Bug 1358223 - Part 2 - In telemetry send the effective sandbox level instead of the raw value draft
authorAlex Gaynor <agaynor@mozilla.com>
Fri, 12 May 2017 17:05:53 -0400
changeset 586538 7d2da4cc6ac47709f2edbb889ca0f0cb097b4aaa
parent 586537 38bf596efa59a93914a16bd6585dad417e15c9f4
child 631026 4c02b40f4b38994879ef000a6dfb551060ab93a8
push id61447
push userbmo:agaynor@mozilla.com
push dateTue, 30 May 2017 17:35:49 +0000
Bug 1358223 - Part 2 - In telemetry send the effective sandbox level instead of the raw value This gives us the most actionable piece of information from the perspective of correlating between how the sandbox is configured and behavior we see. MozReview-Commit-ID: EWWQrDHns1R
--- a/toolkit/components/telemetry/TelemetryEnvironment.jsm
+++ b/toolkit/components/telemetry/TelemetryEnvironment.jsm
@@ -222,17 +222,16 @@ const DEFAULT_ENVIRONMENT_PREFS = new Ma
   ["pdfjs.disabled", {what: RECORD_PREF_VALUE}],
   ["places.history.enabled", {what: RECORD_PREF_VALUE}],
   ["plugins.remember_infobar_dismissal", {what: RECORD_PREF_VALUE}],
   ["plugins.show_infobar", {what: RECORD_PREF_VALUE}],
   ["privacy.trackingprotection.enabled", {what: RECORD_PREF_VALUE}],
   ["privacy.donottrackheader.enabled", {what: RECORD_PREF_VALUE}],
   ["security.mixed_content.block_active_content", {what: RECORD_PREF_VALUE}],
   ["security.mixed_content.block_display_content", {what: RECORD_PREF_VALUE}],
-  ["security.sandbox.content.level", {what: RECORD_PREF_VALUE}],
   ["xpinstall.signatures.required", {what: RECORD_PREF_VALUE}],
 const LOGGER_NAME = "Toolkit.Telemetry";
 const PREF_BLOCKLIST_ENABLED = "extensions.blocklist.enabled";
 const PREF_DISTRIBUTION_ID = "distribution.id";
 const PREF_DISTRIBUTION_VERSION = "distribution.version";
@@ -1262,29 +1261,43 @@ EnvironmentCache.prototype = {
       telemetryEnabled: Utils.isTelemetryEnabled,
       locale: getBrowserLocale(),
       update: {
         channel: updateChannel,
         enabled: Preferences.get(PREF_UPDATE_ENABLED, true),
         autoDownload: Preferences.get(PREF_UPDATE_AUTODOWNLOAD, true),
       userPrefs: this._getPrefData(),
+      sandbox: this._getSandboxData(),
     this._currentEnvironment.settings.addonCompatibilityCheckEnabled =
     if (AppConstants.platform !== "android") {
       this._currentEnvironment.settings.isDefaultBrowser =
+  _getSandboxData() {
+    let effectiveContentProcessLevel = null;
+    try {
+      let sandboxSettings = Cc["@mozilla.org/sandbox/sandbox-settings;1"].
+                            getService(Ci.mozISandboxSettings);
+      effectiveContentProcessLevel = (
+        sandboxSettings.effectiveContentSandboxLevel);
+    } catch (e) {}
+    return {
+      effectiveContentProcessLevel,
+    };
+  },
    * Update the cached profile data.
    * @returns Promise<> resolved when the I/O is complete.
   async _updateProfile() {
     const logger = Log.repository.getLoggerWithMessagePrefix(LOGGER_NAME, "ProfileAge - ");
     let profileAccessor = new ProfileAge(null, logger);
--- a/toolkit/components/telemetry/docs/data/environment.rst
+++ b/toolkit/components/telemetry/docs/data/environment.rst
@@ -63,16 +63,19 @@ Structure:
         attribution: { // optional, only present if the installation has attribution data
           // all of these values are optional.
           source: <string>, // referring partner domain, when install happens via a known partner
           medium: <string>, // category of the source, such as "organic" for a search engine
           campaign: <string>, // identifier of the particular campaign that led to the download of the product
           content: <string>, // identifier to indicate the particular link within a campaign
+        sandbox: {
+          effectiveContentProcessLevel: <integer>,
+        }
       profile: {
         creationDate: <integer>, // integer days since UNIX epoch, e.g. 16446
         resetDate: <integer>, // integer days since UNIX epoch, e.g. 16446 - optional
       partner: { // This section may not be immediately available on startup
         distributionId: <string>, // pref "distribution.id", null on failure
         distributionVersion: <string>, // pref "distribution.version", null on failure
@@ -328,27 +331,34 @@ The following is a partial list of colle
 - ``browser.search.suggest.enabled``: The "master switch" for search suggestions everywhere in Firefox (search bar, urlbar, etc.). Defaults to true.
 - ``browser.urlbar.suggest.searches``: True if search suggestions are enabled in the urlbar. Defaults to false.
 - ``browser.urlbar.userMadeSearchSuggestionsChoice``: True if the user has clicked Yes or No in the urlbar's opt-in notification. Defaults to false.
 - ``browser.zoom.full`` (deprecated): True if zoom is enabled for both text and images, that is if "Zoom Text Only" is not enabled. Defaults to true. This preference was collected in Firefox 50 to 52 (`Bug 979323 <https://bugzilla.mozilla.org/show_bug.cgi?id=979323>`_).
-- ``security.sandbox.content.level``: The meanings of the values are OS dependent. Details of the meanings can be found in the `Firefox prefs file <https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js>`_.
 This object contains the attribution data for the product installation.
 Attribution data is used to link installations of Firefox with the source that the user arrived at the Firefox download page from. It would indicate, for instance, when a user executed a web search for Firefox and arrived at the download page from there, directly navigated to the site, clicked on a link from a particular social media campaign, etc.
 The attribution data is included in some versions of the default Firefox installer for Windows (the "stub" installer) and stored as part of the installation. All platforms other than Windows and also Windows installations that did not use the stub installer do not have this data and will not include the ``attribution`` object.
+This object contains data about the state of Firefox's sandbox.
+Specific keys are:
+- ``effectiveContentProcessLevel``: The meanings of the values are OS dependent. Details of the meanings can be found in the `Firefox prefs file <https://hg.mozilla.org/mozilla-central/file/tip/browser/app/profile/firefox.js>`_. The value here is the effective value, not the raw value, some platforms enforce a minimum sandbox level. If there is an error calculating this, it will be ``null``.
 If the user is using a partner repack, this contains information identifying the repack being used, otherwise "partnerNames" will be an empty array and other entries will be null. The information may be missing when the profile just becomes available. In Firefox for desktop, the information along with other customizations defined in distribution.ini are processed later in the startup phase, and will be fully applied when "distribution-customization-complete" notification is sent.
 Distributions are most reliably identified by the ``distributionId`` field. Partner information can be found in the `partner repacks <https://github.com/mozilla-partners>`_ (`the old one <https://hg.mozilla.org/build/partner-repacks/>`_ is deprecated): it contains one private repository per partner.
 Important values for ``distributionId`` include: