summaryrefslogtreecommitdiffstats
path: root/browser
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-05-04 09:09:10 +0200
committerGitHub <noreply@github.com>2018-05-04 09:09:10 +0200
commit4a2aeb152e48c44efa57c140660e99792f4dd350 (patch)
tree7b786de2b175122814a53232268b1147a8bd0bfb /browser
parent20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff)
parentf265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff)
downloadUXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'browser')
-rw-r--r--browser/app/moz.build16
-rw-r--r--browser/app/nsBrowserApp.cpp35
-rw-r--r--browser/app/profile/firefox.js94
-rw-r--r--browser/installer/package-manifest.in15
4 files changed, 2 insertions, 158 deletions
diff --git a/browser/app/moz.build b/browser/app/moz.build
index 520ce4425..1004e280c 100644
--- a/browser/app/moz.build
+++ b/browser/app/moz.build
@@ -48,22 +48,6 @@ if CONFIG['OS_ARCH'] == 'WINNT':
for cdm in CONFIG['MOZ_EME_MODULES']:
DEFINES['MOZ_%s_EME' % cdm.upper()] = True
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
- # For sandbox includes and the include dependencies those have
- LOCAL_INCLUDES += [
- '/security/sandbox/chromium',
- '/security/sandbox/chromium-shim',
- ]
-
- USE_LIBS += [
- 'sandbox_s',
- ]
-
- DELAYLOAD_DLLS += [
- 'winmm.dll',
- 'user32.dll',
- ]
-
# Control the default heap size.
# This is the heap returned by GetProcessHeap().
# As we use the CRT heap, the default size is too large and wastes VM.
diff --git a/browser/app/nsBrowserApp.cpp b/browser/app/nsBrowserApp.cpp
index 184b1fc2e..66ea8aed5 100644
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -26,9 +26,6 @@
#ifdef XP_WIN
#define XRE_WANT_ENVIRON
#define strcasecmp _stricmp
-#ifdef MOZ_SANDBOX
-#include "mozilla/sandboxing/SandboxInitialization.h"
-#endif
#endif
#include "BinaryPath.h"
@@ -38,8 +35,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/WindowsDllBlocklist.h"
-#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \
- && !(defined(XP_LINUX) && defined(MOZ_SANDBOX))
+#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID)
#define MOZ_BROWSER_CAN_BE_CONTENTPROC
#include "../../ipc/contentproc/plugin-container.cpp"
#endif
@@ -201,13 +197,7 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
argv[i] = argv[i + 1];
}
- XREShellData shellData;
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- shellData.sandboxBrokerServices =
- sandboxing::GetInitializedBrokerServices();
-#endif
-
- return XRE_XPCShellMain(--argc, argv, envp, &shellData);
+ return XRE_XPCShellMain(--argc, argv, envp);
}
if (appini) {
@@ -257,18 +247,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0;
#endif
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- sandbox::BrokerServices* brokerServices =
- sandboxing::GetInitializedBrokerServices();
-#if defined(MOZ_CONTENT_SANDBOX)
- if (!brokerServices) {
- Output("Couldn't initialize the broker services.\n");
- return 255;
- }
-#endif
- appData.sandboxBrokerServices = brokerServices;
-#endif
-
#ifdef LIBFUZZER
if (getenv("LIBFUZZER"))
XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main);
@@ -370,15 +348,6 @@ int main(int argc, char* argv[], char* envp[])
// We are launching as a content process, delegate to the appropriate
// main
if (argc > 1 && IsArg(argv[1], "contentproc")) {
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- // We need to initialize the sandbox TargetServices before InitXPCOMGlue
- // because we might need the sandbox broker to give access to some files.
- if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) {
- Output("Failed to initialize the sandbox target services.");
- return 255;
- }
-#endif
-
nsresult rv = InitXPCOMGlue(argv[0], nullptr);
if (NS_FAILED(rv)) {
return 255;
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 5637d1797..c021da616 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -921,100 +921,6 @@ pref("dom.ipc.shims.enabledWarnings", false);
pref("browser.tabs.remote.autostart", false);
pref("browser.tabs.remote.desktopbehavior", true);
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-// When this pref is true the Windows process sandbox will set up dummy
-// interceptions and log to the browser console when calls fail in the sandboxed
-// process and also if they are subsequently allowed by the broker process.
-// This will require a restart.
-pref("security.sandbox.windows.log", false);
-
-// Controls whether and how the Windows NPAPI plugin process is sandboxed.
-// To get a different setting for a particular plugin replace "default", with
-// the plugin's nice file name, see: nsPluginTag::GetNiceFileName.
-// On windows these levels are:
-// 0 - no sandbox
-// 1 - sandbox with USER_NON_ADMIN access token level
-// 2 - a more strict sandbox, which might cause functionality issues. This now
-// includes running at low integrity.
-// 3 - the strongest settings we seem to be able to use without breaking
-// everything, but will probably cause some functionality restrictions
-pref("dom.ipc.plugins.sandbox-level.default", 0);
-#if defined(_AMD64_)
-// The lines in PluginModuleParent.cpp should be changed in line with this.
-pref("dom.ipc.plugins.sandbox-level.flash", 2);
-#else
-pref("dom.ipc.plugins.sandbox-level.flash", 0);
-#endif
-
-#if defined(MOZ_CONTENT_SANDBOX)
-// This controls the strength of the Windows content process sandbox for testing
-// purposes. This will require a restart.
-// On windows these levels are:
-// See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
-// SetSecurityLevelForContentProcess() for what the different settings mean.
-#if defined(NIGHTLY_BUILD)
-pref("security.sandbox.content.level", 2);
-#else
-pref("security.sandbox.content.level", 1);
-#endif
-
-// This controls the depth of stack trace that is logged when Windows sandbox
-// logging is turned on. This is only currently available for the content
-// process because the only other sandbox (for GMP) has too strict a policy to
-// allow stack tracing. This does not require a restart to take effect.
-pref("security.sandbox.windows.log.stackTraceDepth", 0);
-#endif
-#endif
-
-#if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
-// This pref is discussed in bug 1083344, the naming is inspired from its
-// Windows counterpart, but on Mac it's an integer which means:
-// 0 -> "no sandbox"
-// 1 -> "preliminary content sandboxing enabled: write access to
-// home directory is prevented"
-// 2 -> "preliminary content sandboxing enabled with profile protection:
-// write access to home directory is prevented, read and write access
-// to ~/Library and profile directories are prevented (excluding
-// $PROFILE/{extensions,weave})"
-// This setting is read when the content process is started. On Mac the content
-// process is killed when all windows are closed, so a change will take effect
-// when the 1st window is opened.
-#if defined(NIGHTLY_BUILD)
-pref("security.sandbox.content.level", 2);
-#else
-pref("security.sandbox.content.level", 1);
-#endif
-#endif
-
-#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
-// This pref is introduced as part of bug 742434, the naming is inspired from
-// its Windows/Mac counterpart, but on Linux it's an integer which means:
-// 0 -> "no sandbox"
-// 1 -> "content sandbox using seccomp-bpf when available"
-// 2 -> "seccomp-bpf + file broker"
-// Content sandboxing on Linux is currently in the stage of
-// 'just getting it enabled', which includes a very permissive whitelist. We
-// enable seccomp-bpf on nightly to see if everything is running, or if we need
-// to whitelist more system calls.
-//
-// So the purpose of this setting is to allow nightly users to disable the
-// sandbox while we fix their problems. This way, they won't have to wait for
-// another nightly release which disables seccomp-bpf again.
-//
-// This setting may not be required anymore once we decide to permanently
-// enable the content sandbox.
-pref("security.sandbox.content.level", 2);
-#endif
-
-#if defined(XP_MACOSX) || defined(XP_WIN)
-#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
-// ID (a UUID when set by gecko) that is used to form the name of a
-// sandbox-writable temporary directory to be used by content processes
-// when a temporary writable file is required in a level 1 sandbox.
-pref("security.sandbox.content.tempDirSuffix", "");
-#endif
-#endif
-
// This pref governs whether we attempt to work around problems caused by
// plugins using OS calls to manipulate the cursor while running out-of-
// process. These workarounds all involve intercepting (hooking) certain
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
index 5540feed9..8032060a4 100644
--- a/browser/installer/package-manifest.in
+++ b/browser/installer/package-manifest.in
@@ -740,21 +740,6 @@
@RESPATH@/components/pipnss.xpt
@RESPATH@/components/pippki.xpt
-; For process sandboxing
-#if defined(MOZ_SANDBOX)
-#if defined(XP_WIN)
-#if defined(WOW_HELPER)
-@BINPATH@/wow_helper.exe
-#endif
-#endif
-#endif
-
-#if defined(MOZ_SANDBOX)
-#if defined(XP_LINUX)
-@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@
-#endif
-#endif
-
; for Solaris SPARC
#ifdef SOLARIS
bin/libfreebl_32fpu_3.so