Bug 1375863 - fold MOZ_CONTENT_SANDBOX and MOZ_GMP_SANDBOX into MOZ_SANDBOX; r=jld,firefox-build-system-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D22975

--HG--
extra : moz-landing-system : lando

accessible/ipc/DocAccessibleParent.cpp

@@ -732,9 +732,9 @@ void DocAccessibleParent::SendParentCOMProxy() {
     return;
   }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   mParentProxyStream = holder.GetPreservedStream();
-#  endif  // defined(MOZ_CONTENT_SANDBOX)
+#  endif  // defined(MOZ_SANDBOX)
 }
 
 void DocAccessibleParent::SetEmulatedWindowHandle(HWND aWindowHandle) {
@@ -746,7 +746,7 @@ void DocAccessibleParent::SetEmulatedWindowHandle(HWND aWindowHandle) {
 
 mozilla::ipc::IPCResult DocAccessibleParent::RecvGetWindowedPluginIAccessible(
     const WindowsHandle& aHwnd, IAccessibleHolder* aPluginCOMProxy) {
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // We don't actually want the accessible object for aHwnd, but rather the
   // one that belongs to its child (see HTMLWin32ObjectAccessible).
   HWND childWnd = ::GetWindow(reinterpret_cast<HWND>(aHwnd), GW_CHILD);

accessible/ipc/DocAccessibleParent.h

@@ -257,9 +257,9 @@ class DocAccessibleParent : public ProxyAccessible,
   // The handle associated with the emulated window that contains this document
   HWND mEmulatedWindowHandle;
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   mscom::PreservedStreamPtr mParentProxyStream;
-#  endif  // defined(MOZ_CONTENT_SANDBOX)
+#  endif  // defined(MOZ_SANDBOX)
 #endif    // defined(XP_WIN)
 
   /*

accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp

@@ -53,7 +53,7 @@ HTMLWin32ObjectAccessible::HTMLWin32ObjectAccessible(void* aHwnd,
     : DummyAccessible(aDoc) {
   mHwnd = aHwnd;
   if (mHwnd) {
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     if (XRE_IsContentProcess()) {
       DocAccessibleChild* ipcDoc = aDoc->IPCDoc();
       MOZ_ASSERT(ipcDoc);
@@ -81,7 +81,7 @@ HTMLWin32ObjectAccessible::HTMLWin32ObjectAccessible(void* aHwnd,
 }
 
 void HTMLWin32ObjectAccessible::GetNativeInterface(void** aNativeAccessible) {
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   if (XRE_IsContentProcess()) {
     RefPtr<IAccessible> addRefed = mCOMProxy.get();
     addRefed.forget(aNativeAccessible);

accessible/windows/msaa/HTMLWin32ObjectAccessible.h

@@ -8,7 +8,7 @@
 
 #include "BaseAccessibles.h"
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/mscom/Ptr.h"
 #endif
 
@@ -57,7 +57,7 @@ class HTMLWin32ObjectAccessible : public DummyAccessible {
 
  protected:
   void* mHwnd;
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   mscom::ProxyUniquePtr<IAccessible> mCOMProxy;
 #endif
 };

browser/app/nsBrowserApp.cpp

@@ -196,12 +196,10 @@ static int do_main(int argc, char* argv[], char* envp[]) {
       sandboxing::GetInitializedBrokerServices();
   sandboxing::PermissionsService* permissionsService =
       sandboxing::GetPermissionsService();
-#  if defined(MOZ_CONTENT_SANDBOX)
   if (!brokerServices) {
     Output("Couldn't initialize the broker services.\n");
     return 255;
   }
-#  endif
   config.sandboxBrokerServices = brokerServices;
   config.sandboxPermissionsService = permissionsService;
 #endif

browser/app/profile/firefox.js

@@ -1025,7 +1025,6 @@ pref("dom.ipc.plugins.sandbox-level.flash", 3);
 pref("dom.ipc.plugins.sandbox-level.flash", 0);
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
 // This controls the strength of the Windows content process sandbox for testing
 // purposes. This will require a restart.
 // On windows these levels are:
@@ -1038,7 +1037,6 @@ pref("security.sandbox.content.level", 5);
 // process because the only other sandbox (for GMP) has too strict a policy to
 // allow stack tracing.  This does not require a restart to take effect.
 pref("security.sandbox.windows.log.stackTraceDepth", 0);
-#endif
 
 // This controls the strength of the Windows GPU process sandbox.  Changes
 // will require restart.
@@ -1059,9 +1057,7 @@ pref("security.sandbox.gmp.win32k-disable", false);
 // Start the Mac sandbox early during child process startup instead
 // of when messaged by the parent after the message loop is running.
 pref("security.sandbox.content.mac.earlyinit", true);
-#endif
 
-#if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // This pref is discussed in bug 1083344, the naming is inspired from its
 // Windows counterpart, but on Mac it's an integer which means:
 // 0 -> "no sandbox" (nightly only)
@@ -1077,9 +1073,7 @@ pref("security.sandbox.content.mac.earlyinit", true);
 // process is killed when all windows are closed, so a change will take effect
 // when the 1st window is opened.
 pref("security.sandbox.content.level", 3);
-#endif
 
-#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 // Prefs for controlling whether and how the Mac NPAPI Flash plugin process is
 // sandboxed. On Mac these levels are:
 // 0 - "no sandbox"
@@ -1099,7 +1093,7 @@ pref("dom.ipc.plugins.sandbox-level.flash.max-legacy-os-minor", 10);
 pref("dom.ipc.plugins.sandbox-level.default", 1);
 #endif
 
-#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 // This pref is introduced as part of bug 742434, the naming is inspired from
 // its Windows/Mac counterpart, but on Linux it's an integer which means:
 // 0 -> "no sandbox"
@@ -1122,23 +1116,17 @@ pref("security.sandbox.content.syscall_whitelist", "");
 // default pledge strings for the main & content processes, cf bug 1457092
 // broad list for now, has to be refined over time
 pref("security.sandbox.pledge.main", "stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast");
-#if defined(MOZ_CONTENT_SANDBOX)
 pref("security.sandbox.content.level", 1);
 pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
 #endif
-#endif
 
 #if defined(MOZ_SANDBOX)
-#if defined(MOZ_CONTENT_SANDBOX)
 // ID (a UUID when set by gecko) that is used to form the name of a
 // sandbox-writable temporary directory to be used by content processes
 // when a temporary writable file is required in a level 1 sandbox.
 pref("security.sandbox.content.tempDirSuffix", "");
-#endif
 pref("security.sandbox.plugin.tempDirSuffix", "");
-#endif
 
-#if defined(MOZ_SANDBOX)
 // This pref determines if messages relevant to sandbox violations are
 // logged.
 #if defined(XP_WIN) || defined(XP_MACOSX)

dom/ipc/ContentChild.cpp

@@ -112,7 +112,7 @@
 #  include "ChildProfilerController.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  if defined(XP_WIN)
 #    include "mozilla/sandboxTarget.h"
@@ -1497,7 +1497,7 @@ mozilla::ipc::IPCResult ContentChild::RecvReinitRenderingForDeviceReset() {
   return IPC_OK();
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 extern "C" {
 CGError CGSSetDenyWindowServerConnections(bool);
 void CGSShutdownServerConnections();
@@ -1636,7 +1636,7 @@ mozilla::ipc::IPCResult ContentChild::RecvSetProcessSandbox(
     const Maybe<mozilla::ipc::FileDescriptor>& aBroker) {
   // We may want to move the sandbox initialization somewhere else
   // at some point; see bug 880808.
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   bool sandboxEnabled = true;
 #  if defined(XP_LINUX)
   // On Linux, we have to support systems that can't use any sandboxing.
@@ -1677,7 +1677,7 @@ mozilla::ipc::IPCResult ContentChild::RecvSetProcessSandbox(
 #  endif /* XP_LINUX && !OS_ANDROID */
   CrashReporter::AnnotateCrashReport(CrashReporter::Annotation::RemoteType,
                                      NS_ConvertUTF16toUTF8(GetRemoteType()));
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
   return IPC_OK();
 }
@@ -3841,7 +3841,7 @@ mozilla::ipc::IPCResult ContentChild::RecvCommitBrowsingContextTransaction(
 
 }  // namespace dom
 
-#if defined(__OpenBSD__) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
 #  include <unistd.h>
 
 static LazyLogModule sPledgeLog("SandboxPledge");

dom/ipc/ContentChild.h

@@ -25,7 +25,7 @@
 
 #include "nsIWindowProvider.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 #  include "nsIFile.h"
 #endif
 
@@ -139,7 +139,7 @@ class ContentChild final : public PContentChild,
 
   void LaunchRDDProcess();
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   void GetProfileDir(nsIFile** aProfileDir) const {
     *aProfileDir = mProfileDir;
     NS_IF_ADDREF(*aProfileDir);
@@ -799,7 +799,7 @@ class ContentChild final : public PContentChild,
   RefPtr<ChildProfilerController> mProfilerController;
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> mProfileDir;
 #endif
 

dom/ipc/ContentParent.cpp

@@ -261,7 +261,7 @@
 #  include "mozilla/dom/SpeechSynthesisParent.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  if defined(XP_LINUX)
 #    include "mozilla/SandboxInfo.h"
@@ -565,13 +565,13 @@ nsDataHashtable<nsUint32HashKey, ContentParent*>*
     ContentParent::sJSPluginContentParents;
 nsTArray<ContentParent*>* ContentParent::sPrivateContent;
 StaticAutoPtr<LinkedList<ContentParent>> ContentParent::sContentParents;
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 UniquePtr<SandboxBrokerPolicyFactory>
     ContentParent::sSandboxBrokerPolicyFactory;
 #endif
 uint64_t ContentParent::sNextTabParentId = 0;
 nsDataHashtable<nsUint64HashKey, TabParent*> ContentParent::sNextTabParents;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 StaticAutoPtr<std::vector<std::string>> ContentParent::sMacSandboxParams;
 #endif
 
@@ -613,7 +613,7 @@ static const char* sObserverTopics[] = {
     "clear-site-data-reload-needed",
 };
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 bool ContentParent::sEarlySandboxInit = false;
 #endif
 
@@ -648,11 +648,11 @@ void ContentParent::StartUp() {
 
   sDisableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS");
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   sSandboxBrokerPolicyFactory = MakeUnique<SandboxBrokerPolicyFactory>();
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   sMacSandboxParams = new std::vector<std::string>;
 #endif
 }
@@ -663,11 +663,11 @@ void ContentParent::ShutDown() {
   // ClearOnShutdown() to clean up our state.
   sCanLaunchSubprocesses = false;
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   sSandboxBrokerPolicyFactory = nullptr;
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   sMacSandboxParams = nullptr;
 #endif
 }
@@ -1890,7 +1890,7 @@ TestShellParent* ContentParent::GetTestShellSingleton() {
   return static_cast<TestShellParent*>(p);
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 // Append the sandbox command line parameters that are not static. i.e.,
 // parameters that can be different for different child processes.
 void ContentParent::AppendDynamicSandboxParams(
@@ -2026,7 +2026,7 @@ void ContentParent::AppendSandboxParams(std::vector<std::string>& aArgs) {
   // Append remaining arguments.
   AppendDynamicSandboxParams(aArgs);
 }
-#endif  // XP_MACOSX && MOZ_CONTENT_SANDBOX
+#endif  // XP_MACOSX && MOZ_SANDBOX
 
 void ContentParent::LaunchSubprocessInternal(
     ProcessPriority aInitialPriority,
@@ -2116,7 +2116,7 @@ void ContentParent::LaunchSubprocessInternal(
     extraArgs.push_back("-safeMode");
   }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // If we're launching a middleman process for a
   // recording or replay, start the sandbox later.
   if (sEarlySandboxInit && IsContentSandboxEnabled() &&
@@ -2307,7 +2307,7 @@ ContentParent::ContentParent(ContentParent* aOpener,
   bool isFile = mRemoteType.EqualsLiteral(FILE_REMOTE_TYPE);
   mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content, isFile);
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // sEarlySandboxInit is statically initialized to false.
   // Once we've set it to true due to the pref, avoid checking the
   // pref on subsequent calls. As a result, changing the earlyinit
@@ -2582,7 +2582,7 @@ void ContentParent::InitInternal(ProcessPriority aInitialPriority) {
   }
 #endif
 
-#ifdef MOZ_CONTENT_SANDBOX
+#ifdef MOZ_SANDBOX
   bool shouldSandbox = true;
   Maybe<FileDescriptor> brokerFd;
   // XXX: Checking the pref here makes it possible to enable/disable sandboxing

dom/ipc/ContentParent.h

@@ -67,7 +67,7 @@ class nsIWidget;
 namespace mozilla {
 class PRemoteSpellcheckEngineParent;
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 class SandboxBroker;
 class SandboxBrokerPolicyFactory;
 #endif
@@ -650,7 +650,7 @@ class ContentParent final : public PContentParent,
       sJSPluginContentParents;
   static StaticAutoPtr<LinkedList<ContentParent>> sContentParents;
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // Cached Mac sandbox params used when launching content processes.
   static StaticAutoPtr<std::vector<std::string>> sMacSandboxParams;
 #endif
@@ -1151,7 +1151,7 @@ class ContentParent final : public PContentParent,
   // initializing.
   void MaybeEnableRemoteInputEventQueue();
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   void AppendSandboxParams(std::vector<std::string>& aArgs);
   void AppendDynamicSandboxParams(std::vector<std::string>& aArgs);
 #endif
@@ -1275,7 +1275,7 @@ class ContentParent final : public PContentParent,
   UniquePtr<gfx::DriverCrashGuard> mDriverCrashGuard;
   UniquePtr<MemoryReportRequestHost> mMemoryReportRequest;
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   mozilla::UniquePtr<SandboxBroker> mSandboxBroker;
   static mozilla::UniquePtr<SandboxBrokerPolicyFactory>
       sSandboxBrokerPolicyFactory;
@@ -1305,7 +1305,7 @@ class ContentParent final : public PContentParent,
   static uint64_t sNextTabParentId;
   static nsDataHashtable<nsUint64HashKey, TabParent*> sNextTabParents;
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // When set to true, indicates that content processes should
   // initialize their sandbox during startup instead of waiting
   // for the SetProcessSandbox IPDL message.

dom/ipc/ContentProcess.cpp

@@ -11,12 +11,12 @@
 #include "mozilla/Preferences.h"
 #include "mozilla/recordreplay/ParentIPC.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 #  include <stdlib.h>
 #  include "mozilla/Sandbox.h"
 #endif
 
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  include "nsAppDirectoryServiceDefs.h"
 #  include "nsDirectoryService.h"
@@ -28,7 +28,7 @@ using mozilla::ipc::IOThreadChild;
 namespace mozilla {
 namespace dom {
 
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
 static void SetTmpEnvironmentVariable(nsIFile* aValue) {
   // Save the TMP environment variable so that is is picked up by GetTempPath().
   // Note that we specifically write to the TMP variable, as that is the first
@@ -45,7 +45,7 @@ static void SetTmpEnvironmentVariable(nsIFile* aValue) {
 }
 #endif
 
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
 static void SetUpSandboxEnvironment() {
   MOZ_ASSERT(
       nsDirectoryService::gService,
@@ -85,7 +85,7 @@ bool ContentProcess::Init(int aArgc, char* aArgv[]) {
   char* prefMapHandle = nullptr;
   char* prefsLen = nullptr;
   char* prefMapSize = nullptr;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> profileDir;
 #endif
 
@@ -149,7 +149,7 @@ bool ContentProcess::Init(int aArgc, char* aArgv[]) {
       }
       parentBuildID = Some(aArgv[i]);
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
     } else if (strcmp(aArgv[i], "-profile") == 0) {
       if (++i == aArgc) {
         return false;
@@ -160,7 +160,7 @@ bool ContentProcess::Init(int aArgc, char* aArgv[]) {
         NS_WARNING("Invalid profile directory passed to content process.");
         profileDir = nullptr;
       }
-#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
+#endif /* XP_MACOSX && MOZ_SANDBOX */
     }
   }
 
@@ -186,7 +186,7 @@ bool ContentProcess::Init(int aArgc, char* aArgv[]) {
                 IOThreadChild::channel(), *childID, *isForBrowser);
 
   mXREEmbed.Start();
-#if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+#if (defined(XP_MACOSX)) && defined(MOZ_SANDBOX)
   mContent.SetProfileDir(profileDir);
 #  if defined(DEBUG)
   // For WebReplay middleman processes, the sandbox is
@@ -197,9 +197,9 @@ bool ContentProcess::Init(int aArgc, char* aArgv[]) {
     AssertMacSandboxEnabled();
   }
 #  endif /* DEBUG */
-#endif   /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
+#endif   /* XP_MACOSX && MOZ_SANDBOX */
 
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
   SetUpSandboxEnvironment();
 #endif
 

dom/ipc/moz.build

@@ -132,12 +132,7 @@ include('/ipc/chromium/chromium-config.mozbuild')
 
 FINAL_LIBRARY = 'xul'
 
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin':
-    USE_LIBS += [
-        'mozsandbox',
-    ]
-
-if CONFIG['MOZ_CONTENT_SANDBOX'] and CONFIG['OS_ARCH'] == 'Linux':
+if CONFIG['MOZ_SANDBOX'] and (CONFIG['OS_TARGET'] in ['Darwin', 'Linux']):
     USE_LIBS += [
         'mozsandbox',
     ]

dom/media/gmp/GMPChild.cpp

@@ -37,7 +37,7 @@ using namespace mozilla::ipc;
 #  include <unistd.h>  // for _exit()
 #endif
 
-#if defined(MOZ_GMP_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  if defined(XP_MACOSX)
 #    include "mozilla/Sandbox.h"
 #  endif
@@ -132,7 +132,7 @@ static nsCString GetNativeTarget(nsIFile* aFile) {
   return path;
 }
 
-#  if defined(MOZ_GMP_SANDBOX)
+#  if defined(MOZ_SANDBOX)
 static bool GetPluginPaths(const nsAString& aPluginPath,
                            nsCString& aPluginDirectoryPath,
                            nsCString& aPluginFilePath) {
@@ -218,7 +218,7 @@ bool GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType) {
   mGMPLoader->SetSandboxInfo(&info);
   return true;
 }
-#  endif  // MOZ_GMP_SANDBOX
+#  endif  // MOZ_SANDBOX
 #endif    // XP_MACOSX
 
 bool GMPChild::Init(const nsAString& aPluginPath, base::ProcessId aParentPid,
@@ -305,7 +305,7 @@ static bool ResolveLinks(nsCOMPtr<nsIFile>& aPath) {
 }
 
 bool GMPChild::GetUTF8LibPath(nsACString& aOutLibPath) {
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   nsAutoCString pluginDirectoryPath, pluginFilePath;
   if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
     MOZ_CRASH("Error scanning plugin path");
@@ -553,7 +553,7 @@ mozilla::ipc::IPCResult GMPChild::AnswerStartPlugin(const nsString& aAdapter) {
   InitPlatformAPI(*platformAPI, this);
 
   mGMPLoader = MakeUnique<GMPLoader>();
-#if defined(MOZ_GMP_SANDBOX)
+#if defined(MOZ_SANDBOX)
   if (!mGMPLoader->CanSandbox()) {
     LOGD("%s Can't sandbox GMP, failing", __FUNCTION__);
     delete platformAPI;
@@ -561,7 +561,7 @@ mozilla::ipc::IPCResult GMPChild::AnswerStartPlugin(const nsString& aAdapter) {
   }
 #endif
   bool isChromium = aAdapter.EqualsLiteral("chromium");
-#if defined(MOZ_GMP_SANDBOX) && defined(XP_MACOSX)
+#if defined(MOZ_SANDBOX) && defined(XP_MACOSX)
   MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
   if (isChromium) {
     pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;

dom/media/gmp/GMPChild.h

@@ -34,7 +34,7 @@ class GMPChild : public PGMPChild {
   GMPTimerChild* GetGMPTimers();
   GMPStorageChild* GetGMPStorage();
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
 #endif
 

dom/media/gmp/GMPLoader.cpp

@@ -15,7 +15,7 @@
 #  include "mozilla/sandboxing/SandboxInitialization.h"
 #  include "mozilla/sandboxing/sandboxLogging.h"
 #endif
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/Sandbox.h"
 #  include "mozilla/SandboxInfo.h"
 #endif
@@ -132,7 +132,7 @@ void GMPLoader::Shutdown() {
   }
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 void GMPLoader::SetSandboxInfo(MacSandboxInfo* aSandboxInfo) {
   if (mSandboxStarter) {
     mSandboxStarter->SetSandboxInfo(aSandboxInfo);
@@ -156,7 +156,7 @@ class WinSandboxStarter : public mozilla::gmp::SandboxStarter {
 };
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 class MacSandboxStarter : public mozilla::gmp::SandboxStarter {
  public:
   bool Start(const char* aLibPath) override {
@@ -176,7 +176,7 @@ class MacSandboxStarter : public mozilla::gmp::SandboxStarter {
 };
 #endif
 
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 namespace {
 class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter {
  private:
@@ -199,14 +199,14 @@ class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter {
   }
 };
 }  // anonymous namespace
-#endif  // XP_LINUX && MOZ_GMP_SANDBOX
+#endif  // XP_LINUX && MOZ_SANDBOX
 
 static UniquePtr<SandboxStarter> MakeSandboxStarter() {
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
   return mozilla::MakeUnique<WinSandboxStarter>();
-#elif defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#elif defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   return mozilla::MakeUnique<MacSandboxStarter>();
-#elif defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#elif defined(XP_LINUX) && defined(MOZ_SANDBOX)
   return LinuxSandboxStarter::Make();
 #else
   return nullptr;

dom/media/gmp/GMPLoader.h

@@ -12,7 +12,7 @@
 #include "gmp-entrypoints.h"
 #include "mozilla/UniquePtr.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 #  include "mozilla/Sandbox.h"
 #endif
 
@@ -23,7 +23,7 @@ class SandboxStarter {
  public:
   virtual ~SandboxStarter() {}
   virtual bool Start(const char* aLibPath) = 0;
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // On OS X we need to set Mac-specific sandbox info just before we start the
   // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
   // objects are created.
@@ -69,7 +69,7 @@ class GMPLoader {
   // plugin library.
   void Shutdown();
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // On OS X we need to set Mac-specific sandbox info just before we start the
   // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
   // objects are created.

dom/media/gmp/GMPParent.cpp

@@ -21,7 +21,7 @@
 #include "nsIObserverService.h"
 #include "GMPTimerParent.h"
 #include "runnable_utils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxInfo.h"
 #endif
 #include "CDMStorageIdProvider.h"
@@ -691,7 +691,7 @@ RefPtr<GenericPromise> GMPParent::ParseChromiumManifest(
   mDescription = NS_ConvertUTF16toUTF8(m.mDescription);
   mVersion = NS_ConvertUTF16toUTF8(m.mVersion);
 
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   if (!mozilla::SandboxInfo::Get().CanSandboxMedia()) {
     nsPrintfCString msg(
         "GMPParent::ParseChromiumManifest: Plugin \"%s\" is an EME CDM"

dom/media/gmp/GMPService.cpp

@@ -24,7 +24,7 @@
 #include "nsComponentManagerUtils.h"
 #include "runnable_utils.h"
 #include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxInfo.h"
 #endif
 #include "nsAppDirectoryServiceDefs.h"

dom/media/gmp/GMPServiceParent.cpp

@@ -27,7 +27,7 @@
 #include "nsComponentManagerUtils.h"
 #include "runnable_utils.h"
 #include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxInfo.h"
 #endif
 #include "nsAppDirectoryServiceDefs.h"
@@ -785,7 +785,7 @@ already_AddRefed<GMPParent> GeckoMediaPluginServiceParent::SelectPluginForAPI(
 }
 
 RefPtr<GMPParent> CreateGMPParent(AbstractThread* aMainThread) {
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   if (!SandboxInfo::Get().CanSandboxMedia()) {
     if (!StaticPrefs::MediaGmpInsecureAllow()) {
       NS_WARNING("Denying media plugin load due to lack of sandboxing.");

gfx/thebes/gfxFcPlatformFontList.cpp

@@ -41,7 +41,7 @@
 #  include "mozilla/X11Util.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
 #  include "mozilla/SandboxBrokerPolicyFactory.h"
 #  include "mozilla/SandboxSettings.h"
 #endif
@@ -1438,7 +1438,7 @@ void gfxFcPlatformFontList::AddFontSetFamilies(FcFontSet* aFontSet,
       continue;
     }
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
     // Skip any fonts that will be blocked by the content-process sandbox
     // policy.
     if (aPolicy && !(aPolicy->Lookup(reinterpret_cast<const char*>(path)) &
@@ -1595,7 +1595,7 @@ nsresult gfxFcPlatformFontList::InitFontListForPlatform() {
 
   UniquePtr<SandboxPolicy> policy;
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
   // If read sandboxing is enabled, create a temporary SandboxPolicy to
   // check font paths; use a fake PID to avoid picking up any PID-specific
   // rules by accident.

gfx/thebes/gfxFcPlatformFontList.h

@@ -23,7 +23,7 @@
 #include <cairo.h>
 #include <cairo-ft.h>
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
 #  include "mozilla/SandboxBroker.h"
 #endif
 
@@ -321,7 +321,7 @@ class gfxFcPlatformFontList : public gfxPlatformFontList {
  protected:
   virtual ~gfxFcPlatformFontList();
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
   typedef mozilla::SandboxBroker::Policy SandboxPolicy;
 #else
   // Dummy type just so we can still have a SandboxPolicy* parameter.

ipc/glue/GeckoChildProcessHost.cpp

@@ -23,7 +23,7 @@
 #include "prenv.h"
 #include "nsXPCOMPrivate.h"
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  include "nsAppDirectoryServiceDefs.h"
 #endif
@@ -281,7 +281,7 @@ void GeckoChildProcessHost::PrepareLaunch() {
     InitWindowsGroupID();
   }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // We need to get the pref here as the process is launched off main thread.
   if (mProcessType == GeckoProcessType_Content) {
     mSandboxLevel = GetEffectiveContentSandboxLevel();
@@ -323,7 +323,7 @@ void GeckoChildProcessHost::PrepareLaunch() {
       mEnableSandboxLogging || !!PR_GetEnv("MOZ_SANDBOX_LOGGING");
 #  endif
 #elif defined(XP_LINUX)
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // Get and remember the path to the per-content-process tmpdir
   if (ShouldHaveDirectoryService()) {
     nsCOMPtr<nsIFile> contentTempDir;
@@ -666,7 +666,7 @@ AddAppDirToCommandLine(std::vector<std::string>& aCmdLine)
 #endif
       }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
       // Full path to the profile dir
       nsCOMPtr<nsIFile> profileDir;
       rv =
@@ -737,7 +737,7 @@ bool GeckoChildProcessHost::PerformAsyncLaunch(
         ENVIRONMENT_STRING(childRustLog.get());
   }
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   if (!mTmpDirName.IsEmpty()) {
     // Point a bunch of things that might want to write from content to our
     // shiny new content-process specific tmpdir
@@ -1089,7 +1089,6 @@ bool GeckoChildProcessHost::PerformAsyncLaunch(
   // of reorganizing so I don't think this patch is the right time.
   switch (mProcessType) {
     case GeckoProcessType_Content:
-#    if defined(MOZ_CONTENT_SANDBOX)
       if (mSandboxLevel > 0) {
         // For now we treat every failure as fatal in
         // SetSecurityLevelForContentProcess and just crash there right away.
@@ -1099,7 +1098,6 @@ bool GeckoChildProcessHost::PerformAsyncLaunch(
                                                           mIsFileContent);
         shouldSandboxCurrentProcess = true;
       }
-#    endif  // defined(MOZ_CONTENT_SANDBOX)
       break;
     case GeckoProcessType_Plugin:
       if (mSandboxLevel > 0 && !PR_GetEnv("MOZ_DISABLE_NPAPI_SANDBOX")) {

ipc/mscom/COMPtrHolder.h

@@ -13,9 +13,9 @@
 #include "mozilla/Move.h"
 #include "mozilla/mscom/ProxyStream.h"
 #include "mozilla/mscom/Ptr.h"
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 #include "nsExceptionHandler.h"
 
 namespace mozilla {
@@ -46,7 +46,7 @@ class COMPtrHolder {
 
   void SetActCtx(const ActivationContext& aActCtx) { mActCtx = aActCtx; }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   // This method is const because we need to call it during IPC write, where
   // we are passed as a const argument. At higher sandboxing levels we need to
   // save this artifact from the serialization process for later deletion.
@@ -58,16 +58,16 @@ class COMPtrHolder {
   PreservedStreamPtr GetPreservedStream() {
     return std::move(mMarshaledStream);
   }
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
   COMPtrHolder(const COMPtrHolder& aOther) = delete;
 
   COMPtrHolder(COMPtrHolder&& aOther)
       : mPtr(std::move(aOther.mPtr))
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
         ,
         mMarshaledStream(std::move(aOther.mMarshaledStream))
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   {
   }
 
@@ -81,9 +81,9 @@ class COMPtrHolder {
   ThisType& operator=(const ThisType& aOther) {
     Set(std::move(aOther.mPtr));
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     mMarshaledStream = std::move(aOther.mMarshaledStream);
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
     return *this;
   }
@@ -91,9 +91,9 @@ class COMPtrHolder {
   ThisType& operator=(ThisType&& aOther) {
     Set(std::move(aOther.mPtr));
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     mMarshaledStream = std::move(aOther.mMarshaledStream);
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
     return *this;
   }
@@ -107,11 +107,11 @@ class COMPtrHolder {
   mutable COMPtrType mPtr;
   ActivationContext mActCtx;
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   // This is mutable so that we may optionally store a reference to a marshaled
   // stream to be cleaned up later via PreserveStream().
   mutable PreservedStreamPtr mMarshaledStream;
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 };
 
 }  // namespace mscom
@@ -124,13 +124,13 @@ struct ParamTraits<mozilla::mscom::COMPtrHolder<Interface, _IID>> {
   typedef mozilla::mscom::COMPtrHolder<Interface, _IID> paramType;
 
   static void Write(Message* aMsg, const paramType& aParam) {
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     static const bool sIsStreamPreservationNeeded =
         XRE_IsParentProcess() &&
         mozilla::GetEffectiveContentSandboxLevel() >= 3;
 #else
     const bool sIsStreamPreservationNeeded = false;
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
     typename paramType::EnvType env;
 
@@ -148,7 +148,7 @@ struct ParamTraits<mozilla::mscom::COMPtrHolder<Interface, _IID>> {
       aMsg->WriteBytes(reinterpret_cast<const char*>(buf), bufLen);
     }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     if (sIsStreamPreservationNeeded) {
       /**
        * When we're sending a ProxyStream from parent to content and the
@@ -159,7 +159,7 @@ struct ParamTraits<mozilla::mscom::COMPtrHolder<Interface, _IID>> {
        */
       aParam.PreserveStream(proxyStream.GetPreservedStream());
     }
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   }
 
   static bool Read(const Message* aMsg, PickleIterator* aIter,

ipc/mscom/InterceptorLog.cpp

@@ -106,12 +106,12 @@ Logger::Logger(const nsACString& aLeafBaseName)
     rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(logFileName));
   } else if (procType == GeckoProcessType_Content) {
     leafName.AppendLiteral("-Content-");
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     rv = NS_GetSpecialDirectory(NS_APP_CONTENT_PROCESS_TEMP_DIR,
                                 getter_AddRefs(logFileName));
 #else
     rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(logFileName));
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   } else {
     return;
   }

ipc/mscom/PassthruProxy.h

@@ -11,9 +11,9 @@
 #include "mozilla/mscom/ProxyStream.h"
 #include "mozilla/mscom/Ptr.h"
 #include "mozilla/NotNull.h"
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
 #include <objbase.h>
 
@@ -37,7 +37,7 @@ class PassthruProxy final : public IMarshal, public IClientSecurity {
   static RefPtr<Iface> Wrap(NotNull<Iface*> aIn) {
     static_assert(detail::VTableSizer<Iface>::Size >= 3, "VTable too small");
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     if (mozilla::GetEffectiveContentSandboxLevel() < 3) {
       // The sandbox isn't strong enough to be a problem; no wrapping required
       return aIn.get();
@@ -57,7 +57,7 @@ class PassthruProxy final : public IMarshal, public IClientSecurity {
 #else
     // No wrapping required
     return aIn.get();
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   }
 
   static HRESULT Register();

modules/libpref/init/StaticPrefList.h

@@ -1267,7 +1267,7 @@ VARCACHE_PREF(
   bool, false
 )
 
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 // Whether to allow, on a Linux system that doesn't support the necessary
 // sandboxing features, loading Gecko Media Plugins unsandboxed.  However, EME
 // CDMs will not be loaded without sandboxing even if this pref is changed.

old-configure.in

@@ -1637,8 +1637,6 @@ MOZ_NO_SMART_CARDS=
 NECKO_COOKIES=1
 MOZ_USE_NATIVE_POPUP_WINDOWS=
 MOZ_EXCLUDE_HYPHENATION_DICTIONARIES=
-MOZ_CONTENT_SANDBOX=
-MOZ_GMP_SANDBOX=
 MOZ_SANDBOX=1
 MOZ_BINARY_EXTENSIONS=
 MOZ_DEVTOOLS=server
@@ -2286,70 +2284,24 @@ MOZ_ARG_DISABLE_BOOL(sandbox,
     MOZ_SANDBOX=,
     MOZ_SANDBOX=1)
 
-dnl ========================================================
-dnl = Content process sandboxing
-dnl ========================================================
-
 case "$OS_TARGET" in
-WINNT)
-    MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
-    ;;
-Darwin)
-    MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
-    ;;
+WINNT|Darwin)
+;;
 Linux)
     case $CPU_ARCH in
         x86_64|x86)
-            MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
+        ;;
+        # Linux sandbox is only available on x86 and x86_64.
+        *)
+            MOZ_SANDBOX=
         ;;
     esac
     ;;
-esac
-
-MOZ_ARG_ENABLE_BOOL(content-sandbox,
-[  --enable-content-sandbox Enable sandboxing support for content-processes
-  --disable-content-sandbox Disable sandboxing support for content-processes],
-    MOZ_CONTENT_SANDBOX=1,
-    MOZ_CONTENT_SANDBOX=)
-
-if test -n "$MOZ_CONTENT_SANDBOX" -a -z "$MOZ_SANDBOX"; then
-    AC_MSG_ERROR([--enable-content-sandbox and --disable-sandbox are conflicting options])
-fi
-
-if test -n "$MOZ_CONTENT_SANDBOX"; then
-    AC_DEFINE(MOZ_CONTENT_SANDBOX)
-fi
-
-AC_SUBST(MOZ_CONTENT_SANDBOX)
-
-dnl ========================================================
-dnl = Gecko Media Plugin sandboxing
-dnl ========================================================
-case $OS_TARGET in
-WINNT)
-    MOZ_GMP_SANDBOX=$MOZ_SANDBOX
-    ;;
-Linux)
-    case $CPU_ARCH in
-    x86_64|x86)
-        MOZ_GMP_SANDBOX=$MOZ_SANDBOX
-        ;;
-    esac
-    ;;
-Darwin)
-    MOZ_GMP_SANDBOX=$MOZ_SANDBOX
-    ;;
-esac
-
-if test -n "$MOZ_GMP_SANDBOX"; then
-    AC_DEFINE(MOZ_GMP_SANDBOX)
-fi
-
-AC_SUBST(MOZ_GMP_SANDBOX)
-
-if test -z "$MOZ_CONTENT_SANDBOX" -a -z "$MOZ_GMP_SANDBOX"; then
+*)
+    # Only enable the sandbox by default on Linux, macOS, and Windows
     MOZ_SANDBOX=
-fi
+;;
+esac
 
 if test -n "$MOZ_SANDBOX"; then
     AC_DEFINE(MOZ_SANDBOX)

security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h

@@ -89,7 +89,7 @@ InitLoggingIfRequired(ProvideLogFunctionCb aProvideLogFunctionCb)
       PR_GetEnv("MOZ_SANDBOX_LOGGING")) {
     aProvideLogFunctionCb(Log);
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     // We can only log the stack trace on process types where we know that the
     // sandbox won't prevent it.
     if (XRE_IsContentProcess()) {

security/sandbox/linux/Sandbox.cpp

@@ -12,9 +12,7 @@
 #include "SandboxFilter.h"
 #include "SandboxInternal.h"
 #include "SandboxLogging.h"
-#ifdef MOZ_GMP_SANDBOX
-#  include "SandboxOpenedFiles.h"
-#endif
+#include "SandboxOpenedFiles.h"
 #include "SandboxReporterClient.h"
 
 #include <dirent.h>
@@ -576,7 +574,6 @@ static void SetCurrentProcessSandbox(
   EnterChroot();
 }
 
-#ifdef MOZ_CONTENT_SANDBOX
 /**
  * Starts the seccomp sandbox for a content process.  Should be called
  * only once, and before any potentially harmful content is loaded.
@@ -608,9 +605,6 @@ bool SetContentProcessSandbox(ContentProcessSandboxParams&& aParams) {
       GetContentSandboxPolicy(sBroker, std::move(aParams)));
   return true;
 }
-#endif  // MOZ_CONTENT_SANDBOX
-
-#ifdef MOZ_GMP_SANDBOX
 /**
  * Starts the seccomp sandbox for a media plugin process.  Should be
  * called only once, and before any potentially harmful content is
@@ -651,7 +645,6 @@ void SetMediaPluginSandbox(const char* aFilePath) {
   // Finally, start the sandbox.
   SetCurrentProcessSandbox(GetMediaSandboxPolicy(files));
 }
-#endif  // MOZ_GMP_SANDBOX
 
 void SetRemoteDataDecoderSandbox(int aBroker) {
   if (PR_GetEnv("MOZ_DISABLE_RDD_SANDBOX") != nullptr) {

security/sandbox/linux/Sandbox.h

@@ -25,7 +25,6 @@ class FileDescriptor;
 // (See bug 1176099.)
 MOZ_EXPORT void SandboxEarlyInit();
 
-#ifdef MOZ_CONTENT_SANDBOX
 // A collection of sandbox parameters that have to be extracted from
 // prefs or other libxul facilities and passed down, because
 // libmozsandbox can't link against the APIs to read them.
@@ -53,14 +52,11 @@ struct ContentProcessSandboxParams {
 // (No-op if the sandbox is disabled.)
 // isFileProcess determines whether we allow system wide file reads.
 MOZ_EXPORT bool SetContentProcessSandbox(ContentProcessSandboxParams&& aParams);
-#endif
 
-#ifdef MOZ_GMP_SANDBOX
 // Call only if SandboxInfo::CanSandboxMedia() returns true.
 // (No-op if MOZ_DISABLE_GMP_SANDBOX is set.)
 // aFilePath is the path to the plugin file.
 MOZ_EXPORT void SetMediaPluginSandbox(const char* aFilePath);
-#endif
 
 MOZ_EXPORT void SetRemoteDataDecoderSandbox(int aBroker);
 

security/sandbox/linux/SandboxFilter.cpp

@@ -12,9 +12,7 @@
 #include "SandboxInfo.h"
 #include "SandboxInternal.h"
 #include "SandboxLogging.h"
-#ifdef MOZ_GMP_SANDBOX
-#  include "SandboxOpenedFiles.h"
-#endif
+#include "SandboxOpenedFiles.h"
 #include "mozilla/Move.h"
 #include "mozilla/PodOperations.h"
 #include "mozilla/TemplateLib.h"
@@ -655,7 +653,6 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
 
 // The process-type-specific syscall rules start here:
 
-#ifdef MOZ_CONTENT_SANDBOX
 // The seccomp-bpf filter for content processes is not a true sandbox
 // on its own; its purpose is attack surface reduction and syscall
 // interception in support of a semantic sandboxing layer.  On B2G
@@ -1264,9 +1261,7 @@ UniquePtr<sandbox::bpf_dsl::Policy> GetContentSandboxPolicy(
     SandboxBrokerClient* aMaybeBroker, ContentProcessSandboxParams&& aParams) {
   return MakeUnique<ContentSandboxPolicy>(aMaybeBroker, std::move(aParams));
 }
-#endif  // MOZ_CONTENT_SANDBOX
 
-#ifdef MOZ_GMP_SANDBOX
 // Unlike for content, the GeckoMediaPlugin seccomp-bpf policy needs
 // to be an effective sandbox by itself, because we allow GMP on Linux
 // systems where that's the only sandboxing mechanism we can use.
@@ -1398,7 +1393,6 @@ UniquePtr<sandbox::bpf_dsl::Policy> GetMediaSandboxPolicy(
   return UniquePtr<sandbox::bpf_dsl::Policy>(new GMPSandboxPolicy(aFiles));
 }
 
-#endif  // MOZ_GMP_SANDBOX
 
 // The policy for the data decoder process is similar to the one for
 // media plugins, but the codec code is all in-tree so it's better

security/sandbox/linux/SandboxFilter.h

@@ -21,20 +21,16 @@ class Policy;
 namespace mozilla {
 class SandboxBrokerClient;
 
-#ifdef MOZ_CONTENT_SANDBOX
 struct ContentProcessSandboxParams;
 
 UniquePtr<sandbox::bpf_dsl::Policy> GetContentSandboxPolicy(
     SandboxBrokerClient* aMaybeBroker, ContentProcessSandboxParams&& aParams);
-#endif
 
-#ifdef MOZ_GMP_SANDBOX
 class SandboxOpenedFiles;
 
 // The SandboxOpenedFiles object must live until the process exits.
 UniquePtr<sandbox::bpf_dsl::Policy> GetMediaSandboxPolicy(
     const SandboxOpenedFiles* aFiles);
-#endif
 
 UniquePtr<sandbox::bpf_dsl::Policy> GetDecoderSandboxPolicy(
     SandboxBrokerClient* aMaybeBroker);

security/sandbox/linux/SandboxInfo.cpp

@@ -179,7 +179,6 @@ SandboxInfo::SandboxInfo() {
     }
   }
 
-#ifdef MOZ_CONTENT_SANDBOX
   // We can't use mozilla::IsContentSandboxEnabled() here because a)
   // libmozsandbox can't depend on libxul, and b) this is called in a static
   // initializer before the prefences service is ready.
@@ -189,12 +188,9 @@ SandboxInfo::SandboxInfo() {
   if (getenv("MOZ_PERMISSIVE_CONTENT_SANDBOX")) {
     flags |= kPermissive;
   }
-#endif
-#ifdef MOZ_GMP_SANDBOX
   if (!getenv("MOZ_DISABLE_GMP_SANDBOX")) {
     flags |= kEnabledForMedia;
   }
-#endif
   if (getenv("MOZ_SANDBOX_LOGGING")) {
     flags |= kVerbose;
   }

security/sandbox/linux/SandboxInfo.h

@@ -25,10 +25,11 @@ class SandboxInfo {
   enum Flags {
     // System call filtering; kernel config option CONFIG_SECCOMP_FILTER.
     kHasSeccompBPF = 1 << 0,
-    // Config flag MOZ_CONTENT_SANDBOX; runtime
-    // mozilla::IsContentSandboxEnabled().
+    // Whether to use a sandbox for content processes; env var
+    // MOZ_DISABLE_CONTENT_SANDBOX
     kEnabledForContent = 1 << 1,
-    // Config flag MOZ_GMP_SANDBOX; env var MOZ_DISABLE_GMP_SANDBOX.
+    // Whether to use a sandbox for GMP processes; env var
+    // MOZ_DISABLE_GMP_SANDBOX.
     kEnabledForMedia = 1 << 2,
     // Env var MOZ_SANDBOX_LOGGING.
     kVerbose = 1 << 3,

security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp

@@ -51,7 +51,6 @@
 
 namespace mozilla {
 
-#if defined(MOZ_CONTENT_SANDBOX)
 namespace {
 static const int rdonly = SandboxBroker::MAY_READ;
 static const int wronly = SandboxBroker::MAY_WRITE;
@@ -59,7 +58,6 @@ static const int rdwr = rdonly | wronly;
 static const int rdwrcr = rdwr | SandboxBroker::MAY_CREATE;
 static const int access = SandboxBroker::MAY_ACCESS;
 }  // namespace
-#endif
 
 static void AddMesaSysfsPaths(SandboxBroker::Policy* aPolicy) {
   // Bug 1384178: Mesa driver loader
@@ -203,7 +201,6 @@ static void AddSharedMemoryPaths(SandboxBroker::Policy* aPolicy, pid_t aPid) {
 SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory() {
   // Policy entries that are the same in every process go here, and
   // are cached over the lifetime of the factory.
-#if defined(MOZ_CONTENT_SANDBOX)
   SandboxBroker::Policy* policy = new SandboxBroker::Policy;
   // Write permssions
   //
@@ -413,10 +410,8 @@ SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory() {
 #  endif
 
   mCommonContentPolicy.reset(policy);
-#endif
 }
 
-#ifdef MOZ_CONTENT_SANDBOX
 UniquePtr<SandboxBroker::Policy> SandboxBrokerPolicyFactory::GetContentPolicy(
     int aPid, bool aFileProcess) {
   // Policy entries that vary per-process (currently the only reason
@@ -597,5 +592,4 @@ SandboxBrokerPolicyFactory::GetUtilityPolicy(int aPid) {
   return policy;
 }
 
-#endif  // MOZ_CONTENT_SANDBOX
 }  // namespace mozilla

security/sandbox/linux/broker/SandboxBrokerPolicyFactory.h

@@ -15,10 +15,8 @@ class SandboxBrokerPolicyFactory {
  public:
   SandboxBrokerPolicyFactory();
 
-#ifdef MOZ_CONTENT_SANDBOX
   UniquePtr<SandboxBroker::Policy> GetContentPolicy(int aPid,
                                                     bool aFileProcess);
-#endif
 
   static UniquePtr<SandboxBroker::Policy> GetUtilityPolicy(int aPid);
 

security/sandbox/linux/launch/SandboxLaunch.cpp

@@ -212,14 +212,11 @@ class SandboxFork : public base::LaunchOptions::ForkDelegate {
 static int GetEffectiveSandboxLevel(GeckoProcessType aType) {
   auto info = SandboxInfo::Get();
   switch (aType) {
-#ifdef MOZ_GMP_SANDBOX
     case GeckoProcessType_GMPlugin:
       if (info.Test(SandboxInfo::kEnabledForMedia)) {
         return 1;
       }
       return 0;
-#endif
-#ifdef MOZ_CONTENT_SANDBOX
     case GeckoProcessType_Content:
       // GetEffectiveContentSandboxLevel is main-thread-only due to prefs.
       MOZ_ASSERT(NS_IsMainThread());
@@ -227,7 +224,6 @@ static int GetEffectiveSandboxLevel(GeckoProcessType aType) {
         return GetEffectiveContentSandboxLevel();
       }
       return 0;
-#endif
     case GeckoProcessType_RDD:
       return PR_GetEnv("MOZ_DISABLE_RDD_SANDBOX") == nullptr ? 1 : 0;
     default:
@@ -277,16 +273,13 @@ void SandboxLaunchPrepare(GeckoProcessType aType,
   }
 
   switch (aType) {
-#ifdef MOZ_GMP_SANDBOX
     case GeckoProcessType_GMPlugin:
-#endif
     case GeckoProcessType_RDD:
       if (level >= 1) {
         canChroot = true;
         flags |= CLONE_NEWNET | CLONE_NEWIPC;
       }
       break;
-#ifdef MOZ_CONTENT_SANDBOX
     case GeckoProcessType_Content:
       if (level >= 4) {
         canChroot = true;
@@ -306,7 +299,6 @@ void SandboxLaunchPrepare(GeckoProcessType aType,
         flags |= CLONE_NEWUSER;
       }
       break;
-#endif
     default:
       // Nothing yet.
       break;

security/sandbox/linux/moz.build

@@ -72,14 +72,10 @@ SOURCES += [
     'SandboxHooks.cpp',
     'SandboxInfo.cpp',
     'SandboxLogging.cpp',
+    'SandboxOpenedFiles.cpp',
     'SandboxReporterClient.cpp',
 ]
 
-if CONFIG['MOZ_GMP_SANDBOX']:
-    SOURCES += [
-        'SandboxOpenedFiles.cpp',
-    ]
-
 # This copy of SafeSPrintf doesn't need to avoid the Chromium logging
 # dependency like the one in libxul does, but this way the behavior is
 # consistent.  See also the comment in SandboxLogging.h.

security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp

@@ -128,13 +128,11 @@ void RemoteSandboxBroker::AddHandleToShare(HANDLE aHandle) {
   mParameters.shareHandles().AppendElement(uint64_t(aHandle));
 }
 
-#ifdef MOZ_CONTENT_SANDBOX
 void RemoteSandboxBroker::SetSecurityLevelForContentProcess(
     int32_t aSandboxLevel, bool aIsFileProcess) {
   MOZ_CRASH(
       "RemoteSandboxBroker::SetSecurityLevelForContentProcess not Implemented");
 }
-#endif
 
 void RemoteSandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
   MOZ_CRASH(

security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h

@@ -33,10 +33,8 @@ class RemoteSandboxBroker : public AbstractSandboxBroker {
                  void **aProcessHandle) override;
 
   // Security levels for different types of processes
-#if defined(MOZ_CONTENT_SANDBOX)
   void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                          bool aIsFileProcess) override;
-#endif
   void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) override;
   bool SetSecurityLevelForRDDProcess() override;
   bool SetSecurityLevelForPluginProcess(int32_t aSandboxLevel) override;

security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp

@@ -368,7 +368,6 @@ static sandbox::ResultCode SetJobLevel(sandbox::TargetPolicy* aPolicy,
   return aPolicy->SetJobLevel(sandbox::JOB_NONE, 0);
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
 
 void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                                       bool aIsFileProcess) {
@@ -592,7 +591,6 @@ void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
       sandbox::SBOX_ALL_OK == result,
       "With these static arguments AddRule should never fail, what happened?");
 }
-#endif
 
 void SandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
   MOZ_RELEASE_ASSERT(mPolicy, "mPolicy must be set before this call.");

security/sandbox/win/src/sandboxbroker/sandboxBroker.h

@@ -35,10 +35,8 @@ class AbstractSandboxBroker {
                          const bool aEnableLogging, void **aProcessHandle) = 0;
 
   // Security levels for different types of processes
-#if defined(MOZ_CONTENT_SANDBOX)
   virtual void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                                  bool aIsFileProcess) = 0;
-#endif
 
   virtual void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) = 0;
   virtual bool SetSecurityLevelForRDDProcess() = 0;
@@ -83,10 +81,8 @@ class SandboxBroker : public AbstractSandboxBroker {
   virtual ~SandboxBroker();
 
   // Security levels for different types of processes
-#if defined(MOZ_CONTENT_SANDBOX)
   void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                          bool aIsFileProcess) override;
-#endif
 
   void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) override;
   bool SetSecurityLevelForRDDProcess() override;

toolkit/modules/AppConstants.jsm

@@ -95,13 +95,6 @@ this.AppConstants = Object.freeze({
   false,
 #endif
 
-  MOZ_CONTENT_SANDBOX:
-#ifdef MOZ_CONTENT_SANDBOX
-  true,
-#else
-  false,
-#endif
-
   MOZ_TELEMETRY_REPORTING:
 #ifdef MOZ_TELEMETRY_REPORTING
   true,

toolkit/modules/Troubleshoot.jsm

@@ -686,7 +686,7 @@ if (AppConstants.MOZ_SANDBOX) {
       data.syscallLog = syscalls;
     }
 
-    if (AppConstants.MOZ_CONTENT_SANDBOX) {
+    if (AppConstants.MOZ_SANDBOX) {
       let sandboxSettings = Cc["@mozilla.org/sandbox/sandbox-settings;1"].
                             getService(Ci.mozISandboxSettings);
       data.contentSandboxLevel =

toolkit/modules/tests/browser/browser_Troubleshoot.js

@@ -745,11 +745,11 @@ const SNAPSHOT_SCHEMA = {
           type: "boolean",
         },
         contentSandboxLevel: {
-          required: AppConstants.MOZ_CONTENT_SANDBOX,
+          required: AppConstants.MOZ_SANDBOX,
           type: "number",
         },
         effectiveContentSandboxLevel: {
-          required: AppConstants.MOZ_CONTENT_SANDBOX,
+          required: AppConstants.MOZ_SANDBOX,
           type: "number",
         },
         syscallLog: {

toolkit/xre/nsAppRunner.cpp

@@ -122,7 +122,7 @@
 #  endif
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  if (defined(XP_WIN) || defined(XP_MACOSX))
 #    include "nsIUUIDGenerator.h"
@@ -3208,7 +3208,7 @@ int XREMain::XRE_mainInit(bool* aExitFlag) {
   if (mAppData->sandboxBrokerServices) {
     SandboxBroker::Initialize(mAppData->sandboxBrokerServices);
   } else {
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
     // If we're sandboxing content and we fail to initialize, then crashing here
     // seems like the sensible option.
     if (BrowserTabsRemoteAutostart()) {
@@ -4209,7 +4209,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
   return 0;
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 void AddSandboxAnnotations() {
   // Include the sandbox content level, regardless of platform
   int level = GetEffectiveContentSandboxLevel();
@@ -4239,7 +4239,7 @@ void AddSandboxAnnotations() {
   CrashReporter::AnnotateCrashReport(
       CrashReporter::Annotation::ContentSandboxCapable, sandboxCapable);
 }
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
 /*
  * XRE_mainRun - Command line startup, profile migration, and
@@ -4579,9 +4579,9 @@ nsresult XREMain::XRE_mainRun() {
       CrashReporter::Annotation::ContentSandboxCapabilities, flagsString);
 #endif /* MOZ_SANDBOX && XP_LINUX */
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   AddSandboxAnnotations();
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
   mProfileSvc->CompleteStartup();
 

toolkit/xre/nsEmbedFunctions.cpp

@@ -94,7 +94,7 @@
 #  include "mozilla/RemoteSandboxBrokerProcessChild.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  include "mozilla/Preferences.h"
 #endif
@@ -295,7 +295,7 @@ void SetTaskbarGroupId(const nsString& aId) {
 }
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 void AddContentSandboxLevelAnnotation() {
   if (XRE_GetProcessType() == GeckoProcessType_Content) {
     int level = GetEffectiveContentSandboxLevel();
@@ -303,7 +303,7 @@ void AddContentSandboxLevelAnnotation() {
         CrashReporter::Annotation::ContentSandboxLevel, level);
   }
 }
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
 namespace {
 
@@ -420,11 +420,11 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
 #ifdef XP_MACOSX
   if (aArgc < 1) return NS_ERROR_FAILURE;
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // Save the original number of arguments to pass to the sandbox
   // setup routine which also uses the crash server argument.
   int allArgc = aArgc;
-#  endif /* MOZ_CONTENT_SANDBOX */
+#  endif /* MOZ_SANDBOX */
 
   const char* const mach_port_name = aArgv[--aArgc];
 
@@ -502,13 +502,13 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
     return NS_ERROR_FAILURE;
   }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   std::string sandboxError;
   if (!EarlyStartMacSandboxIfEnabled(allArgc, aArgv, sandboxError)) {
     printf_stderr("Sandbox error: %s\n", sandboxError.c_str());
     MOZ_CRASH("Sandbox initialization failed");
   }
-#  endif /* MOZ_CONTENT_SANDBOX */
+#  endif /* MOZ_SANDBOX */
 
   pt.reset();
 #endif /* XP_MACOSX */
@@ -763,7 +763,7 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
         OverrideDefaultLocaleIfNeeded();
       }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
       AddContentSandboxLevelAnnotation();
 #endif
 

toolkit/xre/nsXREDirProvider.cpp

@@ -143,7 +143,7 @@ nsresult nsXREDirProvider::Initialize(
   mAppProvider = aAppProvider;
   mXULAppDir = aXULAppDir;
   mGREDir = aGREDir;
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
   // The GRE directory can be used in sandbox rules, so we need to make sure
   // it doesn't contain any junction points or symlinks or the sandbox will
   // reject those rules.
@@ -216,7 +216,7 @@ nsresult nsXREDirProvider::SetProfile(nsIFile* aDir, nsIFile* aLocalDir) {
 
   mProfileDir = aDir;
   mProfileLocalDir = aLocalDir;
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
   // The profile directory can be used in sandbox rules, so we need to make sure
   // it doesn't contain any junction points or symlinks or the sandbox will
   // reject those rules.
@@ -475,14 +475,14 @@ nsXREDirProvider::GetFile(const char* aProperty, bool* aPersistent,
     bool unused;
     rv = dirsvc->GetFile("XCurProcD", &unused, getter_AddRefs(file));
   }
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) {
     if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) {
       return rv;
     }
     rv = mContentTempDir->Clone(getter_AddRefs(file));
   }
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 #if defined(MOZ_SANDBOX)
   else if (0 == strcmp(aProperty, NS_APP_PLUGIN_PROCESS_TEMP_DIR)) {
     if (!mPluginTempDir && NS_FAILED((rv = LoadPluginProcessTempDir()))) {
@@ -624,7 +624,7 @@ static const char* GetProcessTempBaseDirKey() {
 #  endif
 }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
 //
 // Sets mContentTempDir so that it refers to the appropriate temp dir.
 // If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
@@ -749,7 +749,7 @@ static already_AddRefed<nsIFile> GetProcessSandboxTempDir(
 //
 static already_AddRefed<nsIFile> CreateProcessSandboxTempDir(
     GeckoProcessType procType) {
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   if ((procType == GeckoProcessType_Content) && IsContentSandboxDisabled()) {
     return nullptr;
   }
@@ -1051,7 +1051,7 @@ nsXREDirProvider::DoStartup() {
 
     obsSvc->NotifyObservers(nullptr, "profile-initial-state", nullptr);
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     // Makes sure the content temp dir has been loaded if it hasn't been
     // already. In the parent this ensures it has been created before we attempt
     // to start any content processes.
@@ -1100,10 +1100,8 @@ void nsXREDirProvider::DoShutdown() {
   }
 
   if (XRE_IsParentProcess()) {
-#if defined(MOZ_CONTENT_SANDBOX)
-    mozilla::Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
-#endif
 #if defined(MOZ_SANDBOX)
+    mozilla::Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
     mozilla::Unused << DeleteDirIfExists(mPluginProcessSandboxTempDir);
 #endif
   }

toolkit/xre/nsXREDirProvider.h

@@ -128,11 +128,9 @@ class nsXREDirProvider final : public nsIDirectoryServiceProvider2,
   // delimiters.
   static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath);
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   // Load the temp directory for sandboxed content processes
   nsresult LoadContentProcessTempDir();
-#endif
-#if defined(MOZ_SANDBOX)
   nsresult LoadPluginProcessTempDir();
 #endif
 
@@ -149,11 +147,9 @@ class nsXREDirProvider final : public nsIDirectoryServiceProvider2,
   nsCOMPtr<nsIFile> mProfileLocalDir;
   bool mProfileNotified;
   bool mPrefsInitialized = false;
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> mContentTempDir;
   nsCOMPtr<nsIFile> mContentProcessSandboxTempDir;
-#endif
-#if defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> mPluginTempDir;
   nsCOMPtr<nsIFile> mPluginProcessSandboxTempDir;
 #endif

xpcom/base/nsMacUtilsImpl.cpp

@@ -127,7 +127,7 @@ nsMacUtilsImpl::GetIsTranslated(bool* aIsTranslated) {
   return NS_OK;
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 // Get the path to the .app directory (aka bundle) for the parent process.
 // When executing in the child process, this is the outer .app (such as
 // Firefox.app) and not the inner .app containing the child process
@@ -202,4 +202,4 @@ nsAutoCString nsMacUtilsImpl::GetDirectoryPath(const char* aPath) {
   return directoryPath;
 }
 #  endif /* DEBUG */
-#endif   /* MOZ_CONTENT_SANDBOX */
+#endif   /* MOZ_SANDBOX */

xpcom/base/nsMacUtilsImpl.h

@@ -18,13 +18,13 @@ class nsMacUtilsImpl final : public nsIMacUtils {
 
   nsMacUtilsImpl() {}
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   static bool GetAppPath(nsCString &aAppPath);
 
 #  ifdef DEBUG
   static nsAutoCString GetDirectoryPath(const char *aPath);
 #  endif /* DEBUG */
-#endif   /* MOZ_CONTENT_SANDBOX */
+#endif   /* MOZ_SANDBOX */
 
  private:
   ~nsMacUtilsImpl() {}

xpcom/io/SpecialSystemDirectory.cpp

@@ -584,7 +584,7 @@ nsresult GetSpecialSystemDirectory(SystemDirectories aSystemSystemDirectory,
       }
       return rv;
     }
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
     case Win_LocalAppdataLow: {
       GUID localAppDataLowGuid = FOLDERID_LocalAppDataLow;
       return GetKnownFolder(&localAppDataLowGuid, aFile);

xpcom/io/SpecialSystemDirectory.h

@@ -34,7 +34,7 @@ enum SystemDirectories {
 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
   Win_Documents = 228,
 #endif
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   Win_LocalAppdataLow = 232,
 #endif
 

xpcom/io/nsAppDirectoryServiceDefs.h

@@ -78,22 +78,22 @@
 
 #define NS_APP_PERMISSION_PARENT_DIR "permissionDBPDir"
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 //
 // NS_APP_CONTENT_PROCESS_TEMP_DIR refers to a directory that is read and
 // write accessible from a sandboxed content process. The key may be used in
 // either process, but the directory is intended to be used for short-lived
 // files that need to be saved to the filesystem by the content process and
 // don't need to survive browser restarts. The directory is reset on startup.
-// The key is only valid when MOZ_CONTENT_SANDBOX is defined. When
-// MOZ_CONTENT_SANDBOX is defined, the directory the key refers to differs
+// The key is only valid when MOZ_SANDBOX is defined. When
+// MOZ_SANDBOX is defined, the directory the key refers to differs
 // depending on whether or not content sandboxing is enabled.
 //
-// When MOZ_CONTENT_SANDBOX is defined and sandboxing is enabled (versus
+// When MOZ_SANDBOX is defined and sandboxing is enabled (versus
 // manually disabled via prefs), the content process replaces NS_OS_TEMP_DIR
 // with NS_APP_CONTENT_PROCESS_TEMP_DIR so that legacy code in content
 // attempting to write to NS_OS_TEMP_DIR will write to
-// NS_APP_CONTENT_PROCESS_TEMP_DIR instead. When MOZ_CONTENT_SANDBOX is
+// NS_APP_CONTENT_PROCESS_TEMP_DIR instead. When MOZ_SANDBOX is
 // defined but sandboxing is disabled, NS_APP_CONTENT_PROCESS_TEMP_DIR
 // falls back to NS_OS_TEMP_DIR in both content and chrome processes.
 //
@@ -107,7 +107,7 @@
 #else
 // Otherwise NS_APP_CONTENT_PROCESS_TEMP_DIR must match NS_OS_TEMP_DIR.
 #  define NS_APP_CONTENT_PROCESS_TEMP_DIR "TmpD"
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
 #if defined(MOZ_SANDBOX)
 #  define NS_APP_PLUGIN_PROCESS_TEMP_DIR "PluginTmpD"

xpcom/io/nsDirectoryService.cpp

@@ -308,7 +308,7 @@ nsDirectoryService::UnregisterProvider(nsIDirectoryServiceProvider* aProv) {
   return NS_OK;
 }
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_WIN)
+#if defined(MOZ_SANDBOX) && defined(XP_WIN)
 static nsresult GetLowIntegrityTempBase(nsIFile** aLowIntegrityTempBase) {
   nsCOMPtr<nsIFile> localFile;
   nsresult rv =
@@ -418,7 +418,7 @@ nsDirectoryService::GetFile(const char* aProp, bool* aPersistent,
     rv = GetSpecialSystemDirectory(Win_Appdata, getter_AddRefs(localFile));
   } else if (inAtom == nsGkAtoms::DirectoryService_LocalAppdata) {
     rv = GetSpecialSystemDirectory(Win_LocalAppdata, getter_AddRefs(localFile));
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   } else if (inAtom == nsGkAtoms::DirectoryService_LocalAppdataLow) {
     rv = GetSpecialSystemDirectory(Win_LocalAppdataLow,
                                    getter_AddRefs(localFile));