Bug 1375863 - fold MOZ_CONTENT_SANDBOX and MOZ_GMP_SANDBOX into MOZ_SANDBOX; r=jld,firefox-build-system-reviewers
authorAlex Gaynor <agaynor@mozilla.com>
Mon, 18 Mar 2019 22:31:59 +0000
changeset 465024 dc8935d7c0b10afc0401049936cc9d5f9fc5b003
parent 465023 38ccf27da0454a86d1185a9a4973cd5cf8a23fa2
child 465025 b20f59942a1ec5067cfa06dad730f7bff27c8f07
push id35730
push userrmaries@mozilla.com
push dateTue, 19 Mar 2019 21:51:47 +0000
treeherdermozilla-central@4f6d8ed9e948 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld, firefox-build-system-reviewers
bugs1375863
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1375863 - fold MOZ_CONTENT_SANDBOX and MOZ_GMP_SANDBOX into MOZ_SANDBOX; r=jld,firefox-build-system-reviewers Differential Revision: https://phabricator.services.mozilla.com/D22975
accessible/ipc/DocAccessibleParent.cpp
accessible/ipc/DocAccessibleParent.h
accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
accessible/windows/msaa/HTMLWin32ObjectAccessible.h
browser/app/nsBrowserApp.cpp
browser/app/profile/firefox.js
dom/ipc/ContentChild.cpp
dom/ipc/ContentChild.h
dom/ipc/ContentParent.cpp
dom/ipc/ContentParent.h
dom/ipc/ContentProcess.cpp
dom/ipc/moz.build
dom/media/gmp/GMPChild.cpp
dom/media/gmp/GMPChild.h
dom/media/gmp/GMPLoader.cpp
dom/media/gmp/GMPLoader.h
dom/media/gmp/GMPParent.cpp
dom/media/gmp/GMPService.cpp
dom/media/gmp/GMPServiceParent.cpp
gfx/thebes/gfxFcPlatformFontList.cpp
gfx/thebes/gfxFcPlatformFontList.h
ipc/glue/GeckoChildProcessHost.cpp
ipc/mscom/COMPtrHolder.h
ipc/mscom/InterceptorLog.cpp
ipc/mscom/PassthruProxy.h
modules/libpref/init/StaticPrefList.h
old-configure.in
security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h
security/sandbox/linux/Sandbox.cpp
security/sandbox/linux/Sandbox.h
security/sandbox/linux/SandboxFilter.cpp
security/sandbox/linux/SandboxFilter.h
security/sandbox/linux/SandboxInfo.cpp
security/sandbox/linux/SandboxInfo.h
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.h
security/sandbox/linux/launch/SandboxLaunch.cpp
security/sandbox/linux/moz.build
security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp
security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.h
toolkit/modules/AppConstants.jsm
toolkit/modules/Troubleshoot.jsm
toolkit/modules/tests/browser/browser_Troubleshoot.js
toolkit/xre/nsAppRunner.cpp
toolkit/xre/nsEmbedFunctions.cpp
toolkit/xre/nsXREDirProvider.cpp
toolkit/xre/nsXREDirProvider.h
xpcom/base/nsMacUtilsImpl.cpp
xpcom/base/nsMacUtilsImpl.h
xpcom/io/SpecialSystemDirectory.cpp
xpcom/io/SpecialSystemDirectory.h
xpcom/io/nsAppDirectoryServiceDefs.h
xpcom/io/nsDirectoryService.cpp
--- a/accessible/ipc/DocAccessibleParent.cpp
+++ b/accessible/ipc/DocAccessibleParent.cpp
@@ -727,31 +727,31 @@ void DocAccessibleParent::SendParentCOMP
       mscom::PassthruProxy::Wrap<IDispatch>(WrapNotNull(nativeAcc)));
 
   IDispatchHolder::COMPtrType ptr(mscom::ToProxyUniquePtr(std::move(wrapped)));
   IDispatchHolder holder(std::move(ptr));
   if (!PDocAccessibleParent::SendParentCOMProxy(holder)) {
     return;
   }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   mParentProxyStream = holder.GetPreservedStream();
-#  endif  // defined(MOZ_CONTENT_SANDBOX)
+#  endif  // defined(MOZ_SANDBOX)
 }
 
 void DocAccessibleParent::SetEmulatedWindowHandle(HWND aWindowHandle) {
   if (!aWindowHandle && mEmulatedWindowHandle && IsTopLevel()) {
     ::DestroyWindow(mEmulatedWindowHandle);
   }
   mEmulatedWindowHandle = aWindowHandle;
 }
 
 mozilla::ipc::IPCResult DocAccessibleParent::RecvGetWindowedPluginIAccessible(
     const WindowsHandle& aHwnd, IAccessibleHolder* aPluginCOMProxy) {
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // We don't actually want the accessible object for aHwnd, but rather the
   // one that belongs to its child (see HTMLWin32ObjectAccessible).
   HWND childWnd = ::GetWindow(reinterpret_cast<HWND>(aHwnd), GW_CHILD);
   if (!childWnd) {
     // We're seeing this in the wild - the plugin is windowed but we no longer
     // have a window.
     return IPC_OK();
   }
--- a/accessible/ipc/DocAccessibleParent.h
+++ b/accessible/ipc/DocAccessibleParent.h
@@ -252,19 +252,19 @@ class DocAccessibleParent : public Proxy
 
   nsTArray<uint64_t> mChildDocs;
   uint64_t mParentDoc;
 
 #if defined(XP_WIN)
   // The handle associated with the emulated window that contains this document
   HWND mEmulatedWindowHandle;
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   mscom::PreservedStreamPtr mParentProxyStream;
-#  endif  // defined(MOZ_CONTENT_SANDBOX)
+#  endif  // defined(MOZ_SANDBOX)
 #endif    // defined(XP_WIN)
 
   /*
    * Conceptually this is a map from IDs to proxies, but we store the ID in the
    * proxy object so we can't use a real map.
    */
   nsTHashtable<ProxyEntry> mAccessibles;
   uint64_t mActorID;
--- a/accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
+++ b/accessible/windows/msaa/HTMLWin32ObjectAccessible.cpp
@@ -48,17 +48,17 @@ bool HTMLWin32ObjectOwnerAccessible::Nat
 // HTMLWin32ObjectAccessible
 ////////////////////////////////////////////////////////////////////////////////
 
 HTMLWin32ObjectAccessible::HTMLWin32ObjectAccessible(void* aHwnd,
                                                      DocAccessible* aDoc)
     : DummyAccessible(aDoc) {
   mHwnd = aHwnd;
   if (mHwnd) {
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     if (XRE_IsContentProcess()) {
       DocAccessibleChild* ipcDoc = aDoc->IPCDoc();
       MOZ_ASSERT(ipcDoc);
       if (!ipcDoc) {
         return;
       }
 
       IAccessibleHolder proxyHolder;
@@ -76,17 +76,17 @@ HTMLWin32ObjectAccessible::HTMLWin32Obje
     // use its inner child owned by the plugin so that we don't get
     // in an infinite loop, where the WM_GETOBJECT's get forwarded
     // back to us and create another HTMLWin32ObjectAccessible
     mHwnd = ::GetWindow((HWND)aHwnd, GW_CHILD);
   }
 }
 
 void HTMLWin32ObjectAccessible::GetNativeInterface(void** aNativeAccessible) {
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   if (XRE_IsContentProcess()) {
     RefPtr<IAccessible> addRefed = mCOMProxy.get();
     addRefed.forget(aNativeAccessible);
     return;
   }
 #endif
 
   if (mHwnd) {
--- a/accessible/windows/msaa/HTMLWin32ObjectAccessible.h
+++ b/accessible/windows/msaa/HTMLWin32ObjectAccessible.h
@@ -3,17 +3,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_a11y_HTMLWin32ObjectAccessible_h_
 #define mozilla_a11y_HTMLWin32ObjectAccessible_h_
 
 #include "BaseAccessibles.h"
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/mscom/Ptr.h"
 #endif
 
 struct IAccessible;
 
 namespace mozilla {
 namespace a11y {
 
@@ -52,17 +52,17 @@ class HTMLWin32ObjectAccessible : public
  public:
   HTMLWin32ObjectAccessible(void* aHwnd, DocAccessible* aDoc);
   virtual ~HTMLWin32ObjectAccessible() {}
 
   virtual void GetNativeInterface(void** aNativeAccessible) override;
 
  protected:
   void* mHwnd;
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   mscom::ProxyUniquePtr<IAccessible> mCOMProxy;
 #endif
 };
 
 }  // namespace a11y
 }  // namespace mozilla
 
 #endif
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -191,22 +191,20 @@ static int do_main(int argc, char* argv[
     config.appDataPath = kDesktopFolder;
   }
 
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
   sandbox::BrokerServices* brokerServices =
       sandboxing::GetInitializedBrokerServices();
   sandboxing::PermissionsService* permissionsService =
       sandboxing::GetPermissionsService();
-#  if defined(MOZ_CONTENT_SANDBOX)
   if (!brokerServices) {
     Output("Couldn't initialize the broker services.\n");
     return 255;
   }
-#  endif
   config.sandboxBrokerServices = brokerServices;
   config.sandboxPermissionsService = permissionsService;
 #endif
 
 #ifdef LIBFUZZER
   if (getenv("LIBFUZZER"))
     gBootstrap->XRE_LibFuzzerSetDriver(fuzzer::FuzzerDriver);
 #endif
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1020,30 +1020,28 @@ pref("dom.ipc.plugins.sandbox-level.defa
 #if defined(_AMD64_)
 // The base sandbox level in nsPluginTag::InitSandboxLevel must be
 // updated to keep in sync with this value.
 pref("dom.ipc.plugins.sandbox-level.flash", 3);
 #else
 pref("dom.ipc.plugins.sandbox-level.flash", 0);
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
 // This controls the strength of the Windows content process sandbox for testing
 // purposes. This will require a restart.
 // On windows these levels are:
 // See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
 // SetSecurityLevelForContentProcess() for what the different settings mean.
 pref("security.sandbox.content.level", 5);
 
 // This controls the depth of stack trace that is logged when Windows sandbox
 // logging is turned on.  This is only currently available for the content
 // process because the only other sandbox (for GMP) has too strict a policy to
 // allow stack tracing.  This does not require a restart to take effect.
 pref("security.sandbox.windows.log.stackTraceDepth", 0);
-#endif
 
 // This controls the strength of the Windows GPU process sandbox.  Changes
 // will require restart.
 // For information on what the level number means, see
 // SetSecurityLevelForGPUProcess() in
 // security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
 pref("security.sandbox.gpu.level", 0);
 
@@ -1054,37 +1052,33 @@ pref("security.sandbox.rdd.win32k-disabl
 // failures, where the GMP process fails very early. See bug 1449348.
 pref("security.sandbox.gmp.win32k-disable", false);
 #endif
 
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 // Start the Mac sandbox early during child process startup instead
 // of when messaged by the parent after the message loop is running.
 pref("security.sandbox.content.mac.earlyinit", true);
-#endif
 
-#if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // This pref is discussed in bug 1083344, the naming is inspired from its
 // Windows counterpart, but on Mac it's an integer which means:
 // 0 -> "no sandbox" (nightly only)
 // 1 -> "preliminary content sandboxing enabled: write access to
 //       home directory is prevented"
 // 2 -> "preliminary content sandboxing enabled with profile protection:
 //       write access to home directory is prevented, read and write access
 //       to ~/Library and profile directories are prevented (excluding
 //       $PROFILE/{extensions,chrome})"
 // 3 -> "no global read/write access, read access permitted to
 //       $PROFILE/{extensions,chrome}"
 // This setting is read when the content process is started. On Mac the content
 // process is killed when all windows are closed, so a change will take effect
 // when the 1st window is opened.
 pref("security.sandbox.content.level", 3);
-#endif
 
-#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 // Prefs for controlling whether and how the Mac NPAPI Flash plugin process is
 // sandboxed. On Mac these levels are:
 // 0 - "no sandbox"
 // 1 - "global read access, limited write access for Flash functionality"
 // 2 - "read access triggered by file dialog activity, limited read/write"
 //     "access for Flash functionality"
 // 3 - "limited read/write access for Flash functionality"
 pref("dom.ipc.plugins.sandbox-level.flash", 1);
@@ -1094,17 +1088,17 @@ pref("dom.ipc.plugins.sandbox-level.flas
 // The max OS minor version where we use the above legacy sandbox level.
 pref("dom.ipc.plugins.sandbox-level.flash.max-legacy-os-minor", 10);
 // Controls the sandbox level used by plugins other than Flash. On Mac,
 // no other plugins are supported and this pref is only used for test
 // plugins used in automated tests.
 pref("dom.ipc.plugins.sandbox-level.default", 1);
 #endif
 
-#if defined(XP_LINUX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 // This pref is introduced as part of bug 742434, the naming is inspired from
 // its Windows/Mac counterpart, but on Linux it's an integer which means:
 // 0 -> "no sandbox"
 // 1 -> "content sandbox using seccomp-bpf when available" + ipc restrictions
 // 2 -> "seccomp-bpf + write file broker"
 // 3 -> "seccomp-bpf + read/write file brokering"
 // 4 -> all of the above + network/socket restrictions + chroot
 //
@@ -1117,33 +1111,27 @@ pref("security.sandbox.content.write_pat
 pref("security.sandbox.content.read_path_whitelist", "");
 pref("security.sandbox.content.syscall_whitelist", "");
 #endif
 
 #if defined(XP_OPENBSD) && defined(MOZ_SANDBOX)
 // default pledge strings for the main & content processes, cf bug 1457092
 // broad list for now, has to be refined over time
 pref("security.sandbox.pledge.main", "stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast");
-#if defined(MOZ_CONTENT_SANDBOX)
 pref("security.sandbox.content.level", 1);
 pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
 #endif
-#endif
 
 #if defined(MOZ_SANDBOX)
-#if defined(MOZ_CONTENT_SANDBOX)
 // ID (a UUID when set by gecko) that is used to form the name of a
 // sandbox-writable temporary directory to be used by content processes
 // when a temporary writable file is required in a level 1 sandbox.
 pref("security.sandbox.content.tempDirSuffix", "");
-#endif
 pref("security.sandbox.plugin.tempDirSuffix", "");
-#endif
 
-#if defined(MOZ_SANDBOX)
 // This pref determines if messages relevant to sandbox violations are
 // logged.
 #if defined(XP_WIN) || defined(XP_MACOSX)
 pref("security.sandbox.logging.enabled", false);
 #endif
 #endif
 
 // This pref governs whether we attempt to work around problems caused by
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -107,17 +107,17 @@
 #if !defined(XP_WIN)
 #  include "mozilla/Omnijar.h"
 #endif
 
 #ifdef MOZ_GECKO_PROFILER
 #  include "ChildProfilerController.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  if defined(XP_WIN)
 #    include "mozilla/sandboxTarget.h"
 #  elif defined(XP_LINUX)
 #    include "mozilla/Sandbox.h"
 #    include "mozilla/SandboxInfo.h"
 #    include "CubebUtils.h"
 #  elif defined(XP_MACOSX)
@@ -1492,17 +1492,17 @@ mozilla::ipc::IPCResult ContentChild::Re
   for (const auto& tabChild : tabs) {
     if (tabChild->GetLayersId().IsValid()) {
       tabChild->ReinitRenderingForDeviceReset();
     }
   }
   return IPC_OK();
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 extern "C" {
 CGError CGSSetDenyWindowServerConnections(bool);
 void CGSShutdownServerConnections();
 };
 
 static bool StartMacOSContentSandbox() {
   int sandboxLevel = GetEffectiveContentSandboxLevel();
   if (sandboxLevel < 1) {
@@ -1631,17 +1631,17 @@ static bool StartMacOSContentSandbox() {
   return true;
 }
 #endif
 
 mozilla::ipc::IPCResult ContentChild::RecvSetProcessSandbox(
     const Maybe<mozilla::ipc::FileDescriptor>& aBroker) {
   // We may want to move the sandbox initialization somewhere else
   // at some point; see bug 880808.
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   bool sandboxEnabled = true;
 #  if defined(XP_LINUX)
   // On Linux, we have to support systems that can't use any sandboxing.
   if (!SandboxInfo::Get().CanSandboxContent()) {
     sandboxEnabled = false;
   } else {
     // Pre-start audio before sandboxing; see bug 1443612.
     if (!Preferences::GetBool("media.cubeb.sandbox")) {
@@ -1672,17 +1672,17 @@ mozilla::ipc::IPCResult ContentChild::Re
       CrashReporter::Annotation::ContentSandboxEnabled, sandboxEnabled);
 #  if defined(XP_LINUX) && !defined(OS_ANDROID)
   CrashReporter::AnnotateCrashReport(
       CrashReporter::Annotation::ContentSandboxCapabilities,
       static_cast<int>(SandboxInfo::Get().AsInteger()));
 #  endif /* XP_LINUX && !OS_ANDROID */
   CrashReporter::AnnotateCrashReport(CrashReporter::Annotation::RemoteType,
                                      NS_ConvertUTF16toUTF8(GetRemoteType()));
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult ContentChild::RecvBidiKeyboardNotify(
     const bool& aIsLangRTL, const bool& aHaveBidiKeyboards) {
   // bidi is always of type PuppetBidiKeyboard* (because in the child, the only
   // possible implementation of nsIBidiKeyboard is PuppetBidiKeyboard).
@@ -3836,17 +3836,17 @@ mozilla::ipc::IPCResult ContentChild::Re
   if (aContext) {
     aTransaction.Apply(aContext, nullptr);
   }
   return IPC_OK();
 }
 
 }  // namespace dom
 
-#if defined(__OpenBSD__) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
 #  include <unistd.h>
 
 static LazyLogModule sPledgeLog("SandboxPledge");
 
 bool StartOpenBSDSandbox(GeckoProcessType type) {
   nsAutoCString promisesString;
   nsAutoCString processTypeString;
 
--- a/dom/ipc/ContentChild.h
+++ b/dom/ipc/ContentChild.h
@@ -20,17 +20,17 @@
 #include "nsIObserver.h"
 #include "nsTHashtable.h"
 #include "nsStringFwd.h"
 #include "nsTArrayForwardDeclare.h"
 #include "nsRefPtrHashtable.h"
 
 #include "nsIWindowProvider.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 #  include "nsIFile.h"
 #endif
 
 struct ChromePackage;
 class nsIObserver;
 struct SubstitutionMapping;
 struct OverrideMapping;
 class nsIDomainPolicy;
@@ -134,17 +134,17 @@ class ContentChild final : public PConte
   void SetProcessName(const nsAString& aName);
 
   void GetProcessName(nsAString& aName) const;
 
   void GetProcessName(nsACString& aName) const;
 
   void LaunchRDDProcess();
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   void GetProfileDir(nsIFile** aProfileDir) const {
     *aProfileDir = mProfileDir;
     NS_IF_ADDREF(*aProfileDir);
   }
 
   void SetProfileDir(nsIFile* aProfileDir) { mProfileDir = aProfileDir; }
 #endif
 
@@ -794,17 +794,17 @@ class ContentChild final : public PConte
   nsCOMPtr<nsITimer> mForceKillTimer;
 
   RefPtr<ipc::SharedMap> mSharedData;
 
 #ifdef MOZ_GECKO_PROFILER
   RefPtr<ChildProfilerController> mProfilerController;
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> mProfileDir;
 #endif
 
   // Hashtable to keep track of the pending GetFilesHelper objects.
   // This GetFilesHelperChild objects are removed when RecvGetFilesResponse is
   // received.
   nsRefPtrHashtable<nsIDHashKey, GetFilesHelperChild> mGetFilesPendingRequests;
 
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -256,17 +256,17 @@
 #include "mozilla/RemoteSpellCheckEngineParent.h"
 
 #include "Crypto.h"
 
 #ifdef MOZ_WEBSPEECH
 #  include "mozilla/dom/SpeechSynthesisParent.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  if defined(XP_LINUX)
 #    include "mozilla/SandboxInfo.h"
 #    include "mozilla/SandboxBroker.h"
 #    include "mozilla/SandboxBrokerPolicyFactory.h"
 #  endif
 #endif
 
@@ -560,23 +560,23 @@ ProcessID GetTelemetryProcessID(const ns
 }
 
 }  // anonymous namespace
 
 nsDataHashtable<nsUint32HashKey, ContentParent*>*
     ContentParent::sJSPluginContentParents;
 nsTArray<ContentParent*>* ContentParent::sPrivateContent;
 StaticAutoPtr<LinkedList<ContentParent>> ContentParent::sContentParents;
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 UniquePtr<SandboxBrokerPolicyFactory>
     ContentParent::sSandboxBrokerPolicyFactory;
 #endif
 uint64_t ContentParent::sNextTabParentId = 0;
 nsDataHashtable<nsUint64HashKey, TabParent*> ContentParent::sNextTabParents;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 StaticAutoPtr<std::vector<std::string>> ContentParent::sMacSandboxParams;
 #endif
 
 // Whether a private docshell has been seen before.
 static bool sHasSeenPrivateDocShell = false;
 
 // This is true when subprocess launching is enabled.  This is the
 // case between StartUp() and ShutDown().
@@ -608,17 +608,17 @@ static const char* sObserverTopics[] = {
     "cacheservice:empty-cache",
     "intl:app-locales-changed",
     "intl:requested-locales-changed",
     "cookie-changed",
     "private-cookie-changed",
     "clear-site-data-reload-needed",
 };
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 bool ContentParent::sEarlySandboxInit = false;
 #endif
 
 // PreallocateProcess is called by the PreallocatedProcessManager.
 // ContentParent then takes this process back within GetNewOrUsedBrowserProcess.
 /*static*/ RefPtr<ContentParent::LaunchPromise>
 ContentParent::PreallocateProcess() {
   RefPtr<ContentParent> process = new ContentParent(
@@ -643,36 +643,36 @@ void ContentParent::StartUp() {
   // Note: This reporter measures all ContentParents.
   RegisterStrongMemoryReporter(new ContentParentsMemoryReporter());
 
   BackgroundChild::Startup();
   ClientManager::Startup();
 
   sDisableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS");
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   sSandboxBrokerPolicyFactory = MakeUnique<SandboxBrokerPolicyFactory>();
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   sMacSandboxParams = new std::vector<std::string>;
 #endif
 }
 
 /*static*/
 void ContentParent::ShutDown() {
   // No-op for now.  We rely on normal process shutdown and
   // ClearOnShutdown() to clean up our state.
   sCanLaunchSubprocesses = false;
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   sSandboxBrokerPolicyFactory = nullptr;
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   sMacSandboxParams = nullptr;
 #endif
 }
 
 /*static*/
 uint32_t ContentParent::GetPoolSize(const nsAString& aContentProcessType) {
   if (!sBrowserContentParents) {
     return 0;
@@ -1885,17 +1885,17 @@ bool ContentParent::DestroyTestShell(Tes
   return PTestShellParent::Send__delete__(aTestShell);
 }
 
 TestShellParent* ContentParent::GetTestShellSingleton() {
   PTestShellParent* p = LoneManagedOrNullAsserts(ManagedPTestShellParent());
   return static_cast<TestShellParent*>(p);
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 // Append the sandbox command line parameters that are not static. i.e.,
 // parameters that can be different for different child processes.
 void ContentParent::AppendDynamicSandboxParams(
     std::vector<std::string>& aArgs) {
   // For file content processes
   if (GetRemoteType().EqualsLiteral(FILE_REMOTE_TYPE)) {
     aArgs.push_back("-sbAllowFileAccess");
   }
@@ -2021,17 +2021,17 @@ void ContentParent::AppendSandboxParams(
 
   // Append cached arguments.
   aArgs.insert(aArgs.end(), sMacSandboxParams->begin(),
                sMacSandboxParams->end());
 
   // Append remaining arguments.
   AppendDynamicSandboxParams(aArgs);
 }
-#endif  // XP_MACOSX && MOZ_CONTENT_SANDBOX
+#endif  // XP_MACOSX && MOZ_SANDBOX
 
 void ContentParent::LaunchSubprocessInternal(
     ProcessPriority aInitialPriority,
     mozilla::Variant<bool*, RefPtr<LaunchPromise>*>&& aRetval) {
   AUTO_PROFILER_LABEL("ContentParent::LaunchSubprocess", OTHER);
   const bool isSync = aRetval.is<bool*>();
 
   Telemetry::Accumulate(Telemetry::CONTENT_PROCESS_LAUNCH_IS_SYNC,
@@ -2111,17 +2111,17 @@ void ContentParent::LaunchSubprocessInte
   extraArgs.push_back(formatPtrArg(prefSerializer.GetPrefLength()).get());
   extraArgs.push_back("-prefMapSize");
   extraArgs.push_back(formatPtrArg(prefSerializer.GetPrefMapSize()).get());
 
   if (gSafeMode) {
     extraArgs.push_back("-safeMode");
   }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // If we're launching a middleman process for a
   // recording or replay, start the sandbox later.
   if (sEarlySandboxInit && IsContentSandboxEnabled() &&
       !IsRecordingOrReplaying()) {
     AppendSandboxParams(extraArgs);
   }
 #endif
 
@@ -2302,17 +2302,17 @@ ContentParent::ContentParent(ContentPare
   GetIPCChannel()->SetChannelFlags(
       MessageChannel::REQUIRE_DEFERRED_MESSAGE_PROTECTION);
 #endif
 
   NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
   bool isFile = mRemoteType.EqualsLiteral(FILE_REMOTE_TYPE);
   mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content, isFile);
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // sEarlySandboxInit is statically initialized to false.
   // Once we've set it to true due to the pref, avoid checking the
   // pref on subsequent calls. As a result, changing the earlyinit
   // pref requires restarting the browser to take effect.
   if (!ContentParent::sEarlySandboxInit) {
     ContentParent::sEarlySandboxInit =
         Preferences::GetBool("security.sandbox.content.mac.earlyinit");
   }
@@ -2577,17 +2577,17 @@ void ContentParent::InitInternal(Process
   nsString sessionName;
   nsString iconPath;
   if (NS_SUCCEEDED(
           mozilla::widget::GetAudioSessionData(id, sessionName, iconPath))) {
     Unused << SendSetAudioSessionData(id, sessionName, iconPath);
   }
 #endif
 
-#ifdef MOZ_CONTENT_SANDBOX
+#ifdef MOZ_SANDBOX
   bool shouldSandbox = true;
   Maybe<FileDescriptor> brokerFd;
   // XXX: Checking the pref here makes it possible to enable/disable sandboxing
   // during an active session. Currently the pref is only used for testing
   // purpose. If the decision is made to permanently rely on the pref, this
   // should be changed so that it is required to restart firefox for the change
   // of value to take effect.
   shouldSandbox = IsContentSandboxEnabled();
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@@ -62,17 +62,17 @@ class nsIDumpGCAndCCLogsCallback;
 class nsITabParent;
 class nsITimer;
 class ParentIdleListener;
 class nsIWidget;
 
 namespace mozilla {
 class PRemoteSpellcheckEngineParent;
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 class SandboxBroker;
 class SandboxBrokerPolicyFactory;
 #endif
 
 class PreallocatedProcessManagerImpl;
 
 using mozilla::loader::PScriptCacheParent;
 
@@ -645,17 +645,17 @@ class ContentParent final : public PCont
    */
   static nsClassHashtable<nsStringHashKey, nsTArray<ContentParent*>>*
       sBrowserContentParents;
   static nsTArray<ContentParent*>* sPrivateContent;
   static nsDataHashtable<nsUint32HashKey, ContentParent*>*
       sJSPluginContentParents;
   static StaticAutoPtr<LinkedList<ContentParent>> sContentParents;
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // Cached Mac sandbox params used when launching content processes.
   static StaticAutoPtr<std::vector<std::string>> sMacSandboxParams;
 #endif
 
   // Set aLoadUri to true to load aURIToLoad and to false to only create the
   // window. aURIToLoad should always be provided, if available, to ensure
   // compatibility with GeckoView.
   mozilla::ipc::IPCResult CommonCreateWindow(
@@ -1146,17 +1146,17 @@ class ContentParent final : public PCont
 
   mozilla::ipc::IPCResult RecvStoreUserInteractionAsPermission(
       const Principal& aPrincipal);
 
   // Notify the ContentChild to enable the input event prioritization when
   // initializing.
   void MaybeEnableRemoteInputEventQueue();
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   void AppendSandboxParams(std::vector<std::string>& aArgs);
   void AppendDynamicSandboxParams(std::vector<std::string>& aArgs);
 #endif
 
  public:
   void SendGetFilesResponseAndForget(const nsID& aID,
                                      const GetFilesResponseResult& aResult);
 
@@ -1270,17 +1270,17 @@ class ContentParent final : public PCont
   ScopedClose mChildXSocketFdDup;
 #endif
 
   PProcessHangMonitorParent* mHangMonitorActor;
 
   UniquePtr<gfx::DriverCrashGuard> mDriverCrashGuard;
   UniquePtr<MemoryReportRequestHost> mMemoryReportRequest;
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   mozilla::UniquePtr<SandboxBroker> mSandboxBroker;
   static mozilla::UniquePtr<SandboxBrokerPolicyFactory>
       sSandboxBrokerPolicyFactory;
 #endif
 
 #ifdef NS_PRINTING
   RefPtr<embedding::PrintingParent> mPrintingParent;
 #endif
@@ -1300,17 +1300,17 @@ class ContentParent final : public PCont
   // when the process can receive IPC messages.
   nsTArray<Pref> mQueuedPrefs;
 
   RefPtr<mozilla::dom::ProcessMessageManager> mMessageManager;
 
   static uint64_t sNextTabParentId;
   static nsDataHashtable<nsUint64HashKey, TabParent*> sNextTabParents;
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // When set to true, indicates that content processes should
   // initialize their sandbox during startup instead of waiting
   // for the SetProcessSandbox IPDL message.
   static bool sEarlySandboxInit;
 #endif
 
   nsTHashtable<nsRefPtrHashKey<BrowsingContextGroup>> mGroups;
 };
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@@ -6,51 +6,51 @@
 
 #include "mozilla/ipc/IOThreadChild.h"
 
 #include "ContentProcess.h"
 #include "base/shared_memory.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/recordreplay/ParentIPC.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 #  include <stdlib.h>
 #  include "mozilla/Sandbox.h"
 #endif
 
-#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  include "nsAppDirectoryServiceDefs.h"
 #  include "nsDirectoryService.h"
 #  include "nsDirectoryServiceDefs.h"
 #endif
 
 using mozilla::ipc::IOThreadChild;
 
 namespace mozilla {
 namespace dom {
 
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
 static void SetTmpEnvironmentVariable(nsIFile* aValue) {
   // Save the TMP environment variable so that is is picked up by GetTempPath().
   // Note that we specifically write to the TMP variable, as that is the first
   // variable that is checked by GetTempPath() to determine its output.
   nsAutoString fullTmpPath;
   nsresult rv = aValue->GetPath(fullTmpPath);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return;
   }
   Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", fullTmpPath.get()));
   // We also set TEMP in case there is naughty third-party code that is
   // referencing the environment variable directly.
   Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", fullTmpPath.get()));
 }
 #endif
 
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
 static void SetUpSandboxEnvironment() {
   MOZ_ASSERT(
       nsDirectoryService::gService,
       "SetUpSandboxEnvironment relies on nsDirectoryService being initialized");
 
   // On Windows, a sandbox-writable temp directory is used whenever the sandbox
   // is enabled.
   if (!IsContentSandboxEnabled()) {
@@ -80,17 +80,17 @@ static void SetUpSandboxEnvironment() {
 bool ContentProcess::Init(int aArgc, char* aArgv[]) {
   Maybe<uint64_t> childID;
   Maybe<bool> isForBrowser;
   Maybe<const char*> parentBuildID;
   char* prefsHandle = nullptr;
   char* prefMapHandle = nullptr;
   char* prefsLen = nullptr;
   char* prefMapSize = nullptr;
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> profileDir;
 #endif
 
   for (int i = 1; i < aArgc; i++) {
     if (!aArgv[i]) {
       continue;
     }
 
@@ -144,28 +144,28 @@ bool ContentProcess::Init(int aArgc, cha
       gSafeMode = true;
 
     } else if (strcmp(aArgv[i], "-parentBuildID") == 0) {
       if (++i == aArgc) {
         return false;
       }
       parentBuildID = Some(aArgv[i]);
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
     } else if (strcmp(aArgv[i], "-profile") == 0) {
       if (++i == aArgc) {
         return false;
       }
       bool flag;
       nsresult rv = XRE_GetFileFromPath(aArgv[i], getter_AddRefs(profileDir));
       if (NS_FAILED(rv) || NS_FAILED(profileDir->Exists(&flag)) || !flag) {
         NS_WARNING("Invalid profile directory passed to content process.");
         profileDir = nullptr;
       }
-#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
+#endif /* XP_MACOSX && MOZ_SANDBOX */
     }
   }
 
   // Did we find all the mandatory flags?
   if (childID.isNothing() || isForBrowser.isNothing() ||
       parentBuildID.isNothing()) {
     return false;
   }
@@ -181,30 +181,30 @@ bool ContentProcess::Init(int aArgc, cha
                                               deserializer.GetPrefsHandle(),
                                               deserializer.GetPrefMapHandle());
   }
 
   mContent.Init(IOThreadChild::message_loop(), ParentPid(), *parentBuildID,
                 IOThreadChild::channel(), *childID, *isForBrowser);
 
   mXREEmbed.Start();
-#if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+#if (defined(XP_MACOSX)) && defined(MOZ_SANDBOX)
   mContent.SetProfileDir(profileDir);
 #  if defined(DEBUG)
   // For WebReplay middleman processes, the sandbox is
   // started after receiving the SetProcessSandbox message.
   if (IsContentSandboxEnabled() &&
       Preferences::GetBool("security.sandbox.content.mac.earlyinit") &&
       !recordreplay::IsMiddleman()) {
     AssertMacSandboxEnabled();
   }
 #  endif /* DEBUG */
-#endif   /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
+#endif   /* XP_MACOSX && MOZ_SANDBOX */
 
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
   SetUpSandboxEnvironment();
 #endif
 
   return true;
 }
 
 // Note: CleanUp() never gets called in non-debug builds because we exit early
 // in ContentChild::ActorDestroy().
--- a/dom/ipc/moz.build
+++ b/dom/ipc/moz.build
@@ -127,22 +127,17 @@ IPDL_SOURCES += [
     'PWindowGlobal.ipdl',
     'ServiceWorkerConfiguration.ipdlh',
 ]
 
 include('/ipc/chromium/chromium-config.mozbuild')
 
 FINAL_LIBRARY = 'xul'
 
-if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin':
-    USE_LIBS += [
-        'mozsandbox',
-    ]
-
-if CONFIG['MOZ_CONTENT_SANDBOX'] and CONFIG['OS_ARCH'] == 'Linux':
+if CONFIG['MOZ_SANDBOX'] and (CONFIG['OS_TARGET'] in ['Darwin', 'Linux']):
     USE_LIBS += [
         'mozsandbox',
     ]
 
 LOCAL_INCLUDES += [
     '/caps',
     '/chrome',
     '/docshell/base',
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@@ -32,17 +32,17 @@ using namespace mozilla::ipc;
 
 #ifdef XP_WIN
 #  include <stdlib.h>  // for _exit()
 #  include "WinUtils.h"
 #else
 #  include <unistd.h>  // for _exit()
 #endif
 
-#if defined(MOZ_GMP_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  if defined(XP_MACOSX)
 #    include "mozilla/Sandbox.h"
 #  endif
 #endif
 
 namespace mozilla {
 
 #undef LOG
@@ -127,17 +127,17 @@ static nsCString GetNativeTarget(nsIFile
   if (isLink) {
     aFile->GetNativeTarget(path);
   } else {
     aFile->GetNativePath(path);
   }
   return path;
 }
 
-#  if defined(MOZ_GMP_SANDBOX)
+#  if defined(MOZ_SANDBOX)
 static bool GetPluginPaths(const nsAString& aPluginPath,
                            nsCString& aPluginDirectoryPath,
                            nsCString& aPluginFilePath) {
   nsCOMPtr<nsIFile> libDirectory, libFile;
   if (!GetPluginFile(aPluginPath, libDirectory, libFile)) {
     return false;
   }
 
@@ -213,17 +213,17 @@ bool GMPChild::SetMacSandboxInfo(MacSand
   info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
   info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
 
   mGMPLoader->SetSandboxInfo(&info);
   return true;
 }
-#  endif  // MOZ_GMP_SANDBOX
+#  endif  // MOZ_SANDBOX
 #endif    // XP_MACOSX
 
 bool GMPChild::Init(const nsAString& aPluginPath, base::ProcessId aParentPid,
                     MessageLoop* aIOLoop, IPC::Channel* aChannel) {
   LOGD("%s pluginPath=%s", __FUNCTION__,
        NS_ConvertUTF16toUTF8(aPluginPath).get());
 
   if (NS_WARN_IF(!Open(aChannel, aParentPid, aIOLoop))) {
@@ -300,17 +300,17 @@ static bool ResolveLinks(nsCOMPtr<nsIFil
   aPath = newFile;
   return true;
 #else
   return true;
 #endif
 }
 
 bool GMPChild::GetUTF8LibPath(nsACString& aOutLibPath) {
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   nsAutoCString pluginDirectoryPath, pluginFilePath;
   if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
     MOZ_CRASH("Error scanning plugin path");
   }
   aOutLibPath.Assign(pluginFilePath);
   return true;
 #else
   nsCOMPtr<nsIFile> libFile;
@@ -548,25 +548,25 @@ mozilla::ipc::IPCResult GMPChild::Answer
     return IPC_FAIL(this, "Failed to get lib path.");
 #endif
   }
 
   auto platformAPI = new GMPPlatformAPI();
   InitPlatformAPI(*platformAPI, this);
 
   mGMPLoader = MakeUnique<GMPLoader>();
-#if defined(MOZ_GMP_SANDBOX)
+#if defined(MOZ_SANDBOX)
   if (!mGMPLoader->CanSandbox()) {
     LOGD("%s Can't sandbox GMP, failing", __FUNCTION__);
     delete platformAPI;
     return IPC_FAIL(this, "Can't sandbox GMP.");
   }
 #endif
   bool isChromium = aAdapter.EqualsLiteral("chromium");
-#if defined(MOZ_GMP_SANDBOX) && defined(XP_MACOSX)
+#if defined(MOZ_SANDBOX) && defined(XP_MACOSX)
   MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
   if (isChromium) {
     pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;
   }
   if (!SetMacSandboxInfo(pluginType)) {
     NS_WARNING("Failed to set Mac GMP sandbox info");
     delete platformAPI;
     return IPC_FAIL(
--- a/dom/media/gmp/GMPChild.h
+++ b/dom/media/gmp/GMPChild.h
@@ -29,17 +29,17 @@ class GMPChild : public PGMPChild {
   bool Init(const nsAString& aPluginPath, base::ProcessId aParentPid,
             MessageLoop* aIOLoop, IPC::Channel* aChannel);
   MessageLoop* GMPMessageLoop();
 
   // Main thread only.
   GMPTimerChild* GetGMPTimers();
   GMPStorageChild* GetGMPStorage();
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
 #endif
 
  private:
   friend class GMPContentChild;
 
   bool GetUTF8LibPath(nsACString& aOutLibPath);
 
--- a/dom/media/gmp/GMPLoader.cpp
+++ b/dom/media/gmp/GMPLoader.cpp
@@ -10,17 +10,17 @@
 #include "gmp-entrypoints.h"
 #include "prlink.h"
 #include "prenv.h"
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
 #  include "mozilla/sandboxTarget.h"
 #  include "mozilla/sandboxing/SandboxInitialization.h"
 #  include "mozilla/sandboxing/sandboxLogging.h"
 #endif
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/Sandbox.h"
 #  include "mozilla/SandboxInfo.h"
 #endif
 
 #include <string>
 
 #ifdef XP_WIN
 #  include "windows.h"
@@ -127,17 +127,17 @@ GMPErr GMPLoader::GetAPI(const char* aAP
 }
 
 void GMPLoader::Shutdown() {
   if (mAdapter) {
     mAdapter->GMPShutdown();
   }
 }
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 void GMPLoader::SetSandboxInfo(MacSandboxInfo* aSandboxInfo) {
   if (mSandboxStarter) {
     mSandboxStarter->SetSandboxInfo(aSandboxInfo);
   }
 }
 #endif
 
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
@@ -151,17 +151,17 @@ class WinSandboxStarter : public mozilla
     rand_s(&dummy_rand);
 
     mozilla::SandboxTarget::Instance()->StartSandbox();
     return true;
   }
 };
 #endif
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 class MacSandboxStarter : public mozilla::gmp::SandboxStarter {
  public:
   bool Start(const char* aLibPath) override {
     std::string err;
     bool rv = mozilla::StartMacSandbox(mInfo, err);
     if (!rv) {
       fprintf(stderr, "sandbox_init() failed! Error \"%s\"\n", err.c_str());
     }
@@ -171,17 +171,17 @@ class MacSandboxStarter : public mozilla
     mInfo = *aSandboxInfo;
   }
 
  private:
   MacSandboxInfo mInfo;
 };
 #endif
 
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 namespace {
 class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter {
  private:
   LinuxSandboxStarter() {}
   friend mozilla::detail::UniqueSelector<LinuxSandboxStarter>::SingleObject
   mozilla::MakeUnique<LinuxSandboxStarter>();
 
  public:
@@ -194,24 +194,24 @@ class LinuxSandboxStarter : public mozil
     return nullptr;
   }
   bool Start(const char* aLibPath) override {
     mozilla::SetMediaPluginSandbox(aLibPath);
     return true;
   }
 };
 }  // anonymous namespace
-#endif  // XP_LINUX && MOZ_GMP_SANDBOX
+#endif  // XP_LINUX && MOZ_SANDBOX
 
 static UniquePtr<SandboxStarter> MakeSandboxStarter() {
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
   return mozilla::MakeUnique<WinSandboxStarter>();
-#elif defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#elif defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   return mozilla::MakeUnique<MacSandboxStarter>();
-#elif defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#elif defined(XP_LINUX) && defined(MOZ_SANDBOX)
   return LinuxSandboxStarter::Make();
 #else
   return nullptr;
 #endif
 }
 
 GMPLoader::GMPLoader() : mSandboxStarter(MakeSandboxStarter()) {}
 
--- a/dom/media/gmp/GMPLoader.h
+++ b/dom/media/gmp/GMPLoader.h
@@ -7,28 +7,28 @@
 #ifndef GMP_LOADER_H__
 #define GMP_LOADER_H__
 
 #include <stdint.h>
 #include "prlink.h"
 #include "gmp-entrypoints.h"
 #include "mozilla/UniquePtr.h"
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
 #  include "mozilla/Sandbox.h"
 #endif
 
 namespace mozilla {
 namespace gmp {
 
 class SandboxStarter {
  public:
   virtual ~SandboxStarter() {}
   virtual bool Start(const char* aLibPath) = 0;
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // On OS X we need to set Mac-specific sandbox info just before we start the
   // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
   // objects are created.
   virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0;
 #endif
 };
 
 // Interface that adapts a plugin to the GMP API.
@@ -64,17 +64,17 @@ class GMPLoader {
   // Retrieves an interface pointer from the GMP.
   GMPErr GetAPI(const char* aAPIName, void* aHostAPI, void** aPluginAPI,
                 uint32_t aDecryptorId);
 
   // Calls the GMPShutdown function exported by the GMP lib, and unloads the
   // plugin library.
   void Shutdown();
 
-#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   // On OS X we need to set Mac-specific sandbox info just before we start the
   // sandbox, which we don't yet know when the GMPLoader and SandboxStarter
   // objects are created.
   void SetSandboxInfo(MacSandboxInfo* aSandboxInfo);
 #endif
 
   bool CanSandbox() const;
 
--- a/dom/media/gmp/GMPParent.cpp
+++ b/dom/media/gmp/GMPParent.cpp
@@ -16,17 +16,17 @@
 #include "mozilla/ipc/CrashReporterHost.h"
 #include "mozilla/ipc/GeckoChildProcessHost.h"
 #include "mozilla/SSE.h"
 #include "mozilla/SyncRunnable.h"
 #include "mozilla/Unused.h"
 #include "nsIObserverService.h"
 #include "GMPTimerParent.h"
 #include "runnable_utils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxInfo.h"
 #endif
 #include "CDMStorageIdProvider.h"
 #include "GMPContentParent.h"
 #include "VideoUtils.h"
 
 using mozilla::ipc::GeckoChildProcessHost;
 
@@ -686,17 +686,17 @@ RefPtr<GenericPromise> GMPParent::ParseC
   if (!IsCDMAPISupported(m)) {
     return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
   }
 
   mDisplayName = NS_ConvertUTF16toUTF8(m.mName);
   mDescription = NS_ConvertUTF16toUTF8(m.mDescription);
   mVersion = NS_ConvertUTF16toUTF8(m.mVersion);
 
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   if (!mozilla::SandboxInfo::Get().CanSandboxMedia()) {
     nsPrintfCString msg(
         "GMPParent::ParseChromiumManifest: Plugin \"%s\" is an EME CDM"
         " but this system can't sandbox it; not loading.",
         mDisplayName.get());
     printf_stderr("%s\n", msg.get());
     LOGD("%s", msg.get());
     return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
--- a/dom/media/gmp/GMPService.cpp
+++ b/dom/media/gmp/GMPService.cpp
@@ -19,17 +19,17 @@
 #include "mozilla/Services.h"
 #include "nsNativeCharsetUtils.h"
 #include "nsIXULAppInfo.h"
 #include "nsIConsoleService.h"
 #include "mozilla/Unused.h"
 #include "nsComponentManagerUtils.h"
 #include "runnable_utils.h"
 #include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxInfo.h"
 #endif
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsDirectoryServiceUtils.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsHashKeys.h"
 #include "nsIFile.h"
 #include "nsISimpleEnumerator.h"
--- a/dom/media/gmp/GMPServiceParent.cpp
+++ b/dom/media/gmp/GMPServiceParent.cpp
@@ -22,17 +22,17 @@
 #include "nsXPCOMPrivate.h"
 #include "mozilla/Services.h"
 #include "nsNativeCharsetUtils.h"
 #include "nsIConsoleService.h"
 #include "mozilla/Unused.h"
 #include "nsComponentManagerUtils.h"
 #include "runnable_utils.h"
 #include "VideoUtils.h"
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxInfo.h"
 #endif
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsDirectoryServiceUtils.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsHashKeys.h"
 #include "nsIFile.h"
 #include "nsISimpleEnumerator.h"
@@ -780,17 +780,17 @@ already_AddRefed<GMPParent> GeckoMediaPl
     }
     return clone.forget();
   }
 
   return nullptr;
 }
 
 RefPtr<GMPParent> CreateGMPParent(AbstractThread* aMainThread) {
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   if (!SandboxInfo::Get().CanSandboxMedia()) {
     if (!StaticPrefs::MediaGmpInsecureAllow()) {
       NS_WARNING("Denying media plugin load due to lack of sandboxing.");
       return nullptr;
     }
     NS_WARNING("Loading media plugin despite lack of sandboxing.");
   }
 #endif
--- a/gfx/thebes/gfxFcPlatformFontList.cpp
+++ b/gfx/thebes/gfxFcPlatformFontList.cpp
@@ -36,17 +36,17 @@
 #  include <gdk/gdk.h>
 #  include "gfxPlatformGtk.h"
 #endif
 
 #ifdef MOZ_X11
 #  include "mozilla/X11Util.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
 #  include "mozilla/SandboxBrokerPolicyFactory.h"
 #  include "mozilla/SandboxSettings.h"
 #endif
 
 #include FT_MULTIPLE_MASTERS_H
 
 using namespace mozilla;
 using namespace mozilla::gfx;
@@ -1433,17 +1433,17 @@ void gfxFcPlatformFontList::AddFontSetFa
     FcChar8* path;
     if (FcPatternGetString(pattern, FC_FILE, 0, &path) != FcResultMatch) {
       continue;
     }
     if (access(reinterpret_cast<const char*>(path), F_OK | R_OK) != 0) {
       continue;
     }
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
     // Skip any fonts that will be blocked by the content-process sandbox
     // policy.
     if (aPolicy && !(aPolicy->Lookup(reinterpret_cast<const char*>(path)) &
                      SandboxBroker::Perms::MAY_READ)) {
       continue;
     }
 #endif
 
@@ -1590,17 +1590,17 @@ nsresult gfxFcPlatformFontList::InitFont
 
     return NS_OK;
   }
 
   mLastConfig = FcConfigGetCurrent();
 
   UniquePtr<SandboxPolicy> policy;
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
   // If read sandboxing is enabled, create a temporary SandboxPolicy to
   // check font paths; use a fake PID to avoid picking up any PID-specific
   // rules by accident.
   SandboxBrokerPolicyFactory policyFactory;
   if (GetEffectiveContentSandboxLevel() > 2 &&
       !PR_GetEnv("MOZ_DISABLE_CONTENT_SANDBOX")) {
     policy = policyFactory.GetContentPolicy(-1, false);
   }
--- a/gfx/thebes/gfxFcPlatformFontList.h
+++ b/gfx/thebes/gfxFcPlatformFontList.h
@@ -18,17 +18,17 @@
 #include <fontconfig/fontconfig.h>
 #include "ft2build.h"
 #include FT_FREETYPE_H
 #include FT_TRUETYPE_TABLES_H
 #include FT_MULTIPLE_MASTERS_H
 #include <cairo.h>
 #include <cairo-ft.h>
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
 #  include "mozilla/SandboxBroker.h"
 #endif
 
 namespace mozilla {
 namespace dom {
 class SystemFontListEntry;
 };
 };  // namespace mozilla
@@ -316,17 +316,17 @@ class gfxFcPlatformFontList : public gfx
   void GetSampleLangForGroup(nsAtom* aLanguage, nsACString& aLangStr,
                              bool aForFontEnumerationThread = false);
 
   static FT_Library GetFTLibrary();
 
  protected:
   virtual ~gfxFcPlatformFontList();
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_LINUX)
+#if defined(MOZ_SANDBOX) && defined(XP_LINUX)
   typedef mozilla::SandboxBroker::Policy SandboxPolicy;
 #else
   // Dummy type just so we can still have a SandboxPolicy* parameter.
   struct SandboxPolicy {};
 #endif
 
   // Add all the font families found in a font set.
   // aAppFonts indicates whether this is the system or application fontset.
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@@ -18,17 +18,17 @@
 #  include "SharedMemoryBasic.h"
 #endif
 
 #include "MainThreadUtils.h"
 #include "mozilla/Sprintf.h"
 #include "prenv.h"
 #include "nsXPCOMPrivate.h"
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  include "nsAppDirectoryServiceDefs.h"
 #endif
 
 #include "nsExceptionHandler.h"
 
 #include "nsDirectoryServiceDefs.h"
 #include "nsIFile.h"
@@ -276,17 +276,17 @@ void GeckoChildProcessHost::PrepareLaunc
   SandboxLaunchPrepare(mProcessType, mLaunchOptions.get());
 #endif
 
 #ifdef XP_WIN
   if (mProcessType == GeckoProcessType_Plugin) {
     InitWindowsGroupID();
   }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // We need to get the pref here as the process is launched off main thread.
   if (mProcessType == GeckoProcessType_Content) {
     mSandboxLevel = GetEffectiveContentSandboxLevel();
     mEnableSandboxLogging =
         Preferences::GetBool("security.sandbox.logging.enabled");
 
     // We currently have to whitelist certain paths for tests to work in some
     // development configurations.
@@ -318,17 +318,17 @@ void GeckoChildProcessHost::PrepareLaunc
 #  if defined(MOZ_SANDBOX)
   // For other process types we can't rely on them being launched on main
   // thread and they may not have access to prefs in the child process, so allow
   // them to turn on logging via an environment variable.
   mEnableSandboxLogging =
       mEnableSandboxLogging || !!PR_GetEnv("MOZ_SANDBOX_LOGGING");
 #  endif
 #elif defined(XP_LINUX)
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // Get and remember the path to the per-content-process tmpdir
   if (ShouldHaveDirectoryService()) {
     nsCOMPtr<nsIFile> contentTempDir;
     nsresult rv = NS_GetSpecialDirectory(NS_APP_CONTENT_PROCESS_TEMP_DIR,
                                          getter_AddRefs(contentTempDir));
     if (NS_SUCCEEDED(rv)) {
       contentTempDir->GetNativePath(mTmpDirName);
     }
@@ -661,17 +661,17 @@ AddAppDirToCommandLine(std::vector<std::
 #else
         nsAutoCString path;
         MOZ_ALWAYS_SUCCEEDS(appDir->GetNativePath(path));
         aCmdLine.push_back("-appdir");
         aCmdLine.push_back(path.get());
 #endif
       }
 
-#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
       // Full path to the profile dir
       nsCOMPtr<nsIFile> profileDir;
       rv =
           directoryService->Get(NS_APP_USER_PROFILE_50_DIR, NS_GET_IID(nsIFile),
                                 getter_AddRefs(profileDir));
       if (NS_SUCCEEDED(rv)) {
         // If the profile doesn't exist, normalization will
         // fail. But we don't return an error here because some
@@ -732,17 +732,17 @@ bool GeckoChildProcessHost::PerformAsync
 
   // `RUST_LOG_CHILD` is meant for logging child processes only.
   nsAutoCString childRustLog(PR_GetEnv("RUST_LOG_CHILD"));
   if (!childRustLog.IsEmpty()) {
     mLaunchOptions->env_map[ENVIRONMENT_LITERAL("RUST_LOG")] =
         ENVIRONMENT_STRING(childRustLog.get());
   }
 
-#if defined(XP_LINUX) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
   if (!mTmpDirName.IsEmpty()) {
     // Point a bunch of things that might want to write from content to our
     // shiny new content-process specific tmpdir
     mLaunchOptions->env_map[ENVIRONMENT_LITERAL("TMPDIR")] =
         ENVIRONMENT_STRING(mTmpDirName.get());
     // Partial fix for bug 1380051 (not persistent - should be)
     mLaunchOptions->env_map[ENVIRONMENT_LITERAL("MESA_GLSL_CACHE_DIR")] =
         ENVIRONMENT_STRING(mTmpDirName.get());
@@ -1084,27 +1084,25 @@ bool GeckoChildProcessHost::PerformAsync
 
   bool shouldSandboxCurrentProcess = false;
 
   // XXX: Bug 1124167: We should get rid of the process specific logic for
   // sandboxing in this class at some point. Unfortunately it will take a bit
   // of reorganizing so I don't think this patch is the right time.
   switch (mProcessType) {
     case GeckoProcessType_Content:
-#    if defined(MOZ_CONTENT_SANDBOX)
       if (mSandboxLevel > 0) {
         // For now we treat every failure as fatal in
         // SetSecurityLevelForContentProcess and just crash there right away.
         // Should this change in the future then we should also handle the error
         // here.
         mSandboxBroker->SetSecurityLevelForContentProcess(mSandboxLevel,
                                                           mIsFileContent);
         shouldSandboxCurrentProcess = true;
       }
-#    endif  // defined(MOZ_CONTENT_SANDBOX)
       break;
     case GeckoProcessType_Plugin:
       if (mSandboxLevel > 0 && !PR_GetEnv("MOZ_DISABLE_NPAPI_SANDBOX")) {
         bool ok =
             mSandboxBroker->SetSecurityLevelForPluginProcess(mSandboxLevel);
         if (!ok) {
           return false;
         }
--- a/ipc/mscom/COMPtrHolder.h
+++ b/ipc/mscom/COMPtrHolder.h
@@ -8,19 +8,19 @@
 #define mozilla_mscom_COMPtrHolder_h
 
 #include "mozilla/Assertions.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Move.h"
 #include "mozilla/mscom/ProxyStream.h"
 #include "mozilla/mscom/Ptr.h"
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 #include "nsExceptionHandler.h"
 
 namespace mozilla {
 namespace mscom {
 
 template <typename Interface, const IID& _IID>
 class COMPtrHolder {
  public:
@@ -41,101 +41,101 @@ class COMPtrHolder {
   Interface* Get() const { return mPtr.get(); }
 
   MOZ_MUST_USE Interface* Release() { return mPtr.release(); }
 
   void Set(COMPtrType&& aPtr) { mPtr = std::forward<COMPtrType>(aPtr); }
 
   void SetActCtx(const ActivationContext& aActCtx) { mActCtx = aActCtx; }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   // This method is const because we need to call it during IPC write, where
   // we are passed as a const argument. At higher sandboxing levels we need to
   // save this artifact from the serialization process for later deletion.
   void PreserveStream(PreservedStreamPtr aPtr) const {
     MOZ_ASSERT(!mMarshaledStream);
     mMarshaledStream = std::move(aPtr);
   }
 
   PreservedStreamPtr GetPreservedStream() {
     return std::move(mMarshaledStream);
   }
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
   COMPtrHolder(const COMPtrHolder& aOther) = delete;
 
   COMPtrHolder(COMPtrHolder&& aOther)
       : mPtr(std::move(aOther.mPtr))
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
         ,
         mMarshaledStream(std::move(aOther.mMarshaledStream))
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   {
   }
 
   // COMPtrHolder is eventually added as a member of a struct that is declared
   // in IPDL. The generated C++ code for that IPDL struct includes copy
   // constructors and assignment operators that assume that all members are
   // copyable. I don't think that those copy constructors and operator= are
   // actually used by any generated code, but they are made available. Since no
   // move semantics are available, this terrible hack makes COMPtrHolder build
   // when used as a member of an IPDL struct.
   ThisType& operator=(const ThisType& aOther) {
     Set(std::move(aOther.mPtr));
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     mMarshaledStream = std::move(aOther.mMarshaledStream);
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
     return *this;
   }
 
   ThisType& operator=(ThisType&& aOther) {
     Set(std::move(aOther.mPtr));
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     mMarshaledStream = std::move(aOther.mMarshaledStream);
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
     return *this;
   }
 
   bool operator==(const ThisType& aOther) const { return mPtr == aOther.mPtr; }
 
   bool IsNull() const { return !mPtr; }
 
  private:
   // This is mutable to facilitate the above operator= hack
   mutable COMPtrType mPtr;
   ActivationContext mActCtx;
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   // This is mutable so that we may optionally store a reference to a marshaled
   // stream to be cleaned up later via PreserveStream().
   mutable PreservedStreamPtr mMarshaledStream;
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 };
 
 }  // namespace mscom
 }  // namespace mozilla
 
 namespace IPC {
 
 template <typename Interface, const IID& _IID>
 struct ParamTraits<mozilla::mscom::COMPtrHolder<Interface, _IID>> {
   typedef mozilla::mscom::COMPtrHolder<Interface, _IID> paramType;
 
   static void Write(Message* aMsg, const paramType& aParam) {
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     static const bool sIsStreamPreservationNeeded =
         XRE_IsParentProcess() &&
         mozilla::GetEffectiveContentSandboxLevel() >= 3;
 #else
     const bool sIsStreamPreservationNeeded = false;
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
     typename paramType::EnvType env;
 
     mozilla::mscom::ProxyStreamFlags flags =
         sIsStreamPreservationNeeded
             ? mozilla::mscom::ProxyStreamFlags::ePreservable
             : mozilla::mscom::ProxyStreamFlags::eDefault;
 
@@ -143,28 +143,28 @@ struct ParamTraits<mozilla::mscom::COMPt
     int bufLen;
     const BYTE* buf = proxyStream.GetBuffer(bufLen);
     MOZ_ASSERT(buf || !bufLen);
     aMsg->WriteInt(bufLen);
     if (bufLen) {
       aMsg->WriteBytes(reinterpret_cast<const char*>(buf), bufLen);
     }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     if (sIsStreamPreservationNeeded) {
       /**
        * When we're sending a ProxyStream from parent to content and the
        * content sandboxing level is >= 3, content is unable to communicate
        * its releasing of its reference to the proxied object. We preserve the
        * marshaled proxy data here and later manually release it on content's
        * behalf.
        */
       aParam.PreserveStream(proxyStream.GetPreservedStream());
     }
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   }
 
   static bool Read(const Message* aMsg, PickleIterator* aIter,
                    paramType* aResult) {
     int length;
     if (!aMsg->ReadLength(aIter, &length)) {
       return false;
     }
--- a/ipc/mscom/InterceptorLog.cpp
+++ b/ipc/mscom/InterceptorLog.cpp
@@ -101,22 +101,22 @@ Logger::Logger(const nsACString& aLeafBa
   GeckoProcessType procType = XRE_GetProcessType();
   nsAutoCString leafName(aLeafBaseName);
   nsresult rv;
   if (procType == GeckoProcessType_Default) {
     leafName.AppendLiteral("-Parent-");
     rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(logFileName));
   } else if (procType == GeckoProcessType_Content) {
     leafName.AppendLiteral("-Content-");
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     rv = NS_GetSpecialDirectory(NS_APP_CONTENT_PROCESS_TEMP_DIR,
                                 getter_AddRefs(logFileName));
 #else
     rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR, getter_AddRefs(logFileName));
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   } else {
     return;
   }
   if (NS_FAILED(rv)) {
     return;
   }
   DWORD pid = GetCurrentProcessId();
   leafName.AppendPrintf("%u.log", pid);
--- a/ipc/mscom/PassthruProxy.h
+++ b/ipc/mscom/PassthruProxy.h
@@ -6,19 +6,19 @@
 
 #ifndef mozilla_mscom_PassthruProxy_h
 #define mozilla_mscom_PassthruProxy_h
 
 #include "mozilla/Atomics.h"
 #include "mozilla/mscom/ProxyStream.h"
 #include "mozilla/mscom/Ptr.h"
 #include "mozilla/NotNull.h"
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
 #include <objbase.h>
 
 namespace mozilla {
 namespace mscom {
 namespace detail {
 
 template <typename Iface>
@@ -32,17 +32,17 @@ struct VTableSizer<IDispatch> {
 }  // namespace detail
 
 class PassthruProxy final : public IMarshal, public IClientSecurity {
  public:
   template <typename Iface>
   static RefPtr<Iface> Wrap(NotNull<Iface*> aIn) {
     static_assert(detail::VTableSizer<Iface>::Size >= 3, "VTable too small");
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     if (mozilla::GetEffectiveContentSandboxLevel() < 3) {
       // The sandbox isn't strong enough to be a problem; no wrapping required
       return aIn.get();
     }
 
     typename detail::EnvironmentSelector<Iface>::Type env;
 
     RefPtr<PassthruProxy> passthru(new PassthruProxy(
@@ -52,17 +52,17 @@ class PassthruProxy final : public IMars
     if (FAILED(passthru->QueryProxyInterface(getter_AddRefs(result)))) {
       return nullptr;
     }
 
     return result;
 #else
     // No wrapping required
     return aIn.get();
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
   }
 
   static HRESULT Register();
 
   PassthruProxy();
 
   // IUnknown
   STDMETHODIMP QueryInterface(REFIID riid, void** ppv) override;
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@@ -1262,17 +1262,17 @@ VARCACHE_PREF(
 #undef PREF_VALUE
 
 VARCACHE_PREF(
   "media.clearkey.persistent-license.enabled",
    MediaClearkeyPersistentLicenseEnabled,
   bool, false
 )
 
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 // Whether to allow, on a Linux system that doesn't support the necessary
 // sandboxing features, loading Gecko Media Plugins unsandboxed.  However, EME
 // CDMs will not be loaded without sandboxing even if this pref is changed.
 VARCACHE_PREF(
   "media.gmp.insecure.allow",
    MediaGmpInsecureAllow,
   bool, false
 )
--- a/old-configure.in
+++ b/old-configure.in
@@ -1632,18 +1632,16 @@ MOZ_SPELLCHECK=1
 MOZ_TOOLKIT_SEARCH=1
 MOZ_UNIVERSALCHARDET=1
 MOZ_XUL=1
 MOZ_ZIPWRITER=1
 MOZ_NO_SMART_CARDS=
 NECKO_COOKIES=1
 MOZ_USE_NATIVE_POPUP_WINDOWS=
 MOZ_EXCLUDE_HYPHENATION_DICTIONARIES=
-MOZ_CONTENT_SANDBOX=
-MOZ_GMP_SANDBOX=
 MOZ_SANDBOX=1
 MOZ_BINARY_EXTENSIONS=
 MOZ_DEVTOOLS=server
 
 case "$target_os" in
     mingw*)
         NS_ENABLE_TSF=1
         AC_DEFINE(NS_ENABLE_TSF)
@@ -2281,81 +2279,35 @@ if test -n "$MOZ_TSAN" -o -n "$MOZ_ASAN"
     esac
 fi
 
 MOZ_ARG_DISABLE_BOOL(sandbox,
 [  --disable-sandbox        Disable sandboxing support],
     MOZ_SANDBOX=,
     MOZ_SANDBOX=1)
 
-dnl ========================================================
-dnl = Content process sandboxing
-dnl ========================================================
-
 case "$OS_TARGET" in
-WINNT)
-    MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
-    ;;
-Darwin)
-    MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
-    ;;
+WINNT|Darwin)
+;;
 Linux)
     case $CPU_ARCH in
         x86_64|x86)
-            MOZ_CONTENT_SANDBOX=$MOZ_SANDBOX
+        ;;
+        # Linux sandbox is only available on x86 and x86_64.
+        *)
+            MOZ_SANDBOX=
         ;;
     esac
     ;;
+*)
+    # Only enable the sandbox by default on Linux, macOS, and Windows
+    MOZ_SANDBOX=
+;;
 esac
 
-MOZ_ARG_ENABLE_BOOL(content-sandbox,
-[  --enable-content-sandbox Enable sandboxing support for content-processes
-  --disable-content-sandbox Disable sandboxing support for content-processes],
-    MOZ_CONTENT_SANDBOX=1,
-    MOZ_CONTENT_SANDBOX=)
-
-if test -n "$MOZ_CONTENT_SANDBOX" -a -z "$MOZ_SANDBOX"; then
-    AC_MSG_ERROR([--enable-content-sandbox and --disable-sandbox are conflicting options])
-fi
-
-if test -n "$MOZ_CONTENT_SANDBOX"; then
-    AC_DEFINE(MOZ_CONTENT_SANDBOX)
-fi
-
-AC_SUBST(MOZ_CONTENT_SANDBOX)
-
-dnl ========================================================
-dnl = Gecko Media Plugin sandboxing
-dnl ========================================================
-case $OS_TARGET in
-WINNT)
-    MOZ_GMP_SANDBOX=$MOZ_SANDBOX
-    ;;
-Linux)
-    case $CPU_ARCH in
-    x86_64|x86)
-        MOZ_GMP_SANDBOX=$MOZ_SANDBOX
-        ;;
-    esac
-    ;;
-Darwin)
-    MOZ_GMP_SANDBOX=$MOZ_SANDBOX
-    ;;
-esac
-
-if test -n "$MOZ_GMP_SANDBOX"; then
-    AC_DEFINE(MOZ_GMP_SANDBOX)
-fi
-
-AC_SUBST(MOZ_GMP_SANDBOX)
-
-if test -z "$MOZ_CONTENT_SANDBOX" -a -z "$MOZ_GMP_SANDBOX"; then
-    MOZ_SANDBOX=
-fi
-
 if test -n "$MOZ_SANDBOX"; then
     AC_DEFINE(MOZ_SANDBOX)
 fi
 
 AC_SUBST(MOZ_SANDBOX)
 
 
 dnl ========================================================
--- a/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h
+++ b/security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h
@@ -84,17 +84,17 @@ InitLoggingIfRequired(ProvideLogFunction
   if (!aProvideLogFunctionCb) {
     return;
   }
 
   if (Preferences::GetBool("security.sandbox.logging.enabled") ||
       PR_GetEnv("MOZ_SANDBOX_LOGGING")) {
     aProvideLogFunctionCb(Log);
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     // We can only log the stack trace on process types where we know that the
     // sandbox won't prevent it.
     if (XRE_IsContentProcess()) {
       Preferences::AddUintVarCache(&sStackTraceDepth,
         "security.sandbox.windows.log.stackTraceDepth");
     }
 #endif
   }
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@@ -7,19 +7,17 @@
 #include "Sandbox.h"
 
 #include "LinuxSched.h"
 #include "SandboxBrokerClient.h"
 #include "SandboxChrootProto.h"
 #include "SandboxFilter.h"
 #include "SandboxInternal.h"
 #include "SandboxLogging.h"
-#ifdef MOZ_GMP_SANDBOX
-#  include "SandboxOpenedFiles.h"
-#endif
+#include "SandboxOpenedFiles.h"
 #include "SandboxReporterClient.h"
 
 #include <dirent.h>
 #ifdef NIGHTLY_BUILD
 #  include "dlfcn.h"
 #endif
 #include <errno.h>
 #include <fcntl.h>
@@ -571,17 +569,16 @@ static void SetCurrentProcessSandbox(
     BroadcastSetThreadSandbox(&fprog);
   }
 
   // Now that all threads' filesystem accesses are being intercepted
   // (if a broker is used) it's safe to chroot the process:
   EnterChroot();
 }
 
-#ifdef MOZ_CONTENT_SANDBOX
 /**
  * Starts the seccomp sandbox for a content process.  Should be called
  * only once, and before any potentially harmful content is loaded.
  *
  * Will normally make the process exit on failure.
  */
 bool SetContentProcessSandbox(ContentProcessSandboxParams&& aParams) {
   int brokerFd = aParams.mBrokerFd;
@@ -603,19 +600,16 @@ bool SetContentProcessSandbox(ContentPro
   if (brokerFd >= 0) {
     sBroker = new SandboxBrokerClient(brokerFd);
   }
 
   SetCurrentProcessSandbox(
       GetContentSandboxPolicy(sBroker, std::move(aParams)));
   return true;
 }
-#endif  // MOZ_CONTENT_SANDBOX
-
-#ifdef MOZ_GMP_SANDBOX
 /**
  * Starts the seccomp sandbox for a media plugin process.  Should be
  * called only once, and before any potentially harmful content is
  * loaded -- including the plugin itself, if it's considered untrusted.
  *
  * The file indicated by aFilePath, if non-null, can be open()ed
  * read-only, once, after the sandbox starts; it should be the .so
  * file implementing the not-yet-loaded plugin.
@@ -646,17 +640,16 @@ void SetMediaPluginSandbox(const char* a
   files->Add("/proc/cpuinfo");  // Info also available via CPUID instruction.
 #  ifdef __i386__
   files->Add("/proc/self/auxv");  // Info also in process's address space.
 #  endif
 
   // Finally, start the sandbox.
   SetCurrentProcessSandbox(GetMediaSandboxPolicy(files));
 }
-#endif  // MOZ_GMP_SANDBOX
 
 void SetRemoteDataDecoderSandbox(int aBroker) {
   if (PR_GetEnv("MOZ_DISABLE_RDD_SANDBOX") != nullptr) {
     if (aBroker >= 0) {
       close(aBroker);
     }
     return;
   }
--- a/security/sandbox/linux/Sandbox.h
+++ b/security/sandbox/linux/Sandbox.h
@@ -20,17 +20,16 @@ namespace mozilla {
 namespace ipc {
 class FileDescriptor;
 }  // namespace ipc
 
 // This must be called early, before glib creates any worker threads.
 // (See bug 1176099.)
 MOZ_EXPORT void SandboxEarlyInit();
 
-#ifdef MOZ_CONTENT_SANDBOX
 // A collection of sandbox parameters that have to be extracted from
 // prefs or other libxul facilities and passed down, because
 // libmozsandbox can't link against the APIs to read them.
 struct ContentProcessSandboxParams {
   // Content sandbox level; see also GetEffectiveSandboxLevel in
   // SandboxSettings.h and the comments for the Linux version of
   // "security.sandbox.content.level" in browser/app/profile/firefox.js
   int mLevel = 0;
@@ -48,22 +47,19 @@ struct ContentProcessSandboxParams {
   static ContentProcessSandboxParams ForThisProcess(
       const Maybe<ipc::FileDescriptor>& aBroker);
 };
 
 // Call only if SandboxInfo::CanSandboxContent() returns true.
 // (No-op if the sandbox is disabled.)
 // isFileProcess determines whether we allow system wide file reads.
 MOZ_EXPORT bool SetContentProcessSandbox(ContentProcessSandboxParams&& aParams);
-#endif
 
-#ifdef MOZ_GMP_SANDBOX
 // Call only if SandboxInfo::CanSandboxMedia() returns true.
 // (No-op if MOZ_DISABLE_GMP_SANDBOX is set.)
 // aFilePath is the path to the plugin file.
 MOZ_EXPORT void SetMediaPluginSandbox(const char* aFilePath);
-#endif
 
 MOZ_EXPORT void SetRemoteDataDecoderSandbox(int aBroker);
 
 }  // namespace mozilla
 
 #endif  // mozilla_Sandbox_h
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -7,19 +7,17 @@
 #include "SandboxFilter.h"
 #include "SandboxFilterUtil.h"
 
 #include "Sandbox.h"  // for ContentProcessSandboxParams
 #include "SandboxBrokerClient.h"
 #include "SandboxInfo.h"
 #include "SandboxInternal.h"
 #include "SandboxLogging.h"
-#ifdef MOZ_GMP_SANDBOX
-#  include "SandboxOpenedFiles.h"
-#endif
+#include "SandboxOpenedFiles.h"
 #include "mozilla/Move.h"
 #include "mozilla/PodOperations.h"
 #include "mozilla/TemplateLib.h"
 #include "mozilla/UniquePtr.h"
 #include "prenv.h"
 
 #include <errno.h>
 #include <fcntl.h>
@@ -650,17 +648,16 @@ class SandboxPolicyCommon : public Sandb
       default:
         return SandboxPolicyBase::EvaluateSyscall(sysno);
     }
   }
 };
 
 // The process-type-specific syscall rules start here:
 
-#ifdef MOZ_CONTENT_SANDBOX
 // The seccomp-bpf filter for content processes is not a true sandbox
 // on its own; its purpose is attack surface reduction and syscall
 // interception in support of a semantic sandboxing layer.  On B2G
 // this is the Android process permission model; on desktop,
 // namespaces and chroot() will be used.
 class ContentSandboxPolicy : public SandboxPolicyCommon {
  private:
   ContentProcessSandboxParams mParams;
@@ -1259,19 +1256,17 @@ class ContentSandboxPolicy : public Sand
     }
   }
 };
 
 UniquePtr<sandbox::bpf_dsl::Policy> GetContentSandboxPolicy(
     SandboxBrokerClient* aMaybeBroker, ContentProcessSandboxParams&& aParams) {
   return MakeUnique<ContentSandboxPolicy>(aMaybeBroker, std::move(aParams));
 }
-#endif  // MOZ_CONTENT_SANDBOX
 
-#ifdef MOZ_GMP_SANDBOX
 // Unlike for content, the GeckoMediaPlugin seccomp-bpf policy needs
 // to be an effective sandbox by itself, because we allow GMP on Linux
 // systems where that's the only sandboxing mechanism we can use.
 //
 // Be especially careful about what this policy allows.
 class GMPSandboxPolicy : public SandboxPolicyCommon {
   static intptr_t OpenTrap(const sandbox::arch_seccomp_data& aArgs, void* aux) {
     const auto files = static_cast<const SandboxOpenedFiles*>(aux);
@@ -1393,17 +1388,16 @@ class GMPSandboxPolicy : public SandboxP
   }
 };
 
 UniquePtr<sandbox::bpf_dsl::Policy> GetMediaSandboxPolicy(
     const SandboxOpenedFiles* aFiles) {
   return UniquePtr<sandbox::bpf_dsl::Policy>(new GMPSandboxPolicy(aFiles));
 }
 
-#endif  // MOZ_GMP_SANDBOX
 
 // The policy for the data decoder process is similar to the one for
 // media plugins, but the codec code is all in-tree so it's better
 // behaved and doesn't need special exceptions (or the ability to load
 // a plugin file).  However, it does directly create shared memory
 // segments, so it may need file brokering.
 class RDDSandboxPolicy final : public SandboxPolicyCommon {
  public:
--- a/security/sandbox/linux/SandboxFilter.h
+++ b/security/sandbox/linux/SandboxFilter.h
@@ -16,29 +16,25 @@ namespace sandbox {
 namespace bpf_dsl {
 class Policy;
 }
 }  // namespace sandbox
 
 namespace mozilla {
 class SandboxBrokerClient;
 
-#ifdef MOZ_CONTENT_SANDBOX
 struct ContentProcessSandboxParams;
 
 UniquePtr<sandbox::bpf_dsl::Policy> GetContentSandboxPolicy(
     SandboxBrokerClient* aMaybeBroker, ContentProcessSandboxParams&& aParams);
-#endif
 
-#ifdef MOZ_GMP_SANDBOX
 class SandboxOpenedFiles;
 
 // The SandboxOpenedFiles object must live until the process exits.
 UniquePtr<sandbox::bpf_dsl::Policy> GetMediaSandboxPolicy(
     const SandboxOpenedFiles* aFiles);
-#endif
 
 UniquePtr<sandbox::bpf_dsl::Policy> GetDecoderSandboxPolicy(
     SandboxBrokerClient* aMaybeBroker);
 
 }  // namespace mozilla
 
 #endif
--- a/security/sandbox/linux/SandboxInfo.cpp
+++ b/security/sandbox/linux/SandboxInfo.cpp
@@ -174,32 +174,28 @@ SandboxInfo::SandboxInfo() {
 
   if (HasUserNamespaceSupport()) {
     flags |= kHasPrivilegedUserNamespaces;
     if (CanCreateUserNamespace()) {
       flags |= kHasUserNamespaces;
     }
   }
 
-#ifdef MOZ_CONTENT_SANDBOX
   // We can't use mozilla::IsContentSandboxEnabled() here because a)
   // libmozsandbox can't depend on libxul, and b) this is called in a static
   // initializer before the prefences service is ready.
   if (!getenv("MOZ_DISABLE_CONTENT_SANDBOX")) {
     flags |= kEnabledForContent;
   }
   if (getenv("MOZ_PERMISSIVE_CONTENT_SANDBOX")) {
     flags |= kPermissive;
   }
-#endif
-#ifdef MOZ_GMP_SANDBOX
   if (!getenv("MOZ_DISABLE_GMP_SANDBOX")) {
     flags |= kEnabledForMedia;
   }
-#endif
   if (getenv("MOZ_SANDBOX_LOGGING")) {
     flags |= kVerbose;
   }
 
   mFlags = static_cast<Flags>(flags);
 }
 
 }  // namespace mozilla
--- a/security/sandbox/linux/SandboxInfo.h
+++ b/security/sandbox/linux/SandboxInfo.h
@@ -20,20 +20,21 @@ class SandboxInfo {
   SandboxInfo(const SandboxInfo& aOther) : mFlags(aOther.mFlags) {}
 
   // Flags are checked at initializer time; this returns them.
   static const SandboxInfo& Get() { return sSingleton; }
 
   enum Flags {
     // System call filtering; kernel config option CONFIG_SECCOMP_FILTER.
     kHasSeccompBPF = 1 << 0,
-    // Config flag MOZ_CONTENT_SANDBOX; runtime
-    // mozilla::IsContentSandboxEnabled().
+    // Whether to use a sandbox for content processes; env var
+    // MOZ_DISABLE_CONTENT_SANDBOX
     kEnabledForContent = 1 << 1,
-    // Config flag MOZ_GMP_SANDBOX; env var MOZ_DISABLE_GMP_SANDBOX.
+    // Whether to use a sandbox for GMP processes; env var
+    // MOZ_DISABLE_GMP_SANDBOX.
     kEnabledForMedia = 1 << 2,
     // Env var MOZ_SANDBOX_LOGGING.
     kVerbose = 1 << 3,
     // Kernel can atomically set system call filtering on entire thread group.
     kHasSeccompTSync = 1 << 4,
     // Can this process create user namespaces? (Man page user_namespaces(7).)
     kHasUserNamespaces = 1 << 5,
     // Could a more privileged process have user namespaces, even if we can't?
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -46,25 +46,23 @@
 #include <sys/sysmacros.h>
 #include <sys/types.h>
 #ifndef ANDROID
 #  include <glob.h>
 #endif
 
 namespace mozilla {
 
-#if defined(MOZ_CONTENT_SANDBOX)
 namespace {
 static const int rdonly = SandboxBroker::MAY_READ;
 static const int wronly = SandboxBroker::MAY_WRITE;
 static const int rdwr = rdonly | wronly;
 static const int rdwrcr = rdwr | SandboxBroker::MAY_CREATE;
 static const int access = SandboxBroker::MAY_ACCESS;
 }  // namespace
-#endif
 
 static void AddMesaSysfsPaths(SandboxBroker::Policy* aPolicy) {
   // Bug 1384178: Mesa driver loader
   aPolicy->AddPrefix(rdonly, "/sys/dev/char/226:");
 
   // Bug 1480755: Mesa tries to probe /sys paths in turn
   aPolicy->AddAncestors("/sys/dev/char/");
 
@@ -198,17 +196,16 @@ static void AddSharedMemoryPaths(Sandbox
   if (base::SharedMemory::AppendPosixShmPrefix(&shmPath, aPid)) {
     aPolicy->AddPrefix(rdwrcr, shmPath.c_str());
   }
 }
 
 SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory() {
   // Policy entries that are the same in every process go here, and
   // are cached over the lifetime of the factory.
-#if defined(MOZ_CONTENT_SANDBOX)
   SandboxBroker::Policy* policy = new SandboxBroker::Policy;
   // Write permssions
   //
   // Bug 1308851: NVIDIA proprietary driver when using WebGL
   policy->AddFilePrefix(rdwr, "/dev", "nvidia");
 
   // Bug 1312678: radeonsi/Intel with DRI when using WebGL
   policy->AddDir(rdwr, "/dev/dri");
@@ -408,20 +405,18 @@ SandboxBrokerPolicyFactory::SandboxBroke
   policy->AddPrefix(SandboxBroker::MAY_CONNECT, "/tmp/.X11-unix/X");
 #    endif
   if (const auto xauth = PR_GetEnv("XAUTHORITY")) {
     policy->AddPath(rdonly, xauth);
   }
 #  endif
 
   mCommonContentPolicy.reset(policy);
-#endif
 }
 
-#ifdef MOZ_CONTENT_SANDBOX
 UniquePtr<SandboxBroker::Policy> SandboxBrokerPolicyFactory::GetContentPolicy(
     int aPid, bool aFileProcess) {
   // Policy entries that vary per-process (currently the only reason
   // that can happen is because they contain the pid) are added here,
   // as well as entries that depend on preferences or paths not available
   // in early startup.
 
   MOZ_ASSERT(NS_IsMainThread());
@@ -592,10 +587,9 @@ SandboxBrokerPolicyFactory::GetUtilityPo
   AddSharedMemoryPaths(policy.get(), aPid);
 
   if (policy->IsEmpty()) {
     policy = nullptr;
   }
   return policy;
 }
 
-#endif  // MOZ_CONTENT_SANDBOX
 }  // namespace mozilla
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.h
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.h
@@ -10,20 +10,18 @@
 #include "mozilla/SandboxBroker.h"
 
 namespace mozilla {
 
 class SandboxBrokerPolicyFactory {
  public:
   SandboxBrokerPolicyFactory();
 
-#ifdef MOZ_CONTENT_SANDBOX
   UniquePtr<SandboxBroker::Policy> GetContentPolicy(int aPid,
                                                     bool aFileProcess);
-#endif
 
   static UniquePtr<SandboxBroker::Policy> GetUtilityPolicy(int aPid);
 
  private:
   UniquePtr<const SandboxBroker::Policy> mCommonContentPolicy;
   static void AddDynamicPathList(SandboxBroker::Policy* policy,
                                  const char* aPathListPref, int perms);
 };
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@@ -207,32 +207,28 @@ class SandboxFork : public base::LaunchO
   void StartChrootServer();
   SandboxFork(const SandboxFork&) = delete;
   SandboxFork& operator=(const SandboxFork&) = delete;
 };
 
 static int GetEffectiveSandboxLevel(GeckoProcessType aType) {
   auto info = SandboxInfo::Get();
   switch (aType) {
-#ifdef MOZ_GMP_SANDBOX
     case GeckoProcessType_GMPlugin:
       if (info.Test(SandboxInfo::kEnabledForMedia)) {
         return 1;
       }
       return 0;
-#endif
-#ifdef MOZ_CONTENT_SANDBOX
     case GeckoProcessType_Content:
       // GetEffectiveContentSandboxLevel is main-thread-only due to prefs.
       MOZ_ASSERT(NS_IsMainThread());
       if (info.Test(SandboxInfo::kEnabledForContent)) {
         return GetEffectiveContentSandboxLevel();
       }
       return 0;
-#endif
     case GeckoProcessType_RDD:
       return PR_GetEnv("MOZ_DISABLE_RDD_SANDBOX") == nullptr ? 1 : 0;
     default:
       return 0;
   }
 }
 
 void SandboxLaunchPrepare(GeckoProcessType aType,
@@ -272,26 +268,23 @@ void SandboxLaunchPrepare(GeckoProcessTy
   }
 
   // Anything below this requires unprivileged user namespaces.
   if (!info.Test(SandboxInfo::kHasUserNamespaces)) {
     return;
   }
 
   switch (aType) {
-#ifdef MOZ_GMP_SANDBOX
     case GeckoProcessType_GMPlugin:
-#endif
     case GeckoProcessType_RDD:
       if (level >= 1) {
         canChroot = true;
         flags |= CLONE_NEWNET | CLONE_NEWIPC;
       }
       break;
-#ifdef MOZ_CONTENT_SANDBOX
     case GeckoProcessType_Content:
       if (level >= 4) {
         canChroot = true;
         // Unshare network namespace if allowed by graphics; see
         // function definition above for details.  (The display
         // local-ness is cached because it won't change.)
         static const bool canCloneNet =
             IsDisplayLocal() && !PR_GetEnv("RENDERDOC_CAPTUREOPTS");
@@ -301,17 +294,16 @@ void SandboxLaunchPrepare(GeckoProcessTy
       }
       // Hidden pref to allow testing user namespaces separately, even
       // if there's nothing that would require them.
       if (Preferences::GetBool("security.sandbox.content.force-namespace",
                                false)) {
         flags |= CLONE_NEWUSER;
       }
       break;
-#endif
     default:
       // Nothing yet.
       break;
   }
 
   if (canChroot || flags != 0) {
     auto forker = MakeUnique<SandboxFork>(flags | CLONE_NEWUSER, canChroot);
     forker->PrepareMapping(&aOptions->fds_to_remap);
--- a/security/sandbox/linux/moz.build
+++ b/security/sandbox/linux/moz.build
@@ -67,24 +67,20 @@ SOURCES += [
     'broker/SandboxBrokerCommon.cpp',
     'Sandbox.cpp',
     'SandboxBrokerClient.cpp',
     'SandboxFilter.cpp',
     'SandboxFilterUtil.cpp',
     'SandboxHooks.cpp',
     'SandboxInfo.cpp',
     'SandboxLogging.cpp',
+    'SandboxOpenedFiles.cpp',
     'SandboxReporterClient.cpp',
 ]
 
-if CONFIG['MOZ_GMP_SANDBOX']:
-    SOURCES += [
-        'SandboxOpenedFiles.cpp',
-    ]
-
 # This copy of SafeSPrintf doesn't need to avoid the Chromium logging
 # dependency like the one in libxul does, but this way the behavior is
 # consistent.  See also the comment in SandboxLogging.h.
 SOURCES['../chromium/base/strings/safe_sprintf.cc'].flags += ['-DNDEBUG']
 
 if CONFIG['CC_TYPE'] in ('clang', 'gcc'):
     # Keep clang from warning about intentional 'switch' fallthrough in icu_utf.cc:
     SOURCES['../chromium/base/third_party/icu/icu_utf.cc'].flags += ['-Wno-implicit-fallthrough']
--- a/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp
+++ b/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp
@@ -123,23 +123,21 @@ bool RemoteSandboxBroker::AllowReadFile(
   mParameters.allowedReadFiles().AppendElement(nsDependentString(aFile));
   return true;
 }
 
 void RemoteSandboxBroker::AddHandleToShare(HANDLE aHandle) {
   mParameters.shareHandles().AppendElement(uint64_t(aHandle));
 }
 
-#ifdef MOZ_CONTENT_SANDBOX
 void RemoteSandboxBroker::SetSecurityLevelForContentProcess(
     int32_t aSandboxLevel, bool aIsFileProcess) {
   MOZ_CRASH(
       "RemoteSandboxBroker::SetSecurityLevelForContentProcess not Implemented");
 }
-#endif
 
 void RemoteSandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
   MOZ_CRASH(
       "RemoteSandboxBroker::SetSecurityLevelForGPUProcess not Implemented");
 }
 
 bool RemoteSandboxBroker::SetSecurityLevelForRDDProcess() {
   MOZ_CRASH(
--- a/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h
+++ b/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h
@@ -28,20 +28,18 @@ class RemoteSandboxBroker : public Abstr
   // the event loop. So this means potentially another IPC launch could occur
   // re-entrantly while calling this.
   bool LaunchApp(const wchar_t *aPath, const wchar_t *aArguments,
                  base::EnvironmentMap &aEnvironment,
                  GeckoProcessType aProcessType, const bool aEnableLogging,
                  void **aProcessHandle) override;
 
   // Security levels for different types of processes
-#if defined(MOZ_CONTENT_SANDBOX)
   void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                          bool aIsFileProcess) override;
-#endif
   void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) override;
   bool SetSecurityLevelForRDDProcess() override;
   bool SetSecurityLevelForPluginProcess(int32_t aSandboxLevel) override;
   bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel) override;
   bool AllowReadFile(wchar_t const *file) override;
   void AddHandleToShare(HANDLE aHandle) override;
 
  private:
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -363,17 +363,16 @@ static sandbox::ResultCode SetJobLevel(s
   static bool sCanUseJob = CanUseJob();
   if (sCanUseJob) {
     return aPolicy->SetJobLevel(aJobLevel, aUiExceptions);
   }
 
   return aPolicy->SetJobLevel(sandbox::JOB_NONE, 0);
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
 
 void SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                                       bool aIsFileProcess) {
   MOZ_RELEASE_ASSERT(mPolicy, "mPolicy must be set before this call.");
 
   sandbox::JobLevel jobLevel;
   sandbox::TokenLevel accessTokenLevel;
   sandbox::IntegrityLevel initialIntegrityLevel;
@@ -587,17 +586,16 @@ void SandboxBroker::SetSecurityLevelForC
       "With these static arguments AddRule should never fail, what happened?");
   result =
       mPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_HANDLES,
                        sandbox::TargetPolicy::HANDLES_DUP_ANY, L"Semaphore");
   MOZ_RELEASE_ASSERT(
       sandbox::SBOX_ALL_OK == result,
       "With these static arguments AddRule should never fail, what happened?");
 }
-#endif
 
 void SandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
   MOZ_RELEASE_ASSERT(mPolicy, "mPolicy must be set before this call.");
 
   sandbox::JobLevel jobLevel;
   sandbox::TokenLevel accessTokenLevel;
   sandbox::IntegrityLevel initialIntegrityLevel;
   sandbox::IntegrityLevel delayedIntegrityLevel;
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@@ -30,20 +30,18 @@ class AbstractSandboxBroker {
 
   virtual void Shutdown() = 0;
   virtual bool LaunchApp(const wchar_t *aPath, const wchar_t *aArguments,
                          base::EnvironmentMap &aEnvironment,
                          GeckoProcessType aProcessType,
                          const bool aEnableLogging, void **aProcessHandle) = 0;
 
   // Security levels for different types of processes
-#if defined(MOZ_CONTENT_SANDBOX)
   virtual void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                                  bool aIsFileProcess) = 0;
-#endif
 
   virtual void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) = 0;
   virtual bool SetSecurityLevelForRDDProcess() = 0;
 
   virtual bool SetSecurityLevelForPluginProcess(int32_t aSandboxLevel) = 0;
   enum SandboxLevel { LockDown, Restricted };
   virtual bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel) = 0;
 
@@ -78,20 +76,18 @@ class SandboxBroker : public AbstractSan
 
   bool LaunchApp(const wchar_t *aPath, const wchar_t *aArguments,
                  base::EnvironmentMap &aEnvironment,
                  GeckoProcessType aProcessType, const bool aEnableLogging,
                  void **aProcessHandle) override;
   virtual ~SandboxBroker();
 
   // Security levels for different types of processes
-#if defined(MOZ_CONTENT_SANDBOX)
   void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
                                          bool aIsFileProcess) override;
-#endif
 
   void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) override;
   bool SetSecurityLevelForRDDProcess() override;
 
   bool SetSecurityLevelForPluginProcess(int32_t aSandboxLevel) override;
   bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel) override;
 
   // File system permissions
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -90,23 +90,16 @@ this.AppConstants = Object.freeze({
 
   MOZ_SANDBOX:
 #ifdef MOZ_SANDBOX
   true,
 #else
   false,
 #endif
 
-  MOZ_CONTENT_SANDBOX:
-#ifdef MOZ_CONTENT_SANDBOX
-  true,
-#else
-  false,
-#endif
-
   MOZ_TELEMETRY_REPORTING:
 #ifdef MOZ_TELEMETRY_REPORTING
   true,
 #else
   false,
 #endif
 
   MOZ_TELEMETRY_ON_BY_DEFAULT:
--- a/toolkit/modules/Troubleshoot.jsm
+++ b/toolkit/modules/Troubleshoot.jsm
@@ -681,17 +681,17 @@ if (AppConstants.MOZ_SANDBOX) {
         for (let i = 0; i < report.numArgs; ++i) {
           args.push(report.getArg(i));
         }
         syscalls.push({ index, msecAgo, pid, tid, procType, syscall, args });
       }
       data.syscallLog = syscalls;
     }
 
-    if (AppConstants.MOZ_CONTENT_SANDBOX) {
+    if (AppConstants.MOZ_SANDBOX) {
       let sandboxSettings = Cc["@mozilla.org/sandbox/sandbox-settings;1"].
                             getService(Ci.mozISandboxSettings);
       data.contentSandboxLevel =
         Services.prefs.getIntPref("security.sandbox.content.level");
       data.effectiveContentSandboxLevel =
         sandboxSettings.effectiveContentSandboxLevel;
     }
 
--- a/toolkit/modules/tests/browser/browser_Troubleshoot.js
+++ b/toolkit/modules/tests/browser/browser_Troubleshoot.js
@@ -740,21 +740,21 @@ const SNAPSHOT_SCHEMA = {
           required: false,
           type: "boolean",
         },
         canSandboxMedia: {
           required: false,
           type: "boolean",
         },
         contentSandboxLevel: {
-          required: AppConstants.MOZ_CONTENT_SANDBOX,
+          required: AppConstants.MOZ_SANDBOX,
           type: "number",
         },
         effectiveContentSandboxLevel: {
-          required: AppConstants.MOZ_CONTENT_SANDBOX,
+          required: AppConstants.MOZ_SANDBOX,
           type: "number",
         },
         syscallLog: {
           required: AppConstants.platform == "linux",
           type: "array",
           items: {
             type: "object",
             properties: {
--- a/toolkit/xre/nsAppRunner.cpp
+++ b/toolkit/xre/nsAppRunner.cpp
@@ -117,17 +117,17 @@
 #    include "mozilla/LauncherRegistryInfo.h"
 #  endif
 
 #  ifndef PROCESS_DEP_ENABLE
 #    define PROCESS_DEP_ENABLE 0x1
 #  endif
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  if (defined(XP_WIN) || defined(XP_MACOSX))
 #    include "nsIUUIDGenerator.h"
 #  endif
 #endif
 
 #ifdef ACCESSIBILITY
 #  include "nsAccessibilityService.h"
@@ -3203,17 +3203,17 @@ int XREMain::XRE_mainInit(bool* aExitFla
       }
     }
   }
 
 #if defined(MOZ_SANDBOX) && defined(XP_WIN)
   if (mAppData->sandboxBrokerServices) {
     SandboxBroker::Initialize(mAppData->sandboxBrokerServices);
   } else {
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
     // If we're sandboxing content and we fail to initialize, then crashing here
     // seems like the sensible option.
     if (BrowserTabsRemoteAutostart()) {
       MOZ_CRASH("Failed to initialize broker services, can't continue.");
     }
 #  endif
     // Otherwise just warn for the moment, as most things will work.
     NS_WARNING(
@@ -4204,17 +4204,17 @@ int XREMain::XRE_mainStartup(bool* aExit
 
   if (flagFile) {
     flagFile->Remove(true);
   }
 
   return 0;
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 void AddSandboxAnnotations() {
   // Include the sandbox content level, regardless of platform
   int level = GetEffectiveContentSandboxLevel();
 
   nsAutoCString levelString;
   levelString.AppendInt(level);
 
   CrashReporter::AnnotateCrashReport(
@@ -4234,17 +4234,17 @@ void AddSandboxAnnotations() {
 #  elif defined(__OpenBSD__)
   sandboxCapable = true;
   StartOpenBSDSandbox(GeckoProcessType_Default);
 #  endif
 
   CrashReporter::AnnotateCrashReport(
       CrashReporter::Annotation::ContentSandboxCapable, sandboxCapable);
 }
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
 /*
  * XRE_mainRun - Command line startup, profile migration, and
  * the calling of appStartup->Run().
  */
 nsresult XREMain::XRE_mainRun() {
   nsresult rv = NS_OK;
   NS_ASSERTION(mScopedXPCOM, "Scoped xpcom not initialized.");
@@ -4574,19 +4574,19 @@ nsresult XREMain::XRE_mainRun() {
                         sandboxInfo.Test(SandboxInfo::kEnabledForMedia));
   nsAutoCString flagsString;
   flagsString.AppendInt(sandboxInfo.AsInteger());
 
   CrashReporter::AnnotateCrashReport(
       CrashReporter::Annotation::ContentSandboxCapabilities, flagsString);
 #endif /* MOZ_SANDBOX && XP_LINUX */
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   AddSandboxAnnotations();
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
   mProfileSvc->CompleteStartup();
 
   {
     rv = appStartup->Run();
     if (NS_FAILED(rv)) {
       NS_ERROR("failed to run appstartup");
       gLogConsoleErrors = true;
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -89,17 +89,17 @@
 #include "GeckoProfiler.h"
 
 #if defined(MOZ_SANDBOX) && defined(XP_WIN)
 #  include "mozilla/sandboxTarget.h"
 #  include "mozilla/sandboxing/loggingCallbacks.h"
 #  include "mozilla/RemoteSandboxBrokerProcessChild.h"
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 #  include "mozilla/SandboxSettings.h"
 #  include "mozilla/Preferences.h"
 #endif
 
 #if defined(XP_LINUX) && defined(MOZ_SANDBOX)
 #  include "mozilla/Sandbox.h"
 #endif
 
@@ -290,25 +290,25 @@ XRE_SetRemoteExceptionHandler(const char
 void SetTaskbarGroupId(const nsString& aId) {
   if (FAILED(SetCurrentProcessExplicitAppUserModelID(aId.get()))) {
     NS_WARNING(
         "SetCurrentProcessExplicitAppUserModelID failed for child process.");
   }
 }
 #endif
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 void AddContentSandboxLevelAnnotation() {
   if (XRE_GetProcessType() == GeckoProcessType_Content) {
     int level = GetEffectiveContentSandboxLevel();
     CrashReporter::AnnotateCrashReport(
         CrashReporter::Annotation::ContentSandboxLevel, level);
   }
 }
-#endif /* MOZ_CONTENT_SANDBOX */
+#endif /* MOZ_SANDBOX */
 
 namespace {
 
 int GetDebugChildPauseTime() {
   auto pauseStr = PR_GetEnv("MOZ_DEBUG_CHILD_PAUSE");
   if (pauseStr && *pauseStr) {
     int pause = atoi(pauseStr);
     if (pause != 1) {  // must be !=1 since =1 enables the default pause time
@@ -415,21 +415,21 @@ nsresult XRE_InitChildProcess(int aArgc,
   // work properly.
   AbstractThread::InitTLS();
 
   // Complete 'task_t' exchange for Mac OS X. This structure has the same size
   // regardless of architecture so we don't have any cross-arch issues here.
 #ifdef XP_MACOSX
   if (aArgc < 1) return NS_ERROR_FAILURE;
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   // Save the original number of arguments to pass to the sandbox
   // setup routine which also uses the crash server argument.
   int allArgc = aArgc;
-#  endif /* MOZ_CONTENT_SANDBOX */
+#  endif /* MOZ_SANDBOX */
 
   const char* const mach_port_name = aArgv[--aArgc];
 
   Maybe<recordreplay::AutoPassThroughThreadEvents> pt;
   pt.emplace();
 
   const int kTimeoutMs = 1000;
 
@@ -497,23 +497,23 @@ nsresult XRE_InitChildProcess(int aArgc,
   MachPortSender* ports_in_sender =
       new MachPortSender(parent_message.GetTranslatedPort(2));
 
   if (err != KERN_SUCCESS) {
     NS_WARNING("child task_set_bootstrap_port() failed");
     return NS_ERROR_FAILURE;
   }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   std::string sandboxError;
   if (!EarlyStartMacSandboxIfEnabled(allArgc, aArgv, sandboxError)) {
     printf_stderr("Sandbox error: %s\n", sandboxError.c_str());
     MOZ_CRASH("Sandbox initialization failed");
   }
-#  endif /* MOZ_CONTENT_SANDBOX */
+#  endif /* MOZ_SANDBOX */
 
   pt.reset();
 #endif /* XP_MACOSX */
 
   SetupErrorHandling(aArgv[0]);
 
   if (!CrashReporter::IsDummy()) {
 #if defined(XP_WIN)
@@ -758,17 +758,17 @@ nsresult XRE_InitChildProcess(int aArgc,
       if (XRE_GetProcessType() != GeckoProcessType_RemoteSandboxBroker) {
         // Remote sandbox launcher process doesn't have prerequisites for
         // these...
         mozilla::FilePreferences::InitDirectoriesWhitelist();
         mozilla::FilePreferences::InitPrefs();
         OverrideDefaultLocaleIfNeeded();
       }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
       AddContentSandboxLevelAnnotation();
 #endif
 
       // Run the UI event loop on the main thread.
       uiMessageLoop.MessageLoop::Run();
 
       // Allow ProcessChild to clean up after itself before going out of
       // scope and being deleted
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -138,17 +138,17 @@ nsresult nsXREDirProvider::Initialize(
     nsIFile* aXULAppDir, nsIFile* aGREDir,
     nsIDirectoryServiceProvider* aAppProvider) {
   NS_ENSURE_ARG(aXULAppDir);
   NS_ENSURE_ARG(aGREDir);
 
   mAppProvider = aAppProvider;
   mXULAppDir = aXULAppDir;
   mGREDir = aGREDir;
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
   // The GRE directory can be used in sandbox rules, so we need to make sure
   // it doesn't contain any junction points or symlinks or the sandbox will
   // reject those rules.
   if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mGREDir)) {
     NS_WARNING("Failed to resolve GRE Dir.");
   }
   // If the mXULAppDir is different it lives below the mGREDir. To avoid
   // confusion resolve that as well even though we don't need it for sandbox
@@ -211,17 +211,17 @@ nsresult nsXREDirProvider::SetProfile(ns
         NS_WARNING("Failed to set Cache directory to HIDDEN.");
       }
     }
   }
 #endif
 
   mProfileDir = aDir;
   mProfileLocalDir = aLocalDir;
-#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
   // The profile directory can be used in sandbox rules, so we need to make sure
   // it doesn't contain any junction points or symlinks or the sandbox will
   // reject those rules.
   if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(
           mProfileDir)) {
     NS_WARNING("Failed to resolve Profile Dir.");
   }
 #endif
@@ -470,24 +470,24 @@ nsXREDirProvider::GetFile(const char* aP
       rv = file->AppendNative(NS_LITERAL_CSTRING("features"));
   } else if (!strcmp(aProperty, XRE_ADDON_APP_DIR)) {
     nsCOMPtr<nsIDirectoryServiceProvider> dirsvc(
         do_GetService("@mozilla.org/file/directory_service;1", &rv));
     if (NS_FAILED(rv)) return rv;
     bool unused;
     rv = dirsvc->GetFile("XCurProcD", &unused, getter_AddRefs(file));
   }
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) {
     if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) {
       return rv;
     }
     rv = mContentTempDir->Clone(getter_AddRefs(file));
   }
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 #if defined(MOZ_SANDBOX)
   else if (0 == strcmp(aProperty, NS_APP_PLUGIN_PROCESS_TEMP_DIR)) {
     if (!mPluginTempDir && NS_FAILED((rv = LoadPluginProcessTempDir()))) {
       return rv;
     }
     rv = mPluginTempDir->Clone(getter_AddRefs(file));
   }
 #endif  // defined(MOZ_SANDBOX)
@@ -619,17 +619,17 @@ nsXREDirProvider::GetFiles(const char* a
 static const char* GetProcessTempBaseDirKey() {
 #  if defined(XP_WIN)
   return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
 #  else
   return NS_OS_TEMP_DIR;
 #  endif
 }
 
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
 //
 // Sets mContentTempDir so that it refers to the appropriate temp dir.
 // If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
 // NS_OS_TEMP_DIR is used.
 //
 nsresult nsXREDirProvider::LoadContentProcessTempDir() {
   // The parent is responsible for creating the sandbox temp dir.
   if (XRE_IsParentProcess()) {
@@ -744,17 +744,17 @@ static already_AddRefed<nsIFile> GetProc
 //
 // Create a temporary directory for use from sandboxed processes.
 // Only called in the parent. The path is derived from a UUID stored in a
 // pref which is available to content and plugin processes. Returns null
 // if the content sandbox is disabled or if an error occurs.
 //
 static already_AddRefed<nsIFile> CreateProcessSandboxTempDir(
     GeckoProcessType procType) {
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   if ((procType == GeckoProcessType_Content) && IsContentSandboxDisabled()) {
     return nullptr;
   }
 #  endif
 
   MOZ_ASSERT((procType == GeckoProcessType_Content) ||
              (procType == GeckoProcessType_Plugin));
 
@@ -1046,17 +1046,17 @@ nsXREDirProvider::DoStartup() {
       }
 
       mozilla::Telemetry::Accumulate(mozilla::Telemetry::NUMBER_OF_PROFILES,
                                      count);
     }
 
     obsSvc->NotifyObservers(nullptr, "profile-initial-state", nullptr);
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     // Makes sure the content temp dir has been loaded if it hasn't been
     // already. In the parent this ensures it has been created before we attempt
     // to start any content processes.
     if (!mContentTempDir) {
       mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadContentProcessTempDir()));
     }
 #endif
 #if defined(MOZ_SANDBOX)
@@ -1095,20 +1095,18 @@ void nsXREDirProvider::DoShutdown() {
                               kShutdownPersist);
       obsSvc->NotifyObservers(nullptr, "profile-before-change-telemetry",
                               kShutdownPersist);
     }
     mProfileNotified = false;
   }
 
   if (XRE_IsParentProcess()) {
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
     mozilla::Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
-#endif
-#if defined(MOZ_SANDBOX)
     mozilla::Unused << DeleteDirIfExists(mPluginProcessSandboxTempDir);
 #endif
   }
 }
 
 #ifdef XP_WIN
 static nsresult GetShellFolderPath(KNOWNFOLDERID folder, nsAString& _retval) {
   DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS;
--- a/toolkit/xre/nsXREDirProvider.h
+++ b/toolkit/xre/nsXREDirProvider.h
@@ -123,41 +123,37 @@ class nsXREDirProvider final : public ns
 
   static nsresult AppendSysUserExtensionPath(nsIFile* aFile);
   static nsresult AppendSysUserExtensionsDevPath(nsIFile* aFile);
 
   // Internal helper that splits a path into components using the '/' and '\\'
   // delimiters.
   static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath);
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   // Load the temp directory for sandboxed content processes
   nsresult LoadContentProcessTempDir();
-#endif
-#if defined(MOZ_SANDBOX)
   nsresult LoadPluginProcessTempDir();
 #endif
 
   void Append(nsIFile* aDirectory);
 
   nsCOMPtr<nsIDirectoryServiceProvider> mAppProvider;
   // On OSX, mGREDir points to .app/Contents/Resources
   nsCOMPtr<nsIFile> mGREDir;
   // On OSX, mGREBinDir points to .app/Contents/MacOS
   nsCOMPtr<nsIFile> mGREBinDir;
   // On OSX, mXULAppDir points to .app/Contents/Resources/browser
   nsCOMPtr<nsIFile> mXULAppDir;
   nsCOMPtr<nsIFile> mProfileDir;
   nsCOMPtr<nsIFile> mProfileLocalDir;
   bool mProfileNotified;
   bool mPrefsInitialized = false;
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> mContentTempDir;
   nsCOMPtr<nsIFile> mContentProcessSandboxTempDir;
-#endif
-#if defined(MOZ_SANDBOX)
   nsCOMPtr<nsIFile> mPluginTempDir;
   nsCOMPtr<nsIFile> mPluginProcessSandboxTempDir;
 #endif
   nsCOMArray<nsIFile> mAppBundleDirectories;
 };
 
 #endif
--- a/xpcom/base/nsMacUtilsImpl.cpp
+++ b/xpcom/base/nsMacUtilsImpl.cpp
@@ -122,17 +122,17 @@ nsMacUtilsImpl::GetIsTranslated(bool* aI
   // Translation only exists for ppc code.  Other architectures aren't
   // translated.
   *aIsTranslated = false;
 #endif
 
   return NS_OK;
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 // Get the path to the .app directory (aka bundle) for the parent process.
 // When executing in the child process, this is the outer .app (such as
 // Firefox.app) and not the inner .app containing the child process
 // executable. We don't rely on the actual .app extension to allow for the
 // bundle being renamed.
 bool nsMacUtilsImpl::GetAppPath(nsCString& aAppPath) {
   nsAutoCString appPath;
   nsAutoCString appBinaryPath(
@@ -197,9 +197,9 @@ nsAutoCString nsMacUtilsImpl::GetDirecto
   directoryFile->Normalize();
   nsAutoCString directoryPath;
   if (NS_FAILED(directoryFile->GetNativePath(directoryPath))) {
     MOZ_CRASH("Failed to get path for an nsIFile");
   }
   return directoryPath;
 }
 #  endif /* DEBUG */
-#endif   /* MOZ_CONTENT_SANDBOX */
+#endif   /* MOZ_SANDBOX */
--- a/xpcom/base/nsMacUtilsImpl.h
+++ b/xpcom/base/nsMacUtilsImpl.h
@@ -13,23 +13,23 @@
 
 class nsMacUtilsImpl final : public nsIMacUtils {
  public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSIMACUTILS
 
   nsMacUtilsImpl() {}
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   static bool GetAppPath(nsCString &aAppPath);
 
 #  ifdef DEBUG
   static nsAutoCString GetDirectoryPath(const char *aPath);
 #  endif /* DEBUG */
-#endif   /* MOZ_CONTENT_SANDBOX */
+#endif   /* MOZ_SANDBOX */
 
  private:
   ~nsMacUtilsImpl() {}
 
   nsresult GetArchString(nsAString &aArchString);
 
   // A string containing a "-" delimited list of architectures
   // in our binary.
--- a/xpcom/io/SpecialSystemDirectory.cpp
+++ b/xpcom/io/SpecialSystemDirectory.cpp
@@ -579,17 +579,17 @@ nsresult GetSpecialSystemDirectory(Syste
     }
     case Win_LocalAppdata: {
       nsresult rv = GetWindowsFolder(CSIDL_LOCAL_APPDATA, aFile);
       if (NS_FAILED(rv)) {
         rv = GetRegWindowsAppDataFolder(true, aFile);
       }
       return rv;
     }
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
     case Win_LocalAppdataLow: {
       GUID localAppDataLowGuid = FOLDERID_LocalAppDataLow;
       return GetKnownFolder(&localAppDataLowGuid, aFile);
     }
 #  endif
 #  if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
     case Win_Documents: {
       return GetLibrarySaveToPath(CSIDL_MYDOCUMENTS, FOLDERID_DocumentsLibrary,
--- a/xpcom/io/SpecialSystemDirectory.h
+++ b/xpcom/io/SpecialSystemDirectory.h
@@ -29,17 +29,17 @@ enum SystemDirectories {
   Win_Appdata = 221,
   Win_Cookies = 223,
   Win_LocalAppdata = 224,
   Win_ProgramFiles = 225,
   Win_Downloads = 226,
 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
   Win_Documents = 228,
 #endif
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
   Win_LocalAppdataLow = 232,
 #endif
 
   Unix_HomeDirectory = 303,
   Unix_XDG_Desktop = 304,
   Unix_XDG_Download = 306
 };
 
--- a/xpcom/io/nsAppDirectoryServiceDefs.h
+++ b/xpcom/io/nsAppDirectoryServiceDefs.h
@@ -73,46 +73,46 @@
 
 #define NS_APP_INSTALL_CLEANUP_DIR \
   "XPIClnupD"  // location of xpicleanup.dat xpicleanup.exe
 
 #define NS_APP_INDEXEDDB_PARENT_DIR "indexedDBPDir"
 
 #define NS_APP_PERMISSION_PARENT_DIR "permissionDBPDir"
 
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX)
 //
 // NS_APP_CONTENT_PROCESS_TEMP_DIR refers to a directory that is read and
 // write accessible from a sandboxed content process. The key may be used in
 // either process, but the directory is intended to be used for short-lived
 // files that need to be saved to the filesystem by the content process and
 // don't need to survive browser restarts. The directory is reset on startup.
-// The key is only valid when MOZ_CONTENT_SANDBOX is defined. When
-// MOZ_CONTENT_SANDBOX is defined, the directory the key refers to differs
+// The key is only valid when MOZ_SANDBOX is defined. When
+// MOZ_SANDBOX is defined, the directory the key refers to differs
 // depending on whether or not content sandboxing is enabled.
 //
-// When MOZ_CONTENT_SANDBOX is defined and sandboxing is enabled (versus
+// When MOZ_SANDBOX is defined and sandboxing is enabled (versus
 // manually disabled via prefs), the content process replaces NS_OS_TEMP_DIR
 // with NS_APP_CONTENT_PROCESS_TEMP_DIR so that legacy code in content
 // attempting to write to NS_OS_TEMP_DIR will write to
-// NS_APP_CONTENT_PROCESS_TEMP_DIR instead. When MOZ_CONTENT_SANDBOX is
+// NS_APP_CONTENT_PROCESS_TEMP_DIR instead. When MOZ_SANDBOX is
 // defined but sandboxing is disabled, NS_APP_CONTENT_PROCESS_TEMP_DIR
 // falls back to NS_OS_TEMP_DIR in both content and chrome processes.
 //
 // New code should avoid writing to the filesystem from the content process
 // and should instead proxy through the parent process whenever possible.
 //
 // At present, all sandboxed content processes use the same directory for
 // NS_APP_CONTENT_PROCESS_TEMP_DIR, but that should not be relied upon.
 //
 #  define NS_APP_CONTENT_PROCESS_TEMP_DIR "ContentTmpD"
 #else
 // Otherwise NS_APP_CONTENT_PROCESS_TEMP_DIR must match NS_OS_TEMP_DIR.
 #  define NS_APP_CONTENT_PROCESS_TEMP_DIR "TmpD"
-#endif  // defined(MOZ_CONTENT_SANDBOX)
+#endif  // defined(MOZ_SANDBOX)
 
 #if defined(MOZ_SANDBOX)
 #  define NS_APP_PLUGIN_PROCESS_TEMP_DIR "PluginTmpD"
 #else
 #  define NS_APP_PLUGIN_PROCESS_TEMP_DIR "TmpD"
 #endif
 
 #endif  // nsAppDirectoryServiceDefs_h___
--- a/xpcom/io/nsDirectoryService.cpp
+++ b/xpcom/io/nsDirectoryService.cpp
@@ -303,17 +303,17 @@ nsDirectoryService::UnregisterProvider(n
   if (!aProv) {
     return NS_ERROR_FAILURE;
   }
 
   mProviders.RemoveElement(aProv);
   return NS_OK;
 }
 
-#if defined(MOZ_CONTENT_SANDBOX) && defined(XP_WIN)
+#if defined(MOZ_SANDBOX) && defined(XP_WIN)
 static nsresult GetLowIntegrityTempBase(nsIFile** aLowIntegrityTempBase) {
   nsCOMPtr<nsIFile> localFile;
   nsresult rv =
       GetSpecialSystemDirectory(Win_LocalAppdataLow, getter_AddRefs(localFile));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
@@ -413,17 +413,17 @@ nsDirectoryService::GetFile(const char* 
     rv = GetSpecialSystemDirectory(Win_Favorites, getter_AddRefs(localFile));
   } else if (inAtom == nsGkAtoms::DirectoryService_OS_DesktopDirectory) {
     rv = GetSpecialSystemDirectory(Win_Desktopdirectory,
                                    getter_AddRefs(localFile));
   } else if (inAtom == nsGkAtoms::DirectoryService_Appdata) {
     rv = GetSpecialSystemDirectory(Win_Appdata, getter_AddRefs(localFile));
   } else if (inAtom == nsGkAtoms::DirectoryService_LocalAppdata) {
     rv = GetSpecialSystemDirectory(Win_LocalAppdata, getter_AddRefs(localFile));
-#  if defined(MOZ_CONTENT_SANDBOX)
+#  if defined(MOZ_SANDBOX)
   } else if (inAtom == nsGkAtoms::DirectoryService_LocalAppdataLow) {
     rv = GetSpecialSystemDirectory(Win_LocalAppdataLow,
                                    getter_AddRefs(localFile));
   } else if (inAtom == nsGkAtoms::DirectoryService_LowIntegrityTempBase) {
     rv = GetLowIntegrityTempBase(getter_AddRefs(localFile));
 #  endif
   } else if (inAtom == nsGkAtoms::DirectoryService_WinCookiesDirectory) {
     rv = GetSpecialSystemDirectory(Win_Cookies, getter_AddRefs(localFile));