diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-05-04 09:09:10 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-04 09:09:10 +0200 |
commit | 4a2aeb152e48c44efa57c140660e99792f4dd350 (patch) | |
tree | 7b786de2b175122814a53232268b1147a8bd0bfb /toolkit | |
parent | 20532e13937ab5fc8efcb2bfc4c0070dace40cd1 (diff) | |
parent | f265784e8cabaff17f4554cf2bd2c30217b6ec0f (diff) | |
download | UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.gz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.lz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.tar.xz UXP-4a2aeb152e48c44efa57c140660e99792f4dd350.zip |
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'toolkit')
-rw-r--r-- | toolkit/content/aboutSupport.js | 21 | ||||
-rw-r--r-- | toolkit/content/aboutSupport.xhtml | 14 | ||||
-rw-r--r-- | toolkit/crashreporter/nsExceptionHandler.cpp | 12 | ||||
-rw-r--r-- | toolkit/locales/en-US/chrome/global/aboutSupport.dtd | 2 | ||||
-rw-r--r-- | toolkit/locales/en-US/chrome/global/aboutSupport.properties | 8 | ||||
-rw-r--r-- | toolkit/modules/AppConstants.jsm | 14 | ||||
-rw-r--r-- | toolkit/modules/Troubleshoot.jsm | 25 | ||||
-rw-r--r-- | toolkit/modules/tests/browser/browser_Troubleshoot.js | 4 | ||||
-rw-r--r-- | toolkit/toolkit.mozbuild | 6 | ||||
-rw-r--r-- | toolkit/xre/moz.build | 6 | ||||
-rw-r--r-- | toolkit/xre/nsAppRunner.cpp | 53 | ||||
-rw-r--r-- | toolkit/xre/nsEmbedFunctions.cpp | 38 | ||||
-rw-r--r-- | toolkit/xre/nsXREDirProvider.cpp | 205 | ||||
-rw-r--r-- | toolkit/xre/nsXREDirProvider.h | 9 |
14 files changed, 2 insertions, 415 deletions
diff --git a/toolkit/content/aboutSupport.js b/toolkit/content/aboutSupport.js index e9087dfcb..7209b7ad0 100644 --- a/toolkit/content/aboutSupport.js +++ b/toolkit/content/aboutSupport.js @@ -497,26 +497,7 @@ var snapshotFormatters = { $("prefs-user-js-section").style.display = ""; // Clear the no-copy class $("prefs-user-js-section").className = ""; - }, - - sandbox: function sandbox(data) { - if (!AppConstants.MOZ_SANDBOX) - return; - - let strings = stringBundle(); - let tbody = $("sandbox-tbody"); - for (let key in data) { - // Simplify the display a little in the common case. - if (key === "hasPrivilegedUserNamespaces" && - data[key] === data["hasUserNamespaces"]) { - continue; - } - tbody.appendChild($.new("tr", [ - $.new("th", strings.GetStringFromName(key), "column"), - $.new("td", data[key]) - ])); - } - }, + } }; var $ = document.getElementById.bind(document); diff --git a/toolkit/content/aboutSupport.xhtml b/toolkit/content/aboutSupport.xhtml index 9574365a3..a92dcfb4a 100644 --- a/toolkit/content/aboutSupport.xhtml +++ b/toolkit/content/aboutSupport.xhtml @@ -475,20 +475,6 @@ </tbody> </table> - - <!-- - - - - - - - - - - - - - - - - - - - - --> - -#if defined(MOZ_SANDBOX) - <h2 class="major-section" id="sandbox"> - &aboutSupport.sandboxTitle; - </h2> - - <table> - <tbody id="sandbox-tbody"> - </tbody> - </table> -#endif - </div> </body> diff --git a/toolkit/crashreporter/nsExceptionHandler.cpp b/toolkit/crashreporter/nsExceptionHandler.cpp index 1e0743192..bab3efd87 100644 --- a/toolkit/crashreporter/nsExceptionHandler.cpp +++ b/toolkit/crashreporter/nsExceptionHandler.cpp @@ -3417,22 +3417,10 @@ OOPInit() #if (defined(XP_WIN) || defined(XP_MACOSX)) nsCOMPtr<nsIFile> tmpDir; -# if defined(MOZ_CONTENT_SANDBOX) - nsresult rv = NS_GetSpecialDirectory(NS_APP_CONTENT_PROCESS_TEMP_DIR, - getter_AddRefs(tmpDir)); - if (NS_FAILED(rv) && PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR")) { - // Temporary hack for xpcshell, will be fixed in bug 1257098 - rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(tmpDir)); - } - if (NS_SUCCEEDED(rv)) { - childProcessTmpDir = CreatePathFromFile(tmpDir); - } -# else if (NS_SUCCEEDED(NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(tmpDir)))) { childProcessTmpDir = CreatePathFromFile(tmpDir); } -# endif // defined(MOZ_CONTENT_SANDBOX) #endif // (defined(XP_WIN) || defined(XP_MACOSX)) #if defined(XP_WIN) diff --git a/toolkit/locales/en-US/chrome/global/aboutSupport.dtd b/toolkit/locales/en-US/chrome/global/aboutSupport.dtd index 9f64ef0f1..8459300c5 100644 --- a/toolkit/locales/en-US/chrome/global/aboutSupport.dtd +++ b/toolkit/locales/en-US/chrome/global/aboutSupport.dtd @@ -109,8 +109,6 @@ variant of aboutSupport.showDir.label. --> <!ENTITY aboutSupport.copyTextToClipboard.label "Copy text to clipboard"> <!ENTITY aboutSupport.copyRawDataToClipboard.label "Copy raw data to clipboard"> -<!ENTITY aboutSupport.sandboxTitle "Sandbox"> - <!ENTITY aboutSupport.safeModeTitle "Try Safe Mode"> <!ENTITY aboutSupport.restartInSafeMode.label "Restart with Add-ons Disabled…"> diff --git a/toolkit/locales/en-US/chrome/global/aboutSupport.properties b/toolkit/locales/en-US/chrome/global/aboutSupport.properties index 41501c01b..0bc612b79 100644 --- a/toolkit/locales/en-US/chrome/global/aboutSupport.properties +++ b/toolkit/locales/en-US/chrome/global/aboutSupport.properties @@ -91,14 +91,6 @@ gpuProcessKillButton = Terminate GPU Process minLibVersions = Expected minimum version loadedLibVersions = Version in use -hasSeccompBPF = Seccomp-BPF (System Call Filtering) -hasSeccompTSync = Seccomp Thread Synchronization -hasUserNamespaces = User Namespaces -hasPrivilegedUserNamespaces = User Namespaces for privileged processes -canSandboxContent = Content Process Sandboxing -canSandboxMedia = Media Plugin Sandboxing -contentSandboxLevel = Content Process Sandbox Level - # LOCALIZATION NOTE %1$S and %2$S will be replaced with the number of remote and the total number # of windows, respectively, while %3$S will be replaced with one of the status strings below, # which contains a description of the multi-process preference and status. diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm index 2b18f3c1a..b4201ec67 100644 --- a/toolkit/modules/AppConstants.jsm +++ b/toolkit/modules/AppConstants.jsm @@ -81,20 +81,6 @@ this.AppConstants = Object.freeze({ false, #endif - MOZ_SANDBOX: -#ifdef MOZ_SANDBOX - true, -#else - false, -#endif - - MOZ_CONTENT_SANDBOX: -#ifdef MOZ_CONTENT_SANDBOX - true, -#else - false, -#endif - MOZ_TELEMETRY_REPORTING: #ifdef MOZ_TELEMETRY_REPORTING true, diff --git a/toolkit/modules/Troubleshoot.jsm b/toolkit/modules/Troubleshoot.jsm index 60f7e8666..e11d47774 100644 --- a/toolkit/modules/Troubleshoot.jsm +++ b/toolkit/modules/Troubleshoot.jsm @@ -530,28 +530,3 @@ var dataProviders = { } }; -if (AppConstants.MOZ_SANDBOX) { - dataProviders.sandbox = function sandbox(done) { - let data = {}; - if (AppConstants.platform == "linux") { - const keys = ["hasSeccompBPF", "hasSeccompTSync", - "hasPrivilegedUserNamespaces", "hasUserNamespaces", - "canSandboxContent", "canSandboxMedia"]; - - let sysInfo = Cc["@mozilla.org/system-info;1"]. - getService(Ci.nsIPropertyBag2); - for (let key of keys) { - if (sysInfo.hasKey(key)) { - data[key] = sysInfo.getPropertyAsBool(key); - } - } - } - - if (AppConstants.MOZ_CONTENT_SANDBOX) { - data.contentSandboxLevel = - Services.prefs.getIntPref("security.sandbox.content.level"); - } - - done(data); - } -} diff --git a/toolkit/modules/tests/browser/browser_Troubleshoot.js b/toolkit/modules/tests/browser/browser_Troubleshoot.js index 34c2a2791..7f0069dc9 100644 --- a/toolkit/modules/tests/browser/browser_Troubleshoot.js +++ b/toolkit/modules/tests/browser/browser_Troubleshoot.js @@ -469,10 +469,6 @@ const SNAPSHOT_SCHEMA = { required: false, type: "boolean" }, - contentSandboxLevel: { - required: AppConstants.MOZ_CONTENT_SANDBOX, - type: "number" - }, }, }, }, diff --git a/toolkit/toolkit.mozbuild b/toolkit/toolkit.mozbuild index b06c58162..b67b49157 100644 --- a/toolkit/toolkit.mozbuild +++ b/toolkit/toolkit.mozbuild @@ -4,12 +4,8 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -if CONFIG['MOZ_SANDBOX']: - DIRS += ['/security/sandbox'] - DIRS += [ - # Depends on NSS and NSPR, and must be built after sandbox or else B2G emulator - # builds fail. + # Depends on NSS and NSPR '/security/certverifier', # Depends on certverifier '/security/apps', diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build index 7ada19d41..55b59ca83 100644 --- a/toolkit/xre/moz.build +++ b/toolkit/xre/moz.build @@ -149,12 +149,6 @@ LOCAL_INCLUDES += [ '/xpcom/build', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa': LOCAL_INCLUDES += [ '/widget', diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp index 3493cd837..2050b9671 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -106,10 +106,6 @@ #endif #endif -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) -#include "nsIUUIDGenerator.h" -#endif - #ifdef ACCESSIBILITY #include "nsAccessibilityService.h" #if defined(XP_WIN) @@ -197,14 +193,6 @@ #include "GeneratedJNIWrappers.h" #endif -#if defined(MOZ_SANDBOX) -#if defined(XP_LINUX) && !defined(ANDROID) -#include "mozilla/SandboxInfo.h" -#elif defined(XP_WIN) -#include "SandboxBroker.h" -#endif -#endif - extern uint32_t gRestartMode; extern void InstallSignalHandlers(const char *ProgramName); @@ -2952,25 +2940,6 @@ XREMain::XRE_mainInit(bool* aExitFlag) if (NS_FAILED(rv)) return 1; -#if defined(MOZ_SANDBOX) && defined(XP_WIN) - if (mAppData->sandboxBrokerServices) { - SandboxBroker::Initialize(mAppData->sandboxBrokerServices); - Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, true); - } else { - Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, false); -#if defined(MOZ_CONTENT_SANDBOX) - // If we're sandboxing content and we fail to initialize, then crashing here - // seems like the sensible option. - if (BrowserTabsRemoteAutostart()) { - MOZ_CRASH("Failed to initialize broker services, can't continue."); - } -#endif - // Otherwise just warn for the moment, as most things will work. - NS_WARNING("Failed to initialize broker services, sandboxed processes will " - "fail to start."); - } -#endif - #ifdef XP_MACOSX // Set up ability to respond to system (Apple) events. This must occur before // ProcessUpdates to ensure that links clicked in external applications aren't @@ -3913,24 +3882,6 @@ XREMain::XRE_mainRun() } #endif /* MOZ_INSTRUMENT_EVENT_LOOP */ -#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(MOZ_WIDGET_GONK) - // If we're on Linux, we now have information about the OS capabilities - // available to us. - SandboxInfo sandboxInfo = SandboxInfo::Get(); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_BPF, - sandboxInfo.Test(SandboxInfo::kHasSeccompBPF)); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_TSYNC, - sandboxInfo.Test(SandboxInfo::kHasSeccompTSync)); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES_PRIVILEGED, - sandboxInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces)); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES, - sandboxInfo.Test(SandboxInfo::kHasUserNamespaces)); - Telemetry::Accumulate(Telemetry::SANDBOX_CONTENT_ENABLED, - sandboxInfo.Test(SandboxInfo::kEnabledForContent)); - Telemetry::Accumulate(Telemetry::SANDBOX_MEDIA_ENABLED, - sandboxInfo.Test(SandboxInfo::kEnabledForMedia)); -#endif /* MOZ_SANDBOX && XP_LINUX && !MOZ_WIDGET_GONK */ - { rv = appStartup->Run(); if (NS_FAILED(rv)) { @@ -3996,10 +3947,6 @@ XREMain::XRE_main(int argc, char* argv[], const nsXREAppData* aAppData) // See bug 1279614. XRE_CreateStatsObject(); -#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(ANDROID) - SandboxInfo::ThreadingCheck(); -#endif - char aLocal; GeckoProfilerInitRAII profilerGuard(&aLocal); diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp index 4a612e495..a59299c8b 100644 --- a/toolkit/xre/nsEmbedFunctions.cpp +++ b/toolkit/xre/nsEmbedFunctions.cpp @@ -75,15 +75,6 @@ #include "mozilla/Telemetry.h" -#if defined(MOZ_SANDBOX) && defined(XP_WIN) -#include "mozilla/sandboxTarget.h" -#include "mozilla/sandboxing/loggingCallbacks.h" -#endif - -#if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK) -#include "mozilla/Preferences.h" -#endif - #ifdef MOZ_IPDL_TESTS #include "mozilla/_ipdltest/IPDLUnitTests.h" #include "mozilla/_ipdltest/IPDLUnitTestProcessChild.h" @@ -299,11 +290,6 @@ XRE_InitChildProcess(int aArgc, freopen("CONIN$", "r", stdin); } -#if defined(MOZ_SANDBOX) - if (aChildData->sandboxTargetServices) { - SandboxTarget::Instance()->SetTargetServices(aChildData->sandboxTargetServices); - } -#endif #endif // NB: This must be called before profiler_init @@ -519,11 +505,6 @@ XRE_InitChildProcess(int aArgc, // If passed in grab the application path for xpcom init bool foundAppdir = false; -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - // If passed in grab the profile path for sandboxing - bool foundProfile = false; -#endif - for (int idx = aArgc; idx > 0; idx--) { if (aArgv[idx] && !strcmp(aArgv[idx], "-appdir")) { MOZ_ASSERT(!foundAppdir); @@ -539,19 +520,6 @@ XRE_InitChildProcess(int aArgc, if (aArgv[idx] && !strcmp(aArgv[idx], "-safeMode")) { gSafeMode = true; } - -#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX) - if (aArgv[idx] && !strcmp(aArgv[idx], "-profile")) { - MOZ_ASSERT(!foundProfile); - if (foundProfile) { - continue; - } - nsCString profile; - profile.Assign(nsDependentCString(aArgv[idx+1])); - static_cast<ContentProcess*>(process.get())->SetProfile(profile); - foundProfile = true; - } -#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */ } } break; @@ -587,12 +555,6 @@ XRE_InitChildProcess(int aArgc, ::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY); #endif -#if defined(MOZ_SANDBOX) && defined(XP_WIN) - // We need to do this after the process has been initialised, as - // InitLoggingIfRequired may need access to prefs. - mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction); -#endif - OverrideDefaultLocaleIfNeeded(); // Run the UI event loop on the main thread. diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp index 09168319f..04e2e1ebf 100644 --- a/toolkit/xre/nsXREDirProvider.cpp +++ b/toolkit/xre/nsXREDirProvider.cpp @@ -62,11 +62,6 @@ #include "UIKitDirProvider.h" #endif -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) -#include "nsIUUIDGenerator.h" -#include "mozilla/Unused.h" -#endif - #if defined(XP_MACOSX) #define APP_REGISTRY_NAME "Application Registry" #elif defined(XP_WIN) @@ -77,14 +72,6 @@ #define PREF_OVERRIDE_DIRNAME "preferences" -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) -static already_AddRefed<nsIFile> GetContentProcessSandboxTempDir(); -static nsresult DeleteDirIfExists(nsIFile *dir); -static bool IsContentSandboxDisabled(); -static const char* GetContentProcessTempBaseDirKey(); -static already_AddRefed<nsIFile> CreateContentProcessSandboxTempDir(); -#endif - static already_AddRefed<nsIFile> CloneAndAppend(nsIFile* aFile, const char* name) { @@ -495,14 +482,6 @@ nsXREDirProvider::GetFile(const char* aProperty, bool* aPersistent, bool unused; rv = dirsvc->GetFile("XCurProcD", &unused, getter_AddRefs(file)); } -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) { - if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) { - return rv; - } - rv = mContentTempDir->Clone(getter_AddRefs(file)); - } -#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX) else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) { // We need to allow component, xpt, and chrome registration to // occur prior to the profile-after-change notification. @@ -729,176 +708,6 @@ LoadExtensionDirectories(nsINIParser &parser, while (true); } -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - -static const char* -GetContentProcessTempBaseDirKey() -{ -#if defined(XP_WIN) - return NS_WIN_LOW_INTEGRITY_TEMP_BASE; -#else - return NS_OS_TEMP_DIR; -#endif -} - -// -// Sets mContentTempDir so that it refers to the appropriate temp dir. -// If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise -// NS_OS_TEMP_DIR is used. -// -nsresult -nsXREDirProvider::LoadContentProcessTempDir() -{ - mContentTempDir = GetContentProcessSandboxTempDir(); - if (mContentTempDir) { - return NS_OK; - } else { - return NS_GetSpecialDirectory(NS_OS_TEMP_DIR, - getter_AddRefs(mContentTempDir)); - } -} - -static bool -IsContentSandboxDisabled() -{ - bool isSandboxDisabled = false; - if (!BrowserTabsRemoteAutostart()) { - return false; - } -#if defined(XP_WIN) || defined(XP_MACOSX) - isSandboxDisabled = Preferences::GetInt("security.sandbox.content.level") < 1; -#endif - return isSandboxDisabled; -} - -// -// If a content process sandbox temp dir is to be used, returns an nsIFile -// for the directory. Returns null if the content sandbox is disabled or -// an error occurs. -// -static already_AddRefed<nsIFile> -GetContentProcessSandboxTempDir() -{ - if (IsContentSandboxDisabled()) { - return nullptr; - } - - nsCOMPtr<nsIFile> localFile; - - nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(), - getter_AddRefs(localFile)); - if (NS_WARN_IF(NS_FAILED(rv))) { - return nullptr; - } - - nsAutoString tempDirSuffix; - rv = Preferences::GetString("security.sandbox.content.tempDirSuffix", - &tempDirSuffix); - if (NS_WARN_IF(NS_FAILED(rv)) || tempDirSuffix.IsEmpty()) { - return nullptr; - } - - rv = localFile->Append(NS_LITERAL_STRING("Temp-") + tempDirSuffix); - if (NS_WARN_IF(NS_FAILED(rv))) { - return nullptr; - } - - return localFile.forget(); -} - -// -// Create a temporary directory for use from sandboxed content processes. -// Only called in the parent. The path is derived from a UUID stored in a -// pref which is available to content processes. Returns null if the -// content sandbox is disabled or if an error occurs. -// -static already_AddRefed<nsIFile> -CreateContentProcessSandboxTempDir() -{ - if (IsContentSandboxDisabled()) { - return nullptr; - } - - // Get (and create if blank) temp directory suffix pref. - nsresult rv; - nsAdoptingString tempDirSuffix = - Preferences::GetString("security.sandbox.content.tempDirSuffix"); - if (tempDirSuffix.IsEmpty()) { - nsCOMPtr<nsIUUIDGenerator> uuidgen = - do_GetService("@mozilla.org/uuid-generator;1", &rv); - if (NS_WARN_IF(NS_FAILED(rv))) { - return nullptr; - } - - nsID uuid; - rv = uuidgen->GenerateUUIDInPlace(&uuid); - if (NS_WARN_IF(NS_FAILED(rv))) { - return nullptr; - } - - char uuidChars[NSID_LENGTH]; - uuid.ToProvidedString(uuidChars); - tempDirSuffix.AssignASCII(uuidChars); - - // Save the pref - rv = Preferences::SetCString("security.sandbox.content.tempDirSuffix", - uuidChars); - if (NS_WARN_IF(NS_FAILED(rv))) { - // If we fail to save the pref we don't want to create the temp dir, - // because we won't be able to clean it up later. - return nullptr; - } - - nsCOMPtr<nsIPrefService> prefsvc = Preferences::GetService(); - if (!prefsvc || NS_FAILED((rv = prefsvc->SavePrefFile(nullptr)))) { - // Again, if we fail to save the pref file we might not be able to clean - // up the temp directory, so don't create one. - NS_WARNING("Failed to save pref file, cannot create temp dir."); - return nullptr; - } - } - - nsCOMPtr<nsIFile> sandboxTempDir = GetContentProcessSandboxTempDir(); - if (!sandboxTempDir) { - NS_WARNING("Failed to determine sandbox temp dir path."); - return nullptr; - } - - // Remove the directory. It may exist due to a previous crash. - if (NS_FAILED(DeleteDirIfExists(sandboxTempDir))) { - NS_WARNING("Failed to reset sandbox temp dir."); - return nullptr; - } - - // Create the directory - rv = sandboxTempDir->Create(nsIFile::DIRECTORY_TYPE, 0700); - if (NS_FAILED(rv)) { - NS_WARNING("Failed to create sandbox temp dir."); - return nullptr; - } - - return sandboxTempDir.forget(); -} - -static nsresult -DeleteDirIfExists(nsIFile* dir) -{ - if (dir) { - // Don't return an error if the directory doesn't exist. - // Windows Remove() returns NS_ERROR_FILE_NOT_FOUND while - // OS X returns NS_ERROR_FILE_TARGET_DOES_NOT_EXIST. - nsresult rv = dir->Remove(/* aRecursive */ true); - if (NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND && - rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) { - return rv; - } - } - return NS_OK; -} - -#endif // (defined(XP_WIN) || defined(XP_MACOSX)) && - // defined(MOZ_CONTENT_SANDBOX) - void nsXREDirProvider::LoadExtensionBundleDirectories() { @@ -1203,14 +1012,6 @@ nsXREDirProvider::DoStartup() } obsSvc->NotifyObservers(nullptr, "profile-initial-state", nullptr); - -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - // The parent is responsible for creating the sandbox temp dir - if (XRE_IsParentProcess()) { - mContentProcessSandboxTempDir = CreateContentProcessSandboxTempDir(); - mContentTempDir = mContentProcessSandboxTempDir; - } -#endif } return NS_OK; } @@ -1221,12 +1022,6 @@ nsXREDirProvider::DoShutdown() PROFILER_LABEL_FUNC(js::ProfileEntry::Category::OTHER); if (mProfileNotified) { -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - if (XRE_IsParentProcess()) { - Unused << DeleteDirIfExists(mContentProcessSandboxTempDir); - } -#endif - nsCOMPtr<nsIObserverService> obsSvc = mozilla::services::GetObserverService(); NS_ASSERTION(obsSvc, "No observer service?"); diff --git a/toolkit/xre/nsXREDirProvider.h b/toolkit/xre/nsXREDirProvider.h index 7ec64da78..1190cc708 100644 --- a/toolkit/xre/nsXREDirProvider.h +++ b/toolkit/xre/nsXREDirProvider.h @@ -121,11 +121,6 @@ protected: // delimiters. static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath); -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - // Load the temp directory for sandboxed content processes - nsresult LoadContentProcessTempDir(); -#endif - // Calculate and register extension and theme bundle directories. void LoadExtensionBundleDirectories(); @@ -146,10 +141,6 @@ protected: nsCOMPtr<nsIFile> mProfileDir; nsCOMPtr<nsIFile> mProfileLocalDir; bool mProfileNotified; -#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX) - nsCOMPtr<nsIFile> mContentTempDir; - nsCOMPtr<nsIFile> mContentProcessSandboxTempDir; -#endif nsCOMArray<nsIFile> mAppBundleDirectories; nsCOMArray<nsIFile> mExtensionDirectories; nsCOMArray<nsIFile> mThemeDirectories; |