Bug 1504404 - Port bug 1431441 and bug 1504188 to mail/app/nsMailApp.cpp. r=jorgk
authorRichard Marti <richard.marti@gmail.com>
Sat, 03 Nov 2018 18:00:23 +0100
changeset 33652 d4e98be4fc0b4bbc5f65149e874048b600daf21e
parent 33651 e2d7001a1a8720b15e5f4f3e28143d38ea7fda7e
child 33653 bd1dfa52d616bce5e6024b8a6c2524f0658e6205
push id388
push userclokep@gmail.com
push dateMon, 28 Jan 2019 20:54:56 +0000
reviewersjorgk
bugs1504404, 1431441, 1504188
Bug 1504404 - Port bug 1431441 and bug 1504188 to mail/app/nsMailApp.cpp. r=jorgk Bug 1431441: [Mac] Start the content sandbox earlier Bug 1504188: Can't build on Mac with sandbox disabled
mail/app/moz.build
mail/app/nsMailApp.cpp
mail/app/profile/all-thunderbird.js
--- a/mail/app/moz.build
+++ b/mail/app/moz.build
@@ -21,16 +21,21 @@ if CONFIG['LIBFUZZER']:
     LOCAL_INCLUDES += [
         '/%s/tools/fuzzing/libfuzzer' % CONFIG['mozreltopsrcdir'],
     ]
 
 if CONFIG['OS_ARCH'] == 'WINNT':
     RCINCLUDE = 'splash.rc'
     DEFINES['MOZ_THUNDERBIRD'] = True
 
+if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'Darwin':
+    USE_LIBS += [
+        'mozsandbox',
+    ]
+
 if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
     # For sandbox includes and the include dependencies those have
     LOCAL_INCLUDES += [
         '/%s/security/sandbox/chromium' % CONFIG['mozreltopsrcdir'],
         '/%s/security/sandbox/chromium-shim' % CONFIG['mozreltopsrcdir'],
     ]
 
     USE_LIBS += [
--- a/mail/app/nsMailApp.cpp
+++ b/mail/app/nsMailApp.cpp
@@ -36,16 +36,20 @@
 #include "mozilla/Sprintf.h"
 #include "mozilla/StartupTimeline.h"
 #include "mozilla/WindowsDllBlocklist.h"
 
 #ifdef LIBFUZZER
 #include "FuzzerDefs.h"
 #endif
 
+#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+#include "mozilla/Sandbox.h"
+#endif
+
 #ifdef MOZ_LINUX_32_SSE2_STARTUP_ERROR
 #include <cpuid.h>
 #include "mozilla/Unused.h"
 
 static bool
 IsSSE2Available()
 {
   // The rest of the app has been compiled to assume that SSE2 is present
@@ -257,16 +261,26 @@ InitXPCOMGlue()
 // NB: This must be extern, as this value is checked elsewhere
 uint32_t gBlocklistInitFlags = eDllBlocklistInitFlagDefault;
 #endif
 
 int main(int argc, char* argv[], char* envp[])
 {
   mozilla::TimeStamp start = mozilla::TimeStamp::Now();
 
+#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
+  if (argc > 1 && IsArg(argv[1], "contentproc")) {
+    std::string err;
+    if (!mozilla::EarlyStartMacSandboxIfEnabled(argc, argv, err)) {
+      Output("Sandbox error: %s\n", err.c_str());
+      MOZ_CRASH("Sandbox initialization failed");
+    }
+  }
+#endif
+
 #ifdef MOZ_BROWSER_CAN_BE_CONTENTPROC
   // We are launching as a content process, delegate to the appropriate
   // main
   if (argc > 1 && IsArg(argv[1], "contentproc")) {
 #ifdef HAS_DLL_BLOCKLIST
     DllBlocklist_Initialize(eDllBlocklistInitFlagIsChildProcess);
 #endif
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
--- a/mail/app/profile/all-thunderbird.js
+++ b/mail/app/profile/all-thunderbird.js
@@ -839,16 +839,22 @@ pref("mail.save_msg_filename_underscores
 // This controls the strength of the Windows content process sandbox for testing
 // purposes. This will require a restart.
 // On windows these levels are:
 // See - security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
 // SetSecurityLevelForContentProcess() for what the different settings mean.
 pref("security.sandbox.content.level", 0);
 #endif
 
+#if defined(NIGHTLY_BUILD) && defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+// Start the Mac sandbox immediately during child process startup instead
+// of when messaged by the parent after the message loop is running.
+pref("security.sandbox.content.mac.earlyinit", false);
+#endif
+
 // Enable FIDO U2F
 pref("security.webauth.u2f", true);
 
 // Use OS date and time settings by default.
 pref("intl.regional_prefs.use_os_locales", true);
 
 // Multi-lingual preferences
 pref("intl.multilingual.enabled", false);