mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-11 12:25:53 +00:00
Backed out 2 changesets (bug 1488439) for build bustage at /build/src/dom/plugins/ipc/PluginProcessParent.cpp on a CLOSED TREE
Backed out changeset 74b2087ee696 (bug 1488439) Backed out changeset 85575fc37555 (bug 1488439)
This commit is contained in:
parent
e250c2109d
commit
4224edc453
@ -1099,15 +1099,12 @@ pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet recvfd sen
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MOZ_SANDBOX)
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// ID (a UUID when set by gecko) that is used to form the name of a
|
||||
// sandbox-writable temporary directory to be used by content processes
|
||||
// when a temporary writable file is required in a level 1 sandbox.
|
||||
pref("security.sandbox.content.tempDirSuffix", "");
|
||||
#endif
|
||||
pref("security.sandbox.plugin.tempDirSuffix", "");
|
||||
#endif
|
||||
|
||||
#if defined(MOZ_SANDBOX)
|
||||
// This pref determines if messages relevant to sandbox violations are
|
||||
|
@ -289,8 +289,6 @@ inline bool ParameterEquality(const char* const& aParam1, const char* const& aPa
|
||||
template<typename OrigType> struct IPCTypeMap { typedef OrigType ipc_type; };
|
||||
template<> struct IPCTypeMap<char*> { typedef nsDependentCSubstring ipc_type; };
|
||||
template<> struct IPCTypeMap<const char*> { typedef nsDependentCSubstring ipc_type; };
|
||||
template<> struct IPCTypeMap<wchar_t*> { typedef nsString ipc_type; };
|
||||
template<> struct IPCTypeMap<const wchar_t*> { typedef nsString ipc_type; };
|
||||
template<> struct IPCTypeMap<long> { typedef int32_t ipc_type; };
|
||||
template<> struct IPCTypeMap<unsigned long> { typedef uint32_t ipc_type; };
|
||||
|
||||
@ -506,17 +504,6 @@ struct BaseEndpointHandler<CLIENT,SelfType> {
|
||||
}
|
||||
}
|
||||
|
||||
inline static void Copy(nsString& aDest, wchar_t* const& aSrc)
|
||||
{
|
||||
if (aSrc) {
|
||||
// We are using nsString as a "raw" container for a wchar_t string. We
|
||||
// just use its data as a wchar_t* later (so the reinterpret_cast is safe).
|
||||
aDest.Rebind(reinterpret_cast<char16_t*>(aSrc), wcslen(aSrc));
|
||||
} else {
|
||||
aDest.SetIsVoid(true);
|
||||
}
|
||||
}
|
||||
|
||||
inline static void Copy(char*& aDest, const nsDependentCSubstring& aSrc)
|
||||
{
|
||||
MOZ_ASSERT_UNREACHABLE("Returning char* parameters is not yet suported.");
|
||||
@ -594,27 +581,6 @@ struct BaseEndpointHandler<SERVER, SelfType> {
|
||||
aDest = nonConstDest;
|
||||
}
|
||||
|
||||
inline static void Copy(ServerCallData* aScd, wchar_t*& aDest, const nsString& aSrc)
|
||||
{
|
||||
// Allocating the string with aScd means it will last during the server call
|
||||
// and be freed when the call is complete.
|
||||
MOZ_ASSERT(aScd);
|
||||
if (aSrc.IsVoid()) {
|
||||
aDest = nullptr;
|
||||
return;
|
||||
}
|
||||
aScd->AllocateMemory((aSrc.Length() + 1)*sizeof(wchar_t), aDest);
|
||||
memcpy(aDest, aSrc.Data(), aSrc.Length() * sizeof(wchar_t));
|
||||
aDest[aSrc.Length()] = L'\0';
|
||||
}
|
||||
|
||||
inline static void Copy(ServerCallData* aScd, const wchar_t*& aDest, const nsString& aSrc)
|
||||
{
|
||||
wchar_t* nonConstDest;
|
||||
Copy(aScd, nonConstDest, aSrc);
|
||||
aDest = nonConstDest;
|
||||
}
|
||||
|
||||
#if defined(XP_WIN)
|
||||
inline static void Copy(uint32_t& aDest, const LPDWORD& aSrc)
|
||||
{
|
||||
|
@ -48,7 +48,6 @@ enum FunctionHookId
|
||||
, ID_FreeCredentialsHandle
|
||||
, ID_PrintDlgW
|
||||
, ID_CreateMutexW
|
||||
, ID_GetFileAttributesW
|
||||
, ID_FunctionHookCount
|
||||
#else // defined(XP_WIN)
|
||||
ID_FunctionHookCount
|
||||
|
@ -11,7 +11,6 @@
|
||||
|
||||
#if defined(XP_WIN)
|
||||
#include <shlobj.h>
|
||||
#include "PluginModuleChild.h"
|
||||
#endif
|
||||
|
||||
namespace mozilla {
|
||||
@ -309,38 +308,6 @@ void FunctionHook::HookProtectedMode()
|
||||
sCreateFileAStub.Set(sKernel32Intercept, "CreateFileA", &CreateFileAHookFn);
|
||||
}
|
||||
|
||||
/* GetFileAttributesW */
|
||||
|
||||
typedef BasicFunctionHook<ID_GetFileAttributesW, decltype(GetFileAttributesW)> GetFileAttributesWFH;
|
||||
|
||||
DWORD WINAPI GetFileAttributesWHook(LPCWSTR aFilename)
|
||||
{
|
||||
MOZ_ASSERT(ID_GetFileAttributesW < FunctionHook::GetHooks()->Length());
|
||||
GetFileAttributesWFH* functionHook =
|
||||
static_cast<GetFileAttributesWFH*>(FunctionHook::GetHooks()->ElementAt(ID_GetFileAttributesW));
|
||||
if (!functionHook->OriginalFunction()) {
|
||||
NS_ASSERTION(FALSE, "Something is horribly wrong in GetFileAttributesWHook!");
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
DWORD ret = functionHook->OriginalFunction()(aFilename);
|
||||
if (ret != INVALID_FILE_ATTRIBUTES) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
// If aFilename is a parent of PluginModuleChild::GetFlashRoamingPath then
|
||||
// assume it was blocked by the sandbox and just report it as a plain directory.
|
||||
size_t len = wcslen(aFilename);
|
||||
std::wstring roamingPath = PluginModuleChild::GetFlashRoamingPath();
|
||||
bool isParent =
|
||||
(len > 0) && (aFilename[len - 1] == L'\\') &&
|
||||
(_wcsnicmp(aFilename, roamingPath.c_str(), len) == 0);
|
||||
if (!isParent) {
|
||||
return ret;
|
||||
}
|
||||
return FILE_ATTRIBUTE_DIRECTORY;
|
||||
}
|
||||
|
||||
#endif // defined(XP_WIN)
|
||||
|
||||
#define FUN_HOOK(x) static_cast<FunctionHook*>(x)
|
||||
@ -356,10 +323,6 @@ FunctionHook::AddFunctionHooks(FunctionHookArray& aHooks)
|
||||
aHooks[ID_PrintDlgW] =
|
||||
FUN_HOOK(new PrintDlgWFH("comdlg32.dll", "PrintDlgW", &PrintDlgW,
|
||||
PrintDlgWHook));
|
||||
aHooks[ID_GetFileAttributesW] =
|
||||
FUN_HOOK(new GetFileAttributesWFH("kernel32.dll", "GetFileAttributesW",
|
||||
&GetFileAttributesW,
|
||||
&GetFileAttributesWHook));
|
||||
#endif // defined(XP_WIN)
|
||||
}
|
||||
|
||||
|
@ -39,13 +39,13 @@ private:
|
||||
|
||||
#if defined(XP_WIN)
|
||||
typedef MaybeVariant<int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,
|
||||
int64_t,uint64_t,nsCString,nsString,bool,OpenFileNameIPC,
|
||||
int64_t,uint64_t,nsCString,bool,OpenFileNameIPC,
|
||||
OpenFileNameRetIPC,NativeWindowHandle,
|
||||
IPCSchannelCred,IPCInternetBuffers,StringArray,
|
||||
IPCPrintDlg> IpdlTupleElement;
|
||||
#else
|
||||
typedef MaybeVariant<int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,
|
||||
int64_t,uint64_t,nsCString,nsString,bool> IpdlTupleElement;
|
||||
int64_t,uint64_t,nsCString,bool> IpdlTupleElement;
|
||||
#endif // defined(XP_WIN)
|
||||
|
||||
} // namespace internal
|
||||
|
@ -65,9 +65,6 @@ using namespace mozilla::widget;
|
||||
|
||||
#if defined(XP_WIN)
|
||||
const wchar_t * kFlashFullscreenClass = L"ShockwaveFlashFullScreen";
|
||||
#if defined(MOZ_SANDBOX)
|
||||
std::wstring sRoamingPath;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
namespace {
|
||||
@ -211,21 +208,6 @@ PluginModuleChild::EnableFlashSandbox(int aLevel, bool aShouldEnableLogging)
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(OS_WIN) && defined(MOZ_SANDBOX)
|
||||
/* static */ void
|
||||
PluginModuleChild::SetFlashRoamingPath(const std::wstring& aRoamingPath)
|
||||
{
|
||||
MOZ_ASSERT(sRoamingPath.empty());
|
||||
sRoamingPath = aRoamingPath;
|
||||
}
|
||||
|
||||
/* static */ std::wstring
|
||||
PluginModuleChild::GetFlashRoamingPath()
|
||||
{
|
||||
return sRoamingPath;
|
||||
}
|
||||
#endif
|
||||
|
||||
bool
|
||||
PluginModuleChild::InitForChrome(const std::string& aPluginFilename,
|
||||
base::ProcessId aParentPid,
|
||||
@ -234,11 +216,6 @@ PluginModuleChild::InitForChrome(const std::string& aPluginFilename,
|
||||
{
|
||||
NS_ASSERTION(aChannel, "need a channel");
|
||||
|
||||
#if defined(OS_WIN) && defined(MOZ_SANDBOX)
|
||||
MOZ_ASSERT(!sRoamingPath.empty(),
|
||||
"Should have already called SetFlashRoamingPath");
|
||||
#endif
|
||||
|
||||
if (!InitGraphics())
|
||||
return false;
|
||||
|
||||
|
@ -125,13 +125,6 @@ public:
|
||||
|
||||
void CommonInit();
|
||||
|
||||
#if defined(OS_WIN) && defined(MOZ_SANDBOX)
|
||||
// Path to the roaming Flash Player folder. This is used to restore some
|
||||
// behavior blocked by the sandbox.
|
||||
static void SetFlashRoamingPath(const std::wstring& aRoamingPath);
|
||||
static std::wstring GetFlashRoamingPath();
|
||||
#endif
|
||||
|
||||
// aPluginFilename is UTF8, not native-charset!
|
||||
bool InitForChrome(const std::string& aPluginFilename,
|
||||
base::ProcessId aParentPid,
|
||||
|
@ -29,8 +29,6 @@ extern "C" CGError CGSSetDebugOptions(int options);
|
||||
#ifdef XP_WIN
|
||||
#if defined(MOZ_SANDBOX)
|
||||
#include "mozilla/sandboxTarget.h"
|
||||
#include "ProcessUtils.h"
|
||||
#include "nsDirectoryService.h"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -43,21 +41,6 @@ using mozilla::ipc::IOThreadChild;
|
||||
namespace mozilla {
|
||||
namespace plugins {
|
||||
|
||||
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
static void
|
||||
SetSandboxTempPath(const std::wstring& aFullTmpPath)
|
||||
{
|
||||
// Save the TMP environment variable so that is is picked up by GetTempPath().
|
||||
// Note that we specifically write to the TMP variable, as that is the first
|
||||
// variable that is checked by GetTempPath() to determine its output.
|
||||
Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", aFullTmpPath.c_str()));
|
||||
|
||||
// We also set TEMP in case there is naughty third-party code that is
|
||||
// referencing the environment variable directly.
|
||||
Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", aFullTmpPath.c_str()));
|
||||
}
|
||||
#endif
|
||||
|
||||
bool
|
||||
PluginProcessChild::Init(int aArgc, char* aArgv[])
|
||||
{
|
||||
@ -136,11 +119,6 @@ PluginProcessChild::Init(int aArgc, char* aArgv[])
|
||||
CommandLine::ForCurrentProcess()->GetLooseValues();
|
||||
MOZ_ASSERT(values.size() >= 1, "not enough loose args");
|
||||
|
||||
// parameters are:
|
||||
// values[0] is path to plugin DLL
|
||||
// values[1] is path to folder that should be used for temp files
|
||||
// values[2] is path to the Flash Player roaming folder
|
||||
// (this is always that Flash folder, regardless of what plugin is being run)
|
||||
pluginFilename = WideToUTF8(values[0]);
|
||||
|
||||
// We don't initialize XPCOM but we need the thread manager and the
|
||||
@ -152,13 +130,6 @@ PluginProcessChild::Init(int aArgc, char* aArgv[])
|
||||
nsThreadManager::get().Init();
|
||||
|
||||
#if defined(MOZ_SANDBOX)
|
||||
MOZ_ASSERT(values.size() >= 3, "not enough loose args for sandboxed plugin process");
|
||||
|
||||
// The sandbox closes off the default location temp file location so we set
|
||||
// a new one here (regardless of whether or not we are sandboxing).
|
||||
SetSandboxTempPath(values[1]);
|
||||
PluginModuleChild::SetFlashRoamingPath(values[2]);
|
||||
|
||||
// This is probably the earliest we would want to start the sandbox.
|
||||
// As we attempt to tighten the sandbox, we may need to consider moving this
|
||||
// to later in the plugin initialization.
|
||||
|
@ -9,11 +9,6 @@
|
||||
#include "base/string_util.h"
|
||||
#include "base/process_util.h"
|
||||
|
||||
#include "nsAppDirectoryServiceDefs.h"
|
||||
#include "nsDirectoryServiceDefs.h"
|
||||
#include "nsIProperties.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
|
||||
#include "mozilla/ipc/BrowserProcessSubThread.h"
|
||||
#include "mozilla/plugins/PluginMessageUtils.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
@ -93,40 +88,6 @@ PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchComple
|
||||
args.push_back("-flashSandboxLogging");
|
||||
}
|
||||
}
|
||||
#elseif defined(XP_WIN) && defined(MOZ_SANDBOX)
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIProperties> dirSvc =
|
||||
do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
|
||||
if (NS_FAILED(rv)) {
|
||||
MOZ_ASSERT(false, "Failed to get directory service.");
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIFile> dir;
|
||||
rv =
|
||||
dirSvc->Get(NS_APP_PLUGIN_PROCESS_TEMP_DIR, NS_GET_IID(nsIFile),
|
||||
getter_AddRefs(dir));
|
||||
if (NS_FAILED(rv)) {
|
||||
NS_WARNING("Failed to get plugin process temp directory.");
|
||||
return false;
|
||||
}
|
||||
|
||||
nsAutoString tempDir;
|
||||
MOZ_ALWAYS_SUCCEEDS(dir->GetPath(tempDir));
|
||||
args.push_back(NS_ConvertUTF16toUTF8(tempDir).get());
|
||||
|
||||
rv =
|
||||
dirSvc->Get(NS_WIN_APPDATA_DIR, NS_GET_IID(nsIFile),
|
||||
getter_AddRefs(dir));
|
||||
if (NS_FAILED(rv)) {
|
||||
NS_WARNING("Failed to get appdata directory.");
|
||||
return false;
|
||||
}
|
||||
|
||||
nsAutoString appdataDir;
|
||||
MOZ_ALWAYS_SUCCEEDS(dir->GetPath(appdataDir));
|
||||
appdataDir.Append(L"\\Adobe\\");
|
||||
args.push_back(NS_ConvertUTF16toUTF8(appdataDir).get());
|
||||
#endif
|
||||
|
||||
bool result = AsyncLaunch(args);
|
||||
|
@ -44,7 +44,6 @@ bool SandboxBroker::sRunningFromNetworkDrive = false;
|
||||
static UniquePtr<nsString> sBinDir;
|
||||
static UniquePtr<nsString> sProfileDir;
|
||||
static UniquePtr<nsString> sContentTempDir;
|
||||
static UniquePtr<nsString> sPluginTempDir;
|
||||
static UniquePtr<nsString> sRoamingAppDataDir;
|
||||
static UniquePtr<nsString> sLocalAppDataDir;
|
||||
static UniquePtr<nsString> sUserExtensionsDevDir;
|
||||
@ -116,7 +115,6 @@ SandboxBroker::GeckoDependentInitialize()
|
||||
CacheDirAndAutoClear(dirSvc, NS_GRE_DIR, &sBinDir);
|
||||
CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
|
||||
CacheDirAndAutoClear(dirSvc, NS_APP_CONTENT_PROCESS_TEMP_DIR, &sContentTempDir);
|
||||
CacheDirAndAutoClear(dirSvc, NS_APP_PLUGIN_PROCESS_TEMP_DIR, &sPluginTempDir);
|
||||
CacheDirAndAutoClear(dirSvc, NS_WIN_APPDATA_DIR, &sRoamingAppDataDir);
|
||||
CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
|
||||
CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DEV_DIR, &sUserExtensionsDevDir);
|
||||
@ -701,6 +699,11 @@ SandboxBroker::SetSecurityLevelForPluginProcess(int32_t aSandboxLevel)
|
||||
delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
|
||||
}
|
||||
|
||||
#ifndef NIGHTLY_BUILD
|
||||
// We are experimenting with using restricting SIDs in the nightly builds
|
||||
mPolicy->SetDoNotUseRestrictingSIDs();
|
||||
#endif
|
||||
|
||||
sandbox::ResultCode result = SetJobLevel(mPolicy, jobLevel,
|
||||
0 /* ui_exceptions */);
|
||||
SANDBOX_ENSURE_SUCCESS(result,
|
||||
@ -746,15 +749,6 @@ SandboxBroker::SetSecurityLevelForPluginProcess(int32_t aSandboxLevel)
|
||||
SANDBOX_ENSURE_SUCCESS(result,
|
||||
"Invalid flags for SetDelayedProcessMitigations.");
|
||||
|
||||
#ifndef NIGHTLY_BUILD
|
||||
// We are experimenting with using restricting SIDs in the nightly builds
|
||||
mPolicy->SetDoNotUseRestrictingSIDs();
|
||||
#else
|
||||
// Add rule to allow read / write access to a special plugin temp dir.
|
||||
AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
|
||||
sPluginTempDir, NS_LITERAL_STRING("\\*"));
|
||||
#endif
|
||||
|
||||
if (aSandboxLevel >= 2) {
|
||||
// Level 2 and above uses low integrity, so we need to give write access to
|
||||
// the Flash directories.
|
||||
|
@ -82,11 +82,11 @@
|
||||
#define PREF_OVERRIDE_DIRNAME "preferences"
|
||||
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
static already_AddRefed<nsIFile> GetProcessSandboxTempDir(GeckoProcessType type);
|
||||
static already_AddRefed<nsIFile> GetContentProcessSandboxTempDir();
|
||||
static nsresult DeleteDirIfExists(nsIFile *dir);
|
||||
static bool IsContentSandboxDisabled();
|
||||
static const char* GetProcessTempBaseDirKey();
|
||||
static already_AddRefed<nsIFile> CreateProcessSandboxTempDir(GeckoProcessType procType);
|
||||
static const char* GetContentProcessTempBaseDirKey();
|
||||
static already_AddRefed<nsIFile> CreateContentProcessSandboxTempDir();
|
||||
#endif
|
||||
|
||||
nsXREDirProvider* gDirServiceProvider = nullptr;
|
||||
@ -526,15 +526,7 @@ nsXREDirProvider::GetFile(const char* aProperty, bool* aPersistent,
|
||||
}
|
||||
rv = mContentTempDir->Clone(getter_AddRefs(file));
|
||||
}
|
||||
#endif // defined(MOZ_CONTENT_SANDBOX)
|
||||
#if defined(MOZ_SANDBOX)
|
||||
else if (0 == strcmp(aProperty, NS_APP_PLUGIN_PROCESS_TEMP_DIR)) {
|
||||
if (!mPluginTempDir && NS_FAILED((rv = LoadPluginProcessTempDir()))) {
|
||||
return rv;
|
||||
}
|
||||
rv = mPluginTempDir->Clone(getter_AddRefs(file));
|
||||
}
|
||||
#endif // defined(MOZ_SANDBOX)
|
||||
#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
|
||||
else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) {
|
||||
// We need to allow component, xpt, and chrome registration to
|
||||
// occur prior to the profile-after-change notification.
|
||||
@ -674,10 +666,10 @@ nsXREDirProvider::GetFiles(const char* aProperty, nsISimpleEnumerator** aResult)
|
||||
return NS_SUCCESS_AGGREGATE_RESULT;
|
||||
}
|
||||
|
||||
#if defined(MOZ_SANDBOX)
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
|
||||
static const char*
|
||||
GetProcessTempBaseDirKey()
|
||||
GetContentProcessTempBaseDirKey()
|
||||
{
|
||||
#if defined(XP_WIN)
|
||||
return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
|
||||
@ -686,7 +678,6 @@ GetProcessTempBaseDirKey()
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
//
|
||||
// Sets mContentTempDir so that it refers to the appropriate temp dir.
|
||||
// If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
|
||||
@ -697,14 +688,10 @@ nsXREDirProvider::LoadContentProcessTempDir()
|
||||
{
|
||||
// The parent is responsible for creating the sandbox temp dir.
|
||||
if (XRE_IsParentProcess()) {
|
||||
mContentProcessSandboxTempDir =
|
||||
CreateProcessSandboxTempDir(GeckoProcessType_Content);
|
||||
mContentProcessSandboxTempDir = CreateContentProcessSandboxTempDir();
|
||||
mContentTempDir = mContentProcessSandboxTempDir;
|
||||
} else {
|
||||
mContentTempDir =
|
||||
!IsContentSandboxDisabled() ?
|
||||
GetProcessSandboxTempDir(GeckoProcessType_Content) :
|
||||
nullptr;
|
||||
mContentTempDir = GetContentProcessSandboxTempDir();
|
||||
}
|
||||
|
||||
if (!mContentTempDir) {
|
||||
@ -726,45 +713,6 @@ nsXREDirProvider::LoadContentProcessTempDir()
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
#endif
|
||||
|
||||
//
|
||||
// Sets mPluginTempDir so that it refers to the appropriate temp dir.
|
||||
// If NS_APP_PLUGIN_PROCESS_TEMP_DIR fails for any reason, NS_OS_TEMP_DIR
|
||||
// is used.
|
||||
//
|
||||
nsresult
|
||||
nsXREDirProvider::LoadPluginProcessTempDir()
|
||||
{
|
||||
// The parent is responsible for creating the sandbox temp dir.
|
||||
if (XRE_IsParentProcess()) {
|
||||
mPluginProcessSandboxTempDir =
|
||||
CreateProcessSandboxTempDir(GeckoProcessType_Plugin);
|
||||
mPluginTempDir = mPluginProcessSandboxTempDir;
|
||||
} else {
|
||||
MOZ_ASSERT(XRE_IsPluginProcess());
|
||||
mPluginTempDir = GetProcessSandboxTempDir(GeckoProcessType_Plugin);
|
||||
}
|
||||
|
||||
if (!mPluginTempDir) {
|
||||
nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
|
||||
getter_AddRefs(mPluginTempDir));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return rv;
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(XP_WIN)
|
||||
// The temp dir is used in sandbox rules, so we need to make sure
|
||||
// it doesn't contain any junction points or symlinks or the sandbox will
|
||||
// reject those rules.
|
||||
if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mPluginTempDir)) {
|
||||
NS_WARNING("Failed to resolve plugin temp dir.");
|
||||
}
|
||||
#endif
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
static bool
|
||||
IsContentSandboxDisabled()
|
||||
@ -773,30 +721,28 @@ IsContentSandboxDisabled()
|
||||
}
|
||||
|
||||
//
|
||||
// If a process sandbox temp dir is to be used, returns an nsIFile
|
||||
// for the directory. Returns null if an error occurs.
|
||||
// If a content process sandbox temp dir is to be used, returns an nsIFile
|
||||
// for the directory. Returns null if the content sandbox is disabled or
|
||||
// an error occurs.
|
||||
//
|
||||
static already_AddRefed<nsIFile>
|
||||
GetProcessSandboxTempDir(GeckoProcessType type)
|
||||
GetContentProcessSandboxTempDir()
|
||||
{
|
||||
if (IsContentSandboxDisabled()) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIFile> localFile;
|
||||
|
||||
nsresult rv = NS_GetSpecialDirectory(GetProcessTempBaseDirKey(),
|
||||
nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(),
|
||||
getter_AddRefs(localFile));
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
MOZ_ASSERT((type == GeckoProcessType_Content) ||
|
||||
(type == GeckoProcessType_Plugin));
|
||||
|
||||
const char* prefKey =
|
||||
(type == GeckoProcessType_Content) ?
|
||||
"security.sandbox.content.tempDirSuffix" :
|
||||
"security.sandbox.plugin.tempDirSuffix";
|
||||
|
||||
nsAutoString tempDirSuffix;
|
||||
rv = Preferences::GetString(prefKey, tempDirSuffix);
|
||||
rv = Preferences::GetString("security.sandbox.content.tempDirSuffix",
|
||||
tempDirSuffix);
|
||||
if (NS_WARN_IF(NS_FAILED(rv)) || tempDirSuffix.IsEmpty()) {
|
||||
return nullptr;
|
||||
}
|
||||
@ -810,33 +756,23 @@ GetProcessSandboxTempDir(GeckoProcessType type)
|
||||
}
|
||||
|
||||
//
|
||||
// Create a temporary directory for use from sandboxed processes.
|
||||
// Create a temporary directory for use from sandboxed content processes.
|
||||
// Only called in the parent. The path is derived from a UUID stored in a
|
||||
// pref which is available to content and plugin processes. Returns null
|
||||
// if the content sandbox is disabled or if an error occurs.
|
||||
// pref which is available to content processes. Returns null if the
|
||||
// content sandbox is disabled or if an error occurs.
|
||||
//
|
||||
static already_AddRefed<nsIFile>
|
||||
CreateProcessSandboxTempDir(GeckoProcessType procType)
|
||||
CreateContentProcessSandboxTempDir()
|
||||
{
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
if ((procType == GeckoProcessType_Content) &&
|
||||
IsContentSandboxDisabled()) {
|
||||
if (IsContentSandboxDisabled()) {
|
||||
return nullptr;
|
||||
}
|
||||
#endif
|
||||
|
||||
MOZ_ASSERT((procType == GeckoProcessType_Content) ||
|
||||
(procType == GeckoProcessType_Plugin));
|
||||
|
||||
// Get (and create if blank) temp directory suffix pref.
|
||||
const char* pref =
|
||||
(procType == GeckoProcessType_Content) ?
|
||||
"security.sandbox.content.tempDirSuffix" :
|
||||
"security.sandbox.plugin.tempDirSuffix";
|
||||
|
||||
nsresult rv;
|
||||
nsAutoString tempDirSuffix;
|
||||
Preferences::GetString(pref, tempDirSuffix);
|
||||
Preferences::GetString("security.sandbox.content.tempDirSuffix",
|
||||
tempDirSuffix);
|
||||
if (tempDirSuffix.IsEmpty()) {
|
||||
nsCOMPtr<nsIUUIDGenerator> uuidgen =
|
||||
do_GetService("@mozilla.org/uuid-generator;1", &rv);
|
||||
@ -860,7 +796,8 @@ CreateProcessSandboxTempDir(GeckoProcessType procType)
|
||||
#endif
|
||||
|
||||
// Save the pref
|
||||
rv = Preferences::SetString(pref, tempDirSuffix);
|
||||
rv = Preferences::SetString("security.sandbox.content.tempDirSuffix",
|
||||
tempDirSuffix);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
// If we fail to save the pref we don't want to create the temp dir,
|
||||
// because we won't be able to clean it up later.
|
||||
@ -879,7 +816,7 @@ CreateProcessSandboxTempDir(GeckoProcessType procType)
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIFile> sandboxTempDir = GetProcessSandboxTempDir(procType);
|
||||
nsCOMPtr<nsIFile> sandboxTempDir = GetContentProcessSandboxTempDir();
|
||||
if (!sandboxTempDir) {
|
||||
NS_WARNING("Failed to determine sandbox temp dir path.");
|
||||
return nullptr;
|
||||
@ -917,7 +854,7 @@ DeleteDirIfExists(nsIFile* dir)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
#endif // defined(MOZ_SANDBOX)
|
||||
#endif // defined(MOZ_CONTENT_SANDBOX)
|
||||
|
||||
static const char *const kAppendPrefDir[] = { "defaults", "preferences", nullptr };
|
||||
|
||||
@ -1137,11 +1074,6 @@ nsXREDirProvider::DoStartup()
|
||||
if (!mContentTempDir) {
|
||||
mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadContentProcessTempDir()));
|
||||
}
|
||||
#endif
|
||||
#if defined(MOZ_SANDBOX)
|
||||
if (!mPluginTempDir) {
|
||||
mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadPluginProcessTempDir()));
|
||||
}
|
||||
#endif
|
||||
}
|
||||
return NS_OK;
|
||||
@ -1175,14 +1107,11 @@ nsXREDirProvider::DoShutdown()
|
||||
mProfileNotified = false;
|
||||
}
|
||||
|
||||
if (XRE_IsParentProcess()) {
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
if (XRE_IsParentProcess()) {
|
||||
Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
|
||||
#endif
|
||||
#if defined(MOZ_SANDBOX)
|
||||
Unused << DeleteDirIfExists(mPluginProcessSandboxTempDir);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef XP_WIN
|
||||
|
@ -129,9 +129,6 @@ protected:
|
||||
// Load the temp directory for sandboxed content processes
|
||||
nsresult LoadContentProcessTempDir();
|
||||
#endif
|
||||
#if defined(MOZ_SANDBOX)
|
||||
nsresult LoadPluginProcessTempDir();
|
||||
#endif
|
||||
|
||||
void Append(nsIFile* aDirectory);
|
||||
|
||||
@ -149,10 +146,6 @@ protected:
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
nsCOMPtr<nsIFile> mContentTempDir;
|
||||
nsCOMPtr<nsIFile> mContentProcessSandboxTempDir;
|
||||
#endif
|
||||
#if defined(MOZ_SANDBOX)
|
||||
nsCOMPtr<nsIFile> mPluginTempDir;
|
||||
nsCOMPtr<nsIFile> mPluginProcessSandboxTempDir;
|
||||
#endif
|
||||
nsCOMArray<nsIFile> mAppBundleDirectories;
|
||||
};
|
||||
|
@ -103,12 +103,6 @@
|
||||
#else
|
||||
// Otherwise NS_APP_CONTENT_PROCESS_TEMP_DIR must match NS_OS_TEMP_DIR.
|
||||
#define NS_APP_CONTENT_PROCESS_TEMP_DIR "TmpD"
|
||||
#endif // defined(MOZ_CONTENT_SANDBOX)
|
||||
|
||||
#if defined(MOZ_SANDBOX)
|
||||
#define NS_APP_PLUGIN_PROCESS_TEMP_DIR "PluginTmpD"
|
||||
#else
|
||||
#define NS_APP_PLUGIN_PROCESS_TEMP_DIR "TmpD"
|
||||
#endif
|
||||
#endif // (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
|
||||
|
||||
#endif // nsAppDirectoryServiceDefs_h___
|
||||
|
Loading…
Reference in New Issue
Block a user