Bug 1382099 - Remove MOZ_WIDGET_GONK from security/. r=jld.
authorNicholas Nethercote <nnethercote@mozilla.com>
Fri, 21 Jul 2017 10:45:42 +1000
changeset 418725 5202dd1a9e218f133380a7fd4b1257d8a99f9c55
parent 418724 9100cfabc9edb9fbf800d3b6181307b9f4bf3fb7
child 418726 c6e13d347c58721bdfbcd65a8ae237cf1c6aa43f
push id7566
push usermtabara@mozilla.com
push dateWed, 02 Aug 2017 08:25:16 +0000
treeherdermozilla-beta@86913f512c3c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld
bugs1382099
milestone56.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1382099 - Remove MOZ_WIDGET_GONK from security/. r=jld.
security/manager/pki/nsNSSDialogHelper.cpp
security/sandbox/linux/broker/SandboxBroker.cpp
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
security/sandbox/linux/broker/SandboxBrokerPolicyFactory.h
--- a/security/manager/pki/nsNSSDialogHelper.cpp
+++ b/security/manager/pki/nsNSSDialogHelper.cpp
@@ -14,22 +14,16 @@
 
 static const char kOpenDialogParam[] = "centerscreen,chrome,modal,titlebar";
 static const char kOpenWindowParam[] = "centerscreen,chrome,titlebar";
 
 nsresult
 nsNSSDialogHelper::openDialog(mozIDOMWindowProxy* window, const char* url,
                               nsISupports* params, bool modal)
 {
-#ifdef MOZ_WIDGET_GONK
-  // On b2g devices, we need to proxy the dialog creation & management
-  // to Gaia.
-  return NS_ERROR_NOT_IMPLEMENTED;
-#endif
-
   nsresult rv;
   nsCOMPtr<nsIWindowWatcher> windowWatcher =
            do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);
   if (NS_FAILED(rv)) return rv;
 
   nsCOMPtr<mozIDOMWindowProxy> parent = window;
 
   if (!parent) {
--- a/security/sandbox/linux/broker/SandboxBroker.cpp
+++ b/security/sandbox/linux/broker/SandboxBroker.cpp
@@ -16,21 +16,16 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #ifdef XP_LINUX
 #include <sys/prctl.h>
 #endif
 
-#ifdef MOZ_WIDGET_GONK
-#include <private/android_filesystem_config.h>
-#include <sys/syscall.h>
-#endif
-
 #include "mozilla/Assertions.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Move.h"
 #include "mozilla/NullPtr.h"
 #include "mozilla/Sprintf.h"
 #include "mozilla/ipc/FileDescriptor.h"
 #include "sandbox/linux/system_headers/linux_syscalls.h"
 
@@ -446,30 +441,16 @@ SandboxBroker::ThreadMain(void)
   SprintfLiteral(threadName, "FS Broker %d", mChildPid);
   PlatformThread::SetName(threadName);
 
   // Permissive mode can only be enabled through an environment variable,
   // therefore it is sufficient to fetch the value once
   // before the main thread loop starts
   bool permissive = SandboxInfo::Get().Test(SandboxInfo::kPermissive);
 
-#ifdef MOZ_WIDGET_GONK
-#ifdef __NR_setreuid32
-  static const long nr_setreuid = __NR_setreuid32;
-  static const long nr_setregid = __NR_setregid32;
-#else
-  static const long nr_setreuid = __NR_setreuid;
-  static const long nr_setregid = __NR_setregid;
-#endif
-  if (syscall(nr_setregid, getgid(), AID_APP + mChildPid) != 0 ||
-      syscall(nr_setreuid, getuid(), AID_APP + mChildPid) != 0) {
-    MOZ_CRASH("SandboxBroker: failed to drop privileges");
-  }
-#endif
-
   while (true) {
     struct iovec ios[2];
     // We will receive the path strings in 1 buffer and split them back up.
     char recvBuf[2 * (kMaxPathLen + 1)];
     char pathBuf[kMaxPathLen + 1];
     char pathBuf2[kMaxPathLen + 1];
     size_t pathLen;
     size_t pathLen2;
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@@ -22,111 +22,30 @@
 #endif
 
 #ifdef MOZ_WIDGET_GTK
 #include <glib.h>
 #endif
 
 namespace mozilla {
 
-/* static */ bool
-SandboxBrokerPolicyFactory::IsSystemSupported() {
-#ifdef ANDROID
-  char hardware[PROPERTY_VALUE_MAX];
-  int length = property_get("ro.hardware", hardware, nullptr);
-  // "goldfish" -> emulator.  Other devices can be added when we're
-  // reasonably sure they work.  Eventually this won't be needed....
-  if (length > 0 && strcmp(hardware, "goldfish") == 0) {
-    return true;
-  }
-
-  // When broker is running in permissive mode, we enable it
-  // automatically regardless of the device.
-  if (SandboxInfo::Get().Test(SandboxInfo::kPermissive)) {
-    return true;
-  }
-#endif
-  return false;
-}
-
 #if defined(MOZ_CONTENT_SANDBOX)
 namespace {
 static const int rdonly = SandboxBroker::MAY_READ;
 static const int wronly = SandboxBroker::MAY_WRITE;
 static const int rdwr = rdonly | wronly;
 static const int rdwrcr = rdwr | SandboxBroker::MAY_CREATE;
-#if defined(MOZ_WIDGET_GONK)
-static const int wrlog = wronly | SandboxBroker::MAY_CREATE;
-#endif
 }
 #endif
 
 SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory()
 {
   // Policy entries that are the same in every process go here, and
   // are cached over the lifetime of the factory.
-#if defined(MOZ_CONTENT_SANDBOX) && defined(MOZ_WIDGET_GONK)
-  SandboxBroker::Policy* policy = new SandboxBroker::Policy;
-
-  // Devices that need write access:
-  policy->AddPath(rdwr, "/dev/genlock");  // bug 980924
-  policy->AddPath(rdwr, "/dev/ashmem");   // bug 980947
-  policy->AddTree(wronly, "/dev/log"); // bug 1199857
-  // Graphics devices are a significant source of attack surface, but
-  // there's not much we can do about it without proxying (which is
-  // very difficult and a perforamnce hit).
-  policy->AddFilePrefix(rdwr, "/dev", "kgsl");  // bug 995072
-  policy->AddPath(rdwr, "/dev/qemu_pipe"); // but 1198410: goldfish gralloc.
-
-  // Bug 1198475: mochitest logs.  (This is actually passed in via URL
-  // query param to the mochitest page, and is configurable, so this
-  // isn't enough in general, but hopefully it's good enough for B2G.)
-  // Conditional on tests being run, using the same check seen in
-  // DirectoryProvider.js to set ProfD.
-  if (access("/data/local/tests/profile", R_OK) == 0) {
-    policy->AddPath(wrlog, "/data/local/tests/log/mochitest.log");
-  }
-
-  // Read-only items below this line.
-
-  policy->AddPath(rdonly, "/dev/urandom");  // bug 964500, bug 995069
-  policy->AddPath(rdonly, "/dev/ion");      // bug 980937
-  policy->AddPath(rdonly, "/proc/cpuinfo"); // bug 995067
-  policy->AddPath(rdonly, "/proc/meminfo"); // bug 1025333
-  policy->AddPath(rdonly, "/sys/devices/system/cpu/present"); // bug 1025329
-  policy->AddPath(rdonly, "/sys/devices/system/soc/soc0/id"); // bug 1025339
-  policy->AddPath(rdonly, "/etc/media_profiles.xml"); // bug 1198419
-  policy->AddPath(rdonly, "/etc/media_codecs.xml"); // bug 1198460
-  policy->AddTree(rdonly, "/system/fonts"); // bug 1026063
-
-  // Bug 1199051 (crossplatformly, this is NS_GRE_DIR).
-  policy->AddTree(rdonly, "/system/b2g");
-
-  // Bug 1026356: dynamic library loading from assorted frameworks we
-  // don't control (media codecs, maybe others).
-  //
-  // Bug 1198515: Also, the profiler calls breakpad code to get info
-  // on all loaded ELF objects, which opens those files.
-  policy->AddTree(rdonly, "/system/lib");
-  policy->AddTree(rdonly, "/vendor/lib");
-  policy->AddPath(rdonly, "/system/bin/linker"); // (profiler only)
-
-  // Bug 1199866: EGL/WebGL.
-  policy->AddPath(rdonly, "/system/lib/egl");
-  policy->AddPath(rdonly, "/vendor/lib/egl");
-
-  // Bug 1198401: timezones.  Yes, we need both of these; see bug.
-  policy->AddTree(rdonly, "/system/usr/share/zoneinfo");
-  policy->AddTree(rdonly, "/system//usr/share/zoneinfo");
-
-  policy->AddPath(rdonly, "/data/local/tmp/profiler.options",
-                  SandboxBroker::Policy::AddAlways); // bug 1029337
-
-  mCommonContentPolicy.reset(policy);
-#elif defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_CONTENT_SANDBOX)
   SandboxBroker::Policy* policy = new SandboxBroker::Policy;
   policy->AddDir(rdonly, "/");
   policy->AddDir(rdwrcr, "/dev/shm");
   // Add write permissions on the temporary directory. This can come
   // from various environment variables (TMPDIR,TMP,TEMP,...) so
   // make sure to use the full logic.
   nsCOMPtr<nsIFile> tmpDir;
   nsresult rv = GetSpecialSystemDirectory(OS_TemporaryDirectory,
@@ -176,38 +95,16 @@ SandboxBrokerPolicyFactory::GetContentPo
 
   MOZ_ASSERT(NS_IsMainThread());
   // File broker usage is controlled through a pref.
   if (GetEffectiveContentSandboxLevel() <= 1) {
     return nullptr;
   }
 
   MOZ_ASSERT(mCommonContentPolicy);
-#if defined(MOZ_WIDGET_GONK)
-  // Allow overriding "unsupported"ness with a pref, for testing.
-  if (!IsSystemSupported()) {
-    return nullptr;
-  }
-  UniquePtr<SandboxBroker::Policy>
-    policy(new SandboxBroker::Policy(*mCommonContentPolicy));
-
-  // Bug 1029337: where the profiler writes the data.
-  nsPrintfCString profilerLogPath("/data/local/tmp/profile_%d_%d.txt",
-                                  GeckoProcessType_Content, aPid);
-  policy->AddPath(wrlog, profilerLogPath.get());
-
-  // Bug 1198550: the profiler's replacement for dl_iterate_phdr
-  policy->AddPath(rdonly, nsPrintfCString("/proc/%d/maps", aPid).get());
-
-  // Bug 1198552: memory reporting.
-  policy->AddPath(rdonly, nsPrintfCString("/proc/%d/statm", aPid).get());
-  policy->AddPath(rdonly, nsPrintfCString("/proc/%d/smaps", aPid).get());
-
-  return policy;
-#else
   UniquePtr<SandboxBroker::Policy>
     policy(new SandboxBroker::Policy(*mCommonContentPolicy));
 
   // Now read any extra paths, this requires accessing user preferences
   // so we can only do it now. Our constructor is initialized before
   // user preferences are read in.
   nsAdoptingCString extraPathString =
     Preferences::GetCString("security.sandbox.content.write_path_whitelist");
@@ -216,13 +113,12 @@ SandboxBrokerPolicyFactory::GetContentPo
       nsCString trimPath(path);
       trimPath.Trim(" ", true, true);
       policy->AddDynamic(rdwr, trimPath.get());
     }
   }
 
   // Return the common policy.
   return policy;
-#endif
 }
 
 #endif // MOZ_CONTENT_SANDBOX
 } // namespace mozilla
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.h
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.h
@@ -16,17 +16,13 @@ public:
   SandboxBrokerPolicyFactory();
 
 #ifdef MOZ_CONTENT_SANDBOX
   UniquePtr<SandboxBroker::Policy> GetContentPolicy(int aPid);
 #endif
 
 private:
   UniquePtr<const SandboxBroker::Policy> mCommonContentPolicy;
-  // B2G devices tend to have hardware-specific paths used by device
-  // drivers, so rollout of filesystem isolation will need per-device
-  // testing.  This predicate allows that to happen gradually.
-  static bool IsSystemSupported();
 };
 
 } // namespace mozilla
 
 #endif // mozilla_SandboxBrokerPolicyFactory_h