summaryrefslogtreecommitdiffstats
path: root/browser/app
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-05-03 01:24:31 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-05-03 01:24:31 +0200
commit4613b91ecac2745252c40be64e73de5ff920b02b (patch)
tree26b0aa50bb4d580b156ab2eb9825707a17f51e99 /browser/app
parente1490c07e29f5e4715f73088b7ca7aab4ada90a6 (diff)
downloadUXP-4613b91ecac2745252c40be64e73de5ff920b02b.tar
UXP-4613b91ecac2745252c40be64e73de5ff920b02b.tar.gz
UXP-4613b91ecac2745252c40be64e73de5ff920b02b.tar.lz
UXP-4613b91ecac2745252c40be64e73de5ff920b02b.tar.xz
UXP-4613b91ecac2745252c40be64e73de5ff920b02b.zip
Remove sandbox ductwork conditional code.
Diffstat (limited to 'browser/app')
-rw-r--r--browser/app/moz.build16
-rw-r--r--browser/app/nsBrowserApp.cpp26
-rw-r--r--browser/app/profile/firefox.js26
3 files changed, 1 insertions, 67 deletions
diff --git a/browser/app/moz.build b/browser/app/moz.build
index 520ce4425..1004e280c 100644
--- a/browser/app/moz.build
+++ b/browser/app/moz.build
@@ -48,22 +48,6 @@ if CONFIG['OS_ARCH'] == 'WINNT':
for cdm in CONFIG['MOZ_EME_MODULES']:
DEFINES['MOZ_%s_EME' % cdm.upper()] = True
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
- # For sandbox includes and the include dependencies those have
- LOCAL_INCLUDES += [
- '/security/sandbox/chromium',
- '/security/sandbox/chromium-shim',
- ]
-
- USE_LIBS += [
- 'sandbox_s',
- ]
-
- DELAYLOAD_DLLS += [
- 'winmm.dll',
- 'user32.dll',
- ]
-
# Control the default heap size.
# This is the heap returned by GetProcessHeap().
# As we use the CRT heap, the default size is too large and wastes VM.
diff --git a/browser/app/nsBrowserApp.cpp b/browser/app/nsBrowserApp.cpp
index bae1d4bb7..193de46cf 100644
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -26,9 +26,6 @@
#ifdef XP_WIN
#define XRE_WANT_ENVIRON
#define strcasecmp _stricmp
-#ifdef MOZ_SANDBOX
-#include "mozilla/sandboxing/SandboxInitialization.h"
-#endif
#endif
#include "BinaryPath.h"
@@ -38,8 +35,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/WindowsDllBlocklist.h"
-#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \
- && !(defined(XP_LINUX) && defined(MOZ_SANDBOX))
+#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID)
#define MOZ_BROWSER_CAN_BE_CONTENTPROC
#include "../../ipc/contentproc/plugin-container.cpp"
#endif
@@ -202,11 +198,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
}
XREShellData shellData;
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- shellData.sandboxBrokerServices =
- sandboxing::GetInitializedBrokerServices();
-#endif
-
return XRE_XPCShellMain(--argc, argv, envp, &shellData);
}
@@ -257,12 +248,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0;
#endif
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- sandbox::BrokerServices* brokerServices =
- sandboxing::GetInitializedBrokerServices();
- appData.sandboxBrokerServices = brokerServices;
-#endif
-
#ifdef LIBFUZZER
if (getenv("LIBFUZZER"))
XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main);
@@ -364,15 +349,6 @@ int main(int argc, char* argv[], char* envp[])
// We are launching as a content process, delegate to the appropriate
// main
if (argc > 1 && IsArg(argv[1], "contentproc")) {
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- // We need to initialize the sandbox TargetServices before InitXPCOMGlue
- // because we might need the sandbox broker to give access to some files.
- if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) {
- Output("Failed to initialize the sandbox target services.");
- return 255;
- }
-#endif
-
nsresult rv = InitXPCOMGlue(argv[0], nullptr);
if (NS_FAILED(rv)) {
return 255;
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index e80f57fe4..c021da616 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -921,32 +921,6 @@ pref("dom.ipc.shims.enabledWarnings", false);
pref("browser.tabs.remote.autostart", false);
pref("browser.tabs.remote.desktopbehavior", true);
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-// When this pref is true the Windows process sandbox will set up dummy
-// interceptions and log to the browser console when calls fail in the sandboxed
-// process and also if they are subsequently allowed by the broker process.
-// This will require a restart.
-pref("security.sandbox.windows.log", false);
-
-// Controls whether and how the Windows NPAPI plugin process is sandboxed.
-// To get a different setting for a particular plugin replace "default", with
-// the plugin's nice file name, see: nsPluginTag::GetNiceFileName.
-// On windows these levels are:
-// 0 - no sandbox
-// 1 - sandbox with USER_NON_ADMIN access token level
-// 2 - a more strict sandbox, which might cause functionality issues. This now
-// includes running at low integrity.
-// 3 - the strongest settings we seem to be able to use without breaking
-// everything, but will probably cause some functionality restrictions
-pref("dom.ipc.plugins.sandbox-level.default", 0);
-#if defined(_AMD64_)
-// The lines in PluginModuleParent.cpp should be changed in line with this.
-pref("dom.ipc.plugins.sandbox-level.flash", 2);
-#else
-pref("dom.ipc.plugins.sandbox-level.flash", 0);
-#endif
-#endif
-
// This pref governs whether we attempt to work around problems caused by
// plugins using OS calls to manipulate the cursor while running out-of-
// process. These workarounds all involve intercepting (hooking) certain