summaryrefslogtreecommitdiffstats
path: root/security/sandbox/linux/Sandbox.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-05-02 23:30:36 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-05-02 23:30:36 +0200
commite1490c07e29f5e4715f73088b7ca7aab4ada90a6 (patch)
tree282d99e6b2377ebfa74ea4156964b2317df9ca82 /security/sandbox/linux/Sandbox.cpp
parent755e1020782fb42863e97d58a3e44d2eca760bb0 (diff)
downloadUXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar
UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar.gz
UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar.lz
UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.tar.xz
UXP-e1490c07e29f5e4715f73088b7ca7aab4ada90a6.zip
Remove GMP sandbox code.
Diffstat (limited to 'security/sandbox/linux/Sandbox.cpp')
-rw-r--r--security/sandbox/linux/Sandbox.cpp56
1 files changed, 0 insertions, 56 deletions
diff --git a/security/sandbox/linux/Sandbox.cpp b/security/sandbox/linux/Sandbox.cpp
index 65ca467ca..80a18f855 100644
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -76,13 +76,6 @@ namespace mozilla {
// This is initialized by SandboxSetCrashFunc().
SandboxCrashFunc gSandboxCrashFunc;
-#ifdef MOZ_GMP_SANDBOX
-// For media plugins, we can start the sandbox before we dlopen the
-// module, so we have to pre-open the file and simulate the sandboxed
-// open().
-static SandboxOpenedFile gMediaPluginFile;
-#endif
-
static UniquePtr<SandboxChroot> gChrootHelper;
static void (*gChromiumSigSysHandler)(int, siginfo_t*, void*);
@@ -525,19 +518,6 @@ SandboxEarlyInit(GeckoProcessType aType)
case GeckoProcessType_Default:
MOZ_ASSERT(false, "SandboxEarlyInit in parent process");
return;
-#ifdef MOZ_GMP_SANDBOX
- case GeckoProcessType_GMPlugin:
- if (!info.Test(SandboxInfo::kEnabledForMedia)) {
- break;
- }
- canUnshareNet = true;
- canUnshareIPC = true;
- // Need seccomp-bpf to intercept open().
- canChroot = info.Test(SandboxInfo::kHasSeccompBPF);
- break;
-#endif
- // In the future, content processes will be able to use some of
- // these.
default:
// Other cases intentionally left blank.
break;
@@ -626,40 +606,4 @@ SandboxEarlyInit(GeckoProcessType aType)
}
}
-#ifdef MOZ_GMP_SANDBOX
-/**
- * Starts the seccomp sandbox for a media plugin process. Should be
- * called only once, and before any potentially harmful content is
- * loaded -- including the plugin itself, if it's considered untrusted.
- *
- * The file indicated by aFilePath, if non-null, can be open()ed
- * read-only, once, after the sandbox starts; it should be the .so
- * file implementing the not-yet-loaded plugin.
- *
- * Will normally make the process exit on failure.
-*/
-void
-SetMediaPluginSandbox(const char *aFilePath)
-{
- if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForMedia)) {
- return;
- }
-
- MOZ_ASSERT(!gMediaPluginFile.mPath);
- if (aFilePath) {
- gMediaPluginFile.mPath = strdup(aFilePath);
- gMediaPluginFile.mFd = open(aFilePath, O_RDONLY | O_CLOEXEC);
- if (gMediaPluginFile.mFd == -1) {
- SANDBOX_LOG_ERROR("failed to open plugin file %s: %s",
- aFilePath, strerror(errno));
- MOZ_CRASH();
- }
- } else {
- gMediaPluginFile.mFd = -1;
- }
- // Finally, start the sandbox.
- SetCurrentProcessSandbox(GetMediaSandboxPolicy(&gMediaPluginFile));
-}
-#endif // MOZ_GMP_SANDBOX
-
} // namespace mozilla