diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 01:24:31 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-05-03 01:24:31 +0200 |
| commit | 4613b91ecac2745252c40be64e73de5ff920b02b (patch) | |
| tree | 26b0aa50bb4d580b156ab2eb9825707a17f51e99 | |
| parent | e1490c07e29f5e4715f73088b7ca7aab4ada90a6 (diff) | |
| download | uxp-4613b91ecac2745252c40be64e73de5ff920b02b.tar.gz | |
Remove sandbox ductwork conditional code.
44 files changed, 5 insertions, 916 deletions
diff --git a/application/palemoon/app/nsBrowserApp.cpp b/application/palemoon/app/nsBrowserApp.cpp index 1d652f3a4e..3951033d72 100644 --- a/application/palemoon/app/nsBrowserApp.cpp +++ b/application/palemoon/app/nsBrowserApp.cpp @@ -26,9 +26,6 @@ #ifdef XP_WIN #define XRE_WANT_ENVIRON #define strcasecmp _stricmp -#ifdef MOZ_SANDBOX -#include "mozilla/sandboxing/SandboxInitialization.h" -#endif #endif #include "BinaryPath.h" @@ -38,8 +35,7 @@ #include "mozilla/Telemetry.h" #include "mozilla/WindowsDllBlocklist.h" -#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \ - && !(defined(XP_LINUX) && defined(MOZ_SANDBOX)) +#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) #define MOZ_BROWSER_CAN_BE_CONTENTPROC #include "../../ipc/contentproc/plugin-container.cpp" #endif @@ -202,10 +198,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory) } XREShellData shellData; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - shellData.sandboxBrokerServices = - sandboxing::GetInitializedBrokerServices(); -#endif return XRE_XPCShellMain(--argc, argv, envp, &shellData); } @@ -257,12 +249,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory) DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0; #endif -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - sandbox::BrokerServices* brokerServices = - sandboxing::GetInitializedBrokerServices(); - appData.sandboxBrokerServices = brokerServices; -#endif - #ifdef LIBFUZZER if (getenv("LIBFUZZER")) XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main); @@ -364,15 +350,6 @@ int main(int argc, char* argv[], char* envp[]) // We are launching as a content process, delegate to the appropriate // main if (argc > 1 && IsArg(argv[1], "contentproc")) { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - // We need to initialize the sandbox TargetServices before InitXPCOMGlue - // because we might need the sandbox broker to give access to some files. - if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) { - Output("Failed to initialize the sandbox target services."); - return 255; - } -#endif - nsresult rv = InitXPCOMGlue(argv[0], nullptr); if (NS_FAILED(rv)) { return 255; diff --git a/application/palemoon/installer/package-manifest.in b/application/palemoon/installer/package-manifest.in index f7b12838b5..0393ce3168 100644 --- a/application/palemoon/installer/package-manifest.in +++ b/application/palemoon/installer/package-manifest.in @@ -334,21 +334,6 @@ @RESPATH@/chrome/pippki@JAREXT@ @RESPATH@/chrome/pippki.manifest -; For process sandboxing -#if defined(MOZ_SANDBOX) -#if defined(XP_WIN) -#if defined(WOW_HELPER) -@BINPATH@/wow_helper.exe -#endif -#endif -#endif - -#if defined(MOZ_SANDBOX) -#if defined(XP_LINUX) -@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@ -#endif -#endif - ; for Solaris SPARC #ifdef SOLARIS bin/libfreebl_32fpu_3.so diff --git a/browser/app/moz.build b/browser/app/moz.build index 520ce4425d..1004e280ca 100644 --- a/browser/app/moz.build +++ b/browser/app/moz.build @@ -48,22 +48,6 @@ if CONFIG['OS_ARCH'] == 'WINNT': for cdm in CONFIG['MOZ_EME_MODULES']: DEFINES['MOZ_%s_EME' % cdm.upper()] = True -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - # For sandbox includes and the include dependencies those have - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - - USE_LIBS += [ - 'sandbox_s', - ] - - DELAYLOAD_DLLS += [ - 'winmm.dll', - 'user32.dll', - ] - # Control the default heap size. # This is the heap returned by GetProcessHeap(). # As we use the CRT heap, the default size is too large and wastes VM. diff --git a/browser/app/nsBrowserApp.cpp b/browser/app/nsBrowserApp.cpp index bae1d4bb7a..193de46cfd 100644 --- a/browser/app/nsBrowserApp.cpp +++ b/browser/app/nsBrowserApp.cpp @@ -26,9 +26,6 @@ #ifdef XP_WIN #define XRE_WANT_ENVIRON #define strcasecmp _stricmp -#ifdef MOZ_SANDBOX -#include "mozilla/sandboxing/SandboxInitialization.h" -#endif #endif #include "BinaryPath.h" @@ -38,8 +35,7 @@ #include "mozilla/Telemetry.h" #include "mozilla/WindowsDllBlocklist.h" -#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \ - && !(defined(XP_LINUX) && defined(MOZ_SANDBOX)) +#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) #define MOZ_BROWSER_CAN_BE_CONTENTPROC #include "../../ipc/contentproc/plugin-container.cpp" #endif @@ -202,11 +198,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory) } XREShellData shellData; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - shellData.sandboxBrokerServices = - sandboxing::GetInitializedBrokerServices(); -#endif - return XRE_XPCShellMain(--argc, argv, envp, &shellData); } @@ -257,12 +248,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory) DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0; #endif -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - sandbox::BrokerServices* brokerServices = - sandboxing::GetInitializedBrokerServices(); - appData.sandboxBrokerServices = brokerServices; -#endif - #ifdef LIBFUZZER if (getenv("LIBFUZZER")) XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main); @@ -364,15 +349,6 @@ int main(int argc, char* argv[], char* envp[]) // We are launching as a content process, delegate to the appropriate // main if (argc > 1 && IsArg(argv[1], "contentproc")) { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - // We need to initialize the sandbox TargetServices before InitXPCOMGlue - // because we might need the sandbox broker to give access to some files. - if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) { - Output("Failed to initialize the sandbox target services."); - return 255; - } -#endif - nsresult rv = InitXPCOMGlue(argv[0], nullptr); if (NS_FAILED(rv)) { return 255; diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js index e80f57fe4f..c021da6164 100644 --- a/browser/app/profile/firefox.js +++ b/browser/app/profile/firefox.js @@ -921,32 +921,6 @@ pref("dom.ipc.shims.enabledWarnings", false); pref("browser.tabs.remote.autostart", false); pref("browser.tabs.remote.desktopbehavior", true); -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -// When this pref is true the Windows process sandbox will set up dummy -// interceptions and log to the browser console when calls fail in the sandboxed -// process and also if they are subsequently allowed by the broker process. -// This will require a restart. -pref("security.sandbox.windows.log", false); - -// Controls whether and how the Windows NPAPI plugin process is sandboxed. -// To get a different setting for a particular plugin replace "default", with -// the plugin's nice file name, see: nsPluginTag::GetNiceFileName. -// On windows these levels are: -// 0 - no sandbox -// 1 - sandbox with USER_NON_ADMIN access token level -// 2 - a more strict sandbox, which might cause functionality issues. This now -// includes running at low integrity. -// 3 - the strongest settings we seem to be able to use without breaking -// everything, but will probably cause some functionality restrictions -pref("dom.ipc.plugins.sandbox-level.default", 0); -#if defined(_AMD64_) -// The lines in PluginModuleParent.cpp should be changed in line with this. -pref("dom.ipc.plugins.sandbox-level.flash", 2); -#else -pref("dom.ipc.plugins.sandbox-level.flash", 0); -#endif -#endif - // This pref governs whether we attempt to work around problems caused by // plugins using OS calls to manipulate the cursor while running out-of- // process. These workarounds all involve intercepting (hooking) certain diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in index 5540feed9e..8032060a43 100644 --- a/browser/installer/package-manifest.in +++ b/browser/installer/package-manifest.in @@ -740,21 +740,6 @@ @RESPATH@/components/pipnss.xpt @RESPATH@/components/pippki.xpt -; For process sandboxing -#if defined(MOZ_SANDBOX) -#if defined(XP_WIN) -#if defined(WOW_HELPER) -@BINPATH@/wow_helper.exe -#endif -#endif -#endif - -#if defined(MOZ_SANDBOX) -#if defined(XP_LINUX) -@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@ -#endif -#endif - ; for Solaris SPARC #ifdef SOLARIS bin/libfreebl_32fpu_3.so diff --git a/build/directive4.py b/build/directive4.py index dd8c111cfe..28d84973ec 100644 --- a/build/directive4.py +++ b/build/directive4.py @@ -33,7 +33,6 @@ if ('MOZ_OFFICIAL_BRANDING' in listConfig) or (strBrandingDirectory.endswith("br # Applies to Pale Moon and Basilisk if ('MC_BASILISK' in listConfig) or ('MC_PALEMOON' in listConfig): listViolations += [ - 'MOZ_SANDBOX', 'MOZ_SYSTEM_LIBEVENT', 'MOZ_SYSTEM_NSS', 'MOZ_SYSTEM_NSPR', diff --git a/dom/ipc/moz.build b/dom/ipc/moz.build index 1a0527daea..1dbe1fedb9 100644 --- a/dom/ipc/moz.build +++ b/dom/ipc/moz.build @@ -140,12 +140,6 @@ LOCAL_INCLUDES += [ '/xpcom/threads', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - if CONFIG['OS_ARCH'] != 'WINNT': LOCAL_INCLUDES += [ '/modules/libjar', diff --git a/dom/media/gmp/GMPProcessParent.cpp b/dom/media/gmp/GMPProcessParent.cpp index 2fe7306a48..ef58175e83 100644 --- a/dom/media/gmp/GMPProcessParent.cpp +++ b/dom/media/gmp/GMPProcessParent.cpp @@ -8,9 +8,6 @@ #include "GMPUtils.h" #include "nsIFile.h" #include "nsIRunnable.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "WinUtils.h" -#endif #include "base/string_util.h" #include "base/process_util.h" @@ -56,38 +53,7 @@ GMPProcessParent::Launch(int32_t aTimeoutMs) vector<string> args; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - std::wstring wGMPPath = UTF8ToWide(mGMPPath.c_str()); - - // The sandbox doesn't allow file system rules where the paths contain - // symbolic links or junction points. Sometimes the Users folder has been - // moved to another drive using a junction point, so allow for this specific - // case. See bug 1236680 for details. - if (!widget::WinUtils::ResolveJunctionPointsAndSymLinks(wGMPPath)) { - GMP_LOG("ResolveJunctionPointsAndSymLinks failed for GMP path=%S", - wGMPPath.c_str()); - NS_WARNING("ResolveJunctionPointsAndSymLinks failed for GMP path."); - return false; - } - GMP_LOG("GMPProcessParent::Launch() resolved path to %S", wGMPPath.c_str()); - - // If the GMP path is a network path that is not mapped to a drive letter, - // then we need to fix the path format for the sandbox rule. - wchar_t volPath[MAX_PATH]; - if (::GetVolumePathNameW(wGMPPath.c_str(), volPath, MAX_PATH) && - ::GetDriveTypeW(volPath) == DRIVE_REMOTE && - wGMPPath.compare(0, 2, L"\\\\") == 0) { - std::wstring sandboxGMPPath(wGMPPath); - sandboxGMPPath.insert(1, L"??\\UNC"); - mAllowedFilesRead.push_back(sandboxGMPPath + L"\\*"); - } else { - mAllowedFilesRead.push_back(wGMPPath + L"\\*"); - } - - args.push_back(WideToUTF8(wGMPPath)); -#else args.push_back(mGMPPath); -#endif args.push_back(string(voucherPath.BeginReading(), voucherPath.EndReading())); diff --git a/dom/media/gmp/rlz/GMPDeviceBinding.cpp b/dom/media/gmp/rlz/GMPDeviceBinding.cpp index c8aee2bcd8..3525f0462a 100644 --- a/dom/media/gmp/rlz/GMPDeviceBinding.cpp +++ b/dom/media/gmp/rlz/GMPDeviceBinding.cpp @@ -12,10 +12,6 @@ #ifdef XP_WIN #include "windows.h" -#ifdef MOZ_SANDBOX -#include <intrin.h> -#include <assert.h> -#endif #endif #if defined(HASH_NODE_ID_WITH_DEVICE_ID) @@ -35,10 +31,6 @@ #ifdef XP_WIN #include "windows.h" -#ifdef MOZ_SANDBOX -#include <intrin.h> -#include <assert.h> -#endif #endif #ifdef XP_MACOSX diff --git a/dom/media/gmp/rlz/moz.build b/dom/media/gmp/rlz/moz.build index f366c2b5d8..5e85357f11 100644 --- a/dom/media/gmp/rlz/moz.build +++ b/dom/media/gmp/rlz/moz.build @@ -13,13 +13,6 @@ UNIFIED_SOURCES += [ 'GMPDeviceBinding.cpp', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ['WINNT', 'Darwin']: - DEFINES['HASH_NODE_ID_WITH_DEVICE_ID'] = 1; - UNIFIED_SOURCES += [ - 'lib/string_utils.cc', - 'sha256.c', - ] - if CONFIG['OS_TARGET'] == 'WINNT': UNIFIED_SOURCES += [ 'win/lib/machine_id_win.cc', diff --git a/dom/plugins/base/nsPluginTags.cpp b/dom/plugins/base/nsPluginTags.cpp index ddc3968fdd..216502b8a9 100644 --- a/dom/plugins/base/nsPluginTags.cpp +++ b/dom/plugins/base/nsPluginTags.cpp @@ -427,24 +427,7 @@ void nsPluginTag::InitMime(const char* const* aMimeTypes, void nsPluginTag::InitSandboxLevel() { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - nsAutoCString sandboxPref("dom.ipc.plugins.sandbox-level."); - sandboxPref.Append(GetNiceFileName()); - if (NS_FAILED(Preferences::GetInt(sandboxPref.get(), &mSandboxLevel))) { - mSandboxLevel = Preferences::GetInt("dom.ipc.plugins.sandbox-level.default" -); - } - -#if defined(_AMD64_) - // As level 2 is now the default NPAPI sandbox level for 64-bit flash, we - // don't want to allow a lower setting unless this environment variable is - // set. This should be changed if the firefox.js pref file is changed. - if (mIsFlashPlugin && - !PR_GetEnv("MOZ_ALLOW_WEAKER_SANDBOX") && mSandboxLevel < 2) { - mSandboxLevel = 2; - } -#endif -#endif +/* STUB */ } #if !defined(XP_WIN) && !defined(XP_MACOSX) diff --git a/dom/plugins/ipc/PluginProcessChild.cpp b/dom/plugins/ipc/PluginProcessChild.cpp index eb698e8af5..32bf062150 100644 --- a/dom/plugins/ipc/PluginProcessChild.cpp +++ b/dom/plugins/ipc/PluginProcessChild.cpp @@ -22,10 +22,6 @@ extern "C" CGError CGSSetDebugOptions(int options); #ifdef XP_WIN bool ShouldProtectPluginCurrentDirectory(char16ptr_t pluginFilePath); -#if defined(MOZ_SANDBOX) -#define TARGET_SANDBOX_EXPORTS -#include "mozilla/sandboxTarget.h" -#endif #endif using mozilla::ipc::IOThreadChild; @@ -107,12 +103,6 @@ PluginProcessChild::Init() pluginFilename = WideToUTF8(values[0]); -#if defined(MOZ_SANDBOX) - // This is probably the earliest we would want to start the sandbox. - // As we attempt to tighten the sandbox, we may need to consider moving this - // to later in the plugin initialization. - mozilla::SandboxTarget::Instance()->StartSandbox(); -#endif #else # error Sorry #endif diff --git a/dom/plugins/ipc/PluginProcessParent.cpp b/dom/plugins/ipc/PluginProcessParent.cpp index 2a73bce516..fb0e182461 100644 --- a/dom/plugins/ipc/PluginProcessParent.cpp +++ b/dom/plugins/ipc/PluginProcessParent.cpp @@ -14,10 +14,6 @@ #include "mozilla/Telemetry.h" #include "nsThreadUtils.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "nsDirectoryServiceDefs.h" -#endif - using std::vector; using std::string; @@ -40,95 +36,14 @@ PluginProcessParent::~PluginProcessParent() { } -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -static void -AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSvc, - const char* aDir, const nsAString& aSuffix = EmptyString()) -{ - nsCOMPtr<nsIFile> userDir; - nsresult rv = aDirSvc->Get(aDir, NS_GET_IID(nsIFile), getter_AddRefs(userDir)); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - nsAutoString userDirPath; - rv = userDir->GetPath(userDirPath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - if (!aSuffix.IsEmpty()) { - userDirPath.Append(aSuffix); - } - aAllowedFiles.push_back(std::wstring(userDirPath.get())); - return; -} - -static void -AddSandboxAllowedFiles(int32_t aSandboxLevel, - vector<std::wstring>& aAllowedFilesRead, - vector<std::wstring>& aAllowedFilesReadWrite, - vector<std::wstring>& aAllowedDirectories) -{ - if (aSandboxLevel < 2) { - return; - } - - nsresult rv; - nsCOMPtr<nsIProperties> dirSvc = - do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - // Higher than level 2 currently removes the users own rights. - if (aSandboxLevel > 2) { - AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR); - AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR, - NS_LITERAL_STRING("\\*")); - } - - // Level 2 and above is now using low integrity, so we need to give write - // access to the Flash directories. - // This should be made Flash specific (Bug 1171396). - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*")); - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*")); - AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe\\Flash Player\\*")); - - // Access also has to be given to create the parent directories as they may - // not exist. - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR, - NS_LITERAL_STRING("\\Macromedia\\Flash Player")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe")); - AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR, - NS_LITERAL_STRING("\\Adobe\\Flash Player")); -} -#endif - bool PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchCompleteTask, int32_t aSandboxLevel) { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - mSandboxLevel = aSandboxLevel; - AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead, - mAllowedFilesReadWrite, mAllowedDirectories); -#else if (aSandboxLevel != 0) { MOZ_ASSERT(false, "Can't enable an NPAPI process sandbox for platform/build."); } -#endif ProcessArchitecture currentArchitecture = base::GetCurrentProcessArchitecture(); uint32_t containerArchitectures = GetSupportedArchitecturesForProcessType(GeckoProcessType_Plugin); diff --git a/dom/plugins/ipc/moz.build b/dom/plugins/ipc/moz.build index b569aeb4c1..15ed6410d7 100644 --- a/dom/plugins/ipc/moz.build +++ b/dom/plugins/ipc/moz.build @@ -125,12 +125,6 @@ LOCAL_INCLUDES += [ '/xpcom/base/', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - DEFINES['FORCE_PR_LOG'] = True if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk3': diff --git a/ipc/app/moz.build b/ipc/app/moz.build index 55c338cb89..a5bf66737f 100644 --- a/ipc/app/moz.build +++ b/ipc/app/moz.build @@ -43,47 +43,10 @@ if CONFIG['OS_ARCH'] == 'WINNT': 'nss3.dll', ] - if CONFIG['MOZ_SANDBOX']: - # For sandbox includes and the include dependencies those have - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - - USE_LIBS += [ - 'sandbox_s', - ] - - DELAYLOAD_DLLS += [ - 'winmm.dll', - 'user32.dll', - ] - DELAYLOAD_DLLS += [ 'xul.dll', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ('Linux', 'Android'): - USE_LIBS += [ - 'mozsandbox', - ] - - # gcc lto likes to put the top level asm in syscall.cc in a different partition - # from the function using it which breaks the build. Work around that by - # forcing there to be only one partition. - if '-flto' in CONFIG['OS_CXXFLAGS'] and not CONFIG['CLANG_CXX']: - LDFLAGS += ['--param lto-partitions=1'] - -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin': - # For sandbox includes and the include dependencies those have - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - USE_LIBS += [ - 'mozsandbox', - ] - if CONFIG['_MSC_VER']: # Always enter a Windows program through wmain, whether or not we're # a console application. diff --git a/ipc/app/pie/moz.build b/ipc/app/pie/moz.build index 0247b25b4b..6924199b5e 100644 --- a/ipc/app/pie/moz.build +++ b/ipc/app/pie/moz.build @@ -16,15 +16,4 @@ LOCAL_INCLUDES += [ '/xpcom/base', ] -if CONFIG['MOZ_SANDBOX']: - USE_LIBS += [ - 'mozsandbox', - ] - - # gcc lto likes to put the top level asm in syscall.cc in a different partition - # from the function using it which breaks the build. Work around that by - # forcing there to be only one partition. - if '-flto' in CONFIG['OS_CXXFLAGS'] and not CONFIG['CLANG_CXX']: - LDFLAGS += ['--param lto-partitions=1'] - LDFLAGS += ['-pie'] diff --git a/ipc/contentproc/moz.build b/ipc/contentproc/moz.build index 07cf0b97c6..f9ded56ec0 100644 --- a/ipc/contentproc/moz.build +++ b/ipc/contentproc/moz.build @@ -18,8 +18,3 @@ if CONFIG['OS_ARCH'] == 'WINNT': '/xpcom/base', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] diff --git a/ipc/contentproc/plugin-container.cpp b/ipc/contentproc/plugin-container.cpp index 82ed16a900..6a9341d7ff 100644 --- a/ipc/contentproc/plugin-container.cpp +++ b/ipc/contentproc/plugin-container.cpp @@ -22,11 +22,6 @@ #include "GMPLoader.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "mozilla/sandboxing/SandboxInitialization.h" -#include "mozilla/sandboxing/sandboxLogging.h" -#endif - #ifdef MOZ_WIDGET_GONK # include <sys/time.h> # include <sys/resource.h> @@ -62,26 +57,10 @@ InitializeBinder(void *aDummy) { } #endif -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -class WinSandboxStarter : public mozilla::gmp::SandboxStarter { -public: - virtual bool Start(const char *aLibPath) override { - if (IsSandboxedProcess()) { - mozilla::sandboxing::LowerSandbox(); - } - return true; - } -}; -#endif - mozilla::gmp::SandboxStarter* MakeSandboxStarter() { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - return new WinSandboxStarter(); -#else return nullptr; -#endif } int @@ -95,27 +74,8 @@ content_process_main(int argc, char* argv[]) XREChildData childData; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - if (IsSandboxedProcess()) { - childData.sandboxTargetServices = - mozilla::sandboxing::GetInitializedTargetServices(); - if (!childData.sandboxTargetServices) { - return 1; - } - - childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction; - } -#endif - XRE_SetProcessType(argv[--argc]); -#if defined(XP_LINUX) && defined(MOZ_SANDBOX) - // This has to happen while we're still single-threaded, and on - // B2G that means before the Android Binder library is - // initialized. - mozilla::SandboxEarlyInit(XRE_GetProcessType()); -#endif - #ifdef MOZ_WIDGET_GONK // This creates a ThreadPool for binder ipc. A ThreadPool is necessary to // receive binder calls, though not necessary to send binder calls. diff --git a/ipc/glue/GeckoChildProcessHost.cpp b/ipc/glue/GeckoChildProcessHost.cpp index fc376d7034..9ab9cc4d45 100644 --- a/ipc/glue/GeckoChildProcessHost.cpp +++ b/ipc/glue/GeckoChildProcessHost.cpp @@ -39,12 +39,6 @@ #ifdef XP_WIN #include "nsIWinTaskbar.h" #define NS_TASKBAR_CONTRACTID "@mozilla.org/windows-taskbar;1" - -#if defined(MOZ_SANDBOX) -#include "mozilla/Preferences.h" -#include "mozilla/sandboxing/sandboxLogging.h" -#include "nsDirectoryServiceUtils.h" -#endif #endif #include "nsTArray.h" @@ -97,10 +91,6 @@ GeckoChildProcessHost::GeckoChildProcessHost(GeckoProcessType aProcessType, mPrivileges(aPrivileges), mMonitor("mozilla.ipc.GeckChildProcessHost.mMonitor"), mProcessState(CREATING_CHANNEL), -#if defined(MOZ_SANDBOX) && defined(XP_WIN) - mEnableSandboxLogging(false), - mSandboxLevel(0), -#endif mChildProcessHandle(0) #if defined(MOZ_WIDGET_COCOA) , mChildTask(MACH_PORT_NULL) @@ -307,14 +297,6 @@ GeckoChildProcessHost::PrepareLaunch() if (mProcessType == GeckoProcessType_Plugin) { InitWindowsGroupID(); } - -#if defined(MOZ_SANDBOX) - // For other process types we can't rely on them being launched on main - // thread and they may not have access to prefs in the child process, so allow - // them to turn on logging via an environment variable. - mEnableSandboxLogging = mEnableSandboxLogging - || !!PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING"); -#endif #endif } @@ -599,91 +581,6 @@ AddAppDirToCommandLine(std::vector<std::string>& aCmdLine) } } -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -static void -MaybeAddNsprLogFileAccess(std::vector<std::wstring>& aAllowedFilesReadWrite) -{ - const char* nsprLogFileEnv = PR_GetEnv("NSPR_LOG_FILE"); - if (!nsprLogFileEnv) { - return; - } - - nsDependentCString nsprLogFilePath(nsprLogFileEnv); - nsCOMPtr<nsIFile> nsprLogFile; - nsresult rv = NS_NewNativeLocalFile(nsprLogFilePath, true, - getter_AddRefs(nsprLogFile)); - if (NS_FAILED(rv)) { - // Not an absolute path, try it as a relative one. - nsresult rv = NS_GetSpecialDirectory(NS_OS_CURRENT_WORKING_DIR, - getter_AddRefs(nsprLogFile)); - if (NS_FAILED(rv) || !nsprLogFile) { - NS_WARNING("Failed to get current working directory"); - return; - } - - rv = nsprLogFile->AppendRelativeNativePath(nsprLogFilePath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - } - - nsAutoString resolvedFilePath; - rv = nsprLogFile->GetPath(resolvedFilePath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - // Update the environment variable as well as adding the rule, because the - // Chromium sandbox can only allow access to fully qualified file paths. This - // only affects the environment for the child process we're about to create, - // because this will get reset to the original value in PerformAsyncLaunch. - aAllowedFilesReadWrite.push_back(std::wstring(resolvedFilePath.get())); - nsAutoCString resolvedEnvVar("NSPR_LOG_FILE="); - AppendUTF16toUTF8(resolvedFilePath, resolvedEnvVar); - PR_SetEnv(resolvedEnvVar.get()); -} - -static void -AddContentSandboxAllowedFiles(int32_t aSandboxLevel, - std::vector<std::wstring>& aAllowedFilesRead) -{ - if (aSandboxLevel < 1) { - return; - } - - nsCOMPtr<nsIFile> binDir; - nsresult rv = NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(binDir)); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - nsAutoString binDirPath; - rv = binDir->GetPath(binDirPath); - if (NS_WARN_IF(NS_FAILED(rv))) { - return; - } - - // If bin directory is on a remote drive add read access. - wchar_t volPath[MAX_PATH]; - if (!::GetVolumePathNameW(binDirPath.get(), volPath, MAX_PATH)) { - return; - } - - if (::GetDriveTypeW(volPath) != DRIVE_REMOTE) { - return; - } - - // Convert network share path to format for sandbox policy. - if (Substring(binDirPath, 0, 2).Equals(L"\\\\")) { - binDirPath.InsertLiteral(u"??\\UNC", 1); - } - - binDirPath.AppendLiteral(u"\\*"); - - aAllowedFilesRead.push_back(std::wstring(binDirPath.get())); -} -#endif - bool GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExtraOpts, base::ProcessArchitecture arch) { @@ -808,27 +705,6 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt } #endif // MOZ_WIDGET_GONK -#if defined(XP_LINUX) && defined(MOZ_SANDBOX) - // Preload libmozsandbox.so so that sandbox-related interpositions - // can be defined there instead of in the executable. - // (This could be made conditional on intent to use sandboxing, but - // it's harmless for non-sandboxed processes.) - { - nsAutoCString preload; - // Prepend this, because people can and do preload libpthread. - // (See bug 1222500.) - preload.AssignLiteral("libmozsandbox.so"); - if (const char* oldPreload = PR_GetEnv("LD_PRELOAD")) { - // Doesn't matter if oldPreload is ""; extra separators are ignored. - preload.Append(' '); - preload.Append(oldPreload); - } - // Explicitly construct the std::string to make it clear that this - // isn't retaining a pointer to the nsCString's buffer. - newEnvVars["LD_PRELOAD"] = std::string(preload.get()); - } -#endif - // remap the IPC socket fd to a well-known int, as the OS does for // STDOUT_FILENO, for example int srcChannelFd, dstChannelFd; @@ -994,74 +870,6 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt } } -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - bool shouldSandboxCurrentProcess = false; - - // XXX: Bug 1124167: We should get rid of the process specific logic for - // sandboxing in this class at some point. Unfortunately it will take a bit - // of reorganizing so I don't think this patch is the right time. - switch (mProcessType) { - case GeckoProcessType_Content: - break; - case GeckoProcessType_Plugin: - if (mSandboxLevel > 0 && - !PR_GetEnv("MOZ_DISABLE_NPAPI_SANDBOX")) { - bool ok = mSandboxBroker.SetSecurityLevelForPluginProcess(mSandboxLevel); - if (!ok) { - return false; - } - shouldSandboxCurrentProcess = true; - } - break; - case GeckoProcessType_IPDLUnitTest: - // XXX: We don't sandbox this process type yet - break; - case GeckoProcessType_GMPlugin: - if (!PR_GetEnv("MOZ_DISABLE_GMP_SANDBOX")) { - // The Widevine CDM on Windows can only load at USER_RESTRICTED, - // not at USER_LOCKDOWN. So look in the command line arguments - // to see if we're loading the path to the Widevine CDM, and if - // so use sandbox level USER_RESTRICTED instead of USER_LOCKDOWN. - bool isWidevine = std::any_of(aExtraOpts.begin(), aExtraOpts.end(), - [](const std::string arg) { return arg.find("gmp-widevinecdm") != std::string::npos; }); - auto level = isWidevine ? SandboxBroker::Restricted : SandboxBroker::LockDown; - bool ok = mSandboxBroker.SetSecurityLevelForGMPlugin(level); - if (!ok) { - return false; - } - shouldSandboxCurrentProcess = true; - } - break; - case GeckoProcessType_GPU: - break; - case GeckoProcessType_Default: - default: - MOZ_CRASH("Bad process type in GeckoChildProcessHost"); - break; - }; - - if (shouldSandboxCurrentProcess) { - MaybeAddNsprLogFileAccess(mAllowedFilesReadWrite); - for (auto it = mAllowedFilesRead.begin(); - it != mAllowedFilesRead.end(); - ++it) { - mSandboxBroker.AllowReadFile(it->c_str()); - } - - for (auto it = mAllowedFilesReadWrite.begin(); - it != mAllowedFilesReadWrite.end(); - ++it) { - mSandboxBroker.AllowReadWriteFile(it->c_str()); - } - - for (auto it = mAllowedDirectories.begin(); - it != mAllowedDirectories.end(); - ++it) { - mSandboxBroker.AllowDirectory(it->c_str()); - } - } -#endif // XP_WIN && MOZ_SANDBOX - // Add the application directory path (-appdir path) AddAppDirToCommandLine(cmdLine); @@ -1078,33 +886,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt // Process type cmdLine.AppendLooseValue(UTF8ToWide(childProcessType)); -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - if (shouldSandboxCurrentProcess) { - if (mSandboxBroker.LaunchApp(cmdLine.program().c_str(), - cmdLine.command_line_string().c_str(), - mEnableSandboxLogging, - &process)) { - EnvironmentLog("MOZ_PROCESS_LOG").print( - "==> process %d launched child process %d (%S)\n", - base::GetCurrentProcId(), base::GetProcId(process), - cmdLine.command_line_string().c_str()); - } - } else -#endif { base::LaunchApp(cmdLine, false, false, &process); - -#ifdef MOZ_SANDBOX - // We need to be able to duplicate handles to some types of non-sandboxed - // child processes. - if (mProcessType == GeckoProcessType_Content || - mProcessType == GeckoProcessType_GPU || - mProcessType == GeckoProcessType_GMPlugin) { - if (!mSandboxBroker.AddTargetPeer(process)) { - NS_WARNING("Failed to add content process as target peer."); - } - } -#endif } #else diff --git a/ipc/glue/GeckoChildProcessHost.h b/ipc/glue/GeckoChildProcessHost.h index 3d55564acb..d278d8928e 100644 --- a/ipc/glue/GeckoChildProcessHost.h +++ b/ipc/glue/GeckoChildProcessHost.h @@ -21,10 +21,6 @@ #include "nsXULAppAPI.h" // for GeckoProcessType #include "nsString.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "sandboxBroker.h" -#endif - namespace mozilla { namespace ipc { @@ -153,15 +149,6 @@ protected: #ifdef XP_WIN void InitWindowsGroupID(); nsString mGroupId; - -#ifdef MOZ_SANDBOX - SandboxBroker mSandboxBroker; - std::vector<std::wstring> mAllowedFilesRead; - std::vector<std::wstring> mAllowedFilesReadWrite; - std::vector<std::wstring> mAllowedDirectories; - bool mEnableSandboxLogging; - int32_t mSandboxLevel; -#endif #endif // XP_WIN #if defined(OS_POSIX) diff --git a/ipc/glue/ProtocolUtils.cpp b/ipc/glue/ProtocolUtils.cpp index 4de1314692..7d8a1153c0 100644 --- a/ipc/glue/ProtocolUtils.cpp +++ b/ipc/glue/ProtocolUtils.cpp @@ -20,11 +20,6 @@ #include "mozilla/Unused.h" #include "nsPrintfCString.h" -#if defined(MOZ_SANDBOX) && defined(XP_WIN) -#define TARGET_SANDBOX_EXPORTS -#include "mozilla/sandboxTarget.h" -#endif - #include "nsAutoPtr.h" using namespace IPC; @@ -162,17 +157,6 @@ bool DuplicateHandle(HANDLE aSourceHandle, } -#if defined(MOZ_SANDBOX) - // Try the broker next (will fail if not sandboxed). - if (SandboxTarget::Instance()->BrokerDuplicateHandle(aSourceHandle, - aTargetProcessId, - aTargetHandle, - aDesiredAccess, - aOptions)) { - return true; - } -#endif - // Finally, see if we already have access to the process. ScopedProcessHandle targetProcess(OpenProcess(PROCESS_DUP_HANDLE, FALSE, diff --git a/ipc/glue/moz.build b/ipc/glue/moz.build index dd3a2e1ba7..8caee1ffee 100644 --- a/ipc/glue/moz.build +++ b/ipc/glue/moz.build @@ -196,12 +196,5 @@ for var in ('MOZ_CHILD_PROCESS_NAME', 'MOZ_CHILD_PROCESS_NAME_PIE', 'MOZ_CHILD_PROCESS_BUNDLE', 'DLL_PREFIX', 'DLL_SUFFIX'): DEFINES[var] = '"%s"' % CONFIG[var] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - '/security/sandbox/win/src/sandboxbroker', - ] - if CONFIG['GNU_CXX']: CXXFLAGS += ['-Wno-shadow'] diff --git a/js/xpconnect/shell/moz.build b/js/xpconnect/shell/moz.build index ecc796f7ff..d4f5d55af3 100644 --- a/js/xpconnect/shell/moz.build +++ b/js/xpconnect/shell/moz.build @@ -35,22 +35,6 @@ if CONFIG['_MSC_VER']: if CONFIG['OS_ARCH'] == 'WINNT': RCINCLUDE = 'xpcshell.rc' - if CONFIG['MOZ_SANDBOX']: - # For sandbox includes and the include dependencies those have - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - - USE_LIBS += [ - 'sandbox_s', - ] - - DELAYLOAD_DLLS += [ - 'winmm.dll', - 'user32.dll', - ] - DELAYLOAD_DLLS += [ 'xul.dll', ] diff --git a/js/xpconnect/shell/xpcshell.cpp b/js/xpconnect/shell/xpcshell.cpp index ba979bc694..4521dc52f9 100644 --- a/js/xpconnect/shell/xpcshell.cpp +++ b/js/xpconnect/shell/xpcshell.cpp @@ -22,9 +22,6 @@ #define XRE_DONT_PROTECT_DLL_LOAD #define XRE_WANT_ENVIRON #include "nsWindowsWMain.cpp" -#ifdef MOZ_SANDBOX -#include "mozilla/sandboxing/SandboxInitialization.h" -#endif #endif #ifdef MOZ_WIDGET_GTK @@ -54,10 +51,6 @@ main(int argc, char** argv, char** envp) #endif XREShellData shellData; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - shellData.sandboxBrokerServices = - mozilla::sandboxing::GetInitializedBrokerServices(); -#endif int result = XRE_XPCShellMain(argc, argv, envp, &shellData); diff --git a/js/xpconnect/src/XPCShellImpl.cpp b/js/xpconnect/src/XPCShellImpl.cpp index 45d00d3905..f6c74f9b2e 100644 --- a/js/xpconnect/src/XPCShellImpl.cpp +++ b/js/xpconnect/src/XPCShellImpl.cpp @@ -44,9 +44,6 @@ #ifdef XP_WIN #include "mozilla/widget/AudioSession.h" #include <windows.h> -#if defined(MOZ_SANDBOX) -#include "SandboxBroker.h" -#endif #endif // all this crap is needed to do the interactive shell stuff @@ -1484,16 +1481,6 @@ XRE_XPCShellMain(int argc, char** argv, char** envp, // Plugin may require audio session if installed plugin can initialize // asynchronized. AutoAudioSession audioSession; - -#if defined(MOZ_SANDBOX) - // Required for sandboxed child processes. - if (aShellData->sandboxBrokerServices) { - SandboxBroker::Initialize(aShellData->sandboxBrokerServices); - } else { - NS_WARNING("Failed to initialize broker services, sandboxed " - "processes will fail to start."); - } -#endif #endif { diff --git a/mobile/android/installer/package-manifest.in b/mobile/android/installer/package-manifest.in index 086138d47f..067f9dde12 100644 --- a/mobile/android/installer/package-manifest.in +++ b/mobile/android/installer/package-manifest.in @@ -502,11 +502,6 @@ ; @BINPATH@/components/pipnss.xpt -; For process sandboxing -#if defined(MOZ_SANDBOX) -@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@ -#endif - [mobile] @BINPATH@/chrome/chrome@JAREXT@ @BINPATH@/chrome/chrome.manifest diff --git a/old-configure.in b/old-configure.in index 5dbcdb1bcc..cc49c3fcea 100644 --- a/old-configure.in +++ b/old-configure.in @@ -2306,7 +2306,6 @@ MOZ_INSTALL_TRACKING= ACCESSIBILITY=1 MOZ_TIME_MANAGER= MOZ_AUDIO_CHANNEL_MANAGER= -MOZ_SANDBOX= MOZ_BINARY_EXTENSIONS= MOZ_JETPACK=1 MOZ_DEVTOOLS_SERVER=1 @@ -3841,24 +3840,6 @@ fi AC_SUBST(MOZ_NO_SMART_CARDS) dnl ======================================================== -dnl = Sandboxing support -dnl ======================================================== -MOZ_ARG_ENABLE_BOOL(sandbox, -[ --enable-sandbox Enable sandboxing support], - MOZ_SANDBOX=1, - MOZ_SANDBOX=) - -if test -n "$MOZ_TSAN" -o -n "$MOZ_ASAN"; then - # Bug 1182565: TSan conflicts with sandboxing on Linux. - # Bug 1287971: LSan also conflicts with sandboxing on Linux. - case $OS_TARGET in - Linux|Android) - MOZ_SANDBOX= - ;; - esac -fi - -dnl ======================================================== dnl = dnl = Module specific options dnl = @@ -5685,7 +5666,6 @@ MOZ_OFFICIAL_BRANDING=$MOZ_OFFICIAL_BRANDING MOZ_BRANDING_DIRECTORY=$MOZ_BRANDING_DIRECTORY MC_BASILISK=$MC_BASILISK MC_PALEMOON=$MC_PALEMOON -MOZ_SANDBOX=$MOZ_SANDBOX MOZ_EME=$MOZ_EME MOZ_WEBRTC=$MOZ_WEBRTC MOZ_SYSTEM_LIBEVENT=$MOZ_SYSTEM_LIBEVENT diff --git a/security/sandbox/chromium/base/time/time.cc b/security/sandbox/chromium/base/time/time.cc index 9188887e27..76ffeb7441 100644 --- a/security/sandbox/chromium/base/time/time.cc +++ b/security/sandbox/chromium/base/time/time.cc @@ -242,7 +242,6 @@ Time Time::LocalMidnight() const { return FromLocalExploded(exploded); } -#if !defined(MOZ_SANDBOX) // static bool Time::FromStringInternal(const char* time_string, bool is_local, @@ -263,7 +262,6 @@ bool Time::FromStringInternal(const char* time_string, *parsed_time = Time(result_time); return true; } -#endif std::ostream& operator<<(std::ostream& os, Time time) { Time::Exploded exploded; diff --git a/security/sandbox/chromium/base/time/time.h b/security/sandbox/chromium/base/time/time.h index ea19d7ed9d..066d910833 100644 --- a/security/sandbox/chromium/base/time/time.h +++ b/security/sandbox/chromium/base/time/time.h @@ -522,7 +522,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> { return FromExploded(true, exploded); } -#if !defined(MOZ_SANDBOX) // Converts a string representation of time to a Time object. // An example of a time string which is converted is as below:- // "Tue, 15 Nov 1994 12:45:26 GMT". If the timezone is not specified @@ -537,7 +536,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> { static bool FromUTCString(const char* time_string, Time* parsed_time) { return FromStringInternal(time_string, false, parsed_time); } -#endif // Fills the given exploded structure with either the local time or UTC from // this time structure (containing UTC). @@ -565,7 +563,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> { // |is_local = true| or UTC |is_local = false|. static Time FromExploded(bool is_local, const Exploded& exploded); -#if !defined(MOZ_SANDBOX) // Converts a string representation of time to a Time object. // An example of a time string which is converted is as below:- // "Tue, 15 Nov 1994 12:45:26 GMT". If the timezone is not specified @@ -576,7 +573,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> { static bool FromStringInternal(const char* time_string, bool is_local, Time* parsed_time); -#endif }; // Inline the TimeDelta factory methods, for fast TimeDelta construction. diff --git a/toolkit/content/aboutSupport.js b/toolkit/content/aboutSupport.js index e9087dfcb0..7209b7ad04 100644 --- a/toolkit/content/aboutSupport.js +++ b/toolkit/content/aboutSupport.js @@ -497,26 +497,7 @@ var snapshotFormatters = { $("prefs-user-js-section").style.display = ""; // Clear the no-copy class $("prefs-user-js-section").className = ""; - }, - - sandbox: function sandbox(data) { - if (!AppConstants.MOZ_SANDBOX) - return; - - let strings = stringBundle(); - let tbody = $("sandbox-tbody"); - for (let key in data) { - // Simplify the display a little in the common case. - if (key === "hasPrivilegedUserNamespaces" && - data[key] === data["hasUserNamespaces"]) { - continue; - } - tbody.appendChild($.new("tr", [ - $.new("th", strings.GetStringFromName(key), "column"), - $.new("td", data[key]) - ])); - } - }, + } }; var $ = document.getElementById.bind(document); diff --git a/toolkit/content/aboutSupport.xhtml b/toolkit/content/aboutSupport.xhtml index 9574365a34..a92dcfb4ab 100644 --- a/toolkit/content/aboutSupport.xhtml +++ b/toolkit/content/aboutSupport.xhtml @@ -475,20 +475,6 @@ </tbody> </table> - - <!-- - - - - - - - - - - - - - - - - - - - - --> - -#if defined(MOZ_SANDBOX) - <h2 class="major-section" id="sandbox"> - &aboutSupport.sandboxTitle; - </h2> - - <table> - <tbody id="sandbox-tbody"> - </tbody> - </table> -#endif - </div> </body> diff --git a/toolkit/locales/en-US/chrome/global/aboutSupport.dtd b/toolkit/locales/en-US/chrome/global/aboutSupport.dtd index 9f64ef0f13..8459300c55 100644 --- a/toolkit/locales/en-US/chrome/global/aboutSupport.dtd +++ b/toolkit/locales/en-US/chrome/global/aboutSupport.dtd @@ -109,8 +109,6 @@ variant of aboutSupport.showDir.label. --> <!ENTITY aboutSupport.copyTextToClipboard.label "Copy text to clipboard"> <!ENTITY aboutSupport.copyRawDataToClipboard.label "Copy raw data to clipboard"> -<!ENTITY aboutSupport.sandboxTitle "Sandbox"> - <!ENTITY aboutSupport.safeModeTitle "Try Safe Mode"> <!ENTITY aboutSupport.restartInSafeMode.label "Restart with Add-ons Disabled…"> diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm index 405f23de8b..b4201ec673 100644 --- a/toolkit/modules/AppConstants.jsm +++ b/toolkit/modules/AppConstants.jsm @@ -81,13 +81,6 @@ this.AppConstants = Object.freeze({ false, #endif - MOZ_SANDBOX: -#ifdef MOZ_SANDBOX - true, -#else - false, -#endif - MOZ_TELEMETRY_REPORTING: #ifdef MOZ_TELEMETRY_REPORTING true, diff --git a/toolkit/modules/Troubleshoot.jsm b/toolkit/modules/Troubleshoot.jsm index 743a9c4192..e11d477746 100644 --- a/toolkit/modules/Troubleshoot.jsm +++ b/toolkit/modules/Troubleshoot.jsm @@ -530,23 +530,3 @@ var dataProviders = { } }; -if (AppConstants.MOZ_SANDBOX) { - dataProviders.sandbox = function sandbox(done) { - let data = {}; - if (AppConstants.platform == "linux") { - const keys = ["hasSeccompBPF", "hasSeccompTSync", - "hasPrivilegedUserNamespaces", "hasUserNamespaces", - "canSandboxContent", "canSandboxMedia"]; - - let sysInfo = Cc["@mozilla.org/system-info;1"]. - getService(Ci.nsIPropertyBag2); - for (let key of keys) { - if (sysInfo.hasKey(key)) { - data[key] = sysInfo.getPropertyAsBool(key); - } - } - } - - done(data); - } -} diff --git a/toolkit/toolkit.mozbuild b/toolkit/toolkit.mozbuild index b06c58162a..b67b491572 100644 --- a/toolkit/toolkit.mozbuild +++ b/toolkit/toolkit.mozbuild @@ -4,12 +4,8 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -if CONFIG['MOZ_SANDBOX']: - DIRS += ['/security/sandbox'] - DIRS += [ - # Depends on NSS and NSPR, and must be built after sandbox or else B2G emulator - # builds fail. + # Depends on NSS and NSPR '/security/certverifier', # Depends on certverifier '/security/apps', diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build index 7ada19d41a..55b59ca835 100644 --- a/toolkit/xre/moz.build +++ b/toolkit/xre/moz.build @@ -149,12 +149,6 @@ LOCAL_INCLUDES += [ '/xpcom/build', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', - ] - if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa': LOCAL_INCLUDES += [ '/widget', diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp index ddba0de617..2050b9671c 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp @@ -193,14 +193,6 @@ #include "GeneratedJNIWrappers.h" #endif -#if defined(MOZ_SANDBOX) -#if defined(XP_LINUX) && !defined(ANDROID) -#include "mozilla/SandboxInfo.h" -#elif defined(XP_WIN) -#include "SandboxBroker.h" -#endif -#endif - extern uint32_t gRestartMode; extern void InstallSignalHandlers(const char *ProgramName); @@ -2948,18 +2940,6 @@ XREMain::XRE_mainInit(bool* aExitFlag) if (NS_FAILED(rv)) return 1; -#if defined(MOZ_SANDBOX) && defined(XP_WIN) - if (mAppData->sandboxBrokerServices) { - SandboxBroker::Initialize(mAppData->sandboxBrokerServices); - Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, true); - } else { - Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, false); - // Otherwise just warn for the moment, as most things will work. - NS_WARNING("Failed to initialize broker services, sandboxed processes will " - "fail to start."); - } -#endif - #ifdef XP_MACOSX // Set up ability to respond to system (Apple) events. This must occur before // ProcessUpdates to ensure that links clicked in external applications aren't @@ -3902,24 +3882,6 @@ XREMain::XRE_mainRun() } #endif /* MOZ_INSTRUMENT_EVENT_LOOP */ -#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(MOZ_WIDGET_GONK) - // If we're on Linux, we now have information about the OS capabilities - // available to us. - SandboxInfo sandboxInfo = SandboxInfo::Get(); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_BPF, - sandboxInfo.Test(SandboxInfo::kHasSeccompBPF)); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_TSYNC, - sandboxInfo.Test(SandboxInfo::kHasSeccompTSync)); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES_PRIVILEGED, - sandboxInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces)); - Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES, - sandboxInfo.Test(SandboxInfo::kHasUserNamespaces)); - Telemetry::Accumulate(Telemetry::SANDBOX_CONTENT_ENABLED, - sandboxInfo.Test(SandboxInfo::kEnabledForContent)); - Telemetry::Accumulate(Telemetry::SANDBOX_MEDIA_ENABLED, - sandboxInfo.Test(SandboxInfo::kEnabledForMedia)); -#endif /* MOZ_SANDBOX && XP_LINUX && !MOZ_WIDGET_GONK */ - { rv = appStartup->Run(); if (NS_FAILED(rv)) { @@ -3985,10 +3947,6 @@ XREMain::XRE_main(int argc, char* argv[], const nsXREAppData* aAppData) // See bug 1279614. XRE_CreateStatsObject(); -#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(ANDROID) - SandboxInfo::ThreadingCheck(); -#endif - char aLocal; GeckoProfilerInitRAII profilerGuard(&aLocal); diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp index 5f5dda9396..a59299c8bc 100644 --- a/toolkit/xre/nsEmbedFunctions.cpp +++ b/toolkit/xre/nsEmbedFunctions.cpp @@ -75,11 +75,6 @@ #include "mozilla/Telemetry.h" -#if defined(MOZ_SANDBOX) && defined(XP_WIN) -#include "mozilla/sandboxTarget.h" -#include "mozilla/sandboxing/loggingCallbacks.h" -#endif - #ifdef MOZ_IPDL_TESTS #include "mozilla/_ipdltest/IPDLUnitTests.h" #include "mozilla/_ipdltest/IPDLUnitTestProcessChild.h" @@ -295,11 +290,6 @@ XRE_InitChildProcess(int aArgc, freopen("CONIN$", "r", stdin); } -#if defined(MOZ_SANDBOX) - if (aChildData->sandboxTargetServices) { - SandboxTarget::Instance()->SetTargetServices(aChildData->sandboxTargetServices); - } -#endif #endif // NB: This must be called before profiler_init @@ -565,12 +555,6 @@ XRE_InitChildProcess(int aArgc, ::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY); #endif -#if defined(MOZ_SANDBOX) && defined(XP_WIN) - // We need to do this after the process has been initialised, as - // InitLoggingIfRequired may need access to prefs. - mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction); -#endif - OverrideDefaultLocaleIfNeeded(); // Run the UI event loop on the main thread. diff --git a/xpcom/base/nsSystemInfo.cpp b/xpcom/base/nsSystemInfo.cpp index f6d9fd5ad3..a72dd38269 100644 --- a/xpcom/base/nsSystemInfo.cpp +++ b/xpcom/base/nsSystemInfo.cpp @@ -66,10 +66,6 @@ NS_EXPORT int android_sdk_version; #include <sys/sysctl.h> #endif -#if defined(XP_LINUX) && defined(MOZ_SANDBOX) -#include "mozilla/SandboxInfo.h" -#endif - // Slot for NS_InitXPCOM2 to pass information to nsSystemInfo::Init. // Only set to nonzero (potentially) if XP_UNIX. On such systems, the // system call to discover the appropriate value is not thread-safe, @@ -789,29 +785,6 @@ nsSystemInfo::Init() } #endif -#if defined(XP_LINUX) && defined(MOZ_SANDBOX) - SandboxInfo sandInfo = SandboxInfo::Get(); - - SetPropertyAsBool(NS_LITERAL_STRING("hasSeccompBPF"), - sandInfo.Test(SandboxInfo::kHasSeccompBPF)); - SetPropertyAsBool(NS_LITERAL_STRING("hasSeccompTSync"), - sandInfo.Test(SandboxInfo::kHasSeccompTSync)); - SetPropertyAsBool(NS_LITERAL_STRING("hasUserNamespaces"), - sandInfo.Test(SandboxInfo::kHasUserNamespaces)); - SetPropertyAsBool(NS_LITERAL_STRING("hasPrivilegedUserNamespaces"), - sandInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces)); - - if (sandInfo.Test(SandboxInfo::kEnabledForContent)) { - SetPropertyAsBool(NS_LITERAL_STRING("canSandboxContent"), - sandInfo.CanSandboxContent()); - } - - if (sandInfo.Test(SandboxInfo::kEnabledForMedia)) { - SetPropertyAsBool(NS_LITERAL_STRING("canSandboxMedia"), - sandInfo.CanSandboxMedia()); - } -#endif // XP_LINUX && MOZ_SANDBOX - return NS_OK; } diff --git a/xpcom/build/XREChildData.h b/xpcom/build/XREChildData.h index 487fede940..96b297d3c2 100644 --- a/xpcom/build/XREChildData.h +++ b/xpcom/build/XREChildData.h @@ -9,14 +9,6 @@ #include "mozilla/UniquePtr.h" -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -#include "mozilla/sandboxing/loggingTypes.h" - -namespace sandbox { -class TargetServices; -} -#endif - namespace mozilla { namespace gmp { class GMPLoader; @@ -35,17 +27,6 @@ struct XREChildData mozilla::UniquePtr<mozilla::gmp::GMPLoader> gmpLoader; #endif -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - /** - * Chromium sandbox TargetServices. - */ - sandbox::TargetServices* sandboxTargetServices = nullptr; - - /** - * Function to provide a logging function to the chromium sandbox code. - */ - mozilla::sandboxing::ProvideLogFunctionCb ProvideLogFunction = nullptr; -#endif }; #endif // XREChildData_h diff --git a/xpcom/build/XREShellData.h b/xpcom/build/XREShellData.h index 11bc162d9c..f734b1d74a 100644 --- a/xpcom/build/XREShellData.h +++ b/xpcom/build/XREShellData.h @@ -7,23 +7,11 @@ #ifndef XREShellData_h #define XREShellData_h -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -namespace sandbox { -class BrokerServices; -} -#endif - /** * Data needed by XRE_XPCShellMain. */ struct XREShellData { -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - /** - * Chromium sandbox BrokerServices. - */ - sandbox::BrokerServices* sandboxBrokerServices; -#endif }; #endif // XREShellData_h diff --git a/xpcom/build/nsXREAppData.h b/xpcom/build/nsXREAppData.h index fbc7adb8fc..129336ac95 100644 --- a/xpcom/build/nsXREAppData.h +++ b/xpcom/build/nsXREAppData.h @@ -12,12 +12,6 @@ class nsIFile; -#if defined(XP_WIN) && defined(MOZ_SANDBOX) -namespace sandbox { -class BrokerServices; -} -#endif - /** * Application-specific data needed to start the apprunner. * @@ -134,13 +128,6 @@ struct nsXREAppData * The application name to use in the User Agent string. */ const char* UAName; - -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - /** - * Chromium sandbox BrokerServices. - */ - sandbox::BrokerServices* sandboxBrokerServices; -#endif }; /** diff --git a/xpcom/glue/AppData.cpp b/xpcom/glue/AppData.cpp index 845267e60d..2fdb6b009c 100644 --- a/xpcom/glue/AppData.cpp +++ b/xpcom/glue/AppData.cpp @@ -65,10 +65,6 @@ ScopedAppData::ScopedAppData(const nsXREAppData* aAppData) if (aAppData->size > offsetof(nsXREAppData, UAName)) { SetAllocatedString(this->UAName, aAppData->UAName); } - -#if defined(XP_WIN) && defined(MOZ_SANDBOX) - sandboxBrokerServices = aAppData->sandboxBrokerServices; -#endif } ScopedAppData::~ScopedAppData() |