Backed out 1 changesets (bug 1297740) for mingw32 build failure at src/ipc/chromium/src/base/process_util_win.cc r=backout on a CLOSED TREE
authorCoroiu Cristina <ccoroiu@mozilla.com>
Sat, 06 Jan 2018 00:59:25 +0200
changeset 398078 a8321a24d981e0618001fc89e1d0c87433727f8d
parent 398077 1c24c4cefe70db00165005d05317378f88449a5d
child 398079 86318931910b1842ac8ca5ded448e0d6d0984343
push id33201
push userapavel@mozilla.com
push dateSat, 06 Jan 2018 09:50:43 +0000
treeherdermozilla-central@ece8a96dfaa4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1297740
milestone59.0a1
backs oute2501f2e295ebfc91ed5db1b0c16f70f443669f3
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 1 changesets (bug 1297740) for mingw32 build failure at src/ipc/chromium/src/base/process_util_win.cc r=backout on a CLOSED TREE Backed out changeset e2501f2e295e (bug 1297740)
ipc/chromium/src/base/process_util.h
ipc/chromium/src/base/process_util_linux.cc
ipc/chromium/src/base/process_util_mac.mm
ipc/chromium/src/base/process_util_win.cc
ipc/glue/EnvironmentMap.h
ipc/glue/GeckoChildProcessHost.cpp
ipc/glue/GeckoChildProcessHost.h
ipc/glue/moz.build
security/sandbox/chromium/base/environment.cc
security/sandbox/chromium/sandbox/win/src/broker_services.cc
security/sandbox/chromium/sandbox/win/src/broker_services.h
security/sandbox/chromium/sandbox/win/src/sandbox.h
security/sandbox/chromium/sandbox/win/src/target_process.cc
security/sandbox/chromium/sandbox/win/src/target_process.h
security/sandbox/common/moz.build
security/sandbox/linux/launch/SandboxLaunch.cpp
security/sandbox/moz.build
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.h
--- a/ipc/chromium/src/base/process_util.h
+++ b/ipc/chromium/src/base/process_util.h
@@ -39,17 +39,16 @@
 #include "base/command_line.h"
 #include "base/process.h"
 
 #if defined(OS_POSIX)
 #include "base/file_descriptor_shuffle.h"
 #endif
 
 #include "mozilla/UniquePtr.h"
-#include "mozilla/ipc/EnvironmentMap.h"
 
 #if defined(OS_MACOSX)
 struct kinfo_proc;
 #endif
 
 namespace base {
 
 // A minimalistic but hopefully cross-platform set of exit codes.
@@ -103,23 +102,22 @@ typedef std::map<std::string, std::strin
 
 struct LaunchOptions {
   // If true, wait for the process to terminate.  Otherwise, return
   // immediately.
   bool wait = false;
 
 #if defined(OS_WIN)
   bool start_hidden = false;
+#endif
 
+#if defined(OS_POSIX)
   // Environment variables to be applied in addition to the current
   // process's environment, replacing them where necessary.
-  EnvironmentMap env_map;
-#endif
-#if defined(OS_POSIX)
-  environment_map env_map;
+  environment_map environ;
 
   // A mapping of (src fd -> dest fd) to propagate into the child
   // process.  All other fds will be closed, except std{in,out,err}.
   file_handle_mapping_vector fds_to_remap;
 #endif
 };
 
 #if defined(OS_WIN)
--- a/ipc/chromium/src/base/process_util_linux.cc
+++ b/ipc/chromium/src/base/process_util_linux.cc
@@ -29,17 +29,17 @@ bool LaunchApp(const std::vector<std::st
                ProcessHandle* process_handle)
 {
   mozilla::UniquePtr<char*[]> argv_cstr(new char*[argv.size() + 1]);
   // Illegal to allocate memory after fork and before execvp
   InjectiveMultimap fd_shuffle1, fd_shuffle2;
   fd_shuffle1.reserve(options.fds_to_remap.size());
   fd_shuffle2.reserve(options.fds_to_remap.size());
 
-  EnvironmentArray envp = BuildEnvironmentArray(options.env_map);
+  EnvironmentArray envp = BuildEnvironmentArray(options.environ);
 
   pid_t pid = fork();
   if (pid < 0)
     return false;
 
   if (pid == 0) {
     // In the child:
     for (const auto& fd_map : options.fds_to_remap) {
--- a/ipc/chromium/src/base/process_util_mac.mm
+++ b/ipc/chromium/src/base/process_util_mac.mm
@@ -31,17 +31,17 @@ bool LaunchApp(const std::vector<std::st
   bool retval = true;
 
   char* argv_copy[argv.size() + 1];
   for (size_t i = 0; i < argv.size(); i++) {
     argv_copy[i] = const_cast<char*>(argv[i].c_str());
   }
   argv_copy[argv.size()] = NULL;
 
-  EnvironmentArray vars = BuildEnvironmentArray(options.env_map);
+  EnvironmentArray vars = BuildEnvironmentArray(options.environ);
 
   posix_spawn_file_actions_t file_actions;
   if (posix_spawn_file_actions_init(&file_actions) != 0) {
     return false;
   }
   auto file_actions_guard = mozilla::MakeScopeExit([&file_actions] {
     posix_spawn_file_actions_destroy(&file_actions);
   });
--- a/ipc/chromium/src/base/process_util_win.cc
+++ b/ipc/chromium/src/base/process_util_win.cc
@@ -266,73 +266,16 @@ fail:
 // Frees the data returned by CreateThreadAttributeList.
 void FreeThreadAttributeList(LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList) {
   // must be impossible to get a NULL DeleteProcThreadAttributeListPtr, as
   // we already checked it existed when creating the data we are now freeing.
   (*DeleteProcThreadAttributeListPtr)(lpAttributeList);
   free(lpAttributeList);
 }
 
-// The next two functions are from chromium/base/environment.cc
-//
-// Parses a null-terminated input string of an environment block. The key is
-// placed into the given string, and the total length of the line, including
-// the terminating null, is returned.
-static size_t ParseEnvLine(const NativeEnvironmentString::value_type* input,
-                    NativeEnvironmentString* key) {
-  // Skip to the equals or end of the string, this is the key.
-  size_t cur = 0;
-  while (input[cur] && input[cur] != '=')
-    cur++;
-  *key = NativeEnvironmentString(&input[0], cur);
-
-  // Now just skip to the end of the string.
-  while (input[cur])
-    cur++;
-  return cur + 1;
-}
-
-static std::wstring AlterEnvironment(const wchar_t* env,
-                                     const EnvironmentMap& changes) {
-  std::wstring result;
-
-  // First copy all unmodified values to the output.
-  size_t cur_env = 0;
-  std::wstring key;
-  while (env[cur_env]) {
-    const wchar_t* line = &env[cur_env];
-    size_t line_length = ParseEnvLine(line, &key);
-
-    // Keep only values not specified in the change vector.
-    EnvironmentMap::const_iterator found_change = changes.find(key);
-    if (found_change == changes.end())
-      result.append(line, line_length);
-
-    cur_env += line_length;
-  }
-
-  // Now append all modified and new values.
-  for (EnvironmentMap::const_iterator i = changes.begin();
-       i != changes.end(); ++i) {
-    if (!i->second.empty()) {
-      result.append(i->first);
-      result.push_back('=');
-      result.append(i->second);
-      result.push_back(0);
-    }
-  }
-
-  // An additional null marks the end of the list. We always need a double-null
-  // in case nothing was added above.
-  if (result.empty())
-    result.push_back(0);
-  result.push_back(0);
-  return result;
-}
-
 bool LaunchApp(const std::wstring& cmdline,
                const LaunchOptions& options,
                ProcessHandle* process_handle) {
 
   // We want to inherit the std handles so dump() statements and assertion
   // messages in the child process can be seen - but we *do not* want to
   // blindly have all handles inherited.  Vista and later has a technique
   // where only specified handles are inherited - so we use this technique.
@@ -375,28 +318,20 @@ bool LaunchApp(const std::wstring& cmdli
       startup_info.hStdError = stdErr;
       startup_info.hStdInput = INVALID_HANDLE_VALUE;
       startup_info_ex.lpAttributeList = lpAttributeList;
       dwCreationFlags |= EXTENDED_STARTUPINFO_PRESENT;
       bInheritHandles = TRUE;
     }
   }
 
-  dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
-  LPTCH original_environment = GetEnvironmentStrings();
-  base::NativeEnvironmentString new_environment =
-    AlterEnvironment(original_environment, options.env_map);
-  // Ignore return value? What can we do?
-  FreeEnvironmentStrings(original_environment);
-  LPVOID new_env_ptr = (void*)new_environment.data();
-
   PROCESS_INFORMATION process_info;
   BOOL createdOK = CreateProcess(NULL,
                      const_cast<wchar_t*>(cmdline.c_str()), NULL, NULL,
-                     bInheritHandles, dwCreationFlags, new_env_ptr, NULL,
+                     bInheritHandles, dwCreationFlags, NULL, NULL,
                      &startup_info, &process_info);
   if (lpAttributeList)
     FreeThreadAttributeList(lpAttributeList);
   if (!createdOK)
     return false;
 
   gProcessLog.print("==> process %d launched child process %d (%S)\n",
                     GetCurrentProcId(),
deleted file mode 100644
--- a/ipc/glue/EnvironmentMap.h
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef SANDBOXING_COMMON_ENVIRONMENTMAP_H_
-#define SANDBOXING_COMMON_ENVIRONMENTMAP_H_
-
-#include <map>
-#include <memory>
-#include <string>
-
-namespace base {
-
-#if defined(OS_WIN)
-
-typedef std::wstring NativeEnvironmentString;
-typedef std::map<NativeEnvironmentString, NativeEnvironmentString>
-    EnvironmentMap;
-
-#define ENVIRONMENT_LITERAL(x) L##x
-#define ENVIRONMENT_STRING(x) (std::wstring)(NS_ConvertUTF8toUTF16((x)).get())
-
-// Returns a modified environment vector constructed from the given environment
-// and the list of changes given in |changes|. Each key in the environment is
-// matched against the first element of the pairs. In the event of a match, the
-// value is replaced by the second of the pair, unless the second is empty, in
-// which case the key-value is removed.
-//
-// This Windows version takes and returns a Windows-style environment block
-// which is a concatenated list of null-terminated 16-bit strings. The end is
-// marked by a double-null terminator. The size of the returned string will
-// include the terminators.
-NativeEnvironmentString AlterEnvironment(const wchar_t* env,
-                                         const EnvironmentMap& changes);
-
-#elif defined(OS_POSIX)
-
-typedef std::string NativeEnvironmentString;
-typedef std::map<NativeEnvironmentString, NativeEnvironmentString>
-    EnvironmentMap;
-
-#define ENVIRONMENT_LITERAL(x) x
-#define ENVIRONMENT_STRING(x) ((x)).get()
-
-// See general comments for the Windows version above.
-//
-// This Posix version takes and returns a Posix-style environment block, which
-// is a null-terminated list of pointers to null-terminated strings. The
-// returned array will have appended to it the storage for the array itself so
-// there is only one pointer to manage, but this means that you can't copy the
-// array without keeping the original around.
-std::unique_ptr<char* []> AlterEnvironment(
-    const char* const* env,
-    const EnvironmentMap& changes);
-
-#endif
-
-}  // namespace base
-
-#endif  // SANDBOXING_COMMON_ENVIRONMENTMAP_H_
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@@ -33,17 +33,16 @@
 #include "nsExceptionHandler.h"
 
 #include "nsDirectoryServiceDefs.h"
 #include "nsIFile.h"
 #include "nsPrintfCString.h"
 
 #include "mozilla/ClearOnShutdown.h"
 #include "mozilla/ipc/BrowserProcessSubThread.h"
-#include "mozilla/ipc/EnvironmentMap.h"
 #include "mozilla/Omnijar.h"
 #include "mozilla/Telemetry.h"
 #include "ProtocolUtils.h"
 #include <sys/stat.h>
 
 #ifdef XP_WIN
 #include "nsIWinTaskbar.h"
 #include <stdlib.h>
@@ -436,19 +435,25 @@ GeckoChildProcessHost::SetAlreadyDead()
   }
 
   mChildProcessHandle = 0;
 }
 
 int32_t GeckoChildProcessHost::mChildCounter = 0;
 
 void
-GeckoChildProcessHost::GetChildLogName(const char* origLogName,
+GeckoChildProcessHost::SetChildLogName(const char* varName, const char* origLogName,
                                        nsACString &buffer)
 {
+  // We currently have no portable way to launch child with environment
+  // different than parent.  So temporarily change NSPR_LOG_FILE so child
+  // inherits value we want it to have. (NSPR only looks at NSPR_LOG_FILE at
+  // startup, so it's 'safe' to play with the parent's environment this way.)
+  buffer.Assign(varName);
+
 #ifdef XP_WIN
   // On Windows we must expand relative paths because sandboxing rules
   // bound only to full paths.  fopen fowards to NtCreateFile which checks
   // the path against the sanboxing rules as passed to fopen (left relative).
   char absPath[MAX_PATH + 2];
   if (_fullpath(absPath, origLogName, sizeof(absPath))) {
 #ifdef MOZ_SANDBOX
     // We need to make sure the child log name doesn't contain any junction
@@ -465,53 +470,85 @@ GeckoChildProcessHost::GetChildLogName(c
 #endif
   {
     buffer.Append(origLogName);
   }
 
   // Append child-specific postfix to name
   buffer.AppendLiteral(".child-");
   buffer.AppendInt(mChildCounter);
+
+  // Passing temporary to PR_SetEnv is ok here if we keep the temporary
+  // for the time we launch the sub-process.  It's copied to the new
+  // environment.
+  PR_SetEnv(buffer.BeginReading());
 }
 
 bool
 GeckoChildProcessHost::PerformAsyncLaunch(std::vector<std::string> aExtraOpts)
 {
 #ifdef MOZ_GECKO_PROFILER
   AutoSetProfilerEnvVarsForChildProcess profilerEnvironment;
 #endif
 
+  const char* origNSPRLogName = PR_GetEnv("NSPR_LOG_FILE");
+  const char* origMozLogName = PR_GetEnv("MOZ_LOG_FILE");
+  const char* origRustLog = PR_GetEnv("RUST_LOG");
+  const char* childRustLog = PR_GetEnv("RUST_LOG_CHILD");
+
   // - Note: this code is not called re-entrantly, nor are restoreOrig*LogName
   //   or mChildCounter touched by any other thread, so this is safe.
   ++mChildCounter;
 
-  const char* origNSPRLogName = PR_GetEnv("NSPR_LOG_FILE");
-  const char* origMozLogName = PR_GetEnv("MOZ_LOG_FILE");
+  // Must keep these on the same stack where from we call PerformAsyncLaunchInternal
+  // so that PR_DuplicateEnvironment() still sees a valid memory.
+  nsAutoCString nsprLogName;
+  nsAutoCString mozLogName;
+  nsAutoCString rustLog;
 
   if (origNSPRLogName) {
-    nsAutoCString nsprLogName;
-    GetChildLogName(origNSPRLogName, nsprLogName);
-    mLaunchOptions->env_map[ENVIRONMENT_LITERAL("NSPR_LOG_FILE")]
-        = ENVIRONMENT_STRING(nsprLogName);
+    if (mRestoreOrigNSPRLogName.IsEmpty()) {
+      mRestoreOrigNSPRLogName.AssignLiteral("NSPR_LOG_FILE=");
+      mRestoreOrigNSPRLogName.Append(origNSPRLogName);
+    }
+    SetChildLogName("NSPR_LOG_FILE=", origNSPRLogName, nsprLogName);
   }
   if (origMozLogName) {
-    nsAutoCString mozLogName;
-    GetChildLogName(origMozLogName, mozLogName);
-    mLaunchOptions->env_map[ENVIRONMENT_LITERAL("MOZ_LOG_FILE")]
-        = ENVIRONMENT_STRING(mozLogName);
+    if (mRestoreOrigMozLogName.IsEmpty()) {
+      mRestoreOrigMozLogName.AssignLiteral("MOZ_LOG_FILE=");
+      mRestoreOrigMozLogName.Append(origMozLogName);
+    }
+    SetChildLogName("MOZ_LOG_FILE=", origMozLogName, mozLogName);
   }
 
   // `RUST_LOG_CHILD` is meant for logging child processes only.
-  nsAutoCString childRustLog(PR_GetEnv("RUST_LOG_CHILD"));
-  if (!childRustLog.IsEmpty()) {
-    mLaunchOptions->env_map[ENVIRONMENT_LITERAL("RUST_LOG")]
-        = ENVIRONMENT_STRING(childRustLog);
+  if (childRustLog) {
+    if (mRestoreOrigRustLog.IsEmpty()) {
+      mRestoreOrigRustLog.AssignLiteral("RUST_LOG=");
+      mRestoreOrigRustLog.Append(origRustLog);
+    }
+    rustLog.AssignLiteral("RUST_LOG=");
+    rustLog.Append(childRustLog);
+    PR_SetEnv(rustLog.get());
   }
 
-  return PerformAsyncLaunchInternal(aExtraOpts);
+  bool retval = PerformAsyncLaunchInternal(aExtraOpts);
+
+  // Revert to original value
+  if (origNSPRLogName) {
+    PR_SetEnv(mRestoreOrigNSPRLogName.get());
+  }
+  if (origMozLogName) {
+    PR_SetEnv(mRestoreOrigMozLogName.get());
+  }
+  if (origRustLog) {
+    PR_SetEnv(mRestoreOrigRustLog.get());
+  }
+
+  return retval;
 }
 
 bool
 GeckoChildProcessHost::RunPerformAsyncLaunch(std::vector<std::string> aExtraOpts)
 {
   InitializeChannel();
 
   bool ok = PerformAsyncLaunch(aExtraOpts);
@@ -602,26 +639,27 @@ GeckoChildProcessHost::PerformAsyncLaunc
 //--------------------------------------------------
 #if defined(OS_POSIX)
   // For POSIX, we have to be extremely anal about *not* using
   // std::wstring in code compiled with Mozilla's -fshort-wchar
   // configuration, because chromium is compiled with -fno-short-wchar
   // and passing wstrings from one config to the other is unsafe.  So
   // we split the logic here.
 
-# if defined(OS_POSIX)
+# if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS)
+
 #  if defined(MOZ_WIDGET_GTK)
   if (mProcessType == GeckoProcessType_Content) {
     // disable IM module to avoid sandbox violation
-    mLaunchOptions->env_map["GTK_IM_MODULE"] = "gtk-im-context-simple";
+    mLaunchOptions->environ["GTK_IM_MODULE"] = "gtk-im-context-simple";
 
     // Disable ATK accessibility code in content processes because it conflicts
     // with the sandbox, and we proxy that information through the main process
     // anyway.
-    mLaunchOptions->env_map["NO_AT_BRIDGE"] = "1";
+    mLaunchOptions->environ["NO_AT_BRIDGE"] = "1";
   }
 #  endif // defined(MOZ_WIDGET_GTK)
 
   // XPCOM may not be initialized in some subprocesses.  We don't want
   // to initialize XPCOM just for the directory service, especially
   // since LD_LIBRARY_PATH is already set correctly in subprocesses
   // (meaning that we don't need to set that up in the environment).
   if (ShouldHaveDirectoryService()) {
@@ -637,20 +675,20 @@ GeckoChildProcessHost::PerformAsyncLaunc
       new_ld_lib_path.AppendLiteral("/gtk2:");
       new_ld_lib_path.Append(path.get());
     }
 #   endif // (MOZ_WIDGET_GTK == 3)
     if (ld_library_path && *ld_library_path) {
       new_ld_lib_path.Append(':');
       new_ld_lib_path.Append(ld_library_path);
     }
-    mLaunchOptions->env_map["LD_LIBRARY_PATH"] = new_ld_lib_path.get();
+    mLaunchOptions->environ["LD_LIBRARY_PATH"] = new_ld_lib_path.get();
 
 #  elif OS_MACOSX // defined(OS_LINUX) || defined(OS_BSD)
-    mLaunchOptions->env_map["DYLD_LIBRARY_PATH"] = path.get();
+    mLaunchOptions->environ["DYLD_LIBRARY_PATH"] = path.get();
     // XXX DYLD_INSERT_LIBRARIES should only be set when launching a plugin
     //     process, and has no effect on other subprocesses (the hooks in
     //     libplugin_child_interpose.dylib become noops).  But currently it
     //     gets set when launching any kind of subprocess.
     //
     // Trigger "dyld interposing" for the dylib that contains
     // plugin_child_interpose.mm.  This allows us to hook OS calls in the
     // plugin process (ones that don't work correctly in a background
@@ -659,20 +697,20 @@ GeckoChildProcessHost::PerformAsyncLaunc
     const char* prevInterpose = PR_GetEnv("DYLD_INSERT_LIBRARIES");
     nsCString interpose;
     if (prevInterpose && strlen(prevInterpose) > 0) {
       interpose.Assign(prevInterpose);
       interpose.Append(':');
     }
     interpose.Append(path.get());
     interpose.AppendLiteral("/libplugin_child_interpose.dylib");
-    mLaunchOptions->env_map["DYLD_INSERT_LIBRARIES"] = interpose.get();
+    mLaunchOptions->environ["DYLD_INSERT_LIBRARIES"] = interpose.get();
 #  endif // defined(OS_LINUX) || defined(OS_BSD)
   }
-# endif // defined(OS_POSIX)
+# endif // defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD) || defined(OS_SOLARIS)
 
   FilePath exePath;
   BinaryPathType pathType = GetPathToBinary(exePath, mProcessType);
 
   // remap the IPC socket fd to a well-known int, as the OS does for
   // STDOUT_FILENO, for example
   int srcChannelFd, dstChannelFd;
   channel().GetClientFileDescriptorMapping(&srcChannelFd, &dstChannelFd);
@@ -987,17 +1025,16 @@ GeckoChildProcessHost::PerformAsyncLaunc
 
   // Process type
   cmdLine.AppendLooseValue(UTF8ToWide(childProcessType));
 
 # if defined(XP_WIN) && defined(MOZ_SANDBOX)
   if (shouldSandboxCurrentProcess) {
     if (mSandboxBroker.LaunchApp(cmdLine.program().c_str(),
                                  cmdLine.command_line_string().c_str(),
-                                 mLaunchOptions->env_map,
                                  mProcessType,
                                  mEnableSandboxLogging,
                                  &process)) {
       EnvironmentLog("MOZ_PROCESS_LOG").print(
         "==> process %d launched child process %d (%S)\n",
         base::GetCurrentProcId(), base::GetProcId(process),
         cmdLine.command_line_string().c_str());
     }
--- a/ipc/glue/GeckoChildProcessHost.h
+++ b/ipc/glue/GeckoChildProcessHost.h
@@ -177,27 +177,35 @@ private:
     Self,
     PluginContainer
   };
 
   static BinaryPathType GetPathToBinary(FilePath& exePath, GeckoProcessType processType);
 
   // The buffer is passed to preserve its lifetime until we are done
   // with launching the sub-process.
-  void GetChildLogName(const char* origLogName, nsACString &buffer);
+  void SetChildLogName(const char* varName, const char* origLogName,
+                       nsACString &buffer);
 
   // In between launching the subprocess and handing off its IPC
   // channel, there's a small window of time in which *we* might still
   // be the channel listener, and receive messages.  That's bad
   // because we have no idea what to do with those messages.  So queue
   // them here until we hand off the eventual listener.
   //
   // FIXME/cjones: this strongly indicates bad design.  Shame on us.
   std::queue<IPC::Message> mQueue;
 
+  // Remember original env values so we can restore it (there is no other
+  // simple way how to change environment of a child process than to modify
+  // the current environment).
+  nsCString mRestoreOrigNSPRLogName;
+  nsCString mRestoreOrigMozLogName;
+  nsCString mRestoreOrigRustLog;
+
   static uint32_t sNextUniqueID;
 
   static bool sRunSelfAsContentProc;
 
 #if defined(MOZ_WIDGET_ANDROID)
   void LaunchAndroidService(const char* type,
                             const std::vector<std::string>& argv,
                             const base::file_handle_mapping_vector& fds_to_remap,
--- a/ipc/glue/moz.build
+++ b/ipc/glue/moz.build
@@ -16,17 +16,16 @@ EXPORTS.mozilla.ipc += [
     'BackgroundUtils.h',
     'BrowserProcessSubThread.h',
     'ByteBuf.h',
     'CrashReporterClient.h',
     'CrashReporterHost.h',
     'CrashReporterMetadataShmem.h',
     'CrossProcessMutex.h',
     'CrossProcessSemaphore.h',
-    'EnvironmentMap.h',
     'FileDescriptor.h',
     'FileDescriptorSetChild.h',
     'FileDescriptorSetParent.h',
     'FileDescriptorUtils.h',
     'GeckoChildProcessHost.h',
     'InputStreamUtils.h',
     'IOThreadChild.h',
     'IPCStreamAlloc.h',
deleted file mode 100644
--- a/security/sandbox/chromium/base/environment.cc
+++ /dev/null
@@ -1,240 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/environment.h"
-
-#include <stddef.h>
-
-#include <vector>
-
-#include "base/memory/ptr_util.h"
-#include "base/strings/string_piece.h"
-#include "base/strings/string_util.h"
-#include "base/strings/utf_string_conversions.h"
-#include "build/build_config.h"
-
-#if defined(OS_POSIX)
-#include <stdlib.h>
-#elif defined(OS_WIN)
-#include <windows.h>
-#endif
-
-namespace base {
-
-namespace {
-
-class EnvironmentImpl : public Environment {
- public:
-  bool GetVar(StringPiece variable_name, std::string* result) override {
-    if (GetVarImpl(variable_name, result))
-      return true;
-
-    // Some commonly used variable names are uppercase while others
-    // are lowercase, which is inconsistent. Let's try to be helpful
-    // and look for a variable name with the reverse case.
-    // I.e. HTTP_PROXY may be http_proxy for some users/systems.
-    char first_char = variable_name[0];
-    std::string alternate_case_var;
-    if (IsAsciiLower(first_char))
-      alternate_case_var = ToUpperASCII(variable_name);
-    else if (IsAsciiUpper(first_char))
-      alternate_case_var = ToLowerASCII(variable_name);
-    else
-      return false;
-    return GetVarImpl(alternate_case_var, result);
-  }
-
-  bool SetVar(StringPiece variable_name,
-              const std::string& new_value) override {
-    return SetVarImpl(variable_name, new_value);
-  }
-
-  bool UnSetVar(StringPiece variable_name) override {
-    return UnSetVarImpl(variable_name);
-  }
-
- private:
-  bool GetVarImpl(StringPiece variable_name, std::string* result) {
-#if defined(OS_POSIX)
-    const char* env_value = getenv(variable_name.data());
-    if (!env_value)
-      return false;
-    // Note that the variable may be defined but empty.
-    if (result)
-      *result = env_value;
-    return true;
-#elif defined(OS_WIN)
-    DWORD value_length =
-        ::GetEnvironmentVariable(UTF8ToWide(variable_name).c_str(), nullptr, 0);
-    if (value_length == 0)
-      return false;
-    if (result) {
-      std::unique_ptr<wchar_t[]> value(new wchar_t[value_length]);
-      ::GetEnvironmentVariable(UTF8ToWide(variable_name).c_str(), value.get(),
-                               value_length);
-      *result = WideToUTF8(value.get());
-    }
-    return true;
-#else
-#error need to port
-#endif
-  }
-
-  bool SetVarImpl(StringPiece variable_name, const std::string& new_value) {
-#if defined(OS_POSIX)
-    // On success, zero is returned.
-    return !setenv(variable_name.data(), new_value.c_str(), 1);
-#elif defined(OS_WIN)
-    // On success, a nonzero value is returned.
-    return !!SetEnvironmentVariable(UTF8ToWide(variable_name).c_str(),
-                                    UTF8ToWide(new_value).c_str());
-#endif
-  }
-
-  bool UnSetVarImpl(StringPiece variable_name) {
-#if defined(OS_POSIX)
-    // On success, zero is returned.
-    return !unsetenv(variable_name.data());
-#elif defined(OS_WIN)
-    // On success, a nonzero value is returned.
-    return !!SetEnvironmentVariable(UTF8ToWide(variable_name).c_str(), nullptr);
-#endif
-  }
-};
-
-// Parses a null-terminated input string of an environment block. The key is
-// placed into the given string, and the total length of the line, including
-// the terminating null, is returned.
-size_t ParseEnvLine(const NativeEnvironmentString::value_type* input,
-                    NativeEnvironmentString* key) {
-  // Skip to the equals or end of the string, this is the key.
-  size_t cur = 0;
-  while (input[cur] && input[cur] != '=')
-    cur++;
-  *key = NativeEnvironmentString(&input[0], cur);
-
-  // Now just skip to the end of the string.
-  while (input[cur])
-    cur++;
-  return cur + 1;
-}
-
-}  // namespace
-
-namespace env_vars {
-
-#if defined(OS_POSIX)
-// On Posix systems, this variable contains the location of the user's home
-// directory. (e.g, /home/username/).
-const char kHome[] = "HOME";
-#endif
-
-}  // namespace env_vars
-
-Environment::~Environment() {}
-
-// static
-std::unique_ptr<Environment> Environment::Create() {
-  return std::make_unique<EnvironmentImpl>();
-}
-
-bool Environment::HasVar(StringPiece variable_name) {
-  return GetVar(variable_name, nullptr);
-}
-
-#if defined(OS_WIN)
-
-string16 AlterEnvironment(const wchar_t* env,
-                          const EnvironmentMap& changes) {
-  string16 result;
-
-  // First copy all unmodified values to the output.
-  size_t cur_env = 0;
-  string16 key;
-  while (env[cur_env]) {
-    const wchar_t* line = &env[cur_env];
-    size_t line_length = ParseEnvLine(line, &key);
-
-    // Keep only values not specified in the change vector.
-    EnvironmentMap::const_iterator found_change = changes.find(key);
-    if (found_change == changes.end())
-      result.append(line, line_length);
-
-    cur_env += line_length;
-  }
-
-  // Now append all modified and new values.
-  for (EnvironmentMap::const_iterator i = changes.begin();
-       i != changes.end(); ++i) {
-    if (!i->second.empty()) {
-      result.append(i->first);
-      result.push_back('=');
-      result.append(i->second);
-      result.push_back(0);
-    }
-  }
-
-  // An additional null marks the end of the list. We always need a double-null
-  // in case nothing was added above.
-  if (result.empty())
-    result.push_back(0);
-  result.push_back(0);
-  return result;
-}
-
-#elif defined(OS_POSIX)
-
-std::unique_ptr<char* []> AlterEnvironment(const char* const* const env,
-                                           const EnvironmentMap& changes) {
-  std::string value_storage;  // Holds concatenated null-terminated strings.
-  std::vector<size_t> result_indices;  // Line indices into value_storage.
-
-  // First build up all of the unchanged environment strings. These are
-  // null-terminated of the form "key=value".
-  std::string key;
-  for (size_t i = 0; env[i]; i++) {
-    size_t line_length = ParseEnvLine(env[i], &key);
-
-    // Keep only values not specified in the change vector.
-    EnvironmentMap::const_iterator found_change = changes.find(key);
-    if (found_change == changes.end()) {
-      result_indices.push_back(value_storage.size());
-      value_storage.append(env[i], line_length);
-    }
-  }
-
-  // Now append all modified and new values.
-  for (EnvironmentMap::const_iterator i = changes.begin();
-       i != changes.end(); ++i) {
-    if (!i->second.empty()) {
-      result_indices.push_back(value_storage.size());
-      value_storage.append(i->first);
-      value_storage.push_back('=');
-      value_storage.append(i->second);
-      value_storage.push_back(0);
-    }
-  }
-
-  size_t pointer_count_required =
-      result_indices.size() + 1 +  // Null-terminated array of pointers.
-      (value_storage.size() + sizeof(char*) - 1) / sizeof(char*);  // Buffer.
-  std::unique_ptr<char* []> result(new char*[pointer_count_required]);
-
-  // The string storage goes after the array of pointers.
-  char* storage_data = reinterpret_cast<char*>(
-      &result.get()[result_indices.size() + 1]);
-  if (!value_storage.empty())
-    memcpy(storage_data, value_storage.data(), value_storage.size());
-
-  // Fill array of pointers at the beginning of the result.
-  for (size_t i = 0; i < result_indices.size(); i++)
-    result[i] = &storage_data[result_indices[i]];
-  result[result_indices.size()] = 0;  // Null terminator.
-
-  return result;
-}
-
-#endif  // OS_POSIX
-
-}  // namespace base
--- a/security/sandbox/chromium/sandbox/win/src/broker_services.cc
+++ b/security/sandbox/chromium/sandbox/win/src/broker_services.cc
@@ -299,17 +299,16 @@ DWORD WINAPI BrokerServicesBase::TargetE
   NOTREACHED();
   return 0;
 }
 
 // SpawnTarget does all the interesting sandbox setup and creates the target
 // process inside the sandbox.
 ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path,
                                            const wchar_t* command_line,
-                                           base::EnvironmentMap& env_map,
                                            scoped_refptr<TargetPolicy> policy,
                                            ResultCode* last_warning,
                                            DWORD* last_error,
                                            PROCESS_INFORMATION* target_info) {
   if (!exe_path)
     return SBOX_ERROR_BAD_PARAMS;
 
   if (!policy)
@@ -449,17 +448,17 @@ ResultCode BrokerServicesBase::SpawnTarg
   // Create the TargetProcess object and spawn the target suspended. Note that
   // Brokerservices does not own the target object. It is owned by the Policy.
   base::win::ScopedProcessInformation process_info;
   TargetProcess* target =
       new TargetProcess(std::move(initial_token), std::move(lockdown_token),
                         job.Get(), thread_pool_.get());
 
   result = target->Create(exe_path, command_line, inherit_handles, startup_info,
-                          &process_info, env_map, last_error);
+                          &process_info, last_error);
 
   if (result != SBOX_ALL_OK) {
     SpawnCleanup(target);
     return result;
   }
 
   if (lowbox_token.IsValid()) {
     *last_warning = target->AssignLowBoxToken(lowbox_token);
--- a/security/sandbox/chromium/sandbox/win/src/broker_services.h
+++ b/security/sandbox/chromium/sandbox/win/src/broker_services.h
@@ -7,17 +7,16 @@
 
 #include <list>
 #include <map>
 #include <memory>
 #include <set>
 #include <utility>
 
 #include "base/compiler_specific.h"
-#include "base/environment.h"
 #include "base/macros.h"
 #include "base/win/scoped_handle.h"
 #include "sandbox/win/src/crosscall_server.h"
 #include "sandbox/win/src/job.h"
 #include "sandbox/win/src/sandbox.h"
 #include "sandbox/win/src/sharedmem_ipc_server.h"
 #include "sandbox/win/src/win2k_threadpool.h"
 #include "sandbox/win/src/win_utils.h"
@@ -45,17 +44,16 @@ class BrokerServicesBase final : public 
 
   ~BrokerServicesBase();
 
   // BrokerServices interface.
   ResultCode Init() override;
   scoped_refptr<TargetPolicy> CreatePolicy() override;
   ResultCode SpawnTarget(const wchar_t* exe_path,
                          const wchar_t* command_line,
-                         base::EnvironmentMap& env_map,
                          scoped_refptr<TargetPolicy> policy,
                          ResultCode* last_warning,
                          DWORD* last_error,
                          PROCESS_INFORMATION* target) override;
   ResultCode WaitForAllTargets() override;
   ResultCode AddTargetPeer(HANDLE peer_process) override;
 
   // Checks if the supplied process ID matches one of the broker's active
--- a/security/sandbox/chromium/sandbox/win/src/sandbox.h
+++ b/security/sandbox/chromium/sandbox/win/src/sandbox.h
@@ -75,17 +75,16 @@ class BrokerServices {
   //   parameter will hold the last Win32 error value.
   //   target: returns the resulting target process information such as process
   //   handle and PID just as if CreateProcess() had been called. The caller is
   //   responsible for closing the handles returned in this structure.
   // Returns:
   //   ALL_OK if successful. All other return values imply failure.
   virtual ResultCode SpawnTarget(const wchar_t* exe_path,
                                  const wchar_t* command_line,
-                                 base::EnvironmentMap& env_map,
                                  scoped_refptr<TargetPolicy> policy,
                                  ResultCode* last_warning,
                                  DWORD* last_error,
                                  PROCESS_INFORMATION* target) = 0;
 
   // This call blocks (waits) for all the targets to terminate.
   // Returns:
   //   ALL_OK if successful. All other return values imply failure.
--- a/security/sandbox/chromium/sandbox/win/src/target_process.cc
+++ b/security/sandbox/chromium/sandbox/win/src/target_process.cc
@@ -84,17 +84,16 @@ TargetProcess::~TargetProcess() {
 // Creates the target (child) process suspended and assigns it to the job
 // object.
 ResultCode TargetProcess::Create(
     const wchar_t* exe_path,
     const wchar_t* command_line,
     bool inherit_handles,
     const base::win::StartupInformation& startup_info,
     base::win::ScopedProcessInformation* target_info,
-    base::EnvironmentMap& env_changes,
     DWORD* win_error) {
   exe_name_.reset(_wcsdup(exe_path));
 
   // the command line needs to be writable by CreateProcess().
   std::unique_ptr<wchar_t, base::FreeDeleter> cmd_line(_wcsdup(command_line));
 
   // Start the target process suspended.
   DWORD flags =
@@ -104,29 +103,22 @@ ResultCode TargetProcess::Create(
     flags |= EXTENDED_STARTUPINFO_PRESENT;
 
   if (job_ && base::win::GetVersion() < base::win::VERSION_WIN8) {
     // Windows 8 implements nested jobs, but for older systems we need to
     // break out of any job we're in to enforce our restrictions.
     flags |= CREATE_BREAKAWAY_FROM_JOB;
   }
 
-  LPTCH original_environment = GetEnvironmentStrings();
-  base::NativeEnvironmentString new_environment =
-    base::AlterEnvironment(original_environment, env_changes);
-  // Ignore return value? What can we do?
-  FreeEnvironmentStrings(original_environment);
-  LPVOID new_env_ptr = (void*)new_environment.data();
-
   PROCESS_INFORMATION temp_process_info = {};
   if (!::CreateProcessAsUserW(lockdown_token_.Get(), exe_path, cmd_line.get(),
                               NULL,  // No security attribute.
                               NULL,  // No thread attribute.
                               inherit_handles, flags,
-                              new_env_ptr,
+                              NULL,  // Use the environment of the caller.
                               NULL,  // Use current directory of the caller.
                               startup_info.startup_info(),
                               &temp_process_info)) {
     *win_error = ::GetLastError();
     return SBOX_ERROR_CREATE_PROCESS;
   }
   base::win::ScopedProcessInformation process_info(temp_process_info);
 
--- a/security/sandbox/chromium/sandbox/win/src/target_process.h
+++ b/security/sandbox/chromium/sandbox/win/src/target_process.h
@@ -7,17 +7,16 @@
 
 #include <windows.h>
 #include <stddef.h>
 #include <stdint.h>
 
 #include <memory>
 
 #include "base/macros.h"
-#include "base/environment.h"
 #include "base/memory/free_deleter.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/scoped_process_information.h"
 #include "sandbox/win/src/crosscall_server.h"
 #include "sandbox/win/src/sandbox_types.h"
 
 namespace base {
 namespace win {
@@ -52,17 +51,16 @@ class TargetProcess {
   void Release() {}
 
   // Creates the new target process. The process is created suspended.
   ResultCode Create(const wchar_t* exe_path,
                     const wchar_t* command_line,
                     bool inherit_handles,
                     const base::win::StartupInformation& startup_info,
                     base::win::ScopedProcessInformation* target_info,
-                    base::EnvironmentMap& env_map,
                     DWORD* win_error);
 
   // Assign a new lowbox token to the process post creation. The process
   // must still be in its initial suspended state, however this still
   // might fail in the presence of third-party software.
   ResultCode AssignLowBoxToken(const base::win::ScopedHandle& token);
 
   // Destroys the target process.
--- a/security/sandbox/common/moz.build
+++ b/security/sandbox/common/moz.build
@@ -12,11 +12,9 @@ UNIFIED_SOURCES += ['SandboxSettings.cpp
 XPIDL_SOURCES += [
     'mozISandboxSettings.idl',
 ]
 
 XPIDL_MODULE = 'sandbox'
 
 FINAL_LIBRARY = 'xul'
 
-EXPORTS.mozilla += [
-    'SandboxSettings.h'
-]
+EXPORTS.mozilla += ['SandboxSettings.h']
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -41,17 +41,17 @@ AttachSandboxReporter(base::file_handle_
     ->GetClientFileDescriptorMapping(&srcFd, &dstFd);
   aFdMap->push_back({srcFd, dstFd});
 }
 
 void
 SandboxLaunchPrepare(GeckoProcessType aType,
 		     base::LaunchOptions* aOptions)
 {
-  PreloadSandboxLib(&aOptions->env_map);
+  PreloadSandboxLib(&aOptions->environ);
   AttachSandboxReporter(&aOptions->fds_to_remap);
 
   // aType will be used in bug 1401062 to take over the functionality
   // of SandboxEarlyInit
 }
 
 
 } // namespace mozilla
--- a/security/sandbox/moz.build
+++ b/security/sandbox/moz.build
@@ -39,17 +39,16 @@ elif CONFIG['OS_ARCH'] == 'WINNT':
         'chromium-shim/sandbox/win/permissionsService.cpp',
         'chromium-shim/sandbox/win/sandboxLogging.cpp',
         'chromium/base/at_exit.cc',
         'chromium/base/base_switches.cc',
         'chromium/base/callback_internal.cc',
         'chromium/base/cpu.cc',
         'chromium/base/debug/alias.cc',
         'chromium/base/debug/profiler.cc',
-        'chromium/base/environment.cc',
         'chromium/base/hash.cc',
         'chromium/base/lazy_instance.cc',
         'chromium/base/location.cc',
         'chromium/base/memory/ref_counted.cc',
         'chromium/base/memory/shared_memory_handle.cc',
         'chromium/base/memory/shared_memory_handle_win.cc',
         'chromium/base/memory/shared_memory_win.cc',
         'chromium/base/memory/singleton.cc',
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -174,17 +174,16 @@ SandboxBroker::SandboxBroker()
   } else {
     mPolicy = nullptr;
   }
 }
 
 bool
 SandboxBroker::LaunchApp(const wchar_t *aPath,
                          const wchar_t *aArguments,
-                         base::EnvironmentMap& aEnvironment,
                          GeckoProcessType aProcessType,
                          const bool aEnableLogging,
                          void **aProcessHandle)
 {
   if (!sBrokerService || !mPolicy) {
     return false;
   }
 
@@ -261,17 +260,17 @@ SandboxBroker::LaunchApp(const wchar_t *
   result = mPolicy->AddDllToUnload(L"k7pswsen.dll");
   MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
                      "AddDllToUnload should never fail, what happened?");
 
   // Ceate the sandboxed process
   PROCESS_INFORMATION targetInfo = {0};
   sandbox::ResultCode last_warning = sandbox::SBOX_ALL_OK;
   DWORD last_error = ERROR_SUCCESS;
-  result = sBrokerService->SpawnTarget(aPath, aArguments, aEnvironment, mPolicy,
+  result = sBrokerService->SpawnTarget(aPath, aArguments, mPolicy,
                                        &last_warning, &last_error, &targetInfo);
   if (sandbox::SBOX_ALL_OK != result) {
     nsAutoCString key;
     key.AppendASCII(XRE_ChildProcessTypeToString(aProcessType));
     key.AppendLiteral("/0x");
     key.AppendInt(static_cast<uint32_t>(last_error), 16);
 
     // Only accumulate for each combination once per session.
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@@ -5,18 +5,16 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __SECURITY_SANDBOX_SANDBOXBROKER_H__
 #define __SECURITY_SANDBOX_SANDBOXBROKER_H__
 
 #include <stdint.h>
 #include <windows.h>
 
-#include "build/build_config.h"
-#include "mozilla/ipc/EnvironmentMap.h"
 #include "nsXULAppAPI.h"
 
 namespace sandbox {
   class BrokerServices;
   class TargetPolicy;
 }
 
 namespace mozilla {
@@ -31,17 +29,16 @@ public:
   /**
    * Do initialization that depends on parts of the Gecko machinery having been
    * created first.
    */
   static void GeckoDependentInitialize();
 
   bool LaunchApp(const wchar_t *aPath,
                  const wchar_t *aArguments,
-                 base::EnvironmentMap& aEnvironment,
                  GeckoProcessType aProcessType,
                  const bool aEnableLogging,
                  void **aProcessHandle);
   virtual ~SandboxBroker();
 
   // Security levels for different types of processes
 #if defined(MOZ_CONTENT_SANDBOX)
   void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,