Bug 1259601: Add content process sandbox level to about:support sandboxing information. r=jld, r=mossop a=ritu
authorBob Owen <bobowencode@gmail.com>
Tue, 16 Aug 2016 07:40:43 +0100
changeset 348052 e6b75b2a627bbdfb83893a6ee5ed1091896373e4
parent 348051 7b9f321e3710d965d8d262ca16f5dfbc6396f2ed
child 348053 d7b3e0350c056327bc3e33deb02f3756cc021c0d
push id6389
push userraliiev@mozilla.com
push dateMon, 19 Sep 2016 13:38:22 +0000
treeherdermozilla-beta@01d67bfe6c81 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjld, mossop, ritu
bugs1259601
milestone50.0a2
Bug 1259601: Add content process sandbox level to about:support sandboxing information. r=jld, r=mossop a=ritu MozReview-Commit-ID: HFRiEbkEztp
toolkit/content/aboutSupport.js
toolkit/content/aboutSupport.xhtml
toolkit/modules/AppConstants.jsm
toolkit/modules/Troubleshoot.jsm
toolkit/modules/tests/browser/browser_Troubleshoot.js
--- a/toolkit/content/aboutSupport.js
+++ b/toolkit/content/aboutSupport.js
@@ -557,27 +557,35 @@ var snapshotFormatters = {
     userJSFile.append("user.js");
     $("prefs-user-js-link").href = Services.io.newFileURI(userJSFile).spec;
     $("prefs-user-js-section").style.display = "";
     // Clear the no-copy class
     $("prefs-user-js-section").className = "";
   },
 
   sandbox: function sandbox(data) {
-    if (AppConstants.platform != "linux" || !AppConstants.MOZ_SANDBOX)
+    if (!AppConstants.MOZ_SANDBOX)
       return;
 
     let strings = stringBundle();
     let tbody = $("sandbox-tbody");
     for (let key in data) {
       // Simplify the display a little in the common case.
       if (key === "hasPrivilegedUserNamespaces" &&
           data[key] === data["hasUserNamespaces"]) {
         continue;
       }
+      // Hard code content sandbox label on Fx50 to prevent noise in l10n tools.
+      if (key === "contentSandboxLevel") {
+        tbody.appendChild($.new("tr", [
+          $.new("th", "Content Process Sandbox Level", "column"),
+          $.new("td", data[key])
+        ]));
+        continue;
+      }
       tbody.appendChild($.new("tr", [
         $.new("th", strings.GetStringFromName(key), "column"),
         $.new("td", data[key])
       ]));
     }
   },
 };
 
--- a/toolkit/content/aboutSupport.xhtml
+++ b/toolkit/content/aboutSupport.xhtml
@@ -530,17 +530,17 @@
             </th>
           </tr>
         </thead>
         <tbody id="experiments-tbody">
         </tbody>
       </table>
       <!-- - - - - - - - - - - - - - - - - - - - - -->
 
-#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+#if defined(MOZ_SANDBOX)
       <h2 class="major-section" id="sandbox">
 	&aboutSupport.sandboxTitle;
       </h2>
 
       <table>
 	<tbody id="sandbox-tbody">
 	</tbody>
       </table>
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -83,16 +83,23 @@ this.AppConstants = Object.freeze({
 
   MOZ_SANDBOX:
 #ifdef MOZ_SANDBOX
   true,
 #else
   false,
 #endif
 
+  MOZ_CONTENT_SANDBOX:
+#ifdef MOZ_CONTENT_SANDBOX
+  true,
+#else
+  false,
+#endif
+
   MOZ_TELEMETRY_REPORTING:
 #ifdef MOZ_TELEMETRY_REPORTING
   true,
 #else
   false,
 #endif
 
   MOZ_TELEMETRY_ON_BY_DEFAULT:
--- a/toolkit/modules/Troubleshoot.jsm
+++ b/toolkit/modules/Troubleshoot.jsm
@@ -555,25 +555,33 @@ if (AppConstants.MOZ_CRASHREPORTER) {
     let reportsNew = reports.filter(report => (now - report.date < Troubleshoot.kMaxCrashAge));
     let reportsSubmitted = reportsNew.filter(report => (!report.pending));
     let reportsPendingCount = reportsNew.length - reportsSubmitted.length;
     let data = {submitted : reportsSubmitted, pending : reportsPendingCount};
     done(data);
   }
 }
 
-if (AppConstants.platform == "linux" && AppConstants.MOZ_SANDBOX) {
+if (AppConstants.MOZ_SANDBOX) {
   dataProviders.sandbox = function sandbox(done) {
-    const keys = ["hasSeccompBPF", "hasSeccompTSync",
-                  "hasPrivilegedUserNamespaces", "hasUserNamespaces",
-                  "canSandboxContent", "canSandboxMedia"];
+    let data = {};
+    if (AppConstants.platform == "linux") {
+      const keys = ["hasSeccompBPF", "hasSeccompTSync",
+                    "hasPrivilegedUserNamespaces", "hasUserNamespaces",
+                    "canSandboxContent", "canSandboxMedia"];
 
-    let sysInfo = Cc["@mozilla.org/system-info;1"].
-                  getService(Ci.nsIPropertyBag2);
-    let data = {};
-    for (let key of keys) {
-      if (sysInfo.hasKey(key)) {
-        data[key] = sysInfo.getPropertyAsBool(key);
+      let sysInfo = Cc["@mozilla.org/system-info;1"].
+                    getService(Ci.nsIPropertyBag2);
+      for (let key of keys) {
+        if (sysInfo.hasKey(key)) {
+          data[key] = sysInfo.getPropertyAsBool(key);
+        }
       }
     }
+
+    if (AppConstants.MOZ_CONTENT_SANDBOX) {
+      data.contentSandboxLevel =
+        Services.prefs.getIntPref("security.sandbox.content.level");
+    }
+
     done(data);
   }
 }
--- a/toolkit/modules/tests/browser/browser_Troubleshoot.js
+++ b/toolkit/modules/tests/browser/browser_Troubleshoot.js
@@ -1,16 +1,17 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // Ideally this would be an xpcshell test, but Troubleshoot relies on things
 // that aren't initialized outside of a XUL app environment like AddonManager
 // and the "@mozilla.org/xre/app-info;1" component.
 
+Components.utils.import("resource://gre/modules/AppConstants.jsm");
 Components.utils.import("resource://gre/modules/Services.jsm");
 Components.utils.import("resource://gre/modules/Troubleshoot.jsm");
 
 function test() {
   waitForExplicitFinish();
   function doNextTest() {
     if (!tests.length) {
       finish();
@@ -434,39 +435,43 @@ const SNAPSHOT_SCHEMA = {
     experiments: {
       type: "array",
     },
     sandbox: {
       required: false,
       type: "object",
       properties: {
         hasSeccompBPF: {
-          required: true,
+          required: AppConstants.platform == "linux",
           type: "boolean"
         },
         hasSeccompTSync: {
-          required: true,
+          required: AppConstants.platform == "linux",
           type: "boolean"
         },
         hasUserNamespaces: {
-          required: true,
+          required: AppConstants.platform == "linux",
           type: "boolean"
         },
         hasPrivilegedUserNamespaces: {
-          required: true,
+          required: AppConstants.platform == "linux",
           type: "boolean"
         },
         canSandboxContent: {
           required: false,
           type: "boolean"
         },
         canSandboxMedia: {
           required: false,
           type: "boolean"
         },
+        contentSandboxLevel: {
+          required: AppConstants.MOZ_CONTENT_SANDBOX,
+          type: "number"
+        },
       },
     },
   },
 };
 
 /**
  * Throws an Error if obj doesn't conform to schema.  That way you get a nice
  * error message and a stack to help you figure out what went wrong, which you