diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-05-04 09:09:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-04 09:09:10 +0200 |
commit | 4a2aeb152e48c44efa57c140660e99792f4dd350 (patch) | |
tree | 7b786de2b175122814a53232268b1147a8bd0bfb /dom | |
parent | 20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff) | |
parent | f265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff) | |
download | UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip |
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'dom')
-rw-r--r-- | dom/ipc/ContentChild.cpp | 196 | ||||
-rw-r--r-- | dom/ipc/ContentChild.h | 21 | ||||
-rw-r--r-- | dom/ipc/ContentParent.cpp | 60 | ||||
-rw-r--r-- | dom/ipc/ContentParent.h | 11 | ||||
-rw-r--r-- | dom/ipc/ContentProcess.cpp | 113 | ||||
-rw-r--r-- | dom/ipc/ContentProcess.h | 8 | ||||
-rw-r--r-- | dom/ipc/moz.build | 11 | ||||
-rw-r--r-- | dom/media/gmp/GMPChild.cpp | 131 | ||||
-rw-r--r-- | dom/media/gmp/GMPChild.h | 4 | ||||
-rw-r--r-- | dom/media/gmp/GMPLoader.cpp | 13 | ||||
-rw-r--r-- | dom/media/gmp/GMPLoader.h | 17 | ||||
-rw-r--r-- | dom/media/gmp/GMPParent.cpp | 11 | ||||
-rw-r--r-- | dom/media/gmp/GMPProcessParent.cpp | 34 | ||||
-rw-r--r-- | dom/media/gmp/GMPService.cpp | 11 | ||||
-rw-r--r-- | dom/media/gmp/GMPServiceParent.cpp | 12 | ||||
-rw-r--r-- | dom/media/gmp/rlz/GMPDeviceBinding.cpp | 8 | ||||
-rw-r--r-- | dom/media/gmp/rlz/moz.build | 7 | ||||
-rw-r--r-- | dom/plugins/base/nsPluginTags.cpp | 25 | ||||
-rw-r--r-- | dom/plugins/base/nsPluginTags.h | 1 | ||||
-rw-r--r-- | dom/plugins/ipc/PluginProcessChild.cpp | 10 | ||||
-rw-r--r-- | dom/plugins/ipc/PluginProcessParent.cpp | 85 | ||||
-rw-r--r-- | dom/plugins/ipc/moz.build | 6 |
22 files changed, 0 insertions, 795 deletions
diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp index 75678ca96..d7068c6c3 100644 --- a/dom/ipc/ContentChild.cpp +++ b/dom/ipc/ContentChild.cpp @@ -65,21 +65,6 @@ #include "imgLoader.h" #include "GMPServiceChild.h" -#if defined(MOZ_CONTENT_SANDBOX) -#if defined(XP_WIN) -#define TARGET_SANDBOX_EXPORTS -#include "mozilla/sandboxTarget.h" -#elif defined(XP_LINUX) -#include "mozilla/Sandbox.h" -#include "mozilla/SandboxInfo.h" - -// Remove this include with Bug 1104619 -#include "CubebUtils.h" -#elif defined(XP_MACOSX) -#include "mozilla/Sandbox.h" -#endif -#endif - #include "mozilla/Unused.h" #include "mozInlineSpellChecker.h" @@ -1250,192 +1235,11 @@ ContentChild::AllocPProcessHangMonitorChild(Transport* aTransport, return CreateHangMonitorChild(aTransport, aOtherProcess); } -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - -#include <stdlib.h> - -static bool -GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir) -{ - nsAutoCString appPath; - nsAutoCString appBinaryPath( - (CommandLine::ForCurrentProcess()->argv()[0]).c_str()); - - nsAutoCString::const_iterator start, end; - appBinaryPath.BeginReading(start); - appBinaryPath.EndReading(end); - if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) { - end = start; - ++end; ++end; ++end; ++end; - appBinaryPath.BeginReading(start); - appPath.Assign(Substring(start, end)); - } else { - return false; - } - - nsCOMPtr<nsIFile> app, appBinary; - nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath), - true, getter_AddRefs(app)); - if (NS_FAILED(rv)) { - return false; - } - rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath), - true, getter_AddRefs(appBinary)); - if (NS_FAILED(rv)) { - return false; - } - - nsCOMPtr<nsIFile> appDir; - nsCOMPtr<nsIProperties> dirSvc = - do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID); - if (!dirSvc) { - return false; - } - rv = dirSvc->Get(NS_XPCOM_CURRENT_PROCESS_DIR, - NS_GET_IID(nsIFile), getter_AddRefs(appDir)); - if (NS_FAILED(rv)) { - return false; - } - bool exists; - rv = appDir->Exists(&exists); - if (NS_FAILED(rv) || !exists) { - return false; - } - - bool isLink; - app->IsSymlink(&isLink); - if (isLink) { - app->GetNativeTarget(aAppPath); - } else { - app->GetNativePath(aAppPath); - } - appBinary->IsSymlink(&isLink); - if (isLink) { - appBinary->GetNativeTarget(aAppBinaryPath); - } else { - appBinary->GetNativePath(aAppBinaryPath); - } - appDir->IsSymlink(&isLink); - if (isLink) { - appDir->GetNativeTarget(aAppDir); - } else { - appDir->GetNativePath(aAppDir); - } - - return true; -} - -static bool -StartMacOSContentSandbox() -{ - int sandboxLevel = Preferences::GetInt("security.sandbox.content.level"); - if (sandboxLevel < 1) { - return false; - } - - nsAutoCString appPath, appBinaryPath, appDir; - if (!GetAppPaths(appPath, appBinaryPath, appDir)) { - MOZ_CRASH("Error resolving child process path"); - } - - // During sandboxed content process startup, before reaching - // this point, NS_OS_TEMP_DIR is modified to refer to a sandbox- - // writable temporary directory - nsCOMPtr<nsIFile> tempDir; - nsresult rv = nsDirectoryService::gService->Get(NS_OS_TEMP_DIR, - NS_GET_IID(nsIFile), getter_AddRefs(tempDir)); - if (NS_FAILED(rv)) { - MOZ_CRASH("Failed to get NS_OS_TEMP_DIR"); - } - - nsAutoCString tempDirPath; - tempDir->Normalize(); - rv = tempDir->GetNativePath(tempDirPath); - if (NS_FAILED(rv)) { - MOZ_CRASH("Failed to get NS_OS_TEMP_DIR path"); - } - - nsCOMPtr<nsIFile> profileDir; - ContentChild::GetSingleton()->GetProfileDir(getter_AddRefs(profileDir)); - nsCString profileDirPath; - if (profileDir) { - rv = profileDir->GetNativePath(profileDirPath); - if (NS_FAILED(rv) || profileDirPath.IsEmpty()) { - MOZ_CRASH("Failed to get profile path"); - } - } - - MacSandboxInfo info; - info.type = MacSandboxType_Content; - info.level = info.level = sandboxLevel; - info.appPath.assign(appPath.get()); - info.appBinaryPath.assign(appBinaryPath.get()); - info.appDir.assign(appDir.get()); - info.appTempDir.assign(tempDirPath.get()); - - if (profileDir) { - info.hasSandboxedProfile = true; - info.profileDir.assign(profileDirPath.get()); - } else { - info.hasSandboxedProfile = false; - } - - std::string err; - if (!mozilla::StartMacSandbox(info, err)) { - NS_WARNING(err.c_str()); - MOZ_CRASH("sandbox_init() failed"); - } - - return true; -} -#endif - bool ContentChild::RecvSetProcessSandbox(const MaybeFileDesc& aBroker) { // We may want to move the sandbox initialization somewhere else // at some point; see bug 880808. -#if defined(MOZ_CONTENT_SANDBOX) - bool sandboxEnabled = true; -#if defined(XP_LINUX) -#if defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19 - // For B2G >= KitKat, sandboxing is mandatory; this has already - // been enforced by ContentParent::StartUp(). - MOZ_ASSERT(SandboxInfo::Get().CanSandboxContent()); -#else - // Otherwise, sandboxing is best-effort. - if (!SandboxInfo::Get().CanSandboxContent()) { - sandboxEnabled = false; - } else { - // This triggers the initialization of cubeb, which needs to happen - // before seccomp is enabled (Bug 1259508). It also increases the startup - // time of the content process, because cubeb is usually initialized - // when it is actually needed. This call here is no longer required - // once Bug 1104619 (remoting audio) is resolved. - Unused << CubebUtils::GetCubebContext(); - } - -#endif /* MOZ_WIDGET_GONK && ANDROID_VERSION >= 19 */ - if (sandboxEnabled) { - int brokerFd = -1; - if (aBroker.type() == MaybeFileDesc::TFileDescriptor) { - auto fd = aBroker.get_FileDescriptor().ClonePlatformHandle(); - brokerFd = fd.release(); - // brokerFd < 0 means to allow direct filesystem access, so - // make absolutely sure that doesn't happen if the parent - // didn't intend it. - MOZ_RELEASE_ASSERT(brokerFd >= 0); - } - sandboxEnabled = SetContentProcessSandbox(brokerFd); - } -#elif defined(XP_WIN) - mozilla::SandboxTarget::Instance()->StartSandbox(); -#elif defined(XP_MACOSX) - sandboxEnabled = StartMacOSContentSandbox(); -#endif - -#endif /* MOZ_CONTENT_SANDBOX */ - return true; } diff --git a/dom/ipc/ContentChild.h b/dom/ipc/ContentChild.h index cb718aff9..c78f951f0 100644 --- a/dom/ipc/ContentChild.h +++ b/dom/ipc/ContentChild.h @@ -21,10 +21,6 @@ #include "nsWeakPtr.h" #include "nsIWindowProvider.h" -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) -#include "nsIFile.h" -#endif - struct ChromePackage; class nsIObserver; struct SubstitutionMapping; @@ -118,19 +114,6 @@ public: void GetProcessName(nsACString& aName) const; -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - void GetProfileDir(nsIFile** aProfileDir) const - { - *aProfileDir = mProfileDir; - NS_IF_ADDREF(*aProfileDir); - } - - void SetProfileDir(nsIFile* aProfileDir) - { - mProfileDir = aProfileDir; - } -#endif - bool IsAlive() const; bool IsShuttingDown() const; @@ -679,10 +662,6 @@ private: nsCOMPtr<nsIDomainPolicy> mPolicy; nsCOMPtr<nsITimer> mForceKillTimer; -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - nsCOMPtr<nsIFile> mProfileDir; -#endif - // Hashtable to keep track of the pending GetFilesHelper objects. // This GetFilesHelperChild objects are removed when RecvGetFilesResponse is // received. diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp index 286f1d851..ee0f8090a 100644 --- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -230,12 +230,6 @@ using namespace mozilla::system; #include "mozilla/dom/SpeechSynthesisParent.h" #endif -#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX) -#include "mozilla/SandboxInfo.h" -#include "mozilla/SandboxBroker.h" -#include "mozilla/SandboxBrokerPolicyFactory.h" -#endif - #ifdef MOZ_TOOLKIT_SEARCH #include "nsIBrowserSearchService.h" #endif @@ -503,9 +497,6 @@ nsTArray<ContentParent*>* ContentParent::sNonAppContentParents; nsTArray<ContentParent*>* ContentParent::sLargeAllocationContentParents; nsTArray<ContentParent*>* ContentParent::sPrivateContent; StaticAutoPtr<LinkedList<ContentParent> > ContentParent::sContentParents; -#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX) -UniquePtr<SandboxBrokerPolicyFactory> ContentParent::sSandboxBrokerPolicyFactory; -#endif // This is true when subprocess launching is enabled. This is the // case between StartUp() and ShutDown() or JoinAllSubprocesses(). @@ -637,18 +628,6 @@ ContentParent::StartUp() return; } -#if defined(MOZ_CONTENT_SANDBOX) && defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19 - // Require sandboxing on B2G >= KitKat. This condition must stay - // in sync with ContentChild::RecvSetProcessSandbox. - if (!SandboxInfo::Get().CanSandboxContent()) { - // MOZ_CRASH strings are only for debug builds; make sure the - // message is clear on non-debug builds as well: - printf_stderr("Sandboxing support is required on this platform. " - "Recompile kernel with CONFIG_SECCOMP_FILTER=y\n"); - MOZ_CRASH("Sandboxing support is required on this platform."); - } -#endif - // Note: This reporter measures all ContentParents. RegisterStrongMemoryReporter(new ContentParentsMemoryReporter()); @@ -662,10 +641,6 @@ ContentParent::StartUp() PreallocatedProcessManager::AllocateAfterDelay(); sDisableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS"); - -#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX) - sSandboxBrokerPolicyFactory = MakeUnique<SandboxBrokerPolicyFactory>(); -#endif } /*static*/ void @@ -674,10 +649,6 @@ ContentParent::ShutDown() // No-op for now. We rely on normal process shutdown and // ClearOnShutdown() to clean up our state. sCanLaunchSubprocesses = false; - -#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX) - sSandboxBrokerPolicyFactory = nullptr; -#endif } /*static*/ void @@ -2244,37 +2215,6 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority, } } -#ifdef MOZ_CONTENT_SANDBOX - bool shouldSandbox = true; - MaybeFileDesc brokerFd = void_t(); -#ifdef XP_LINUX - // XXX: Checking the pref here makes it possible to enable/disable sandboxing - // during an active session. Currently the pref is only used for testing - // purpose. If the decision is made to permanently rely on the pref, this - // should be changed so that it is required to restart firefox for the change - // of value to take effect. - shouldSandbox = (Preferences::GetInt("security.sandbox.content.level") > 0) && - !PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX"); - - if (shouldSandbox) { - MOZ_ASSERT(!mSandboxBroker); - UniquePtr<SandboxBroker::Policy> policy = - sSandboxBrokerPolicyFactory->GetContentPolicy(Pid()); - if (policy) { - brokerFd = FileDescriptor(); - mSandboxBroker = SandboxBroker::Create(Move(policy), Pid(), brokerFd); - if (!mSandboxBroker) { - KillHard("SandboxBroker::Create failed"); - return; - } - MOZ_ASSERT(static_cast<const FileDescriptor&>(brokerFd).IsValid()); - } - } -#endif - if (shouldSandbox && !SendSetProcessSandbox(brokerFd)) { - KillHard("SandboxInitFailed"); - } -#endif #if defined(XP_WIN) // Send the info needed to join the browser process's audio session. nsID id; diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h index a3750de1a..3f74b10e1 100644 --- a/dom/ipc/ContentParent.h +++ b/dom/ipc/ContentParent.h @@ -46,11 +46,6 @@ class PRemoteSpellcheckEngineParent; class ProfileGatherer; #endif -#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX) -class SandboxBroker; -class SandboxBrokerPolicyFactory; -#endif - namespace embedding { class PrintingParent; } @@ -1152,12 +1147,6 @@ private: UniquePtr<gfx::DriverCrashGuard> mDriverCrashGuard; -#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX) - mozilla::UniquePtr<SandboxBroker> mSandboxBroker; - static mozilla::UniquePtr<SandboxBrokerPolicyFactory> - sSandboxBrokerPolicyFactory; -#endif - #ifdef NS_PRINTING RefPtr<embedding::PrintingParent> mPrintingParent; #endif diff --git a/dom/ipc/ContentProcess.cpp b/dom/ipc/ContentProcess.cpp index 2413d8808..986617f55 100644 --- a/dom/ipc/ContentProcess.cpp +++ b/dom/ipc/ContentProcess.cpp @@ -8,122 +8,17 @@ #include "ContentProcess.h" -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) -#include <stdlib.h> -#endif - -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) -#include "mozilla/Preferences.h" -#include "nsAppDirectoryServiceDefs.h" -#include "nsDirectoryService.h" -#include "nsDirectoryServiceDefs.h" -#endif - using mozilla::ipc::IOThreadChild; namespace mozilla { namespace dom { -#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX) -static bool -IsSandboxTempDirRequired() -{ - // On Windows, a sandbox-writable temp directory is only used - // when sandbox pref level >= 1. - return Preferences::GetInt("security.sandbox.content.level") >= 1; -} - -static void -SetTmpEnvironmentVariable(nsIFile* aValue) -{ - // Save the TMP environment variable so that is is picked up by GetTempPath(). - // Note that we specifically write to the TMP variable, as that is the first - // variable that is checked by GetTempPath() to determine its output. - nsAutoString fullTmpPath; - nsresult rv = aValue->GetPath(fullTmpPath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", fullTmpPath.get())); - // We also set TEMP in case there is naughty third-party code that is - // referencing the environment variable directly. - Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", fullTmpPath.get())); -} -#endif - -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) -static bool -IsSandboxTempDirRequired() -{ - // On OSX, use the sandbox-writable temp when the pref level >= 1. - return (Preferences::GetInt("security.sandbox.content.level") >= 1); -} - -static void -SetTmpEnvironmentVariable(nsIFile* aValue) -{ - nsAutoCString fullTmpPath; - nsresult rv = aValue->GetNativePath(fullTmpPath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - Unused << NS_WARN_IF(setenv("TMPDIR", fullTmpPath.get(), 1) != 0); -} -#endif - -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) -static void -SetUpSandboxEnvironment() -{ - MOZ_ASSERT(nsDirectoryService::gService, - "SetUpSandboxEnvironment relies on nsDirectoryService being initialized"); - - if (!IsSandboxTempDirRequired()) { - return; - } - - nsCOMPtr<nsIFile> sandboxedContentTemp; - nsresult rv = - nsDirectoryService::gService->Get(NS_APP_CONTENT_PROCESS_TEMP_DIR, - NS_GET_IID(nsIFile), - getter_AddRefs(sandboxedContentTemp)); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - // Change the gecko defined temp directory to our sandbox-writable one. - // Undefine returns a failure if the property is not already set. - Unused << nsDirectoryService::gService->Undefine(NS_OS_TEMP_DIR); - rv = nsDirectoryService::gService->Set(NS_OS_TEMP_DIR, sandboxedContentTemp); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - SetTmpEnvironmentVariable(sandboxedContentTemp); -} -#endif - void ContentProcess::SetAppDir(const nsACString& aPath) { mXREEmbed.SetAppDir(aPath); } -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) -void -ContentProcess::SetProfile(const nsACString& aProfile) -{ - bool flag; - nsresult rv = - XRE_GetFileFromPath(aProfile.BeginReading(), getter_AddRefs(mProfileDir)); - if (NS_FAILED(rv) || - NS_FAILED(mProfileDir->Exists(&flag)) || !flag) { - NS_WARNING("Invalid profile directory passed to content process."); - mProfileDir = nullptr; - } -} -#endif - bool ContentProcess::Init() { @@ -134,14 +29,6 @@ ContentProcess::Init() mContent.InitXPCOM(); mContent.InitGraphicsDeviceData(); -#if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - mContent.SetProfileDir(mProfileDir); -#endif - -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - SetUpSandboxEnvironment(); -#endif - return true; } diff --git a/dom/ipc/ContentProcess.h b/dom/ipc/ContentProcess.h index bf9968f8c..3950368bd 100644 --- a/dom/ipc/ContentProcess.h +++ b/dom/ipc/ContentProcess.h @@ -39,18 +39,10 @@ public: void SetAppDir(const nsACString& aPath); -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - void SetProfile(const nsACString& aProfile); -#endif - private: ContentChild mContent; mozilla::ipc::ScopedXREEmbed mXREEmbed; -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - nsCOMPtr<nsIFile> mProfileDir; -#endif - #if defined(XP_WIN) // This object initializes and configures COM. mozilla::mscom::MainThreadRuntime mCOMRuntime; diff --git a/dom/ipc/moz.build b/dom/ipc/moz.build index 71d193d44..1dbe1fedb 100644 --- a/dom/ipc/moz.build +++ b/dom/ipc/moz.build @@ -112,11 +112,6 @@ if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin': 'mozsandbox', ] -if CONFIG['MOZ_CONTENT_SANDBOX'] and CONFIG['OS_ARCH'] == 'Linux': - USE_LIBS += [ - 'mozsandbox', - ] - LOCAL_INCLUDES += [ '/caps', '/chrome', @@ -145,12 +140,6 @@ LOCAL_INCLUDES += [ '/xpcom/threads', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - if CONFIG['OS_ARCH'] != 'WINNT': LOCAL_INCLUDES += [ '/modules/libjar', diff --git a/dom/media/gmp/GMPChild.cpp b/dom/media/gmp/GMPChild.cpp index f8e75e299..f83a927ca 100644 --- a/dom/media/gmp/GMPChild.cpp +++ b/dom/media/gmp/GMPChild.cpp @@ -36,12 +36,6 @@ static const int MAX_VOUCHER_LENGTH = 500000; #include <unistd.h> // for _exit() #endif -#if defined(MOZ_GMP_SANDBOX) -#if defined(XP_MACOSX) -#include "mozilla/Sandbox.h" -#endif -#endif - namespace mozilla { #undef LOG @@ -131,7 +125,6 @@ GetPluginFile(const nsAString& aPluginPath, return true; } -#if !defined(XP_MACOSX) || !defined(MOZ_GMP_SANDBOX) static bool GetPluginFile(const nsAString& aPluginPath, nsCOMPtr<nsIFile>& aLibFile) @@ -139,110 +132,6 @@ GetPluginFile(const nsAString& aPluginPath, nsCOMPtr<nsIFile> unusedlibDir; return GetPluginFile(aPluginPath, unusedlibDir, aLibFile); } -#endif - -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) -static nsCString -GetNativeTarget(nsIFile* aFile) -{ - bool isLink; - nsCString path; - aFile->IsSymlink(&isLink); - if (isLink) { - aFile->GetNativeTarget(path); - } else { - aFile->GetNativePath(path); - } - return path; -} - -static bool -GetPluginPaths(const nsAString& aPluginPath, - nsCString &aPluginDirectoryPath, - nsCString &aPluginFilePath) -{ - nsCOMPtr<nsIFile> libDirectory, libFile; - if (!GetPluginFile(aPluginPath, libDirectory, libFile)) { - return false; - } - - // Mac sandbox rules expect paths to actual files and directories -- not - // soft links. - libDirectory->Normalize(); - aPluginDirectoryPath = GetNativeTarget(libDirectory); - - libFile->Normalize(); - aPluginFilePath = GetNativeTarget(libFile); - - return true; -} - -static bool -GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath) -{ - nsAutoCString appPath; - nsAutoCString appBinaryPath( - (CommandLine::ForCurrentProcess()->argv()[0]).c_str()); - - nsAutoCString::const_iterator start, end; - appBinaryPath.BeginReading(start); - appBinaryPath.EndReading(end); - if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) { - end = start; - ++end; ++end; ++end; ++end; - appBinaryPath.BeginReading(start); - appPath.Assign(Substring(start, end)); - } else { - return false; - } - - nsCOMPtr<nsIFile> app, appBinary; - nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath), - true, getter_AddRefs(app)); - if (NS_FAILED(rv)) { - return false; - } - rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath), - true, getter_AddRefs(appBinary)); - if (NS_FAILED(rv)) { - return false; - } - - // Mac sandbox rules expect paths to actual files and directories -- not - // soft links. - aAppPath = GetNativeTarget(app); - appBinaryPath = GetNativeTarget(appBinary); - - return true; -} - -bool -GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType) -{ - if (!mGMPLoader) { - return false; - } - nsAutoCString pluginDirectoryPath, pluginFilePath; - if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) { - return false; - } - nsAutoCString appPath, appBinaryPath; - if (!GetAppPaths(appPath, appBinaryPath)) { - return false; - } - - MacSandboxInfo info; - info.type = MacSandboxType_Plugin; - info.pluginInfo.type = aPluginType; - info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get()); - info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get()); - info.appPath.assign(appPath.get()); - info.appBinaryPath.assign(appBinaryPath.get()); - - mGMPLoader->SetSandboxInfo(&info); - return true; -} -#endif // XP_MACOSX && MOZ_GMP_SANDBOX bool GMPChild::Init(const nsAString& aPluginPath, @@ -324,14 +213,6 @@ GMPChild::RecvPreloadLibs(const nsCString& aLibs) bool GMPChild::GetUTF8LibPath(nsACString& aOutLibPath) { -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) - nsAutoCString pluginDirectoryPath, pluginFilePath; - if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) { - MOZ_CRASH("Error scanning plugin path"); - } - aOutLibPath.Assign(pluginFilePath); - return true; -#else nsCOMPtr<nsIFile> libFile; if (!GetPluginFile(mPluginPath, libFile)) { return false; @@ -347,7 +228,6 @@ GMPChild::GetUTF8LibPath(nsACString& aOutLibPath) aOutLibPath = NS_ConvertUTF16toUTF8(path); return true; -#endif } bool @@ -377,17 +257,6 @@ GMPChild::AnswerStartPlugin(const nsString& aAdapter) } bool isWidevine = aAdapter.EqualsLiteral("widevine"); -#if defined(MOZ_GMP_SANDBOX) && defined(XP_MACOSX) - MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default; - if (isWidevine) { - pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine; - } - if (!SetMacSandboxInfo(pluginType)) { - NS_WARNING("Failed to set Mac GMP sandbox info"); - delete platformAPI; - return false; - } -#endif GMPAdapter* adapter = (isWidevine) ? new WidevineAdapter() : nullptr; if (!mGMPLoader->Load(libPath.get(), diff --git a/dom/media/gmp/GMPChild.h b/dom/media/gmp/GMPChild.h index d5314cf96..a4f688901 100644 --- a/dom/media/gmp/GMPChild.h +++ b/dom/media/gmp/GMPChild.h @@ -40,10 +40,6 @@ public: // GMPAsyncShutdownHost void ShutdownComplete() override; -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) - bool SetMacSandboxInfo(MacSandboxPluginType aPluginType); -#endif - private: friend class GMPContentChild; diff --git a/dom/media/gmp/GMPLoader.cpp b/dom/media/gmp/GMPLoader.cpp index c10208a49..0bccdd0b1 100644 --- a/dom/media/gmp/GMPLoader.cpp +++ b/dom/media/gmp/GMPLoader.cpp @@ -44,10 +44,6 @@ public: void Shutdown() override; -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) - void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) override; -#endif - private: SandboxStarter* mSandboxStarter; UniquePtr<GMPAdapter> mAdapter; @@ -208,15 +204,6 @@ GMPLoaderImpl::Shutdown() } } -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) -void -GMPLoaderImpl::SetSandboxInfo(MacSandboxInfo* aSandboxInfo) -{ - if (mSandboxStarter) { - mSandboxStarter->SetSandboxInfo(aSandboxInfo); - } -} -#endif } // namespace gmp } // namespace mozilla diff --git a/dom/media/gmp/GMPLoader.h b/dom/media/gmp/GMPLoader.h index 60581be2d..8e6b3cfac 100644 --- a/dom/media/gmp/GMPLoader.h +++ b/dom/media/gmp/GMPLoader.h @@ -12,10 +12,6 @@ #include "gmp-entrypoints.h" #include "mozilla/UniquePtr.h" -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) -#include "mozilla/Sandbox.h" -#endif - namespace mozilla { namespace gmp { @@ -23,12 +19,6 @@ class SandboxStarter { public: virtual ~SandboxStarter() {} virtual bool Start(const char* aLibPath) = 0; -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) - // On OS X we need to set Mac-specific sandbox info just before we start the - // sandbox, which we don't yet know when the GMPLoader and SandboxStarter - // objects are created. - virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0; -#endif }; // Interface that adapts a plugin to the GMP API. @@ -94,13 +84,6 @@ public: // Calls the GMPShutdown function exported by the GMP lib, and unloads the // plugin library. virtual void Shutdown() = 0; - -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) - // On OS X we need to set Mac-specific sandbox info just before we start the - // sandbox, which we don't yet know when the GMPLoader and SandboxStarter - // objects are created. - virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0; -#endif }; // On Desktop, this function resides in plugin-container. diff --git a/dom/media/gmp/GMPParent.cpp b/dom/media/gmp/GMPParent.cpp index 00bc97777..851634ce7 100644 --- a/dom/media/gmp/GMPParent.cpp +++ b/dom/media/gmp/GMPParent.cpp @@ -18,9 +18,6 @@ #include "nsIObserverService.h" #include "GMPTimerParent.h" #include "runnable_utils.h" -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) -#include "mozilla/SandboxInfo.h" -#endif #include "GMPContentParent.h" #include "MediaPrefs.h" #include "VideoUtils.h" @@ -749,14 +746,6 @@ GMPParent::ReadGMPInfoFile(nsIFile* aFile) if (cap.mAPIName.EqualsLiteral(GMP_API_DECRYPTOR)) { mCanDecrypt = true; -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) - if (!mozilla::SandboxInfo::Get().CanSandboxMedia()) { - printf_stderr("GMPParent::ReadGMPMetaData: Plugin \"%s\" is an EME CDM" - " but this system can't sandbox it; not loading.\n", - mDisplayName.get()); - return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__); - } -#endif #ifdef XP_WIN // Adobe GMP doesn't work without SSE2. Check the tags to see if // the decryptor is for the Adobe GMP, and refuse to load it if diff --git a/dom/media/gmp/GMPProcessParent.cpp b/dom/media/gmp/GMPProcessParent.cpp index 2fe7306a4..ef58175e8 100644 --- a/dom/media/gmp/GMPProcessParent.cpp +++ b/dom/media/gmp/GMPProcessParent.cpp @@ -8,9 +8,6 @@ #include "GMPUtils.h" #include "nsIFile.h" #include "nsIRunnable.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "WinUtils.h" -#endif #include "base/string_util.h" #include "base/process_util.h" @@ -56,38 +53,7 @@ GMPProcessParent::Launch(int32_t aTimeoutMs) vector<string> args; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - std::wstring wGMPPath = UTF8ToWide(mGMPPath.c_str()); - - // The sandbox doesn't allow file system rules where the paths contain - // symbolic links or junction points. Sometimes the Users folder has been - // moved to another drive using a junction point, so allow for this specific - // case. See bug 1236680 for details. - if (!widget::WinUtils::ResolveJunctionPointsAndSymLinks(wGMPPath)) { - GMP_LOG("ResolveJunctionPointsAndSymLinks failed for GMP path=%S", - wGMPPath.c_str()); - NS_WARNING("ResolveJunctionPointsAndSymLinks failed for GMP path."); - return false; - } - GMP_LOG("GMPProcessParent::Launch() resolved path to %S", wGMPPath.c_str()); - - // If the GMP path is a network path that is not mapped to a drive letter, - // then we need to fix the path format for the sandbox rule. - wchar_t volPath[MAX_PATH]; - if (::GetVolumePathNameW(wGMPPath.c_str(), volPath, MAX_PATH) && - ::GetDriveTypeW(volPath) == DRIVE_REMOTE && - wGMPPath.compare(0, 2, L"\\\\") == 0) { - std::wstring sandboxGMPPath(wGMPPath); - sandboxGMPPath.insert(1, L"??\\UNC"); - mAllowedFilesRead.push_back(sandboxGMPPath + L"\\*"); - } else { - mAllowedFilesRead.push_back(wGMPPath + L"\\*"); - } - - args.push_back(WideToUTF8(wGMPPath)); -#else args.push_back(mGMPPath); -#endif args.push_back(string(voucherPath.BeginReading(), voucherPath.EndReading())); diff --git a/dom/media/gmp/GMPService.cpp b/dom/media/gmp/GMPService.cpp index 65f4037ee..1901210da 100644 --- a/dom/media/gmp/GMPService.cpp +++ b/dom/media/gmp/GMPService.cpp @@ -25,9 +25,6 @@ #include "nsComponentManagerUtils.h" #include "runnable_utils.h" #include "VideoUtils.h" -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) -#include "mozilla/SandboxInfo.h" -#endif #include "nsAppDirectoryServiceDefs.h" #include "nsDirectoryServiceUtils.h" #include "nsDirectoryServiceDefs.h" @@ -485,14 +482,6 @@ GeckoMediaPluginService::GetGMPDecryptor(GMPCrashHelper* aHelper, const nsACString& aNodeId, UniquePtr<GetGMPDecryptorCallback>&& aCallback) { -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) - if (!SandboxInfo::Get().CanSandboxMedia()) { - NS_WARNING("GeckoMediaPluginService::GetGMPDecryptor: " - "EME decryption not available without sandboxing support."); - return NS_ERROR_NOT_AVAILABLE; - } -#endif - MOZ_ASSERT(NS_GetCurrentThread() == mGMPThread); NS_ENSURE_ARG(aTags && aTags->Length() > 0); NS_ENSURE_ARG(aCallback); diff --git a/dom/media/gmp/GMPServiceParent.cpp b/dom/media/gmp/GMPServiceParent.cpp index f25c36811..b58ab8853 100644 --- a/dom/media/gmp/GMPServiceParent.cpp +++ b/dom/media/gmp/GMPServiceParent.cpp @@ -27,9 +27,6 @@ #include "nsComponentManagerUtils.h" #include "runnable_utils.h" #include "VideoUtils.h" -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) -#include "mozilla/SandboxInfo.h" -#endif #include "nsAppDirectoryServiceDefs.h" #include "nsDirectoryServiceUtils.h" #include "nsDirectoryServiceDefs.h" @@ -960,15 +957,6 @@ GeckoMediaPluginServiceParent::SelectPluginForAPI(const nsACString& aNodeId, RefPtr<GMPParent> CreateGMPParent() { -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) - if (!SandboxInfo::Get().CanSandboxMedia()) { - if (!MediaPrefs::GMPAllowInsecure()) { - NS_WARNING("Denying media plugin load due to lack of sandboxing."); - return nullptr; - } - NS_WARNING("Loading media plugin despite lack of sandboxing."); - } -#endif return new GMPParent(); } diff --git a/dom/media/gmp/rlz/GMPDeviceBinding.cpp b/dom/media/gmp/rlz/GMPDeviceBinding.cpp index c8aee2bcd..3525f0462 100644 --- a/dom/media/gmp/rlz/GMPDeviceBinding.cpp +++ b/dom/media/gmp/rlz/GMPDeviceBinding.cpp @@ -12,10 +12,6 @@ #ifdef XP_WIN #include "windows.h" -#ifdef MOZ_SANDBOX -#include <intrin.h> -#include <assert.h> -#endif #endif #if defined(HASH_NODE_ID_WITH_DEVICE_ID) @@ -35,10 +31,6 @@ #ifdef XP_WIN #include "windows.h" -#ifdef MOZ_SANDBOX -#include <intrin.h> -#include <assert.h> -#endif #endif #ifdef XP_MACOSX diff --git a/dom/media/gmp/rlz/moz.build b/dom/media/gmp/rlz/moz.build index f366c2b5d..5e85357f1 100644 --- a/dom/media/gmp/rlz/moz.build +++ b/dom/media/gmp/rlz/moz.build @@ -13,13 +13,6 @@ UNIFIED_SOURCES += [ 'GMPDeviceBinding.cpp', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ['WINNT', 'Darwin']: - DEFINES['HASH_NODE_ID_WITH_DEVICE_ID'] = 1; - UNIFIED_SOURCES += [ - 'lib/string_utils.cc', - 'sha256.c', - ] - if CONFIG['OS_TARGET'] == 'WINNT': UNIFIED_SOURCES += [ 'win/lib/machine_id_win.cc', diff --git a/dom/plugins/base/nsPluginTags.cpp b/dom/plugins/base/nsPluginTags.cpp index ddc3968fd..a794c416c 100644 --- a/dom/plugins/base/nsPluginTags.cpp +++ b/dom/plugins/base/nsPluginTags.cpp @@ -248,7 +248,6 @@ nsPluginTag::nsPluginTag(nsPluginInfo* aPluginInfo, aPluginInfo->fMimeDescriptionArray, aPluginInfo->fExtensionArray, aPluginInfo->fVariantCount); - InitSandboxLevel(); EnsureMembersAreUTF8(); FixupVersion(); } @@ -283,7 +282,6 @@ nsPluginTag::nsPluginTag(const char* aName, { InitMime(aMimeTypes, aMimeDescriptions, aExtensions, static_cast<uint32_t>(aVariants)); - InitSandboxLevel(); if (!aArgsAreUTF8) EnsureMembersAreUTF8(); FixupVersion(); @@ -424,29 +422,6 @@ void nsPluginTag::InitMime(const char* const* aMimeTypes, } } -void -nsPluginTag::InitSandboxLevel() -{ -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - nsAutoCString sandboxPref("dom.ipc.plugins.sandbox-level."); - sandboxPref.Append(GetNiceFileName()); - if (NS_FAILED(Preferences::GetInt(sandboxPref.get(), &mSandboxLevel))) { - mSandboxLevel = Preferences::GetInt("dom.ipc.plugins.sandbox-level.default" -); - } - -#if defined(_AMD64_) - // As level 2 is now the default NPAPI sandbox level for 64-bit flash, we - // don't want to allow a lower setting unless this environment variable is - // set. This should be changed if the firefox.js pref file is changed. - if (mIsFlashPlugin && - !PR_GetEnv("MOZ_ALLOW_WEAKER_SANDBOX") && mSandboxLevel < 2) { - mSandboxLevel = 2; - } -#endif -#endif -} - #if !defined(XP_WIN) && !defined(XP_MACOSX) static nsresult ConvertToUTF8(nsIUnicodeDecoder *aUnicodeDecoder, nsAFlatCString& aString) diff --git a/dom/plugins/base/nsPluginTags.h b/dom/plugins/base/nsPluginTags.h index f1f03169b..9686d7e7a 100644 --- a/dom/plugins/base/nsPluginTags.h +++ b/dom/plugins/base/nsPluginTags.h @@ -190,7 +190,6 @@ private: const char* const* aMimeDescriptions, const char* const* aExtensions, uint32_t aVariantCount); - void InitSandboxLevel(); nsresult EnsureMembersAreUTF8(); void FixupVersion(); diff --git a/dom/plugins/ipc/PluginProcessChild.cpp b/dom/plugins/ipc/PluginProcessChild.cpp index eb698e8af..32bf06215 100644 --- a/dom/plugins/ipc/PluginProcessChild.cpp +++ b/dom/plugins/ipc/PluginProcessChild.cpp @@ -22,10 +22,6 @@ extern "C" CGError CGSSetDebugOptions(int options); #ifdef XP_WIN bool ShouldProtectPluginCurrentDirectory(char16ptr_t pluginFilePath); -#if defined(MOZ_SANDBOX) -#define TARGET_SANDBOX_EXPORTS -#include "mozilla/sandboxTarget.h" -#endif #endif using mozilla::ipc::IOThreadChild; @@ -107,12 +103,6 @@ PluginProcessChild::Init() pluginFilename = WideToUTF8(values[0]); -#if defined(MOZ_SANDBOX) - // This is probably the earliest we would want to start the sandbox. - // As we attempt to tighten the sandbox, we may need to consider moving this - // to later in the plugin initialization. - mozilla::SandboxTarget::Instance()->StartSandbox(); -#endif #else # error Sorry #endif diff --git a/dom/plugins/ipc/PluginProcessParent.cpp b/dom/plugins/ipc/PluginProcessParent.cpp index 2a73bce51..fb0e18246 100644 --- a/dom/plugins/ipc/PluginProcessParent.cpp +++ b/dom/plugins/ipc/PluginProcessParent.cpp @@ -14,10 +14,6 @@ #include "mozilla/Telemetry.h" #include "nsThreadUtils.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "nsDirectoryServiceDefs.h" -#endif - using std::vector; using std::string; @@ -40,95 +36,14 @@ PluginProcessParent::~PluginProcessParent() { } -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -static void -AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSvc, - const char* aDir, const nsAString& aSuffix = EmptyString()) -{ - nsCOMPtr<nsIFile> userDir; - nsresult rv = aDirSvc->Get(aDir, NS_GET_IID(nsIFile), getter_AddRefs(userDir)); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - nsAutoString userDirPath; - rv = userDir->GetPath(userDirPath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - if (!aSuffix.IsEmpty()) { - userDirPath.Append(aSuffix); - } - aAllowedFiles.push_back(std::wstring(userDirPath.get())); - return; -} - -static void -AddSandboxAllowedFiles(int32_t aSandboxLevel, - vector<std::wstring>& aAllowedFilesRead, - vector<std::wstring>& aAllowedFilesReadWrite, - vector<std::wstring>& aAllowedDirectories) -{ - if (aSandboxLevel < 2) { - return; - } - - nsresult rv; - nsCOMPtr<nsIProperties> dirSvc = - do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - // Higher than level 2 currently removes the users own rights. - if (aSandboxLevel > 2) { - AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR); - AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR, - NS_LITERAL_STRING("\\*")); - } - - // Level 2 and above is now using low integrity, so we need to give write - // access to the Flash directories. - // This should be made Flash specific (Bug 1171396). - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*")); - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*")); - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe\\Flash Player\\*")); - - // Access also has to be given to create the parent directories as they may - // not exist. - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe\\Flash Player")); -} -#endif - bool PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchCompleteTask, int32_t aSandboxLevel) { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - mSandboxLevel = aSandboxLevel; - AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead, - mAllowedFilesReadWrite, mAllowedDirectories); -#else if (aSandboxLevel != 0) { MOZ_ASSERT(false, "Can't enable an NPAPI process sandbox for platform/build."); } -#endif ProcessArchitecture currentArchitecture = base::GetCurrentProcessArchitecture(); uint32_t containerArchitectures = GetSupportedArchitecturesForProcessType(GeckoProcessType_Plugin); diff --git a/dom/plugins/ipc/moz.build b/dom/plugins/ipc/moz.build index b569aeb4c..15ed6410d 100644 --- a/dom/plugins/ipc/moz.build +++ b/dom/plugins/ipc/moz.build @@ -125,12 +125,6 @@ LOCAL_INCLUDES += [ '/xpcom/base/', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - DEFINES['FORCE_PR_LOG'] = True if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk3': |