diff options
Diffstat (limited to 'ipc/contentproc')
| -rw-r--r-- | ipc/contentproc/moz.build | 5 | ||||
| -rw-r--r-- | ipc/contentproc/plugin-container.cpp | 138 |
2 files changed, 1 insertions, 142 deletions
diff --git a/ipc/contentproc/moz.build b/ipc/contentproc/moz.build index 07cf0b97c..f9ded56ec 100644 --- a/ipc/contentproc/moz.build +++ b/ipc/contentproc/moz.build @@ -18,8 +18,3 @@ if CONFIG['OS_ARCH'] == 'WINNT': '/xpcom/base', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] diff --git a/ipc/contentproc/plugin-container.cpp b/ipc/contentproc/plugin-container.cpp index f293889b0..2fb9bd4f5 100644 --- a/ipc/contentproc/plugin-container.cpp +++ b/ipc/contentproc/plugin-container.cpp @@ -22,118 +22,10 @@ #include "GMPLoader.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "mozilla/sandboxing/SandboxInitialization.h" -#include "mozilla/sandboxing/sandboxLogging.h" -#endif - -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) -#include "mozilla/Sandbox.h" -#include "mozilla/SandboxInfo.h" -#endif - -#ifdef MOZ_WIDGET_GONK -# include <sys/time.h> -# include <sys/resource.h> - -# include <binder/ProcessState.h> - -# ifdef LOGE_IF -# undef LOGE_IF -# endif - -# include <android/log.h> -# define LOGE_IF(cond, ...) \ - ( (CONDITION(cond)) \ - ? ((void)__android_log_print(ANDROID_LOG_ERROR, \ - "Gecko:MozillaRntimeMain", __VA_ARGS__)) \ - : (void)0 ) - -# ifdef MOZ_CONTENT_SANDBOX -# include "mozilla/Sandbox.h" -# endif - -#endif // MOZ_WIDGET_GONK - -#ifdef MOZ_WIDGET_GONK -static void -InitializeBinder(void *aDummy) { - // Change thread priority to 0 only during calling ProcessState::self(). - // The priority is registered to binder driver and used for default Binder - // Thread's priority. - // To change the process's priority to small value need's root permission. - int curPrio = getpriority(PRIO_PROCESS, 0); - int err = setpriority(PRIO_PROCESS, 0, 0); - MOZ_ASSERT(!err); - LOGE_IF(err, "setpriority failed. Current process needs root permission."); - android::ProcessState::self()->startThreadPool(); - setpriority(PRIO_PROCESS, 0, curPrio); -} -#endif - -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -class WinSandboxStarter : public mozilla::gmp::SandboxStarter { -public: - virtual bool Start(const char *aLibPath) override { - if (IsSandboxedProcess()) { - mozilla::sandboxing::LowerSandbox(); - } - return true; - } -}; -#endif - -#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) -class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter { - LinuxSandboxStarter() { } -public: - static SandboxStarter* Make() { - if (mozilla::SandboxInfo::Get().CanSandboxMedia()) { - return new LinuxSandboxStarter(); - } else { - // Sandboxing isn't possible, but the parent has already - // checked that this plugin doesn't require it. (Bug 1074561) - return nullptr; - } - } - virtual bool Start(const char *aLibPath) override { - mozilla::SetMediaPluginSandbox(aLibPath); - return true; - } -}; -#endif - -#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) -class MacSandboxStarter : public mozilla::gmp::SandboxStarter { -public: - virtual bool Start(const char *aLibPath) override { - std::string err; - bool rv = mozilla::StartMacSandbox(mInfo, err); - if (!rv) { - fprintf(stderr, "sandbox_init() failed! Error \"%s\"\n", err.c_str()); - } - return rv; - } - virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) override { - mInfo = *aSandboxInfo; - } -private: - MacSandboxInfo mInfo; -}; -#endif - mozilla::gmp::SandboxStarter* MakeSandboxStarter() { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - return new WinSandboxStarter(); -#elif defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX) - return LinuxSandboxStarter::Make(); -#elif defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX) - return new MacSandboxStarter(); -#else return nullptr; -#endif } int @@ -147,36 +39,8 @@ content_process_main(int argc, char* argv[]) XREChildData childData; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - if (IsSandboxedProcess()) { - childData.sandboxTargetServices = - mozilla::sandboxing::GetInitializedTargetServices(); - if (!childData.sandboxTargetServices) { - return 1; - } - - childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction; - } -#endif - XRE_SetProcessType(argv[--argc]); -#if defined(XP_LINUX) && defined(MOZ_SANDBOX) - // This has to happen while we're still single-threaded, and on - // B2G that means before the Android Binder library is - // initialized. - mozilla::SandboxEarlyInit(XRE_GetProcessType()); -#endif - -#ifdef MOZ_WIDGET_GONK - // This creates a ThreadPool for binder ipc. A ThreadPool is necessary to - // receive binder calls, though not necessary to send binder calls. - // ProcessState::Self() also needs to be called once on the main thread to - // register the main thread with the binder driver. - - InitializeBinder(nullptr); -#endif - #ifdef XP_WIN // For plugins, this is done in PluginProcessChild::Init, as we need to // avoid it for unsupported plugins. See PluginProcessChild::Init for @@ -186,7 +50,7 @@ content_process_main(int argc, char* argv[]) SetDllDirectoryW(L""); } #endif -#if !defined(MOZ_WIDGET_ANDROID) && !defined(MOZ_WIDGET_GONK) && defined(MOZ_PLUGIN_CONTAINER) +#if !defined(MOZ_WIDGET_ANDROID) && defined(MOZ_PLUGIN_CONTAINER) // On desktop, the GMPLoader lives in plugin-container, so that its // code can be covered by an EME/GMP vendor's voucher. nsAutoPtr<mozilla::gmp::SandboxStarter> starter(MakeSandboxStarter()); |