diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-05-04 09:09:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-04 09:09:10 +0200 |
commit | 4a2aeb152e48c44efa57c140660e99792f4dd350 (patch) | |
tree | 7b786de2b175122814a53232268b1147a8bd0bfb /browser/app | |
parent | 20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff) | |
parent | f265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff) | |
download | UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip |
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'browser/app')
-rw-r--r-- | browser/app/moz.build | 16 | ||||
-rw-r--r-- | browser/app/nsBrowserApp.cpp | 35 | ||||
-rw-r--r-- | browser/app/profile/firefox.js | 94 |
3 files changed, 2 insertions, 143 deletions
diff --git a/browser/app/moz.build b/browser/app/moz.build index 520ce4425..1004e280c 100644 --- a/browser/app/moz.build +++ b/browser/app/moz.build @@ -48,22 +48,6 @@ if CONFIG['OS_ARCH'] == 'WINNT': for cdm in CONFIG['MOZ_EME_MODULES']: DEFINES['MOZ_%s_EME' % cdm.upper()] = True -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - # For sandbox includes and the include dependencies those have - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - - USE_LIBS += [ - 'sandbox_s', - ] - - DELAYLOAD_DLLS += [ - 'winmm.dll', - 'user32.dll', - ] - # Control the default heap size. # This is the heap returned by GetProcessHeap(). # As we use the CRT heap, the default size is too large and wastes VM. diff --git a/browser/app/nsBrowserApp.cpp b/browser/app/nsBrowserApp.cpp index 184b1fc2e..66ea8aed5 100644 --- a/browser/app/nsBrowserApp.cpp +++ b/browser/app/nsBrowserApp.cpp @@ -26,9 +26,6 @@ #ifdef XP_WIN #define XRE_WANT_ENVIRON #define strcasecmp _stricmp -#ifdef MOZ_SANDBOX -#include "mozilla/sandboxing/SandboxInitialization.h" -#endif #endif #include "BinaryPath.h" @@ -38,8 +35,7 @@ #include "mozilla/Telemetry.h" #include "mozilla/WindowsDllBlocklist.h" -#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \ - && !(defined(XP_LINUX) && defined(MOZ_SANDBOX)) +#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) #define MOZ_BROWSER_CAN_BE_CONTENTPROC #include "../../ipc/contentproc/plugin-container.cpp" #endif @@ -201,13 +197,7 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory) argv[i] = argv[i + 1]; } - XREShellData shellData; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - shellData.sandboxBrokerServices = - sandboxing::GetInitializedBrokerServices(); -#endif - - return XRE_XPCShellMain(--argc, argv, envp, &shellData); + return XRE_XPCShellMain(--argc, argv, envp); } if (appini) { @@ -257,18 +247,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory) DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0; #endif -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - sandbox::BrokerServices* brokerServices = - sandboxing::GetInitializedBrokerServices(); -#if defined(MOZ_CONTENT_SANDBOX) - if (!brokerServices) { - Output("Couldn't initialize the broker services.\n"); - return 255; - } -#endif - appData.sandboxBrokerServices = brokerServices; -#endif - #ifdef LIBFUZZER if (getenv("LIBFUZZER")) XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main); @@ -370,15 +348,6 @@ int main(int argc, char* argv[], char* envp[]) // We are launching as a content process, delegate to the appropriate // main if (argc > 1 && IsArg(argv[1], "contentproc")) { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - // We need to initialize the sandbox TargetServices before InitXPCOMGlue - // because we might need the sandbox broker to give access to some files. - if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) { - Output("Failed to initialize the sandbox target services."); - return 255; - } -#endif - nsresult rv = InitXPCOMGlue(argv[0], nullptr); if (NS_FAILED(rv)) { return 255; diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index 5637d1797..c021da616 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -921,100 +921,6 @@ pref("dom.ipc.shims.enabledWarnings", false); pref("browser.tabs.remote.autostart", false); pref("browser.tabs.remote.desktopbehavior", true); -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -// When this pref is true the Windows process sandbox will set up dummy -// interceptions and log to the browser console when calls fail in the sandboxed -// process and also if they are subsequently allowed by the broker process. -// This will require a restart. -pref("security.sandbox.windows.log", false); - -// Controls whether and how the Windows NPAPI plugin process is sandboxed. -// To get a different setting for a particular plugin replace "default", with -// the plugin's nice file name, see: nsPluginTag::GetNiceFileName. -// On windows these levels are: -// 0 - no sandbox -// 1 - sandbox with USER_NON_ADMIN access token level -// 2 - a more strict sandbox, which might cause functionality issues. This now -// includes running at low integrity. -// 3 - the strongest settings we seem to be able to use without breaking -// everything, but will probably cause some functionality restrictions -pref("dom.ipc.plugins.sandbox-level.default", 0); -#if defined(_AMD64_) -// The lines in PluginModuleParent.cpp should be changed in line with this. -pref("dom.ipc.plugins.sandbox-level.flash", 2); -#else -pref("dom.ipc.plugins.sandbox-level.flash", 0); -#endif - -#if defined(MOZ_CONTENT_SANDBOX) -// This controls the strength of the Windows content process sandbox for testing -// purposes. This will require a restart. -// On windows these levels are: -// See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp -// SetSecurityLevelForContentProcess() for what the different settings mean. -#if defined(NIGHTLY_BUILD) -pref("security.sandbox.content.level", 2); -#else -pref("security.sandbox.content.level", 1); -#endif - -// This controls the depth of stack trace that is logged when Windows sandbox -// logging is turned on. This is only currently available for the content -// process because the only other sandbox (for GMP) has too strict a policy to -// allow stack tracing. This does not require a restart to take effect. -pref("security.sandbox.windows.log.stackTraceDepth", 0); -#endif -#endif - -#if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX) -// This pref is discussed in bug 1083344, the naming is inspired from its -// Windows counterpart, but on Mac it's an integer which means: -// 0 -> "no sandbox" -// 1 -> "preliminary content sandboxing enabled: write access to -// home directory is prevented" -// 2 -> "preliminary content sandboxing enabled with profile protection: -// write access to home directory is prevented, read and write access -// to ~/Library and profile directories are prevented (excluding -// $PROFILE/{extensions,weave})" -// This setting is read when the content process is started. On Mac the content -// process is killed when all windows are closed, so a change will take effect -// when the 1st window is opened. -#if defined(NIGHTLY_BUILD) -pref("security.sandbox.content.level", 2); -#else -pref("security.sandbox.content.level", 1); -#endif -#endif - -#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX) -// This pref is introduced as part of bug 742434, the naming is inspired from -// its Windows/Mac counterpart, but on Linux it's an integer which means: -// 0 -> "no sandbox" -// 1 -> "content sandbox using seccomp-bpf when available" -// 2 -> "seccomp-bpf + file broker" -// Content sandboxing on Linux is currently in the stage of -// 'just getting it enabled', which includes a very permissive whitelist. We -// enable seccomp-bpf on nightly to see if everything is running, or if we need -// to whitelist more system calls. -// -// So the purpose of this setting is to allow nightly users to disable the -// sandbox while we fix their problems. This way, they won't have to wait for -// another nightly release which disables seccomp-bpf again. -// -// This setting may not be required anymore once we decide to permanently -// enable the content sandbox. -pref("security.sandbox.content.level", 2); -#endif - -#if defined(XP_MACOSX) || defined(XP_WIN) -#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX) -// ID (a UUID when set by gecko) that is used to form the name of a -// sandbox-writable temporary directory to be used by content processes -// when a temporary writable file is required in a level 1 sandbox. -pref("security.sandbox.content.tempDirSuffix", ""); -#endif -#endif - // This pref governs whether we attempt to work around problems caused by // plugins using OS calls to manipulate the cursor while running out-of- // process. These workarounds all involve intercepting (hooking) certain |