Bug 1548406 - Part 1 - Simplify MacSandboxInfo and sandbox type enums r=handyman
authorHaik Aftandilian <haftandilian@mozilla.com>
Thu, 02 May 2019 07:04:44 +0000
changeset 531046 d977a4ad06166453823ed73b0ec7b77dd20399bf
parent 531045 e5ce38e989b82a775d85bd590a6d2da1ec20d63c
child 531047 38a326f813f6b1fd1400d215730e0105f62eb9c5
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershandyman
bugs1548406
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1548406 - Part 1 - Simplify MacSandboxInfo and sandbox type enums r=handyman Replace the MacSandboxType_Plugin sandbox type with MacSandboxType_Flash and MacSandboxType_GMP so that there is a 1:1 association between MacSandboxType values and sandbox policies. Remove the MacSandboxPluginType enum. Instead of having different MacSandboxPluginTypes, we will just have MacSandboxType_GMP. We only use GMP for two plugin types, Widevine and OpenH264, and they only differ in that Widevine requires accss to the WindowServer. Remove the MacSandboxPluginInfo struct and move the two needed fields pluginPath and pluginBinaryPath to MacSandboxInfo. Differential Revision: https://phabricator.services.mozilla.com/D29585
dom/media/gmp/GMPChild.cpp
dom/media/gmp/GMPChild.h
dom/plugins/ipc/PluginModuleChild.cpp
security/sandbox/mac/Sandbox.h
security/sandbox/mac/Sandbox.mm
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@@ -187,36 +187,36 @@ static bool GetAppPaths(nsCString& aAppP
   // Mac sandbox rules expect paths to actual files and directories -- not
   // soft links.
   aAppPath = GetNativeTarget(app);
   appBinaryPath = GetNativeTarget(appBinary);
 
   return true;
 }
 
-bool GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType) {
+bool GMPChild::SetMacSandboxInfo(bool aAllowWindowServer) {
   if (!mGMPLoader) {
     return false;
   }
   nsAutoCString pluginDirectoryPath, pluginFilePath;
   if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
     return false;
   }
   nsAutoCString appPath, appBinaryPath;
   if (!GetAppPaths(appPath, appBinaryPath)) {
     return false;
   }
 
   MacSandboxInfo info;
-  info.type = MacSandboxType_Plugin;
+  info.type = MacSandboxType_GMP;
   info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
                    PR_GetEnv("MOZ_SANDBOX_LOGGING");
-  info.pluginInfo.type = aPluginType;
-  info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
-  info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
+  info.hasWindowServer = aAllowWindowServer;
+  info.pluginPath.assign(pluginDirectoryPath.get());
+  info.pluginBinaryPath.assign(pluginFilePath.get());
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
 
   mGMPLoader->SetSandboxInfo(&info);
   return true;
 }
 #  endif  // MOZ_SANDBOX
 #endif    // XP_MACOSX
@@ -557,28 +557,24 @@ mozilla::ipc::IPCResult GMPChild::Answer
   if (!mGMPLoader->CanSandbox()) {
     LOGD("%s Can't sandbox GMP, failing", __FUNCTION__);
     delete platformAPI;
     return IPC_FAIL(this, "Can't sandbox GMP.");
   }
 #endif
   bool isChromium = aAdapter.EqualsLiteral("chromium");
 #if defined(MOZ_SANDBOX) && defined(XP_MACOSX)
-  MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
-  if (isChromium) {
-    pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;
-  }
-  if (!SetMacSandboxInfo(pluginType)) {
+  // Use of the chromium adapter indicates we are going to be
+  // running the Widevine plugin which requires access to the
+  // WindowServer in the Mac GMP sandbox policy.
+  if (!SetMacSandboxInfo(isChromium /* allow-window-server */)) {
     NS_WARNING("Failed to set Mac GMP sandbox info");
     delete platformAPI;
     return IPC_FAIL(
-        this, nsPrintfCString(
-                  "Failed to set Mac GMP sandbox info with plugin type %d.",
-                  pluginType)
-                  .get());
+        this, nsPrintfCString("Failed to set Mac GMP sandbox info.").get());
   }
 #endif
 
   GMPAdapter* adapter = nullptr;
   if (isChromium) {
     auto&& paths = MakeCDMHostVerificationPaths();
     GMP_LOG("%s CDM host paths=%s", __func__, ToCString(paths).get());
     adapter = new ChromiumCDMAdapter(std::move(paths));
--- a/dom/media/gmp/GMPChild.h
+++ b/dom/media/gmp/GMPChild.h
@@ -30,17 +30,17 @@ class GMPChild : public PGMPChild {
             MessageLoop* aIOLoop, IPC::Channel* aChannel);
   MessageLoop* GMPMessageLoop();
 
   // Main thread only.
   GMPTimerChild* GetGMPTimers();
   GMPStorageChild* GetGMPStorage();
 
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
-  bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
+  bool SetMacSandboxInfo(bool aAllowWindowServer);
 #endif
 
  private:
   friend class GMPContentChild;
 
   bool GetUTF8LibPath(nsACString& aOutLibPath);
 
   mozilla::ipc::IPCResult RecvProvideStorageId(const nsCString& aStorageId);
--- a/dom/plugins/ipc/PluginModuleChild.cpp
+++ b/dom/plugins/ipc/PluginModuleChild.cpp
@@ -308,19 +308,18 @@ bool PluginModuleChild::InitForChrome(co
 
 #  error Please copy the initialization code from nsNPAPIPlugin.cpp
 
 #endif
 
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   if (mFlashSandboxLevel > 0) {
     MacSandboxInfo flashSandboxInfo;
-    flashSandboxInfo.type = MacSandboxType_Plugin;
-    flashSandboxInfo.pluginInfo.type = MacSandboxPluginType_Flash;
-    flashSandboxInfo.pluginInfo.pluginBinaryPath = aPluginFilename;
+    flashSandboxInfo.type = MacSandboxType_Flash;
+    flashSandboxInfo.pluginBinaryPath = aPluginFilename;
     flashSandboxInfo.level = mFlashSandboxLevel;
     flashSandboxInfo.shouldLog = mEnableFlashSandboxLogging;
 
     std::string sbError;
     if (!mozilla::StartMacSandbox(flashSandboxInfo, sbError)) {
       fprintf(stderr, "Failed to start sandbox:\n%s\n", sbError.c_str());
       return false;
     }
--- a/security/sandbox/mac/Sandbox.h
+++ b/security/sandbox/mac/Sandbox.h
@@ -5,43 +5,23 @@
 
 #ifndef mozilla_Sandbox_h
 #define mozilla_Sandbox_h
 
 #include <string>
 
 enum MacSandboxType {
   MacSandboxType_Default = 0,
-  MacSandboxType_Plugin,
   MacSandboxType_Content,
+  MacSandboxType_Flash,
+  MacSandboxType_GMP,
   MacSandboxType_Utility,
   MacSandboxType_Invalid
 };
 
-enum MacSandboxPluginType {
-  MacSandboxPluginType_Default = 0,
-  MacSandboxPluginType_GMPlugin_Default,       // Any Gecko Media Plugin
-  MacSandboxPluginType_GMPlugin_OpenH264,      // Gecko Media Plugin, OpenH264
-  MacSandboxPluginType_GMPlugin_EME,           // Gecko Media Plugin, EME
-  MacSandboxPluginType_GMPlugin_EME_Widevine,  // Gecko Media Plugin, Widevine
-  MacSandboxPluginType_Flash,                  // Flash
-  MacSandboxPluginType_Invalid
-};
-
-typedef struct _MacSandboxPluginInfo {
-  _MacSandboxPluginInfo() : type(MacSandboxPluginType_Default) {}
-  _MacSandboxPluginInfo(const struct _MacSandboxPluginInfo& other)
-      : type(other.type),
-        pluginPath(other.pluginPath),
-        pluginBinaryPath(other.pluginBinaryPath) {}
-  MacSandboxPluginType type;
-  std::string pluginPath;
-  std::string pluginBinaryPath;
-} MacSandboxPluginInfo;
-
 typedef struct _MacSandboxInfo {
   _MacSandboxInfo()
       : type(MacSandboxType_Default),
         level(0),
         hasFilePrivileges(false),
         hasSandboxedProfile(false),
         hasAudio(false),
         hasWindowServer(false),
@@ -66,23 +46,26 @@ typedef struct _MacSandboxInfo {
 
  public:
   MacSandboxType type;
   int32_t level;
   bool hasFilePrivileges;
   bool hasSandboxedProfile;
   bool hasAudio;
   bool hasWindowServer;
-  MacSandboxPluginInfo pluginInfo;
+
   std::string appPath;
   std::string appBinaryPath;
   std::string appDir;
   std::string profileDir;
   std::string debugWriteDir;
 
+  std::string pluginPath;
+  std::string pluginBinaryPath;
+
   std::string testingReadPath1;
   std::string testingReadPath2;
   std::string testingReadPath3;
   std::string testingReadPath4;
 
   std::string crashServerPort;
 
   bool shouldLog;
--- a/security/sandbox/mac/Sandbox.mm
+++ b/security/sandbox/mac/Sandbox.mm
@@ -236,17 +236,17 @@ bool StartMacSandbox(MacSandboxInfo cons
   std::vector<const char*> params;
   std::string profile;
   std::string macOSMinor = std::to_string(OSXVersion::OSXVersionMinor());
 
   // Used for the Flash sandbox. Declared here so that they
   // stay in scope until sandbox_init_with_parameters is called.
   std::string flashCacheDir, flashTempDir, flashPath;
 
-  if (aInfo.type == MacSandboxType_Plugin && aInfo.pluginInfo.type == MacSandboxPluginType_Flash) {
+  if (aInfo.type == MacSandboxType_Flash) {
     profile = SandboxPolicyFlash;
 
     params.push_back("SHOULD_LOG");
     params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
 
     params.push_back("SANDBOX_LEVEL_1");
     params.push_back(aInfo.level == 1 ? "TRUE" : "FALSE");
     params.push_back("SANDBOX_LEVEL_2");
@@ -254,17 +254,17 @@ bool StartMacSandbox(MacSandboxInfo cons
 
     params.push_back("MAC_OS_MINOR");
     params.push_back(macOSMinor.c_str());
 
     params.push_back("HOME_PATH");
     params.push_back(getenv("HOME"));
 
     params.push_back("PLUGIN_BINARY_PATH");
-    if (!GetRealPath(flashPath, aInfo.pluginInfo.pluginBinaryPath.c_str())) {
+    if (!GetRealPath(flashPath, aInfo.pluginBinaryPath.c_str())) {
       return false;
     }
     params.push_back(flashPath.c_str());
 
     // User cache dir
     params.push_back("DARWIN_USER_CACHE_DIR");
     char confStrBuf[PATH_MAX];
     if (!confstr(_CS_DARWIN_USER_CACHE_DIR, confStrBuf, sizeof(confStrBuf))) {
@@ -289,22 +289,22 @@ bool StartMacSandbox(MacSandboxInfo cons
     params.push_back("SHOULD_LOG");
     params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
     params.push_back("APP_PATH");
     params.push_back(aInfo.appPath.c_str());
     if (!aInfo.crashServerPort.empty()) {
       params.push_back("CRASH_PORT");
       params.push_back(aInfo.crashServerPort.c_str());
     }
-  } else if (aInfo.type == MacSandboxType_Plugin) {
+  } else if (aInfo.type == MacSandboxType_GMP) {
     profile = const_cast<char*>(SandboxPolicyGMP);
     params.push_back("SHOULD_LOG");
     params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
     params.push_back("PLUGIN_BINARY_PATH");
-    params.push_back(aInfo.pluginInfo.pluginBinaryPath.c_str());
+    params.push_back(aInfo.pluginBinaryPath.c_str());
     params.push_back("APP_PATH");
     params.push_back(aInfo.appPath.c_str());
     params.push_back("APP_BINARY_PATH");
     params.push_back(aInfo.appBinaryPath.c_str());
   } else if (aInfo.type == MacSandboxType_Content) {
     MOZ_ASSERT(aInfo.level >= 1);
     if (aInfo.level >= 1) {
       profile = SandboxPolicyContent;