Backed out 2 changesets (bug 1488439) for build bustage at /build/src/dom/plugins/ipc/PluginProcessParent.cpp on a CLOSED TREE
authorCoroiu Cristina <ccoroiu@mozilla.com>
Fri, 12 Oct 2018 21:00:41 +0300
changeset 496653 32af88ce76dab548742417a74be9a13043540143
parent 496652 a9cb7624c15de659ef31809a19bac825d46e4b18
child 496654 7c1aecbca3ddeb55c60b943a123eb65a052f8594
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1488439
milestone64.0a1
backs out74b2087ee696eb7369b65727b81fc67121789f7d
85575fc37555213a204b8565bbadef7270edd19e
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 2 changesets (bug 1488439) for build bustage at /build/src/dom/plugins/ipc/PluginProcessParent.cpp on a CLOSED TREE Backed out changeset 74b2087ee696 (bug 1488439) Backed out changeset 85575fc37555 (bug 1488439)
browser/app/profile/firefox.js
dom/plugins/ipc/FunctionBroker.h
dom/plugins/ipc/FunctionBrokerIPCUtils.h
dom/plugins/ipc/FunctionHook.cpp
dom/plugins/ipc/IpdlTuple.h
dom/plugins/ipc/PluginModuleChild.cpp
dom/plugins/ipc/PluginModuleChild.h
dom/plugins/ipc/PluginProcessChild.cpp
dom/plugins/ipc/PluginProcessParent.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
toolkit/xre/nsXREDirProvider.cpp
toolkit/xre/nsXREDirProvider.h
xpcom/io/nsAppDirectoryServiceDefs.h
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1094,25 +1094,22 @@ pref("security.sandbox.content.syscall_w
 // broad list for now, has to be refined over time
 pref("security.sandbox.pledge.main", "stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast");
 #if defined(MOZ_CONTENT_SANDBOX)
 pref("security.sandbox.content.level", 1);
 pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
 #endif
 #endif
 
-#if defined(MOZ_SANDBOX)
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // ID (a UUID when set by gecko) that is used to form the name of a
 // sandbox-writable temporary directory to be used by content processes
 // when a temporary writable file is required in a level 1 sandbox.
 pref("security.sandbox.content.tempDirSuffix", "");
 #endif
-pref("security.sandbox.plugin.tempDirSuffix", "");
-#endif
 
 #if defined(MOZ_SANDBOX)
 // This pref determines if messages relevant to sandbox violations are
 // logged.
 #if defined(XP_WIN) || defined(XP_MACOSX)
 pref("security.sandbox.logging.enabled", false);
 #endif
 #endif
--- a/dom/plugins/ipc/FunctionBroker.h
+++ b/dom/plugins/ipc/FunctionBroker.h
@@ -284,18 +284,16 @@ inline bool ParameterEquality(const char
   * A type map _from_ the type of a parameter in the original function
   * we are brokering _to_ a type that we can marshal.  We must be able
   * to Copy() the marshaled type using the parameter type.
   * The default maps from type T back to type T.
   */
 template<typename OrigType> struct IPCTypeMap     { typedef OrigType ipc_type; };
 template<> struct IPCTypeMap<char*>               { typedef nsDependentCSubstring ipc_type; };
 template<> struct IPCTypeMap<const char*>         { typedef nsDependentCSubstring ipc_type; };
-template<> struct IPCTypeMap<wchar_t*>            { typedef nsString ipc_type; };
-template<> struct IPCTypeMap<const wchar_t*>      { typedef nsString ipc_type; };
 template<> struct IPCTypeMap<long>                { typedef int32_t ipc_type; };
 template<> struct IPCTypeMap<unsigned long>       { typedef uint32_t ipc_type; };
 
 #if defined(XP_WIN)
 template<> struct IPCTypeMap<PSecHandle>          { typedef uint64_t ipc_type; };
 template<> struct IPCTypeMap<PTimeStamp>          { typedef uint64_t ipc_type; };
 template<> struct IPCTypeMap<void*>               { typedef uint64_t ipc_type; }; // HANDLEs
 template<> struct IPCTypeMap<HWND>                { typedef NativeWindowHandle ipc_type; };
@@ -501,27 +499,16 @@ struct BaseEndpointHandler<CLIENT,SelfTy
     // In the client, we just bind to the caller's string
     if (aSrc) {
       aDest.Rebind(aSrc, strlen(aSrc));
     } else {
       aDest.SetIsVoid(true);
     }
   }
 
-  inline static void Copy(nsString& aDest, wchar_t* const& aSrc)
-  {
-    if (aSrc) {
-      // We are using nsString as a "raw" container for a wchar_t string.  We
-      // just use its data as a wchar_t* later (so the reinterpret_cast is safe).
-      aDest.Rebind(reinterpret_cast<char16_t*>(aSrc), wcslen(aSrc));
-    } else {
-      aDest.SetIsVoid(true);
-    }
-  }
-
   inline static void Copy(char*& aDest, const nsDependentCSubstring& aSrc)
   {
     MOZ_ASSERT_UNREACHABLE("Returning char* parameters is not yet suported.");
   }
 
 #if defined(XP_WIN)
   inline static void Copy(uint32_t& aDest, const LPDWORD& aSrc)
   {
@@ -589,37 +576,16 @@ struct BaseEndpointHandler<SERVER, SelfT
 
   inline static void Copy(ServerCallData* aScd, const char*& aDest, const nsDependentCSubstring& aSrc)
   {
     char* nonConstDest;
     Copy(aScd, nonConstDest, aSrc);
     aDest = nonConstDest;
   }
 
-  inline static void Copy(ServerCallData* aScd, wchar_t*& aDest, const nsString& aSrc)
-  {
-    // Allocating the string with aScd means it will last during the server call
-    // and be freed when the call is complete.
-    MOZ_ASSERT(aScd);
-    if (aSrc.IsVoid()) {
-      aDest = nullptr;
-      return;
-    }
-    aScd->AllocateMemory((aSrc.Length() + 1)*sizeof(wchar_t), aDest);
-    memcpy(aDest, aSrc.Data(), aSrc.Length() * sizeof(wchar_t));
-    aDest[aSrc.Length()] = L'\0';
-  }
-
-  inline static void Copy(ServerCallData* aScd, const wchar_t*& aDest, const nsString& aSrc)
-  {
-    wchar_t* nonConstDest;
-    Copy(aScd, nonConstDest, aSrc);
-    aDest = nonConstDest;
-  }
-
 #if defined(XP_WIN)
   inline static void Copy(uint32_t& aDest, const LPDWORD& aSrc)
   {
     aDest = *aSrc;
   }
 
   inline static void Copy(LPDWORD& aDest, const uint32_t& aSrc)
   {
--- a/dom/plugins/ipc/FunctionBrokerIPCUtils.h
+++ b/dom/plugins/ipc/FunctionBrokerIPCUtils.h
@@ -43,17 +43,16 @@ enum FunctionHookId
   , ID_HttpEndRequestA
   , ID_InternetQueryOptionA
   , ID_InternetErrorDlg
   , ID_AcquireCredentialsHandleA
   , ID_QueryCredentialsAttributesA
   , ID_FreeCredentialsHandle
   , ID_PrintDlgW
   , ID_CreateMutexW
-  , ID_GetFileAttributesW
   , ID_FunctionHookCount
 #else // defined(XP_WIN)
     ID_FunctionHookCount
 #endif // defined(XP_WIN)
 };
 
 // Max number of bytes to show when logging a blob of raw memory
 static const uint32_t MAX_BLOB_CHARS_TO_LOG = 12;
--- a/dom/plugins/ipc/FunctionHook.cpp
+++ b/dom/plugins/ipc/FunctionHook.cpp
@@ -6,17 +6,16 @@
 
 #include "FunctionHook.h"
 #include "FunctionBroker.h"
 #include "nsClassHashtable.h"
 #include "mozilla/ClearOnShutdown.h"
 
 #if defined(XP_WIN)
 #include <shlobj.h>
-#include "PluginModuleChild.h"
 #endif
 
 namespace mozilla {
 namespace plugins {
 
 StaticAutoPtr<FunctionHookArray> FunctionHook::sFunctionHooks;
 
 bool AlwaysHook(int) { return true; }
@@ -304,66 +303,30 @@ void FunctionHook::HookProtectedMode()
   // Legacy code.  Uses the nsWindowsDLLInterceptor directly instead of
   // using the FunctionHook
   sKernel32Intercept.Init("kernel32.dll");
   MOZ_ASSERT(XRE_GetProcessType() == GeckoProcessType_Plugin);
   sCreateFileWStub.Set(sKernel32Intercept, "CreateFileW", &CreateFileWHookFn);
   sCreateFileAStub.Set(sKernel32Intercept, "CreateFileA", &CreateFileAHookFn);
 }
 
-/* GetFileAttributesW */
-
-typedef BasicFunctionHook<ID_GetFileAttributesW, decltype(GetFileAttributesW)> GetFileAttributesWFH;
-
-DWORD WINAPI GetFileAttributesWHook(LPCWSTR aFilename)
-{
-  MOZ_ASSERT(ID_GetFileAttributesW < FunctionHook::GetHooks()->Length());
-  GetFileAttributesWFH* functionHook =
-    static_cast<GetFileAttributesWFH*>(FunctionHook::GetHooks()->ElementAt(ID_GetFileAttributesW));
-  if (!functionHook->OriginalFunction()) {
-    NS_ASSERTION(FALSE, "Something is horribly wrong in GetFileAttributesWHook!");
-    return FALSE;
-  }
-
-  DWORD ret = functionHook->OriginalFunction()(aFilename);
-  if (ret != INVALID_FILE_ATTRIBUTES) {
-    return ret;
-  }
-
-  // If aFilename is a parent of PluginModuleChild::GetFlashRoamingPath then
-  // assume it was blocked by the sandbox and just report it as a plain directory.
-  size_t len = wcslen(aFilename);
-  std::wstring roamingPath = PluginModuleChild::GetFlashRoamingPath();
-  bool isParent =
-    (len > 0) && (aFilename[len - 1] == L'\\') &&
-    (_wcsnicmp(aFilename, roamingPath.c_str(), len) == 0);
-  if (!isParent) {
-    return ret;
-  }
-  return FILE_ATTRIBUTE_DIRECTORY;
-}
-
 #endif // defined(XP_WIN)
 
 #define FUN_HOOK(x) static_cast<FunctionHook*>(x)
 
 void
 FunctionHook::AddFunctionHooks(FunctionHookArray& aHooks)
 {
   // We transfer ownership of the FunctionHook objects to the array.
 #if defined(XP_WIN)
   aHooks[ID_GetWindowInfo] =
     FUN_HOOK(new GetWindowInfoFH("user32.dll", "GetWindowInfo",
                                  &GetWindowInfo, &GetWindowInfoHook));
   aHooks[ID_PrintDlgW] =
     FUN_HOOK(new PrintDlgWFH("comdlg32.dll", "PrintDlgW", &PrintDlgW,
                              PrintDlgWHook));
-  aHooks[ID_GetFileAttributesW] =
-    FUN_HOOK(new GetFileAttributesWFH("kernel32.dll", "GetFileAttributesW",
-                                      &GetFileAttributesW,
-                                      &GetFileAttributesWHook));
 #endif // defined(XP_WIN)
 }
 
 #undef FUN_HOOK
 
 } // namespace plugins
 } // namespace mozilla
--- a/dom/plugins/ipc/IpdlTuple.h
+++ b/dom/plugins/ipc/IpdlTuple.h
@@ -34,23 +34,23 @@ public:
   const MaybeVariantType& GetVariant() const { return mValue; }
 
 private:
   MaybeVariantType mValue;
 };
 
 #if defined(XP_WIN)
 typedef MaybeVariant<int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,
-                     int64_t,uint64_t,nsCString,nsString,bool,OpenFileNameIPC,
+                     int64_t,uint64_t,nsCString,bool,OpenFileNameIPC,
                      OpenFileNameRetIPC,NativeWindowHandle,
                      IPCSchannelCred,IPCInternetBuffers,StringArray,
                      IPCPrintDlg> IpdlTupleElement;
 #else
 typedef MaybeVariant<int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,
-                     int64_t,uint64_t,nsCString,nsString,bool> IpdlTupleElement;
+                     int64_t,uint64_t,nsCString,bool> IpdlTupleElement;
 #endif // defined(XP_WIN)
 
 } // namespace internal
 } // namespace plugins
 } // namespace mozilla
 
 DECLARE_USE_COPY_CONSTRUCTORS(mozilla::plugins::internal::IpdlTupleElement)
 
--- a/dom/plugins/ipc/PluginModuleChild.cpp
+++ b/dom/plugins/ipc/PluginModuleChild.cpp
@@ -60,19 +60,16 @@
 
 using namespace mozilla;
 using namespace mozilla::ipc;
 using namespace mozilla::plugins;
 using namespace mozilla::widget;
 
 #if defined(XP_WIN)
 const wchar_t * kFlashFullscreenClass = L"ShockwaveFlashFullScreen";
-#if defined(MOZ_SANDBOX)
-std::wstring sRoamingPath;
-#endif
 #endif
 
 namespace {
 // see PluginModuleChild::GetChrome()
 PluginModuleChild* gChromeInstance = nullptr;
 } // namespace
 
 #ifdef XP_WIN
@@ -206,44 +203,24 @@ PluginModuleChild::RecvDisableFlashProte
 void
 PluginModuleChild::EnableFlashSandbox(int aLevel, bool aShouldEnableLogging)
 {
     mFlashSandboxLevel = aLevel;
     mEnableFlashSandboxLogging = aShouldEnableLogging;
 }
 #endif
 
-#if defined(OS_WIN) && defined(MOZ_SANDBOX)
-/* static */ void
-PluginModuleChild::SetFlashRoamingPath(const std::wstring& aRoamingPath)
-{
-  MOZ_ASSERT(sRoamingPath.empty());
-  sRoamingPath = aRoamingPath;
-}
-
-/* static */ std::wstring
-PluginModuleChild::GetFlashRoamingPath()
-{
-  return sRoamingPath;
-}
-#endif
-
 bool
 PluginModuleChild::InitForChrome(const std::string& aPluginFilename,
                                  base::ProcessId aParentPid,
                                  MessageLoop* aIOLoop,
                                  IPC::Channel* aChannel)
 {
     NS_ASSERTION(aChannel, "need a channel");
 
-#if defined(OS_WIN) && defined(MOZ_SANDBOX)
-    MOZ_ASSERT(!sRoamingPath.empty(),
-               "Should have already called SetFlashRoamingPath");
-#endif
-
     if (!InitGraphics())
         return false;
 
     mPluginFilename = aPluginFilename.c_str();
     nsCOMPtr<nsIFile> localFile;
     NS_NewLocalFile(NS_ConvertUTF8toUTF16(mPluginFilename),
                     true,
                     getter_AddRefs(localFile));
--- a/dom/plugins/ipc/PluginModuleChild.h
+++ b/dom/plugins/ipc/PluginModuleChild.h
@@ -120,23 +120,16 @@ protected:
     virtual mozilla::ipc::IPCResult
     AnswerModuleSupportsAsyncRender(bool* aResult) override;
 public:
     explicit PluginModuleChild(bool aIsChrome);
     virtual ~PluginModuleChild();
 
     void CommonInit();
 
-#if defined(OS_WIN) && defined(MOZ_SANDBOX)
-    // Path to the roaming Flash Player folder.  This is used to restore some
-    // behavior blocked by the sandbox.
-    static void SetFlashRoamingPath(const std::wstring& aRoamingPath);
-    static std::wstring GetFlashRoamingPath();
-#endif
-
     // aPluginFilename is UTF8, not native-charset!
     bool InitForChrome(const std::string& aPluginFilename,
                        base::ProcessId aParentPid,
                        MessageLoop* aIOLoop,
                        IPC::Channel* aChannel);
 
     bool InitForContent(Endpoint<PPluginModuleChild>&& aEndpoint);
 
--- a/dom/plugins/ipc/PluginProcessChild.cpp
+++ b/dom/plugins/ipc/PluginProcessChild.cpp
@@ -24,45 +24,28 @@
 // An undocumented CoreGraphics framework method, present in the same form
 // since at least OS X 10.5.
 extern "C" CGError CGSSetDebugOptions(int options);
 #endif
 
 #ifdef XP_WIN
 #if defined(MOZ_SANDBOX)
 #include "mozilla/sandboxTarget.h"
-#include "ProcessUtils.h"
-#include "nsDirectoryService.h"
 #endif
 #endif
 
 using mozilla::ipc::IOThreadChild;
 
 #ifdef OS_WIN
 #include <algorithm>
 #endif
 
 namespace mozilla {
 namespace plugins {
 
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-static void
-SetSandboxTempPath(const std::wstring& aFullTmpPath)
-{
-  // Save the TMP environment variable so that is is picked up by GetTempPath().
-  // Note that we specifically write to the TMP variable, as that is the first
-  // variable that is checked by GetTempPath() to determine its output.
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", aFullTmpPath.c_str()));
-
-  // We also set TEMP in case there is naughty third-party code that is
-  // referencing the environment variable directly.
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", aFullTmpPath.c_str()));
-}
-#endif
-
 bool
 PluginProcessChild::Init(int aArgc, char* aArgv[])
 {
     nsDebugImpl::SetMultiprocessMode("NPAPI");
 
 #if defined(XP_MACOSX)
     // Remove the trigger for "dyld interposing" that we added in
     // GeckoChildProcessHost::PerformAsyncLaunch(), in the host
@@ -131,39 +114,27 @@ PluginProcessChild::Init(int aArgc, char
     }
 #endif
 
 #elif defined(OS_WIN)
     std::vector<std::wstring> values =
         CommandLine::ForCurrentProcess()->GetLooseValues();
     MOZ_ASSERT(values.size() >= 1, "not enough loose args");
 
-    // parameters are:
-    // values[0] is path to plugin DLL
-    // values[1] is path to folder that should be used for temp files
-    // values[2] is path to the Flash Player roaming folder
-    //   (this is always that Flash folder, regardless of what plugin is being run)
     pluginFilename = WideToUTF8(values[0]);
 
     // We don't initialize XPCOM but we need the thread manager and the
     // logging framework for the FunctionBroker.
     NS_SetMainThread();
     mozilla::TimeStamp::Startup();
     NS_LogInit();
     mozilla::LogModule::Init(aArgc, aArgv);
     nsThreadManager::get().Init();
 
 #if defined(MOZ_SANDBOX)
-    MOZ_ASSERT(values.size() >= 3, "not enough loose args for sandboxed plugin process");
-
-    // The sandbox closes off the default location temp file location so we set
-    // a new one here (regardless of whether or not we are sandboxing).
-    SetSandboxTempPath(values[1]);
-    PluginModuleChild::SetFlashRoamingPath(values[2]);
-
     // This is probably the earliest we would want to start the sandbox.
     // As we attempt to tighten the sandbox, we may need to consider moving this
     // to later in the plugin initialization.
     mozilla::SandboxTarget::Instance()->StartSandbox();
 #endif
 #else
 #  error Sorry
 #endif
--- a/dom/plugins/ipc/PluginProcessParent.cpp
+++ b/dom/plugins/ipc/PluginProcessParent.cpp
@@ -4,21 +4,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/plugins/PluginProcessParent.h"
 
 #include "base/string_util.h"
 #include "base/process_util.h"
 
-#include "nsAppDirectoryServiceDefs.h"
-#include "nsDirectoryServiceDefs.h"
-#include "nsIProperties.h"
-#include "nsServiceManagerUtils.h"
-
 #include "mozilla/ipc/BrowserProcessSubThread.h"
 #include "mozilla/plugins/PluginMessageUtils.h"
 #include "mozilla/Telemetry.h"
 #include "nsThreadUtils.h"
 
 using std::vector;
 using std::string;
 
@@ -88,50 +83,16 @@ PluginProcessParent::Launch(mozilla::Uni
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
     if (aSandboxLevel > 0) {
         args.push_back("-flashSandboxLevel");
         args.push_back(std::to_string(aSandboxLevel));
         if (aIsSandboxLoggingEnabled) {
             args.push_back("-flashSandboxLogging");
         }
     }
-#elseif defined(XP_WIN) && defined(MOZ_SANDBOX)
-    nsresult rv;
-    nsCOMPtr<nsIProperties> dirSvc =
-      do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
-    if (NS_FAILED(rv)) {
-      MOZ_ASSERT(false, "Failed to get directory service.");
-      return false;
-    }
-
-    nsCOMPtr<nsIFile> dir;
-    rv =
-      dirSvc->Get(NS_APP_PLUGIN_PROCESS_TEMP_DIR, NS_GET_IID(nsIFile),
-                  getter_AddRefs(dir));
-    if (NS_FAILED(rv)) {
-      NS_WARNING("Failed to get plugin process temp directory.");
-      return false;
-    }
-
-    nsAutoString tempDir;
-    MOZ_ALWAYS_SUCCEEDS(dir->GetPath(tempDir));
-    args.push_back(NS_ConvertUTF16toUTF8(tempDir).get());
-
-    rv =
-      dirSvc->Get(NS_WIN_APPDATA_DIR, NS_GET_IID(nsIFile),
-                  getter_AddRefs(dir));
-    if (NS_FAILED(rv)) {
-      NS_WARNING("Failed to get appdata directory.");
-      return false;
-    }
-
-    nsAutoString appdataDir;
-    MOZ_ALWAYS_SUCCEEDS(dir->GetPath(appdataDir));
-    appdataDir.Append(L"\\Adobe\\");
-    args.push_back(NS_ConvertUTF16toUTF8(appdataDir).get());
 #endif
 
     bool result = AsyncLaunch(args);
     if (!result) {
         mLaunchCompleteTask = nullptr;
     }
     return result;
 }
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -39,17 +39,16 @@ sandbox::BrokerServices *SandboxBroker::
 // fundamental things when running from a network drive. We default to false in
 // case those checks fail as that gives us the strongest policy.
 bool SandboxBroker::sRunningFromNetworkDrive = false;
 
 // Cached special directories used for adding policy rules.
 static UniquePtr<nsString> sBinDir;
 static UniquePtr<nsString> sProfileDir;
 static UniquePtr<nsString> sContentTempDir;
-static UniquePtr<nsString> sPluginTempDir;
 static UniquePtr<nsString> sRoamingAppDataDir;
 static UniquePtr<nsString> sLocalAppDataDir;
 static UniquePtr<nsString> sUserExtensionsDevDir;
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
 static UniquePtr<nsString> sUserExtensionsDir;
 #endif
 
 // Cached prefs which are needed off main thread.
@@ -111,17 +110,16 @@ SandboxBroker::GeckoDependentInitialize(
     MOZ_ASSERT(false, "Failed to get directory service, cannot cache directories for rules.");
     LOG_E("Failed to get directory service, cannot cache directories for rules.");
     return;
   }
 
   CacheDirAndAutoClear(dirSvc, NS_GRE_DIR, &sBinDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_CONTENT_PROCESS_TEMP_DIR, &sContentTempDir);
-  CacheDirAndAutoClear(dirSvc, NS_APP_PLUGIN_PROCESS_TEMP_DIR, &sPluginTempDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_APPDATA_DIR, &sRoamingAppDataDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
   CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DEV_DIR, &sUserExtensionsDevDir);
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
   CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR, &sUserExtensionsDir);
 #endif
 
   // Create sLaunchErrors up front because ClearOnShutdown must be called on the
@@ -696,16 +694,21 @@ SandboxBroker::SetSecurityLevelForPlugin
     delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
   } else {
     jobLevel = sandbox::JOB_NONE;
     accessTokenLevel = sandbox::USER_NON_ADMIN;
     initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
     delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
   }
 
+#ifndef NIGHTLY_BUILD
+  // We are experimenting with using restricting SIDs in the nightly builds
+  mPolicy->SetDoNotUseRestrictingSIDs();
+#endif
+
   sandbox::ResultCode result = SetJobLevel(mPolicy, jobLevel,
                                            0 /* ui_exceptions */);
   SANDBOX_ENSURE_SUCCESS(result,
                          "Setting job level failed, have you set memory limit when jobLevel == JOB_NONE?");
 
   result = mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                                   accessTokenLevel);
   SANDBOX_ENSURE_SUCCESS(result,
@@ -741,25 +744,16 @@ SandboxBroker::SetSecurityLevelForPlugin
 
   sandbox::MitigationFlags delayedMitigations =
     sandbox::MITIGATION_DLL_SEARCH_ORDER;
 
   result = mPolicy->SetDelayedProcessMitigations(delayedMitigations);
   SANDBOX_ENSURE_SUCCESS(result,
                          "Invalid flags for SetDelayedProcessMitigations.");
 
-#ifndef NIGHTLY_BUILD
-  // We are experimenting with using restricting SIDs in the nightly builds
-  mPolicy->SetDoNotUseRestrictingSIDs();
-#else
-  // Add rule to allow read / write access to a special plugin temp dir.
-  AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
-                   sPluginTempDir, NS_LITERAL_STRING("\\*"));
-#endif
-
   if (aSandboxLevel >= 2) {
     // Level 2 and above uses low integrity, so we need to give write access to
     // the Flash directories.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
                      sRoamingAppDataDir,
                      NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
                      sLocalAppDataDir,
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -77,21 +77,21 @@
 #define APP_REGISTRY_NAME "registry.dat"
 #else
 #define APP_REGISTRY_NAME "appreg"
 #endif
 
 #define PREF_OVERRIDE_DIRNAME "preferences"
 
 #if defined(MOZ_CONTENT_SANDBOX)
-static already_AddRefed<nsIFile> GetProcessSandboxTempDir(GeckoProcessType type);
+static already_AddRefed<nsIFile> GetContentProcessSandboxTempDir();
 static nsresult DeleteDirIfExists(nsIFile *dir);
 static bool IsContentSandboxDisabled();
-static const char* GetProcessTempBaseDirKey();
-static already_AddRefed<nsIFile> CreateProcessSandboxTempDir(GeckoProcessType procType);
+static const char* GetContentProcessTempBaseDirKey();
+static already_AddRefed<nsIFile> CreateContentProcessSandboxTempDir();
 #endif
 
 nsXREDirProvider* gDirServiceProvider = nullptr;
 nsIFile* gDataDirHomeLocal = nullptr;
 nsIFile* gDataDirHome = nullptr;
 
 // These are required to allow nsXREDirProvider to be usable in xpcshell tests.
 // where gAppData is null.
@@ -521,25 +521,17 @@ nsXREDirProvider::GetFile(const char* aP
   }
 #if defined(MOZ_CONTENT_SANDBOX)
   else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) {
     if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) {
       return rv;
     }
     rv = mContentTempDir->Clone(getter_AddRefs(file));
   }
-#endif // defined(MOZ_CONTENT_SANDBOX)
-#if defined(MOZ_SANDBOX)
-  else if (0 == strcmp(aProperty, NS_APP_PLUGIN_PROCESS_TEMP_DIR)) {
-    if (!mPluginTempDir && NS_FAILED((rv = LoadPluginProcessTempDir()))) {
-      return rv;
-    }
-    rv = mPluginTempDir->Clone(getter_AddRefs(file));
-  }
-#endif // defined(MOZ_SANDBOX)
+#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
   else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) {
     // We need to allow component, xpt, and chrome registration to
     // occur prior to the profile-after-change notification.
     if (!strcmp(aProperty, NS_APP_USER_CHROME_DIR)) {
       rv = file->AppendNative(NS_LITERAL_CSTRING("chrome"));
     }
   }
 
@@ -669,47 +661,42 @@ nsXREDirProvider::GetFiles(const char* a
 
   rv = NS_NewUnionEnumerator(aResult, appEnum, xreEnum);
   if (NS_FAILED(rv))
     return rv;
 
   return NS_SUCCESS_AGGREGATE_RESULT;
 }
 
-#if defined(MOZ_SANDBOX)
+#if defined(MOZ_CONTENT_SANDBOX)
 
 static const char*
-GetProcessTempBaseDirKey()
+GetContentProcessTempBaseDirKey()
 {
 #if defined(XP_WIN)
   return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
 #else
   return NS_OS_TEMP_DIR;
 #endif
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
 //
 // Sets mContentTempDir so that it refers to the appropriate temp dir.
 // If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
 // NS_OS_TEMP_DIR is used.
 //
 nsresult
 nsXREDirProvider::LoadContentProcessTempDir()
 {
   // The parent is responsible for creating the sandbox temp dir.
   if (XRE_IsParentProcess()) {
-    mContentProcessSandboxTempDir =
-      CreateProcessSandboxTempDir(GeckoProcessType_Content);
+    mContentProcessSandboxTempDir = CreateContentProcessSandboxTempDir();
     mContentTempDir = mContentProcessSandboxTempDir;
   } else {
-    mContentTempDir =
-      !IsContentSandboxDisabled() ?
-        GetProcessSandboxTempDir(GeckoProcessType_Content) :
-        nullptr;
+    mContentTempDir = GetContentProcessSandboxTempDir();
   }
 
   if (!mContentTempDir) {
     nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
                                          getter_AddRefs(mContentTempDir));
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return rv;
     }
@@ -721,127 +708,76 @@ nsXREDirProvider::LoadContentProcessTemp
   // reject those rules.
   if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mContentTempDir)) {
     NS_WARNING("Failed to resolve Content Temp Dir.");
   }
 #endif
 
   return NS_OK;
 }
-#endif
-
-//
-// Sets mPluginTempDir so that it refers to the appropriate temp dir.
-// If NS_APP_PLUGIN_PROCESS_TEMP_DIR fails for any reason, NS_OS_TEMP_DIR
-// is used.
-//
-nsresult
-nsXREDirProvider::LoadPluginProcessTempDir()
-{
-  // The parent is responsible for creating the sandbox temp dir.
-  if (XRE_IsParentProcess()) {
-    mPluginProcessSandboxTempDir =
-      CreateProcessSandboxTempDir(GeckoProcessType_Plugin);
-    mPluginTempDir = mPluginProcessSandboxTempDir;
-  } else {
-    MOZ_ASSERT(XRE_IsPluginProcess());
-    mPluginTempDir = GetProcessSandboxTempDir(GeckoProcessType_Plugin);
-  }
-
-  if (!mPluginTempDir) {
-    nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
-                                         getter_AddRefs(mPluginTempDir));
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-      return rv;
-    }
-  }
-
-#if defined(XP_WIN)
-  // The temp dir is used in sandbox rules, so we need to make sure
-  // it doesn't contain any junction points or symlinks or the sandbox will
-  // reject those rules.
-  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mPluginTempDir)) {
-    NS_WARNING("Failed to resolve plugin temp dir.");
-  }
-#endif
-
-  return NS_OK;
-}
 
 static bool
 IsContentSandboxDisabled()
 {
   return !BrowserTabsRemoteAutostart() || (!IsContentSandboxEnabled());
 }
 
 //
-// If a process sandbox temp dir is to be used, returns an nsIFile
-// for the directory. Returns null if an error occurs.
+// If a content process sandbox temp dir is to be used, returns an nsIFile
+// for the directory. Returns null if the content sandbox is disabled or
+// an error occurs.
 //
 static already_AddRefed<nsIFile>
-GetProcessSandboxTempDir(GeckoProcessType type)
+GetContentProcessSandboxTempDir()
 {
+  if (IsContentSandboxDisabled()) {
+    return nullptr;
+  }
+
   nsCOMPtr<nsIFile> localFile;
 
-  nsresult rv = NS_GetSpecialDirectory(GetProcessTempBaseDirKey(),
+  nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(),
                                        getter_AddRefs(localFile));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
-  MOZ_ASSERT((type == GeckoProcessType_Content) ||
-             (type == GeckoProcessType_Plugin));
-
-  const char* prefKey =
-    (type == GeckoProcessType_Content) ?
-      "security.sandbox.content.tempDirSuffix" :
-      "security.sandbox.plugin.tempDirSuffix";
-
   nsAutoString tempDirSuffix;
-  rv = Preferences::GetString(prefKey, tempDirSuffix);
+  rv = Preferences::GetString("security.sandbox.content.tempDirSuffix",
+                              tempDirSuffix);
   if (NS_WARN_IF(NS_FAILED(rv)) || tempDirSuffix.IsEmpty()) {
     return nullptr;
   }
 
   rv = localFile->Append(NS_LITERAL_STRING("Temp-") + tempDirSuffix);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
   return localFile.forget();
 }
 
 //
-// Create a temporary directory for use from sandboxed processes.
+// Create a temporary directory for use from sandboxed content processes.
 // Only called in the parent. The path is derived from a UUID stored in a
-// pref which is available to content and plugin processes. Returns null
-// if the content sandbox is disabled or if an error occurs.
+// pref which is available to content processes. Returns null if the
+// content sandbox is disabled or if an error occurs.
 //
 static already_AddRefed<nsIFile>
-CreateProcessSandboxTempDir(GeckoProcessType procType)
+CreateContentProcessSandboxTempDir()
 {
-#if defined(MOZ_CONTENT_SANDBOX)
-  if ((procType == GeckoProcessType_Content) &&
-      IsContentSandboxDisabled()) {
+  if (IsContentSandboxDisabled()) {
     return nullptr;
   }
-#endif
-
-  MOZ_ASSERT((procType == GeckoProcessType_Content) ||
-             (procType == GeckoProcessType_Plugin));
 
   // Get (and create if blank) temp directory suffix pref.
-  const char* pref =
-    (procType == GeckoProcessType_Content) ?
-      "security.sandbox.content.tempDirSuffix" :
-      "security.sandbox.plugin.tempDirSuffix";
-
   nsresult rv;
   nsAutoString tempDirSuffix;
-  Preferences::GetString(pref, tempDirSuffix);
+  Preferences::GetString("security.sandbox.content.tempDirSuffix",
+                         tempDirSuffix);
   if (tempDirSuffix.IsEmpty()) {
     nsCOMPtr<nsIUUIDGenerator> uuidgen =
       do_GetService("@mozilla.org/uuid-generator;1", &rv);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return nullptr;
     }
 
     nsID uuid;
@@ -855,17 +791,18 @@ CreateProcessSandboxTempDir(GeckoProcess
     tempDirSuffix.AssignASCII(uuidChars, NSID_LENGTH);
 #ifdef XP_UNIX
     // Braces in a path are somewhat annoying to deal with
     // and pretty alien on Unix
     tempDirSuffix.StripChars(u"{}");
 #endif
 
     // Save the pref
-    rv = Preferences::SetString(pref, tempDirSuffix);
+    rv = Preferences::SetString("security.sandbox.content.tempDirSuffix",
+                                tempDirSuffix);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       // If we fail to save the pref we don't want to create the temp dir,
       // because we won't be able to clean it up later.
       return nullptr;
     }
 
     nsCOMPtr<nsIPrefService> prefsvc = Preferences::GetService();
     if (!prefsvc || NS_FAILED((rv = prefsvc->SavePrefFile(nullptr)))) {
@@ -874,17 +811,17 @@ CreateProcessSandboxTempDir(GeckoProcess
       // the preference values allows an off main thread save, the successful
       // return from the call doesn't mean we actually saved the file.  See
       // bug 1364496 for details.
       NS_WARNING("Failed to save pref file, cannot create temp dir.");
       return nullptr;
     }
   }
 
-  nsCOMPtr<nsIFile> sandboxTempDir = GetProcessSandboxTempDir(procType);
+  nsCOMPtr<nsIFile> sandboxTempDir = GetContentProcessSandboxTempDir();
   if (!sandboxTempDir) {
     NS_WARNING("Failed to determine sandbox temp dir path.");
     return nullptr;
   }
 
   // Remove the directory. It may exist due to a previous crash.
   if (NS_FAILED(DeleteDirIfExists(sandboxTempDir))) {
     NS_WARNING("Failed to reset sandbox temp dir.");
@@ -912,17 +849,17 @@ DeleteDirIfExists(nsIFile* dir)
     if (NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND &&
         rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
       return rv;
     }
   }
   return NS_OK;
 }
 
-#endif // defined(MOZ_SANDBOX)
+#endif // defined(MOZ_CONTENT_SANDBOX)
 
 static const char *const kAppendPrefDir[] = { "defaults", "preferences", nullptr };
 
 #ifdef DEBUG_bsmedberg
 static void
 DumpFileArray(const char *key,
               nsCOMArray<nsIFile> dirs)
 {
@@ -1133,21 +1070,16 @@ nsXREDirProvider::DoStartup()
 #if defined(MOZ_CONTENT_SANDBOX)
     // Makes sure the content temp dir has been loaded if it hasn't been
     // already. In the parent this ensures it has been created before we attempt
     // to start any content processes.
     if (!mContentTempDir) {
       mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadContentProcessTempDir()));
     }
 #endif
-#if defined(MOZ_SANDBOX)
-    if (!mPluginTempDir) {
-      mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadPluginProcessTempDir()));
-    }
-#endif
   }
   return NS_OK;
 }
 
 void
 nsXREDirProvider::DoShutdown()
 {
   AUTO_PROFILER_LABEL("nsXREDirProvider::DoShutdown", OTHER);
@@ -1170,24 +1102,21 @@ nsXREDirProvider::DoShutdown()
 
       obsSvc->NotifyObservers(nullptr, "profile-before-change", kShutdownPersist);
       obsSvc->NotifyObservers(nullptr, "profile-before-change-qm", kShutdownPersist);
       obsSvc->NotifyObservers(nullptr, "profile-before-change-telemetry", kShutdownPersist);
     }
     mProfileNotified = false;
   }
 
+#if defined(MOZ_CONTENT_SANDBOX)
   if (XRE_IsParentProcess()) {
-#if defined(MOZ_CONTENT_SANDBOX)
     Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
+  }
 #endif
-#if defined(MOZ_SANDBOX)
-    Unused << DeleteDirIfExists(mPluginProcessSandboxTempDir);
-#endif
-  }
 }
 
 #ifdef XP_WIN
 static nsresult
 GetShellFolderPath(KNOWNFOLDERID folder, nsAString& _retval)
 {
   DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS;
   PWSTR path = nullptr;
--- a/toolkit/xre/nsXREDirProvider.h
+++ b/toolkit/xre/nsXREDirProvider.h
@@ -124,19 +124,16 @@ protected:
   // Internal helper that splits a path into components using the '/' and '\\'
   // delimiters.
   static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath);
 
 #if defined(MOZ_CONTENT_SANDBOX)
   // Load the temp directory for sandboxed content processes
   nsresult LoadContentProcessTempDir();
 #endif
-#if defined(MOZ_SANDBOX)
-  nsresult LoadPluginProcessTempDir();
-#endif
 
   void Append(nsIFile* aDirectory);
 
   nsCOMPtr<nsIDirectoryServiceProvider> mAppProvider;
   // On OSX, mGREDir points to .app/Contents/Resources
   nsCOMPtr<nsIFile>      mGREDir;
   // On OSX, mGREBinDir points to .app/Contents/MacOS
   nsCOMPtr<nsIFile>      mGREBinDir;
@@ -145,16 +142,12 @@ protected:
   nsCOMPtr<nsIFile>      mProfileDir;
   nsCOMPtr<nsIFile>      mProfileLocalDir;
   bool                   mProfileNotified;
   bool                   mPrefsInitialized = false;
 #if defined(MOZ_CONTENT_SANDBOX)
   nsCOMPtr<nsIFile>      mContentTempDir;
   nsCOMPtr<nsIFile>      mContentProcessSandboxTempDir;
 #endif
-#if defined(MOZ_SANDBOX)
-  nsCOMPtr<nsIFile>      mPluginTempDir;
-  nsCOMPtr<nsIFile>      mPluginProcessSandboxTempDir;
-#endif
   nsCOMArray<nsIFile>    mAppBundleDirectories;
 };
 
 #endif
--- a/xpcom/io/nsAppDirectoryServiceDefs.h
+++ b/xpcom/io/nsAppDirectoryServiceDefs.h
@@ -98,17 +98,11 @@
 //
 // At present, all sandboxed content processes use the same directory for
 // NS_APP_CONTENT_PROCESS_TEMP_DIR, but that should not be relied upon.
 //
 #define NS_APP_CONTENT_PROCESS_TEMP_DIR         "ContentTmpD"
 #else
 // Otherwise NS_APP_CONTENT_PROCESS_TEMP_DIR must match NS_OS_TEMP_DIR.
 #define NS_APP_CONTENT_PROCESS_TEMP_DIR         "TmpD"
-#endif // defined(MOZ_CONTENT_SANDBOX)
-
-#if defined(MOZ_SANDBOX)
-#define NS_APP_PLUGIN_PROCESS_TEMP_DIR          "PluginTmpD"
-#else
-#define NS_APP_PLUGIN_PROCESS_TEMP_DIR          "TmpD"
-#endif
+#endif // (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
 
 #endif // nsAppDirectoryServiceDefs_h___