Bug 1920463 p2: Remove AbstractSandboxBroker. r=nika

Differential Revision: https://phabricator.services.mozilla.com/D223117

ipc/glue/GeckoChildProcessHost.cpp

@@ -135,7 +135,7 @@ struct LaunchResults {
   UniqueBEProcessCapabilityGrant mForegroundCapabilityGrant;
 #endif
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
-  RefPtr<AbstractSandboxBroker> mSandboxBroker;
+  UniquePtr<SandboxBroker> mSandboxBroker;
 #endif
 };
 typedef mozilla::MozPromise<LaunchResults, LaunchError, true>
@@ -457,13 +457,6 @@ GeckoChildProcessHost::~GeckoChildProcessHost() {
       mChildProcessHandle = 0;
     }
   }
-
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
-  if (mSandboxBroker) {
-    mSandboxBroker->Shutdown();
-    mSandboxBroker = nullptr;
-  }
-#endif
 }
 
 base::ProcessHandle GeckoChildProcessHost::GetChildProcessHandle() {
@@ -1570,7 +1563,7 @@ Result<Ok, LaunchError> WindowsProcessLauncher::DoSetup() {
   }
 
 #  if defined(MOZ_SANDBOX)
-  mResults.mSandboxBroker = new SandboxBroker();
+  mResults.mSandboxBroker = MakeUnique<SandboxBroker>();
 
   // XXX: Bug 1124167: We should get rid of the process specific logic for
   // sandboxing in this class at some point. Unfortunately it will take a bit

ipc/glue/GeckoChildProcessHost.h

@@ -254,7 +254,7 @@ class GeckoChildProcessHost : public SupportsWeakPtr,
   void InitWindowsGroupID();
   nsString mGroupId;
 #  ifdef MOZ_SANDBOX
-  RefPtr<AbstractSandboxBroker> mSandboxBroker;
+  UniquePtr<SandboxBroker> mSandboxBroker;
   std::vector<std::wstring> mAllowedFilesRead;
   bool mEnableSandboxLogging;
   int32_t mSandboxLevel;

security/sandbox/win/src/sandboxbroker/sandboxBroker.h

@@ -26,52 +26,7 @@ class TargetPolicy;
 
 namespace mozilla {
 
-class AbstractSandboxBroker {
- public:
-  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(AbstractSandboxBroker)
-
-  virtual void Shutdown() = 0;
-  virtual Result<Ok, mozilla::ipc::LaunchError> LaunchApp(
-      const wchar_t* aPath, const wchar_t* aArguments,
-      base::EnvironmentMap& aEnvironment, GeckoProcessType aProcessType,
-      const bool aEnableLogging, const IMAGE_THUNK_DATA* aCachedNtdllThunk,
-      void** aProcessHandle) = 0;
-
-  // Security levels for different types of processes
-  virtual void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
-                                                 bool aIsFileProcess) = 0;
-
-  virtual void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) = 0;
-  virtual bool SetSecurityLevelForRDDProcess() = 0;
-  virtual bool SetSecurityLevelForSocketProcess() = 0;
-  virtual bool SetSecurityLevelForUtilityProcess(
-      mozilla::ipc::SandboxingKind aSandbox) = 0;
-
-  enum SandboxLevel { LockDown, Restricted };
-  virtual bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
-                                           bool aIsRemoteLaunch = false) = 0;
-
-  // File system permissions
-  virtual bool AllowReadFile(wchar_t const* file) = 0;
-
-  /**
-   * Share a HANDLE with the child process. The HANDLE will be made available
-   * in the child process at the memory address
-   * |reinterpret_cast<uintptr_t>(aHandle)|. It is the caller's responsibility
-   * to communicate this address to the child.
-   */
-  virtual void AddHandleToShare(HANDLE aHandle) = 0;
-
-  /**
-   * @return true if policy has win32k locked down, otherwise false
-   */
-  virtual bool IsWin32kLockedDown() = 0;
-
- protected:
-  virtual ~AbstractSandboxBroker() {}
-};
-
-class SandboxBroker : public AbstractSandboxBroker {
+class SandboxBroker {
  public:
   SandboxBroker();
 
@@ -80,8 +35,6 @@ class SandboxBroker : public AbstractSandboxBroker {
 
   static void EnsureLpacPermsissionsOnDir(const nsString& aDir);
 
-  void Shutdown() override {}
-
   /**
    * Do initialization that depends on parts of the Gecko machinery having been
    * created first.
@@ -92,23 +45,24 @@ class SandboxBroker : public AbstractSandboxBroker {
       const wchar_t* aPath, const wchar_t* aArguments,
       base::EnvironmentMap& aEnvironment, GeckoProcessType aProcessType,
       const bool aEnableLogging, const IMAGE_THUNK_DATA* aCachedNtdllThunk,
-      void** aProcessHandle) override;
-  virtual ~SandboxBroker();
+      void** aProcessHandle);
+  ~SandboxBroker();
 
   // Security levels for different types of processes
   void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
-                                         bool aIsFileProcess) override;
+                                         bool aIsFileProcess);
 
-  void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) override;
-  bool SetSecurityLevelForRDDProcess() override;
-  bool SetSecurityLevelForSocketProcess() override;
+  void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel);
+  bool SetSecurityLevelForRDDProcess();
+  bool SetSecurityLevelForSocketProcess();
+
+  enum SandboxLevel { LockDown, Restricted };
   bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
-                                   bool aIsRemoteLaunch = false) override;
-  bool SetSecurityLevelForUtilityProcess(
-      mozilla::ipc::SandboxingKind aSandbox) override;
+                                   bool aIsRemoteLaunch = false);
+  bool SetSecurityLevelForUtilityProcess(mozilla::ipc::SandboxingKind aSandbox);
 
   // File system permissions
-  bool AllowReadFile(wchar_t const* file) override;
+  bool AllowReadFile(wchar_t const* file);
 
   /**
    * Share a HANDLE with the child process. The HANDLE will be made available
@@ -116,9 +70,9 @@ class SandboxBroker : public AbstractSandboxBroker {
    * |reinterpret_cast<uintptr_t>(aHandle)|. It is the caller's responsibility
    * to communicate this address to the child.
    */
-  void AddHandleToShare(HANDLE aHandle) override;
+  void AddHandleToShare(HANDLE aHandle);
 
-  bool IsWin32kLockedDown() final;
+  bool IsWin32kLockedDown();
 
   // Set up dummy interceptions via the broker, so we can log calls.
   void ApplyLoggingPolicy();