Merge pull request #323 from MoonchildProductions/nuke-sandbox

Nuke sandbox

22 files changed, 0 insertions, 795 deletions

diff --git a/dom/ipc/ContentChild.cpp b/dom/ipc/ContentChild.cpp
index 75678ca96..d7068c6c3 100644
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -65,21 +65,6 @@
 #include "imgLoader.h"
 #include "GMPServiceChild.h"
 
-#if defined(MOZ_CONTENT_SANDBOX)
-#if defined(XP_WIN)
-#define TARGET_SANDBOX_EXPORTS
-#include "mozilla/sandboxTarget.h"
-#elif defined(XP_LINUX)
-#include "mozilla/Sandbox.h"
-#include "mozilla/SandboxInfo.h"
-
-// Remove this include with Bug 1104619
-#include "CubebUtils.h"
-#elif defined(XP_MACOSX)
-#include "mozilla/Sandbox.h"
-#endif
-#endif
-
 #include "mozilla/Unused.h"
 
 #include "mozInlineSpellChecker.h"
@@ -1250,192 +1235,11 @@ ContentChild::AllocPProcessHangMonitorChild(Transport* aTransport,
   return CreateHangMonitorChild(aTransport, aOtherProcess);
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-
-#include <stdlib.h>
-
-static bool
-GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir)
-{
-  nsAutoCString appPath;
-  nsAutoCString appBinaryPath(
-    (CommandLine::ForCurrentProcess()->argv()[0]).c_str());
-
-  nsAutoCString::const_iterator start, end;
-  appBinaryPath.BeginReading(start);
-  appBinaryPath.EndReading(end);
-  if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) {
-    end = start;
-    ++end; ++end; ++end; ++end;
-    appBinaryPath.BeginReading(start);
-    appPath.Assign(Substring(start, end));
-  } else {
-    return false;
-  }
-
-  nsCOMPtr<nsIFile> app, appBinary;
-  nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath),
-                                true, getter_AddRefs(app));
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-  rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath),
-                       true, getter_AddRefs(appBinary));
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-
-  nsCOMPtr<nsIFile> appDir;
-  nsCOMPtr<nsIProperties> dirSvc =
-    do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
-  if (!dirSvc) {
-    return false;
-  }
-  rv = dirSvc->Get(NS_XPCOM_CURRENT_PROCESS_DIR,
-                   NS_GET_IID(nsIFile), getter_AddRefs(appDir));
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-  bool exists;
-  rv = appDir->Exists(&exists);
-  if (NS_FAILED(rv) || !exists) {
-    return false;
-  }
-
-  bool isLink;
-  app->IsSymlink(&isLink);
-  if (isLink) {
-    app->GetNativeTarget(aAppPath);
-  } else {
-    app->GetNativePath(aAppPath);
-  }
-  appBinary->IsSymlink(&isLink);
-  if (isLink) {
-    appBinary->GetNativeTarget(aAppBinaryPath);
-  } else {
-    appBinary->GetNativePath(aAppBinaryPath);
-  }
-  appDir->IsSymlink(&isLink);
-  if (isLink) {
-    appDir->GetNativeTarget(aAppDir);
-  } else {
-    appDir->GetNativePath(aAppDir);
-  }
-
-  return true;
-}
-
-static bool
-StartMacOSContentSandbox()
-{
-  int sandboxLevel = Preferences::GetInt("security.sandbox.content.level");
-  if (sandboxLevel < 1) {
-    return false;
-  }
-
-  nsAutoCString appPath, appBinaryPath, appDir;
-  if (!GetAppPaths(appPath, appBinaryPath, appDir)) {
-    MOZ_CRASH("Error resolving child process path");
-  }
-
-  // During sandboxed content process startup, before reaching
-  // this point, NS_OS_TEMP_DIR is modified to refer to a sandbox-
-  // writable temporary directory
-  nsCOMPtr<nsIFile> tempDir;
-  nsresult rv = nsDirectoryService::gService->Get(NS_OS_TEMP_DIR,
-      NS_GET_IID(nsIFile), getter_AddRefs(tempDir));
-  if (NS_FAILED(rv)) {
-    MOZ_CRASH("Failed to get NS_OS_TEMP_DIR");
-  }
-
-  nsAutoCString tempDirPath;
-  tempDir->Normalize();
-  rv = tempDir->GetNativePath(tempDirPath);
-  if (NS_FAILED(rv)) {
-    MOZ_CRASH("Failed to get NS_OS_TEMP_DIR path");
-  }
-
-  nsCOMPtr<nsIFile> profileDir;
-  ContentChild::GetSingleton()->GetProfileDir(getter_AddRefs(profileDir));
-  nsCString profileDirPath;
-  if (profileDir) {
-    rv = profileDir->GetNativePath(profileDirPath);
-    if (NS_FAILED(rv) || profileDirPath.IsEmpty()) {
-      MOZ_CRASH("Failed to get profile path");
-    }
-  }
-
-  MacSandboxInfo info;
-  info.type = MacSandboxType_Content;
-  info.level = info.level = sandboxLevel;
-  info.appPath.assign(appPath.get());
-  info.appBinaryPath.assign(appBinaryPath.get());
-  info.appDir.assign(appDir.get());
-  info.appTempDir.assign(tempDirPath.get());
-
-  if (profileDir) {
-    info.hasSandboxedProfile = true;
-    info.profileDir.assign(profileDirPath.get());
-  } else {
-    info.hasSandboxedProfile = false;
-  }
-
-  std::string err;
-  if (!mozilla::StartMacSandbox(info, err)) {
-    NS_WARNING(err.c_str());
-    MOZ_CRASH("sandbox_init() failed");
-  }
-
-  return true;
-}
-#endif
-
 bool
 ContentChild::RecvSetProcessSandbox(const MaybeFileDesc& aBroker)
 {
   // We may want to move the sandbox initialization somewhere else
   // at some point; see bug 880808.
-#if defined(MOZ_CONTENT_SANDBOX)
-  bool sandboxEnabled = true;
-#if defined(XP_LINUX)
-#if defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19
-  // For B2G >= KitKat, sandboxing is mandatory; this has already
-  // been enforced by ContentParent::StartUp().
-  MOZ_ASSERT(SandboxInfo::Get().CanSandboxContent());
-#else
-  // Otherwise, sandboxing is best-effort.
-  if (!SandboxInfo::Get().CanSandboxContent()) {
-       sandboxEnabled = false;
-   } else {
-       // This triggers the initialization of cubeb, which needs to happen
-       // before seccomp is enabled (Bug 1259508). It also increases the startup
-       // time of the content process, because cubeb is usually initialized
-       // when it is actually needed. This call here is no longer required
-       // once Bug 1104619 (remoting audio) is resolved.
-       Unused << CubebUtils::GetCubebContext();
-  }
-
-#endif /* MOZ_WIDGET_GONK && ANDROID_VERSION >= 19 */
-  if (sandboxEnabled) {
-    int brokerFd = -1;
-    if (aBroker.type() == MaybeFileDesc::TFileDescriptor) {
-      auto fd = aBroker.get_FileDescriptor().ClonePlatformHandle();
-      brokerFd = fd.release();
-      // brokerFd < 0 means to allow direct filesystem access, so
-      // make absolutely sure that doesn't happen if the parent
-      // didn't intend it.
-      MOZ_RELEASE_ASSERT(brokerFd >= 0);
-    }
-    sandboxEnabled = SetContentProcessSandbox(brokerFd);
-  }
-#elif defined(XP_WIN)
-  mozilla::SandboxTarget::Instance()->StartSandbox();
-#elif defined(XP_MACOSX)
-  sandboxEnabled = StartMacOSContentSandbox();
-#endif
-
-#endif /* MOZ_CONTENT_SANDBOX */
-
   return true;
 }
 
diff --git a/dom/ipc/ContentChild.h b/dom/ipc/ContentChild.h
index cb718aff9..c78f951f0 100644
--- a/dom/ipc/ContentChild.h
+++ b/dom/ipc/ContentChild.h
@@ -21,10 +21,6 @@
 #include "nsWeakPtr.h"
 #include "nsIWindowProvider.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-#include "nsIFile.h"
-#endif
-
 struct ChromePackage;
 class nsIObserver;
 struct SubstitutionMapping;
@@ -118,19 +114,6 @@ public:
 
   void GetProcessName(nsACString& aName) const;
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-  void GetProfileDir(nsIFile** aProfileDir) const
-  {
-    *aProfileDir = mProfileDir;
-    NS_IF_ADDREF(*aProfileDir);
-  }
-
-  void SetProfileDir(nsIFile* aProfileDir)
-  {
-    mProfileDir = aProfileDir;
-  }
-#endif
-
   bool IsAlive() const;
 
   bool IsShuttingDown() const;
@@ -679,10 +662,6 @@ private:
   nsCOMPtr<nsIDomainPolicy> mPolicy;
   nsCOMPtr<nsITimer> mForceKillTimer;
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-  nsCOMPtr<nsIFile> mProfileDir;
-#endif
-
   // Hashtable to keep track of the pending GetFilesHelper objects.
   // This GetFilesHelperChild objects are removed when RecvGetFilesResponse is
   // received.
diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp
index 286f1d851..ee0f8090a 100644
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -230,12 +230,6 @@ using namespace mozilla::system;
 #include "mozilla/dom/SpeechSynthesisParent.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
-#include "mozilla/SandboxInfo.h"
-#include "mozilla/SandboxBroker.h"
-#include "mozilla/SandboxBrokerPolicyFactory.h"
-#endif
-
 #ifdef MOZ_TOOLKIT_SEARCH
 #include "nsIBrowserSearchService.h"
 #endif
@@ -503,9 +497,6 @@ nsTArray<ContentParent*>* ContentParent::sNonAppContentParents;
 nsTArray<ContentParent*>* ContentParent::sLargeAllocationContentParents;
 nsTArray<ContentParent*>* ContentParent::sPrivateContent;
 StaticAutoPtr<LinkedList<ContentParent> > ContentParent::sContentParents;
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
-UniquePtr<SandboxBrokerPolicyFactory> ContentParent::sSandboxBrokerPolicyFactory;
-#endif
 
 // This is true when subprocess launching is enabled.  This is the
 // case between StartUp() and ShutDown() or JoinAllSubprocesses().
@@ -637,18 +628,6 @@ ContentParent::StartUp()
     return;
   }
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(MOZ_WIDGET_GONK) && ANDROID_VERSION >= 19
-  // Require sandboxing on B2G >= KitKat.  This condition must stay
-  // in sync with ContentChild::RecvSetProcessSandbox.
-  if (!SandboxInfo::Get().CanSandboxContent()) {
-    // MOZ_CRASH strings are only for debug builds; make sure the
-    // message is clear on non-debug builds as well:
-    printf_stderr("Sandboxing support is required on this platform.  "
-                  "Recompile kernel with CONFIG_SECCOMP_FILTER=y\n");
-    MOZ_CRASH("Sandboxing support is required on this platform.");
-  }
-#endif
-
   // Note: This reporter measures all ContentParents.
   RegisterStrongMemoryReporter(new ContentParentsMemoryReporter());
 
@@ -662,10 +641,6 @@ ContentParent::StartUp()
   PreallocatedProcessManager::AllocateAfterDelay();
 
   sDisableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS");
-
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
-  sSandboxBrokerPolicyFactory = MakeUnique<SandboxBrokerPolicyFactory>();
-#endif
 }
 
 /*static*/ void
@@ -674,10 +649,6 @@ ContentParent::ShutDown()
   // No-op for now.  We rely on normal process shutdown and
   // ClearOnShutdown() to clean up our state.
   sCanLaunchSubprocesses = false;
-
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
-  sSandboxBrokerPolicyFactory = nullptr;
-#endif
 }
 
 /*static*/ void
@@ -2244,37 +2215,6 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority,
     }
   }
 
-#ifdef MOZ_CONTENT_SANDBOX
-  bool shouldSandbox = true;
-  MaybeFileDesc brokerFd = void_t();
-#ifdef XP_LINUX
-  // XXX: Checking the pref here makes it possible to enable/disable sandboxing
-  // during an active session. Currently the pref is only used for testing
-  // purpose. If the decision is made to permanently rely on the pref, this
-  // should be changed so that it is required to restart firefox for the change
-  // of value to take effect.
-  shouldSandbox = (Preferences::GetInt("security.sandbox.content.level") > 0) &&
-    !PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX");
-
-  if (shouldSandbox) {
-    MOZ_ASSERT(!mSandboxBroker);
-    UniquePtr<SandboxBroker::Policy> policy =
-      sSandboxBrokerPolicyFactory->GetContentPolicy(Pid());
-    if (policy) {
-      brokerFd = FileDescriptor();
-      mSandboxBroker = SandboxBroker::Create(Move(policy), Pid(), brokerFd);
-      if (!mSandboxBroker) {
-        KillHard("SandboxBroker::Create failed");
-        return;
-      }
-      MOZ_ASSERT(static_cast<const FileDescriptor&>(brokerFd).IsValid());
-    }
-  }
-#endif
-  if (shouldSandbox && !SendSetProcessSandbox(brokerFd)) {
-    KillHard("SandboxInitFailed");
-  }
-#endif
 #if defined(XP_WIN)
   // Send the info needed to join the browser process's audio session.
   nsID id;
diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h
index a3750de1a..3f74b10e1 100644
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@@ -46,11 +46,6 @@ class PRemoteSpellcheckEngineParent;
 class ProfileGatherer;
 #endif
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
-class SandboxBroker;
-class SandboxBrokerPolicyFactory;
-#endif
-
 namespace embedding {
 class PrintingParent;
 }
@@ -1152,12 +1147,6 @@ private:
 
   UniquePtr<gfx::DriverCrashGuard> mDriverCrashGuard;
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
-  mozilla::UniquePtr<SandboxBroker> mSandboxBroker;
-  static mozilla::UniquePtr<SandboxBrokerPolicyFactory>
-      sSandboxBrokerPolicyFactory;
-#endif
-
 #ifdef NS_PRINTING
   RefPtr<embedding::PrintingParent> mPrintingParent;
 #endif
diff --git a/dom/ipc/ContentProcess.cpp b/dom/ipc/ContentProcess.cpp
index 2413d8808..986617f55 100644
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@@ -8,122 +8,17 @@
 
 #include "ContentProcess.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-#include <stdlib.h>
-#endif
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-#include "mozilla/Preferences.h"
-#include "nsAppDirectoryServiceDefs.h"
-#include "nsDirectoryService.h"
-#include "nsDirectoryServiceDefs.h"
-#endif
-
 using mozilla::ipc::IOThreadChild;
 
 namespace mozilla {
 namespace dom {
 
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
-static bool
-IsSandboxTempDirRequired()
-{
-  // On Windows, a sandbox-writable temp directory is only used
-  // when sandbox pref level >= 1.
-  return Preferences::GetInt("security.sandbox.content.level") >= 1;
-}
-
-static void
-SetTmpEnvironmentVariable(nsIFile* aValue)
-{
-  // Save the TMP environment variable so that is is picked up by GetTempPath().
-  // Note that we specifically write to the TMP variable, as that is the first
-  // variable that is checked by GetTempPath() to determine its output.
-  nsAutoString fullTmpPath;
-  nsresult rv = aValue->GetPath(fullTmpPath);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return;
-  }
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", fullTmpPath.get()));
-  // We also set TEMP in case there is naughty third-party code that is
-  // referencing the environment variable directly.
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", fullTmpPath.get()));
-}
-#endif
-
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-static bool
-IsSandboxTempDirRequired()
-{
-  // On OSX, use the sandbox-writable temp when the pref level >= 1.
-  return (Preferences::GetInt("security.sandbox.content.level") >= 1);
-}
-
-static void
-SetTmpEnvironmentVariable(nsIFile* aValue)
-{
-  nsAutoCString fullTmpPath;
-  nsresult rv = aValue->GetNativePath(fullTmpPath);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return;
-  }
-  Unused << NS_WARN_IF(setenv("TMPDIR", fullTmpPath.get(), 1) != 0);
-}
-#endif
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-static void
-SetUpSandboxEnvironment()
-{
-  MOZ_ASSERT(nsDirectoryService::gService,
-    "SetUpSandboxEnvironment relies on nsDirectoryService being initialized");
-
-  if (!IsSandboxTempDirRequired()) {
-    return;
-  }
-
-  nsCOMPtr<nsIFile> sandboxedContentTemp;
-  nsresult rv =
-    nsDirectoryService::gService->Get(NS_APP_CONTENT_PROCESS_TEMP_DIR,
-                                      NS_GET_IID(nsIFile),
-                                      getter_AddRefs(sandboxedContentTemp));
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return;
-  }
-
-  // Change the gecko defined temp directory to our sandbox-writable one.
-  // Undefine returns a failure if the property is not already set.
-  Unused << nsDirectoryService::gService->Undefine(NS_OS_TEMP_DIR);
-  rv = nsDirectoryService::gService->Set(NS_OS_TEMP_DIR, sandboxedContentTemp);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return;
-  }
-
-  SetTmpEnvironmentVariable(sandboxedContentTemp);
-}
-#endif
-
 void
 ContentProcess::SetAppDir(const nsACString& aPath)
 {
   mXREEmbed.SetAppDir(aPath);
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-void
-ContentProcess::SetProfile(const nsACString& aProfile)
-{
-  bool flag;
-  nsresult rv =
-    XRE_GetFileFromPath(aProfile.BeginReading(), getter_AddRefs(mProfileDir));
-  if (NS_FAILED(rv) ||
-      NS_FAILED(mProfileDir->Exists(&flag)) || !flag) {
-    NS_WARNING("Invalid profile directory passed to content process.");
-    mProfileDir = nullptr;
-  }
-}
-#endif
-
 bool
 ContentProcess::Init()
 {
@@ -134,14 +29,6 @@ ContentProcess::Init()
     mContent.InitXPCOM();
     mContent.InitGraphicsDeviceData();
 
-#if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-    mContent.SetProfileDir(mProfileDir);
-#endif
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-    SetUpSandboxEnvironment();
-#endif
-
     return true;
 }
 
diff --git a/dom/ipc/ContentProcess.h b/dom/ipc/ContentProcess.h
index bf9968f8c..3950368bd 100644
--- a/dom/ipc/ContentProcess.h
+++ b/dom/ipc/ContentProcess.h
@@ -39,18 +39,10 @@ public:
 
   void SetAppDir(const nsACString& aPath);
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-  void SetProfile(const nsACString& aProfile);
-#endif
-
 private:
   ContentChild mContent;
   mozilla::ipc::ScopedXREEmbed mXREEmbed;
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-  nsCOMPtr<nsIFile> mProfileDir;
-#endif
-
 #if defined(XP_WIN)
   // This object initializes and configures COM.
   mozilla::mscom::MainThreadRuntime mCOMRuntime;
diff --git a/dom/ipc/moz.build b/dom/ipc/moz.build
index 71d193d44..1dbe1fedb 100644
--- a/dom/ipc/moz.build
+++ b/dom/ipc/moz.build
@@ -112,11 +112,6 @@ if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin':
         'mozsandbox',
     ]
 
-if CONFIG['MOZ_CONTENT_SANDBOX'] and CONFIG['OS_ARCH'] == 'Linux':
-    USE_LIBS += [
-        'mozsandbox',
-    ]
-
 LOCAL_INCLUDES += [
     '/caps',
     '/chrome',
@@ -145,12 +140,6 @@ LOCAL_INCLUDES += [
     '/xpcom/threads',
 ]
 
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
-    LOCAL_INCLUDES += [
-        '/security/sandbox/chromium',
-        '/security/sandbox/chromium-shim',
-    ]
-
 if CONFIG['OS_ARCH'] != 'WINNT':
     LOCAL_INCLUDES += [
         '/modules/libjar',
diff --git a/dom/media/gmp/GMPChild.cpp b/dom/media/gmp/GMPChild.cpp
index f8e75e299..f83a927ca 100644
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@@ -36,12 +36,6 @@ static const int MAX_VOUCHER_LENGTH = 500000;
 #include <unistd.h> // for _exit()
 #endif
 
-#if defined(MOZ_GMP_SANDBOX)
-#if defined(XP_MACOSX)
-#include "mozilla/Sandbox.h"
-#endif
-#endif
-
 namespace mozilla {
 
 #undef LOG
@@ -131,7 +125,6 @@ GetPluginFile(const nsAString& aPluginPath,
   return true;
 }
 
-#if !defined(XP_MACOSX) || !defined(MOZ_GMP_SANDBOX)
 static bool
 GetPluginFile(const nsAString& aPluginPath,
               nsCOMPtr<nsIFile>& aLibFile)
@@ -139,110 +132,6 @@ GetPluginFile(const nsAString& aPluginPath,
   nsCOMPtr<nsIFile> unusedlibDir;
   return GetPluginFile(aPluginPath, unusedlibDir, aLibFile);
 }
-#endif
-
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-static nsCString
-GetNativeTarget(nsIFile* aFile)
-{
-  bool isLink;
-  nsCString path;
-  aFile->IsSymlink(&isLink);
-  if (isLink) {
-    aFile->GetNativeTarget(path);
-  } else {
-    aFile->GetNativePath(path);
-  }
-  return path;
-}
-
-static bool
-GetPluginPaths(const nsAString& aPluginPath,
-               nsCString &aPluginDirectoryPath,
-               nsCString &aPluginFilePath)
-{
-  nsCOMPtr<nsIFile> libDirectory, libFile;
-  if (!GetPluginFile(aPluginPath, libDirectory, libFile)) {
-    return false;
-  }
-
-  // Mac sandbox rules expect paths to actual files and directories -- not
-  // soft links.
-  libDirectory->Normalize();
-  aPluginDirectoryPath = GetNativeTarget(libDirectory);
-
-  libFile->Normalize();
-  aPluginFilePath = GetNativeTarget(libFile);
-
-  return true;
-}
-
-static bool
-GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath)
-{
-  nsAutoCString appPath;
-  nsAutoCString appBinaryPath(
-    (CommandLine::ForCurrentProcess()->argv()[0]).c_str());
-
-  nsAutoCString::const_iterator start, end;
-  appBinaryPath.BeginReading(start);
-  appBinaryPath.EndReading(end);
-  if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) {
-    end = start;
-    ++end; ++end; ++end; ++end;
-    appBinaryPath.BeginReading(start);
-    appPath.Assign(Substring(start, end));
-  } else {
-    return false;
-  }
-
-  nsCOMPtr<nsIFile> app, appBinary;
-  nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath),
-                                true, getter_AddRefs(app));
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-  rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath),
-                       true, getter_AddRefs(appBinary));
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-
-  // Mac sandbox rules expect paths to actual files and directories -- not
-  // soft links.
-  aAppPath = GetNativeTarget(app);
-  appBinaryPath = GetNativeTarget(appBinary);
-
-  return true;
-}
-
-bool
-GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType)
-{
-  if (!mGMPLoader) {
-    return false;
-  }
-  nsAutoCString pluginDirectoryPath, pluginFilePath;
-  if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
-    return false;
-  }
-  nsAutoCString appPath, appBinaryPath;
-  if (!GetAppPaths(appPath, appBinaryPath)) {
-    return false;
-  }
-
-  MacSandboxInfo info;
-  info.type = MacSandboxType_Plugin;
-  info.pluginInfo.type = aPluginType;
-  info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
-  info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
-  info.appPath.assign(appPath.get());
-  info.appBinaryPath.assign(appBinaryPath.get());
-
-  mGMPLoader->SetSandboxInfo(&info);
-  return true;
-}
-#endif // XP_MACOSX && MOZ_GMP_SANDBOX
 
 bool
 GMPChild::Init(const nsAString& aPluginPath,
@@ -324,14 +213,6 @@ GMPChild::RecvPreloadLibs(const nsCString& aLibs)
 bool
 GMPChild::GetUTF8LibPath(nsACString& aOutLibPath)
 {
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-  nsAutoCString pluginDirectoryPath, pluginFilePath;
-  if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
-    MOZ_CRASH("Error scanning plugin path");
-  }
-  aOutLibPath.Assign(pluginFilePath);
-  return true;
-#else
   nsCOMPtr<nsIFile> libFile;
   if (!GetPluginFile(mPluginPath, libFile)) {
     return false;
@@ -347,7 +228,6 @@ GMPChild::GetUTF8LibPath(nsACString& aOutLibPath)
   aOutLibPath = NS_ConvertUTF16toUTF8(path);
 
   return true;
-#endif
 }
 
 bool
@@ -377,17 +257,6 @@ GMPChild::AnswerStartPlugin(const nsString& aAdapter)
   }
 
   bool isWidevine = aAdapter.EqualsLiteral("widevine");
-#if defined(MOZ_GMP_SANDBOX) && defined(XP_MACOSX)
-  MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
-  if (isWidevine) {
-    pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;
-  }
-  if (!SetMacSandboxInfo(pluginType)) {
-    NS_WARNING("Failed to set Mac GMP sandbox info");
-    delete platformAPI;
-    return false;
-  }
-#endif
 
   GMPAdapter* adapter = (isWidevine) ? new WidevineAdapter() : nullptr;
   if (!mGMPLoader->Load(libPath.get(),
diff --git a/dom/media/gmp/GMPChild.h b/dom/media/gmp/GMPChild.h
index d5314cf96..a4f688901 100644
--- a/dom/media/gmp/GMPChild.h
+++ b/dom/media/gmp/GMPChild.h
@@ -40,10 +40,6 @@ public:
   // GMPAsyncShutdownHost
   void ShutdownComplete() override;
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-  bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
-#endif
-
 private:
   friend class GMPContentChild;
 
diff --git a/dom/media/gmp/GMPLoader.cpp b/dom/media/gmp/GMPLoader.cpp
index c10208a49..0bccdd0b1 100644
--- a/dom/media/gmp/GMPLoader.cpp
+++ b/dom/media/gmp/GMPLoader.cpp
@@ -44,10 +44,6 @@ public:
 
   void Shutdown() override;
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-  void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) override;
-#endif
-
 private:
   SandboxStarter* mSandboxStarter;
   UniquePtr<GMPAdapter> mAdapter;
@@ -208,15 +204,6 @@ GMPLoaderImpl::Shutdown()
   }
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-void
-GMPLoaderImpl::SetSandboxInfo(MacSandboxInfo* aSandboxInfo)
-{
-  if (mSandboxStarter) {
-    mSandboxStarter->SetSandboxInfo(aSandboxInfo);
-  }
-}
-#endif
 } // namespace gmp
 } // namespace mozilla
 
diff --git a/dom/media/gmp/GMPLoader.h b/dom/media/gmp/GMPLoader.h
index 60581be2d..8e6b3cfac 100644
--- a/dom/media/gmp/GMPLoader.h
+++ b/dom/media/gmp/GMPLoader.h
@@ -12,10 +12,6 @@
 #include "gmp-entrypoints.h"
 #include "mozilla/UniquePtr.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/Sandbox.h"
-#endif
-
 namespace mozilla {
 namespace gmp {
 
@@ -23,12 +19,6 @@ class SandboxStarter {
 public:
   virtual ~SandboxStarter() {}
   virtual bool Start(const char* aLibPath) = 0;
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-  // On OS X we need to set Mac-specific sandbox info just before we start the
-  // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
-  // objects are created.
-  virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0;
-#endif
 };
 
 // Interface that adapts a plugin to the GMP API.
@@ -94,13 +84,6 @@ public:
   // Calls the GMPShutdown function exported by the GMP lib, and unloads the
   // plugin library.
   virtual void Shutdown() = 0;
-
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
-  // On OS X we need to set Mac-specific sandbox info just before we start the
-  // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
-  // objects are created.
-  virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0;
-#endif
 };
 
 // On Desktop, this function resides in plugin-container.
diff --git a/dom/media/gmp/GMPParent.cpp b/dom/media/gmp/GMPParent.cpp
index 00bc97777..851634ce7 100644
--- a/dom/media/gmp/GMPParent.cpp
+++ b/dom/media/gmp/GMPParent.cpp
@@ -18,9 +18,6 @@
 #include "nsIObserverService.h"
 #include "GMPTimerParent.h"
 #include "runnable_utils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/SandboxInfo.h"
-#endif
 #include "GMPContentParent.h"
 #include "MediaPrefs.h"
 #include "VideoUtils.h"
@@ -749,14 +746,6 @@ GMPParent::ReadGMPInfoFile(nsIFile* aFile)
     if (cap.mAPIName.EqualsLiteral(GMP_API_DECRYPTOR)) {
       mCanDecrypt = true;
 
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-      if (!mozilla::SandboxInfo::Get().CanSandboxMedia()) {
-        printf_stderr("GMPParent::ReadGMPMetaData: Plugin \"%s\" is an EME CDM"
-                      " but this system can't sandbox it; not loading.\n",
-                      mDisplayName.get());
-        return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
-      }
-#endif
 #ifdef XP_WIN
       // Adobe GMP doesn't work without SSE2. Check the tags to see if
       // the decryptor is for the Adobe GMP, and refuse to load it if
diff --git a/dom/media/gmp/GMPProcessParent.cpp b/dom/media/gmp/GMPProcessParent.cpp
index 2fe7306a4..ef58175e8 100644
--- a/dom/media/gmp/GMPProcessParent.cpp
+++ b/dom/media/gmp/GMPProcessParent.cpp
@@ -8,9 +8,6 @@
 #include "GMPUtils.h"
 #include "nsIFile.h"
 #include "nsIRunnable.h"
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-#include "WinUtils.h"
-#endif
 
 #include "base/string_util.h"
 #include "base/process_util.h"
@@ -56,38 +53,7 @@ GMPProcessParent::Launch(int32_t aTimeoutMs)
 
   vector<string> args;
 
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-  std::wstring wGMPPath = UTF8ToWide(mGMPPath.c_str());
-
-  // The sandbox doesn't allow file system rules where the paths contain
-  // symbolic links or junction points. Sometimes the Users folder has been
-  // moved to another drive using a junction point, so allow for this specific
-  // case. See bug 1236680 for details.
-  if (!widget::WinUtils::ResolveJunctionPointsAndSymLinks(wGMPPath)) {
-    GMP_LOG("ResolveJunctionPointsAndSymLinks failed for GMP path=%S",
-            wGMPPath.c_str());
-    NS_WARNING("ResolveJunctionPointsAndSymLinks failed for GMP path.");
-    return false;
-  }
-  GMP_LOG("GMPProcessParent::Launch() resolved path to %S", wGMPPath.c_str());
-
-  // If the GMP path is a network path that is not mapped to a drive letter,
-  // then we need to fix the path format for the sandbox rule.
-  wchar_t volPath[MAX_PATH];
-  if (::GetVolumePathNameW(wGMPPath.c_str(), volPath, MAX_PATH) &&
-      ::GetDriveTypeW(volPath) == DRIVE_REMOTE &&
-      wGMPPath.compare(0, 2, L"\\\\") == 0) {
-    std::wstring sandboxGMPPath(wGMPPath);
-    sandboxGMPPath.insert(1, L"??\\UNC");
-    mAllowedFilesRead.push_back(sandboxGMPPath + L"\\*");
-  } else {
-    mAllowedFilesRead.push_back(wGMPPath + L"\\*");
-  }
-
-  args.push_back(WideToUTF8(wGMPPath));
-#else
   args.push_back(mGMPPath);
-#endif
 
   args.push_back(string(voucherPath.BeginReading(), voucherPath.EndReading()));
 
diff --git a/dom/media/gmp/GMPService.cpp b/dom/media/gmp/GMPService.cpp
index 65f4037ee..1901210da 100644
--- a/dom/media/gmp/GMPService.cpp
+++ b/dom/media/gmp/GMPService.cpp
@@ -25,9 +25,6 @@
 #include "nsComponentManagerUtils.h"
 #include "runnable_utils.h"
 #include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/SandboxInfo.h"
-#endif
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsDirectoryServiceUtils.h"
 #include "nsDirectoryServiceDefs.h"
@@ -485,14 +482,6 @@ GeckoMediaPluginService::GetGMPDecryptor(GMPCrashHelper* aHelper,
                                          const nsACString& aNodeId,
                                          UniquePtr<GetGMPDecryptorCallback>&& aCallback)
 {
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-  if (!SandboxInfo::Get().CanSandboxMedia()) {
-    NS_WARNING("GeckoMediaPluginService::GetGMPDecryptor: "
-               "EME decryption not available without sandboxing support.");
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-#endif
-
   MOZ_ASSERT(NS_GetCurrentThread() == mGMPThread);
   NS_ENSURE_ARG(aTags && aTags->Length() > 0);
   NS_ENSURE_ARG(aCallback);
diff --git a/dom/media/gmp/GMPServiceParent.cpp b/dom/media/gmp/GMPServiceParent.cpp
index f25c36811..b58ab8853 100644
--- a/dom/media/gmp/GMPServiceParent.cpp
+++ b/dom/media/gmp/GMPServiceParent.cpp
@@ -27,9 +27,6 @@
 #include "nsComponentManagerUtils.h"
 #include "runnable_utils.h"
 #include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-#include "mozilla/SandboxInfo.h"
-#endif
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsDirectoryServiceUtils.h"
 #include "nsDirectoryServiceDefs.h"
@@ -960,15 +957,6 @@ GeckoMediaPluginServiceParent::SelectPluginForAPI(const nsACString& aNodeId,
 RefPtr<GMPParent>
 CreateGMPParent()
 {
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-  if (!SandboxInfo::Get().CanSandboxMedia()) {
-    if (!MediaPrefs::GMPAllowInsecure()) {
-      NS_WARNING("Denying media plugin load due to lack of sandboxing.");
-      return nullptr;
-    }
-    NS_WARNING("Loading media plugin despite lack of sandboxing.");
-  }
-#endif
   return new GMPParent();
 }
 
diff --git a/dom/media/gmp/rlz/GMPDeviceBinding.cpp b/dom/media/gmp/rlz/GMPDeviceBinding.cpp
index c8aee2bcd..3525f0462 100644
--- a/dom/media/gmp/rlz/GMPDeviceBinding.cpp
+++ b/dom/media/gmp/rlz/GMPDeviceBinding.cpp
@@ -12,10 +12,6 @@
 
 #ifdef XP_WIN
 #include "windows.h"
-#ifdef MOZ_SANDBOX
-#include <intrin.h>
-#include <assert.h>
-#endif
 #endif
 
 #if defined(HASH_NODE_ID_WITH_DEVICE_ID)
@@ -35,10 +31,6 @@
 
 #ifdef XP_WIN
 #include "windows.h"
-#ifdef MOZ_SANDBOX
-#include <intrin.h>
-#include <assert.h>
-#endif
 #endif
 
 #ifdef XP_MACOSX
diff --git a/dom/media/gmp/rlz/moz.build b/dom/media/gmp/rlz/moz.build
index f366c2b5d..5e85357f1 100644
--- a/dom/media/gmp/rlz/moz.build
+++ b/dom/media/gmp/rlz/moz.build
@@ -13,13 +13,6 @@ UNIFIED_SOURCES += [
     'GMPDeviceBinding.cpp',
 ]
 
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ['WINNT', 'Darwin']:
-    DEFINES['HASH_NODE_ID_WITH_DEVICE_ID'] = 1;
-    UNIFIED_SOURCES += [
-        'lib/string_utils.cc',
-        'sha256.c',
-    ]
-
 if CONFIG['OS_TARGET'] == 'WINNT':
     UNIFIED_SOURCES += [
         'win/lib/machine_id_win.cc',
diff --git a/dom/plugins/base/nsPluginTags.cpp b/dom/plugins/base/nsPluginTags.cpp
index ddc3968fd..a794c416c 100644
--- a/dom/plugins/base/nsPluginTags.cpp
+++ b/dom/plugins/base/nsPluginTags.cpp
@@ -248,7 +248,6 @@ nsPluginTag::nsPluginTag(nsPluginInfo* aPluginInfo,
            aPluginInfo->fMimeDescriptionArray,
            aPluginInfo->fExtensionArray,
            aPluginInfo->fVariantCount);
-  InitSandboxLevel();
   EnsureMembersAreUTF8();
   FixupVersion();
 }
@@ -283,7 +282,6 @@ nsPluginTag::nsPluginTag(const char* aName,
 {
   InitMime(aMimeTypes, aMimeDescriptions, aExtensions,
            static_cast<uint32_t>(aVariants));
-  InitSandboxLevel();
   if (!aArgsAreUTF8)
     EnsureMembersAreUTF8();
   FixupVersion();
@@ -424,29 +422,6 @@ void nsPluginTag::InitMime(const char* const* aMimeTypes,
   }
 }
 
-void
-nsPluginTag::InitSandboxLevel()
-{
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-  nsAutoCString sandboxPref("dom.ipc.plugins.sandbox-level.");
-  sandboxPref.Append(GetNiceFileName());
-  if (NS_FAILED(Preferences::GetInt(sandboxPref.get(), &mSandboxLevel))) {
-    mSandboxLevel = Preferences::GetInt("dom.ipc.plugins.sandbox-level.default"
-);
-  }
-
-#if defined(_AMD64_)
-  // As level 2 is now the default NPAPI sandbox level for 64-bit flash, we
-  // don't want to allow a lower setting unless this environment variable is
-  // set. This should be changed if the firefox.js pref file is changed.
-  if (mIsFlashPlugin &&
-      !PR_GetEnv("MOZ_ALLOW_WEAKER_SANDBOX") && mSandboxLevel < 2) {
-    mSandboxLevel = 2;
-  }
-#endif
-#endif
-}
-
 #if !defined(XP_WIN) && !defined(XP_MACOSX)
 static nsresult ConvertToUTF8(nsIUnicodeDecoder *aUnicodeDecoder,
                               nsAFlatCString& aString)
diff --git a/dom/plugins/base/nsPluginTags.h b/dom/plugins/base/nsPluginTags.h
index f1f03169b..9686d7e7a 100644
--- a/dom/plugins/base/nsPluginTags.h
+++ b/dom/plugins/base/nsPluginTags.h
@@ -190,7 +190,6 @@ private:
                 const char* const* aMimeDescriptions,
                 const char* const* aExtensions,
                 uint32_t aVariantCount);
-  void InitSandboxLevel();
   nsresult EnsureMembersAreUTF8();
   void FixupVersion();
 
diff --git a/dom/plugins/ipc/PluginProcessChild.cpp b/dom/plugins/ipc/PluginProcessChild.cpp
index eb698e8af..32bf06215 100644
--- a/dom/plugins/ipc/PluginProcessChild.cpp
+++ b/dom/plugins/ipc/PluginProcessChild.cpp
@@ -22,10 +22,6 @@ extern "C" CGError CGSSetDebugOptions(int options);
 
 #ifdef XP_WIN
 bool ShouldProtectPluginCurrentDirectory(char16ptr_t pluginFilePath);
-#if defined(MOZ_SANDBOX)
-#define TARGET_SANDBOX_EXPORTS
-#include "mozilla/sandboxTarget.h"
-#endif
 #endif
 
 using mozilla::ipc::IOThreadChild;
@@ -107,12 +103,6 @@ PluginProcessChild::Init()
 
     pluginFilename = WideToUTF8(values[0]);
 
-#if defined(MOZ_SANDBOX)
-    // This is probably the earliest we would want to start the sandbox.
-    // As we attempt to tighten the sandbox, we may need to consider moving this
-    // to later in the plugin initialization.
-    mozilla::SandboxTarget::Instance()->StartSandbox();
-#endif
 #else
 #  error Sorry
 #endif
diff --git a/dom/plugins/ipc/PluginProcessParent.cpp b/dom/plugins/ipc/PluginProcessParent.cpp
index 2a73bce51..fb0e18246 100644
--- a/dom/plugins/ipc/PluginProcessParent.cpp
+++ b/dom/plugins/ipc/PluginProcessParent.cpp
@@ -14,10 +14,6 @@
 #include "mozilla/Telemetry.h"
 #include "nsThreadUtils.h"
 
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-#include "nsDirectoryServiceDefs.h"
-#endif
-
 using std::vector;
 using std::string;
 
@@ -40,95 +36,14 @@ PluginProcessParent::~PluginProcessParent()
 {
 }
 
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-static void
-AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSvc,
-                      const char* aDir, const nsAString& aSuffix = EmptyString())
-{
-    nsCOMPtr<nsIFile> userDir;
-    nsresult rv = aDirSvc->Get(aDir, NS_GET_IID(nsIFile), getter_AddRefs(userDir));
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-        return;
-    }
-
-    nsAutoString userDirPath;
-    rv = userDir->GetPath(userDirPath);
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-        return;
-    }
-
-    if (!aSuffix.IsEmpty()) {
-        userDirPath.Append(aSuffix);
-    }
-    aAllowedFiles.push_back(std::wstring(userDirPath.get()));
-    return;
-}
-
-static void
-AddSandboxAllowedFiles(int32_t aSandboxLevel,
-                       vector<std::wstring>& aAllowedFilesRead,
-                       vector<std::wstring>& aAllowedFilesReadWrite,
-                       vector<std::wstring>& aAllowedDirectories)
-{
-    if (aSandboxLevel < 2) {
-        return;
-    }
-
-    nsresult rv;
-    nsCOMPtr<nsIProperties> dirSvc =
-        do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-        return;
-    }
-
-    // Higher than level 2 currently removes the users own rights.
-    if (aSandboxLevel > 2) {
-        AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR);
-        AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR,
-                              NS_LITERAL_STRING("\\*"));
-    }
-
-    // Level 2 and above is now using low integrity, so we need to give write
-    // access to the Flash directories.
-    // This should be made Flash specific (Bug 1171396).
-    AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
-    AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
-    AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Adobe\\Flash Player\\*"));
-
-    // Access also has to be given to create the parent directories as they may
-    // not exist.
-    AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Macromedia"));
-    AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
-    AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Macromedia"));
-    AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
-    AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Adobe"));
-    AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
-                          NS_LITERAL_STRING("\\Adobe\\Flash Player"));
-}
-#endif
-
 bool
 PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchCompleteTask,
                             int32_t aSandboxLevel)
 {
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-    mSandboxLevel = aSandboxLevel;
-    AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead,
-                           mAllowedFilesReadWrite, mAllowedDirectories);
-#else
     if (aSandboxLevel != 0) {
         MOZ_ASSERT(false,
                    "Can't enable an NPAPI process sandbox for platform/build.");
     }
-#endif
 
     ProcessArchitecture currentArchitecture = base::GetCurrentProcessArchitecture();
     uint32_t containerArchitectures = GetSupportedArchitecturesForProcessType(GeckoProcessType_Plugin);
diff --git a/dom/plugins/ipc/moz.build b/dom/plugins/ipc/moz.build
index b569aeb4c..15ed6410d 100644
--- a/dom/plugins/ipc/moz.build
+++ b/dom/plugins/ipc/moz.build
@@ -125,12 +125,6 @@ LOCAL_INCLUDES += [
     '/xpcom/base/',
 ]
 
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
-    LOCAL_INCLUDES += [
-        '/security/sandbox/chromium',
-        '/security/sandbox/chromium-shim',
-    ]
-
 DEFINES['FORCE_PR_LOG'] = True
 
 if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk3':