Bug 1431441 - Part 6 - Start middleman WebReplay process sandbox later r=Alex_Gaynor
authorHaik Aftandilian <haftandilian@mozilla.com>
Fri, 12 Oct 2018 14:13:53 +0000
changeset 499339 fb1a4ddbf9bf2054fae411bea2e83a048bdaa0fe
parent 499338 b59b1651fc15347afd509a9b927d435a26ff871c
child 499340 1dfdc7ba998d4c03a5e93e6afff087086413f94e
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersAlex_Gaynor
bugs1431441
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1431441 - Part 6 - Start middleman WebReplay process sandbox later r=Alex_Gaynor Depends on D7357 Differential Revision: https://phabricator.services.mozilla.com/D8474
dom/ipc/ContentParent.cpp
dom/ipc/ContentProcess.cpp
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -2338,17 +2338,20 @@ ContentParent::LaunchSubprocess(ProcessP
   extraArgs.push_back("-schedulerPrefs");
   extraArgs.push_back(schedulerPrefs.get());
 
   if (gSafeMode) {
     extraArgs.push_back("-safeMode");
   }
 
 #if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-  if (sEarlySandboxInit && IsContentSandboxEnabled()) {
+  // If we're launching a middleman process for a
+  // recording or replay, start the sandbox later.
+  if (sEarlySandboxInit && IsContentSandboxEnabled() &&
+      !IsRecordingOrReplaying()) {
     AppendSandboxParams(extraArgs);
   }
 #endif
 
   nsCString parentBuildID(mozilla::PlatformBuildID());
   extraArgs.push_back("-parentBuildID");
   extraArgs.push_back(parentBuildID.get());
 
@@ -2746,17 +2749,20 @@ ContentParent::InitInternal(ProcessPrior
   // purpose. If the decision is made to permanently rely on the pref, this
   // should be changed so that it is required to restart firefox for the change
   // of value to take effect.
   shouldSandbox = IsContentSandboxEnabled();
 
 #ifdef XP_MACOSX
   // If the sandbox was initialized during content process
   // startup, we must not send the SetProcessSandbox message.
-  shouldSandbox = shouldSandbox && !sEarlySandboxInit;
+  // If early startup was pref'd off or the process is a
+  // middleman process, send SetProcessSandbox now.
+  shouldSandbox = shouldSandbox &&
+    (!sEarlySandboxInit || IsRecordingOrReplaying());
 #endif
 
 #ifdef XP_LINUX
   if (shouldSandbox) {
     MOZ_ASSERT(!mSandboxBroker);
     bool isFileProcess = mRemoteType.EqualsLiteral(FILE_REMOTE_TYPE);
     UniquePtr<SandboxBroker::Policy> policy =
       sSandboxBrokerPolicyFactory->GetContentPolicy(Pid(), isFileProcess);
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@@ -293,18 +293,21 @@ ContentProcess::Init(int aArgc, char* aA
                 IOThreadChild::channel(),
                 *childID,
                 *isForBrowser);
 
   mXREEmbed.Start();
 #if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
   mContent.SetProfileDir(profileDir);
 #if defined(DEBUG)
+  // For WebReplay middleman processes, the sandbox is
+  // started after receiving the SetProcessSandbox message.
   if (IsContentSandboxEnabled() &&
-      Preferences::GetBool("security.sandbox.content.mac.earlyinit")) {
+      Preferences::GetBool("security.sandbox.content.mac.earlyinit") &&
+      !recordreplay::IsMiddleman()) {
     AssertMacSandboxEnabled();
   }
 #endif /* DEBUG */
 #endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
 
 #if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
   SetUpSandboxEnvironment();
 #endif