mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-07 18:04:46 +00:00
Bug 1042426 - Added --disable-sandbox option that disables building sandbox code. r=glandium
This commit is contained in:
parent
e70dbc14e7
commit
319bc9cc73
28
configure.in
28
configure.in
@ -3840,6 +3840,7 @@ MOZ_AUDIO_CHANNEL_MANAGER=
|
||||
NSS_NO_LIBPKIX=
|
||||
MOZ_CONTENT_SANDBOX=
|
||||
MOZ_GMP_SANDBOX=
|
||||
MOZ_SANDBOX=1
|
||||
JSGC_USE_EXACT_ROOTING=1
|
||||
JSGC_GENERATIONAL=
|
||||
|
||||
@ -6348,11 +6349,19 @@ if test -n "$NSS_NO_LIBPKIX"; then
|
||||
fi
|
||||
AC_SUBST(NSS_NO_LIBPKIX)
|
||||
|
||||
dnl ========================================================
|
||||
dnl = Sandboxing support
|
||||
dnl ========================================================
|
||||
MOZ_ARG_DISABLE_BOOL(sandbox,
|
||||
[ --disable-sandbox Disable sandboxing support],
|
||||
MOZ_SANDBOX=,
|
||||
MOZ_SANDBOX=1)
|
||||
|
||||
dnl ========================================================
|
||||
dnl = Content process sandboxing
|
||||
dnl ========================================================
|
||||
if test -n "$gonkdir"; then
|
||||
MOZ_CONTENT_SANDBOX=1
|
||||
MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
|
||||
fi
|
||||
|
||||
MOZ_ARG_ENABLE_BOOL(content-sandbox,
|
||||
@ -6371,17 +6380,17 @@ dnl = Gecko Media Plugin sandboxing
|
||||
dnl ========================================================
|
||||
case $OS_TARGET in
|
||||
WINNT)
|
||||
MOZ_GMP_SANDBOX=1
|
||||
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
|
||||
;;
|
||||
Linux)
|
||||
case $CPU_ARCH in
|
||||
x86_64|x86)
|
||||
MOZ_GMP_SANDBOX=1
|
||||
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
Darwin)
|
||||
MOZ_GMP_SANDBOX=1
|
||||
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
|
||||
;;
|
||||
esac
|
||||
|
||||
@ -6391,6 +6400,17 @@ fi
|
||||
|
||||
AC_SUBST(MOZ_GMP_SANDBOX)
|
||||
|
||||
if test -z "$MOZ_CONTENT_SANDBOX" -a -z "$MOZ_GMP_SANDBOX"; then
|
||||
MOZ_SANDBOX=
|
||||
fi
|
||||
|
||||
if test -n "$MOZ_SANDBOX"; then
|
||||
AC_DEFINE(MOZ_SANDBOX)
|
||||
fi
|
||||
|
||||
AC_SUBST(MOZ_SANDBOX)
|
||||
|
||||
|
||||
dnl ========================================================
|
||||
dnl =
|
||||
dnl = Module specific options
|
||||
|
@ -24,7 +24,7 @@ using mozilla::dom::CrashReporterChild;
|
||||
#include <unistd.h> // for _exit()
|
||||
#endif
|
||||
|
||||
#if defined(XP_WIN)
|
||||
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
|
||||
#define TARGET_SANDBOX_EXPORTS
|
||||
#include "mozilla/sandboxTarget.h"
|
||||
#elif defined (MOZ_GMP_SANDBOX)
|
||||
@ -235,7 +235,7 @@ GMPChild::Init(const std::string& aPluginPath,
|
||||
return true;
|
||||
#endif
|
||||
|
||||
#if defined(XP_WIN)
|
||||
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
|
||||
mozilla::SandboxTarget::Instance()->StartSandbox();
|
||||
#endif
|
||||
|
||||
|
@ -28,7 +28,7 @@ LOCAL_INCLUDES += [
|
||||
'/xpcom/base',
|
||||
]
|
||||
|
||||
if CONFIG['OS_ARCH'] == 'WINNT':
|
||||
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
|
||||
# For sandbox includes and the include dependencies those have
|
||||
LOCAL_INCLUDES += [
|
||||
'/security',
|
||||
|
@ -21,7 +21,7 @@
|
||||
#include "nsSetDllDirectory.h"
|
||||
#endif
|
||||
|
||||
#if defined(XP_WIN)
|
||||
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
#include "sandbox/chromium/base/basictypes.h"
|
||||
#include "sandbox/win/src/sandbox.h"
|
||||
#include "sandbox/win/src/sandbox_factory.h"
|
||||
@ -68,7 +68,7 @@ InitializeBinder(void *aDummy) {
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(XP_WIN)
|
||||
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
static bool gIsSandboxEnabled = false;
|
||||
void StartSandboxCallback()
|
||||
{
|
||||
@ -93,7 +93,7 @@ content_process_main(int argc, char* argv[])
|
||||
bool isNuwa = false;
|
||||
for (int i = 1; i < argc; i++) {
|
||||
isNuwa |= strcmp(argv[i], "-nuwa") == 0;
|
||||
#if defined(XP_WIN)
|
||||
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
gIsSandboxEnabled |= strcmp(argv[i], "-sandbox") == 0;
|
||||
#endif
|
||||
}
|
||||
@ -130,6 +130,7 @@ content_process_main(int argc, char* argv[])
|
||||
SetDllDirectory(L"");
|
||||
}
|
||||
|
||||
#ifdef MOZ_SANDBOX
|
||||
if (gIsSandboxEnabled) {
|
||||
sandbox::TargetServices* target_service =
|
||||
sandbox::SandboxFactory::GetTargetServices();
|
||||
@ -143,6 +144,7 @@ content_process_main(int argc, char* argv[])
|
||||
}
|
||||
mozilla::SandboxTarget::Instance()->SetStartSandboxCallback(StartSandboxCallback);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
nsresult rv = XRE_InitChildProcess(argc, argv);
|
||||
|
@ -126,7 +126,7 @@ GeckoChildProcessHost::GetPathToBinary(FilePath& exePath)
|
||||
if (ShouldHaveDirectoryService()) {
|
||||
MOZ_ASSERT(gGREPath);
|
||||
#ifdef OS_WIN
|
||||
exePath = FilePath(gGREPath);
|
||||
exePath = FilePath(char16ptr_t(gGREPath));
|
||||
#else
|
||||
nsCString path;
|
||||
NS_CopyUnicodeToNative(nsDependentString(gGREPath), path);
|
||||
@ -781,11 +781,13 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
|
||||
// shouldSandboxCurrentProcess = true;
|
||||
break;
|
||||
case GeckoProcessType_GMPlugin:
|
||||
#ifdef MOZ_SANDBOX
|
||||
if (!PR_GetEnv("MOZ_DISABLE_GMP_SANDBOX")) {
|
||||
mSandboxBroker.SetSecurityLevelForGMPlugin();
|
||||
cmdLine.AppendLooseValue(UTF8ToWide("-sandbox"));
|
||||
shouldSandboxCurrentProcess = true;
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
case GeckoProcessType_Default:
|
||||
default:
|
||||
@ -815,7 +817,7 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
|
||||
// Process type
|
||||
cmdLine.AppendLooseValue(UTF8ToWide(childProcessType));
|
||||
|
||||
#if defined(XP_WIN)
|
||||
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
if (shouldSandboxCurrentProcess) {
|
||||
mSandboxBroker.LaunchApp(cmdLine.program().c_str(),
|
||||
cmdLine.command_line_string().c_str(),
|
||||
|
@ -20,7 +20,7 @@
|
||||
#include "nsXULAppAPI.h" // for GeckoProcessType
|
||||
#include "nsString.h"
|
||||
|
||||
#if defined(XP_WIN)
|
||||
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
#include "sandboxBroker.h"
|
||||
#endif
|
||||
|
||||
@ -165,7 +165,10 @@ protected:
|
||||
#ifdef XP_WIN
|
||||
void InitWindowsGroupID();
|
||||
nsString mGroupId;
|
||||
|
||||
#ifdef MOZ_SANDBOX
|
||||
SandboxBroker mSandboxBroker;
|
||||
#endif
|
||||
#endif // XP_WIN
|
||||
|
||||
#if defined(OS_POSIX)
|
||||
|
@ -50,7 +50,7 @@ USE_LIBS += [
|
||||
'js',
|
||||
]
|
||||
|
||||
if CONFIG['OS_ARCH'] == 'WINNT':
|
||||
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
|
||||
USE_LIBS += [
|
||||
'sandboxbroker',
|
||||
]
|
||||
|
@ -6,7 +6,7 @@
|
||||
if CONFIG['LIBXUL_SDK']:
|
||||
error('toolkit.mozbuild is not compatible with --enable-libxul-sdk=')
|
||||
|
||||
if CONFIG['MOZ_CONTENT_SANDBOX'] or CONFIG['MOZ_GMP_SANDBOX']:
|
||||
if CONFIG['MOZ_SANDBOX']:
|
||||
add_tier_dir('sandbox', 'security/sandbox')
|
||||
|
||||
# Depends on NSS and NSPR, and must be built after sandbox or else B2G emulator
|
||||
|
Loading…
Reference in New Issue
Block a user