Backed out changeset 6af35f6a050f (bug 1488439) for PluginProcessParent.cpp build bustages CLOSED TREE

browser/app/profile/firefox.js

@@ -1093,15 +1093,12 @@ pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet recvfd sen
 #endif
 #endif
 
-#if defined(MOZ_SANDBOX)
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // ID (a UUID when set by gecko) that is used to form the name of a
 // sandbox-writable temporary directory to be used by content processes
 // when a temporary writable file is required in a level 1 sandbox.
 pref("security.sandbox.content.tempDirSuffix", "");
 #endif
-pref("security.sandbox.plugin.tempDirSuffix", "");
-#endif
 
 #if defined(MOZ_SANDBOX)
 // This pref determines if messages relevant to sandbox violations are

dom/plugins/ipc/PluginProcessChild.cpp

@@ -29,8 +29,6 @@ extern "C" CGError CGSSetDebugOptions(int options);
 #ifdef XP_WIN
 #if defined(MOZ_SANDBOX)
 #include "mozilla/sandboxTarget.h"
-#include "ProcessUtils.h"
-#include "nsDirectoryService.h"
 #endif
 #endif
 
@@ -43,21 +41,6 @@ using mozilla::ipc::IOThreadChild;
 namespace mozilla {
 namespace plugins {
 
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-static void
-SetSandboxTempPath(const std::wstring& aFullTmpPath)
-{
-  // Save the TMP environment variable so that is is picked up by GetTempPath().
-  // Note that we specifically write to the TMP variable, as that is the first
-  // variable that is checked by GetTempPath() to determine its output.
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", aFullTmpPath.c_str()));
-
-  // We also set TEMP in case there is naughty third-party code that is
-  // referencing the environment variable directly.
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", aFullTmpPath.c_str()));
-}
-#endif
-
 bool
 PluginProcessChild::Init(int aArgc, char* aArgv[])
 {
@@ -136,9 +119,6 @@ PluginProcessChild::Init(int aArgc, char* aArgv[])
         CommandLine::ForCurrentProcess()->GetLooseValues();
     MOZ_ASSERT(values.size() >= 1, "not enough loose args");
 
-    // parameters are:
-    // values[0] is path to plugin DLL
-    // values[1] is path to folder that should be used for temp files
     pluginFilename = WideToUTF8(values[0]);
 
     // We don't initialize XPCOM but we need the thread manager and the
@@ -150,12 +130,6 @@ PluginProcessChild::Init(int aArgc, char* aArgv[])
     nsThreadManager::get().Init();
 
 #if defined(MOZ_SANDBOX)
-    MOZ_ASSERT(values.size() >= 2, "not enough loose args for sandboxed plugin process");
-
-    // The sandbox closes off the default location temp file location so we set
-    // a new one here (regardless of whether or not we are sandboxing).
-    SetSandboxTempPath(values[1]);
-
     // This is probably the earliest we would want to start the sandbox.
     // As we attempt to tighten the sandbox, we may need to consider moving this
     // to later in the plugin initialization.

dom/plugins/ipc/PluginProcessParent.cpp

@@ -9,11 +9,6 @@
 #include "base/string_util.h"
 #include "base/process_util.h"
 
-#include "nsAppDirectoryServiceDefs.h"
-#include "nsDirectoryServiceDefs.h"
-#include "nsIProperties.h"
-#include "nsServiceManagerUtils.h"
-
 #include "mozilla/ipc/BrowserProcessSubThread.h"
 #include "mozilla/plugins/PluginMessageUtils.h"
 #include "mozilla/Telemetry.h"
@@ -93,27 +88,6 @@ PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchComple
             args.push_back("-flashSandboxLogging");
         }
     }
-#else if defined(XP_WIN) && defined(MOZ_SANDBOX)
-    nsresult rv;
-    nsCOMPtr<nsIProperties> dirSvc =
-      do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
-    if (NS_FAILED(rv)) {
-      MOZ_ASSERT(false, "Failed to get directory service.");
-      return false;
-    }
-
-    nsCOMPtr<nsIFile> dir;
-    rv =
-      dirSvc->Get(NS_APP_PLUGIN_PROCESS_TEMP_DIR, NS_GET_IID(nsIFile),
-                  getter_AddRefs(dir));
-    if (NS_FAILED(rv)) {
-      NS_WARNING("Failed to get plugin process temp directory.");
-      return false;
-    }
-
-    nsAutoString tempDir;
-    MOZ_ALWAYS_SUCCEEDS(dir->GetPath(tempDir));
-    args.push_back(NS_ConvertUTF16toUTF8(tempDir).get());
 #endif
 
     bool result = AsyncLaunch(args);

security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp

@@ -44,7 +44,6 @@ bool SandboxBroker::sRunningFromNetworkDrive = false;
 static UniquePtr<nsString> sBinDir;
 static UniquePtr<nsString> sProfileDir;
 static UniquePtr<nsString> sContentTempDir;
-static UniquePtr<nsString> sPluginTempDir;
 static UniquePtr<nsString> sRoamingAppDataDir;
 static UniquePtr<nsString> sLocalAppDataDir;
 static UniquePtr<nsString> sUserExtensionsDevDir;
@@ -116,7 +115,6 @@ SandboxBroker::GeckoDependentInitialize()
   CacheDirAndAutoClear(dirSvc, NS_GRE_DIR, &sBinDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_CONTENT_PROCESS_TEMP_DIR, &sContentTempDir);
-  CacheDirAndAutoClear(dirSvc, NS_APP_PLUGIN_PROCESS_TEMP_DIR, &sPluginTempDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_APPDATA_DIR, &sRoamingAppDataDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
   CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DEV_DIR, &sUserExtensionsDevDir);
@@ -700,6 +698,11 @@ SandboxBroker::SetSecurityLevelForPluginProcess(int32_t aSandboxLevel)
     delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
   }
 
+#ifndef NIGHTLY_BUILD
+  // We are experimenting with using restricting SIDs in the nightly builds
+  mPolicy->SetDoNotUseRestrictingSIDs();
+#endif
+
   sandbox::ResultCode result = SetJobLevel(mPolicy, jobLevel,
                                            0 /* ui_exceptions */);
   SANDBOX_ENSURE_SUCCESS(result,
@@ -745,15 +748,6 @@ SandboxBroker::SetSecurityLevelForPluginProcess(int32_t aSandboxLevel)
   SANDBOX_ENSURE_SUCCESS(result,
                          "Invalid flags for SetDelayedProcessMitigations.");
 
-#ifndef NIGHTLY_BUILD
-  // We are experimenting with using restricting SIDs in the nightly builds
-  mPolicy->SetDoNotUseRestrictingSIDs();
-#else
-  // Add rule to allow read / write access to a special plugin temp dir.
-  AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
-                   sPluginTempDir, NS_LITERAL_STRING("\\*"));
-#endif
-
   if (aSandboxLevel >= 2) {
     // Level 2 and above uses low integrity, so we need to give write access to
     // the Flash directories.

toolkit/xre/nsXREDirProvider.cpp

@@ -82,11 +82,11 @@
 #define PREF_OVERRIDE_DIRNAME "preferences"
 
 #if defined(MOZ_CONTENT_SANDBOX)
-static already_AddRefed<nsIFile> GetProcessSandboxTempDir(GeckoProcessType type);
+static already_AddRefed<nsIFile> GetContentProcessSandboxTempDir();
 static nsresult DeleteDirIfExists(nsIFile *dir);
 static bool IsContentSandboxDisabled();
-static const char* GetProcessTempBaseDirKey();
-static already_AddRefed<nsIFile> CreateProcessSandboxTempDir(GeckoProcessType procType);
+static const char* GetContentProcessTempBaseDirKey();
+static already_AddRefed<nsIFile> CreateContentProcessSandboxTempDir();
 #endif
 
 nsXREDirProvider* gDirServiceProvider = nullptr;
@@ -526,15 +526,7 @@ nsXREDirProvider::GetFile(const char* aProperty, bool* aPersistent,
     }
     rv = mContentTempDir->Clone(getter_AddRefs(file));
   }
-#endif // defined(MOZ_CONTENT_SANDBOX)
-#if defined(MOZ_SANDBOX)
-  else if (!strcmp(aProperty, NS_APP_PLUGIN_PROCESS_TEMP_DIR)) {
-    if (!mPluginTempDir && NS_FAILED((rv = LoadPluginProcessTempDir()))) {
-      return rv;
-    }
-    rv = mPluginTempDir->Clone(getter_AddRefs(file));
-  }
-#endif // defined(MOZ_SANDBOX)
+#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
   else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) {
     // We need to allow component, xpt, and chrome registration to
     // occur prior to the profile-after-change notification.
@@ -674,10 +666,10 @@ nsXREDirProvider::GetFiles(const char* aProperty, nsISimpleEnumerator** aResult)
   return NS_SUCCESS_AGGREGATE_RESULT;
 }
 
-#if defined(MOZ_SANDBOX)
+#if defined(MOZ_CONTENT_SANDBOX)
 
 static const char*
-GetProcessTempBaseDirKey()
+GetContentProcessTempBaseDirKey()
 {
 #if defined(XP_WIN)
   return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
@@ -686,7 +678,6 @@ GetProcessTempBaseDirKey()
 #endif
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
 //
 // Sets mContentTempDir so that it refers to the appropriate temp dir.
 // If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
@@ -697,14 +688,10 @@ nsXREDirProvider::LoadContentProcessTempDir()
 {
   // The parent is responsible for creating the sandbox temp dir.
   if (XRE_IsParentProcess()) {
-    mContentProcessSandboxTempDir =
-      CreateProcessSandboxTempDir(GeckoProcessType_Content);
+    mContentProcessSandboxTempDir = CreateContentProcessSandboxTempDir();
     mContentTempDir = mContentProcessSandboxTempDir;
   } else {
-    mContentTempDir =
-      !IsContentSandboxDisabled() ?
-        GetProcessSandboxTempDir(GeckoProcessType_Content) :
-        nullptr;
+    mContentTempDir = GetContentProcessSandboxTempDir();
   }
 
   if (!mContentTempDir) {
@@ -726,45 +713,6 @@ nsXREDirProvider::LoadContentProcessTempDir()
 
   return NS_OK;
 }
-#endif
-
-//
-// Sets mPluginTempDir so that it refers to the appropriate temp dir.
-// If NS_APP_PLUGIN_PROCESS_TEMP_DIR fails for any reason, NS_OS_TEMP_DIR
-// is used.
-//
-nsresult
-nsXREDirProvider::LoadPluginProcessTempDir()
-{
-  // The parent is responsible for creating the sandbox temp dir.
-  if (XRE_IsParentProcess()) {
-    mPluginProcessSandboxTempDir =
-      CreateProcessSandboxTempDir(GeckoProcessType_Plugin);
-    mPluginTempDir = mPluginProcessSandboxTempDir;
-  } else {
-    MOZ_ASSERT(XRE_IsPluginProcess());
-    mPluginTempDir = GetProcessSandboxTempDir(GeckoProcessType_Plugin);
-  }
-
-  if (!mPluginTempDir) {
-    nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
-                                         getter_AddRefs(mPluginTempDir));
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-      return rv;
-    }
-  }
-
-#if defined(XP_WIN)
-  // The temp dir is used in sandbox rules, so we need to make sure
-  // it doesn't contain any junction points or symlinks or the sandbox will
-  // reject those rules.
-  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mPluginTempDir)) {
-    NS_WARNING("Failed to resolve plugin temp dir.");
-  }
-#endif
-
-  return NS_OK;
-}
 
 static bool
 IsContentSandboxDisabled()
@@ -773,30 +721,28 @@ IsContentSandboxDisabled()
 }
 
 //
-// If a process sandbox temp dir is to be used, returns an nsIFile
-// for the directory. Returns null if an error occurs.
+// If a content process sandbox temp dir is to be used, returns an nsIFile
+// for the directory. Returns null if the content sandbox is disabled or
+// an error occurs.
 //
 static already_AddRefed<nsIFile>
-GetProcessSandboxTempDir(GeckoProcessType type)
+GetContentProcessSandboxTempDir()
 {
+  if (IsContentSandboxDisabled()) {
+    return nullptr;
+  }
+
   nsCOMPtr<nsIFile> localFile;
 
-  nsresult rv = NS_GetSpecialDirectory(GetProcessTempBaseDirKey(),
+  nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(),
                                        getter_AddRefs(localFile));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
-  MOZ_ASSERT((type == GeckoProcessType_Content) ||
-             (type == GeckoProcessType_Plugin));
-
-  const char* prefKey =
-    (type == GeckoProcessType_Content) ?
-      "security.sandbox.content.tempDirSuffix" :
-      "security.sandbox.plugin.tempDirSuffix";
-
   nsAutoString tempDirSuffix;
-  rv = Preferences::GetString(prefKey, tempDirSuffix);
+  rv = Preferences::GetString("security.sandbox.content.tempDirSuffix",
+                              tempDirSuffix);
   if (NS_WARN_IF(NS_FAILED(rv)) || tempDirSuffix.IsEmpty()) {
     return nullptr;
   }
@@ -810,33 +756,23 @@ GetProcessSandboxTempDir(GeckoProcessType type)
 }
 
 //
-// Create a temporary directory for use from sandboxed processes.
+// Create a temporary directory for use from sandboxed content processes.
 // Only called in the parent. The path is derived from a UUID stored in a
-// pref which is available to content and plugin processes. Returns null
-// if the content sandbox is disabled or if an error occurs.
+// pref which is available to content processes. Returns null if the
+// content sandbox is disabled or if an error occurs.
 //
 static already_AddRefed<nsIFile>
-CreateProcessSandboxTempDir(GeckoProcessType procType)
+CreateContentProcessSandboxTempDir()
 {
-#if defined(MOZ_CONTENT_SANDBOX)
-  if ((procType == GeckoProcessType_Content) &&
-      IsContentSandboxDisabled()) {
+  if (IsContentSandboxDisabled()) {
     return nullptr;
   }
-#endif
-
-  MOZ_ASSERT((procType == GeckoProcessType_Content) ||
-             (procType == GeckoProcessType_Plugin));
 
   // Get (and create if blank) temp directory suffix pref.
-  const char* pref =
-    (procType == GeckoProcessType_Content) ?
-      "security.sandbox.content.tempDirSuffix" :
-      "security.sandbox.plugin.tempDirSuffix";
-
   nsresult rv;
   nsAutoString tempDirSuffix;
-  Preferences::GetString(pref, tempDirSuffix);
+  Preferences::GetString("security.sandbox.content.tempDirSuffix",
+                         tempDirSuffix);
   if (tempDirSuffix.IsEmpty()) {
     nsCOMPtr<nsIUUIDGenerator> uuidgen =
       do_GetService("@mozilla.org/uuid-generator;1", &rv);
@@ -860,7 +796,8 @@ CreateProcessSandboxTempDir(GeckoProcessType procType)
 #endif
 
     // Save the pref
-    rv = Preferences::SetString(pref, tempDirSuffix);
+    rv = Preferences::SetString("security.sandbox.content.tempDirSuffix",
+                                tempDirSuffix);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       // If we fail to save the pref we don't want to create the temp dir,
       // because we won't be able to clean it up later.
@@ -879,7 +816,7 @@ CreateProcessSandboxTempDir(GeckoProcessType procType)
     }
   }
 
-  nsCOMPtr<nsIFile> sandboxTempDir = GetProcessSandboxTempDir(procType);
+  nsCOMPtr<nsIFile> sandboxTempDir = GetContentProcessSandboxTempDir();
   if (!sandboxTempDir) {
     NS_WARNING("Failed to determine sandbox temp dir path.");
     return nullptr;
@@ -917,7 +854,7 @@ DeleteDirIfExists(nsIFile* dir)
   return NS_OK;
 }
 
-#endif // defined(MOZ_SANDBOX)
+#endif // defined(MOZ_CONTENT_SANDBOX)
 
 static const char *const kAppendPrefDir[] = { "defaults", "preferences", nullptr };
 
@@ -1137,11 +1074,6 @@ nsXREDirProvider::DoStartup()
     if (!mContentTempDir) {
       mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadContentProcessTempDir()));
     }
-#endif
-#if defined(MOZ_SANDBOX)
-    if (!mPluginTempDir) {
-      mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadPluginProcessTempDir()));
-    }
 #endif
   }
   return NS_OK;
@@ -1175,14 +1107,11 @@ nsXREDirProvider::DoShutdown()
     mProfileNotified = false;
   }
 
-  if (XRE_IsParentProcess()) {
 #if defined(MOZ_CONTENT_SANDBOX)
+  if (XRE_IsParentProcess()) {
     Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
-#endif
-#if defined(MOZ_SANDBOX)
-    Unused << DeleteDirIfExists(mPluginProcessSandboxTempDir);
-#endif
   }
+#endif
 }
 
 #ifdef XP_WIN

toolkit/xre/nsXREDirProvider.h

@@ -129,9 +129,6 @@ protected:
   // Load the temp directory for sandboxed content processes
   nsresult LoadContentProcessTempDir();
 #endif
-#if defined(MOZ_SANDBOX)
-  nsresult LoadPluginProcessTempDir();
-#endif
 
   void Append(nsIFile* aDirectory);
 
@@ -149,10 +146,6 @@ protected:
 #if defined(MOZ_CONTENT_SANDBOX)
   nsCOMPtr<nsIFile>      mContentTempDir;
   nsCOMPtr<nsIFile>      mContentProcessSandboxTempDir;
-#endif
-#if defined(MOZ_SANDBOX)
-  nsCOMPtr<nsIFile>      mPluginTempDir;
-  nsCOMPtr<nsIFile>      mPluginProcessSandboxTempDir;
 #endif
   nsCOMArray<nsIFile>    mAppBundleDirectories;
 };

xpcom/io/nsAppDirectoryServiceDefs.h

@@ -103,12 +103,6 @@
 #else
 // Otherwise NS_APP_CONTENT_PROCESS_TEMP_DIR must match NS_OS_TEMP_DIR.
 #define NS_APP_CONTENT_PROCESS_TEMP_DIR         "TmpD"
-#endif // defined(MOZ_CONTENT_SANDBOX)
-
-#if defined(MOZ_SANDBOX)
-#define NS_APP_PLUGIN_PROCESS_TEMP_DIR          "PluginTmpD"
-#else
-#define NS_APP_PLUGIN_PROCESS_TEMP_DIR          "TmpD"
-#endif
+#endif // (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
 
 #endif // nsAppDirectoryServiceDefs_h___