Bug 1312101 - Part 2: Remove AppProcessChecker and code that depends on it; r=baku
authorEhsan Akhgari <ehsan@mozilla.com>
Sat, 22 Oct 2016 16:50:47 -0400
changeset 322820 ad3f41ebb1a2b31c39b082b15d827befe2bc70de
parent 322819 ba4af4705e58896c43a51b5f608d9466c8f415c7
child 322821 211be78bea44f3d8089a7ee03cdb1adeb4264f15
push id83981
push usereakhgari@mozilla.com
push dateWed, 16 Nov 2016 19:51:13 +0000
treeherdermozilla-inbound@ad3f41ebb1a2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku
bugs1312101
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1312101 - Part 2: Remove AppProcessChecker and code that depends on it; r=baku
devtools/client/responsive.html/browser/tunnel.js
dom/base/nsDOMClassInfo.cpp
dom/base/nsFrameLoader.cpp
dom/base/nsFrameLoader.h
dom/base/nsFrameMessageManager.cpp
dom/base/nsFrameMessageManager.h
dom/base/nsIMessageManager.idl
dom/cache/PrincipalVerifier.cpp
dom/devicestorage/DeviceStorageRequestParent.cpp
dom/filesystem/FileSystemRequestParent.cpp
dom/indexedDB/ActorsParent.cpp
dom/ipc/AppProcessChecker.cpp
dom/ipc/AppProcessChecker.h
dom/ipc/ContentParent.cpp
dom/ipc/ContentParent.h
dom/ipc/ContentProcessManager.h
dom/ipc/TabParent.cpp
dom/ipc/moz.build
dom/ipc/nsIContentParent.cpp
dom/network/TCPServerSocketParent.cpp
dom/network/TCPSocketParent.cpp
dom/network/UDPSocketParent.cpp
dom/network/UDPSocketParent.h
dom/workers/ServiceWorkerManagerParent.cpp
hal/sandbox/SandboxHal.cpp
ipc/glue/BackgroundParentImpl.cpp
netwerk/ipc/NeckoParent.cpp
--- a/devtools/client/responsive.html/browser/tunnel.js
+++ b/devtools/client/responsive.html/browser/tunnel.js
@@ -344,21 +344,16 @@ function MessageManagerTunnel(outer, inn
 
 MessageManagerTunnel.prototype = {
 
   /**
    * Most message manager methods are left alone and are just passed along to
    * the outer browser's real message manager.
    */
   PASS_THROUGH_METHODS: [
-    "killChild",
-    "assertPermission",
-    "assertContainApp",
-    "assertAppHasPermission",
-    "assertAppHasStatus",
     "removeDelayedFrameScript",
     "getDelayedFrameScripts",
     "loadProcessScript",
     "removeDelayedProcessScript",
     "getDelayedProcessScripts",
     "addWeakMessageListener",
     "removeWeakMessageListener",
   ],
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -589,17 +589,16 @@ nsDOMClassInfo::Init()
     DOM_CLASSINFO_MAP_ENTRY(nsIFrameScriptLoader)
     DOM_CLASSINFO_MAP_ENTRY(nsIProcessScriptLoader)
     DOM_CLASSINFO_MAP_ENTRY(nsIGlobalProcessScriptLoader)
     DOM_CLASSINFO_MAP_ENTRY(nsIMessageListenerManager)
     DOM_CLASSINFO_MAP_ENTRY(nsIMessageBroadcaster)
   DOM_CLASSINFO_MAP_END
 
   DOM_CLASSINFO_MAP_BEGIN_NO_CLASS_IF(ChromeMessageSender, nsISupports)
-    DOM_CLASSINFO_MAP_ENTRY(nsIProcessChecker)
     DOM_CLASSINFO_MAP_ENTRY(nsIFrameScriptLoader)
     DOM_CLASSINFO_MAP_ENTRY(nsIProcessScriptLoader)
     DOM_CLASSINFO_MAP_ENTRY(nsIMessageListenerManager)
     DOM_CLASSINFO_MAP_ENTRY(nsIMessageSender)
   DOM_CLASSINFO_MAP_END
 
   DOM_CLASSINFO_MAP_BEGIN(CSSKeyframeRule, nsIDOMCSSKeyframeRule)
     DOM_CLASSINFO_MAP_ENTRY(nsIDOMCSSKeyframeRule)
--- a/dom/base/nsFrameLoader.cpp
+++ b/dom/base/nsFrameLoader.cpp
@@ -70,17 +70,16 @@
 #include "nsThreadUtils.h"
 
 #include "nsIDOMChromeWindow.h"
 #include "nsInProcessTabChildGlobal.h"
 
 #include "Layers.h"
 #include "ClientLayerManager.h"
 
-#include "AppProcessChecker.h"
 #include "ContentParent.h"
 #include "TabParent.h"
 #include "mozilla/plugins/PPluginWidgetParent.h"
 #include "../plugins/ipc/PluginWidgetParent.h"
 #include "mozilla/AsyncEventDispatcher.h"
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/GuardObjects.h"
 #include "mozilla/Preferences.h"
@@ -2835,37 +2834,16 @@ nsFrameLoader::DoSendAsyncMessage(JSCont
     }
     return rv;
   }
 
   // We don't have any targets to send our asynchronous message to.
   return NS_ERROR_UNEXPECTED;
 }
 
-bool
-nsFrameLoader::CheckPermission(const nsAString& aPermission)
-{
-  return AssertAppProcessPermission(GetRemoteBrowser(),
-                                    NS_ConvertUTF16toUTF8(aPermission).get());
-}
-
-bool
-nsFrameLoader::CheckManifestURL(const nsAString& aManifestURL)
-{
-  return AssertAppProcessManifestURL(GetRemoteBrowser(),
-                                     NS_ConvertUTF16toUTF8(aManifestURL).get());
-}
-
-bool
-nsFrameLoader::CheckAppHasPermission(const nsAString& aPermission)
-{
-  return AssertAppHasPermission(GetRemoteBrowser(),
-                                NS_ConvertUTF16toUTF8(aPermission).get());
-}
-
 NS_IMETHODIMP
 nsFrameLoader::GetMessageManager(nsIMessageSender** aManager)
 {
   EnsureMessageManager();
   if (mMessageManager) {
     RefPtr<nsFrameMessageManager> mm(mMessageManager);
     mm.forget(aManager);
     return NS_OK;
--- a/dom/base/nsFrameLoader.h
+++ b/dom/base/nsFrameLoader.h
@@ -96,19 +96,16 @@ public:
    */
   virtual bool DoLoadMessageManagerScript(const nsAString& aURL,
                                           bool aRunInGlobalScope) override;
   virtual nsresult DoSendAsyncMessage(JSContext* aCx,
                                       const nsAString& aMessage,
                                       mozilla::dom::ipc::StructuredCloneData& aData,
                                       JS::Handle<JSObject *> aCpows,
                                       nsIPrincipal* aPrincipal) override;
-  virtual bool CheckPermission(const nsAString& aPermission) override;
-  virtual bool CheckManifestURL(const nsAString& aManifestURL) override;
-  virtual bool CheckAppHasPermission(const nsAString& aPermission) override;
 
   /**
    * Called from the layout frame associated with this frame loader;
    * this notifies us to hook up with the widget and view.
    */
   bool Show(int32_t marginWidth, int32_t marginHeight,
               int32_t scrollbarPrefX, int32_t scrollbarPrefY,
               nsSubDocumentFrame* frame);
--- a/dom/base/nsFrameMessageManager.cpp
+++ b/dom/base/nsFrameMessageManager.cpp
@@ -3,17 +3,16 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "base/basictypes.h"
 
 #include "nsFrameMessageManager.h"
 
-#include "AppProcessChecker.h"
 #include "ContentChild.h"
 #include "nsContentUtils.h"
 #include "nsDOMClassInfoID.h"
 #include "nsError.h"
 #include "nsIXPConnect.h"
 #include "jsapi.h"
 #include "jsfriendapi.h"
 #include "nsJSUtils.h"
@@ -189,20 +188,16 @@ NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(
   /* Process message managers (process message managers) support nsIProcessScriptLoader. */
   NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIProcessScriptLoader,
                                      mChrome && mIsProcessManager)
 
   /* Global process message managers (process message managers) support nsIGlobalProcessScriptLoader. */
   NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIGlobalProcessScriptLoader,
                                      mChrome && mIsProcessManager && mIsBroadcaster)
 
-  /* Message senders in the chrome process support nsIProcessChecker. */
-  NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIProcessChecker,
-                                     mChrome && !mIsBroadcaster)
-
   NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageBroadcaster,
                                                    mChrome && mIsBroadcaster)
   NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageSender,
                                                    mChrome && !mIsBroadcaster)
 NS_INTERFACE_MAP_END
 
 NS_IMPL_CYCLE_COLLECTING_ADDREF(nsFrameMessageManager)
 NS_IMPL_CYCLE_COLLECTING_RELEASE(nsFrameMessageManager)
@@ -962,105 +957,16 @@ nsFrameMessageManager::Btoa(const nsAStr
 
 NS_IMETHODIMP
 nsFrameMessageManager::Atob(const nsAString& aAsciiString,
                             nsAString& aBinaryData)
 {
   return nsContentUtils::Atob(aAsciiString, aBinaryData);
 }
 
-// nsIProcessChecker
-
-NS_IMETHODIMP
-nsFrameMessageManager::KillChild(bool *aValid)
-{
-  if (!mCallback) {
-    *aValid = false;
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
-  *aValid = mCallback->KillChild();
-  return NS_OK;
-}
-
-nsresult
-nsFrameMessageManager::AssertProcessInternal(ProcessCheckerType aType,
-                                             const nsAString& aCapability,
-                                             bool* aValid)
-{
-  *aValid = false;
-
-  // This API is only supported for message senders in the chrome process.
-  if (!mChrome || mIsBroadcaster) {
-    return NS_ERROR_NOT_IMPLEMENTED;
-  }
-  if (!mCallback) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  switch (aType) {
-    case PROCESS_CHECKER_PERMISSION:
-      *aValid = mCallback->CheckPermission(aCapability);
-      break;
-    case PROCESS_CHECKER_MANIFEST_URL:
-      *aValid = mCallback->CheckManifestURL(aCapability);
-      break;
-    case ASSERT_APP_HAS_PERMISSION:
-      *aValid = mCallback->CheckAppHasPermission(aCapability);
-      break;
-    default:
-      break;
-  }
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsFrameMessageManager::AssertPermission(const nsAString& aPermission,
-                                        bool* aHasPermission)
-{
-  return AssertProcessInternal(PROCESS_CHECKER_PERMISSION,
-                               aPermission,
-                               aHasPermission);
-}
-
-NS_IMETHODIMP
-nsFrameMessageManager::AssertContainApp(const nsAString& aManifestURL,
-                                        bool* aHasManifestURL)
-{
-  return AssertProcessInternal(PROCESS_CHECKER_MANIFEST_URL,
-                               aManifestURL,
-                               aHasManifestURL);
-}
-
-NS_IMETHODIMP
-nsFrameMessageManager::AssertAppHasPermission(const nsAString& aPermission,
-                                              bool* aHasPermission)
-{
-  return AssertProcessInternal(ASSERT_APP_HAS_PERMISSION,
-                               aPermission,
-                               aHasPermission);
-}
-
-NS_IMETHODIMP
-nsFrameMessageManager::AssertAppHasStatus(unsigned short aStatus,
-                                          bool* aHasStatus)
-{
-  *aHasStatus = false;
-
-  // This API is only supported for message senders in the chrome process.
-  if (!mChrome || mIsBroadcaster) {
-    return NS_ERROR_NOT_IMPLEMENTED;
-  }
-  if (!mCallback) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-  *aHasStatus = mCallback->CheckAppHasStatus(aStatus);
-
-  return NS_OK;
-}
-
 class MMListenerRemover
 {
 public:
   explicit MMListenerRemover(nsFrameMessageManager* aMM)
     : mWasHandlingMessage(aMM->mHandlingMessage)
     , mMM(aMM)
   {
     mMM->mHandlingMessage = true;
@@ -1970,40 +1876,16 @@ public:
       return rv;
     }
     rv = NS_DispatchToCurrentThread(ev);
     if (NS_FAILED(rv)) {
       return rv;
     }
     return NS_OK;
   }
-
-  bool CheckPermission(const nsAString& aPermission) override
-  {
-    // In a single-process scenario, the child always has all capabilities.
-    return true;
-  }
-
-  bool CheckManifestURL(const nsAString& aManifestURL) override
-  {
-    // In a single-process scenario, the child always has all capabilities.
-    return true;
-  }
-
-  bool CheckAppHasPermission(const nsAString& aPermission) override
-  {
-    // In a single-process scenario, the child always has all capabilities.
-    return true;
-  }
-
-  bool CheckAppHasStatus(unsigned short aStatus) override
-  {
-    // In a single-process scenario, the child always has all capabilities.
-    return true;
-  }
 };
 
 
 /**
  * Send messages to the parent process.
  */
 class ChildProcessMessageManagerCallback : public MessageManagerCallback
 {
--- a/dom/base/nsFrameMessageManager.h
+++ b/dom/base/nsFrameMessageManager.h
@@ -78,42 +78,16 @@ public:
                                       const nsAString& aMessage,
                                       StructuredCloneData& aData,
                                       JS::Handle<JSObject*> aCpows,
                                       nsIPrincipal* aPrincipal)
   {
     return NS_OK;
   }
 
-  virtual bool CheckPermission(const nsAString& aPermission)
-  {
-    return false;
-  }
-
-  virtual bool CheckManifestURL(const nsAString& aManifestURL)
-  {
-    return false;
-  }
-
-  virtual bool CheckAppHasPermission(const nsAString& aPermission)
-  {
-    return false;
-  }
-
-  virtual bool CheckAppHasStatus(unsigned short aStatus)
-  {
-    return false;
-  }
-
-  virtual bool KillChild()
-  {
-    // By default, does nothing.
-    return false;
-  }
-
   virtual nsIMessageSender* GetProcessMessageManager() const
   {
     return nullptr;
   }
 
 protected:
   bool BuildClonedMessageDataForParent(nsIContentParent* aParent,
                                        StructuredCloneData& aData,
@@ -160,18 +134,17 @@ public:
 
 private:
   JS::Rooted<JSObject*> mObj;
 };
 
 class nsFrameMessageManager final : public nsIContentFrameMessageManager,
                                     public nsIMessageBroadcaster,
                                     public nsIFrameScriptLoader,
-                                    public nsIGlobalProcessScriptLoader,
-                                    public nsIProcessChecker
+                                    public nsIGlobalProcessScriptLoader
 {
   friend class mozilla::dom::MessageManagerReporter;
   typedef mozilla::dom::ipc::StructuredCloneData StructuredCloneData;
 public:
   nsFrameMessageManager(mozilla::dom::ipc::MessageManagerCallback* aCallback,
                         nsFrameMessageManager* aParentManager,
                         /* mozilla::dom::ipc::MessageManagerFlags */ uint32_t aFlags);
 
@@ -186,17 +159,16 @@ public:
   NS_DECL_NSIMESSAGESENDER
   NS_DECL_NSIMESSAGEBROADCASTER
   NS_DECL_NSISYNCMESSAGESENDER
   NS_DECL_NSIMESSAGEMANAGERGLOBAL
   NS_DECL_NSICONTENTFRAMEMESSAGEMANAGER
   NS_DECL_NSIFRAMESCRIPTLOADER
   NS_DECL_NSIPROCESSSCRIPTLOADER
   NS_DECL_NSIGLOBALPROCESSSCRIPTLOADER
-  NS_DECL_NSIPROCESSCHECKER
 
   static nsFrameMessageManager*
   NewProcessMessageManager(bool aIsRemote);
 
   nsresult ReceiveMessage(nsISupports* aTarget, nsIFrameLoader* aTargetFrameLoader,
                           const nsAString& aMessage,
                           bool aIsSync, StructuredCloneData* aCloneData,
                           mozilla::jsipc::CpowHolder* aCpows, nsIPrincipal* aPrincipal,
--- a/dom/base/nsIMessageManager.idl
+++ b/dom/base/nsIMessageManager.idl
@@ -478,73 +478,8 @@ interface nsIGlobalProcessScriptLoader :
    * This value will always be a JS object. Different users are
    * expected to set properties on this object. The property name
    * should be unique enough that other Gecko consumers won't
    * accidentally choose it.
    */
   [implicit_jscontext]
   readonly attribute jsval initialProcessData;
 };
-
-[scriptable, builtinclass, uuid(637e8538-4f8f-4a3d-8510-e74386233e19)]
-interface nsIProcessChecker : nsISupports
-{
-  bool killChild();
-
-  /**
-   * Return true if the "remote" process has |aPermission|.  This is
-   * intended to be used by JS implementations of cross-process DOM
-   * APIs, like so
-   *
-   *   recvFooRequest: function(message) {
-   *     if (!message.target.assertPermission("foo")) {
-   *       return false;
-   *     }
-   *     // service foo request
-   *
-   * This interface only returns meaningful data when our content is
-   * in a separate process.  If it shares the same OS process as us,
-   * then applying this permission check doesn't add any security,
-   * though it doesn't hurt anything either.
-   *
-   * Note: If the remote content process does *not* have |aPermission|,
-   * it will be killed as a precaution.
-   */
-  boolean assertPermission(in DOMString aPermission);
-
-  /**
-   * Return true if the "remote" process has |aManifestURL|.  This is
-   * intended to be used by JS implementations of cross-process DOM
-   * APIs, like so
-   *
-   *   recvFooRequest: function(message) {
-   *     if (!message.target.assertContainApp("foo")) {
-   *       return false;
-   *     }
-   *     // service foo request
-   *
-   * This interface only returns meaningful data when our content is
-   * in a separate process.  If it shares the same OS process as us,
-   * then applying this manifest URL check doesn't add any security,
-   * though it doesn't hurt anything either.
-   *
-   * Note: If the remote content process does *not* contain |aManifestURL|,
-   * it will be killed as a precaution.
-   */
-  boolean assertContainApp(in DOMString aManifestURL);
-
-  boolean assertAppHasPermission(in DOMString aPermission);
-
-  /**
-   * Return true if the "remote" process' principal has an appStatus equal to
-   * |aStatus|.
-   *
-   * This interface only returns meaningful data when our content is
-   * in a separate process.  If it shares the same OS process as us,
-   * then applying this permission check doesn't add any security,
-   * though it doesn't hurt anything either.
-   *
-   * Note: If the remote content process does *not* has the |aStatus|,
-   * it will be killed as a precaution.
-   */
-  boolean assertAppHasStatus(in unsigned short aStatus);
-
-};
--- a/dom/cache/PrincipalVerifier.cpp
+++ b/dom/cache/PrincipalVerifier.cpp
@@ -1,17 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/dom/cache/PrincipalVerifier.h"
 
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/cache/ManagerId.h"
 #include "mozilla/ipc/BackgroundParent.h"
 #include "mozilla/ipc/PBackgroundParent.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "nsContentUtils.h"
 #include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
@@ -140,21 +139,16 @@ PrincipalVerifier::VerifyOnMainThread()
 
   // Verify if a child process uses system principal, which is not allowed
   // to prevent system principal is spoofed.
   if (NS_WARN_IF(actor && ssm->IsSystemPrincipal(principal))) {
     DispatchToInitiatingThread(NS_ERROR_FAILURE);
     return;
   }
 
-  // Verify that a child process claims to own the app for this principal
-  if (NS_WARN_IF(actor && !AssertAppPrincipal(actor, principal))) {
-    DispatchToInitiatingThread(NS_ERROR_FAILURE);
-    return;
-  }
   actor = nullptr;
 
 #ifdef DEBUG
   // Sanity check principal origin by using it to construct a URI and security
   // checking it.  Don't do this for the system principal, though, as its origin
   // is a synthetic [System Principal] string.
   if (!ssm->IsSystemPrincipal(principal)) {
     nsAutoCString origin;
--- a/dom/devicestorage/DeviceStorageRequestParent.cpp
+++ b/dom/devicestorage/DeviceStorageRequestParent.cpp
@@ -7,17 +7,16 @@
 #include "DeviceStorageRequestParent.h"
 #include "nsIMIMEService.h"
 #include "nsCExternalHandlerService.h"
 #include "mozilla/Unused.h"
 #include "mozilla/dom/File.h"
 #include "mozilla/dom/ipc/BlobParent.h"
 #include "ContentParent.h"
 #include "nsProxyRelease.h"
-#include "AppProcessChecker.h"
 #include "mozilla/Preferences.h"
 #include "nsNetCID.h"
 
 namespace mozilla {
 namespace dom {
 namespace devicestorage {
 
 DeviceStorageRequestParent::DeviceStorageRequestParent(
@@ -312,44 +311,16 @@ DeviceStorageRequestParent::EnsureRequir
     }
 
     default:
     {
       return false;
     }
   }
 
-  // The 'apps' type is special.  We only want this exposed
-  // if the caller has the "webapps-manage" permission.
-  if (type.EqualsLiteral("apps")) {
-    if (!AssertAppProcessPermission(aParent, "webapps-manage")) {
-      return false;
-    }
-  }
-
-  nsAutoCString permissionName;
-  nsresult rv = DeviceStorageTypeChecker::GetPermissionForType(type,
-                                                               permissionName);
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-
-  nsCString access;
-  rv = DeviceStorageTypeChecker::GetAccessForRequest(requestType, access);
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-
-  permissionName.Append('-');
-  permissionName.Append(access);
-
-  if (!AssertAppProcessPermission(aParent, permissionName.get())) {
-    return false;
-  }
-
   return true;
 }
 
 DeviceStorageRequestParent::~DeviceStorageRequestParent()
 {
   MOZ_COUNT_DTOR(DeviceStorageRequestParent);
 }
 
--- a/dom/filesystem/FileSystemRequestParent.cpp
+++ b/dom/filesystem/FileSystemRequestParent.cpp
@@ -6,17 +6,16 @@
 #include "mozilla/dom/FileSystemRequestParent.h"
 
 #include "CreateDirectoryTask.h"
 #include "CreateFileTask.h"
 #include "GetDirectoryListingTask.h"
 #include "GetFileOrDirectoryTask.h"
 #include "RemoveTask.h"
 
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/dom/FileSystemBase.h"
 
 namespace mozilla {
 namespace dom {
 
 FileSystemRequestParent::FileSystemRequestParent()
   : mDestroyed(false)
 {
--- a/dom/indexedDB/ActorsParent.cpp
+++ b/dom/indexedDB/ActorsParent.cpp
@@ -14,17 +14,16 @@
 #include "IndexedDatabase.h"
 #include "IndexedDatabaseInlines.h"
 #include "IndexedDatabaseManager.h"
 #include "js/StructuredClone.h"
 #include "js/Value.h"
 #include "jsapi.h"
 #include "KeyPath.h"
 #include "mozilla/Attributes.h"
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/AutoRestore.h"
 #include "mozilla/Casting.h"
 #include "mozilla/EndianUtils.h"
 #include "mozilla/LazyIdleThread.h"
 #include "mozilla/Maybe.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Services.h"
 #include "mozilla/SnappyCompressOutputStream.h"
deleted file mode 100644
--- a/dom/ipc/AppProcessChecker.cpp
+++ /dev/null
@@ -1,95 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "AppProcessChecker.h"
-#include "nsIPermissionManager.h"
-
-namespace mozilla {
-namespace dom {
-class PContentParent;
-} // namespace dom
-} // namespace mozilla
-
-class nsIPrincipal;
-
-namespace mozilla {
-
-#if DEBUG
-  #define LOG(...) printf_stderr(__VA_ARGS__)
-#else
-  #define LOG(...)
-#endif
-
-bool
-AssertAppProcess(mozilla::dom::PBrowserParent* aActor,
-                 AssertAppProcessType aType,
-                 const char* aCapability)
-{
-  return true;
-}
-
-bool
-AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
-                unsigned short aStatus)
-{
-  return true;
-}
-
-bool
-AssertAppProcess(const mozilla::dom::TabContext& aContext,
-                 AssertAppProcessType aType,
-                 const char* aCapability)
-{
-  return true;
-}
-
-bool
-AssertAppStatus(const mozilla::dom::TabContext& aContext,
-                unsigned short aStatus)
-{
-  return true;
-}
-
-
-bool
-AssertAppProcess(mozilla::dom::PContentParent* aActor,
-                 AssertAppProcessType aType,
-                 const char* aCapability)
-{
-  return true;
-}
-
-bool
-AssertAppStatus(mozilla::dom::PContentParent* aActor,
-                unsigned short aStatus)
-{
-  return true;
-}
-
-bool
-AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor,
-                 AssertAppProcessType aType,
-                 const char* aCapability)
-{
-  return true;
-}
-
-bool
-AssertAppPrincipal(mozilla::dom::PContentParent* aActor,
-                   nsIPrincipal* aPrincipal)
-{
-  return true;
-}
-
-uint32_t
-CheckPermission(mozilla::dom::PContentParent* aActor,
-                nsIPrincipal* aPrincipal,
-                const char* aPermission)
-{
-  return nsIPermissionManager::ALLOW_ACTION;
-}
-
-} // namespace mozilla
deleted file mode 100644
--- a/dom/ipc/AppProcessChecker.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_AppProcessChecker_h
-#define mozilla_AppProcessChecker_h
-
-#include <stdint.h>
-
-class nsIPrincipal;
-
-namespace mozilla {
-
-namespace dom {
-class TabContext;
-class PBrowserParent;
-class PContentParent;
-} // namespace dom
-
-namespace hal_sandbox {
-class PHalParent;
-} // namespace hal_sandbox
-
-enum AssertAppProcessType {
-  ASSERT_APP_PROCESS_PERMISSION,
-  ASSERT_APP_PROCESS_MANIFEST_URL,
-  ASSERT_APP_HAS_PERMISSION
-};
-
-/**
- * Return true if the specified browser has the specified capability.
- * If this returns false, the browser didn't have the capability and
- * will be killed.
- */
-bool
-AssertAppProcess(mozilla::dom::PBrowserParent* aActor,
-                 AssertAppProcessType aType,
-                 const char* aCapability);
-
-/**
- * Return true if the specified app has the specified status.
- * If this returns false, the browser will be killed.
- */
-bool
-AssertAppStatus(mozilla::dom::PBrowserParent* aActor,
-                unsigned short aStatus);
-
-/**
- * Return true if the specified browser has the specified capability.
- * If this returns false, the browser didn't have the capability and
- * will be killed.
- */
-bool
-AssertAppProcess(const mozilla::dom::TabContext& aContext,
-                 AssertAppProcessType aType,
-                 const char* aCapability);
-
-/**
- * Return true if the specified app has the specified status.
- * If this returns false, the browser will be killed.
- */
-bool
-AssertAppStatus(const mozilla::dom::TabContext& aContext,
-                unsigned short aStatus);
-
-/**
- * Return true if any of the PBrowsers loaded in this content process
- * has the specified capability.  If this returns false, the process
- * didn't have the capability and will be killed.
- */
-bool
-AssertAppProcess(mozilla::dom::PContentParent* aActor,
-                 AssertAppProcessType aType,
-                 const char* aCapability);
-
-/**
- * Return true if any of the PBrowsers loaded in this content process
- * has an app with the specified status. If this returns false, the process
- * didn't have the status and will be killed.
- */
-bool
-AssertAppStatus(mozilla::dom::PContentParent* aActor,
-                unsigned short aStatus);
-
-bool
-AssertAppProcess(mozilla::hal_sandbox::PHalParent* aActor,
-                 AssertAppProcessType aType,
-                 const char* aCapability);
-
-// NB: when adding capability checks for other IPDL actors, please add
-// them to this file and have them delegate to the two functions above
-// as appropriate.  For example,
-//
-//   bool AppProcessHasCapability(PNeckoParent* aActor, AssertAppProcessType aType) {
-//     return AssertAppProcess(aActor->Manager(), aType);
-//   }
-
-bool
-AssertAppPrincipal(mozilla::dom::PContentParent* aParent,
-                   nsIPrincipal* aPrincipal);
-
-/**
- * Check if the specified principal is valid, and return the saved permission
- * value for permission `aPermission' on that principal.
- * See nsIPermissionManager.idl for possible return values.
- *
- * nsIPermissionManager::UNKNOWN_ACTION is retuned if the principal is invalid.
- */
-uint32_t
-CheckPermission(mozilla::dom::PContentParent* aParent,
-                nsIPrincipal* aPrincipal, const char* aPermission);
-
-/**
- * Inline function for asserting the process's permission.
- */
-template<typename T>
-inline bool
-AssertAppProcessPermission(T* aActor,
-                           const char* aPermission) {
-  return AssertAppProcess(aActor,
-                          ASSERT_APP_PROCESS_PERMISSION,
-                          aPermission);
-}
-
-/**
- * Inline function for asserting the process's manifest URL.
- */
-template<typename T>
-inline bool
-AssertAppProcessManifestURL(T* aActor,
-                            const char* aManifestURL) {
-  return AssertAppProcess(aActor,
-                          ASSERT_APP_PROCESS_MANIFEST_URL,
-                          aManifestURL);
-}
-
-/**
- * Inline function for asserting the process's manifest URL.
- */
-template<typename T>
-inline bool
-AssertAppHasPermission(T* aActor,
-                       const char* aPermission) {
-  return AssertAppProcess(aActor,
-                          ASSERT_APP_HAS_PERMISSION,
-                          aPermission);
-}
-
-template<typename T>
-inline bool
-AssertAppHasStatus(T* aActor,
-                   unsigned short aStatus) {
-  return AssertAppStatus(aActor, aStatus);
-}
-
-} // namespace mozilla
-
-#endif // mozilla_AppProcessChecker_h
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -19,17 +19,16 @@
 #ifdef MOZ_WIDGET_GONK
 #include <sys/types.h>
 #include <sys/wait.h>
 #endif
 
 #include "chrome/common/process_watcher.h"
 
 #include "mozilla/a11y/PDocAccessible.h"
-#include "AppProcessChecker.h"
 #include "AudioChannelService.h"
 #include "BlobParent.h"
 #include "CrashReporterParent.h"
 #include "DeviceStorageStatics.h"
 #include "GMPServiceParent.h"
 #include "HandlerServiceParent.h"
 #include "IHistory.h"
 #include "imgIContainer.h"
@@ -3691,47 +3690,16 @@ ContentParent::DoSendAsyncMessage(JSCont
     return NS_ERROR_UNEXPECTED;
   }
   if (!SendAsyncMessage(nsString(aMessage), cpows, Principal(aPrincipal), data)) {
     return NS_ERROR_UNEXPECTED;
   }
   return NS_OK;
 }
 
-bool
-ContentParent::CheckPermission(const nsAString& aPermission)
-{
-  return AssertAppProcessPermission(this, NS_ConvertUTF16toUTF8(aPermission).get());
-}
-
-bool
-ContentParent::CheckManifestURL(const nsAString& aManifestURL)
-{
-  return AssertAppProcessManifestURL(this, NS_ConvertUTF16toUTF8(aManifestURL).get());
-}
-
-bool
-ContentParent::CheckAppHasPermission(const nsAString& aPermission)
-{
-  return AssertAppHasPermission(this, NS_ConvertUTF16toUTF8(aPermission).get());
-}
-
-bool
-ContentParent::CheckAppHasStatus(unsigned short aStatus)
-{
-  return AssertAppHasStatus(this, aStatus);
-}
-
-bool
-ContentParent::KillChild()
-{
-  KillHard("KillChild");
-  return true;
-}
-
 PBlobParent*
 ContentParent::SendPBlobConstructor(PBlobParent* aActor,
                                     const BlobConstructorParams& aParams)
 {
   return PContentParent::SendPBlobConstructor(aActor, aParams);
 }
 
 PBrowserParent*
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@@ -273,26 +273,16 @@ public:
                                           bool aRunInGlobalScope) override;
 
   virtual nsresult DoSendAsyncMessage(JSContext* aCx,
                                       const nsAString& aMessage,
                                       StructuredCloneData& aData,
                                       JS::Handle<JSObject *> aCpows,
                                       nsIPrincipal* aPrincipal) override;
 
-  virtual bool CheckPermission(const nsAString& aPermission) override;
-
-  virtual bool CheckManifestURL(const nsAString& aManifestURL) override;
-
-  virtual bool CheckAppHasPermission(const nsAString& aPermission) override;
-
-  virtual bool CheckAppHasStatus(unsigned short aStatus) override;
-
-  virtual bool KillChild() override;
-
   /** Notify that a tab is beginning its destruction sequence. */
   static void NotifyTabDestroying(const TabId& aTabId,
                                   const ContentParentId& aCpId);
 
   /** Notify that a tab was destroyed during normal operation. */
   void NotifyTabDestroyed(const TabId& aTabId,
                           bool aNotifiedDestroying);
 
--- a/dom/ipc/ContentProcessManager.h
+++ b/dom/ipc/ContentProcessManager.h
@@ -93,17 +93,16 @@ public:
    */
   bool
   GetTabContextByProcessAndTabId(const ContentParentId& aChildCpId,
                                  const TabId& aChildTabId,
                                  /*out*/ TabContext* aTabContext);
 
   /**
    * Get all TabContext which are inside the given content process.
-   * Used for AppProcessChecker to cehck app status.
    */
   nsTArray<TabContext>
   GetTabContextByContentProcess(const ContentParentId& aChildCpId);
 
   /**
    * Query a tab's opener id by the given process and tab id.
    * XXX Currently not used. Plan to be used for bug 1020179.
    */
--- a/dom/ipc/TabParent.cpp
+++ b/dom/ipc/TabParent.cpp
@@ -4,17 +4,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "base/basictypes.h"
 
 #include "TabParent.h"
 
 #include "AudioChannelService.h"
-#include "AppProcessChecker.h"
 #ifdef ACCESSIBILITY
 #include "mozilla/a11y/DocAccessibleParent.h"
 #include "nsAccessibilityService.h"
 #endif
 #include "mozilla/BrowserElementParent.h"
 #include "mozilla/dom/ContentBridgeParent.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/DataTransfer.h"
@@ -991,22 +990,17 @@ TabParent::AllocPIndexedDBPermissionRequ
   MOZ_ASSERT(NS_IsMainThread());
 
   nsCOMPtr<nsIPrincipal> principal(aPrincipal);
   if (!principal) {
     return nullptr;
   }
 
   nsCOMPtr<nsIContentParent> manager = Manager();
-  if (manager->IsContentParent()) {
-    if (NS_WARN_IF(!AssertAppPrincipal(manager->AsContentParent(),
-                                       principal))) {
-      return nullptr;
-    }
-  } else {
+  if (!manager->IsContentParent()) {
     MOZ_CRASH("Figure out security checks for bridged content!");
   }
 
   if (NS_WARN_IF(!mFrameElement)) {
     return nullptr;
   }
 
   return
@@ -1491,26 +1485,16 @@ TabParent::SendHandleTap(TapType aType,
 
 mozilla::ipc::IPCResult
 TabParent::RecvSyncMessage(const nsString& aMessage,
                            const ClonedMessageData& aData,
                            InfallibleTArray<CpowEntry>&& aCpows,
                            const IPC::Principal& aPrincipal,
                            nsTArray<StructuredCloneData>* aRetVal)
 {
-  // FIXME Permission check for TabParent in Content process
-  nsIPrincipal* principal = aPrincipal;
-  if (Manager()->IsContentParent()) {
-    ContentParent* parent = Manager()->AsContentParent();
-    if (!ContentParent::IgnoreIPCPrincipal() &&
-        parent && principal && !AssertAppPrincipal(parent, principal)) {
-      return IPC_FAIL_NO_REASON(this);
-    }
-  }
-
   StructuredCloneData data;
   ipc::UnpackClonedMessageDataForParent(aData, data);
 
   CrossProcessCpowHolder cpows(Manager(), aCpows);
   if (!ReceiveMessage(aMessage, true, &data, &cpows, aPrincipal, aRetVal)) {
     return IPC_FAIL_NO_REASON(this);
   }
   return IPC_OK();
@@ -1518,52 +1502,32 @@ TabParent::RecvSyncMessage(const nsStrin
 
 mozilla::ipc::IPCResult
 TabParent::RecvRpcMessage(const nsString& aMessage,
                           const ClonedMessageData& aData,
                           InfallibleTArray<CpowEntry>&& aCpows,
                           const IPC::Principal& aPrincipal,
                           nsTArray<StructuredCloneData>* aRetVal)
 {
-  // FIXME Permission check for TabParent in Content process
-  nsIPrincipal* principal = aPrincipal;
-  if (Manager()->IsContentParent()) {
-    ContentParent* parent = Manager()->AsContentParent();
-    if (!ContentParent::IgnoreIPCPrincipal() &&
-        parent && principal && !AssertAppPrincipal(parent, principal)) {
-      return IPC_FAIL_NO_REASON(this);
-    }
-  }
-
   StructuredCloneData data;
   ipc::UnpackClonedMessageDataForParent(aData, data);
 
   CrossProcessCpowHolder cpows(Manager(), aCpows);
   if (!ReceiveMessage(aMessage, true, &data, &cpows, aPrincipal, aRetVal)) {
     return IPC_FAIL_NO_REASON(this);
   }
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult
 TabParent::RecvAsyncMessage(const nsString& aMessage,
                             InfallibleTArray<CpowEntry>&& aCpows,
                             const IPC::Principal& aPrincipal,
                             const ClonedMessageData& aData)
 {
-  // FIXME Permission check for TabParent in Content process
-  nsIPrincipal* principal = aPrincipal;
-  if (Manager()->IsContentParent()) {
-    ContentParent* parent = Manager()->AsContentParent();
-    if (!ContentParent::IgnoreIPCPrincipal() &&
-        parent && principal && !AssertAppPrincipal(parent, principal)) {
-      return IPC_FAIL_NO_REASON(this);
-    }
-  }
-
   StructuredCloneData data;
   ipc::UnpackClonedMessageDataForParent(aData, data);
 
   CrossProcessCpowHolder cpows(Manager(), aCpows);
   if (!ReceiveMessage(aMessage, false, &data, &cpows, aPrincipal, nullptr)) {
     return IPC_FAIL_NO_REASON(this);
   }
   return IPC_OK();
--- a/dom/ipc/moz.build
+++ b/dom/ipc/moz.build
@@ -34,24 +34,22 @@ EXPORTS.mozilla.dom += [
     'PermissionMessageUtils.h',
     'TabChild.h',
     'TabContext.h',
     'TabMessageUtils.h',
     'TabParent.h',
 ]
 
 EXPORTS.mozilla += [
-    'AppProcessChecker.h',
     'ProcessHangMonitor.h',
     'ProcessHangMonitorIPC.h',
     'ProcessPriorityManager.h',
 ]
 
 UNIFIED_SOURCES += [
-    'AppProcessChecker.cpp',
     'ColorPickerParent.cpp',
     'ContentBridgeChild.cpp',
     'ContentBridgeParent.cpp',
     'ContentParent.cpp',
     'ContentProcess.cpp',
     'ContentProcessManager.cpp',
     'CrashReporterParent.cpp',
     'DatePickerParent.cpp',
--- a/dom/ipc/nsIContentParent.cpp
+++ b/dom/ipc/nsIContentParent.cpp
@@ -1,17 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsIContentParent.h"
 
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/dom/File.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/ContentBridgeParent.h"
 #include "mozilla/dom/PTabContext.h"
 #include "mozilla/dom/PermissionMessageUtils.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/dom/ipc/BlobParent.h"
@@ -212,26 +211,16 @@ nsIContentParent::GetOrCreateActorForBlo
 
 mozilla::ipc::IPCResult
 nsIContentParent::RecvSyncMessage(const nsString& aMsg,
                                   const ClonedMessageData& aData,
                                   InfallibleTArray<CpowEntry>&& aCpows,
                                   const IPC::Principal& aPrincipal,
                                   nsTArray<ipc::StructuredCloneData>* aRetvals)
 {
-  // FIXME Permission check in Content process
-  nsIPrincipal* principal = aPrincipal;
-  if (IsContentParent()) {
-    ContentParent* parent = AsContentParent();
-    if (!ContentParent::IgnoreIPCPrincipal() &&
-        parent && principal && !AssertAppPrincipal(parent, principal)) {
-      return IPC_FAIL_NO_REASON(parent);
-    }
-  }
-
   RefPtr<nsFrameMessageManager> ppm = mMessageManager;
   if (ppm) {
     ipc::StructuredCloneData data;
     ipc::UnpackClonedMessageDataForParent(aData, data);
 
     CrossProcessCpowHolder cpows(this, aCpows);
     ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), nullptr,
                         aMsg, true, &data, &cpows, aPrincipal, aRetvals);
@@ -241,26 +230,16 @@ nsIContentParent::RecvSyncMessage(const 
 
 mozilla::ipc::IPCResult
 nsIContentParent::RecvRpcMessage(const nsString& aMsg,
                                  const ClonedMessageData& aData,
                                  InfallibleTArray<CpowEntry>&& aCpows,
                                  const IPC::Principal& aPrincipal,
                                  nsTArray<ipc::StructuredCloneData>* aRetvals)
 {
-  // FIXME Permission check in Content process
-  nsIPrincipal* principal = aPrincipal;
-  if (IsContentParent()) {
-    ContentParent* parent = AsContentParent();
-    if (!ContentParent::IgnoreIPCPrincipal() &&
-        parent && principal && !AssertAppPrincipal(parent, principal)) {
-      return IPC_FAIL_NO_REASON(parent);
-    }
-  }
-
   RefPtr<nsFrameMessageManager> ppm = mMessageManager;
   if (ppm) {
     ipc::StructuredCloneData data;
     ipc::UnpackClonedMessageDataForParent(aData, data);
 
     CrossProcessCpowHolder cpows(this, aCpows);
     ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), nullptr,
                         aMsg, true, &data, &cpows, aPrincipal, aRetvals);
@@ -295,26 +274,16 @@ nsIContentParent::DeallocPSendStreamPare
 }
 
 mozilla::ipc::IPCResult
 nsIContentParent::RecvAsyncMessage(const nsString& aMsg,
                                    InfallibleTArray<CpowEntry>&& aCpows,
                                    const IPC::Principal& aPrincipal,
                                    const ClonedMessageData& aData)
 {
-  // FIXME Permission check in Content process
-  nsIPrincipal* principal = aPrincipal;
-  if (IsContentParent()) {
-    ContentParent* parent = AsContentParent();
-    if (!ContentParent::IgnoreIPCPrincipal() &&
-        parent && principal && !AssertAppPrincipal(parent, principal)) {
-      return IPC_FAIL_NO_REASON(parent);
-    }
-  }
-
   RefPtr<nsFrameMessageManager> ppm = mMessageManager;
   if (ppm) {
     ipc::StructuredCloneData data;
     ipc::UnpackClonedMessageDataForParent(aData, data);
 
     CrossProcessCpowHolder cpows(this, aCpows);
     ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), nullptr,
                         aMsg, false, &data, &cpows, aPrincipal, nullptr);
--- a/dom/network/TCPServerSocketParent.cpp
+++ b/dom/network/TCPServerSocketParent.cpp
@@ -5,17 +5,16 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsIScriptSecurityManager.h"
 #include "TCPServerSocket.h"
 #include "TCPServerSocketParent.h"
 #include "nsJSUtils.h"
 #include "TCPSocketParent.h"
 #include "mozilla/Unused.h"
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/TabParent.h"
 
 namespace mozilla {
 namespace dom {
 
 NS_IMPL_CYCLE_COLLECTION(TCPServerSocketParent, mServerSocket)
 NS_IMPL_CYCLE_COLLECTING_ADDREF(TCPServerSocketParent)
--- a/dom/network/TCPSocketParent.cpp
+++ b/dom/network/TCPSocketParent.cpp
@@ -4,17 +4,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "TCPSocketParent.h"
 #include "jsapi.h"
 #include "jsfriendapi.h"
 #include "nsJSUtils.h"
 #include "mozilla/Unused.h"
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/net/NeckoCommon.h"
 #include "mozilla/net/PNeckoParent.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/HoldDropJSObjects.h"
 #include "nsISocketTransportService.h"
 #include "nsISocketTransport.h"
@@ -113,24 +112,16 @@ NS_IMETHODIMP_(MozExternalRefCountType) 
   }
   return refcnt;
 }
 
 mozilla::ipc::IPCResult
 TCPSocketParent::RecvOpen(const nsString& aHost, const uint16_t& aPort, const bool& aUseSSL,
                           const bool& aUseArrayBuffers)
 {
-  // We don't have browser actors in xpcshell, and hence can't run automated
-  // tests without this loophole.
-  if (net::UsingNeckoIPCSecurity() &&
-      !AssertAppProcessPermission(Manager()->Manager(), "tcp-socket")) {
-    FireInteralError(this, __LINE__);
-    return IPC_OK();
-  }
-
   // Obtain App ID
   uint32_t appId = GetAppId();
   bool     inIsolatedMozBrowser = GetInIsolatedMozBrowser();
 
   mSocket = new TCPSocket(nullptr, aHost, aPort, aUseSSL, aUseArrayBuffers);
   mSocket->SetAppIdAndBrowser(appId, inIsolatedMozBrowser);
   mSocket->SetSocketBridgeParent(this);
   NS_ENSURE_SUCCESS(mSocket->Init(), IPC_OK());
@@ -141,22 +132,16 @@ mozilla::ipc::IPCResult
 TCPSocketParent::RecvOpenBind(const nsCString& aRemoteHost,
                               const uint16_t& aRemotePort,
                               const nsCString& aLocalAddr,
                               const uint16_t& aLocalPort,
                               const bool&     aUseSSL,
                               const bool&     aUseArrayBuffers,
                               const nsCString& aFilter)
 {
-  if (net::UsingNeckoIPCSecurity() &&
-      !AssertAppProcessPermission(Manager()->Manager(), "tcp-socket")) {
-    FireInteralError(this, __LINE__);
-    return IPC_OK();
-  }
-
   nsresult rv;
   nsCOMPtr<nsISocketTransportService> sts =
     do_GetService("@mozilla.org/network/socket-transport-service;1", &rv);
   if (NS_FAILED(rv)) {
     FireInteralError(this, __LINE__);
     return IPC_OK();
   }
 
--- a/dom/network/UDPSocketParent.cpp
+++ b/dom/network/UDPSocketParent.cpp
@@ -4,17 +4,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsIServiceManager.h"
 #include "UDPSocketParent.h"
 #include "nsComponentManagerUtils.h"
 #include "nsIUDPSocket.h"
 #include "nsINetAddr.h"
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/Unused.h"
 #include "mozilla/ipc/InputStreamUtils.h"
 #include "mozilla/net/DNS.h"
 #include "mozilla/net/NeckoCommon.h"
 #include "mozilla/net/PNeckoParent.h"
 #include "nsIPermissionManager.h"
 #include "nsIScriptSecurityManager.h"
 #include "mozilla/ipc/PBackgroundParent.h"
@@ -22,24 +21,22 @@
 
 namespace mozilla {
 namespace dom {
 
 NS_IMPL_ISUPPORTS(UDPSocketParent, nsIUDPSocketListener)
 
 UDPSocketParent::UDPSocketParent(PBackgroundParent* aManager)
   : mBackgroundManager(aManager)
-  , mNeckoManager(nullptr)
   , mIPCOpen(true)
 {
 }
 
 UDPSocketParent::UDPSocketParent(PNeckoParent* aManager)
   : mBackgroundManager(nullptr)
-  , mNeckoManager(aManager)
   , mIPCOpen(true)
 {
 }
 
 UDPSocketParent::~UDPSocketParent()
 {
 }
 
@@ -51,25 +48,16 @@ UDPSocketParent::Init(const IPC::Princip
   // will be used once we move all UDPSocket to PBackground, or
   // if we add in Principal checking for mtransport
   Unused << mBackgroundManager;
 
   mPrincipal = aPrincipal;
   if (net::UsingNeckoIPCSecurity() &&
       mPrincipal &&
       !ContentParent::IgnoreIPCPrincipal()) {
-    if (mNeckoManager) {
-      if (!AssertAppPrincipal(mNeckoManager->Manager(), mPrincipal)) {
-        return false;
-      }
-    } else {
-      // PBackground is (for now) using a STUN filter for verification
-      // it's not being used for DoS
-    }
-
     nsCOMPtr<nsIPermissionManager> permMgr =
       services::GetPermissionManager();
     if (!permMgr) {
       NS_WARNING("No PermissionManager available!");
       return false;
     }
 
     uint32_t permission = nsIPermissionManager::DENY_ACTION;
--- a/dom/network/UDPSocketParent.h
+++ b/dom/network/UDPSocketParent.h
@@ -63,19 +63,17 @@ private:
                         const bool& aAddressReuse, const bool& aLoopback,
                         const uint32_t& recvBufferSize,
                         const uint32_t& sendBufferSize);
   nsresult ConnectInternal(const nsCString& aHost, const uint16_t& aPort);
   void FireInternalError(uint32_t aLineNo);
   void SendInternalError(nsIEventTarget *aThread,
                          uint32_t aLineNo);
 
-  // One of these will be null and the other non-null.
   PBackgroundParent* mBackgroundManager;
-  PNeckoParent* mNeckoManager;
 
   bool mIPCOpen;
   nsCOMPtr<nsIUDPSocket> mSocket;
   nsCOMPtr<nsISocketFilter> mFilter;
   nsCOMPtr<nsIPrincipal> mPrincipal;
 };
 
 } // namespace dom
--- a/dom/workers/ServiceWorkerManagerParent.cpp
+++ b/dom/workers/ServiceWorkerManagerParent.cpp
@@ -1,17 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ServiceWorkerManagerParent.h"
 #include "ServiceWorkerManagerService.h"
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/ServiceWorkerRegistrar.h"
 #include "mozilla/ipc/BackgroundParent.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "mozilla/Unused.h"
 #include "nsThreadUtils.h"
 
 namespace mozilla {
@@ -123,18 +122,16 @@ public:
     MOZ_ASSERT(mContentParent);
     MOZ_ASSERT(mCallback);
     MOZ_ASSERT(mBackgroundThread);
   }
 
   NS_IMETHOD Run() override
   {
     if (NS_IsMainThread()) {
-      nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(mPrincipalInfo);
-      AssertAppPrincipal(mContentParent, principal);
       mContentParent = nullptr;
 
       mBackgroundThread->Dispatch(this, NS_DISPATCH_NORMAL);
       return NS_OK;
     }
 
     AssertIsOnBackgroundThread();
     mCallback->Run();
--- a/hal/sandbox/SandboxHal.cpp
+++ b/hal/sandbox/SandboxHal.cpp
@@ -1,17 +1,16 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set sw=2 ts=8 et ft=cpp : */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "Hal.h"
 #include "HalLog.h"
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/dom/ContentChild.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/hal_sandbox/PHalChild.h"
 #include "mozilla/hal_sandbox/PHalParent.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/dom/TabChild.h"
 #include "mozilla/dom/battery/Types.h"
 #include "mozilla/dom/network/Types.h"
@@ -563,129 +562,93 @@ public:
 
   void Notify(const ScreenConfiguration& aScreenConfiguration) override {
     Unused << SendNotifyScreenConfigurationChange(aScreenConfiguration);
   }
 
   virtual mozilla::ipc::IPCResult
   RecvGetScreenEnabled(bool* aEnabled) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     *aEnabled = hal::GetScreenEnabled();
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvSetScreenEnabled(const bool& aEnabled) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     hal::SetScreenEnabled(aEnabled);
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvGetKeyLightEnabled(bool* aEnabled) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     *aEnabled = hal::GetKeyLightEnabled();
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvSetKeyLightEnabled(const bool& aEnabled) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     hal::SetKeyLightEnabled(aEnabled);
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvGetCpuSleepAllowed(bool* aAllowed) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     *aAllowed = hal::GetCpuSleepAllowed();
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvSetCpuSleepAllowed(const bool& aAllowed) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     hal::SetCpuSleepAllowed(aAllowed);
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvGetScreenBrightness(double* aBrightness) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     *aBrightness = hal::GetScreenBrightness();
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvSetScreenBrightness(const double& aBrightness) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     hal::SetScreenBrightness(aBrightness);
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvAdjustSystemClock(const int64_t &aDeltaMilliseconds) override
   {
-    if (!AssertAppProcessPermission(this, "time")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     hal::AdjustSystemClock(aDeltaMilliseconds);
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvSetTimezone(const nsCString& aTimezoneSpec) override
   {
-    if (!AssertAppProcessPermission(this, "time")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     hal::SetTimezone(aTimezoneSpec);
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvGetTimezone(nsCString *aTimezoneSpec) override
   {
-    if (!AssertAppProcessPermission(this, "time")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     *aTimezoneSpec = hal::GetTimezone();
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvGetTimezoneOffset(int32_t *aTimezoneOffset) override
   {
-    if (!AssertAppProcessPermission(this, "time")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
     *aTimezoneOffset = hal::GetTimezoneOffset();
     return IPC_OK();
   }
 
   virtual mozilla::ipc::IPCResult
   RecvEnableSystemClockChangeNotifications() override
   {
     hal::RegisterSystemClockChangeObserver(this);
@@ -807,20 +770,16 @@ public:
   void Notify(const SystemTimezoneChangeInformation& aSystemTimezoneChangeInfo) override
   {
     Unused << SendNotifySystemTimezoneChange(aSystemTimezoneChangeInfo);
   }
 
   virtual mozilla::ipc::IPCResult
   RecvFactoryReset(const nsString& aReason) override
   {
-    if (!AssertAppProcessPermission(this, "power")) {
-      return IPC_FAIL_NO_REASON(this);
-    }
-
     FactoryResetReason reason = FactoryResetReason::Normal;
     if (aReason.EqualsLiteral("normal")) {
       reason = FactoryResetReason::Normal;
     } else if (aReason.EqualsLiteral("wipe")) {
       reason = FactoryResetReason::Wipe;
     } else if (aReason.EqualsLiteral("root")) {
       reason = FactoryResetReason::Root;
     } else {
--- a/ipc/glue/BackgroundParentImpl.cpp
+++ b/ipc/glue/BackgroundParentImpl.cpp
@@ -7,17 +7,16 @@
 #include "BackgroundParentImpl.h"
 
 #include "BroadcastChannelParent.h"
 #include "FileDescriptorSetParent.h"
 #ifdef MOZ_WEBRTC
 #include "CamerasParent.h"
 #endif
 #include "mozilla/media/MediaParent.h"
-#include "mozilla/AppProcessChecker.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/DOMTypes.h"
 #include "mozilla/dom/FileSystemBase.h"
 #include "mozilla/dom/FileSystemRequestParent.h"
 #ifdef MOZ_GAMEPAD
 #include "mozilla/dom/GamepadEventChannelParent.h"
 #include "mozilla/dom/GamepadTestChannelParent.h"
@@ -517,17 +516,16 @@ public:
 
   NS_IMETHOD Run() override
   {
     MOZ_ASSERT(NS_IsMainThread());
 
     NullifyContentParentRAII raii(mContentParent);
 
     nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(mPrincipalInfo);
-    AssertAppPrincipal(mContentParent, principal);
 
     if (principal->GetIsNullPrincipal()) {
       mContentParent->KillHard("BroadcastChannel killed: no null principal.");
       return NS_OK;
     }
 
     nsAutoCString origin;
     nsresult rv = principal->GetOrigin(origin);
@@ -607,22 +605,16 @@ private:
   bool
   CheckPermission()
   {
     if (mPermissionCheckType == FileSystemBase::ePermissionCheckByTestingPref &&
         mozilla::Preferences::GetBool("device.storage.prompt.testing", false)) {
       return true;
     }
 
-    if (!AssertAppProcessPermission(mContentParent.get(),
-                                    mPermissionName.get())) {
-      mContentParent->KillHard("PBackground actor killed: permission denied.");
-      return false;
-    }
-
     return true;
   }
 
   RefPtr<ContentParent> mContentParent;
 
   RefPtr<FileSystemRequestParent> mActor;
 
   FileSystemBase::ePermissionCheckType mPermissionCheckType;
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -27,17 +27,16 @@
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/TabContext.h"
 #include "mozilla/dom/TabParent.h"
 #include "mozilla/dom/network/TCPSocketParent.h"
 #include "mozilla/dom/network/TCPServerSocketParent.h"
 #include "mozilla/dom/network/UDPSocketParent.h"
 #include "mozilla/dom/workers/ServiceWorkerManager.h"
 #include "mozilla/LoadContext.h"
-#include "mozilla/AppProcessChecker.h"
 #include "nsPrintfCString.h"
 #include "nsHTMLDNSPrefetch.h"
 #include "nsIAppsService.h"
 #include "nsEscape.h"
 #include "SerializedLoadContext.h"
 #include "nsAuthInformationHolder.h"
 #include "nsIAuthPromptCallback.h"
 #include "nsPrincipal.h"