Backed out 2 changesets (bug 1488439) for build bustage at /build/src/dom/plugins/ipc/PluginProcessParent.cpp on a CLOSED TREE
authorCoroiu Cristina <ccoroiu@mozilla.com>
Fri, 12 Oct 2018 21:00:41 +0300
changeset 489378 32af88ce76dab548742417a74be9a13043540143
parent 489377 a9cb7624c15de659ef31809a19bac825d46e4b18
child 489379 7c1aecbca3ddeb55c60b943a123eb65a052f8594
push id247
push userfmarier@mozilla.com
push dateSat, 27 Oct 2018 01:06:44 +0000
bugs1488439
milestone64.0a1
backs out74b2087ee696eb7369b65727b81fc67121789f7d
85575fc37555213a204b8565bbadef7270edd19e
Backed out 2 changesets (bug 1488439) for build bustage at /build/src/dom/plugins/ipc/PluginProcessParent.cpp on a CLOSED TREE Backed out changeset 74b2087ee696 (bug 1488439) Backed out changeset 85575fc37555 (bug 1488439)
browser/app/profile/firefox.js
dom/plugins/ipc/FunctionBroker.h
dom/plugins/ipc/FunctionBrokerIPCUtils.h
dom/plugins/ipc/FunctionHook.cpp
dom/plugins/ipc/IpdlTuple.h
dom/plugins/ipc/PluginModuleChild.cpp
dom/plugins/ipc/PluginModuleChild.h
dom/plugins/ipc/PluginProcessChild.cpp
dom/plugins/ipc/PluginProcessParent.cpp
security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
toolkit/xre/nsXREDirProvider.cpp
toolkit/xre/nsXREDirProvider.h
xpcom/io/nsAppDirectoryServiceDefs.h
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1094,25 +1094,22 @@ pref("security.sandbox.content.syscall_w
 // broad list for now, has to be refined over time
 pref("security.sandbox.pledge.main", "stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast");
 #if defined(MOZ_CONTENT_SANDBOX)
 pref("security.sandbox.content.level", 1);
 pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
 #endif
 #endif
 
-#if defined(MOZ_SANDBOX)
-#if defined(MOZ_CONTENT_SANDBOX)
+#if defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
 // ID (a UUID when set by gecko) that is used to form the name of a
 // sandbox-writable temporary directory to be used by content processes
 // when a temporary writable file is required in a level 1 sandbox.
 pref("security.sandbox.content.tempDirSuffix", "");
 #endif
-pref("security.sandbox.plugin.tempDirSuffix", "");
-#endif
 
 #if defined(MOZ_SANDBOX)
 // This pref determines if messages relevant to sandbox violations are
 // logged.
 #if defined(XP_WIN) || defined(XP_MACOSX)
 pref("security.sandbox.logging.enabled", false);
 #endif
 #endif
--- a/dom/plugins/ipc/FunctionBroker.h
+++ b/dom/plugins/ipc/FunctionBroker.h
@@ -284,18 +284,16 @@ inline bool ParameterEquality(const char
   * A type map _from_ the type of a parameter in the original function
   * we are brokering _to_ a type that we can marshal.  We must be able
   * to Copy() the marshaled type using the parameter type.
   * The default maps from type T back to type T.
   */
 template<typename OrigType> struct IPCTypeMap     { typedef OrigType ipc_type; };
 template<> struct IPCTypeMap<char*>               { typedef nsDependentCSubstring ipc_type; };
 template<> struct IPCTypeMap<const char*>         { typedef nsDependentCSubstring ipc_type; };
-template<> struct IPCTypeMap<wchar_t*>            { typedef nsString ipc_type; };
-template<> struct IPCTypeMap<const wchar_t*>      { typedef nsString ipc_type; };
 template<> struct IPCTypeMap<long>                { typedef int32_t ipc_type; };
 template<> struct IPCTypeMap<unsigned long>       { typedef uint32_t ipc_type; };
 
 #if defined(XP_WIN)
 template<> struct IPCTypeMap<PSecHandle>          { typedef uint64_t ipc_type; };
 template<> struct IPCTypeMap<PTimeStamp>          { typedef uint64_t ipc_type; };
 template<> struct IPCTypeMap<void*>               { typedef uint64_t ipc_type; }; // HANDLEs
 template<> struct IPCTypeMap<HWND>                { typedef NativeWindowHandle ipc_type; };
@@ -501,27 +499,16 @@ struct BaseEndpointHandler<CLIENT,SelfTy
     // In the client, we just bind to the caller's string
     if (aSrc) {
       aDest.Rebind(aSrc, strlen(aSrc));
     } else {
       aDest.SetIsVoid(true);
     }
   }
 
-  inline static void Copy(nsString& aDest, wchar_t* const& aSrc)
-  {
-    if (aSrc) {
-      // We are using nsString as a "raw" container for a wchar_t string.  We
-      // just use its data as a wchar_t* later (so the reinterpret_cast is safe).
-      aDest.Rebind(reinterpret_cast<char16_t*>(aSrc), wcslen(aSrc));
-    } else {
-      aDest.SetIsVoid(true);
-    }
-  }
-
   inline static void Copy(char*& aDest, const nsDependentCSubstring& aSrc)
   {
     MOZ_ASSERT_UNREACHABLE("Returning char* parameters is not yet suported.");
   }
 
 #if defined(XP_WIN)
   inline static void Copy(uint32_t& aDest, const LPDWORD& aSrc)
   {
@@ -589,37 +576,16 @@ struct BaseEndpointHandler<SERVER, SelfT
 
   inline static void Copy(ServerCallData* aScd, const char*& aDest, const nsDependentCSubstring& aSrc)
   {
     char* nonConstDest;
     Copy(aScd, nonConstDest, aSrc);
     aDest = nonConstDest;
   }
 
-  inline static void Copy(ServerCallData* aScd, wchar_t*& aDest, const nsString& aSrc)
-  {
-    // Allocating the string with aScd means it will last during the server call
-    // and be freed when the call is complete.
-    MOZ_ASSERT(aScd);
-    if (aSrc.IsVoid()) {
-      aDest = nullptr;
-      return;
-    }
-    aScd->AllocateMemory((aSrc.Length() + 1)*sizeof(wchar_t), aDest);
-    memcpy(aDest, aSrc.Data(), aSrc.Length() * sizeof(wchar_t));
-    aDest[aSrc.Length()] = L'\0';
-  }
-
-  inline static void Copy(ServerCallData* aScd, const wchar_t*& aDest, const nsString& aSrc)
-  {
-    wchar_t* nonConstDest;
-    Copy(aScd, nonConstDest, aSrc);
-    aDest = nonConstDest;
-  }
-
 #if defined(XP_WIN)
   inline static void Copy(uint32_t& aDest, const LPDWORD& aSrc)
   {
     aDest = *aSrc;
   }
 
   inline static void Copy(LPDWORD& aDest, const uint32_t& aSrc)
   {
--- a/dom/plugins/ipc/FunctionBrokerIPCUtils.h
+++ b/dom/plugins/ipc/FunctionBrokerIPCUtils.h
@@ -43,17 +43,16 @@ enum FunctionHookId
   , ID_HttpEndRequestA
   , ID_InternetQueryOptionA
   , ID_InternetErrorDlg
   , ID_AcquireCredentialsHandleA
   , ID_QueryCredentialsAttributesA
   , ID_FreeCredentialsHandle
   , ID_PrintDlgW
   , ID_CreateMutexW
-  , ID_GetFileAttributesW
   , ID_FunctionHookCount
 #else // defined(XP_WIN)
     ID_FunctionHookCount
 #endif // defined(XP_WIN)
 };
 
 // Max number of bytes to show when logging a blob of raw memory
 static const uint32_t MAX_BLOB_CHARS_TO_LOG = 12;
--- a/dom/plugins/ipc/FunctionHook.cpp
+++ b/dom/plugins/ipc/FunctionHook.cpp
@@ -6,17 +6,16 @@
 
 #include "FunctionHook.h"
 #include "FunctionBroker.h"
 #include "nsClassHashtable.h"
 #include "mozilla/ClearOnShutdown.h"
 
 #if defined(XP_WIN)
 #include <shlobj.h>
-#include "PluginModuleChild.h"
 #endif
 
 namespace mozilla {
 namespace plugins {
 
 StaticAutoPtr<FunctionHookArray> FunctionHook::sFunctionHooks;
 
 bool AlwaysHook(int) { return true; }
@@ -304,66 +303,30 @@ void FunctionHook::HookProtectedMode()
   // Legacy code.  Uses the nsWindowsDLLInterceptor directly instead of
   // using the FunctionHook
   sKernel32Intercept.Init("kernel32.dll");
   MOZ_ASSERT(XRE_GetProcessType() == GeckoProcessType_Plugin);
   sCreateFileWStub.Set(sKernel32Intercept, "CreateFileW", &CreateFileWHookFn);
   sCreateFileAStub.Set(sKernel32Intercept, "CreateFileA", &CreateFileAHookFn);
 }
 
-/* GetFileAttributesW */
-
-typedef BasicFunctionHook<ID_GetFileAttributesW, decltype(GetFileAttributesW)> GetFileAttributesWFH;
-
-DWORD WINAPI GetFileAttributesWHook(LPCWSTR aFilename)
-{
-  MOZ_ASSERT(ID_GetFileAttributesW < FunctionHook::GetHooks()->Length());
-  GetFileAttributesWFH* functionHook =
-    static_cast<GetFileAttributesWFH*>(FunctionHook::GetHooks()->ElementAt(ID_GetFileAttributesW));
-  if (!functionHook->OriginalFunction()) {
-    NS_ASSERTION(FALSE, "Something is horribly wrong in GetFileAttributesWHook!");
-    return FALSE;
-  }
-
-  DWORD ret = functionHook->OriginalFunction()(aFilename);
-  if (ret != INVALID_FILE_ATTRIBUTES) {
-    return ret;
-  }
-
-  // If aFilename is a parent of PluginModuleChild::GetFlashRoamingPath then
-  // assume it was blocked by the sandbox and just report it as a plain directory.
-  size_t len = wcslen(aFilename);
-  std::wstring roamingPath = PluginModuleChild::GetFlashRoamingPath();
-  bool isParent =
-    (len > 0) && (aFilename[len - 1] == L'\\') &&
-    (_wcsnicmp(aFilename, roamingPath.c_str(), len) == 0);
-  if (!isParent) {
-    return ret;
-  }
-  return FILE_ATTRIBUTE_DIRECTORY;
-}
-
 #endif // defined(XP_WIN)
 
 #define FUN_HOOK(x) static_cast<FunctionHook*>(x)
 
 void
 FunctionHook::AddFunctionHooks(FunctionHookArray& aHooks)
 {
   // We transfer ownership of the FunctionHook objects to the array.
 #if defined(XP_WIN)
   aHooks[ID_GetWindowInfo] =
     FUN_HOOK(new GetWindowInfoFH("user32.dll", "GetWindowInfo",
                                  &GetWindowInfo, &GetWindowInfoHook));
   aHooks[ID_PrintDlgW] =
     FUN_HOOK(new PrintDlgWFH("comdlg32.dll", "PrintDlgW", &PrintDlgW,
                              PrintDlgWHook));
-  aHooks[ID_GetFileAttributesW] =
-    FUN_HOOK(new GetFileAttributesWFH("kernel32.dll", "GetFileAttributesW",
-                                      &GetFileAttributesW,
-                                      &GetFileAttributesWHook));
 #endif // defined(XP_WIN)
 }
 
 #undef FUN_HOOK
 
 } // namespace plugins
 } // namespace mozilla
--- a/dom/plugins/ipc/IpdlTuple.h
+++ b/dom/plugins/ipc/IpdlTuple.h
@@ -34,23 +34,23 @@ public:
   const MaybeVariantType& GetVariant() const { return mValue; }
 
 private:
   MaybeVariantType mValue;
 };
 
 #if defined(XP_WIN)
 typedef MaybeVariant<int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,
-                     int64_t,uint64_t,nsCString,nsString,bool,OpenFileNameIPC,
+                     int64_t,uint64_t,nsCString,bool,OpenFileNameIPC,
                      OpenFileNameRetIPC,NativeWindowHandle,
                      IPCSchannelCred,IPCInternetBuffers,StringArray,
                      IPCPrintDlg> IpdlTupleElement;
 #else
 typedef MaybeVariant<int8_t,uint8_t,int16_t,uint16_t,int32_t,uint32_t,
-                     int64_t,uint64_t,nsCString,nsString,bool> IpdlTupleElement;
+                     int64_t,uint64_t,nsCString,bool> IpdlTupleElement;
 #endif // defined(XP_WIN)
 
 } // namespace internal
 } // namespace plugins
 } // namespace mozilla
 
 DECLARE_USE_COPY_CONSTRUCTORS(mozilla::plugins::internal::IpdlTupleElement)
 
--- a/dom/plugins/ipc/PluginModuleChild.cpp
+++ b/dom/plugins/ipc/PluginModuleChild.cpp
@@ -60,19 +60,16 @@
 
 using namespace mozilla;
 using namespace mozilla::ipc;
 using namespace mozilla::plugins;
 using namespace mozilla::widget;
 
 #if defined(XP_WIN)
 const wchar_t * kFlashFullscreenClass = L"ShockwaveFlashFullScreen";
-#if defined(MOZ_SANDBOX)
-std::wstring sRoamingPath;
-#endif
 #endif
 
 namespace {
 // see PluginModuleChild::GetChrome()
 PluginModuleChild* gChromeInstance = nullptr;
 } // namespace
 
 #ifdef XP_WIN
@@ -206,44 +203,24 @@ PluginModuleChild::RecvDisableFlashProte
 void
 PluginModuleChild::EnableFlashSandbox(int aLevel, bool aShouldEnableLogging)
 {
     mFlashSandboxLevel = aLevel;
     mEnableFlashSandboxLogging = aShouldEnableLogging;
 }
 #endif
 
-#if defined(OS_WIN) && defined(MOZ_SANDBOX)
-/* static */ void
-PluginModuleChild::SetFlashRoamingPath(const std::wstring& aRoamingPath)
-{
-  MOZ_ASSERT(sRoamingPath.empty());
-  sRoamingPath = aRoamingPath;
-}
-
-/* static */ std::wstring
-PluginModuleChild::GetFlashRoamingPath()
-{
-  return sRoamingPath;
-}
-#endif
-
 bool
 PluginModuleChild::InitForChrome(const std::string& aPluginFilename,
                                  base::ProcessId aParentPid,
                                  MessageLoop* aIOLoop,
                                  IPC::Channel* aChannel)
 {
     NS_ASSERTION(aChannel, "need a channel");
 
-#if defined(OS_WIN) && defined(MOZ_SANDBOX)
-    MOZ_ASSERT(!sRoamingPath.empty(),
-               "Should have already called SetFlashRoamingPath");
-#endif
-
     if (!InitGraphics())
         return false;
 
     mPluginFilename = aPluginFilename.c_str();
     nsCOMPtr<nsIFile> localFile;
     NS_NewLocalFile(NS_ConvertUTF8toUTF16(mPluginFilename),
                     true,
                     getter_AddRefs(localFile));
--- a/dom/plugins/ipc/PluginModuleChild.h
+++ b/dom/plugins/ipc/PluginModuleChild.h
@@ -120,23 +120,16 @@ protected:
     virtual mozilla::ipc::IPCResult
     AnswerModuleSupportsAsyncRender(bool* aResult) override;
 public:
     explicit PluginModuleChild(bool aIsChrome);
     virtual ~PluginModuleChild();
 
     void CommonInit();
 
-#if defined(OS_WIN) && defined(MOZ_SANDBOX)
-    // Path to the roaming Flash Player folder.  This is used to restore some
-    // behavior blocked by the sandbox.
-    static void SetFlashRoamingPath(const std::wstring& aRoamingPath);
-    static std::wstring GetFlashRoamingPath();
-#endif
-
     // aPluginFilename is UTF8, not native-charset!
     bool InitForChrome(const std::string& aPluginFilename,
                        base::ProcessId aParentPid,
                        MessageLoop* aIOLoop,
                        IPC::Channel* aChannel);
 
     bool InitForContent(Endpoint<PPluginModuleChild>&& aEndpoint);
 
--- a/dom/plugins/ipc/PluginProcessChild.cpp
+++ b/dom/plugins/ipc/PluginProcessChild.cpp
@@ -24,45 +24,28 @@
 // An undocumented CoreGraphics framework method, present in the same form
 // since at least OS X 10.5.
 extern "C" CGError CGSSetDebugOptions(int options);
 #endif
 
 #ifdef XP_WIN
 #if defined(MOZ_SANDBOX)
 #include "mozilla/sandboxTarget.h"
-#include "ProcessUtils.h"
-#include "nsDirectoryService.h"
 #endif
 #endif
 
 using mozilla::ipc::IOThreadChild;
 
 #ifdef OS_WIN
 #include <algorithm>
 #endif
 
 namespace mozilla {
 namespace plugins {
 
-#if defined(XP_WIN) && defined(MOZ_SANDBOX)
-static void
-SetSandboxTempPath(const std::wstring& aFullTmpPath)
-{
-  // Save the TMP environment variable so that is is picked up by GetTempPath().
-  // Note that we specifically write to the TMP variable, as that is the first
-  // variable that is checked by GetTempPath() to determine its output.
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TMP", aFullTmpPath.c_str()));
-
-  // We also set TEMP in case there is naughty third-party code that is
-  // referencing the environment variable directly.
-  Unused << NS_WARN_IF(!SetEnvironmentVariableW(L"TEMP", aFullTmpPath.c_str()));
-}
-#endif
-
 bool
 PluginProcessChild::Init(int aArgc, char* aArgv[])
 {
     nsDebugImpl::SetMultiprocessMode("NPAPI");
 
 #if defined(XP_MACOSX)
     // Remove the trigger for "dyld interposing" that we added in
     // GeckoChildProcessHost::PerformAsyncLaunch(), in the host
@@ -131,39 +114,27 @@ PluginProcessChild::Init(int aArgc, char
     }
 #endif
 
 #elif defined(OS_WIN)
     std::vector<std::wstring> values =
         CommandLine::ForCurrentProcess()->GetLooseValues();
     MOZ_ASSERT(values.size() >= 1, "not enough loose args");
 
-    // parameters are:
-    // values[0] is path to plugin DLL
-    // values[1] is path to folder that should be used for temp files
-    // values[2] is path to the Flash Player roaming folder
-    //   (this is always that Flash folder, regardless of what plugin is being run)
     pluginFilename = WideToUTF8(values[0]);
 
     // We don't initialize XPCOM but we need the thread manager and the
     // logging framework for the FunctionBroker.
     NS_SetMainThread();
     mozilla::TimeStamp::Startup();
     NS_LogInit();
     mozilla::LogModule::Init(aArgc, aArgv);
     nsThreadManager::get().Init();
 
 #if defined(MOZ_SANDBOX)
-    MOZ_ASSERT(values.size() >= 3, "not enough loose args for sandboxed plugin process");
-
-    // The sandbox closes off the default location temp file location so we set
-    // a new one here (regardless of whether or not we are sandboxing).
-    SetSandboxTempPath(values[1]);
-    PluginModuleChild::SetFlashRoamingPath(values[2]);
-
     // This is probably the earliest we would want to start the sandbox.
     // As we attempt to tighten the sandbox, we may need to consider moving this
     // to later in the plugin initialization.
     mozilla::SandboxTarget::Instance()->StartSandbox();
 #endif
 #else
 #  error Sorry
 #endif
--- a/dom/plugins/ipc/PluginProcessParent.cpp
+++ b/dom/plugins/ipc/PluginProcessParent.cpp
@@ -4,21 +4,16 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/plugins/PluginProcessParent.h"
 
 #include "base/string_util.h"
 #include "base/process_util.h"
 
-#include "nsAppDirectoryServiceDefs.h"
-#include "nsDirectoryServiceDefs.h"
-#include "nsIProperties.h"
-#include "nsServiceManagerUtils.h"
-
 #include "mozilla/ipc/BrowserProcessSubThread.h"
 #include "mozilla/plugins/PluginMessageUtils.h"
 #include "mozilla/Telemetry.h"
 #include "nsThreadUtils.h"
 
 using std::vector;
 using std::string;
 
@@ -88,50 +83,16 @@ PluginProcessParent::Launch(mozilla::Uni
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
     if (aSandboxLevel > 0) {
         args.push_back("-flashSandboxLevel");
         args.push_back(std::to_string(aSandboxLevel));
         if (aIsSandboxLoggingEnabled) {
             args.push_back("-flashSandboxLogging");
         }
     }
-#elseif defined(XP_WIN) && defined(MOZ_SANDBOX)
-    nsresult rv;
-    nsCOMPtr<nsIProperties> dirSvc =
-      do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
-    if (NS_FAILED(rv)) {
-      MOZ_ASSERT(false, "Failed to get directory service.");
-      return false;
-    }
-
-    nsCOMPtr<nsIFile> dir;
-    rv =
-      dirSvc->Get(NS_APP_PLUGIN_PROCESS_TEMP_DIR, NS_GET_IID(nsIFile),
-                  getter_AddRefs(dir));
-    if (NS_FAILED(rv)) {
-      NS_WARNING("Failed to get plugin process temp directory.");
-      return false;
-    }
-
-    nsAutoString tempDir;
-    MOZ_ALWAYS_SUCCEEDS(dir->GetPath(tempDir));
-    args.push_back(NS_ConvertUTF16toUTF8(tempDir).get());
-
-    rv =
-      dirSvc->Get(NS_WIN_APPDATA_DIR, NS_GET_IID(nsIFile),
-                  getter_AddRefs(dir));
-    if (NS_FAILED(rv)) {
-      NS_WARNING("Failed to get appdata directory.");
-      return false;
-    }
-
-    nsAutoString appdataDir;
-    MOZ_ALWAYS_SUCCEEDS(dir->GetPath(appdataDir));
-    appdataDir.Append(L"\\Adobe\\");
-    args.push_back(NS_ConvertUTF16toUTF8(appdataDir).get());
 #endif
 
     bool result = AsyncLaunch(args);
     if (!result) {
         mLaunchCompleteTask = nullptr;
     }
     return result;
 }
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -39,17 +39,16 @@ sandbox::BrokerServices *SandboxBroker::
 // fundamental things when running from a network drive. We default to false in
 // case those checks fail as that gives us the strongest policy.
 bool SandboxBroker::sRunningFromNetworkDrive = false;
 
 // Cached special directories used for adding policy rules.
 static UniquePtr<nsString> sBinDir;
 static UniquePtr<nsString> sProfileDir;
 static UniquePtr<nsString> sContentTempDir;
-static UniquePtr<nsString> sPluginTempDir;
 static UniquePtr<nsString> sRoamingAppDataDir;
 static UniquePtr<nsString> sLocalAppDataDir;
 static UniquePtr<nsString> sUserExtensionsDevDir;
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
 static UniquePtr<nsString> sUserExtensionsDir;
 #endif
 
 // Cached prefs which are needed off main thread.
@@ -111,17 +110,16 @@ SandboxBroker::GeckoDependentInitialize(
     MOZ_ASSERT(false, "Failed to get directory service, cannot cache directories for rules.");
     LOG_E("Failed to get directory service, cannot cache directories for rules.");
     return;
   }
 
   CacheDirAndAutoClear(dirSvc, NS_GRE_DIR, &sBinDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
   CacheDirAndAutoClear(dirSvc, NS_APP_CONTENT_PROCESS_TEMP_DIR, &sContentTempDir);
-  CacheDirAndAutoClear(dirSvc, NS_APP_PLUGIN_PROCESS_TEMP_DIR, &sPluginTempDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_APPDATA_DIR, &sRoamingAppDataDir);
   CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
   CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DEV_DIR, &sUserExtensionsDevDir);
 #ifdef ENABLE_SYSTEM_EXTENSION_DIRS
   CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR, &sUserExtensionsDir);
 #endif
 
   // Create sLaunchErrors up front because ClearOnShutdown must be called on the
@@ -696,16 +694,21 @@ SandboxBroker::SetSecurityLevelForPlugin
     delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
   } else {
     jobLevel = sandbox::JOB_NONE;
     accessTokenLevel = sandbox::USER_NON_ADMIN;
     initialIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
     delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_MEDIUM;
   }
 
+#ifndef NIGHTLY_BUILD
+  // We are experimenting with using restricting SIDs in the nightly builds
+  mPolicy->SetDoNotUseRestrictingSIDs();
+#endif
+
   sandbox::ResultCode result = SetJobLevel(mPolicy, jobLevel,
                                            0 /* ui_exceptions */);
   SANDBOX_ENSURE_SUCCESS(result,
                          "Setting job level failed, have you set memory limit when jobLevel == JOB_NONE?");
 
   result = mPolicy->SetTokenLevel(sandbox::USER_RESTRICTED_SAME_ACCESS,
                                   accessTokenLevel);
   SANDBOX_ENSURE_SUCCESS(result,
@@ -741,25 +744,16 @@ SandboxBroker::SetSecurityLevelForPlugin
 
   sandbox::MitigationFlags delayedMitigations =
     sandbox::MITIGATION_DLL_SEARCH_ORDER;
 
   result = mPolicy->SetDelayedProcessMitigations(delayedMitigations);
   SANDBOX_ENSURE_SUCCESS(result,
                          "Invalid flags for SetDelayedProcessMitigations.");
 
-#ifndef NIGHTLY_BUILD
-  // We are experimenting with using restricting SIDs in the nightly builds
-  mPolicy->SetDoNotUseRestrictingSIDs();
-#else
-  // Add rule to allow read / write access to a special plugin temp dir.
-  AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
-                   sPluginTempDir, NS_LITERAL_STRING("\\*"));
-#endif
-
   if (aSandboxLevel >= 2) {
     // Level 2 and above uses low integrity, so we need to give write access to
     // the Flash directories.
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
                      sRoamingAppDataDir,
                      NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
     AddCachedDirRule(mPolicy, sandbox::TargetPolicy::FILES_ALLOW_ANY,
                      sLocalAppDataDir,
--- a/toolkit/xre/nsXREDirProvider.cpp
+++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -77,21 +77,21 @@
 #define APP_REGISTRY_NAME "registry.dat"
 #else
 #define APP_REGISTRY_NAME "appreg"
 #endif
 
 #define PREF_OVERRIDE_DIRNAME "preferences"
 
 #if defined(MOZ_CONTENT_SANDBOX)
-static already_AddRefed<nsIFile> GetProcessSandboxTempDir(GeckoProcessType type);
+static already_AddRefed<nsIFile> GetContentProcessSandboxTempDir();
 static nsresult DeleteDirIfExists(nsIFile *dir);
 static bool IsContentSandboxDisabled();
-static const char* GetProcessTempBaseDirKey();
-static already_AddRefed<nsIFile> CreateProcessSandboxTempDir(GeckoProcessType procType);
+static const char* GetContentProcessTempBaseDirKey();
+static already_AddRefed<nsIFile> CreateContentProcessSandboxTempDir();
 #endif
 
 nsXREDirProvider* gDirServiceProvider = nullptr;
 nsIFile* gDataDirHomeLocal = nullptr;
 nsIFile* gDataDirHome = nullptr;
 
 // These are required to allow nsXREDirProvider to be usable in xpcshell tests.
 // where gAppData is null.
@@ -521,25 +521,17 @@ nsXREDirProvider::GetFile(const char* aP
   }
 #if defined(MOZ_CONTENT_SANDBOX)
   else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) {
     if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) {
       return rv;
     }
     rv = mContentTempDir->Clone(getter_AddRefs(file));
   }
-#endif // defined(MOZ_CONTENT_SANDBOX)
-#if defined(MOZ_SANDBOX)
-  else if (0 == strcmp(aProperty, NS_APP_PLUGIN_PROCESS_TEMP_DIR)) {
-    if (!mPluginTempDir && NS_FAILED((rv = LoadPluginProcessTempDir()))) {
-      return rv;
-    }
-    rv = mPluginTempDir->Clone(getter_AddRefs(file));
-  }
-#endif // defined(MOZ_SANDBOX)
+#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
   else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) {
     // We need to allow component, xpt, and chrome registration to
     // occur prior to the profile-after-change notification.
     if (!strcmp(aProperty, NS_APP_USER_CHROME_DIR)) {
       rv = file->AppendNative(NS_LITERAL_CSTRING("chrome"));
     }
   }
 
@@ -669,47 +661,42 @@ nsXREDirProvider::GetFiles(const char* a
 
   rv = NS_NewUnionEnumerator(aResult, appEnum, xreEnum);
   if (NS_FAILED(rv))
     return rv;
 
   return NS_SUCCESS_AGGREGATE_RESULT;
 }
 
-#if defined(MOZ_SANDBOX)
+#if defined(MOZ_CONTENT_SANDBOX)
 
 static const char*
-GetProcessTempBaseDirKey()
+GetContentProcessTempBaseDirKey()
 {
 #if defined(XP_WIN)
   return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
 #else
   return NS_OS_TEMP_DIR;
 #endif
 }
 
-#if defined(MOZ_CONTENT_SANDBOX)
 //
 // Sets mContentTempDir so that it refers to the appropriate temp dir.
 // If the sandbox is enabled, NS_APP_CONTENT_PROCESS_TEMP_DIR, otherwise
 // NS_OS_TEMP_DIR is used.
 //
 nsresult
 nsXREDirProvider::LoadContentProcessTempDir()
 {
   // The parent is responsible for creating the sandbox temp dir.
   if (XRE_IsParentProcess()) {
-    mContentProcessSandboxTempDir =
-      CreateProcessSandboxTempDir(GeckoProcessType_Content);
+    mContentProcessSandboxTempDir = CreateContentProcessSandboxTempDir();
     mContentTempDir = mContentProcessSandboxTempDir;
   } else {
-    mContentTempDir =
-      !IsContentSandboxDisabled() ?
-        GetProcessSandboxTempDir(GeckoProcessType_Content) :
-        nullptr;
+    mContentTempDir = GetContentProcessSandboxTempDir();
   }
 
   if (!mContentTempDir) {
     nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
                                          getter_AddRefs(mContentTempDir));
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return rv;
     }
@@ -721,127 +708,76 @@ nsXREDirProvider::LoadContentProcessTemp
   // reject those rules.
   if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mContentTempDir)) {
     NS_WARNING("Failed to resolve Content Temp Dir.");
   }
 #endif
 
   return NS_OK;
 }
-#endif
-
-//
-// Sets mPluginTempDir so that it refers to the appropriate temp dir.
-// If NS_APP_PLUGIN_PROCESS_TEMP_DIR fails for any reason, NS_OS_TEMP_DIR
-// is used.
-//
-nsresult
-nsXREDirProvider::LoadPluginProcessTempDir()
-{
-  // The parent is responsible for creating the sandbox temp dir.
-  if (XRE_IsParentProcess()) {
-    mPluginProcessSandboxTempDir =
-      CreateProcessSandboxTempDir(GeckoProcessType_Plugin);
-    mPluginTempDir = mPluginProcessSandboxTempDir;
-  } else {
-    MOZ_ASSERT(XRE_IsPluginProcess());
-    mPluginTempDir = GetProcessSandboxTempDir(GeckoProcessType_Plugin);
-  }
-
-  if (!mPluginTempDir) {
-    nsresult rv = NS_GetSpecialDirectory(NS_OS_TEMP_DIR,
-                                         getter_AddRefs(mPluginTempDir));
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-      return rv;
-    }
-  }
-
-#if defined(XP_WIN)
-  // The temp dir is used in sandbox rules, so we need to make sure
-  // it doesn't contain any junction points or symlinks or the sandbox will
-  // reject those rules.
-  if (!mozilla::widget::WinUtils::ResolveJunctionPointsAndSymLinks(mPluginTempDir)) {
-    NS_WARNING("Failed to resolve plugin temp dir.");
-  }
-#endif
-
-  return NS_OK;
-}
 
 static bool
 IsContentSandboxDisabled()
 {
   return !BrowserTabsRemoteAutostart() || (!IsContentSandboxEnabled());
 }
 
 //
-// If a process sandbox temp dir is to be used, returns an nsIFile
-// for the directory. Returns null if an error occurs.
+// If a content process sandbox temp dir is to be used, returns an nsIFile
+// for the directory. Returns null if the content sandbox is disabled or
+// an error occurs.
 //
 static already_AddRefed<nsIFile>
-GetProcessSandboxTempDir(GeckoProcessType type)
+GetContentProcessSandboxTempDir()
 {
+  if (IsContentSandboxDisabled()) {
+    return nullptr;
+  }
+
   nsCOMPtr<nsIFile> localFile;
 
-  nsresult rv = NS_GetSpecialDirectory(GetProcessTempBaseDirKey(),
+  nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(),
                                        getter_AddRefs(localFile));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
-  MOZ_ASSERT((type == GeckoProcessType_Content) ||
-             (type == GeckoProcessType_Plugin));
-
-  const char* prefKey =
-    (type == GeckoProcessType_Content) ?
-      "security.sandbox.content.tempDirSuffix" :
-      "security.sandbox.plugin.tempDirSuffix";
-
   nsAutoString tempDirSuffix;
-  rv = Preferences::GetString(prefKey, tempDirSuffix);
+  rv = Preferences::GetString("security.sandbox.content.tempDirSuffix",
+                              tempDirSuffix);
   if (NS_WARN_IF(NS_FAILED(rv)) || tempDirSuffix.IsEmpty()) {
     return nullptr;
   }
 
   rv = localFile->Append(NS_LITERAL_STRING("Temp-") + tempDirSuffix);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
   return localFile.forget();
 }
 
 //
-// Create a temporary directory for use from sandboxed processes.
+// Create a temporary directory for use from sandboxed content processes.
 // Only called in the parent. The path is derived from a UUID stored in a
-// pref which is available to content and plugin processes. Returns null
-// if the content sandbox is disabled or if an error occurs.
+// pref which is available to content processes. Returns null if the
+// content sandbox is disabled or if an error occurs.
 //
 static already_AddRefed<nsIFile>
-CreateProcessSandboxTempDir(GeckoProcessType procType)
+CreateContentProcessSandboxTempDir()
 {
-#if defined(MOZ_CONTENT_SANDBOX)
-  if ((procType == GeckoProcessType_Content) &&
-      IsContentSandboxDisabled()) {
+  if (IsContentSandboxDisabled()) {
     return nullptr;
   }
-#endif
-
-  MOZ_ASSERT((procType == GeckoProcessType_Content) ||
-             (procType == GeckoProcessType_Plugin));
 
   // Get (and create if blank) temp directory suffix pref.
-  const char* pref =
-    (procType == GeckoProcessType_Content) ?
-      "security.sandbox.content.tempDirSuffix" :
-      "security.sandbox.plugin.tempDirSuffix";
-
   nsresult rv;
   nsAutoString tempDirSuffix;
-  Preferences::GetString(pref, tempDirSuffix);
+  Preferences::GetString("security.sandbox.content.tempDirSuffix",
+                         tempDirSuffix);
   if (tempDirSuffix.IsEmpty()) {
     nsCOMPtr<nsIUUIDGenerator> uuidgen =
       do_GetService("@mozilla.org/uuid-generator;1", &rv);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return nullptr;
     }
 
     nsID uuid;
@@ -855,17 +791,18 @@ CreateProcessSandboxTempDir(GeckoProcess
     tempDirSuffix.AssignASCII(uuidChars, NSID_LENGTH);
 #ifdef XP_UNIX
     // Braces in a path are somewhat annoying to deal with
     // and pretty alien on Unix
     tempDirSuffix.StripChars(u"{}");
 #endif
 
     // Save the pref
-    rv = Preferences::SetString(pref, tempDirSuffix);
+    rv = Preferences::SetString("security.sandbox.content.tempDirSuffix",
+                                tempDirSuffix);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       // If we fail to save the pref we don't want to create the temp dir,
       // because we won't be able to clean it up later.
       return nullptr;
     }
 
     nsCOMPtr<nsIPrefService> prefsvc = Preferences::GetService();
     if (!prefsvc || NS_FAILED((rv = prefsvc->SavePrefFile(nullptr)))) {
@@ -874,17 +811,17 @@ CreateProcessSandboxTempDir(GeckoProcess
       // the preference values allows an off main thread save, the successful
       // return from the call doesn't mean we actually saved the file.  See
       // bug 1364496 for details.
       NS_WARNING("Failed to save pref file, cannot create temp dir.");
       return nullptr;
     }
   }
 
-  nsCOMPtr<nsIFile> sandboxTempDir = GetProcessSandboxTempDir(procType);
+  nsCOMPtr<nsIFile> sandboxTempDir = GetContentProcessSandboxTempDir();
   if (!sandboxTempDir) {
     NS_WARNING("Failed to determine sandbox temp dir path.");
     return nullptr;
   }
 
   // Remove the directory. It may exist due to a previous crash.
   if (NS_FAILED(DeleteDirIfExists(sandboxTempDir))) {
     NS_WARNING("Failed to reset sandbox temp dir.");
@@ -912,17 +849,17 @@ DeleteDirIfExists(nsIFile* dir)
     if (NS_FAILED(rv) && rv != NS_ERROR_FILE_NOT_FOUND &&
         rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST) {
       return rv;
     }
   }
   return NS_OK;
 }
 
-#endif // defined(MOZ_SANDBOX)
+#endif // defined(MOZ_CONTENT_SANDBOX)
 
 static const char *const kAppendPrefDir[] = { "defaults", "preferences", nullptr };
 
 #ifdef DEBUG_bsmedberg
 static void
 DumpFileArray(const char *key,
               nsCOMArray<nsIFile> dirs)
 {
@@ -1133,21 +1070,16 @@ nsXREDirProvider::DoStartup()
 #if defined(MOZ_CONTENT_SANDBOX)
     // Makes sure the content temp dir has been loaded if it hasn't been
     // already. In the parent this ensures it has been created before we attempt
     // to start any content processes.
     if (!mContentTempDir) {
       mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadContentProcessTempDir()));
     }
 #endif
-#if defined(MOZ_SANDBOX)
-    if (!mPluginTempDir) {
-      mozilla::Unused << NS_WARN_IF(NS_FAILED(LoadPluginProcessTempDir()));
-    }
-#endif
   }
   return NS_OK;
 }
 
 void
 nsXREDirProvider::DoShutdown()
 {
   AUTO_PROFILER_LABEL("nsXREDirProvider::DoShutdown", OTHER);
@@ -1170,24 +1102,21 @@ nsXREDirProvider::DoShutdown()
 
       obsSvc->NotifyObservers(nullptr, "profile-before-change", kShutdownPersist);
       obsSvc->NotifyObservers(nullptr, "profile-before-change-qm", kShutdownPersist);
       obsSvc->NotifyObservers(nullptr, "profile-before-change-telemetry", kShutdownPersist);
     }
     mProfileNotified = false;
   }
 
+#if defined(MOZ_CONTENT_SANDBOX)
   if (XRE_IsParentProcess()) {
-#if defined(MOZ_CONTENT_SANDBOX)
     Unused << DeleteDirIfExists(mContentProcessSandboxTempDir);
+  }
 #endif
-#if defined(MOZ_SANDBOX)
-    Unused << DeleteDirIfExists(mPluginProcessSandboxTempDir);
-#endif
-  }
 }
 
 #ifdef XP_WIN
 static nsresult
 GetShellFolderPath(KNOWNFOLDERID folder, nsAString& _retval)
 {
   DWORD flags = KF_FLAG_SIMPLE_IDLIST | KF_FLAG_DONT_VERIFY | KF_FLAG_NO_ALIAS;
   PWSTR path = nullptr;
--- a/toolkit/xre/nsXREDirProvider.h
+++ b/toolkit/xre/nsXREDirProvider.h
@@ -124,19 +124,16 @@ protected:
   // Internal helper that splits a path into components using the '/' and '\\'
   // delimiters.
   static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath);
 
 #if defined(MOZ_CONTENT_SANDBOX)
   // Load the temp directory for sandboxed content processes
   nsresult LoadContentProcessTempDir();
 #endif
-#if defined(MOZ_SANDBOX)
-  nsresult LoadPluginProcessTempDir();
-#endif
 
   void Append(nsIFile* aDirectory);
 
   nsCOMPtr<nsIDirectoryServiceProvider> mAppProvider;
   // On OSX, mGREDir points to .app/Contents/Resources
   nsCOMPtr<nsIFile>      mGREDir;
   // On OSX, mGREBinDir points to .app/Contents/MacOS
   nsCOMPtr<nsIFile>      mGREBinDir;
@@ -145,16 +142,12 @@ protected:
   nsCOMPtr<nsIFile>      mProfileDir;
   nsCOMPtr<nsIFile>      mProfileLocalDir;
   bool                   mProfileNotified;
   bool                   mPrefsInitialized = false;
 #if defined(MOZ_CONTENT_SANDBOX)
   nsCOMPtr<nsIFile>      mContentTempDir;
   nsCOMPtr<nsIFile>      mContentProcessSandboxTempDir;
 #endif
-#if defined(MOZ_SANDBOX)
-  nsCOMPtr<nsIFile>      mPluginTempDir;
-  nsCOMPtr<nsIFile>      mPluginProcessSandboxTempDir;
-#endif
   nsCOMArray<nsIFile>    mAppBundleDirectories;
 };
 
 #endif
--- a/xpcom/io/nsAppDirectoryServiceDefs.h
+++ b/xpcom/io/nsAppDirectoryServiceDefs.h
@@ -98,17 +98,11 @@
 //
 // At present, all sandboxed content processes use the same directory for
 // NS_APP_CONTENT_PROCESS_TEMP_DIR, but that should not be relied upon.
 //
 #define NS_APP_CONTENT_PROCESS_TEMP_DIR         "ContentTmpD"
 #else
 // Otherwise NS_APP_CONTENT_PROCESS_TEMP_DIR must match NS_OS_TEMP_DIR.
 #define NS_APP_CONTENT_PROCESS_TEMP_DIR         "TmpD"
-#endif // defined(MOZ_CONTENT_SANDBOX)
-
-#if defined(MOZ_SANDBOX)
-#define NS_APP_PLUGIN_PROCESS_TEMP_DIR          "PluginTmpD"
-#else
-#define NS_APP_PLUGIN_PROCESS_TEMP_DIR          "TmpD"
-#endif
+#endif // (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
 
 #endif // nsAppDirectoryServiceDefs_h___