Bug 1313808 - Part 1: Move LinuxSandboxStarter back into libxul. r=tedd r=glandium r=cpearce
MozReview-Commit-ID: FAReOZX7Rvn
--- a/dom/media/gmp/moz.build
+++ b/dom/media/gmp/moz.build
@@ -69,19 +69,19 @@ EXPORTS += [
'GMPVideoEncoderChild.h',
'GMPVideoEncoderParent.h',
'GMPVideoEncoderProxy.h',
'GMPVideoHost.h',
'GMPVideoi420FrameImpl.h',
'GMPVideoPlaneImpl.h',
]
-# We link GMPLoader into xul on B2G/Fennec as its code does not need to be
-# covered by a DRM vendor's voucher.
-if CONFIG['OS_TARGET'] == 'Android':
+# We link GMPLoader into xul on Android and Linux as its code does not
+# need to be covered by a DRM vendor's voucher.
+if CONFIG['OS_ARCH'] == 'Linux':
SOURCES += [
'GMPLoader.cpp',
]
USE_LIBS += [
'rlz',
]
UNIFIED_SOURCES += [
--- a/ipc/app/moz.build
+++ b/ipc/app/moz.build
@@ -24,17 +24,17 @@ include('/ipc/chromium/chromium-config.m
LOCAL_INCLUDES += [
'/toolkit/xre',
'/xpcom/base',
]
# We link GMPLoader into plugin-container on desktop so that its code is
# covered by the desktop DRM vendor's voucher.
-if CONFIG['OS_TARGET'] != 'Android':
+if CONFIG['OS_ARCH'] != 'Linux':
SOURCES += [
'../../dom/media/gmp/GMPLoader.cpp',
]
USE_LIBS += [
'rlz',
]
# DELAYLOAD_DLLS in this block ensures that the DLL blocklist is functional
--- a/ipc/contentproc/plugin-container.cpp
+++ b/ipc/contentproc/plugin-container.cpp
@@ -78,36 +78,16 @@ public:
if (IsSandboxedProcess()) {
mozilla::sandboxing::LowerSandbox();
}
return true;
}
};
#endif
-#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
-class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter {
- LinuxSandboxStarter() { }
-public:
- static SandboxStarter* Make() {
- if (mozilla::SandboxInfo::Get().CanSandboxMedia()) {
- return new LinuxSandboxStarter();
- } else {
- // Sandboxing isn't possible, but the parent has already
- // checked that this plugin doesn't require it. (Bug 1074561)
- return nullptr;
- }
- }
- virtual bool Start(const char *aLibPath) override {
- mozilla::SetMediaPluginSandbox(aLibPath);
- return true;
- }
-};
-#endif
-
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
class MacSandboxStarter : public mozilla::gmp::SandboxStarter {
public:
virtual bool Start(const char *aLibPath) override {
std::string err;
bool rv = mozilla::StartMacSandbox(mInfo, err);
if (!rv) {
fprintf(stderr, "sandbox_init() failed! Error \"%s\"\n", err.c_str());
@@ -122,18 +102,16 @@ private:
};
#endif
mozilla::gmp::SandboxStarter*
MakeSandboxStarter()
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
return new WinSandboxStarter();
-#elif defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
- return LinuxSandboxStarter::Make();
#elif defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
return new MacSandboxStarter();
#else
return nullptr;
#endif
}
int
@@ -181,18 +159,18 @@ content_process_main(int argc, char* arg
// For plugins, this is done in PluginProcessChild::Init, as we need to
// avoid it for unsupported plugins. See PluginProcessChild::Init for
// the details.
if (XRE_GetProcessType() != GeckoProcessType_Plugin) {
mozilla::SanitizeEnvironmentVariables();
SetDllDirectoryW(L"");
}
#endif
-#if !defined(MOZ_WIDGET_ANDROID) && !defined(MOZ_WIDGET_GONK) && defined(MOZ_PLUGIN_CONTAINER)
- // On desktop, the GMPLoader lives in plugin-container, so that its
+#if !defined(XP_LINUX) && defined(MOZ_PLUGIN_CONTAINER)
+ // On Windows and MacOS, the GMPLoader lives in plugin-container, so that its
// code can be covered by an EME/GMP vendor's voucher.
nsAutoPtr<mozilla::gmp::SandboxStarter> starter(MakeSandboxStarter());
if (XRE_GetProcessType() == GeckoProcessType_GMPlugin) {
childData.gmpLoader = mozilla::gmp::CreateGMPLoader(starter);
}
#endif
nsresult rv = XRE_InitChildProcess(argc, argv, &childData);
NS_ENSURE_SUCCESS(rv, 1);
--- a/toolkit/xre/moz.build
+++ b/toolkit/xre/moz.build
@@ -149,16 +149,21 @@ LOCAL_INCLUDES += [
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
+if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'Linux':
+ USE_LIBS += [
+ 'mozsandbox',
+ ]
+
if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'cocoa':
LOCAL_INCLUDES += [
'/widget',
'/widget/cocoa',
]
if CONFIG['MOZ_ENABLE_XREMOTE']:
LOCAL_INCLUDES += [
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -81,16 +81,21 @@
#include "mozilla/sandboxTarget.h"
#include "mozilla/sandboxing/loggingCallbacks.h"
#endif
#if defined(MOZ_CONTENT_SANDBOX) && !defined(MOZ_WIDGET_GONK)
#include "mozilla/Preferences.h"
#endif
+#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#include "mozilla/Sandbox.h"
+#include "mozilla/SandboxInfo.h"
+#endif
+
#ifdef MOZ_IPDL_TESTS
#include "mozilla/_ipdltest/IPDLUnitTests.h"
#include "mozilla/_ipdltest/IPDLUnitTestProcessChild.h"
using mozilla::_ipdltest::IPDLUnitTestProcessChild;
#endif // ifdef MOZ_IPDL_TESTS
#ifdef MOZ_JPROF
@@ -318,41 +323,72 @@ AddContentSandboxLevelAnnotation()
levelString.AppendInt(level);
CrashReporter::AnnotateCrashReport(
NS_LITERAL_CSTRING("ContentSandboxLevel"), levelString);
}
}
#endif /* MOZ_CONTENT_SANDBOX && !MOZ_WIDGET_GONK */
#endif /* MOZ_CRASHREPORTER */
+#if defined (XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+namespace {
+class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter {
+ LinuxSandboxStarter() { }
+public:
+ static SandboxStarter* Make() {
+ if (mozilla::SandboxInfo::Get().CanSandboxMedia()) {
+ return new LinuxSandboxStarter();
+ } else {
+ // Sandboxing isn't possible, but the parent has already
+ // checked that this plugin doesn't require it. (Bug 1074561)
+ return nullptr;
+ }
+ return nullptr;
+ }
+ virtual bool Start(const char *aLibPath) override {
+ mozilla::SetMediaPluginSandbox(aLibPath);
+ return true;
+ }
+};
+} // anonymous namespace
+#endif // XP_LINUX && MOZ_GMP_SANDBOX
+
nsresult
XRE_InitChildProcess(int aArgc,
char* aArgv[],
const XREChildData* aChildData)
{
NS_ENSURE_ARG_MIN(aArgc, 2);
NS_ENSURE_ARG_POINTER(aArgv);
NS_ENSURE_ARG_POINTER(aArgv[0]);
MOZ_ASSERT(aChildData);
#ifdef MOZ_JPROF
// Call the code to install our handler
setupProfilingStuff();
#endif
-#if !defined(MOZ_WIDGET_ANDROID) && !defined(MOZ_WIDGET_GONK)
- // On non-Fennec Gecko, the GMPLoader code resides in plugin-container,
- // and we must forward it through to the GMP code here.
- GMPProcessChild::SetGMPLoader(aChildData->gmpLoader.get());
-#else
+#ifdef XP_LINUX
// On Fennec, the GMPLoader's code resides inside XUL (because for the time
// being GMPLoader relies upon NSPR, which we can't use in plugin-container
// on Android), so we create it here inside XUL and pass it to the GMP code.
- UniquePtr<GMPLoader> loader = CreateGMPLoader(nullptr);
+ //
+ // On desktop Linux, the sandbox code lives in a shared library, and
+ // the GMPLoader is in libxul instead of executables to avoid unwanted
+ // library dependencies.
+ mozilla::gmp::SandboxStarter* starter = nullptr;
+#ifdef MOZ_GMP_SANDBOX
+ starter = LinuxSandboxStarter::Make();
+#endif
+ UniquePtr<GMPLoader> loader = CreateGMPLoader(starter);
GMPProcessChild::SetGMPLoader(loader.get());
+#else
+ // On non-Linux platforms, the GMPLoader code resides in plugin-container,
+ // and we must forward it through to the GMP code here.
+ GMPProcessChild::SetGMPLoader(aChildData->gmpLoader.get());
#endif
#if defined(XP_WIN)
// From the --attach-console support in nsNativeAppSupportWin.cpp, but
// here we are a content child process, so we always attempt to attach
// to the parent's (ie, the browser's) console.
// Try to attach console to the parent process.
// It will succeed when the parent process is a command line,