Backed out changeset 5adabc2818b2 (bug 1018966) for b2g bustage

browser/app/profile/firefox.js

@@ -1184,20 +1184,6 @@ pref("browser.tabs.remote", false);
 #endif
 pref("browser.tabs.remote.autostart", false);
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_WIN)
-// This controls whether the content process on Windows is sandboxed.
-// You also need to be using remote tabs, see above.
-// on = full sandbox enabled
-// warn = warn only sandbox enabled
-// anything else = sandbox disabled
-// This will probably require a restart.
-pref("browser.tabs.remote.sandbox", "off");
-// This controls the depth of stack trace that is logged when the warn only
-// sandbox reports that a resource access request has been blocked.
-// This does not require a restart to take effect.
-pref("browser.tabs.remote.sandbox.warnOnlyStackTraceDepth", 0);
-#endif
-
 // This pref governs whether we attempt to work around problems caused by
 // plugins using OS calls to manipulate the cursor while running out-of-
 // process.  These workarounds all involve intercepting (hooking) certain

configure.in

@@ -6395,17 +6395,10 @@ if test -n "$gonkdir"; then
     MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
 fi
 
-case "$OS_TARGET:$NIGHTLY_BUILD" in
-WINNT:1)
-    MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
-    ;;
-*)
-    MOZ_ARG_ENABLE_BOOL(content-sandbox,
-    [  --enable-content-sandbox        Enable sandboxing support for content-processes],
-        MOZ_CONTENT_SANDBOX=1,
-        MOZ_CONTENT_SANDBOX=)
-    ;;
-esac
+MOZ_ARG_ENABLE_BOOL(content-sandbox,
+[  --enable-content-sandbox        Enable sandboxing support for content-processes],
+    MOZ_CONTENT_SANDBOX=1,
+    MOZ_CONTENT_SANDBOX=)
 
 if test -n "$MOZ_CONTENT_SANDBOX"; then
     AC_DEFINE(MOZ_CONTENT_SANDBOX)

dom/ipc/ContentChild.cpp

@@ -942,12 +942,7 @@ ContentChild::RecvSetProcessSandbox()
 #endif
     SetContentProcessSandbox();
 #elif defined(XP_WIN)
-    nsAdoptingString contentSandboxPref =
-        Preferences::GetString("browser.tabs.remote.sandbox");
-    if (contentSandboxPref.EqualsLiteral("on")
-        || contentSandboxPref.EqualsLiteral("warn")) {
-        mozilla::SandboxTarget::Instance()->StartSandbox();
-    }
+    mozilla::SandboxTarget::Instance()->StartSandbox();
 #endif
 #endif
     return true;

ipc/contentproc/plugin-container.cpp

@@ -26,10 +26,6 @@
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "mozilla/sandboxTarget.h"
-
-#if defined(MOZ_CONTENT_SANDBOX)
-#include "mozilla/warnonlysandbox/wosCallbacks.h"
-#endif
 #endif
 
 #ifdef MOZ_WIDGET_GONK
@@ -147,10 +143,6 @@ content_process_main(int argc, char* argv[])
            return 2;
         }
         mozilla::SandboxTarget::Instance()->SetStartSandboxCallback(StartSandboxCallback);
-
-#if defined(MOZ_CONTENT_SANDBOX)
-        mozilla::warnonlysandbox::PrepareForInit();
-#endif
     }
 #endif
 #endif

ipc/glue/GeckoChildProcessHost.cpp

@@ -34,11 +34,6 @@
 #ifdef XP_WIN
 #include "nsIWinTaskbar.h"
 #define NS_TASKBAR_CONTRACTID "@mozilla.org/windows-taskbar;1"
-
-#if defined(MOZ_CONTENT_SANDBOX)
-#include "mozilla/Preferences.h"
-#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
-#endif
 #endif
 
 #include "nsTArray.h"
@@ -95,10 +90,6 @@ GeckoChildProcessHost::GeckoChildProcessHost(GeckoProcessType aProcessType,
     mMonitor("mozilla.ipc.GeckChildProcessHost.mMonitor"),
     mProcessState(CREATING_CHANNEL),
     mDelegate(nullptr),
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_WIN)
-    mEnableContentSandbox(false),
-    mWarnOnlyContentSandbox(false),
-#endif
     mChildProcessHandle(0)
 #if defined(MOZ_WIDGET_COCOA)
   , mChildTask(MACH_PORT_NULL)
@@ -259,20 +250,6 @@ GeckoChildProcessHost::PrepareLaunch()
   if (mProcessType == GeckoProcessType_Plugin) {
     InitWindowsGroupID();
   }
-
-#if defined(MOZ_CONTENT_SANDBOX)
-  // We need to get the pref here as the process is launched off main thread.
-  if (mProcessType == GeckoProcessType_Content) {
-    nsAdoptingString contentSandboxPref =
-      Preferences::GetString("browser.tabs.remote.sandbox");
-    if (contentSandboxPref.EqualsLiteral("on")) {
-      mEnableContentSandbox = true;
-    } else if (contentSandboxPref.EqualsLiteral("warn")) {
-      mEnableContentSandbox = true;
-      mWarnOnlyContentSandbox = true;
-    }
-  }
-#endif
 #endif
 }
 
@@ -783,11 +760,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
   switch (mProcessType) {
     case GeckoProcessType_Content:
 #if defined(MOZ_CONTENT_SANDBOX)
-      if (!mEnableContentSandbox) {
-        break;
-      }
       if (!PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX")) {
-        mSandboxBroker.SetSecurityLevelForContentProcess(mWarnOnlyContentSandbox);
+        mSandboxBroker.SetSecurityLevelForContentProcess();
         cmdLine.AppendLooseValue(UTF8ToWide("-sandbox"));
         shouldSandboxCurrentProcess = true;
       }

ipc/glue/GeckoChildProcessHost.h

@@ -169,11 +169,6 @@ protected:
 #ifdef MOZ_SANDBOX
   SandboxBroker mSandboxBroker;
   std::vector<std::wstring> mAllowedFilesRead;
-
-#if defined(MOZ_CONTENT_SANDBOX)
-  bool mEnableContentSandbox;
-  bool mWarnOnlyContentSandbox;
-#endif
 #endif
 #endif // XP_WIN
 

security/sandbox/moz.build

@@ -18,13 +18,6 @@ elif CONFIG['OS_ARCH'] == 'WINNT':
         'win/src/sandboxtarget',
     ]
 
-    if CONFIG['MOZ_CONTENT_SANDBOX']:
-        EXPORTS.mozilla.warnonlysandbox += [
-            'win/src/warnonlysandbox/warnOnlySandbox.h',
-            'win/src/warnonlysandbox/wosCallbacks.h',
-            'win/src/warnonlysandbox/wosTypes.h',
-        ]
-
     include('objs.mozbuild')
     SOURCES += security_sandbox_cppsrcs
 

security/sandbox/objs.mozbuild

@@ -99,11 +99,6 @@ if CONFIG['OS_ARCH'] == 'WINNT':
         'win/src/window.cc',
     ]
 
-    if CONFIG['MOZ_CONTENT_SANDBOX']:
-        security_sandbox_lcppsrcs += [
-            'win/src/warnonlysandbox/warnOnlySandbox.cpp',
-        ]
-
     if CONFIG['CPU_ARCH'] == 'x86_64':
         security_sandbox_lcppsrcs += [
             'win/src/interceptors_64.cc',

security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp

@@ -8,9 +8,6 @@
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sandbox_factory.h"
 #include "sandbox/win/src/security_level.h"
-#if defined(MOZ_CONTENT_SANDBOX)
-#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
-#endif
 
 namespace mozilla
 {
@@ -63,9 +60,8 @@ SandboxBroker::LaunchApp(const wchar_t *aPath,
   return true;
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
 bool
-SandboxBroker::SetSecurityLevelForContentProcess(bool inWarnOnlyMode)
+SandboxBroker::SetSecurityLevelForContentProcess()
 {
   if (!mPolicy) {
     return false;
@@ -82,13 +78,8 @@ SandboxBroker::SetSecurityLevelForContentProcess(bool inWarnOnlyMode)
   ret = ret && (sandbox::SBOX_ALL_OK == result);
   result = mPolicy->SetAlternateDesktop(true);
   ret = ret && (sandbox::SBOX_ALL_OK == result);
-
-  if (inWarnOnlyMode) {
-    mozilla::warnonlysandbox::ApplyWarnOnlyPolicy(*mPolicy);
-  }
   return ret;
 }
-#endif
 
 bool
 SandboxBroker::SetSecurityLevelForPluginProcess()

security/sandbox/win/src/sandboxbroker/sandboxBroker.h

@@ -30,9 +30,7 @@ public:
   virtual ~SandboxBroker();
 
   // Security levels for different types of processes
-#if defined(MOZ_CONTENT_SANDBOX)
-  bool SetSecurityLevelForContentProcess(bool inWarnOnlyMode);
-#endif
+  bool SetSecurityLevelForContentProcess();
   bool SetSecurityLevelForPluginProcess();
   bool SetSecurityLevelForIPDLUnitTestProcess();
   bool SetSecurityLevelForGMPlugin();

security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.cpp

@@ -1,123 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "warnOnlySandbox.h"
-
-#include "base/strings/utf_string_conversions.h"
-#include "sandbox/win/src/sandbox_policy.h"
-
-namespace mozilla {
-namespace warnonlysandbox {
-
-void
-ApplyWarnOnlyPolicy(sandbox::TargetPolicy& aPolicy)
-{
-  // Add rules to allow everything that we can, so that we can add logging to
-  // warn when we would be blocked by the sandbox.
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
-                  sandbox::TargetPolicy::FILES_ALLOW_ANY, L"*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_NAMED_PIPES,
-                  sandbox::TargetPolicy::NAMEDPIPES_ALLOW_ANY, L"*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_PROCESS,
-                  sandbox::TargetPolicy::PROCESS_ALL_EXEC, L"*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_CLASSES_ROOT\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_CURRENT_USER\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_LOCAL_MACHINE\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_USERS\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_PERFORMANCE_DATA\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_PERFORMANCE_TEXT\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_PERFORMANCE_NLSTEXT\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_CURRENT_CONFIG\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_REGISTRY,
-                  sandbox::TargetPolicy::REG_ALLOW_ANY,
-                  L"HKEY_DYN_DATA\\*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_SYNC,
-                  sandbox::TargetPolicy::EVENTS_ALLOW_ANY, L"*");
-  aPolicy.AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
-                  sandbox::TargetPolicy::HANDLES_DUP_ANY, L"*");
-}
-
-static LogFunction sLogFunction = nullptr;
-
-void
-ProvideLogFunction(LogFunction aLogFunction)
-{
-  sLogFunction = aLogFunction;
-}
-
-void
-LogBlocked(const char* aFunctionName, const char* aContext, uint32_t aFramesToSkip)
-{
-  if (sLogFunction) {
-    sLogFunction("BLOCKED", aFunctionName, aContext,
-                 /* aShouldLogStackTrace */ true, aFramesToSkip);
-  }
-}
-
-void
-LogBlocked(const char* aFunctionName, const wchar_t* aContext)
-{
-  if (sLogFunction) {
-    // Skip an extra frame to allow for this function.
-    LogBlocked(aFunctionName,  WideToUTF8(aContext).c_str(), /* aFramesToSkip */ 3);
-  }
-}
-
-void
-LogBlocked(const char* aFunctionName, const wchar_t* aContext,
-           uint16_t aLength)
-{
-  if (sLogFunction) {
-    // Skip an extra frame to allow for this function.
-    LogBlocked(aFunctionName, WideToUTF8(std::wstring(aContext, aLength)).c_str(),
-               /* aFramesToSkip */ 3);
-  }
-}
-
-void
-LogAllowed(const char* aFunctionName, const char* aContext)
-{
-  if (sLogFunction) {
-    sLogFunction("Broker ALLOWED", aFunctionName, aContext,
-                 /* aShouldLogStackTrace */ false, /* aFramesToSkip */ 0);
-  }
-}
-
-void
-LogAllowed(const char* aFunctionName, const wchar_t* aContext)
-{
-  if (sLogFunction) {
-    LogAllowed(aFunctionName, WideToUTF8(aContext).c_str());
-  }
-}
-
-void
-LogAllowed(const char* aFunctionName, const wchar_t* aContext,
-           uint16_t aLength)
-{
-  if (sLogFunction) {
-    LogAllowed(aFunctionName, WideToUTF8(std::wstring(aContext, aLength)).c_str());
-  }
-}
-
-} // warnonlysandbox
-} // mozilla

security/sandbox/win/src/warnonlysandbox/warnOnlySandbox.h

@@ -1,62 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/*
- * Set of helper methods to implement a warn only sandbox.
- * Only providing simple namespaced functions as this code will probably be
- * removed once we are properly shipping the content sandbox.
- */
-
-#ifndef security_sandbox_warnOnlySandbox_h__
-#define security_sandbox_warnOnlySandbox_h__
-
-#include "wosTypes.h"
-
-#ifdef SANDBOX_EXPORTS
-#define SANDBOX_EXPORT __declspec(dllexport)
-#else
-#define SANDBOX_EXPORT __declspec(dllimport)
-#endif
-
-namespace sandbox {
-class TargetPolicy;
-}
-
-namespace mozilla {
-namespace warnonlysandbox {
-
-// This is used to pass a LogCallback to the sandboxing code, as the logging
-// requires code to which we cannot link directly.
-void SANDBOX_EXPORT ProvideLogFunction(LogFunction aLogFunction);
-
-// Set up the sandbox to allow everything via the broker, so we can log calls.
-void ApplyWarnOnlyPolicy(sandbox::TargetPolicy& aPolicy);
-
-// Log a "BLOCKED" msg to the browser console and, if DEBUG build, stderr.
-// If the logging of a stack trace is enabled then the default aFramesToSkip
-// will start from our caller's caller, which should normally be the function
-// that triggered the interception.
-void LogBlocked(const char* aFunctionName, const char* aContext = nullptr,
-                uint32_t aFramesToSkip = 2);
-
-// Convenience functions to convert to char*.
-void LogBlocked(const char* aFunctionName, const wchar_t* aContext);
-void LogBlocked(const char* aFunctionName, const wchar_t* aContext,
-                uint16_t aLength);
-
-// Log a "ALLOWED" msg to the browser console and, if DEBUG build, stderr.
-void LogAllowed(const char* aFunctionName, const char* aContext = nullptr);
-
-// Convenience functions to convert to char*.
-void LogAllowed(const char* aFunctionName, const wchar_t* aContext);
-void LogAllowed(const char* aFunctionName, const wchar_t* aContext,
-                uint16_t aLength);
-
-
-} // warnonlysandbox
-} // mozilla
-
-#endif // security_sandbox_warnOnlySandbox_h__

security/sandbox/win/src/warnonlysandbox/wosCallbacks.h

@@ -1,117 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef security_sandbox_wosEnableCallbacks_h__
-#define security_sandbox_wosEnableCallbacks_h__
-
-#include "mozilla/warnonlysandbox/wosTypes.h"
-#include "mozilla/warnonlysandbox/warnOnlySandbox.h"
-
-#ifdef TARGET_SANDBOX_EXPORTS
-#include <sstream>
-#include <iostream>
-
-#include "mozilla/Preferences.h"
-#include "nsContentUtils.h"
-#include "nsStackWalk.h"
-#endif
-
-#ifdef TARGET_SANDBOX_EXPORTS
-#define TARGET_SANDBOX_EXPORT __declspec(dllexport)
-#else
-#define TARGET_SANDBOX_EXPORT __declspec(dllimport)
-#endif
-
-namespace mozilla {
-namespace warnonlysandbox {
-
-// We need to use a callback to work around the fact that sandbox_s lib is
-// linked into plugin-container.exe directly and also via xul.dll via
-// sandboxbroker.dll. This causes problems with holding the state required to
-// work the warn only sandbox.
-// So, we provide a callback from plugin-container.exe that the code in xul.dll
-// can call to make sure we hit the right version of the code.
-void TARGET_SANDBOX_EXPORT
-SetProvideLogFunctionCb(ProvideLogFunctionCb aProvideLogFunctionCb);
-
-// Initialize the warn only sandbox if required.
-static void
-PrepareForInit()
-{
-  SetProvideLogFunctionCb(ProvideLogFunction);
-}
-
-#ifdef TARGET_SANDBOX_EXPORTS
-static ProvideLogFunctionCb sProvideLogFunctionCb = nullptr;
-
-void
-SetProvideLogFunctionCb(ProvideLogFunctionCb aProvideLogFunctionCb)
-{
-  sProvideLogFunctionCb = aProvideLogFunctionCb;
-}
-
-static uint32_t sStackTraceDepth = 0;
-
-// NS_WalkStackCallback to write a formated stack frame to an ostringstream.
-static void
-StackFrameToOStringStream(void* aPC, void* aSP, void* aClosure)
-{
-  std::ostringstream* stream = static_cast<std::ostringstream*>(aClosure);
-  nsCodeAddressDetails details;
-  char buf[1024];
-  NS_DescribeCodeAddress(aPC, &details);
-  NS_FormatCodeAddressDetails(aPC, &details, buf, sizeof(buf));
-  *stream << "--" << buf;
-}
-
-// Log to the browser console and, if DEBUG build, stderr.
-static void
-Log(const char* aMessageType,
-    const char* aFunctionName,
-    const char* aContext,
-    const bool aShouldLogStackTrace = false,
-    uint32_t aFramesToSkip = 0)
-{
-  std::ostringstream msgStream;
-  msgStream << "Process Sandbox " << aMessageType << ": " << aFunctionName;
-  if (aContext) {
-    msgStream << " for : " << aContext;
-  }
-  msgStream << std::endl;
-
-  if (aShouldLogStackTrace) {
-    if (sStackTraceDepth) {
-      msgStream << "Stack Trace:" << std::endl;
-      NS_StackWalk(StackFrameToOStringStream, aFramesToSkip, sStackTraceDepth,
-                   &msgStream, 0, nullptr);
-    }
-  }
-
-  std::string msg = msgStream.str();
-#ifdef DEBUG
-  std::cerr << msg;
-#endif
-
-  nsContentUtils::LogMessageToConsole(msg.c_str());
-}
-
-// Initialize the warn only sandbox if required.
-static void
-InitIfRequired()
-{
-  if (XRE_GetProcessType() == GeckoProcessType_Content
-      && Preferences::GetString("browser.tabs.remote.sandbox").EqualsLiteral("warn")
-      && sProvideLogFunctionCb) {
-    Preferences::AddUintVarCache(&sStackTraceDepth,
-      "browser.tabs.remote.sandbox.warnOnlyStackTraceDepth");
-    sProvideLogFunctionCb(Log);
-  }
-}
-#endif
-} // warnonlysandbox
-} // mozilla
-
-#endif // security_sandbox_wosEnableCallbacks_h__

security/sandbox/win/src/warnonlysandbox/wosTypes.h

@@ -1,27 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef security_sandbox_wosTypes_h__
-#define security_sandbox_wosTypes_h__
-
-#include <stdint.h>
-
-namespace mozilla {
-namespace warnonlysandbox {
-
-// We are using callbacks here that are passed in from the core code to prevent
-// a circular dependency in the linking during the build.
-typedef void (*LogFunction) (const char* aMessageType,
-                             const char* aFunctionName,
-                             const char* aContext,
-                             const bool aShouldLogStackTrace,
-                             uint32_t aFramesToSkip);
-typedef void (*ProvideLogFunctionCb) (LogFunction aLogFunction);
-
-} // warnonlysandbox
-} // mozilla
-
-#endif // security_sandbox_wosTypes_h__

toolkit/xre/nsEmbedFunctions.cpp

@@ -74,11 +74,6 @@
 
 #include "GeckoProfiler.h"
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_WIN)
-#define TARGET_SANDBOX_EXPORTS
-#include "mozilla/warnonlysandbox/wosCallbacks.h"
-#endif
-
 #ifdef MOZ_IPDL_TESTS
 #include "mozilla/_ipdltest/IPDLUnitTests.h"
 #include "mozilla/_ipdltest/IPDLUnitTestProcessChild.h"
@@ -540,12 +535,6 @@ XRE_InitChildProcess(int aArgc,
         return NS_ERROR_FAILURE;
       }
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_WIN)
-      // We need to do this after the process has been initialised, as
-      // InitIfRequired needs access to prefs.
-      mozilla::warnonlysandbox::InitIfRequired();
-#endif
-
       // Run the UI event loop on the main thread.
       uiMessageLoop.MessageLoop::Run();