summaryrefslogtreecommitdiffstats
path: root/dom
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-05-04 09:09:10 +0200
committerGitHub <noreply@github.com>2018-05-04 09:09:10 +0200
commit4a2aeb152e48c44efa57c140660e99792f4dd350 (patch)
tree7b786de2b175122814a53232268b1147a8bd0bfb /dom
parent20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff)
parentf265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff)
downloadUXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'dom')
-rw-r--r--dom/ipc/ContentChild.cpp196
-rw-r--r--dom/ipc/ContentChild.h21
-rw-r--r--dom/ipc/ContentParent.cpp60
-rw-r--r--dom/ipc/ContentParent.h11
-rw-r--r--dom/ipc/ContentProcess.cpp113
-rw-r--r--dom/ipc/ContentProcess.h8
-rw-r--r--dom/ipc/moz.build11
-rw-r--r--dom/media/gmp/GMPChild.cpp131
-rw-r--r--dom/media/gmp/GMPChild.h4
-rw-r--r--dom/media/gmp/GMPLoader.cpp13
-rw-r--r--dom/media/gmp/GMPLoader.h17
-rw-r--r--dom/media/gmp/GMPParent.cpp11
-rw-r--r--dom/media/gmp/GMPProcessParent.cpp34
-rw-r--r--dom/media/gmp/GMPService.cpp11
-rw-r--r--dom/media/gmp/GMPServiceParent.cpp12
-rw-r--r--dom/media/gmp/rlz/GMPDeviceBinding.cpp8
-rw-r--r--dom/media/gmp/rlz/moz.build7
-rw-r--r--dom/plugins/base/nsPluginTags.cpp25
-rw-r--r--dom/plugins/base/nsPluginTags.h1
-rw-r--r--dom/plugins/ipc/PluginProcessChild.cpp10
-rw-r--r--dom/plugins/ipc/PluginProcessParent.cpp85
-rw-r--r--dom/plugins/ipc/moz.build6
22 files changed, 0 insertions, 795 deletions
diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp
index 75678ca96..d7068c6c3 100644
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -65,21 +65,6 @@
#include "imgLoader.h"
#include "GMPServiceChild.h"
-#if defined(MOZ_CONTENT_SANDBOX)
-#if defined(XP_WIN)
-#define TARGET_SANDBOX_EXPORTS
-#include "mozilla/sandboxTarget.h"
-#elif defined(XP_LINUX)
-#include "mozilla/Sandbox.h"
-#include "mozilla/SandboxInfo.h"
-
-// Remove this include with Bug 1104619
-#include "CubebUtils.h"
-#elif defined(XP_MACOSX)
-#include "mozilla/Sandbox.h"
-#endif
-#endif
-
#include "mozilla/Unused.h"
#include "mozInlineSpellChecker.h"
@@ -1250,192 +1235,11 @@ ContentChild::AllocPProcessHangMonitorChild(Transport* aTransport,
return CreateHangMonitorChild(aTransport, aOtherProcess);
}
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-
-#include <stdlib.h>
-
-static bool
-GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir)
-{
- nsAutoCString appPath;
- nsAutoCString appBinaryPath(
- (CommandLine::ForCurrentProcess()->argv()[0]).c_str());
-
- nsAutoCString::const_iterator start, end;
- appBinaryPath.BeginReading(start);
- appBinaryPath.EndReading(end);
- if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) {
- end = start;
- ++end; ++end; ++end; ++end;
- appBinaryPath.BeginReading(start);
- appPath.Assign(Substring(start, end));
- } else {
- return false;
- }
-
- nsCOMPtr<nsIFile> app, appBinary;
- nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath),
- true, getter_AddRefs(app));
- if (NS_FAILED(rv)) {
- return false;
- }
- rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath),
- true, getter_AddRefs(appBinary));
- if (NS_FAILED(rv)) {
- return false;
- }
-
- nsCOMPtr<nsIFile> appDir;
- nsCOMPtr<nsIProperties> dirSvc =
- do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
- if (!dirSvc) {
- return false;
- }
- rv = dirSvc->Get(NS_XPCOM_CURRENT_PROCESS_DIR,
- NS_GET_IID(nsIFile), getter_AddRefs(appDir));
- if (NS_FAILED(rv)) {
- return false;
- }
- bool exists;
- rv = appDir->Exists(&exists);
- if (NS_FAILED(rv) || !exists) {
- return false;
- }
-
- bool isLink;
- app->IsSymlink(&isLink);
- if (isLink) {
- app->GetNativeTarget(aAppPath);
- } else {
- app->GetNativePath(aAppPath);
- }
- appBinary->IsSymlink(&isLink);
- if (isLink) {
- appBinary->GetNativeTarget(aAppBinaryPath);
- } else {
- appBinary->GetNativePath(aAppBinaryPath);
- }
- appDir->IsSymlink(&isLink);
- if (isLink) {
- appDir->GetNativeTarget(aAppDir);
- } else {
- appDir->GetNativePath(aAppDir);
- }
-
- return true;
-}
-
-static bool
-StartMacOSContentSandbox()
-{
- int sandboxLevel = Preferences::GetInt("security.sandbox.content.level");
- if (sandboxLevel < 1) {
- return false;
- }
-
- nsAutoCString appPath, appBinaryPath, appDir;
- if (!GetAppPaths(appPath, appBinaryPath, appDir)) {
- MOZ_CRASH("Error resolving child process path");
- }
-
- // During sandboxed content process startup, before reaching
- // this point, NS_OS_TEMP_DIR is modified to refer to a sandbox-
- // writable temporary directory
- nsCOMPtr<nsIFile> tempDir;
- nsresult rv = nsDirectoryService::gService->Get(NS_OS_TEMP_DIR,
- NS_GET_IID(nsIFile), getter_AddRefs(tempDir));
- if (NS_FAILED(rv)) {
- MOZ_CRASH("Failed to get NS_OS_TEMP_DIR");
- }
-
- nsAutoCString tempDirPath;
- tempDir->Normalize();
- rv = tempDir->GetNativePath(tempDirPath);
- if (NS_FAILED(rv)) {
- MOZ_CRASH("Failed to get NS_OS_TEMP_DIR path");
- }
-
- nsCOMPtr<nsIFile> profileDir;
- ContentChild::GetSingleton()->GetProfileDir(getter_AddRefs(profileDir));
- nsCString profileDirPath;
- if (profileDir) {
- rv = profileDir->GetNativePath(profileDirPath);
- if (NS_FAILED(rv) || profileDirPath.IsEmpty()) {
- MOZ_CRASH("Failed to get profile path");
- }
- }
-
- MacSandboxInfo info;
- info.type = MacSandboxType_Content;
- info.level = info.level = sandboxLevel;
- info.appPath.assign(appPath.get());
- info.appBinaryPath.assign(appBinaryPath.get());
- info.appDir.assign(appDir.get());
- info.appTempDir.assign(tempDirPath.get());
-
- if (profileDir) {
- info.hasSandboxedProfile = true;
- info.profileDir.assign(profileDirPath.get());
- } else {
- info.hasSandboxedProfile = false;
- }
-
- std::string err;
- if (!mozilla::StartMacSandbox(info, err)) {
- NS_WARNING(err.c_str());
- MOZ_CRASH("sandbox_init() failed");
- }
-
- return true;
-}
-#endif
-
bool
ContentChild::RecvSetProcessSandbox(const MaybeFileDesc& aBroker)
{
// We may want to move the sandbox initialization somewhere else
// at some point; see bug 880808.
-#if defined(MOZ_CONTENT_SANDBOX)
- bool sandboxEnabled = true;
-#if defined(XP_LINUX)
-#if defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19
- // For B2G >= KitKat, sandboxing is mandatory; this has already
- // been enforced by ContentParent::StartUp().
- MOZ_ASSERT(SandboxInfo::Get().CanSandboxContent());
-#else
- // Otherwise, sandboxing is best-effort.
- if (!SandboxInfo::Get().CanSandboxContent()) {
- sandboxEnabled = false;
- } else {
- // This triggers the initialization of cubeb, which needs to happen
- // before seccomp is enabled (Bug 1259508). It also increases the startup
- // time of the content process, because cubeb is usually initialized
- // when it is actually needed. This call here is no longer required
- // once Bug 1104619 (remoting audio) is resolved.
- Unused << CubebUtils::GetCubebContext();
- }
-
-#endif /* MOZ_WIDGET_GONK && ANDROID_VERSION >= 19 */
- if (sandboxEnabled) {
- int brokerFd = -1;
- if (aBroker.type() == MaybeFileDesc::TFileDescriptor) {
- auto fd = aBroker.get_FileDescriptor().ClonePlatformHandle();
- brokerFd = fd.release();
- // brokerFd < 0 means to allow direct filesystem access, so
- // make absolutely sure that doesn't happen if the parent
- // didn't intend it.
- MOZ_RELEASE_ASSERT(brokerFd >= 0);
- }
- sandboxEnabled = SetContentProcessSandbox(brokerFd);
- }
-#elif defined(XP_WIN)
- mozilla::SandboxTarget::Instance()->StartSandbox();
-#elif defined(XP_MACOSX)
- sandboxEnabled = StartMacOSContentSandbox();
-#endif
-
-#endif /* MOZ_CONTENT_SANDBOX */
-
return true;
}
diff --git a/dom/ipc/ContentChild.h b/dom/ipc/ContentChild.h
index cb718aff9..c78f951f0 100644
--- a/dom/ipc/ContentChild.h
+++ b/dom/ipc/ContentChild.h
@@ -21,10 +21,6 @@
#include "nsWeakPtr.h"
#include "nsIWindowProvider.h"
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-#include "nsIFile.h"
-#endif
-
struct ChromePackage;
class nsIObserver;
struct SubstitutionMapping;
@@ -118,19 +114,6 @@ public:
void GetProcessName(nsACString& aName) const;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- void GetProfileDir(nsIFile** aProfileDir) const
- {
- *aProfileDir = mProfileDir;
- NS_IF_ADDREF(*aProfileDir);
- }
-
- void SetProfileDir(nsIFile* aProfileDir)
- {
- mProfileDir = aProfileDir;
- }
-#endif
-
bool IsAlive() const;
bool IsShuttingDown() const;
@@ -679,10 +662,6 @@ private:
nsCOMPtr<nsIDomainPolicy> mPolicy;
nsCOMPtr<nsITimer> mForceKillTimer;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- nsCOMPtr<nsIFile> mProfileDir;
-#endif
-
// Hashtable to keep track of the pending GetFilesHelper objects.
// This GetFilesHelperChild objects are removed when RecvGetFilesResponse is
// received.
diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp
index 286f1d851..ee0f8090a 100644
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -230,12 +230,6 @@ using namespace mozilla::system;
#include "mozilla/dom/SpeechSynthesisParent.h"
#endif
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
-#include "mozilla/SandboxInfo.h"
-#include "mozilla/SandboxBroker.h"
-#include "mozilla/SandboxBrokerPolicyFactory.h"
-#endif
-
#ifdef MOZ_TOOLKIT_SEARCH
#include "nsIBrowserSearchService.h"
#endif
@@ -503,9 +497,6 @@ nsTArray<ContentParent*>* ContentParent::sNonAppContentParents;
nsTArray<ContentParent*>* ContentParent::sLargeAllocationContentParents;
nsTArray<ContentParent*>* ContentParent::sPrivateContent;
StaticAutoPtr<LinkedList<ContentParent> > ContentParent::sContentParents;
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
-UniquePtr<SandboxBrokerPolicyFactory> ContentParent::sSandboxBrokerPolicyFactory;
-#endif
// This is true when subprocess launching is enabled. This is the
// case between StartUp() and ShutDown() or JoinAllSubprocesses().
@@ -637,18 +628,6 @@ ContentParent::StartUp()
return;
}
-#if defined(MOZ_CONTENT_SANDBOX) && defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19
- // Require sandboxing on B2G >= KitKat. This condition must stay
- // in sync with ContentChild::RecvSetProcessSandbox.
- if (!SandboxInfo::Get().CanSandboxContent()) {
- // MOZ_CRASH strings are only for debug builds; make sure the
- // message is clear on non-debug builds as well:
- printf_stderr("Sandboxing support is required on this platform. "
- "Recompile kernel with CONFIG_SECCOMP_FILTER=y\n");
- MOZ_CRASH("Sandboxing support is required on this platform.");
- }
-#endif
-
// Note: This reporter measures all ContentParents.
RegisterStrongMemoryReporter(new ContentParentsMemoryReporter());
@@ -662,10 +641,6 @@ ContentParent::StartUp()
PreallocatedProcessManager::AllocateAfterDelay();
sDisableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS");
-
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
- sSandboxBrokerPolicyFactory = MakeUnique<SandboxBrokerPolicyFactory>();
-#endif
}
/*static*/ void
@@ -674,10 +649,6 @@ ContentParent::ShutDown()
// No-op for now. We rely on normal process shutdown and
// ClearOnShutdown() to clean up our state.
sCanLaunchSubprocesses = false;
-
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
- sSandboxBrokerPolicyFactory = nullptr;
-#endif
}
/*static*/ void
@@ -2244,37 +2215,6 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority,
}
}
-#ifdef MOZ_CONTENT_SANDBOX
- bool shouldSandbox = true;
- MaybeFileDesc brokerFd = void_t();
-#ifdef XP_LINUX
- // XXX: Checking the pref here makes it possible to enable/disable sandboxing
- // during an active session. Currently the pref is only used for testing
- // purpose. If the decision is made to permanently rely on the pref, this
- // should be changed so that it is required to restart firefox for the change
- // of value to take effect.
- shouldSandbox = (Preferences::GetInt("security.sandbox.content.level") > 0) &&
- !PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX");
-
- if (shouldSandbox) {
- MOZ_ASSERT(!mSandboxBroker);
- UniquePtr<SandboxBroker::Policy> policy =
- sSandboxBrokerPolicyFactory->GetContentPolicy(Pid());
- if (policy) {
- brokerFd = FileDescriptor();
- mSandboxBroker = SandboxBroker::Create(Move(policy), Pid(), brokerFd);
- if (!mSandboxBroker) {
- KillHard("SandboxBroker::Create failed");
- return;
- }
- MOZ_ASSERT(static_cast<const FileDescriptor&>(brokerFd).IsValid());
- }
- }
-#endif
- if (shouldSandbox && !SendSetProcessSandbox(brokerFd)) {
- KillHard("SandboxInitFailed");
- }
-#endif
#if defined(XP_WIN)
// Send the info needed to join the browser process's audio session.
nsID id;
diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h
index a3750de1a..3f74b10e1 100644
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@@ -46,11 +46,6 @@ class PRemoteSpellcheckEngineParent;
class ProfileGatherer;
#endif
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
-class SandboxBroker;
-class SandboxBrokerPolicyFactory;
-#endif
-
namespace embedding {
class PrintingParent;
}
@@ -1152,12 +1147,6 @@ private:
UniquePtr<gfx::DriverCrashGuard> mDriverCrashGuard;
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
- mozilla::UniquePtr<SandboxBroker> mSandboxBroker;
- static mozilla::UniquePtr<SandboxBrokerPolicyFactory>
- sSandboxBrokerPolicyFactory;
-#endif
-
#ifdef NS_PRINTING
RefPtr<embedding::PrintingParent> mPrintingParent;
#endif
diff --git a/dom/ipc/ContentProcess.cpp b/dom/ipc/ContentProcess.cpp
index 2413d8808..986617f55 100644
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@@ -8,122 +8,17 @@
#include "ContentProcess.h"
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-#include <stdlib.h>
-#endif
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-#include "mozilla/Preferences.h"
-#include "nsAppDirectoryServiceDefs.h"
-#include "nsDirectoryService.h"
-#include "nsDirectoryServiceDefs.h"
-#endif
-
using mozilla::ipc::IOThreadChild;
namespace mozilla {
namespace dom {
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
-static bool
-IsSandboxTempDirRequired()
-{
- // On Windows, a sandbox-writable temp directory is only used
- // when sandbox pref level >= 1.
- return Preferences::GetInt("security.sandbox.content.level") >= 1;
-}
-
-static void
-SetTmpEnvironmentVariable(nsIFile* aValue)
-{
- // Save the TMP environment variable so that is is picked up by GetTempPath().
- // Note that we specifically write to the TMP variable, as that is the first
- // variable that is checked by GetTempPath() to determine its output.
- nsAutoString fullTmpPath;
- nsresult rv = aValue->GetPath(fullTmpPath);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return;
- }
- Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", fullTmpPath.get()));
- // We also set TEMP in case there is naughty third-party code that is
- // referencing the environment variable directly.
- Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", fullTmpPath.get()));
-}
-#endif
-
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-static bool
-IsSandboxTempDirRequired()
-{
- // On OSX, use the sandbox-writable temp when the pref level >= 1.
- return (Preferences::GetInt("security.sandbox.content.level") >= 1);
-}
-
-static void
-SetTmpEnvironmentVariable(nsIFile* aValue)
-{
- nsAutoCString fullTmpPath;
- nsresult rv = aValue->GetNativePath(fullTmpPath);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return;
- }
- Unused << NS_WARN_IF(setenv("TMPDIR", fullTmpPath.get(), 1) != 0);
-}
-#endif
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-static void
-SetUpSandboxEnvironment()
-{
- MOZ_ASSERT(nsDirectoryService::gService,
- "SetUpSandboxEnvironment relies on nsDirectoryService being initialized");
-
- if (!IsSandboxTempDirRequired()) {
- return;
- }
-
- nsCOMPtr<nsIFile> sandboxedContentTemp;
- nsresult rv =
- nsDirectoryService::gService->Get(NS_APP_CONTENT_PROCESS_TEMP_DIR,
- NS_GET_IID(nsIFile),
- getter_AddRefs(sandboxedContentTemp));
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return;
- }
-
- // Change the gecko defined temp directory to our sandbox-writable one.
- // Undefine returns a failure if the property is not already set.
- Unused << nsDirectoryService::gService->Undefine(NS_OS_TEMP_DIR);
- rv = nsDirectoryService::gService->Set(NS_OS_TEMP_DIR, sandboxedContentTemp);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return;
- }
-
- SetTmpEnvironmentVariable(sandboxedContentTemp);
-}
-#endif
-
void
ContentProcess::SetAppDir(const nsACString& aPath)
{
mXREEmbed.SetAppDir(aPath);
}
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-void
-ContentProcess::SetProfile(const nsACString& aProfile)
-{
- bool flag;
- nsresult rv =
- XRE_GetFileFromPath(aProfile.BeginReading(), getter_AddRefs(mProfileDir));
- if (NS_FAILED(rv) ||
- NS_FAILED(mProfileDir->Exists(&flag)) || !flag) {
- NS_WARNING("Invalid profile directory passed to content process.");
- mProfileDir = nullptr;
- }
-}
-#endif
-
bool
ContentProcess::Init()
{
@@ -134,14 +29,6 @@ ContentProcess::Init()
mContent.InitXPCOM();
mContent.InitGraphicsDeviceData();
-#if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- mContent.SetProfileDir(mProfileDir);
-#endif
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- SetUpSandboxEnvironment();
-#endif
-
return true;
}
diff --git a/dom/ipc/ContentProcess.h b/dom/ipc/ContentProcess.h
index bf9968f8c..3950368bd 100644
--- a/dom/ipc/ContentProcess.h
+++ b/dom/ipc/ContentProcess.h
@@ -39,18 +39,10 @@ public:
void SetAppDir(const nsACString& aPath);
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- void SetProfile(const nsACString& aProfile);
-#endif
-
private:
ContentChild mContent;
mozilla::ipc::ScopedXREEmbed mXREEmbed;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- nsCOMPtr<nsIFile> mProfileDir;
-#endif
-
#if defined(XP_WIN)
// This object initializes and configures COM.
mozilla::mscom::MainThreadRuntime mCOMRuntime;
diff --git a/dom/ipc/moz.build b/dom/ipc/moz.build
index 71d193d44..1dbe1fedb 100644
--- a/dom/ipc/moz.build
+++ b/dom/ipc/moz.build
@@ -112,11 +112,6 @@ if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin':
'mozsandbox',
]
-if CONFIG['MOZ_CONTENT_SANDBOX'] and CONFIG['OS_ARCH'] == 'Linux':
- USE_LIBS += [
- 'mozsandbox',
- ]
-
LOCAL_INCLUDES += [
'/caps',
'/chrome',
@@ -145,12 +140,6 @@ LOCAL_INCLUDES += [
'/xpcom/threads',
]
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
- LOCAL_INCLUDES += [
- '/security/sandbox/chromium',
- '/security/sandbox/chromium-shim',
- ]
-
if CONFIG['OS_ARCH'] != 'WINNT':
LOCAL_INCLUDES += [
'/modules/libjar',
diff --git a/dom/media/gmp/GMPChild.cpp b/dom/media/gmp/GMPChild.cpp
index f8e75e299..f83a927ca 100644
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@@ -36,12 +36,6 @@ static const int MAX_VOUCHER_LENGTH = 500000;
#include <unistd.h> // for _exit()
#endif
-#if defined(MOZ_GMP_SANDBOX)
-#if defined(XP_MACOSX)
-#include "mozilla/Sandbox.h"
-#endif
-#endif
-
namespace mozilla {
#undef LOG
@@ -131,7 +125,6 @@ GetPluginFile(const nsAString& aPluginPath,
return true;
}
-#if !defined(XP_MACOSX) || !defined(MOZ_GMP_SANDBOX)
static bool
GetPluginFile(const nsAString& aPluginPath,
nsCOMPtr<nsIFile>& aLibFile)
@@ -139,110 +132,6 @@ GetPluginFile(const nsAString& aPluginPath,
nsCOMPtr<nsIFile> unusedlibDir;
return GetPluginFile(aPluginPath, unusedlibDir, aLibFile);
}
-#endif
-
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-static nsCString
-GetNativeTarget(nsIFile* aFile)
-{
- bool isLink;
- nsCString path;
- aFile->IsSymlink(&isLink);
- if (isLink) {
- aFile->GetNativeTarget(path);
- } else {
- aFile->GetNativePath(path);
- }
- return path;
-}
-
-static bool
-GetPluginPaths(const nsAString& aPluginPath,
- nsCString &aPluginDirectoryPath,
- nsCString &aPluginFilePath)
-{
- nsCOMPtr<nsIFile> libDirectory, libFile;
- if (!GetPluginFile(aPluginPath, libDirectory, libFile)) {
- return false;
- }
-
- // Mac sandbox rules expect paths to actual files and directories -- not
- // soft links.
- libDirectory->Normalize();
- aPluginDirectoryPath = GetNativeTarget(libDirectory);
-
- libFile->Normalize();
- aPluginFilePath = GetNativeTarget(libFile);
-
- return true;
-}
-
-static bool
-GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath)
-{
- nsAutoCString appPath;
- nsAutoCString appBinaryPath(
- (CommandLine::ForCurrentProcess()->argv()[0]).c_str());
-
- nsAutoCString::const_iterator start, end;
- appBinaryPath.BeginReading(start);
- appBinaryPath.EndReading(end);
- if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) {
- end = start;
- ++end; ++end; ++end; ++end;
- appBinaryPath.BeginReading(start);
- appPath.Assign(Substring(start, end));
- } else {
- return false;
- }
-
- nsCOMPtr<nsIFile> app, appBinary;
- nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath),
- true, getter_AddRefs(app));
- if (NS_FAILED(rv)) {
- return false;
- }
- rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath),
- true, getter_AddRefs(appBinary));
- if (NS_FAILED(rv)) {
- return false;
- }
-
- // Mac sandbox rules expect paths to actual files and directories -- not
- // soft links.
- aAppPath = GetNativeTarget(app);
- appBinaryPath = GetNativeTarget(appBinary);
-
- return true;
-}
-
-bool
-GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType)
-{
- if (!mGMPLoader) {
- return false;
- }
- nsAutoCString pluginDirectoryPath, pluginFilePath;
- if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
- return false;
- }
- nsAutoCString appPath, appBinaryPath;
- if (!GetAppPaths(appPath, appBinaryPath)) {
- return false;
- }
-
- MacSandboxInfo info;
- info.type = MacSandboxType_Plugin;
- info.pluginInfo.type = aPluginType;
- info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
- info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
- info.appPath.assign(appPath.get());
- info.appBinaryPath.assign(appBinaryPath.get());
-
- mGMPLoader->SetSandboxInfo(&info);
- return true;
-}
-#endif // XP_MACOSX && MOZ_GMP_SANDBOX
bool
GMPChild::Init(const nsAString& aPluginPath,
@@ -324,14 +213,6 @@ GMPChild::RecvPreloadLibs(const nsCString& aLibs)
bool
GMPChild::GetUTF8LibPath(nsACString& aOutLibPath)
{
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
- nsAutoCString pluginDirectoryPath, pluginFilePath;
- if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
- MOZ_CRASH("Error scanning plugin path");
- }
- aOutLibPath.Assign(pluginFilePath);
- return true;
-#else
nsCOMPtr<nsIFile> libFile;
if (!GetPluginFile(mPluginPath, libFile)) {
return false;
@@ -347,7 +228,6 @@ GMPChild::GetUTF8LibPath(nsACString& aOutLibPath)
aOutLibPath = NS_ConvertUTF16toUTF8(path);
return true;
-#endif
}
bool
@@ -377,17 +257,6 @@ GMPChild::AnswerStartPlugin(const nsString& aAdapter)
}
bool isWidevine = aAdapter.EqualsLiteral("widevine");
-#if defined(MOZ_GMP_SANDBOX) && defined(XP_MACOSX)
- MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
- if (isWidevine) {
- pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;
- }
- if (!SetMacSandboxInfo(pluginType)) {
- NS_WARNING("Failed to set Mac GMP sandbox info");
- delete platformAPI;
- return false;
- }
-#endif
GMPAdapter* adapter = (isWidevine) ? new WidevineAdapter() : nullptr;
if (!mGMPLoader->Load(libPath.get(),
diff --git a/dom/media/gmp/GMPChild.h b/dom/media/gmp/GMPChild.h
index d5314cf96..a4f688901 100644
--- a/dom/media/gmp/GMPChild.h
+++ b/dom/media/gmp/GMPChild.h
@@ -40,10 +40,6 @@ public:
// GMPAsyncShutdownHost
void ShutdownComplete() override;
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
- bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
-#endif
-
private:
friend class GMPContentChild;
diff --git a/dom/media/gmp/GMPLoader.cpp b/dom/media/gmp/GMPLoader.cpp
index c10208a49..0bccdd0b1 100644
--- a/dom/media/gmp/GMPLoader.cpp
+++ b/dom/media/gmp/GMPLoader.cpp
@@ -44,10 +44,6 @@ public:
void Shutdown() override;
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
- void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) override;
-#endif
-
private:
SandboxStarter* mSandboxStarter;
UniquePtr<GMPAdapter> mAdapter;
@@ -208,15 +204,6 @@ GMPLoaderImpl::Shutdown()
}
}
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-void
-GMPLoaderImpl::SetSandboxInfo(MacSandboxInfo* aSandboxInfo)
-{
- if (mSandboxStarter) {
- mSandboxStarter->SetSandboxInfo(aSandboxInfo);
- }
-}
-#endif
} // namespace gmp
} // namespace mozilla
diff --git a/dom/media/gmp/GMPLoader.h b/dom/media/gmp/GMPLoader.h
index 60581be2d..8e6b3cfac 100644
--- a/dom/media/gmp/GMPLoader.h
+++ b/dom/media/gmp/GMPLoader.h
@@ -12,10 +12,6 @@
#include "gmp-entrypoints.h"
#include "mozilla/UniquePtr.h"
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/Sandbox.h"
-#endif
-
namespace mozilla {
namespace gmp {
@@ -23,12 +19,6 @@ class SandboxStarter {
public:
virtual ~SandboxStarter() {}
virtual bool Start(const char* aLibPath) = 0;
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
- // On OS X we need to set Mac-specific sandbox info just before we start the
- // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
- // objects are created.
- virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0;
-#endif
};
// Interface that adapts a plugin to the GMP API.
@@ -94,13 +84,6 @@ public:
// Calls the GMPShutdown function exported by the GMP lib, and unloads the
// plugin library.
virtual void Shutdown() = 0;
-
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
- // On OS X we need to set Mac-specific sandbox info just before we start the
- // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
- // objects are created.
- virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0;
-#endif
};
// On Desktop, this function resides in plugin-container.
diff --git a/dom/media/gmp/GMPParent.cpp b/dom/media/gmp/GMPParent.cpp
index 00bc97777..851634ce7 100644
--- a/dom/media/gmp/GMPParent.cpp
+++ b/dom/media/gmp/GMPParent.cpp
@@ -18,9 +18,6 @@
#include "nsIObserverService.h"
#include "GMPTimerParent.h"
#include "runnable_utils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/SandboxInfo.h"
-#endif
#include "GMPContentParent.h"
#include "MediaPrefs.h"
#include "VideoUtils.h"
@@ -749,14 +746,6 @@ GMPParent::ReadGMPInfoFile(nsIFile* aFile)
if (cap.mAPIName.EqualsLiteral(GMP_API_DECRYPTOR)) {
mCanDecrypt = true;
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
- if (!mozilla::SandboxInfo::Get().CanSandboxMedia()) {
- printf_stderr("GMPParent::ReadGMPMetaData: Plugin \"%s\" is an EME CDM"
- " but this system can't sandbox it; not loading.\n",
- mDisplayName.get());
- return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
- }
-#endif
#ifdef XP_WIN
// Adobe GMP doesn't work without SSE2. Check the tags to see if
// the decryptor is for the Adobe GMP, and refuse to load it if
diff --git a/dom/media/gmp/GMPProcessParent.cpp b/dom/media/gmp/GMPProcessParent.cpp
index 2fe7306a4..ef58175e8 100644
--- a/dom/media/gmp/GMPProcessParent.cpp
+++ b/dom/media/gmp/GMPProcessParent.cpp
@@ -8,9 +8,6 @@
#include "GMPUtils.h"
#include "nsIFile.h"
#include "nsIRunnable.h"
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-#include "WinUtils.h"
-#endif
#include "base/string_util.h"
#include "base/process_util.h"
@@ -56,38 +53,7 @@ GMPProcessParent::Launch(int32_t aTimeoutMs)
vector<string> args;
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- std::wstring wGMPPath = UTF8ToWide(mGMPPath.c_str());
-
- // The sandbox doesn't allow file system rules where the paths contain
- // symbolic links or junction points. Sometimes the Users folder has been
- // moved to another drive using a junction point, so allow for this specific
- // case. See bug 1236680 for details.
- if (!widget::WinUtils::ResolveJunctionPointsAndSymLinks(wGMPPath)) {
- GMP_LOG("ResolveJunctionPointsAndSymLinks failed for GMP path=%S",
- wGMPPath.c_str());
- NS_WARNING("ResolveJunctionPointsAndSymLinks failed for GMP path.");
- return false;
- }
- GMP_LOG("GMPProcessParent::Launch() resolved path to %S", wGMPPath.c_str());
-
- // If the GMP path is a network path that is not mapped to a drive letter,
- // then we need to fix the path format for the sandbox rule.
- wchar_t volPath[MAX_PATH];
- if (::GetVolumePathNameW(wGMPPath.c_str(), volPath, MAX_PATH) &&
- ::GetDriveTypeW(volPath) == DRIVE_REMOTE &&
- wGMPPath.compare(0, 2, L"\\\\") == 0) {
- std::wstring sandboxGMPPath(wGMPPath);
- sandboxGMPPath.insert(1, L"??\\UNC");
- mAllowedFilesRead.push_back(sandboxGMPPath + L"\\*");
- } else {
- mAllowedFilesRead.push_back(wGMPPath + L"\\*");
- }
-
- args.push_back(WideToUTF8(wGMPPath));
-#else
args.push_back(mGMPPath);
-#endif
args.push_back(string(voucherPath.BeginReading(), voucherPath.EndReading()));
diff --git a/dom/media/gmp/GMPService.cpp b/dom/media/gmp/GMPService.cpp
index 65f4037ee..1901210da 100644
--- a/dom/media/gmp/GMPService.cpp
+++ b/dom/media/gmp/GMPService.cpp
@@ -25,9 +25,6 @@
#include "nsComponentManagerUtils.h"
#include "runnable_utils.h"
#include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/SandboxInfo.h"
-#endif
#include "nsAppDirectoryServiceDefs.h"
#include "nsDirectoryServiceUtils.h"
#include "nsDirectoryServiceDefs.h"
@@ -485,14 +482,6 @@ GeckoMediaPluginService::GetGMPDecryptor(GMPCrashHelper* aHelper,
const nsACString& aNodeId,
UniquePtr<GetGMPDecryptorCallback>&& aCallback)
{
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
- if (!SandboxInfo::Get().CanSandboxMedia()) {
- NS_WARNING("GeckoMediaPluginService::GetGMPDecryptor: "
- "EME decryption not available without sandboxing support.");
- return NS_ERROR_NOT_AVAILABLE;
- }
-#endif
-
MOZ_ASSERT(NS_GetCurrentThread() == mGMPThread);
NS_ENSURE_ARG(aTags && aTags->Length() > 0);
NS_ENSURE_ARG(aCallback);
diff --git a/dom/media/gmp/GMPServiceParent.cpp b/dom/media/gmp/GMPServiceParent.cpp
index f25c36811..b58ab8853 100644
--- a/dom/media/gmp/GMPServiceParent.cpp
+++ b/dom/media/gmp/GMPServiceParent.cpp
@@ -27,9 +27,6 @@
#include "nsComponentManagerUtils.h"
#include "runnable_utils.h"
#include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/SandboxInfo.h"
-#endif
#include "nsAppDirectoryServiceDefs.h"
#include "nsDirectoryServiceUtils.h"
#include "nsDirectoryServiceDefs.h"
@@ -960,15 +957,6 @@ GeckoMediaPluginServiceParent::SelectPluginForAPI(const nsACString& aNodeId,
RefPtr<GMPParent>
CreateGMPParent()
{
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
- if (!SandboxInfo::Get().CanSandboxMedia()) {
- if (!MediaPrefs::GMPAllowInsecure()) {
- NS_WARNING("Denying media plugin load due to lack of sandboxing.");
- return nullptr;
- }
- NS_WARNING("Loading media plugin despite lack of sandboxing.");
- }
-#endif
return new GMPParent();
}
diff --git a/dom/media/gmp/rlz/GMPDeviceBinding.cpp b/dom/media/gmp/rlz/GMPDeviceBinding.cpp
index c8aee2bcd..3525f0462 100644
--- a/dom/media/gmp/rlz/GMPDeviceBinding.cpp
+++ b/dom/media/gmp/rlz/GMPDeviceBinding.cpp
@@ -12,10 +12,6 @@
#ifdef XP_WIN
#include "windows.h"
-#ifdef MOZ_SANDBOX
-#include <intrin.h>
-#include <assert.h>
-#endif
#endif
#if defined(HASH_NODE_ID_WITH_DEVICE_ID)
@@ -35,10 +31,6 @@
#ifdef XP_WIN
#include "windows.h"
-#ifdef MOZ_SANDBOX
-#include <intrin.h>
-#include <assert.h>
-#endif
#endif
#ifdef XP_MACOSX
diff --git a/dom/media/gmp/rlz/moz.build b/dom/media/gmp/rlz/moz.build
index f366c2b5d..5e85357f1 100644
--- a/dom/media/gmp/rlz/moz.build
+++ b/dom/media/gmp/rlz/moz.build
@@ -13,13 +13,6 @@ UNIFIED_SOURCES += [
'GMPDeviceBinding.cpp',
]
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ['WINNT', 'Darwin']:
- DEFINES['HASH_NODE_ID_WITH_DEVICE_ID'] = 1;
- UNIFIED_SOURCES += [
- 'lib/string_utils.cc',
- 'sha256.c',
- ]
-
if CONFIG['OS_TARGET'] == 'WINNT':
UNIFIED_SOURCES += [
'win/lib/machine_id_win.cc',
diff --git a/dom/plugins/base/nsPluginTags.cpp b/dom/plugins/base/nsPluginTags.cpp
index ddc3968fd..a794c416c 100644
--- a/dom/plugins/base/nsPluginTags.cpp
+++ b/dom/plugins/base/nsPluginTags.cpp
@@ -248,7 +248,6 @@ nsPluginTag::nsPluginTag(nsPluginInfo* aPluginInfo,
aPluginInfo->fMimeDescriptionArray,
aPluginInfo->fExtensionArray,
aPluginInfo->fVariantCount);
- InitSandboxLevel();
EnsureMembersAreUTF8();
FixupVersion();
}
@@ -283,7 +282,6 @@ nsPluginTag::nsPluginTag(const char* aName,
{
InitMime(aMimeTypes, aMimeDescriptions, aExtensions,
static_cast<uint32_t>(aVariants));
- InitSandboxLevel();
if (!aArgsAreUTF8)
EnsureMembersAreUTF8();
FixupVersion();
@@ -424,29 +422,6 @@ void nsPluginTag::InitMime(const char* const* aMimeTypes,
}
}
-void
-nsPluginTag::InitSandboxLevel()
-{
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- nsAutoCString sandboxPref("dom.ipc.plugins.sandbox-level.");
- sandboxPref.Append(GetNiceFileName());
- if (NS_FAILED(Preferences::GetInt(sandboxPref.get(), &mSandboxLevel))) {
- mSandboxLevel = Preferences::GetInt("dom.ipc.plugins.sandbox-level.default"
-);
- }
-
-#if defined(_AMD64_)
- // As level 2 is now the default NPAPI sandbox level for 64-bit flash, we
- // don't want to allow a lower setting unless this environment variable is
- // set. This should be changed if the firefox.js pref file is changed.
- if (mIsFlashPlugin &&
- !PR_GetEnv("MOZ_ALLOW_WEAKER_SANDBOX") && mSandboxLevel < 2) {
- mSandboxLevel = 2;
- }
-#endif
-#endif
-}
-
#if !defined(XP_WIN) && !defined(XP_MACOSX)
static nsresult ConvertToUTF8(nsIUnicodeDecoder *aUnicodeDecoder,
nsAFlatCString& aString)
diff --git a/dom/plugins/base/nsPluginTags.h b/dom/plugins/base/nsPluginTags.h
index f1f03169b..9686d7e7a 100644
--- a/dom/plugins/base/nsPluginTags.h
+++ b/dom/plugins/base/nsPluginTags.h
@@ -190,7 +190,6 @@ private:
const char* const* aMimeDescriptions,
const char* const* aExtensions,
uint32_t aVariantCount);
- void InitSandboxLevel();
nsresult EnsureMembersAreUTF8();
void FixupVersion();
diff --git a/dom/plugins/ipc/PluginProcessChild.cpp b/dom/plugins/ipc/PluginProcessChild.cpp
index eb698e8af..32bf06215 100644
--- a/dom/plugins/ipc/PluginProcessChild.cpp
+++ b/dom/plugins/ipc/PluginProcessChild.cpp
@@ -22,10 +22,6 @@ extern "C" CGError CGSSetDebugOptions(int options);
#ifdef XP_WIN
bool ShouldProtectPluginCurrentDirectory(char16ptr_t pluginFilePath);
-#if defined(MOZ_SANDBOX)
-#define TARGET_SANDBOX_EXPORTS
-#include "mozilla/sandboxTarget.h"
-#endif
#endif
using mozilla::ipc::IOThreadChild;
@@ -107,12 +103,6 @@ PluginProcessChild::Init()
pluginFilename = WideToUTF8(values[0]);
-#if defined(MOZ_SANDBOX)
- // This is probably the earliest we would want to start the sandbox.
- // As we attempt to tighten the sandbox, we may need to consider moving this
- // to later in the plugin initialization.
- mozilla::SandboxTarget::Instance()->StartSandbox();
-#endif
#else
# error Sorry
#endif
diff --git a/dom/plugins/ipc/PluginProcessParent.cpp b/dom/plugins/ipc/PluginProcessParent.cpp
index 2a73bce51..fb0e18246 100644
--- a/dom/plugins/ipc/PluginProcessParent.cpp
+++ b/dom/plugins/ipc/PluginProcessParent.cpp
@@ -14,10 +14,6 @@
#include "mozilla/Telemetry.h"
#include "nsThreadUtils.h"
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-#include "nsDirectoryServiceDefs.h"
-#endif
-
using std::vector;
using std::string;
@@ -40,95 +36,14 @@ PluginProcessParent::~PluginProcessParent()
{
}
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-static void
-AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSvc,
- const char* aDir, const nsAString& aSuffix = EmptyString())
-{
- nsCOMPtr<nsIFile> userDir;
- nsresult rv = aDirSvc->Get(aDir, NS_GET_IID(nsIFile), getter_AddRefs(userDir));
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return;
- }
-
- nsAutoString userDirPath;
- rv = userDir->GetPath(userDirPath);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return;
- }
-
- if (!aSuffix.IsEmpty()) {
- userDirPath.Append(aSuffix);
- }
- aAllowedFiles.push_back(std::wstring(userDirPath.get()));
- return;
-}
-
-static void
-AddSandboxAllowedFiles(int32_t aSandboxLevel,
- vector<std::wstring>& aAllowedFilesRead,
- vector<std::wstring>& aAllowedFilesReadWrite,
- vector<std::wstring>& aAllowedDirectories)
-{
- if (aSandboxLevel < 2) {
- return;
- }
-
- nsresult rv;
- nsCOMPtr<nsIProperties> dirSvc =
- do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return;
- }
-
- // Higher than level 2 currently removes the users own rights.
- if (aSandboxLevel > 2) {
- AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR);
- AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR,
- NS_LITERAL_STRING("\\*"));
- }
-
- // Level 2 and above is now using low integrity, so we need to give write
- // access to the Flash directories.
- // This should be made Flash specific (Bug 1171396).
- AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
- NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
- AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
- NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
- AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
- NS_LITERAL_STRING("\\Adobe\\Flash Player\\*"));
-
- // Access also has to be given to create the parent directories as they may
- // not exist.
- AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
- NS_LITERAL_STRING("\\Macromedia"));
- AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
- NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
- AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
- NS_LITERAL_STRING("\\Macromedia"));
- AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
- NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
- AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
- NS_LITERAL_STRING("\\Adobe"));
- AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
- NS_LITERAL_STRING("\\Adobe\\Flash Player"));
-}
-#endif
-
bool
PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchCompleteTask,
int32_t aSandboxLevel)
{
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
- mSandboxLevel = aSandboxLevel;
- AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead,
- mAllowedFilesReadWrite, mAllowedDirectories);
-#else
if (aSandboxLevel != 0) {
MOZ_ASSERT(false,
"Can't enable an NPAPI process sandbox for platform/build.");
}
-#endif
ProcessArchitecture currentArchitecture = base::GetCurrentProcessArchitecture();
uint32_t containerArchitectures = GetSupportedArchitecturesForProcessType(GeckoProcessType_Plugin);
diff --git a/dom/plugins/ipc/moz.build b/dom/plugins/ipc/moz.build
index b569aeb4c..15ed6410d 100644
--- a/dom/plugins/ipc/moz.build
+++ b/dom/plugins/ipc/moz.build
@@ -125,12 +125,6 @@ LOCAL_INCLUDES += [
'/xpcom/base/',
]
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
- LOCAL_INCLUDES += [
- '/security/sandbox/chromium',
- '/security/sandbox/chromium-shim',
- ]
-
DEFINES['FORCE_PR_LOG'] = True
if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk3':