Bug 1317735 - Consolidate env vars for logging. r=jimm

Assigns the preference security.sandbox.logging.enabled and the environment variable MOZ_SANDBOX_LOGGING to control whether or not sandbox violations are logged. The pref defaults to true. On Linux, only the environment variable is considered. --HG-- extra : rebase_source : f67870a74795228548b290aec32d08552c068874
2025-03-03 15:26:07 +00:00 · 2017-01-23 12:46:49 -08:00 · 2017-01-23 12:46:49 -08:00 · 990402c301
commit 990402c301
parent a45dace275
7 changed files with 10 additions and 19 deletions
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@ -939,12 +939,6 @@ pref("browser.tabs.remote.autostart", false);
 pref("browser.tabs.remote.desktopbehavior", true);

 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
-// When this pref is true the Windows process sandbox will set up dummy
-// interceptions and log to the browser console when calls fail in the sandboxed
-// process and also if they are subsequently allowed by the broker process.
-// This will require a restart.
-pref("security.sandbox.windows.log", false);
-
 // Controls whether and how the Windows NPAPI plugin process is sandboxed.
 // To get a different setting for a particular plugin replace "default", with
 // the plugin's nice file name, see: nsPluginTag::GetNiceFileName.
@ -1033,15 +1027,10 @@ pref("security.sandbox.content.tempDirSuffix", "");
 #endif

 #if defined(MOZ_SANDBOX)
-#if defined(XP_MACOSX)
 // This pref determines if messages relevant to sandbox violations are
 // logged.
-// At present, this setting refers only to mac sandbox messages sent to
-// the system console but the setting will be used on other platforms
-// in the future.
 pref("security.sandbox.logging.enabled", true);
 #endif
-#endif

 // This pref governs whether we attempt to work around problems caused by
 // plugins using OS calls to manipulate the cursor while running out-of-
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@ -1443,7 +1443,8 @@ StartMacOSContentSandbox()
  MacSandboxInfo info;
  info.type = MacSandboxType_Content;
  info.level = info.level = sandboxLevel;
-  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled", true);
+  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
+                   PR_GetEnv("MOZ_SANDBOX_LOGGING");
  info.appPath.assign(appPath.get());
  info.appBinaryPath.assign(appBinaryPath.get());
  info.appDir.assign(appDir.get());
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@ -220,7 +220,8 @@ GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType)

  MacSandboxInfo info;
  info.type = MacSandboxType_Plugin;
-  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled", true);
+  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
+                   PR_GetEnv("MOZ_SANDBOX_LOGGING");
  info.pluginInfo.type = aPluginType;
  info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
  info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@ -337,7 +337,7 @@ GeckoChildProcessHost::PrepareLaunch()
  if (mProcessType == GeckoProcessType_Content) {
    mSandboxLevel = Preferences::GetInt("security.sandbox.content.level");
    mEnableSandboxLogging =
-      Preferences::GetBool("security.sandbox.windows.log");
+      Preferences::GetBool("security.sandbox.logging.enabled");
  }
 #endif

@ -346,7 +346,7 @@ GeckoChildProcessHost::PrepareLaunch()
  // thread and they may not have access to prefs in the child process, so allow
  // them to turn on logging via an environment variable.
  mEnableSandboxLogging = mEnableSandboxLogging
-                          || !!PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING");
+                          || !!PR_GetEnv("MOZ_SANDBOX_LOGGING");
 #endif
 #endif
 }
--- a/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h
+++ b/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h
@ -86,8 +86,8 @@ InitLoggingIfRequired(ProvideLogFunctionCb aProvideLogFunctionCb)
    return;
  }

-  if (Preferences::GetBool("security.sandbox.windows.log") ||
-      PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING")) {
+  if (Preferences::GetBool("security.sandbox.logging.enabled") ||
+      PR_GetEnv("MOZ_SANDBOX_LOGGING")) {
    aProvideLogFunctionCb(Log);

 #if defined(MOZ_CONTENT_SANDBOX)
--- a/security/sandbox/linux/SandboxInfo.cpp
+++ b/security/sandbox/linux/SandboxInfo.cpp
@ -238,7 +238,7 @@ SandboxInfo::SandboxInfo() {
    flags |= kEnabledForMedia;
  }
 #endif
-  if (getenv("MOZ_SANDBOX_VERBOSE")) {
+  if (getenv("MOZ_SANDBOX_LOGGING")) {
    flags |= kVerbose;
  }

--- a/security/sandbox/linux/SandboxInfo.h
+++ b/security/sandbox/linux/SandboxInfo.h
@ -29,7 +29,7 @@ public:
    kEnabledForContent = 1 << 1,
    // Config flag MOZ_GMP_SANDBOX; env var MOZ_DISABLE_GMP_SANDBOX.
    kEnabledForMedia   = 1 << 2,
-    // Env var MOZ_SANDBOX_VERBOSE.
+    // Env var MOZ_SANDBOX_LOGGING.
    kVerbose           = 1 << 3,
    // Kernel can atomically set system call filtering on entire thread group.
    kHasSeccompTSync   = 1 << 4,