summaryrefslogtreecommitdiffstats
path: root/toolkit/xre
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-05-04 09:09:10 +0200
committerGitHub <noreply@github.com>2018-05-04 09:09:10 +0200
commit4a2aeb152e48c44efa57c140660e99792f4dd350 (patch)
tree7b786de2b175122814a53232268b1147a8bd0bfb /toolkit/xre
parent20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff)
parentf265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff)
downloadUXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz
UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'toolkit/xre')
-rw-r--r--toolkit/xre/moz.build6
-rw-r--r--toolkit/xre/nsAppRunner.cpp53
-rw-r--r--toolkit/xre/nsEmbedFunctions.cpp38
-rw-r--r--toolkit/xre/nsXREDirProvider.cpp205
-rw-r--r--toolkit/xre/nsXREDirProvider.h9
5 files changed, 0 insertions, 311 deletions
diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build
index 7ada19d41..55b59ca83 100644
--- a/toolkit/xre/moz.build
+++ b/toolkit/xre/moz.build
@@ -149,12 +149,6 @@ LOCAL_INCLUDES += [
'/xpcom/build',
]
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
- LOCAL_INCLUDES += [
- '/security/sandbox/chromium',
- '/security/sandbox/chromium-shim',
- ]
-
if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
LOCAL_INCLUDES += [
'/widget',
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 3493cd837..2050b9671 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -106,10 +106,6 @@
#endif
#endif
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-#include "nsIUUIDGenerator.h"
-#endif
-
#ifdef ACCESSIBILITY
#include "nsAccessibilityService.h"
#if defined(XP_WIN)
@@ -197,14 +193,6 @@
#include "GeneratedJNIWrappers.h"
#endif
-#if defined(MOZ_SANDBOX)
-#if defined(XP_LINUX) && !defined(ANDROID)
-#include "mozilla/SandboxInfo.h"
-#elif defined(XP_WIN)
-#include "SandboxBroker.h"
-#endif
-#endif
-
extern uint32_t gRestartMode;
extern void InstallSignalHandlers(const char *ProgramName);
@@ -2952,25 +2940,6 @@ XREMain::XRE_mainInit(bool* aExitFlag)
if (NS_FAILED(rv))
return 1;
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
- if (mAppData->sandboxBrokerServices) {
- SandboxBroker::Initialize(mAppData->sandboxBrokerServices);
- Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, true);
- } else {
- Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, false);
-#if defined(MOZ_CONTENT_SANDBOX)
- // If we're sandboxing content and we fail to initialize, then crashing here
- // seems like the sensible option.
- if (BrowserTabsRemoteAutostart()) {
- MOZ_CRASH("Failed to initialize broker services, can't continue.");
- }
-#endif
- // Otherwise just warn for the moment, as most things will work.
- NS_WARNING("Failed to initialize broker services, sandboxed processes will "
- "fail to start.");
- }
-#endif
-
#ifdef XP_MACOSX
// Set up ability to respond to system (Apple) events. This must occur before
// ProcessUpdates to ensure that links clicked in external applications aren't
@@ -3913,24 +3882,6 @@ XREMain::XRE_mainRun()
}
#endif /* MOZ_INSTRUMENT_EVENT_LOOP */
-#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(MOZ_WIDGET_GONK)
- // If we're on Linux, we now have information about the OS capabilities
- // available to us.
- SandboxInfo sandboxInfo = SandboxInfo::Get();
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_BPF,
- sandboxInfo.Test(SandboxInfo::kHasSeccompBPF));
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_TSYNC,
- sandboxInfo.Test(SandboxInfo::kHasSeccompTSync));
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES_PRIVILEGED,
- sandboxInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces));
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES,
- sandboxInfo.Test(SandboxInfo::kHasUserNamespaces));
- Telemetry::Accumulate(Telemetry::SANDBOX_CONTENT_ENABLED,
- sandboxInfo.Test(SandboxInfo::kEnabledForContent));
- Telemetry::Accumulate(Telemetry::SANDBOX_MEDIA_ENABLED,
- sandboxInfo.Test(SandboxInfo::kEnabledForMedia));
-#endif /* MOZ_SANDBOX && XP_LINUX && !MOZ_WIDGET_GONK */
-
{
rv = appStartup->Run();
if (NS_FAILED(rv)) {
@@ -3996,10 +3947,6 @@ XREMain::XRE_main(int argc, char* argv[], const nsXREAppData* aAppData)
// See bug 1279614.
XRE_CreateStatsObject();
-#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(ANDROID)
- SandboxInfo::ThreadingCheck();
-#endif
-
char aLocal;
GeckoProfilerInitRAII profilerGuard(&aLocal);
diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
index 4a612e495..a59299c8b 100644
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -75,15 +75,6 @@
#include "mozilla/Telemetry.h"
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
-#include "mozilla/sandboxTarget.h"
-#include "mozilla/sandboxing/loggingCallbacks.h"
-#endif
-
-#if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK)
-#include "mozilla/Preferences.h"
-#endif
-
#ifdef MOZ_IPDL_TESTS
#include "mozilla/_ipdltest/IPDLUnitTests.h"
#include "mozilla/_ipdltest/IPDLUnitTestProcessChild.h"
@@ -299,11 +290,6 @@ XRE_InitChildProcess(int aArgc,
freopen("CONIN$", "r", stdin);
}
-#if defined(MOZ_SANDBOX)
- if (aChildData->sandboxTargetServices) {
- SandboxTarget::Instance()->SetTargetServices(aChildData->sandboxTargetServices);
- }
-#endif
#endif
// NB: This must be called before profiler_init
@@ -519,11 +505,6 @@ XRE_InitChildProcess(int aArgc,
// If passed in grab the application path for xpcom init
bool foundAppdir = false;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- // If passed in grab the profile path for sandboxing
- bool foundProfile = false;
-#endif
-
for (int idx = aArgc; idx > 0; idx--) {
if (aArgv[idx] && !strcmp(aArgv[idx], "-appdir")) {
MOZ_ASSERT(!foundAppdir);
@@ -539,19 +520,6 @@ XRE_InitChildProcess(int aArgc,
if (aArgv[idx] && !strcmp(aArgv[idx], "-safeMode")) {
gSafeMode = true;
}
-
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- if (aArgv[idx] && !strcmp(aArgv[idx], "-profile")) {
- MOZ_ASSERT(!foundProfile);
- if (foundProfile) {
- continue;
- }
- nsCString profile;
- profile.Assign(nsDependentCString(aArgv[idx+1]));
- static_cast<ContentProcess*>(process.get())->SetProfile(profile);
- foundProfile = true;
- }
-#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
}
}
break;
@@ -587,12 +555,6 @@ XRE_InitChildProcess(int aArgc,
::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY);
#endif
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
- // We need to do this after the process has been initialised, as
- // InitLoggingIfRequired may need access to prefs.
- mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction);
-#endif
-
OverrideDefaultLocaleIfNeeded();
// Run the UI event loop on the main thread.
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index 09168319f..04e2e1ebf 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -62,11 +62,6 @@
#include "UIKitDirProvider.h"
#endif
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-#include "nsIUUIDGenerator.h"
-#include "mozilla/Unused.h"
-#endif
-
#if defined(XP_MACOSX)
#define APP_REGISTRY_NAME "Application Registry"
#elif defined(XP_WIN)
@@ -77,14 +72,6 @@
#define PREF_OVERRIDE_DIRNAME "preferences"
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-static already_AddRefed<nsIFile> GetContentProcessSandboxTempDir();
-static nsresult DeleteDirIfExists(nsIFile *dir);
-static bool IsContentSandboxDisabled();
-static const char* GetContentProcessTempBaseDirKey();
-static already_AddRefed<nsIFile> CreateContentProcessSandboxTempDir();
-#endif
-
static already_AddRefed<nsIFile>
CloneAndAppend(nsIFile* aFile, const char* name)
{
@@ -495,14 +482,6 @@ nsXREDirProvider::GetFile(const char* aProperty, bool* aPersistent,
bool unused;
rv = dirsvc->GetFile("XCurProcD", &unused, getter_AddRefs(file));
}
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) {
- if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) {
- return rv;
- }
- rv = mContentTempDir->Clone(getter_AddRefs(file));
- }
-#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) {
// We need to allow component, xpt, and chrome registration to
// occur prior to the profile-after-change notification.
@@ -729,176 +708,6 @@ LoadExtensionDirectories(nsINIParser &parser,
while (true);
}
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-
-static const char*
-GetContentProcessTempBaseDirKey()
-{
-#if defined(XP_WIN)
- return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
-#else
- return NS_OS_TEMP_DIR;
-#endif
-}
-
-//
-// Sets mContentTempDir so that it refers to the appropriate temp dir.
-// If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
-// NS_OS_TEMP_DIR is used.
-//
-nsresult
-nsXREDirProvider::LoadContentProcessTempDir()
-{
- mContentTempDir = GetContentProcessSandboxTempDir();
- if (mContentTempDir) {
- return NS_OK;
- } else {
- return NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
- getter_AddRefs(mContentTempDir));
- }
-}
-
-static bool
-IsContentSandboxDisabled()
-{
- bool isSandboxDisabled = false;
- if (!BrowserTabsRemoteAutostart()) {
- return false;
- }
-#if defined(XP_WIN) || defined(XP_MACOSX)
- isSandboxDisabled = Preferences::GetInt("security.sandbox.content.level") < 1;
-#endif
- return isSandboxDisabled;
-}
-
-//
-// If a content process sandbox temp dir is to be used, returns an nsIFile
-// for the directory. Returns null if the content sandbox is disabled or
-// an error occurs.
-//
-static already_AddRefed<nsIFile>
-GetContentProcessSandboxTempDir()
-{
- if (IsContentSandboxDisabled()) {
- return nullptr;
- }
-
- nsCOMPtr<nsIFile> localFile;
-
- nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(),
- getter_AddRefs(localFile));
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- nsAutoString tempDirSuffix;
- rv = Preferences::GetString("security.sandbox.content.tempDirSuffix",
- &tempDirSuffix);
- if (NS_WARN_IF(NS_FAILED(rv)) || tempDirSuffix.IsEmpty()) {
- return nullptr;
- }
-
- rv = localFile->Append(NS_LITERAL_STRING("Temp-") + tempDirSuffix);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- return localFile.forget();
-}
-
-//
-// Create a temporary directory for use from sandboxed content processes.
-// Only called in the parent. The path is derived from a UUID stored in a
-// pref which is available to content processes. Returns null if the
-// content sandbox is disabled or if an error occurs.
-//
-static already_AddRefed<nsIFile>
-CreateContentProcessSandboxTempDir()
-{
- if (IsContentSandboxDisabled()) {
- return nullptr;
- }
-
- // Get (and create if blank) temp directory suffix pref.
- nsresult rv;
- nsAdoptingString tempDirSuffix =
- Preferences::GetString("security.sandbox.content.tempDirSuffix");
- if (tempDirSuffix.IsEmpty()) {
- nsCOMPtr<nsIUUIDGenerator> uuidgen =
- do_GetService("@mozilla.org/uuid-generator;1", &rv);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- nsID uuid;
- rv = uuidgen->GenerateUUIDInPlace(&uuid);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- char uuidChars[NSID_LENGTH];
- uuid.ToProvidedString(uuidChars);
- tempDirSuffix.AssignASCII(uuidChars);
-
- // Save the pref
- rv = Preferences::SetCString("security.sandbox.content.tempDirSuffix",
- uuidChars);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- // If we fail to save the pref we don't want to create the temp dir,
- // because we won't be able to clean it up later.
- return nullptr;
- }
-
- nsCOMPtr<nsIPrefService> prefsvc = Preferences::GetService();
- if (!prefsvc || NS_FAILED((rv = prefsvc->SavePrefFile(nullptr)))) {
- // Again, if we fail to save the pref file we might not be able to clean
- // up the temp directory, so don't create one.
- NS_WARNING("Failed to save pref file, cannot create temp dir.");
- return nullptr;
- }
- }
-
- nsCOMPtr<nsIFile> sandboxTempDir = GetContentProcessSandboxTempDir();
- if (!sandboxTempDir) {
- NS_WARNING("Failed to determine sandbox temp dir path.");
- return nullptr;
- }
-
- // Remove the directory. It may exist due to a previous crash.
- if (NS_FAILED(DeleteDirIfExists(sandboxTempDir))) {
- NS_WARNING("Failed to reset sandbox temp dir.");
- return nullptr;
- }
-
- // Create the directory
- rv = sandboxTempDir->Create(nsIFile::DIRECTORY_TYPE, 0700);
- if (NS_FAILED(rv)) {
- NS_WARNING("Failed to create sandbox temp dir.");
- return nullptr;
- }
-
- return sandboxTempDir.forget();
-}
-
-static nsresult
-DeleteDirIfExists(nsIFile* dir)
-{
- if (dir) {
- // Don't return an error if the directory doesn't exist.
- // Windows Remove() returns NS_ERROR_FILE_NOT_FOUND while
- // OS X returns NS_ERROR_FILE_TARGET_DOES_NOT_EXIST.
- nsresult rv = dir->Remove(/* aRecursive */ true);
- if (NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND &&
- rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
- return rv;
- }
- }
- return NS_OK;
-}
-
-#endif // (defined(XP_WIN) || defined(XP_MACOSX)) &&
- // defined(MOZ_CONTENT_SANDBOX)
-
void
nsXREDirProvider::LoadExtensionBundleDirectories()
{
@@ -1203,14 +1012,6 @@ nsXREDirProvider::DoStartup()
}
obsSvc->NotifyObservers(nullptr, "profile-initial-state", nullptr);
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- // The parent is responsible for creating the sandbox temp dir
- if (XRE_IsParentProcess()) {
- mContentProcessSandboxTempDir = CreateContentProcessSandboxTempDir();
- mContentTempDir = mContentProcessSandboxTempDir;
- }
-#endif
}
return NS_OK;
}
@@ -1221,12 +1022,6 @@ nsXREDirProvider::DoShutdown()
PROFILER_LABEL_FUNC(js::ProfileEntry::Category::OTHER);
if (mProfileNotified) {
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- if (XRE_IsParentProcess()) {
- Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
- }
-#endif
-
nsCOMPtr<nsIObserverService> obsSvc =
mozilla::services::GetObserverService();
NS_ASSERTION(obsSvc, "No observer service?");
diff --git a/toolkit/xre/nsXREDirProvider.h b/toolkit/xre/nsXREDirProvider.h
index 7ec64da78..1190cc708 100644
--- a/toolkit/xre/nsXREDirProvider.h
+++ b/toolkit/xre/nsXREDirProvider.h
@@ -121,11 +121,6 @@ protected:
// delimiters.
static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath);
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- // Load the temp directory for sandboxed content processes
- nsresult LoadContentProcessTempDir();
-#endif
-
// Calculate and register extension and theme bundle directories.
void LoadExtensionBundleDirectories();
@@ -146,10 +141,6 @@ protected:
nsCOMPtr<nsIFile> mProfileDir;
nsCOMPtr<nsIFile> mProfileLocalDir;
bool mProfileNotified;
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- nsCOMPtr<nsIFile> mContentTempDir;
- nsCOMPtr<nsIFile> mContentProcessSandboxTempDir;
-#endif
nsCOMArray<nsIFile> mAppBundleDirectories;
nsCOMArray<nsIFile> mExtensionDirectories;
nsCOMArray<nsIFile> mThemeDirectories;