summaryrefslogtreecommitdiff
path: root/toolkit
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-05-04 09:09:10 +0200
committerGitHub <noreply@github.com>2018-05-04 09:09:10 +0200
commit52ca144ff3c40f553c638c288b0b6b03144f1a49 (patch)
tree7b786de2b175122814a53232268b1147a8bd0bfb /toolkit
parent693bd69e49ff9f2e2d6f7057cb570aa488aca4db (diff)
parent42fdbd25874a9d590513a6873411bc10d2cf80fe (diff)
downloaduxp-52ca144ff3c40f553c638c288b0b6b03144f1a49.tar.gz
Merge pull request #323 from MoonchildProductions/nuke-sandbox
Nuke sandbox
Diffstat (limited to 'toolkit')
-rw-r--r--toolkit/content/aboutSupport.js21
-rw-r--r--toolkit/content/aboutSupport.xhtml14
-rw-r--r--toolkit/crashreporter/nsExceptionHandler.cpp12
-rw-r--r--toolkit/locales/en-US/chrome/global/aboutSupport.dtd2
-rw-r--r--toolkit/locales/en-US/chrome/global/aboutSupport.properties8
-rw-r--r--toolkit/modules/AppConstants.jsm14
-rw-r--r--toolkit/modules/Troubleshoot.jsm25
-rw-r--r--toolkit/modules/tests/browser/browser_Troubleshoot.js4
-rw-r--r--toolkit/toolkit.mozbuild6
-rw-r--r--toolkit/xre/moz.build6
-rw-r--r--toolkit/xre/nsAppRunner.cpp53
-rw-r--r--toolkit/xre/nsEmbedFunctions.cpp38
-rw-r--r--toolkit/xre/nsXREDirProvider.cpp205
-rw-r--r--toolkit/xre/nsXREDirProvider.h9
14 files changed, 2 insertions, 415 deletions
diff --git a/toolkit/content/aboutSupport.js b/toolkit/content/aboutSupport.js
index e9087dfcb0..7209b7ad04 100644
--- a/toolkit/content/aboutSupport.js
+++ b/toolkit/content/aboutSupport.js
@@ -497,26 +497,7 @@ var snapshotFormatters = {
$("prefs-user-js-section").style.display = "";
// Clear the no-copy class
$("prefs-user-js-section").className = "";
- },
-
- sandbox: function sandbox(data) {
- if (!AppConstants.MOZ_SANDBOX)
- return;
-
- let strings = stringBundle();
- let tbody = $("sandbox-tbody");
- for (let key in data) {
- // Simplify the display a little in the common case.
- if (key === "hasPrivilegedUserNamespaces" &&
- data[key] === data["hasUserNamespaces"]) {
- continue;
- }
- tbody.appendChild($.new("tr", [
- $.new("th", strings.GetStringFromName(key), "column"),
- $.new("td", data[key])
- ]));
- }
- },
+ }
};
var $ = document.getElementById.bind(document);
diff --git a/toolkit/content/aboutSupport.xhtml b/toolkit/content/aboutSupport.xhtml
index 9574365a34..a92dcfb4ab 100644
--- a/toolkit/content/aboutSupport.xhtml
+++ b/toolkit/content/aboutSupport.xhtml
@@ -475,20 +475,6 @@
</tbody>
</table>
-
- <!-- - - - - - - - - - - - - - - - - - - - - -->
-
-#if defined(MOZ_SANDBOX)
- <h2 class="major-section" id="sandbox">
- &aboutSupport.sandboxTitle;
- </h2>
-
- <table>
- <tbody id="sandbox-tbody">
- </tbody>
- </table>
-#endif
-
</div>
</body>
diff --git a/toolkit/crashreporter/nsExceptionHandler.cpp b/toolkit/crashreporter/nsExceptionHandler.cpp
index 1e07431927..bab3efd872 100644
--- a/toolkit/crashreporter/nsExceptionHandler.cpp
+++ b/toolkit/crashreporter/nsExceptionHandler.cpp
@@ -3417,22 +3417,10 @@ OOPInit()
#if (defined(XP_WIN) || defined(XP_MACOSX))
nsCOMPtr<nsIFile> tmpDir;
-# if defined(MOZ_CONTENT_SANDBOX)
- nsresult rv = NS_GetSpecialDirectory(NS_APP_CONTENT_PROCESS_TEMP_DIR,
- getter_AddRefs(tmpDir));
- if (NS_FAILED(rv) && PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR")) {
- // Temporary hack for xpcshell, will be fixed in bug 1257098
- rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(tmpDir));
- }
- if (NS_SUCCEEDED(rv)) {
- childProcessTmpDir = CreatePathFromFile(tmpDir);
- }
-# else
if (NS_SUCCEEDED(NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
getter_AddRefs(tmpDir)))) {
childProcessTmpDir = CreatePathFromFile(tmpDir);
}
-# endif // defined(MOZ_CONTENT_SANDBOX)
#endif // (defined(XP_WIN) || defined(XP_MACOSX))
#if defined(XP_WIN)
diff --git a/toolkit/locales/en-US/chrome/global/aboutSupport.dtd b/toolkit/locales/en-US/chrome/global/aboutSupport.dtd
index 9f64ef0f13..8459300c55 100644
--- a/toolkit/locales/en-US/chrome/global/aboutSupport.dtd
+++ b/toolkit/locales/en-US/chrome/global/aboutSupport.dtd
@@ -109,8 +109,6 @@ variant of aboutSupport.showDir.label. -->
<!ENTITY aboutSupport.copyTextToClipboard.label "Copy text to clipboard">
<!ENTITY aboutSupport.copyRawDataToClipboard.label "Copy raw data to clipboard">
-<!ENTITY aboutSupport.sandboxTitle "Sandbox">
-
<!ENTITY aboutSupport.safeModeTitle "Try Safe Mode">
<!ENTITY aboutSupport.restartInSafeMode.label "Restart with Add-ons Disabled…">
diff --git a/toolkit/locales/en-US/chrome/global/aboutSupport.properties b/toolkit/locales/en-US/chrome/global/aboutSupport.properties
index 41501c01be..0bc612b795 100644
--- a/toolkit/locales/en-US/chrome/global/aboutSupport.properties
+++ b/toolkit/locales/en-US/chrome/global/aboutSupport.properties
@@ -91,14 +91,6 @@ gpuProcessKillButton = Terminate GPU Process
minLibVersions = Expected minimum version
loadedLibVersions = Version in use
-hasSeccompBPF = Seccomp-BPF (System Call Filtering)
-hasSeccompTSync = Seccomp Thread Synchronization
-hasUserNamespaces = User Namespaces
-hasPrivilegedUserNamespaces = User Namespaces for privileged processes
-canSandboxContent = Content Process Sandboxing
-canSandboxMedia = Media Plugin Sandboxing
-contentSandboxLevel = Content Process Sandbox Level
-
# LOCALIZATION NOTE %1$S and %2$S will be replaced with the number of remote and the total number
# of windows, respectively, while %3$S will be replaced with one of the status strings below,
# which contains a description of the multi-process preference and status.
diff --git a/toolkit/modules/AppConstants.jsm b/toolkit/modules/AppConstants.jsm
index 2b18f3c1aa..b4201ec673 100644
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -81,20 +81,6 @@ this.AppConstants = Object.freeze({
false,
#endif
- MOZ_SANDBOX:
-#ifdef MOZ_SANDBOX
- true,
-#else
- false,
-#endif
-
- MOZ_CONTENT_SANDBOX:
-#ifdef MOZ_CONTENT_SANDBOX
- true,
-#else
- false,
-#endif
-
MOZ_TELEMETRY_REPORTING:
#ifdef MOZ_TELEMETRY_REPORTING
true,
diff --git a/toolkit/modules/Troubleshoot.jsm b/toolkit/modules/Troubleshoot.jsm
index 60f7e86667..e11d477746 100644
--- a/toolkit/modules/Troubleshoot.jsm
+++ b/toolkit/modules/Troubleshoot.jsm
@@ -530,28 +530,3 @@ var dataProviders = {
}
};
-if (AppConstants.MOZ_SANDBOX) {
- dataProviders.sandbox = function sandbox(done) {
- let data = {};
- if (AppConstants.platform == "linux") {
- const keys = ["hasSeccompBPF", "hasSeccompTSync",
- "hasPrivilegedUserNamespaces", "hasUserNamespaces",
- "canSandboxContent", "canSandboxMedia"];
-
- let sysInfo = Cc["@mozilla.org/system-info;1"].
- getService(Ci.nsIPropertyBag2);
- for (let key of keys) {
- if (sysInfo.hasKey(key)) {
- data[key] = sysInfo.getPropertyAsBool(key);
- }
- }
- }
-
- if (AppConstants.MOZ_CONTENT_SANDBOX) {
- data.contentSandboxLevel =
- Services.prefs.getIntPref("security.sandbox.content.level");
- }
-
- done(data);
- }
-}
diff --git a/toolkit/modules/tests/browser/browser_Troubleshoot.js b/toolkit/modules/tests/browser/browser_Troubleshoot.js
index 34c2a27916..7f0069dc91 100644
--- a/toolkit/modules/tests/browser/browser_Troubleshoot.js
+++ b/toolkit/modules/tests/browser/browser_Troubleshoot.js
@@ -469,10 +469,6 @@ const SNAPSHOT_SCHEMA = {
required: false,
type: "boolean"
},
- contentSandboxLevel: {
- required: AppConstants.MOZ_CONTENT_SANDBOX,
- type: "number"
- },
},
},
},
diff --git a/toolkit/toolkit.mozbuild b/toolkit/toolkit.mozbuild
index b06c58162a..b67b491572 100644
--- a/toolkit/toolkit.mozbuild
+++ b/toolkit/toolkit.mozbuild
@@ -4,12 +4,8 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-if CONFIG['MOZ_SANDBOX']:
- DIRS += ['/security/sandbox']
-
DIRS += [
- # Depends on NSS and NSPR, and must be built after sandbox or else B2G emulator
- # builds fail.
+ # Depends on NSS and NSPR
'/security/certverifier',
# Depends on certverifier
'/security/apps',
diff --git a/toolkit/xre/moz.build b/toolkit/xre/moz.build
index 7ada19d41a..55b59ca835 100644
--- a/toolkit/xre/moz.build
+++ b/toolkit/xre/moz.build
@@ -149,12 +149,6 @@ LOCAL_INCLUDES += [
'/xpcom/build',
]
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
- LOCAL_INCLUDES += [
- '/security/sandbox/chromium',
- '/security/sandbox/chromium-shim',
- ]
-
if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
LOCAL_INCLUDES += [
'/widget',
diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
index 3493cd8374..2050b9671c 100644
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -106,10 +106,6 @@
#endif
#endif
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-#include "nsIUUIDGenerator.h"
-#endif
-
#ifdef ACCESSIBILITY
#include "nsAccessibilityService.h"
#if defined(XP_WIN)
@@ -197,14 +193,6 @@
#include "GeneratedJNIWrappers.h"
#endif
-#if defined(MOZ_SANDBOX)
-#if defined(XP_LINUX) && !defined(ANDROID)
-#include "mozilla/SandboxInfo.h"
-#elif defined(XP_WIN)
-#include "SandboxBroker.h"
-#endif
-#endif
-
extern uint32_t gRestartMode;
extern void InstallSignalHandlers(const char *ProgramName);
@@ -2952,25 +2940,6 @@ XREMain::XRE_mainInit(bool* aExitFlag)
if (NS_FAILED(rv))
return 1;
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
- if (mAppData->sandboxBrokerServices) {
- SandboxBroker::Initialize(mAppData->sandboxBrokerServices);
- Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, true);
- } else {
- Telemetry::Accumulate(Telemetry::SANDBOX_BROKER_INITIALIZED, false);
-#if defined(MOZ_CONTENT_SANDBOX)
- // If we're sandboxing content and we fail to initialize, then crashing here
- // seems like the sensible option.
- if (BrowserTabsRemoteAutostart()) {
- MOZ_CRASH("Failed to initialize broker services, can't continue.");
- }
-#endif
- // Otherwise just warn for the moment, as most things will work.
- NS_WARNING("Failed to initialize broker services, sandboxed processes will "
- "fail to start.");
- }
-#endif
-
#ifdef XP_MACOSX
// Set up ability to respond to system (Apple) events. This must occur before
// ProcessUpdates to ensure that links clicked in external applications aren't
@@ -3913,24 +3882,6 @@ XREMain::XRE_mainRun()
}
#endif /* MOZ_INSTRUMENT_EVENT_LOOP */
-#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(MOZ_WIDGET_GONK)
- // If we're on Linux, we now have information about the OS capabilities
- // available to us.
- SandboxInfo sandboxInfo = SandboxInfo::Get();
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_BPF,
- sandboxInfo.Test(SandboxInfo::kHasSeccompBPF));
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_SECCOMP_TSYNC,
- sandboxInfo.Test(SandboxInfo::kHasSeccompTSync));
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES_PRIVILEGED,
- sandboxInfo.Test(SandboxInfo::kHasPrivilegedUserNamespaces));
- Telemetry::Accumulate(Telemetry::SANDBOX_HAS_USER_NAMESPACES,
- sandboxInfo.Test(SandboxInfo::kHasUserNamespaces));
- Telemetry::Accumulate(Telemetry::SANDBOX_CONTENT_ENABLED,
- sandboxInfo.Test(SandboxInfo::kEnabledForContent));
- Telemetry::Accumulate(Telemetry::SANDBOX_MEDIA_ENABLED,
- sandboxInfo.Test(SandboxInfo::kEnabledForMedia));
-#endif /* MOZ_SANDBOX && XP_LINUX && !MOZ_WIDGET_GONK */
-
{
rv = appStartup->Run();
if (NS_FAILED(rv)) {
@@ -3996,10 +3947,6 @@ XREMain::XRE_main(int argc, char* argv[], const nsXREAppData* aAppData)
// See bug 1279614.
XRE_CreateStatsObject();
-#if defined(MOZ_SANDBOX) && defined(XP_LINUX) && !defined(ANDROID)
- SandboxInfo::ThreadingCheck();
-#endif
-
char aLocal;
GeckoProfilerInitRAII profilerGuard(&aLocal);
diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
index 4a612e4958..a59299c8bc 100644
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -75,15 +75,6 @@
#include "mozilla/Telemetry.h"
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
-#include "mozilla/sandboxTarget.h"
-#include "mozilla/sandboxing/loggingCallbacks.h"
-#endif
-
-#if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK)
-#include "mozilla/Preferences.h"
-#endif
-
#ifdef MOZ_IPDL_TESTS
#include "mozilla/_ipdltest/IPDLUnitTests.h"
#include "mozilla/_ipdltest/IPDLUnitTestProcessChild.h"
@@ -299,11 +290,6 @@ XRE_InitChildProcess(int aArgc,
freopen("CONIN$", "r", stdin);
}
-#if defined(MOZ_SANDBOX)
- if (aChildData->sandboxTargetServices) {
- SandboxTarget::Instance()->SetTargetServices(aChildData->sandboxTargetServices);
- }
-#endif
#endif
// NB: This must be called before profiler_init
@@ -519,11 +505,6 @@ XRE_InitChildProcess(int aArgc,
// If passed in grab the application path for xpcom init
bool foundAppdir = false;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- // If passed in grab the profile path for sandboxing
- bool foundProfile = false;
-#endif
-
for (int idx = aArgc; idx > 0; idx--) {
if (aArgv[idx] && !strcmp(aArgv[idx], "-appdir")) {
MOZ_ASSERT(!foundAppdir);
@@ -539,19 +520,6 @@ XRE_InitChildProcess(int aArgc,
if (aArgv[idx] && !strcmp(aArgv[idx], "-safeMode")) {
gSafeMode = true;
}
-
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
- if (aArgv[idx] && !strcmp(aArgv[idx], "-profile")) {
- MOZ_ASSERT(!foundProfile);
- if (foundProfile) {
- continue;
- }
- nsCString profile;
- profile.Assign(nsDependentCString(aArgv[idx+1]));
- static_cast<ContentProcess*>(process.get())->SetProfile(profile);
- foundProfile = true;
- }
-#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
}
}
break;
@@ -587,12 +555,6 @@ XRE_InitChildProcess(int aArgc,
::SetProcessShutdownParameters(0x280 - 1, SHUTDOWN_NORETRY);
#endif
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
- // We need to do this after the process has been initialised, as
- // InitLoggingIfRequired may need access to prefs.
- mozilla::sandboxing::InitLoggingIfRequired(aChildData->ProvideLogFunction);
-#endif
-
OverrideDefaultLocaleIfNeeded();
// Run the UI event loop on the main thread.
diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
index 09168319fc..04e2e1ebfd 100644
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -62,11 +62,6 @@
#include "UIKitDirProvider.h"
#endif
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-#include "nsIUUIDGenerator.h"
-#include "mozilla/Unused.h"
-#endif
-
#if defined(XP_MACOSX)
#define APP_REGISTRY_NAME "Application Registry"
#elif defined(XP_WIN)
@@ -77,14 +72,6 @@
#define PREF_OVERRIDE_DIRNAME "preferences"
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-static already_AddRefed<nsIFile> GetContentProcessSandboxTempDir();
-static nsresult DeleteDirIfExists(nsIFile *dir);
-static bool IsContentSandboxDisabled();
-static const char* GetContentProcessTempBaseDirKey();
-static already_AddRefed<nsIFile> CreateContentProcessSandboxTempDir();
-#endif
-
static already_AddRefed<nsIFile>
CloneAndAppend(nsIFile* aFile, const char* name)
{
@@ -495,14 +482,6 @@ nsXREDirProvider::GetFile(const char* aProperty, bool* aPersistent,
bool unused;
rv = dirsvc->GetFile("XCurProcD", &unused, getter_AddRefs(file));
}
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) {
- if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) {
- return rv;
- }
- rv = mContentTempDir->Clone(getter_AddRefs(file));
- }
-#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) {
// We need to allow component, xpt, and chrome registration to
// occur prior to the profile-after-change notification.
@@ -729,176 +708,6 @@ LoadExtensionDirectories(nsINIParser &parser,
while (true);
}
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
-
-static const char*
-GetContentProcessTempBaseDirKey()
-{
-#if defined(XP_WIN)
- return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
-#else
- return NS_OS_TEMP_DIR;
-#endif
-}
-
-//
-// Sets mContentTempDir so that it refers to the appropriate temp dir.
-// If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
-// NS_OS_TEMP_DIR is used.
-//
-nsresult
-nsXREDirProvider::LoadContentProcessTempDir()
-{
- mContentTempDir = GetContentProcessSandboxTempDir();
- if (mContentTempDir) {
- return NS_OK;
- } else {
- return NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
- getter_AddRefs(mContentTempDir));
- }
-}
-
-static bool
-IsContentSandboxDisabled()
-{
- bool isSandboxDisabled = false;
- if (!BrowserTabsRemoteAutostart()) {
- return false;
- }
-#if defined(XP_WIN) || defined(XP_MACOSX)
- isSandboxDisabled = Preferences::GetInt("security.sandbox.content.level") < 1;
-#endif
- return isSandboxDisabled;
-}
-
-//
-// If a content process sandbox temp dir is to be used, returns an nsIFile
-// for the directory. Returns null if the content sandbox is disabled or
-// an error occurs.
-//
-static already_AddRefed<nsIFile>
-GetContentProcessSandboxTempDir()
-{
- if (IsContentSandboxDisabled()) {
- return nullptr;
- }
-
- nsCOMPtr<nsIFile> localFile;
-
- nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(),
- getter_AddRefs(localFile));
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- nsAutoString tempDirSuffix;
- rv = Preferences::GetString("security.sandbox.content.tempDirSuffix",
- &tempDirSuffix);
- if (NS_WARN_IF(NS_FAILED(rv)) || tempDirSuffix.IsEmpty()) {
- return nullptr;
- }
-
- rv = localFile->Append(NS_LITERAL_STRING("Temp-") + tempDirSuffix);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- return localFile.forget();
-}
-
-//
-// Create a temporary directory for use from sandboxed content processes.
-// Only called in the parent. The path is derived from a UUID stored in a
-// pref which is available to content processes. Returns null if the
-// content sandbox is disabled or if an error occurs.
-//
-static already_AddRefed<nsIFile>
-CreateContentProcessSandboxTempDir()
-{
- if (IsContentSandboxDisabled()) {
- return nullptr;
- }
-
- // Get (and create if blank) temp directory suffix pref.
- nsresult rv;
- nsAdoptingString tempDirSuffix =
- Preferences::GetString("security.sandbox.content.tempDirSuffix");
- if (tempDirSuffix.IsEmpty()) {
- nsCOMPtr<nsIUUIDGenerator> uuidgen =
- do_GetService("@mozilla.org/uuid-generator;1", &rv);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- nsID uuid;
- rv = uuidgen->GenerateUUIDInPlace(&uuid);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
- }
-
- char uuidChars[NSID_LENGTH];
- uuid.ToProvidedString(uuidChars);
- tempDirSuffix.AssignASCII(uuidChars);
-
- // Save the pref
- rv = Preferences::SetCString("security.sandbox.content.tempDirSuffix",
- uuidChars);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- // If we fail to save the pref we don't want to create the temp dir,
- // because we won't be able to clean it up later.
- return nullptr;
- }
-
- nsCOMPtr<nsIPrefService> prefsvc = Preferences::GetService();
- if (!prefsvc || NS_FAILED((rv = prefsvc->SavePrefFile(nullptr)))) {
- // Again, if we fail to save the pref file we might not be able to clean
- // up the temp directory, so don't create one.
- NS_WARNING("Failed to save pref file, cannot create temp dir.");
- return nullptr;
- }
- }
-
- nsCOMPtr<nsIFile> sandboxTempDir = GetContentProcessSandboxTempDir();
- if (!sandboxTempDir) {
- NS_WARNING("Failed to determine sandbox temp dir path.");
- return nullptr;
- }
-
- // Remove the directory. It may exist due to a previous crash.
- if (NS_FAILED(DeleteDirIfExists(sandboxTempDir))) {
- NS_WARNING("Failed to reset sandbox temp dir.");
- return nullptr;
- }
-
- // Create the directory
- rv = sandboxTempDir->Create(nsIFile::DIRECTORY_TYPE, 0700);
- if (NS_FAILED(rv)) {
- NS_WARNING("Failed to create sandbox temp dir.");
- return nullptr;
- }
-
- return sandboxTempDir.forget();
-}
-
-static nsresult
-DeleteDirIfExists(nsIFile* dir)
-{
- if (dir) {
- // Don't return an error if the directory doesn't exist.
- // Windows Remove() returns NS_ERROR_FILE_NOT_FOUND while
- // OS X returns NS_ERROR_FILE_TARGET_DOES_NOT_EXIST.
- nsresult rv = dir->Remove(/* aRecursive */ true);
- if (NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND &&
- rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
- return rv;
- }
- }
- return NS_OK;
-}
-
-#endif // (defined(XP_WIN) || defined(XP_MACOSX)) &&
- // defined(MOZ_CONTENT_SANDBOX)
-
void
nsXREDirProvider::LoadExtensionBundleDirectories()
{
@@ -1203,14 +1012,6 @@ nsXREDirProvider::DoStartup()
}
obsSvc->NotifyObservers(nullptr, "profile-initial-state", nullptr);
-
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- // The parent is responsible for creating the sandbox temp dir
- if (XRE_IsParentProcess()) {
- mContentProcessSandboxTempDir = CreateContentProcessSandboxTempDir();
- mContentTempDir = mContentProcessSandboxTempDir;
- }
-#endif
}
return NS_OK;
}
@@ -1221,12 +1022,6 @@ nsXREDirProvider::DoShutdown()
PROFILER_LABEL_FUNC(js::ProfileEntry::Category::OTHER);
if (mProfileNotified) {
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- if (XRE_IsParentProcess()) {
- Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
- }
-#endif
-
nsCOMPtr<nsIObserverService> obsSvc =
mozilla::services::GetObserverService();
NS_ASSERTION(obsSvc, "No observer service?");
diff --git a/toolkit/xre/nsXREDirProvider.h b/toolkit/xre/nsXREDirProvider.h
index 7ec64da787..1190cc7081 100644
--- a/toolkit/xre/nsXREDirProvider.h
+++ b/toolkit/xre/nsXREDirProvider.h
@@ -121,11 +121,6 @@ protected:
// delimiters.
static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath);
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- // Load the temp directory for sandboxed content processes
- nsresult LoadContentProcessTempDir();
-#endif
-
// Calculate and register extension and theme bundle directories.
void LoadExtensionBundleDirectories();
@@ -146,10 +141,6 @@ protected:
nsCOMPtr<nsIFile> mProfileDir;
nsCOMPtr<nsIFile> mProfileLocalDir;
bool mProfileNotified;
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
- nsCOMPtr<nsIFile> mContentTempDir;
- nsCOMPtr<nsIFile> mContentProcessSandboxTempDir;
-#endif
nsCOMArray<nsIFile> mAppBundleDirectories;
nsCOMArray<nsIFile> mExtensionDirectories;
nsCOMArray<nsIFile> mThemeDirectories;