diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-05-02 23:30:36 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-05-02 23:30:36 +0200 |
commit | e1490c07e29f5e4715f73088b7ca7aab4ada90a6 (patch) | |
tree | 282d99e6b2377ebfa74ea4156964b2317df9ca82 /security/sandbox/linux/Sandbox.cpp | |
parent | 755e1020782fb42863e97d58a3e44d2eca760bb0 (diff) | |
download | UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar.gz UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar.lz UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar.xz UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.zip |
Remove GMP sandbox code.
Diffstat (limited to 'security/sandbox/linux/Sandbox.cpp')
-rw-r--r-- | security/sandbox/linux/Sandbox.cpp | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp index 65ca467ca..80a18f855 100644 --- a/security/sandbox/linux/Sandbox.cpp +++ b/security/sandbox/linux/Sandbox.cpp @@ -76,13 +76,6 @@ namespace mozilla { // This is initialized by SandboxSetCrashFunc(). SandboxCrashFunc gSandboxCrashFunc; -#ifdef MOZ_GMP_SANDBOX -// For media plugins, we can start the sandbox before we dlopen the -// module, so we have to pre-open the file and simulate the sandboxed -// open(). -static SandboxOpenedFile gMediaPluginFile; -#endif - static UniquePtr<SandboxChroot> gChrootHelper; static void (*gChromiumSigSysHandler)(int, siginfo_t*, void*); @@ -525,19 +518,6 @@ SandboxEarlyInit(GeckoProcessType aType) case GeckoProcessType_Default: MOZ_ASSERT(false, "SandboxEarlyInit in parent process"); return; -#ifdef MOZ_GMP_SANDBOX - case GeckoProcessType_GMPlugin: - if (!info.Test(SandboxInfo::kEnabledForMedia)) { - break; - } - canUnshareNet = true; - canUnshareIPC = true; - // Need seccomp-bpf to intercept open(). - canChroot = info.Test(SandboxInfo::kHasSeccompBPF); - break; -#endif - // In the future, content processes will be able to use some of - // these. default: // Other cases intentionally left blank. break; @@ -626,40 +606,4 @@ SandboxEarlyInit(GeckoProcessType aType) } } -#ifdef MOZ_GMP_SANDBOX -/** - * Starts the seccomp sandbox for a media plugin process. Should be - * called only once, and before any potentially harmful content is - * loaded -- including the plugin itself, if it's considered untrusted. - * - * The file indicated by aFilePath, if non-null, can be open()ed - * read-only, once, after the sandbox starts; it should be the .so - * file implementing the not-yet-loaded plugin. - * - * Will normally make the process exit on failure. -*/ -void -SetMediaPluginSandbox(const char *aFilePath) -{ - if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForMedia)) { - return; - } - - MOZ_ASSERT(!gMediaPluginFile.mPath); - if (aFilePath) { - gMediaPluginFile.mPath = strdup(aFilePath); - gMediaPluginFile.mFd = open(aFilePath, O_RDONLY | O_CLOEXEC); - if (gMediaPluginFile.mFd == -1) { - SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", - aFilePath, strerror(errno)); - MOZ_CRASH(); - } - } else { - gMediaPluginFile.mFd = -1; - } - // Finally, start the sandbox. - SetCurrentProcessSandbox(GetMediaSandboxPolicy(&gMediaPluginFile)); -} -#endif // MOZ_GMP_SANDBOX - } // namespace mozilla |