Backed out 2 changesets (bug 1425688) on request from jorgk for breaking the Certificate Manager r=backout a=backout

Backed out changeset f73324a4d033 (bug 1425688)
Backed out changeset bd2bf7b7fead (bug 1425688)

.eslintrc.js

@@ -37,6 +37,7 @@ module.exports = {
       "dom/media/**",
       "extensions/pref/**",
       "mobile/android/**",
+      "security/**",
       "testing/**",
       "tools/profiler/**",
     ],

security/manager/pki/resources/content/certManager.js

@@ -4,6 +4,8 @@
 /* import-globals-from pippki.js */
 "use strict";
 
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
 const nsIFilePicker = Components.interfaces.nsIFilePicker;
 const nsFilePicker = "@mozilla.org/filepicker;1";
 const nsIX509CertDB = Components.interfaces.nsIX509CertDB;

security/manager/pki/resources/content/certViewer.js

@@ -1,8 +1,6 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* import-globals-from pippki.js */
 "use strict";
 
 /**
@@ -13,6 +11,9 @@
  *           The cert to view, queryable to nsIX509Cert.
  */
 
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+
 const nsIX509Cert = Ci.nsIX509Cert;
 const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
 const nsIX509CertDB = Ci.nsIX509CertDB;
@@ -26,6 +27,12 @@ const nsASN1Tree = "@mozilla.org/security/nsASN1Tree;1";
 
 var bundle;
 
+function doPrompt(msg) {
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  prompts.alert(window, null, msg);
+}
+
 /**
  * Fills out the "Certificate Hierarchy" tree of the cert viewer "Details" tab.
  *
@@ -357,7 +364,9 @@ function updateCertDump() {
           .view.QueryInterface(nsIASN1Tree);
 
   var tree = document.getElementById("treesetDump");
-  if (tree.currentIndex >= 0) {
+  if (tree.currentIndex < 0) {
+    doPrompt("No items are selected."); // This should never happen.
+  } else {
     var item = tree.contentView.getItemAtIndex(tree.currentIndex);
     var dbKey = item.firstChild.firstChild.getAttribute("display");
     //  Get the cert from the cert database

security/manager/pki/resources/content/certViewer.xul

@@ -20,9 +20,9 @@
 
 <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
 
-<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
 <script type="application/javascript"
         src="chrome://pippki/content/certViewer.js"/>
+<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
 
   <tabbox flex="1">
     <tabs>

security/manager/pki/resources/content/changepassword.js

@@ -4,7 +4,6 @@
 "use strict";
 
 const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
-const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
 
 const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
 const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
@@ -17,7 +16,9 @@ var tokenName = "";
 var pw1;
 
 function doPrompt(msg) {
-  Services.prompt.alert(window, null, msg);
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  prompts.alert(window, null, msg);
 }
 
 function onLoad() {

security/manager/pki/resources/content/clientauthask.js

@@ -39,6 +39,10 @@
  *           value if |certChosen| is not true.
  */
 
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+
 /**
  * The pippki <stringbundle> element.
  * @type <stringbundle>

security/manager/pki/resources/content/deletecert.js

@@ -23,6 +23,8 @@
  *           false otherwise.
  */
 
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
 /**
  * Returns the most appropriate string to represent the given nsICertTreeItem.
  * @param {nsICertTreeItem} certTreeItem

security/manager/pki/resources/content/deletecert.xul

@@ -17,8 +17,8 @@
 
   <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
 
-  <script type="application/javascript" src="pippki.js" />
   <script type="application/javascript" src="chrome://pippki/content/deletecert.js"/>
+  <script type="application/javascript" src="pippki.js" />
 
   <description id="confirm" style="width: 400px;"/>
   <richlistbox id="certlist" class="box-padded" flex="1"

security/manager/pki/resources/content/device_manager.js

@@ -3,9 +3,6 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 "use strict";
 
-const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
-const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
-
 const nsIPKCS11Slot = Components.interfaces.nsIPKCS11Slot;
 const nsIPKCS11Module = Components.interfaces.nsIPKCS11Module;
 const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
@@ -32,11 +29,15 @@ function getNSSString(name) {
 }
 
 function doPrompt(msg) {
-  Services.prompt.alert(window, null, msg);
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  prompts.alert(window, null, msg);
 }
 
 function doConfirm(msg) {
-  return Services.prompt.confirm(window, null, msg);
+  let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+    getService(Components.interfaces.nsIPromptService);
+  return prompts.confirm(window, null, msg);
 }
 
 function RefreshDeviceList() {

security/manager/pki/resources/content/downloadcert.js

@@ -29,6 +29,8 @@
  *           otherwise. Undefined value if |importConfirmed| is not true.
  */
 
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
 /**
  * The cert to potentially import.
  * @type nsIX509Cert

security/manager/pki/resources/content/downloadcert.xul

@@ -18,8 +18,8 @@
 
 <stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
 
-<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
 <script type="application/javascript" src="chrome://pippki/content/downloadcert.js"/>
+<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
 
 
   <!--  Let 'em know what they're doing -->

security/manager/pki/resources/content/editcacert.js

@@ -4,6 +4,8 @@
 /* import-globals-from pippki.js */
 "use strict";
 
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
 var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
                 .getService(Ci.nsIX509CertDB);
 /**

security/manager/pki/resources/content/exceptionDialog.js

@@ -49,7 +49,9 @@ function initExceptionDialog() {
   gDialog = document.documentElement;
   gBundleBrand = document.getElementById("brand_bundle");
   gPKIBundle = document.getElementById("pippki_bundle");
-  gSecHistogram = Services.telemetry.getHistogramById("SECURITY_UI");
+  gSecHistogram = Components.classes["@mozilla.org/base/telemetry;1"].
+                    getService(Components.interfaces.nsITelemetry).
+                    getHistogramById("SECURITY_UI");
   gNsISecTel = Components.interfaces.nsISecurityUITelemetry;
 
   var brandName = gBundleBrand.getString("brandShortName");
@@ -141,8 +143,10 @@ function getURI() {
   // Use fixup service instead of just ioservice's newURI since it's quite
   // likely that the host will be supplied without a protocol prefix, resulting
   // in malformed uri exceptions being thrown.
+  let fus = Components.classes["@mozilla.org/docshell/urifixup;1"]
+                      .getService(Components.interfaces.nsIURIFixup);
   let locationTextBox = document.getElementById("locationTextBox");
-  let uri = Services.uriFixup.createFixupURI(locationTextBox.value, 0);
+  let uri = fus.createFixupURI(locationTextBox.value, 0);
 
   if (!uri) {
     return null;
@@ -260,7 +264,9 @@ function updateCertStatus() {
     document.getElementById("viewCertButton").disabled = false;
 
     // Notify observers about the availability of the certificate
-    Services.obs.notifyObservers(null, "cert-exception-ui-ready");
+    Components.classes["@mozilla.org/observer-service;1"]
+              .getService(Components.interfaces.nsIObserverService)
+              .notifyObservers(null, "cert-exception-ui-ready");
   } else if (gChecking) {
     shortDesc = "addExceptionCheckingShort";
     longDesc  = "addExceptionCheckingLong2";

security/manager/pki/resources/content/load_device.js

@@ -9,6 +9,10 @@
  *       a PKCS #11 module to be loaded into Firefox.
  */
 
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+
 function onBrowseBtnPress() {
   let bundle = document.getElementById("pippki_bundle");
   let fp = Cc["@mozilla.org/filepicker;1"].createInstance(Ci.nsIFilePicker);

security/manager/pki/resources/content/pippki.js

@@ -10,9 +10,6 @@
  * pippki UI js files.
  */
 
-const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
-const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
-
 function setText(id, value) {
   let element = document.getElementById(id);
   if (!element) {
@@ -67,9 +64,6 @@ function getPEMString(cert) {
 }
 
 function alertPromptService(title, message) {
-  // XXX Bug 1425832 - Using Services.prompt here causes tests to report memory
-  // leaks.
-  // eslint-disable-next-line mozilla/use-services
   var ps = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
            getService(Components.interfaces.nsIPromptService);
   ps.alert(window, title, message);

security/manager/pki/resources/content/resetpassword.js

@@ -11,7 +11,9 @@ function resetPassword() {
   token.reset();
 
   try {
-    Services.logins.removeAllLogins();
+    var loginManager = Components.classes["@mozilla.org/login-manager;1"].
+                       getService(Components.interfaces.nsILoginManager);
+    loginManager.removeAllLogins();
   } catch (e) {
   }
 

security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js

@@ -6,7 +6,6 @@
 
 const { MockRegistrar } =
   Cu.import("resource://testing-common/MockRegistrar.jsm", {});
-const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
 
 const gMockPKCS11ModuleDB = {
   addModuleCallCount: 0,
@@ -96,7 +95,9 @@ var gMockPromptServiceCID =
 var gMockFilePicker = SpecialPowers.MockFilePicker;
 gMockFilePicker.init(window);
 
-var gTempFile = Services.dirsvc.get("TmpD", Ci.nsIFile);
+var gTempFile = Cc["@mozilla.org/file/directory_service;1"]
+                  .getService(Ci.nsIProperties)
+                  .get("TmpD", Ci.nsIFile);
 gTempFile.append("browser_loadPKCS11Module_ui-fakeModule");
 
 registerCleanupFunction(() => {

security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html

@@ -20,7 +20,6 @@
   function runTest() {
     let script = SpecialPowers.loadChromeScript(function() {
       const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
-      const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
       // Force download to be w/o user assistance for our testing mime type
       const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
       let handlerInfo =
@@ -33,10 +32,14 @@
                            .getService(Ci.nsIHandlerService);
       handlerSvc.store(handlerInfo);
 
-      let profileDir = Services.dirsvc.get("ProfDS", Ci.nsIFile);
+      let dirProvider = Cc["@mozilla.org/file/directory_service;1"]
+                          .getService(Ci.nsIProperties);
+      let profileDir = dirProvider.get("ProfDS", Ci.nsIFile);
       profileDir.append("downloads");
 
-      let prefBranch = Services.prefs.getBranch("browser.download.");
+      let prefs = Cc["@mozilla.org/preferences-service;1"]
+                    .getService(Ci.nsIPrefService);
+      let prefBranch = prefs.getBranch("browser.download.");
 
       prefBranch.setCharPref("dir", profileDir.path);
       prefBranch.setBoolPref("useDownloadDir", true);
@@ -66,8 +69,7 @@
 
   testCleanUp = function cleanup() {
     SpecialPowers.loadChromeScript(function() {
-      const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
-      const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+      const { classes: Cc, interfaces: Ci } = Components;
       const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
       let handlerInfo =
         mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
@@ -76,7 +78,9 @@
                            .getService(Ci.nsIHandlerService);
       handlerSvc.remove(handlerInfo);
 
-      let prefBranch = Services.prefs.getBranch("browser.download.");
+      let prefs = Cc["@mozilla.org/preferences-service;1"]
+                    .getService(Ci.nsIPrefService);
+      let prefBranch = prefs.getBranch("browser.download.");
 
       const prefKeys = ["dir", "useDownloadDir", "folderList"];
       for (let prefKey of prefKeys) {

security/manager/ssl/tests/unit/head_psm.js

@@ -376,7 +376,9 @@ function add_connection_test(aHost, aExpectedResult,
 
   function Connection(host) {
     this.host = host;
-    this.thread = Services.tm.currentThread;
+    let threadManager = Cc["@mozilla.org/thread-manager;1"]
+                          .getService(Ci.nsIThreadManager);
+    this.thread = threadManager.currentThread;
     this.defer = Promise.defer();
     let sts = Cc["@mozilla.org/network/socket-transport-service;1"]
                 .getService(Ci.nsISocketTransportService);
@@ -469,12 +471,15 @@ function add_connection_test(aHost, aExpectedResult,
 }
 
 function _getBinaryUtil(binaryUtilName) {
-  let utilBin = Services.dirsvc.get("CurProcD", Ci.nsIFile);
+  let directoryService = Cc["@mozilla.org/file/directory_service;1"]
+                           .getService(Ci.nsIProperties);
+
+  let utilBin = directoryService.get("CurProcD", Ci.nsIFile);
   utilBin.append(binaryUtilName + mozinfo.bin_suffix);
   // If we're testing locally, the above works. If not, the server executable
   // is in another location.
   if (!utilBin.exists()) {
-    utilBin = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+    utilBin = directoryService.get("CurWorkD", Ci.nsIFile);
     while (utilBin.path.indexOf("xpcshell") != -1) {
       utilBin = utilBin.parent;
     }
@@ -499,9 +504,11 @@ function _setupTLSServerTest(serverBinName, certsPath) {
 
   const CALLBACK_PORT = 8444;
 
+  let directoryService = Cc["@mozilla.org/file/directory_service;1"]
+                           .getService(Ci.nsIProperties);
   let envSvc = Cc["@mozilla.org/process/environment;1"]
                  .getService(Ci.nsIEnvironment);
-  let greBinDir = Services.dirsvc.get("GreBinD", Ci.nsIFile);
+  let greBinDir = directoryService.get("GreBinD", Ci.nsIFile);
   envSvc.set("DYLD_LIBRARY_PATH", greBinDir.path);
   // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD"
   // does not return this path on Android, so hard code it here.
@@ -525,7 +532,7 @@ function _setupTLSServerTest(serverBinName, certsPath) {
   let serverBin = _getBinaryUtil(serverBinName);
   let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess);
   process.init(serverBin);
-  let certDir = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+  let certDir = directoryService.get("CurWorkD", Ci.nsIFile);
   certDir.append(`${certsPath}`);
   Assert.ok(certDir.exists(), `certificate folder (${certsPath}) should exist`);
   // Using "sql:" causes the SQL DB to be used so we can run tests on Android.

security/manager/ssl/tests/unit/test_cert_overrides.js

@@ -14,7 +14,8 @@
 do_get_profile();
 
 function check_telemetry() {
-  let histogram = Services.telemetry
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_CERT_ERROR_OVERRIDES")
                     .snapshot();
   equal(histogram.counts[0], 0, "Should have 0 unclassified counts");
@@ -51,7 +52,8 @@ function check_telemetry() {
   equal(histogram.counts[17], 1,
         "Actual and expected MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME counts should match");
 
-  let keySizeHistogram = Services.telemetry
+  let keySizeHistogram = Cc["@mozilla.org/base/telemetry;1"]
+                           .getService(Ci.nsITelemetry)
                            .getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS")
                            .snapshot();
   equal(keySizeHistogram.counts[0], 0,

security/manager/ssl/tests/unit/test_ocsp_stapling.js

@@ -165,7 +165,8 @@ function add_tests() {
 }
 
 function check_ocsp_stapling_telemetry() {
-  let histogram = Services.telemetry
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_OCSP_STAPLING")
                     .snapshot();
   equal(histogram.counts[0], 0,

security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js

@@ -193,7 +193,8 @@ function run_test() {
 }
 
 function check_ocsp_stapling_telemetry() {
-  let histogram = Services.telemetry
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_OCSP_STAPLING")
                     .snapshot();
   equal(histogram.counts[0], 0,

security/manager/ssl/tests/unit/test_pinning.js

@@ -207,9 +207,10 @@ function test_enforce_test_mode() {
 }
 
 function check_pinning_telemetry() {
-  let prod_histogram = Services.telemetry.getHistogramById("CERT_PINNING_RESULTS")
+  let service = Cc["@mozilla.org/base/telemetry;1"].getService(Ci.nsITelemetry);
+  let prod_histogram = service.getHistogramById("CERT_PINNING_RESULTS")
                          .snapshot();
-  let test_histogram = Services.telemetry.getHistogramById("CERT_PINNING_TEST_RESULTS")
+  let test_histogram = service.getHistogramById("CERT_PINNING_TEST_RESULTS")
                          .snapshot();
   // Because all of our test domains are pinned to user-specified trust
   // anchors, effectively only strict mode and enforce test-mode get evaluated
@@ -222,10 +223,10 @@ function check_pinning_telemetry() {
   equal(test_histogram.counts[1], 0,
         "Actual and expected test (non-Mozilla) success count should match");
 
-  let moz_prod_histogram = Services.telemetry.getHistogramById("CERT_PINNING_MOZ_RESULTS")
+  let moz_prod_histogram = service.getHistogramById("CERT_PINNING_MOZ_RESULTS")
                              .snapshot();
   let moz_test_histogram =
-    Services.telemetry.getHistogramById("CERT_PINNING_MOZ_TEST_RESULTS").snapshot();
+    service.getHistogramById("CERT_PINNING_MOZ_TEST_RESULTS").snapshot();
   equal(moz_prod_histogram.counts[0], 0,
         "Actual and expected prod (Mozilla) failure count should match");
   equal(moz_prod_histogram.counts[1], 0,
@@ -236,7 +237,7 @@ function check_pinning_telemetry() {
         "Actual and expected test (Mozilla) success count should match");
 
   let per_host_histogram =
-    Services.telemetry.getHistogramById("CERT_PINNING_MOZ_RESULTS_BY_HOST").snapshot();
+    service.getHistogramById("CERT_PINNING_MOZ_RESULTS_BY_HOST").snapshot();
   equal(per_host_histogram.counts[0], 0,
         "Actual and expected per host (Mozilla) failure count should match");
   equal(per_host_histogram.counts[1], 2,

security/manager/ssl/tests/unit/test_pkcs11_module.js

@@ -66,7 +66,9 @@ function checkModuleTelemetry(additionalExpectedModule = undefined) {
     expectedModules.push(additionalExpectedModule);
   }
   expectedModules.sort();
-  let telemetry = Services.telemetry.snapshotKeyedScalars(
+  let telemetryService = Cc["@mozilla.org/base/telemetry;1"]
+                           .getService(Ci.nsITelemetry);
+  let telemetry = telemetryService.snapshotKeyedScalars(
     Ci.nsITelemetry.DATASET_RELEASE_CHANNEL_OPTOUT).parent;
   let moduleTelemetry = telemetry["security.pkcs11_modules_loaded"];
   let actualModules = [];

security/manager/ssl/tests/unit/test_pkcs11_token.js

@@ -18,8 +18,10 @@
 do_get_profile();
 
 function checkBasicAttributes(token) {
+  let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"]
+                       .getService(Ci.nsIStringBundleService);
   let bundle =
-    Services.strings.createBundle("chrome://pipnss/locale/pipnss.properties");
+    strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties");
 
   let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
   equal(token.tokenName, expectedTokenName,

security/manager/tools/getHSTSPreloadList.js

@@ -347,7 +347,9 @@ function getHSTSStatuses(inHosts, outStatuses) {
 // handlers are not preemptible, there shouldn't be any concurrency issues.
 function waitForAResponse(outputList) {
   // From <https://developer.mozilla.org/en/XPConnect/xpcshell/HOWTO>
-  Services.tm.spinEventLoopUntil(() => outputList.length != 0);
+  var threadManager = Cc["@mozilla.org/thread-manager;1"]
+                      .getService(Ci.nsIThreadManager);
+  threadManager.spinEventLoopUntil(() => outputList.length != 0);
 }
 
 function readCurrentList(filename) {

security/sandbox/test/browser_content_sandbox_fs.js

@@ -3,6 +3,9 @@
  /* import-globals-from browser_content_sandbox_utils.js */
  "use strict";
 
+var prefs = Cc["@mozilla.org/preferences-service;1"]
+            .getService(Ci.nsIPrefBranch);
+
 Services.scriptloader.loadSubScript("chrome://mochitests/content/browser/" +
     "security/sandbox/test/browser_content_sandbox_utils.js", this);
 
@@ -187,7 +190,7 @@ add_task(async function() {
   // on Nightly at this time.
   // eslint-disable-next-line mozilla/use-default-preference-values
   try {
-    level = Services.prefs.getIntPref("security.sandbox.content.level");
+    level = prefs.getIntPref("security.sandbox.content.level");
   } catch (e) {
     prefExists = false;
   }
@@ -304,7 +307,7 @@ async function testFileAccess() {
 
   // Ensure that the file content process is enabled.
   let fileContentProcessEnabled =
-    Services.prefs.getBoolPref("browser.tabs.remote.separateFileUriProcess");
+    prefs.getBoolPref("browser.tabs.remote.separateFileUriProcess");
   ok(fileContentProcessEnabled, "separate file content process is enabled");
 
   // for tests that run in a file content process
@@ -318,7 +321,7 @@ async function testFileAccess() {
   }
 
   // Current level
-  let level = Services.prefs.getIntPref("security.sandbox.content.level");
+  let level = prefs.getIntPref("security.sandbox.content.level");
 
   // Directories/files to test accessing from content processes.
   // For directories, we test whether a directory listing is allowed

security/sandbox/test/browser_content_sandbox_syscalls.js

@@ -3,6 +3,9 @@
  /* import-globals-from browser_content_sandbox_utils.js */
 "use strict";
 
+var prefs = Cc["@mozilla.org/preferences-service;1"]
+            .getService(Ci.nsIPrefBranch);
+
 Services.scriptloader.loadSubScript("chrome://mochitests/content/browser/" +
     "security/sandbox/test/browser_content_sandbox_utils.js", this);
 
@@ -149,7 +152,7 @@ add_task(async function() {
   // on Nightly at this time.
   // eslint-disable-next-line mozilla/use-default-preference-values
   try {
-    level = Services.prefs.getIntPref("security.sandbox.content.level");
+    level = prefs.getIntPref("security.sandbox.content.level");
   } catch (e) {
     prefExists = false;
   }

security/sandbox/test/browser_content_sandbox_utils.js

@@ -16,7 +16,8 @@ function isWin() { return Services.appinfo.OS == "WINNT"; }
 function isLinux() { return Services.appinfo.OS == "Linux"; }
 
 function isNightly() {
-  let version = SpecialPowers.Services.appinfo.version;
+  let version = SpecialPowers.Cc["@mozilla.org/xre/app-info;1"].
+    getService(SpecialPowers.Ci.nsIXULAppInfo).version;
   return (version.endsWith("a1"));
 }