Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-07 18:04:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1042426 - Added --disable-sandbox option that disables building sandbox code. r=glandium

Browse Source
This commit is contained in:
Jacek Caban 2014-08-27 16:32:55 +02:00
parent e70dbc14e7
commit 319bc9cc73
8 changed files with 42 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
configure.in
View File

@ -3840,6 +3840,7 @@ MOZ_AUDIO_CHANNEL_MANAGER=
NSS_NO_LIBPKIX=
MOZ_CONTENT_SANDBOX=
MOZ_GMP_SANDBOX=
MOZ_SANDBOX=1
JSGC_USE_EXACT_ROOTING=1
JSGC_GENERATIONAL=
@ -6348,11 +6349,19 @@ if test -n "$NSS_NO_LIBPKIX"; then
fi
AC_SUBST(NSS_NO_LIBPKIX)
dnl ========================================================
dnl = Sandboxing support
dnl ========================================================
MOZ_ARG_DISABLE_BOOL(sandbox,
[ --disable-sandbox Disable sandboxing support],
MOZ_SANDBOX=,
MOZ_SANDBOX=1)
dnl ========================================================
dnl = Content process sandboxing
dnl ========================================================
if test -n "$gonkdir"; then
MOZ_CONTENT_SANDBOX=1
MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
fi
MOZ_ARG_ENABLE_BOOL(content-sandbox,
@ -6371,17 +6380,17 @@ dnl = Gecko Media Plugin sandboxing
dnl ========================================================
case $OS_TARGET in
WINNT)
MOZ_GMP_SANDBOX=1
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
;;
Linux)
case $CPU_ARCH in
x86_64|x86)
MOZ_GMP_SANDBOX=1
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
;;
esac
;;
Darwin)
MOZ_GMP_SANDBOX=1
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
;;
esac
@ -6391,6 +6400,17 @@ fi
AC_SUBST(MOZ_GMP_SANDBOX)
if test -z "$MOZ_CONTENT_SANDBOX" -a -z "$MOZ_GMP_SANDBOX"; then
MOZ_SANDBOX=
fi
if test -n "$MOZ_SANDBOX"; then
AC_DEFINE(MOZ_SANDBOX)
fi
AC_SUBST(MOZ_SANDBOX)
dnl ========================================================
dnl =
dnl = Module specific options

4
content/media/gmp/GMPChild.cpp
View File

@ -24,7 +24,7 @@ using mozilla::dom::CrashReporterChild;
#include <unistd.h> // for _exit()
#endif
#if defined(XP_WIN)
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
#define TARGET_SANDBOX_EXPORTS
#include "mozilla/sandboxTarget.h"
#elif defined (MOZ_GMP_SANDBOX)
@ -235,7 +235,7 @@ GMPChild::Init(const std::string& aPluginPath,
return true;
#endif
#if defined(XP_WIN)
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
mozilla::SandboxTarget::Instance()->StartSandbox();
#endif

2
ipc/app/moz.build
View File

@ -28,7 +28,7 @@ LOCAL_INCLUDES += [
'/xpcom/base',
]
if CONFIG['OS_ARCH'] == 'WINNT':
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security',

8
ipc/contentproc/plugin-container.cpp
View File

@ -21,7 +21,7 @@
#include "nsSetDllDirectory.h"
#endif
#if defined(XP_WIN)
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "sandbox/chromium/base/basictypes.h"
#include "sandbox/win/src/sandbox.h"
#include "sandbox/win/src/sandbox_factory.h"
@ -68,7 +68,7 @@ InitializeBinder(void *aDummy) {
}
#endif
#if defined(XP_WIN)
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
static bool gIsSandboxEnabled = false;
void StartSandboxCallback()
{
@ -93,7 +93,7 @@ content_process_main(int argc, char* argv[])
bool isNuwa = false;
for (int i = 1; i < argc; i++) {
isNuwa |= strcmp(argv[i], "-nuwa") == 0;
#if defined(XP_WIN)
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
gIsSandboxEnabled |= strcmp(argv[i], "-sandbox") == 0;
#endif
}
@ -130,6 +130,7 @@ content_process_main(int argc, char* argv[])
SetDllDirectory(L"");
}
#ifdef MOZ_SANDBOX
if (gIsSandboxEnabled) {
sandbox::TargetServices* target_service =
sandbox::SandboxFactory::GetTargetServices();
@ -143,6 +144,7 @@ content_process_main(int argc, char* argv[])
}
mozilla::SandboxTarget::Instance()->SetStartSandboxCallback(StartSandboxCallback);
}
#endif
#endif
nsresult rv = XRE_InitChildProcess(argc, argv);

6
ipc/glue/GeckoChildProcessHost.cpp
View File

@ -126,7 +126,7 @@ GeckoChildProcessHost::GetPathToBinary(FilePath& exePath)
if (ShouldHaveDirectoryService()) {
MOZ_ASSERT(gGREPath);
#ifdef OS_WIN
exePath = FilePath(gGREPath);
exePath = FilePath(char16ptr_t(gGREPath));
#else
nsCString path;
NS_CopyUnicodeToNative(nsDependentString(gGREPath), path);
@ -781,11 +781,13 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
// shouldSandboxCurrentProcess = true;
break;
case GeckoProcessType_GMPlugin:
#ifdef MOZ_SANDBOX
if (!PR_GetEnv("MOZ_DISABLE_GMP_SANDBOX")) {
mSandboxBroker.SetSecurityLevelForGMPlugin();
cmdLine.AppendLooseValue(UTF8ToWide("-sandbox"));
shouldSandboxCurrentProcess = true;
}
#endif
break;
case GeckoProcessType_Default:
default:
@ -815,7 +817,7 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
// Process type
cmdLine.AppendLooseValue(UTF8ToWide(childProcessType));
#if defined(XP_WIN)
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
if (shouldSandboxCurrentProcess) {
mSandboxBroker.LaunchApp(cmdLine.program().c_str(),
cmdLine.command_line_string().c_str(),

5
ipc/glue/GeckoChildProcessHost.h
View File

@ -20,7 +20,7 @@
#include "nsXULAppAPI.h" // for GeckoProcessType
#include "nsString.h"
#if defined(XP_WIN)
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "sandboxBroker.h"
#endif
@ -165,7 +165,10 @@ protected:
#ifdef XP_WIN
void InitWindowsGroupID();
nsString mGroupId;
#ifdef MOZ_SANDBOX
SandboxBroker mSandboxBroker;
#endif
#endif // XP_WIN
#if defined(OS_POSIX)

2
toolkit/library/moz.build
View File

@ -50,7 +50,7 @@ USE_LIBS += [
'js',
]
if CONFIG['OS_ARCH'] == 'WINNT':
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
USE_LIBS += [
'sandboxbroker',
]

2
toolkit/toolkit.mozbuild
View File

@ -6,7 +6,7 @@
if CONFIG['LIBXUL_SDK']:
error('toolkit.mozbuild is not compatible with --enable-libxul-sdk=')
if CONFIG['MOZ_CONTENT_SANDBOX'] or CONFIG['MOZ_GMP_SANDBOX']:
if CONFIG['MOZ_SANDBOX']:
add_tier_dir('sandbox', 'security/sandbox')
# Depends on NSS and NSPR, and must be built after sandbox or else B2G emulator