summaryrefslogtreecommitdiffstats
path: root/browser
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-05-02 21:58:04 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-05-02 21:58:04 +0200
commit755e1020782fb42863e97d58a3e44d2eca760bb0 (patch)
treea632ffe4c847b06e4109069b48f8081415e55772 /browser
parent04c8f8f8bc2d2dccb6675bd1ed9912f098e76739 (diff)
downloadUXP-755e1020782fb42863e97d58a3e44d2eca760bb0.tar
UXP-755e1020782fb42863e97d58a3e44d2eca760bb0.tar.gz
UXP-755e1020782fb42863e97d58a3e44d2eca760bb0.tar.lz
UXP-755e1020782fb42863e97d58a3e44d2eca760bb0.tar.xz
UXP-755e1020782fb42863e97d58a3e44d2eca760bb0.zip
Remove content process sandbox code.
Diffstat (limited to 'browser')
-rw-r--r--browser/app/nsBrowserApp.cpp6
-rw-r--r--browser/app/profile/firefox.js68
2 files changed, 0 insertions, 74 deletions
diff --git a/browser/app/nsBrowserApp.cpp b/browser/app/nsBrowserApp.cpp
index 184b1fc2e..bae1d4bb7 100644
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -260,12 +260,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
sandbox::BrokerServices* brokerServices =
sandboxing::GetInitializedBrokerServices();
-#if defined(MOZ_CONTENT_SANDBOX)
- if (!brokerServices) {
- Output("Couldn't initialize the broker services.\n");
- return 255;
- }
-#endif
appData.sandboxBrokerServices = brokerServices;
#endif
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 5637d1797..e80f57fe4 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -945,74 +945,6 @@ pref("dom.ipc.plugins.sandbox-level.flash", 2);
#else
pref("dom.ipc.plugins.sandbox-level.flash", 0);
#endif
-
-#if defined(MOZ_CONTENT_SANDBOX)
-// This controls the strength of the Windows content process sandbox for testing
-// purposes. This will require a restart.
-// On windows these levels are:
-// See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
-// SetSecurityLevelForContentProcess() for what the different settings mean.
-#if defined(NIGHTLY_BUILD)
-pref("security.sandbox.content.level", 2);
-#else
-pref("security.sandbox.content.level", 1);
-#endif
-
-// This controls the depth of stack trace that is logged when Windows sandbox
-// logging is turned on. This is only currently available for the content
-// process because the only other sandbox (for GMP) has too strict a policy to
-// allow stack tracing. This does not require a restart to take effect.
-pref("security.sandbox.windows.log.stackTraceDepth", 0);
-#endif
-#endif
-
-#if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
-// This pref is discussed in bug 1083344, the naming is inspired from its
-// Windows counterpart, but on Mac it's an integer which means:
-// 0 -> "no sandbox"
-// 1 -> "preliminary content sandboxing enabled: write access to
-// home directory is prevented"
-// 2 -> "preliminary content sandboxing enabled with profile protection:
-// write access to home directory is prevented, read and write access
-// to ~/Library and profile directories are prevented (excluding
-// $PROFILE/{extensions,weave})"
-// This setting is read when the content process is started. On Mac the content
-// process is killed when all windows are closed, so a change will take effect
-// when the 1st window is opened.
-#if defined(NIGHTLY_BUILD)
-pref("security.sandbox.content.level", 2);
-#else
-pref("security.sandbox.content.level", 1);
-#endif
-#endif
-
-#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
-// This pref is introduced as part of bug 742434, the naming is inspired from
-// its Windows/Mac counterpart, but on Linux it's an integer which means:
-// 0 -> "no sandbox"
-// 1 -> "content sandbox using seccomp-bpf when available"
-// 2 -> "seccomp-bpf + file broker"
-// Content sandboxing on Linux is currently in the stage of
-// 'just getting it enabled', which includes a very permissive whitelist. We
-// enable seccomp-bpf on nightly to see if everything is running, or if we need
-// to whitelist more system calls.
-//
-// So the purpose of this setting is to allow nightly users to disable the
-// sandbox while we fix their problems. This way, they won't have to wait for
-// another nightly release which disables seccomp-bpf again.
-//
-// This setting may not be required anymore once we decide to permanently
-// enable the content sandbox.
-pref("security.sandbox.content.level", 2);
-#endif
-
-#if defined(XP_MACOSX) || defined(XP_WIN)
-#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
-// ID (a UUID when set by gecko) that is used to form the name of a
-// sandbox-writable temporary directory to be used by content processes
-// when a temporary writable file is required in a level 1 sandbox.
-pref("security.sandbox.content.tempDirSuffix", "");
-#endif
#endif
// This pref governs whether we attempt to work around problems caused by