @@ LOCAL_INCLUDES += [
'/xpcom/threads',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
if CONFIG['OS_ARCH'] != 'WINNT':
LOCAL_INCLUDES += [
'/modules/libjar',
dom/media/gmp/GMPProcessParent.cpp
-34
View File
@@ -8,9 +8,6 @@
#include "GMPUtils.h"
#include "nsIFile.h"
#include "nsIRunnable.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "WinUtils.h"
#endif
#include "base/string_util.h"
#include "base/process_util.h"
@@ -56,38 +53,7 @@ GMPProcessParent::Launch(int32_t aTimeoutMs)
vector<string> args;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
std::wstring wGMPPath = UTF8ToWide(mGMPPath.c_str());
// The sandbox doesn't allow file system rules where the paths contain
// symbolic links or junction points. Sometimes the Users folder has been
// moved to another drive using a junction point, so allow for this specific
// case. See bug 1236680 for details.
if (!widget::WinUtils::ResolveJunctionPointsAndSymLinks(wGMPPath)) {
GMP_LOG("ResolveJunctionPointsAndSymLinks failed for GMP path=%S",
wGMPPath.c_str());
NS_WARNING("ResolveJunctionPointsAndSymLinks failed for GMP path.");
return false;
}
GMP_LOG("GMPProcessParent::Launch() resolved path to %S", wGMPPath.c_str());
// If the GMP path is a network path that is not mapped to a drive letter,
// then we need to fix the path format for the sandbox rule.
wchar_t volPath[MAX_PATH];
if (::GetVolumePathNameW(wGMPPath.c_str(), volPath, MAX_PATH) &&
::GetDriveTypeW(volPath) == DRIVE_REMOTE &&
wGMPPath.compare(0, 2, L"\\\\") == 0) {
std::wstring sandboxGMPPath(wGMPPath);
sandboxGMPPath.insert(1, L"??\\UNC");
mAllowedFilesRead.push_back(sandboxGMPPath + L"\\*");
} else {
mAllowedFilesRead.push_back(wGMPPath + L"\\*");
}
args.push_back(WideToUTF8(wGMPPath));
#else
args.push_back(mGMPPath);
#endif
args.push_back(string(voucherPath.BeginReading(), voucherPath.EndReading()));
dom/media/gmp/rlz/GMPDeviceBinding.cpp
-8
View File
@@ -12,10 +12,6 @@
#ifdef XP_WIN
#include "windows.h"
#ifdef MOZ_SANDBOX
#include <intrin.h>
#include <assert.h>
#endif
#endif
#if defined(HASH_NODE_ID_WITH_DEVICE_ID)
@@ -35,10 +31,6 @@
#ifdef XP_WIN
#include "windows.h"
#ifdef MOZ_SANDBOX
#include <intrin.h>
#include <assert.h>
#endif
#endif
#ifdef XP_MACOSX
dom/media/gmp/rlz/moz.build
-7
View File
@@ -13,13 +13,6 @@ UNIFIED_SOURCES += [
'GMPDeviceBinding.cpp',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ['WINNT', 'Darwin']:
DEFINES['HASH_NODE_ID_WITH_DEVICE_ID'] = 1;
UNIFIED_SOURCES += [
'lib/string_utils.cc',
'sha256.c',
]
if CONFIG['OS_TARGET'] == 'WINNT':
UNIFIED_SOURCES += [
'win/lib/machine_id_win.cc',
dom/plugins/base/nsPluginTags.cpp
+1 -18
View File
@@ -427,24 +427,7 @@ void nsPluginTag::InitMime(const char* const* aMimeTypes,
void
nsPluginTag::InitSandboxLevel()
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
nsAutoCString sandboxPref("dom.ipc.plugins.sandbox-level.");
sandboxPref.Append(GetNiceFileName());
if (NS_FAILED(Preferences::GetInt(sandboxPref.get(), &mSandboxLevel))) {
mSandboxLevel = Preferences::GetInt("dom.ipc.plugins.sandbox-level.default"
);
}
#if defined(_AMD64_)
// As level 2 is now the default NPAPI sandbox level for 64-bit flash, we
// don't want to allow a lower setting unless this environment variable is
// set. This should be changed if the firefox.js pref file is changed.
if (mIsFlashPlugin &&
!PR_GetEnv("MOZ_ALLOW_WEAKER_SANDBOX") && mSandboxLevel < 2) {
mSandboxLevel = 2;
}
#endif
#endif
/* STUB */
}
#if !defined(XP_WIN) && !defined(XP_MACOSX)
dom/plugins/ipc/PluginProcessChild.cpp
-10
View File
@@ -22,10 +22,6 @@ extern "C" CGError CGSSetDebugOptions(int options);
#ifdef XP_WIN
bool ShouldProtectPluginCurrentDirectory(char16ptr_t pluginFilePath);
#if defined(MOZ_SANDBOX)
#define TARGET_SANDBOX_EXPORTS
#include "mozilla/sandboxTarget.h"
#endif
#endif
using mozilla::ipc::IOThreadChild;
@@ -107,12 +103,6 @@ PluginProcessChild::Init()
pluginFilename = WideToUTF8(values[0]);
#if defined(MOZ_SANDBOX)
// This is probably the earliest we would want to start the sandbox.
// As we attempt to tighten the sandbox, we may need to consider moving this
// to later in the plugin initialization.
mozilla::SandboxTarget::Instance()->StartSandbox();
#endif
#else
# error Sorry
#endif
dom/plugins/ipc/PluginProcessParent.cpp
-85
View File
@@ -14,10 +14,6 @@
#include "mozilla/Telemetry.h"
#include "nsThreadUtils.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "nsDirectoryServiceDefs.h"
#endif
using std::vector;
using std::string;
@@ -40,95 +36,14 @@ PluginProcessParent::~PluginProcessParent()
{
}
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
static void
AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSvc,
const char* aDir, const nsAString& aSuffix = EmptyString())
{
nsCOMPtr<nsIFile> userDir;
nsresult rv = aDirSvc->Get(aDir, NS_GET_IID(nsIFile), getter_AddRefs(userDir));
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
nsAutoString userDirPath;
rv = userDir->GetPath(userDirPath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
if (!aSuffix.IsEmpty()) {
userDirPath.Append(aSuffix);
}
aAllowedFiles.push_back(std::wstring(userDirPath.get()));
return;
}
static void
AddSandboxAllowedFiles(int32_t aSandboxLevel,
vector<std::wstring>& aAllowedFilesRead,
vector<std::wstring>& aAllowedFilesReadWrite,
vector<std::wstring>& aAllowedDirectories)
{
if (aSandboxLevel < 2) {
return;
}
nsresult rv;
nsCOMPtr<nsIProperties> dirSvc =
do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
// Higher than level 2 currently removes the users own rights.
if (aSandboxLevel > 2) {
AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR);
AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR,
NS_LITERAL_STRING("\\*"));
}
// Level 2 and above is now using low integrity, so we need to give write
// access to the Flash directories.
// This should be made Flash specific (Bug 1171396).
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe\\Flash Player\\*"));
// Access also has to be given to create the parent directories as they may
// not exist.
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe\\Flash Player"));
}
#endif
bool
PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchCompleteTask,
int32_t aSandboxLevel)
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
mSandboxLevel = aSandboxLevel;
AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead,
mAllowedFilesReadWrite, mAllowedDirectories);
#else
if (aSandboxLevel != 0) {
MOZ_ASSERT(false,
"Can't enable an NPAPI process sandbox for platform/build.");
}
#endif
ProcessArchitecture currentArchitecture = base::GetCurrentProcessArchitecture();
uint32_t containerArchitectures = GetSupportedArchitecturesForProcessType(GeckoProcessType_Plugin);
dom/plugins/ipc/moz.build
-6
View File
@@ -125,12 +125,6 @@ LOCAL_INCLUDES += [
'/xpcom/base/',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
DEFINES['FORCE_PR_LOG'] = True
if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk3':
ipc/app/moz.build
-37
View File
@@ -43,47 +43,10 @@ if CONFIG['OS_ARCH'] == 'WINNT':
'nss3.dll',
]
if CONFIG['MOZ_SANDBOX']:
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'sandbox_s',
]
DELAYLOAD_DLLS += [
'winmm.dll',
'user32.dll',
]
DELAYLOAD_DLLS += [
'xul.dll',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ('Linux', 'Android'):
USE_LIBS += [
'mozsandbox',
]
# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build. Work around that by
# forcing there to be only one partition.
if '-flto' in CONFIG['OS_CXXFLAGS'] and not CONFIG['CLANG_CXX']:
LDFLAGS += ['--param lto-partitions=1']
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin':
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'mozsandbox',
]
if CONFIG['_MSC_VER']:
# Always enter a Windows program through wmain, whether or not we're
# a console application.
ipc/app/pie/moz.build
-11
View File
@@ -16,15 +16,4 @@ LOCAL_INCLUDES += [
'/xpcom/base',
]
if CONFIG['MOZ_SANDBOX']:
USE_LIBS += [
'mozsandbox',
]
# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build. Work around that by
# forcing there to be only one partition.
if '-flto' in CONFIG['OS_CXXFLAGS'] and not CONFIG['CLANG_CXX']:
LDFLAGS += ['--param lto-partitions=1']
LDFLAGS += ['-pie']
ipc/contentproc/moz.build
-5
View File
@@ -18,8 +18,3 @@ if CONFIG['OS_ARCH'] == 'WINNT':
'/xpcom/base',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
ipc/contentproc/plugin-container.cpp
-40
View File
@@ -22,11 +22,6 @@
#include "GMPLoader.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "mozilla/sandboxing/SandboxInitialization.h"
#include "mozilla/sandboxing/sandboxLogging.h"
#endif
#ifdef MOZ_WIDGET_GONK
# include <sys/time.h>
# include <sys/resource.h>
@@ -62,26 +57,10 @@ InitializeBinder(void *aDummy) {
}
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
class WinSandboxStarter : public mozilla::gmp::SandboxStarter {
public:
virtual bool Start(const char *aLibPath) override {
if (IsSandboxedProcess()) {
mozilla::sandboxing::LowerSandbox();
}
return true;
}
};
#endif
mozilla::gmp::SandboxStarter*
MakeSandboxStarter()
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
return new WinSandboxStarter();
#else
return nullptr;
#endif
}
int
@@ -95,27 +74,8 @@ content_process_main(int argc, char* argv[])
XREChildData childData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
if (IsSandboxedProcess()) {
childData.sandboxTargetServices =
mozilla::sandboxing::GetInitializedTargetServices();
if (!childData.sandboxTargetServices) {
return 1;
}
childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction;
}
#endif
XRE_SetProcessType(argv[--argc]);
#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
// This has to happen while we're still single-threaded, and on
// B2G that means before the Android Binder library is
// initialized.
mozilla::SandboxEarlyInit(XRE_GetProcessType());
#endif
#ifdef MOZ_WIDGET_GONK
// This creates a ThreadPool for binder ipc. A ThreadPool is necessary to
// receive binder calls, though not necessary to send binder calls.
ipc/glue/GeckoChildProcessHost.cpp
-217
View File
@@ -39,12 +39,6 @@
#ifdef XP_WIN
#include "nsIWinTaskbar.h"
#define NS_TASKBAR_CONTRACTID "@mozilla.org/windows-taskbar;1"
#if defined(MOZ_SANDBOX)
#include "mozilla/Preferences.h"
#include "mozilla/sandboxing/sandboxLogging.h"
#include "nsDirectoryServiceUtils.h"
#endif
#endif
#include "nsTArray.h"
@@ -97,10 +91,6 @@ GeckoChildProcessHost::GeckoChildProcessHost(GeckoProcessType aProcessType,
mPrivileges(aPrivileges),
mMonitor("mozilla.ipc.GeckChildProcessHost.mMonitor"),
mProcessState(CREATING_CHANNEL),
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
mEnableSandboxLogging(false),
mSandboxLevel(0),
#endif
mChildProcessHandle(0)
#if defined(MOZ_WIDGET_COCOA)
, mChildTask(MACH_PORT_NULL)
@@ -307,14 +297,6 @@ GeckoChildProcessHost::PrepareLaunch()
if (mProcessType == GeckoProcessType_Plugin) {
InitWindowsGroupID();
}
#if defined(MOZ_SANDBOX)
// For other process types we can't rely on them being launched on main
// thread and they may not have access to prefs in the child process, so allow
// them to turn on logging via an environment variable.
mEnableSandboxLogging = mEnableSandboxLogging
|| !!PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING");
#endif
#endif
}
@@ -599,91 +581,6 @@ AddAppDirToCommandLine(std::vector<std::string>& aCmdLine)
}
}
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
static void
MaybeAddNsprLogFileAccess(std::vector<std::wstring>& aAllowedFilesReadWrite)
{
const char* nsprLogFileEnv = PR_GetEnv("NSPR_LOG_FILE");
if (!nsprLogFileEnv) {
return;
}
nsDependentCString nsprLogFilePath(nsprLogFileEnv);
nsCOMPtr<nsIFile> nsprLogFile;
nsresult rv = NS_NewNativeLocalFile(nsprLogFilePath, true,
getter_AddRefs(nsprLogFile));
if (NS_FAILED(rv)) {
// Not an absolute path, try it as a relative one.
nsresult rv = NS_GetSpecialDirectory(NS_OS_CURRENT_WORKING_DIR,
getter_AddRefs(nsprLogFile));
if (NS_FAILED(rv) || !nsprLogFile) {
NS_WARNING("Failed to get current working directory");
return;
}
rv = nsprLogFile->AppendRelativeNativePath(nsprLogFilePath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
}
nsAutoString resolvedFilePath;
rv = nsprLogFile->GetPath(resolvedFilePath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
// Update the environment variable as well as adding the rule, because the
// Chromium sandbox can only allow access to fully qualified file paths. This
// only affects the environment for the child process we're about to create,
// because this will get reset to the original value in PerformAsyncLaunch.
aAllowedFilesReadWrite.push_back(std::wstring(resolvedFilePath.get()));
nsAutoCString resolvedEnvVar("NSPR_LOG_FILE=");
AppendUTF16toUTF8(resolvedFilePath, resolvedEnvVar);
PR_SetEnv(resolvedEnvVar.get());
}
static void
AddContentSandboxAllowedFiles(int32_t aSandboxLevel,
std::vector<std::wstring>& aAllowedFilesRead)
{
if (aSandboxLevel < 1) {
return;
}
nsCOMPtr<nsIFile> binDir;
nsresult rv = NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(binDir));
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
nsAutoString binDirPath;
rv = binDir->GetPath(binDirPath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
// If bin directory is on a remote drive add read access.
wchar_t volPath[MAX_PATH];
if (!::GetVolumePathNameW(binDirPath.get(), volPath, MAX_PATH)) {
return;
}
if (::GetDriveTypeW(volPath) != DRIVE_REMOTE) {
return;
}
// Convert network share path to format for sandbox policy.
if (Substring(binDirPath, 0, 2).Equals(L"\\\\")) {
binDirPath.InsertLiteral(u"??\\UNC", 1);
}
binDirPath.AppendLiteral(u"\\*");
aAllowedFilesRead.push_back(std::wstring(binDirPath.get()));
}
#endif
bool
GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExtraOpts, base::ProcessArchitecture arch)
{
@@ -808,27 +705,6 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
}
#endif // MOZ_WIDGET_GONK
#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
// Preload libmozsandbox.so so that sandbox-related interpositions
// can be defined there instead of in the executable.
// (This could be made conditional on intent to use sandboxing, but
// it's harmless for non-sandboxed processes.)
{
nsAutoCString preload;
// Prepend this, because people can and do preload libpthread.
// (See bug 1222500.)
preload.AssignLiteral("libmozsandbox.so");
if (const char* oldPreload = PR_GetEnv("LD_PRELOAD")) {
// Doesn't matter if oldPreload is ""; extra separators are ignored.
preload.Append(' ');
preload.Append(oldPreload);
}
// Explicitly construct the std::string to make it clear that this
// isn't retaining a pointer to the nsCString's buffer.
newEnvVars["LD_PRELOAD"] = std::string(preload.get());
}
#endif
// remap the IPC socket fd to a well-known int, as the OS does for
// STDOUT_FILENO, for example
int srcChannelFd, dstChannelFd;
@@ -994,74 +870,6 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
}
}
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
bool shouldSandboxCurrentProcess = false;
// XXX: Bug 1124167: We should get rid of the process specific logic for
// sandboxing in this class at some point. Unfortunately it will take a bit
// of reorganizing so I don't think this patch is the right time.
switch (mProcessType) {
case GeckoProcessType_Content:
break;
case GeckoProcessType_Plugin:
if (mSandboxLevel > 0 &&
!PR_GetEnv("MOZ_DISABLE_NPAPI_SANDBOX")) {
bool ok = mSandboxBroker.SetSecurityLevelForPluginProcess(mSandboxLevel);
if (!ok) {
return false;
}
shouldSandboxCurrentProcess = true;
}
break;
case GeckoProcessType_IPDLUnitTest:
// XXX: We don't sandbox this process type yet
break;
case GeckoProcessType_GMPlugin:
if (!PR_GetEnv("MOZ_DISABLE_GMP_SANDBOX")) {
// The Widevine CDM on Windows can only load at USER_RESTRICTED,
// not at USER_LOCKDOWN. So look in the command line arguments
// to see if we're loading the path to the Widevine CDM, and if
// so use sandbox level USER_RESTRICTED instead of USER_LOCKDOWN.
bool isWidevine = std::any_of(aExtraOpts.begin(), aExtraOpts.end(),
[](const std::string arg) { return arg.find("gmp-widevinecdm") != std::string::npos; });
auto level = isWidevine ? SandboxBroker::Restricted : SandboxBroker::LockDown;
bool ok = mSandboxBroker.SetSecurityLevelForGMPlugin(level);
if (!ok) {
return false;
}
shouldSandboxCurrentProcess = true;
}
break;
case GeckoProcessType_GPU:
break;
case GeckoProcessType_Default:
default:
MOZ_CRASH("Bad process type in GeckoChildProcessHost");
break;
};
if (shouldSandboxCurrentProcess) {
MaybeAddNsprLogFileAccess(mAllowedFilesReadWrite);
for (auto it = mAllowedFilesRead.begin();
it != mAllowedFilesRead.end();
++it) {
mSandboxBroker.AllowReadFile(it->c_str());
}
for (auto it = mAllowedFilesReadWrite.begin();
it != mAllowedFilesReadWrite.end();
++it) {
mSandboxBroker.AllowReadWriteFile(it->c_str());
}
for (auto it = mAllowedDirectories.begin();
it != mAllowedDirectories.end();
++it) {
mSandboxBroker.AllowDirectory(it->c_str());
}
}
#endif // XP_WIN && MOZ_SANDBOX
// Add the application directory path (-appdir path)
AddAppDirToCommandLine(cmdLine);
@@ -1078,33 +886,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
// Process type
cmdLine.AppendLooseValue(UTF8ToWide(childProcessType));
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
if (shouldSandboxCurrentProcess) {
if (mSandboxBroker.LaunchApp(cmdLine.program().c_str(),
cmdLine.command_line_string().c_str(),
mEnableSandboxLogging,
&process)) {
EnvironmentLog("MOZ_PROCESS_LOG").print(
"==> process %d launched child process %d (%S)\n",
base::GetCurrentProcId(), base::GetProcId(process),
cmdLine.command_line_string().c_str());
}
} else
#endif
{
base::LaunchApp(cmdLine, false, false, &process);
#ifdef MOZ_SANDBOX
// We need to be able to duplicate handles to some types of non-sandboxed
// child processes.
if (mProcessType == GeckoProcessType_Content ||
mProcessType == GeckoProcessType_GPU ||
mProcessType == GeckoProcessType_GMPlugin) {
if (!mSandboxBroker.AddTargetPeer(process)) {
NS_WARNING("Failed to add content process as target peer.");
}
}
#endif
}
#else
ipc/glue/GeckoChildProcessHost.h
-13
View File
@@ -21,10 +21,6 @@
#include "nsXULAppAPI.h" // for GeckoProcessType
#include "nsString.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "sandboxBroker.h"
#endif
namespace mozilla {
namespace ipc {
@@ -153,15 +149,6 @@ protected:
#ifdef XP_WIN
void InitWindowsGroupID();
nsString mGroupId;
#ifdef MOZ_SANDBOX
SandboxBroker mSandboxBroker;
std::vector<std::wstring> mAllowedFilesRead;
std::vector<std::wstring> mAllowedFilesReadWrite;
std::vector<std::wstring> mAllowedDirectories;
bool mEnableSandboxLogging;
int32_t mSandboxLevel;
#endif
#endif // XP_WIN
#if defined(OS_POSIX)
ipc/glue/ProtocolUtils.cpp
-16
View File
@@ -20,11 +20,6 @@
#include "mozilla/Unused.h"
#include "nsPrintfCString.h"
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
#define TARGET_SANDBOX_EXPORTS
#include "mozilla/sandboxTarget.h"
#endif
#include "nsAutoPtr.h"
using namespace IPC;
@@ -162,17 +157,6 @@ bool DuplicateHandle(HANDLE aSourceHandle,
}
#if defined(MOZ_SANDBOX)
// Try the broker next (will fail if not sandboxed).
if (SandboxTarget::Instance()->BrokerDuplicateHandle(aSourceHandle,
aTargetProcessId,
aTargetHandle,
aDesiredAccess,
aOptions)) {
return true;
}
#endif
// Finally, see if we already have access to the process.
ScopedProcessHandle targetProcess(OpenProcess(PROCESS_DUP_HANDLE,
FALSE,
ipc/glue/moz.build
-7
View File
@@ -196,12 +196,5 @@ for var in ('MOZ_CHILD_PROCESS_NAME', 'MOZ_CHILD_PROCESS_NAME_PIE',
'MOZ_CHILD_PROCESS_BUNDLE', 'DLL_PREFIX', 'DLL_SUFFIX'):
DEFINES[var] = '"%s"' % CONFIG[var]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
'/security/sandbox/win/src/sandboxbroker',
]
if CONFIG['GNU_CXX']:
CXXFLAGS += ['-Wno-shadow']
js/xpconnect/shell/moz.build
-16
View File
@@ -35,22 +35,6 @@ if CONFIG['_MSC_VER']:
if CONFIG['OS_ARCH'] == 'WINNT':
RCINCLUDE = 'xpcshell.rc'
if CONFIG['MOZ_SANDBOX']:
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'sandbox_s',
]
DELAYLOAD_DLLS += [
'winmm.dll',
'user32.dll',
]
DELAYLOAD_DLLS += [
'xul.dll',
]
js/xpconnect/shell/xpcshell.cpp
-7
View File
@@ -22,9 +22,6 @@
#define XRE_DONT_PROTECT_DLL_LOAD
#define XRE_WANT_ENVIRON
#include "nsWindowsWMain.cpp"
#ifdef MOZ_SANDBOX
#include "mozilla/sandboxing/SandboxInitialization.h"
#endif
#endif
#ifdef MOZ_WIDGET_GTK
@@ -54,10 +51,6 @@ main(int argc, char** argv, char** envp)
#endif
XREShellData shellData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
shellData.sandboxBrokerServices =
mozilla::sandboxing::GetInitializedBrokerServices();
#endif
int result = XRE_XPCShellMain(argc, argv, envp, &shellData);
js/xpconnect/src/XPCShellImpl.cpp
-13
View File
@@ -44,9 +44,6 @@
#ifdef XP_WIN
#include "mozilla/widget/AudioSession.h"
#include <windows.h>
#if defined(MOZ_SANDBOX)
#include "SandboxBroker.h"
#endif
#endif
// all this crap is needed to do the interactive shell stuff
@@ -1484,16 +1481,6 @@ XRE_XPCShellMain(int argc, char** argv, char** envp,
// Plugin may require audio session if installed plugin can initialize
// asynchronized.
AutoAudioSession audioSession;
#if defined(MOZ_SANDBOX)
// Required for sandboxed child processes.
if (aShellData->sandboxBrokerServices) {
SandboxBroker::Initialize(aShellData->sandboxBrokerServices);
} else {
NS_WARNING("Failed to initialize broker services, sandboxed "
"processes will fail to start.");
}
#endif
#endif
{
mobile/android/installer/package-manifest.in
-5
View File
@@ -502,11 +502,6 @@
;
@BINPATH@/components/pipnss.xpt
; For process sandboxing
#if defined(MOZ_SANDBOX)
@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@
#endif
[mobile]
@BINPATH@/chrome/chrome@JAREXT@
@BINPATH@/chrome/chrome.manifest
old-configure.in
-20
View File
@@ -2311,7 +2311,6 @@ MOZ_INSTALL_TRACKING=
ACCESSIBILITY=1
MOZ_TIME_MANAGER=
MOZ_AUDIO_CHANNEL_MANAGER=
MOZ_SANDBOX=
MOZ_BINARY_EXTENSIONS=
MOZ_JETPACK=1
MOZ_DEVTOOLS_SERVER=1
@@ -3923,24 +3922,6 @@ if test -n "$MOZ_NO_SMART_CARDS"; then
fi
AC_SUBST(MOZ_NO_SMART_CARDS)
dnl ========================================================
dnl = Sandboxing support
dnl ========================================================
MOZ_ARG_ENABLE_BOOL(sandbox,
[ --enable-sandbox Enable sandboxing support],
MOZ_SANDBOX=1,
MOZ_SANDBOX=)
if test -n "$MOZ_TSAN" -o -n "$MOZ_ASAN"; then
# Bug 1182565: TSan conflicts with sandboxing on Linux.
# Bug 1287971: LSan also conflicts with sandboxing on Linux.
case $OS_TARGET in
Linux|Android)
MOZ_SANDBOX=
;;
esac
fi
dnl ========================================================
dnl =
dnl = Module specific options
@@ -5771,7 +5752,6 @@ MOZ_OFFICIAL_BRANDING=$MOZ_OFFICIAL_BRANDING
MOZ_BRANDING_DIRECTORY=$MOZ_BRANDING_DIRECTORY
MC_BASILISK=$MC_BASILISK
MC_PALEMOON=$MC_PALEMOON
MOZ_SANDBOX=$MOZ_SANDBOX
MOZ_EME=$MOZ_EME
MOZ_WEBRTC=$MOZ_WEBRTC
MOZ_SYSTEM_LIBEVENT=$MOZ_SYSTEM_LIBEVENT
security/sandbox/chromium/base/time/time.cc
-2
View File
@@ -242,7 +242,6 @@ Time Time::LocalMidnight() const {
return FromLocalExploded(exploded);
}
#if !defined(MOZ_SANDBOX)
// static
bool Time::FromStringInternal(const char* time_string,
bool is_local,
@@ -263,7 +262,6 @@ bool Time::FromStringInternal(const char* time_string,
*parsed_time = Time(result_time);
return true;
}
#endif
std::ostream& operator<<(std::ostream& os, Time time) {
Time::Exploded exploded;
security/sandbox/chromium/base/time/time.h
-4
View File
@@ -522,7 +522,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
return FromExploded(true, exploded);
}
#if !defined(MOZ_SANDBOX)
// Converts a string representation of time to a Time object.
// An example of a time string which is converted is as below:-
// "Tue, 15 Nov 1994 12:45:26 GMT". If the timezone is not specified
@@ -537,7 +536,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
static bool FromUTCString(const char* time_string, Time* parsed_time) {
return FromStringInternal(time_string, false, parsed_time);
}
#endif
// Fills the given exploded structure with either the local time or UTC from
// this time structure (containing UTC).
@@ -565,7 +563,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
// |is_local = true| or UTC |is_local = false|.
static Time FromExploded(bool is_local, const Exploded& exploded);
#if !defined(MOZ_SANDBOX)
// Converts a string representation of time to a Time object.
// An example of a time string which is converted is as below:-
// "Tue, 15 Nov 1994 12:45:26 GMT". If the timezone is not specified
@@ -576,7 +573,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
static bool FromStringInternal(const char* time_string,
bool is_local,
Time* parsed_time);
#endif
};
// Inline the TimeDelta factory methods, for fast TimeDelta construction.
toolkit/content/aboutSupport.js
+1 -20
View File
@@ -497,26 +497,7 @@ var snapshotFormatters = {
$("prefs-user-js-section").style.display = "";
// Clear the no-copy class
$("prefs-user-js-section").className = "";
},
sandbox: function sandbox(data) {
if (!AppConstants.MOZ_SANDBOX)
return;
let strings = stringBundle();
let tbody = $("sandbox-tbody");
for (let key in data) {
// Simplify the display a little in the common case.
if (key === "hasPrivilegedUserNamespaces" &&
data[key] === data["hasUserNamespaces"]) {
continue;
}
tbody.appendChild($.new("tr", [
$.new("th", strings.GetStringFromName(key), "column"),
$.new("td", data[key])
]));
}
},
}
};
var $ = document.getElementById.bind(document);
toolkit/content/aboutSupport.xhtml
-14
View File
@@ -475,20 +475,6 @@
</tbody>
</table>
<!-- - - - - - - - - - - - - - - - - - - - - -->
#if defined(MOZ_SANDBOX)
<h2 class="major-section" id="sandbox">
&aboutSupport.sandboxTitle;
</h2>
<table>
<tbody id="sandbox-tbody">
</tbody>
</table>
#endif
</div>
</body>
toolkit/locales/en-US/chrome/global/aboutSupport.dtd
-2
View File
@@ -109,8 +109,6 @@ variant of aboutSupport.showDir.label. -->
<!ENTITY aboutSupport.copyTextToClipboard.label "Copy text to clipboard">
<!ENTITY aboutSupport.copyRawDataToClipboard.label "Copy raw data to clipboard">
<!ENTITY aboutSupport.sandboxTitle "Sandbox">
<!ENTITY aboutSupport.safeModeTitle "Try Safe Mode">
<!ENTITY aboutSupport.restartInSafeMode.label "Restart with Add-ons Disabled…">
toolkit/modules/AppConstants.jsm
-7
View File
@@ -81,13 +81,6 @@ this.AppConstants = Object.freeze({
false,
#endif
MOZ_SANDBOX:
#ifdef MOZ_SANDBOX
true,
#else
false,
#endif
MOZ_TELEMETRY_REPORTING:
#ifdef MOZ_TELEMETRY_REPORTING
true,
toolkit/modules/Troubleshoot.jsm
-20
View File
@@ -530,23 +530,3 @@ var dataProviders = {
}
};
if (AppConstants.MOZ_SANDBOX) {
dataProviders.sandbox = function sandbox(done) {
let data = {};
if (AppConstants.platform == "linux") {
const keys = ["hasSeccompBPF", "hasSeccompTSync",
"hasPrivilegedUserNamespaces", "hasUserNamespaces",
"canSandboxContent", "canSandboxMedia"];
let sysInfo = Cc["@mozilla.org/system-info;1"].
getService(Ci.nsIPropertyBag2);
for (let key of keys) {
if (sysInfo.hasKey(key)) {
data[key] = sysInfo.getPropertyAsBool(key);
}
}
}
done(data);
}
}
toolkit/toolkit.mozbuild
+1 -5
View File
@@ -4,12 +4,8 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
if CONFIG['MOZ_SANDBOX']:
DIRS += ['/security/sandbox']
DIRS += [
# Depends on NSS and NSPR, and must be built after sandbox or else B2G emulator
# builds fail.
# Depends on NSS and NSPR
'/security/certverifier',
# Depends on certverifier
'/security/apps',
toolkit/xre/moz.build
-6
View File
@@ -149,12 +149,6 @@ LOCAL_INCLUDES += [
'/xpcom/build',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
LOCAL_INCLUDES += [
'/widget',
toolkit/xre/nsAppRunner.cpp
-42
View File
@@ -194,14 +194,6 @@
#include "GeneratedJNIWrappers.h"
#endif
#if defined(MOZ_SANDBOX)
#if defined(XP_LINUX) && !defined(ANDROID)
#include "mozilla/SandboxInfo.h"
#elif defined(XP_WIN)
#include "SandboxBroker.h"
#endif
#endif
extern uint32_t gRestartMode;
extern void InstallSignalHandlers(const char *ProgramName);
@@ -2952,18 +2944,6 @@ XREMain::XRE_mainInit(bool* aExitFlag)
if (NS_FAILED(rv))
return 1;
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
if (mAppData->sandboxBrokerServices) {
SandboxBroker::Initialize(mAppData->sandboxBrokerServices);
Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, true);
} else {
Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, false);
// Otherwise just warn for the moment, as most things will work.
NS_WARNING("Failed to initialize broker services, sandboxed processes will "
"fail to start.");
}
#endif
#ifdef XP_MACOSX
// Set up ability to respond to system (Apple) events. This must occur before
// ProcessUpdates to ensure that links clicked in external applications aren't
@@ -3906,24 +3886,6 @@ XREMain::XRE_mainRun()
}
#endif /* MOZ_INSTRUMENT_EVENT_LOOP */
#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(MOZ_WIDGET_GONK)
// If we're on Linux, we now have information about the OS capabilities
// available to us.
SandboxInfo sandboxInfo = SandboxInfo::Get();
Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_BPF,
sandboxInfo.Test(SandboxInfo::kHasSeccompBPF));
Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_TSYNC,
sandboxInfo.Test(SandboxInfo::kHasSeccompTSync));
Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES_PRIVILEGED,
sandboxInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces));
Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES,
sandboxInfo.Test(SandboxInfo::kHasUserNamespaces));
Telemetry::Accumulate(Telemetry::SANDBOX_CONTENT_ENABLED,
sandboxInfo.Test(SandboxInfo::kEnabledForContent));
Telemetry::Accumulate(Telemetry::SANDBOX_MEDIA_ENABLED,
sandboxInfo.Test(SandboxInfo::kEnabledForMedia));
#endif /* MOZ_SANDBOX && XP_LINUX && !MOZ_WIDGET_GONK */
{
rv = appStartup->Run();
if (NS_FAILED(rv)) {
@@ -3989,10 +3951,6 @@ XREMain::XRE_main(int argc, char* argv[], const nsXREAppData* aAppData)
// See bug 1279614.
XRE_CreateStatsObject();
#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(ANDROID)
SandboxInfo::ThreadingCheck();
#endif
char aLocal;
GeckoProfilerInitRAII profilerGuard(&aLocal);
toolkit/xre/nsEmbedFunctions.cpp
-16
View File
@@ -74,11 +74,6 @@
#include "mozilla/Telemetry.h"
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
#include "mozilla/sandboxTarget.h"
#include "mozilla/sandboxing/loggingCallbacks.h"
#endif
#ifdef MOZ_IPDL_TESTS
#include "mozilla/_ipdltest/IPDLUnitTests.h"
#include "mozilla/_ipdltest/IPDLUnitTestProcessChild.h"
@@ -315,11 +310,6 @@ XRE_InitChildProcess(int aArgc,
freopen("CONIN$", "r", stdin);
}
#if defined(MOZ_SANDBOX)
if (aChildData->sandboxTargetServices) {
SandboxTarget::Instance()->SetTargetServices(aChildData->sandboxTargetServices);
}
#endif
#endif
// NB: This must be called before profiler_init
@@ -585,12 +575,6 @@ XRE_InitChildProcess(int aArgc,
::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY);
#endif
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
// We need to do this after the process has been initialised, as
// InitLoggingIfRequired may need access to prefs.
mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction);
#endif
OverrideDefaultLocaleIfNeeded();
// Run the UI event loop on the main thread.
xpcom/base/nsSystemInfo.cpp
-27
View File
@@ -66,10 +66,6 @@ NS_EXPORT int android_sdk_version;
#include <sys/sysctl.h>
#endif
#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
#include "mozilla/SandboxInfo.h"
#endif
// Slot for NS_InitXPCOM2 to pass information to nsSystemInfo::Init.
// Only set to nonzero (potentially) if XP_UNIX. On such systems, the
// system call to discover the appropriate value is not thread-safe,
@@ -789,29 +785,6 @@ nsSystemInfo::Init()
}
#endif
#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
SandboxInfo sandInfo = SandboxInfo::Get();
SetPropertyAsBool(NS_LITERAL_STRING("hasSeccompBPF"),
sandInfo.Test(SandboxInfo::kHasSeccompBPF));
SetPropertyAsBool(NS_LITERAL_STRING("hasSeccompTSync"),
sandInfo.Test(SandboxInfo::kHasSeccompTSync));
SetPropertyAsBool(NS_LITERAL_STRING("hasUserNamespaces"),
sandInfo.Test(SandboxInfo::kHasUserNamespaces));
SetPropertyAsBool(NS_LITERAL_STRING("hasPrivilegedUserNamespaces"),
sandInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces));
if (sandInfo.Test(SandboxInfo::kEnabledForContent)) {
SetPropertyAsBool(NS_LITERAL_STRING("canSandboxContent"),
sandInfo.CanSandboxContent());
}
if (sandInfo.Test(SandboxInfo::kEnabledForMedia)) {
SetPropertyAsBool(NS_LITERAL_STRING("canSandboxMedia"),
sandInfo.CanSandboxMedia());
}
#endif // XP_LINUX && MOZ_SANDBOX
return NS_OK;
}
xpcom/build/XREChildData.h
-19
View File
@@ -9,14 +9,6 @@
#include "mozilla/UniquePtr.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "mozilla/sandboxing/loggingTypes.h"
namespace sandbox {
class TargetServices;
}
#endif
namespace mozilla {
namespace gmp {
class GMPLoader;
@@ -35,17 +27,6 @@ struct XREChildData
mozilla::UniquePtr<mozilla::gmp::GMPLoader> gmpLoader;
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
/**
* Chromium sandbox TargetServices.
*/
sandbox::TargetServices* sandboxTargetServices = nullptr;
/**
* Function to provide a logging function to the chromium sandbox code.
*/
mozilla::sandboxing::ProvideLogFunctionCb ProvideLogFunction = nullptr;
#endif
};
#endif // XREChildData_h
xpcom/build/XREShellData.h
-12
View File
@@ -7,23 +7,11 @@
#ifndef XREShellData_h
#define XREShellData_h
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
namespace sandbox {
class BrokerServices;
}
#endif
/**
* Data needed by XRE_XPCShellMain.
*/
struct XREShellData
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
/**
* Chromium sandbox BrokerServices.
*/
sandbox::BrokerServices* sandboxBrokerServices;
#endif
};
#endif // XREShellData_h
xpcom/build/nsXREAppData.h
-13
View File
@@ -12,12 +12,6 @@
class nsIFile;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
namespace sandbox {
class BrokerServices;
}
#endif
/**
* Application-specific data needed to start the apprunner.
*
@@ -134,13 +128,6 @@ struct nsXREAppData
* The application name to use in the User Agent string.
*/
const char* UAName;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
/**
* Chromium sandbox BrokerServices.
*/
sandbox::BrokerServices* sandboxBrokerServices;
#endif
};
/**
xpcom/glue/AppData.cpp
-4
View File
@@ -65,10 +65,6 @@ ScopedAppData::ScopedAppData(const nsXREAppData* aAppData)
if (aAppData->size > offsetof(nsXREAppData, UAName)) {
SetAllocatedString(this->UAName, aAppData->UAName);
}
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
sandboxBrokerServices = aAppData->sandboxBrokerServices;
#endif
}
ScopedAppData::~ScopedAppData()