Backed out changeset 201612a0b133
authorChris Jones <jones.chris.g@gmail.com>
Thu, 26 Jul 2012 21:55:41 -0700
changeset 102545 a1d1b2787e37e7940ec829d8544d5074d571396a
parent 102544 201612a0b13338a6d4d7c4df963fe9ff928b30c6
child 102546 34268322c4d4fdb3cb4dec5363d3fef3cb6567e6
push id18
push usershu@rfrn.org
push dateMon, 06 Aug 2012 22:42:45 +0000
milestone17.0a1
backs out201612a0b13338a6d4d7c4df963fe9ff928b30c6
Backed out changeset 201612a0b133
ipc/chromium/src/base/process_util.h
ipc/chromium/src/base/process_util_linux.cc
ipc/glue/GeckoChildProcessHost.cpp
--- a/ipc/chromium/src/base/process_util.h
+++ b/ipc/chromium/src/base/process_util.h
@@ -155,32 +155,21 @@ bool LaunchApp(const std::wstring& cmdli
 // Note that the first argument in argv must point to the filename,
 // and must be fully specified.
 typedef std::vector<std::pair<int, int> > file_handle_mapping_vector;
 bool LaunchApp(const std::vector<std::string>& argv,
                const file_handle_mapping_vector& fds_to_remap,
                bool wait, ProcessHandle* process_handle);
 
 typedef std::map<std::string, std::string> environment_map;
-enum ChildPrivileges {
-  UNPRIVILEGED,
-  SAME_PRIVILEGES_AS_PARENT
-};
-bool LaunchApp(const std::vector<std::string>& argv,
-               const file_handle_mapping_vector& fds_to_remap,
-               const environment_map& env_vars_to_set,
-               ChildPrivileges privs,
-               bool wait, ProcessHandle* process_handle,
-               ProcessArchitecture arch=GetCurrentProcessArchitecture());
 bool LaunchApp(const std::vector<std::string>& argv,
                const file_handle_mapping_vector& fds_to_remap,
                const environment_map& env_vars_to_set,
                bool wait, ProcessHandle* process_handle,
                ProcessArchitecture arch=GetCurrentProcessArchitecture());
-
 #endif
 
 // Executes the application specified by cl. This function delegates to one
 // of the above two platform-specific functions.
 bool LaunchApp(const CommandLine& cl,
                bool wait, bool start_hidden, ProcessHandle* process_handle);
 
 #if defined(OS_WIN)
--- a/ipc/chromium/src/base/process_util_linux.cc
+++ b/ipc/chromium/src/base/process_util_linux.cc
@@ -18,42 +18,25 @@
 #include "base/file_util.h"
 #include "base/logging.h"
 #include "base/string_tokenizer.h"
 #include "base/string_util.h"
 
 #ifdef ANDROID
 #include <pthread.h>
 /*
- * AID_APP is the first application UID used by Android. We're using
- * it as our unprivilegied UID.  This ensure the UID used is not
- * shared with any other processes than our own childs.
- */
-#include <private/android_filesystem_config.h>
-#define CHILD_UNPRIVILEGED_UID AID_APP
-#define CHILD_UNPRIVILEGED_GID AID_APP
-/*
- * Currently, PR_DuplicateEnvironment is implemented in
- * mozglue/build/BionicGlue.cpp
+ * Currently, PR_DuplicateEnvironment is implemented in mozglue/build/BionicGlue.cpp
  */
 #define HAVE_PR_DUPLICATE_ENVIRONMENT
 
 #include "plstr.h"
 #include "prenv.h"
 #include "prmem.h"
 /* Temporary until we have PR_DuplicateEnvironment in prenv.h */
 extern "C" { NSPR_API(pthread_mutex_t *)PR_GetEnvLock(void); }
-#else
-/*
- * On platforms that are not Android based, we fall back to an
- * arbitrary UID. This is generally the UID for user `nobody', albeit
- * it is not always the case.
- */
-#define CHILD_UNPRIVILEGED_UID 65534
-#define CHILD_UNPRIVILEGED_GID 65534
 #endif
 
 namespace {
 
 enum ParsingState {
   KEY_NAME,
   KEY_VALUE
 };
@@ -176,27 +159,16 @@ bool LaunchApp(const std::vector<std::st
                    wait, process_handle);
 }
 
 bool LaunchApp(const std::vector<std::string>& argv,
                const file_handle_mapping_vector& fds_to_remap,
                const environment_map& env_vars_to_set,
                bool wait, ProcessHandle* process_handle,
                ProcessArchitecture arch) {
-  return LaunchApp(argv, fds_to_remap, env_vars_to_set,
-                   SAME_PRIVILEGES_AS_PARENT,
-                   wait, process_handle);
-}
-
-bool LaunchApp(const std::vector<std::string>& argv,
-               const file_handle_mapping_vector& fds_to_remap,
-               const environment_map& env_vars_to_set,
-               ChildPrivileges privs,
-               bool wait, ProcessHandle* process_handle,
-               ProcessArchitecture arch) {
   scoped_array<char*> argv_cstr(new char*[argv.size() + 1]);
   // Illegal to allocate memory after fork and before execvp
   InjectiveMultimap fd_shuffle1, fd_shuffle2;
   fd_shuffle1.reserve(fds_to_remap.size());
   fd_shuffle2.reserve(fds_to_remap.size());
 
 #ifdef HAVE_PR_DUPLICATE_ENVIRONMENT
   Environment env;
@@ -223,29 +195,16 @@ bool LaunchApp(const std::vector<std::st
       _exit(127);
 
     CloseSuperfluousFds(fd_shuffle2);
 
     for (size_t i = 0; i < argv.size(); i++)
       argv_cstr[i] = const_cast<char*>(argv[i].c_str());
     argv_cstr[argv.size()] = NULL;
 
-    if (privs == UNPRIVILEGED) {
-      if (setgid(CHILD_UNPRIVILEGED_GID) != 0) {
-        DLOG(ERROR) << "FAILED TO setgid() CHILD PROCESS, path: " << argv_cstr[0];
-        _exit(127);
-      }
-      if (setuid(CHILD_UNPRIVILEGED_UID) != 0) {
-        DLOG(ERROR) << "FAILED TO setuid() CHILD PROCESS, path: " << argv_cstr[0];
-        _exit(127);
-      }
-      if (chdir("/") != 0)
-        gProcessLog.print("==> could not chdir()\n");
-    }
-
 #ifdef HAVE_PR_DUPLICATE_ENVIRONMENT
     execve(argv_cstr[0], argv_cstr.get(), envp);
 #else
     for (environment_map::const_iterator it = env_vars_to_set.begin();
          it != env_vars_to_set.end(); ++it) {
       if (setenv(it->first.c_str(), it->second.c_str(), 1/*overwrite*/))
         _exit(127);
     }
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@@ -46,26 +46,16 @@ using mozilla::ipc::GeckoChildProcessHos
 
 #ifdef ANDROID
 // Like its predecessor in nsExceptionHandler.cpp, this is
 // the magic number of a file descriptor remapping we must
 // preserve for the child process.
 static const int kMagicAndroidSystemPropFd = 5;
 #endif
 
-static const bool kLowRightsSubprocesses =
-  // We currently only attempt to drop privileges on gonk, because we
-  // have no plugins or extensions to worry about breaking.
-#ifdef MOZ_WIDGET_GONK
-  true
-#else
-  false
-#endif
-  ;
-
 static bool
 ShouldHaveDirectoryService()
 {
   return GeckoProcessType_Default == XRE_GetProcessType();
 }
 
 template<>
 struct RunnableMethodTraits<GeckoChildProcessHost>
@@ -419,19 +409,16 @@ GeckoChildProcessHost::PerformAsyncLaunc
   // For POSIX, we have to be extremely anal about *not* using
   // std::wstring in code compiled with Mozilla's -fshort-wchar
   // configuration, because chromium is compiled with -fno-short-wchar
   // and passing wstrings from one config to the other is unsafe.  So
   // we split the logic here.
 
 #if defined(OS_LINUX) || defined(OS_MACOSX)
   base::environment_map newEnvVars;
-  base::ChildPrivileges privs = kLowRightsSubprocesses ?
-                                base::UNPRIVILEGED :
-                                base::SAME_PRIVILEGES_AS_PARENT;
   // XPCOM may not be initialized in some subprocesses.  We don't want
   // to initialize XPCOM just for the directory service, especially
   // since LD_LIBRARY_PATH is already set correctly in subprocesses
   // (meaning that we don't need to set that up in the environment).
   if (ShouldHaveDirectoryService()) {
     nsCOMPtr<nsIProperties> directoryService(do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID));
     NS_ASSERTION(directoryService, "Expected XPCOM to be available");
     if (directoryService) {
@@ -587,17 +574,17 @@ GeckoChildProcessHost::PerformAsyncLaunc
   childArgv.push_back(childProcessType);
 
 #ifdef MOZ_WIDGET_ANDROID
   childArgv.push_back(cacheStr.get());
 #endif
 
   base::LaunchApp(childArgv, mFileMap,
 #if defined(OS_LINUX) || defined(OS_MACOSX)
-                  newEnvVars, privs,
+                  newEnvVars,
 #endif
                   false, &process, arch);
 
 #ifdef MOZ_WIDGET_COCOA
   // Wait for the child process to send us its 'task_t' data.
   const int kTimeoutMs = 10000;
 
   MachReceiveMessage child_message;