Browse Source

Remove GMP sandbox code.

pull/1/head
wolfbeast 4 years ago committed by Roy Tam
parent
commit
aa9ae963f6
  1. 131
      dom/media/gmp/GMPChild.cpp
  2. 4
      dom/media/gmp/GMPChild.h
  3. 13
      dom/media/gmp/GMPLoader.cpp
  4. 17
      dom/media/gmp/GMPLoader.h
  5. 11
      dom/media/gmp/GMPParent.cpp
  6. 11
      dom/media/gmp/GMPService.cpp
  7. 12
      dom/media/gmp/GMPServiceParent.cpp
  8. 48
      ipc/contentproc/plugin-container.cpp
  9. 7
      modules/libpref/init/all.js
  10. 37
      old-configure.in
  11. 56
      security/sandbox/linux/Sandbox.cpp
  12. 7
      security/sandbox/linux/Sandbox.h
  13. 129
      security/sandbox/linux/SandboxFilter.cpp
  14. 9
      security/sandbox/linux/SandboxFilter.h
  15. 5
      security/sandbox/linux/SandboxInfo.cpp

131
dom/media/gmp/GMPChild.cpp

@ -36,12 +36,6 @@ static const int MAX_VOUCHER_LENGTH = 500000;
#include <unistd.h> // for _exit()
#endif
#if defined(MOZ_GMP_SANDBOX)
#if defined(XP_MACOSX)
#include "mozilla/Sandbox.h"
#endif
#endif
namespace mozilla {
#undef LOG
@ -131,7 +125,6 @@ GetPluginFile(const nsAString& aPluginPath,
return true;
}
#if !defined(XP_MACOSX) || !defined(MOZ_GMP_SANDBOX)
static bool
GetPluginFile(const nsAString& aPluginPath,
nsCOMPtr<nsIFile>& aLibFile)
@ -139,110 +132,6 @@ GetPluginFile(const nsAString& aPluginPath,
nsCOMPtr<nsIFile> unusedlibDir;
return GetPluginFile(aPluginPath, unusedlibDir, aLibFile);
}
#endif
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
static nsCString
GetNativeTarget(nsIFile* aFile)
{
bool isLink;
nsCString path;
aFile->IsSymlink(&isLink);
if (isLink) {
aFile->GetNativeTarget(path);
} else {
aFile->GetNativePath(path);
}
return path;
}
static bool
GetPluginPaths(const nsAString& aPluginPath,
nsCString &aPluginDirectoryPath,
nsCString &aPluginFilePath)
{
nsCOMPtr<nsIFile> libDirectory, libFile;
if (!GetPluginFile(aPluginPath, libDirectory, libFile)) {
return false;
}
// Mac sandbox rules expect paths to actual files and directories -- not
// soft links.
libDirectory->Normalize();
aPluginDirectoryPath = GetNativeTarget(libDirectory);
libFile->Normalize();
aPluginFilePath = GetNativeTarget(libFile);
return true;
}
static bool
GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath)
{
nsAutoCString appPath;
nsAutoCString appBinaryPath(
(CommandLine::ForCurrentProcess()->argv()[0]).c_str());
nsAutoCString::const_iterator start, end;
appBinaryPath.BeginReading(start);
appBinaryPath.EndReading(end);
if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) {
end = start;
++end; ++end; ++end; ++end;
appBinaryPath.BeginReading(start);
appPath.Assign(Substring(start, end));
} else {
return false;
}
nsCOMPtr<nsIFile> app, appBinary;
nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath),
true, getter_AddRefs(app));
if (NS_FAILED(rv)) {
return false;
}
rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath),
true, getter_AddRefs(appBinary));
if (NS_FAILED(rv)) {
return false;
}
// Mac sandbox rules expect paths to actual files and directories -- not
// soft links.
aAppPath = GetNativeTarget(app);
appBinaryPath = GetNativeTarget(appBinary);
return true;
}
bool
GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType)
{
if (!mGMPLoader) {
return false;
}
nsAutoCString pluginDirectoryPath, pluginFilePath;
if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
return false;
}
nsAutoCString appPath, appBinaryPath;
if (!GetAppPaths(appPath, appBinaryPath)) {
return false;
}
MacSandboxInfo info;
info.type = MacSandboxType_Plugin;
info.pluginInfo.type = aPluginType;
info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
info.appPath.assign(appPath.get());
info.appBinaryPath.assign(appBinaryPath.get());
mGMPLoader->SetSandboxInfo(&info);
return true;
}
#endif // XP_MACOSX && MOZ_GMP_SANDBOX
bool
GMPChild::Init(const nsAString& aPluginPath,
@ -324,14 +213,6 @@ GMPChild::RecvPreloadLibs(const nsCString& aLibs)
bool
GMPChild::GetUTF8LibPath(nsACString& aOutLibPath)
{
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
nsAutoCString pluginDirectoryPath, pluginFilePath;
if (!GetPluginPaths(mPluginPath, pluginDirectoryPath, pluginFilePath)) {
MOZ_CRASH("Error scanning plugin path");
}
aOutLibPath.Assign(pluginFilePath);
return true;
#else
nsCOMPtr<nsIFile> libFile;
if (!GetPluginFile(mPluginPath, libFile)) {
return false;
@ -347,7 +228,6 @@ GMPChild::GetUTF8LibPath(nsACString& aOutLibPath)
aOutLibPath = NS_ConvertUTF16toUTF8(path);
return true;
#endif
}
bool
@ -377,17 +257,6 @@ GMPChild::AnswerStartPlugin(const nsString& aAdapter)
}
bool isWidevine = aAdapter.EqualsLiteral("widevine");
#if defined(MOZ_GMP_SANDBOX) && defined(XP_MACOSX)
MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
if (isWidevine) {
pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;
}
if (!SetMacSandboxInfo(pluginType)) {
NS_WARNING("Failed to set Mac GMP sandbox info");
delete platformAPI;
return false;
}
#endif
GMPAdapter* adapter = (isWidevine) ? new WidevineAdapter() : nullptr;
if (!mGMPLoader->Load(libPath.get(),

4
dom/media/gmp/GMPChild.h

@ -40,10 +40,6 @@ public:
// GMPAsyncShutdownHost
void ShutdownComplete() override;
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
#endif
private:
friend class GMPContentChild;

13
dom/media/gmp/GMPLoader.cpp

@ -44,10 +44,6 @@ public:
void Shutdown() override;
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) override;
#endif
private:
SandboxStarter* mSandboxStarter;
UniquePtr<GMPAdapter> mAdapter;
@ -208,15 +204,6 @@ GMPLoaderImpl::Shutdown()
}
}
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
void
GMPLoaderImpl::SetSandboxInfo(MacSandboxInfo* aSandboxInfo)
{
if (mSandboxStarter) {
mSandboxStarter->SetSandboxInfo(aSandboxInfo);
}
}
#endif
} // namespace gmp
} // namespace mozilla

17
dom/media/gmp/GMPLoader.h

@ -12,10 +12,6 @@
#include "gmp-entrypoints.h"
#include "mozilla/UniquePtr.h"
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
#include "mozilla/Sandbox.h"
#endif
namespace mozilla {
namespace gmp {
@ -23,12 +19,6 @@ class SandboxStarter {
public:
virtual ~SandboxStarter() {}
virtual bool Start(const char* aLibPath) = 0;
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
// On OS X we need to set Mac-specific sandbox info just before we start the
// sandbox, which we don't yet know when the GMPLoader and SandboxStarter
// objects are created.
virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0;
#endif
};
// Interface that adapts a plugin to the GMP API.
@ -94,13 +84,6 @@ public:
// Calls the GMPShutdown function exported by the GMP lib, and unloads the
// plugin library.
virtual void Shutdown() = 0;
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
// On OS X we need to set Mac-specific sandbox info just before we start the
// sandbox, which we don't yet know when the GMPLoader and SandboxStarter
// objects are created.
virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) = 0;
#endif
};
// On Desktop, this function resides in plugin-container.

11
dom/media/gmp/GMPParent.cpp

@ -18,9 +18,6 @@
#include "nsIObserverService.h"
#include "GMPTimerParent.h"
#include "runnable_utils.h"
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
#include "mozilla/SandboxInfo.h"
#endif
#include "GMPContentParent.h"
#include "MediaPrefs.h"
#include "VideoUtils.h"
@ -749,14 +746,6 @@ GMPParent::ReadGMPInfoFile(nsIFile* aFile)
if (cap.mAPIName.EqualsLiteral(GMP_API_DECRYPTOR)) {
mCanDecrypt = true;
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
if (!mozilla::SandboxInfo::Get().CanSandboxMedia()) {
printf_stderr("GMPParent::ReadGMPMetaData: Plugin \"%s\" is an EME CDM"
" but this system can't sandbox it; not loading.\n",
mDisplayName.get());
return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
}
#endif
#ifdef XP_WIN
// Adobe GMP doesn't work without SSE2. Check the tags to see if
// the decryptor is for the Adobe GMP, and refuse to load it if

11
dom/media/gmp/GMPService.cpp

@ -25,9 +25,6 @@
#include "nsComponentManagerUtils.h"
#include "runnable_utils.h"
#include "VideoUtils.h"
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
#include "mozilla/SandboxInfo.h"
#endif
#include "nsAppDirectoryServiceDefs.h"
#include "nsDirectoryServiceUtils.h"
#include "nsDirectoryServiceDefs.h"
@ -485,14 +482,6 @@ GeckoMediaPluginService::GetGMPDecryptor(GMPCrashHelper* aHelper,
const nsACString& aNodeId,
UniquePtr<GetGMPDecryptorCallback>&& aCallback)
{
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
if (!SandboxInfo::Get().CanSandboxMedia()) {
NS_WARNING("GeckoMediaPluginService::GetGMPDecryptor: "
"EME decryption not available without sandboxing support.");
return NS_ERROR_NOT_AVAILABLE;
}
#endif
MOZ_ASSERT(NS_GetCurrentThread() == mGMPThread);
NS_ENSURE_ARG(aTags && aTags->Length() > 0);
NS_ENSURE_ARG(aCallback);

12
dom/media/gmp/GMPServiceParent.cpp

@ -27,9 +27,6 @@
#include "nsComponentManagerUtils.h"
#include "runnable_utils.h"
#include "VideoUtils.h"
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
#include "mozilla/SandboxInfo.h"
#endif
#include "nsAppDirectoryServiceDefs.h"
#include "nsDirectoryServiceUtils.h"
#include "nsDirectoryServiceDefs.h"
@ -960,15 +957,6 @@ GeckoMediaPluginServiceParent::SelectPluginForAPI(const nsACString& aNodeId,
RefPtr<GMPParent>
CreateGMPParent()
{
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
if (!SandboxInfo::Get().CanSandboxMedia()) {
if (!MediaPrefs::GMPAllowInsecure()) {
NS_WARNING("Denying media plugin load due to lack of sandboxing.");
return nullptr;
}
NS_WARNING("Loading media plugin despite lack of sandboxing.");
}
#endif
return new GMPParent();
}

48
ipc/contentproc/plugin-container.cpp

@ -27,11 +27,6 @@
#include "mozilla/sandboxing/sandboxLogging.h"
#endif
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
#include "mozilla/Sandbox.h"
#include "mozilla/SandboxInfo.h"
#endif
#ifdef MOZ_WIDGET_GONK
# include <sys/time.h>
# include <sys/resource.h>
@ -79,54 +74,11 @@ public:
};
#endif
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter {
LinuxSandboxStarter() { }
public:
static SandboxStarter* Make() {
if (mozilla::SandboxInfo::Get().CanSandboxMedia()) {
return new LinuxSandboxStarter();
} else {
// Sandboxing isn't possible, but the parent has already
// checked that this plugin doesn't require it. (Bug 1074561)
return nullptr;
}
}
virtual bool Start(const char *aLibPath) override {
mozilla::SetMediaPluginSandbox(aLibPath);
return true;
}
};
#endif
#if defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
class MacSandboxStarter : public mozilla::gmp::SandboxStarter {
public:
virtual bool Start(const char *aLibPath) override {
std::string err;
bool rv = mozilla::StartMacSandbox(mInfo, err);
if (!rv) {
fprintf(stderr, "sandbox_init() failed! Error \"%s\"\n", err.c_str());
}
return rv;
}
virtual void SetSandboxInfo(MacSandboxInfo* aSandboxInfo) override {
mInfo = *aSandboxInfo;
}
private:
MacSandboxInfo mInfo;
};
#endif
mozilla::gmp::SandboxStarter*
MakeSandboxStarter()
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
return new WinSandboxStarter();
#elif defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
return LinuxSandboxStarter::Make();
#elif defined(XP_MACOSX) && defined(MOZ_GMP_SANDBOX)
return new MacSandboxStarter();
#else
return nullptr;
#endif

7
modules/libpref/init/all.js

@ -5440,13 +5440,6 @@ pref("narrate.voice", " { \"default\": \"automatic\" }");
// Only make voices that match content language available.
pref("narrate.filter-voices", true);
#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
// Whether to allow, on a Linux system that doesn't support the necessary sandboxing
// features, loading Gecko Media Plugins unsandboxed. However, EME CDMs will not be
// loaded without sandboxing even if this pref is changed.
pref("media.gmp.insecure.allow", false);
#endif
pref("dom.audiochannel.mutedByDefault", false);
// Enable <details> and <summary> tags.

37
old-configure.in

@ -2311,7 +2311,6 @@ MOZ_INSTALL_TRACKING=
ACCESSIBILITY=1
MOZ_TIME_MANAGER=
MOZ_AUDIO_CHANNEL_MANAGER=
MOZ_GMP_SANDBOX=
MOZ_SANDBOX=
MOZ_BINARY_EXTENSIONS=
MOZ_JETPACK=1
@ -3942,42 +3941,6 @@ if test -n "$MOZ_TSAN" -o -n "$MOZ_ASAN"; then
esac
fi
dnl ========================================================
dnl = Gecko Media Plugin sandboxing
dnl ========================================================
case $OS_TARGET in
WINNT)
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
;;
Linux)
case $CPU_ARCH in
x86_64|x86)
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
;;
esac
;;
Darwin)
MOZ_GMP_SANDBOX=$MOZ_SANDBOX
;;
esac
if test -n "$MOZ_GMP_SANDBOX"; then
AC_DEFINE(MOZ_GMP_SANDBOX)
fi
AC_SUBST(MOZ_GMP_SANDBOX)
if test -z "$MOZ_GMP_SANDBOX"; then
MOZ_SANDBOX=
fi
if test -n "$MOZ_SANDBOX"; then
AC_DEFINE(MOZ_SANDBOX)
fi
AC_SUBST(MOZ_SANDBOX)
dnl ========================================================
dnl =
dnl = Module specific options

56
security/sandbox/linux/Sandbox.cpp

@ -76,13 +76,6 @@ namespace mozilla {
// This is initialized by SandboxSetCrashFunc().
SandboxCrashFunc gSandboxCrashFunc;
#ifdef MOZ_GMP_SANDBOX
// For media plugins, we can start the sandbox before we dlopen the
// module, so we have to pre-open the file and simulate the sandboxed
// open().
static SandboxOpenedFile gMediaPluginFile;
#endif
static UniquePtr<SandboxChroot> gChrootHelper;
static void (*gChromiumSigSysHandler)(int, siginfo_t*, void*);
@ -525,19 +518,6 @@ SandboxEarlyInit(GeckoProcessType aType)
case GeckoProcessType_Default:
MOZ_ASSERT(false, "SandboxEarlyInit in parent process");
return;
#ifdef MOZ_GMP_SANDBOX
case GeckoProcessType_GMPlugin:
if (!info.Test(SandboxInfo::kEnabledForMedia)) {
break;
}
canUnshareNet = true;
canUnshareIPC = true;
// Need seccomp-bpf to intercept open().
canChroot = info.Test(SandboxInfo::kHasSeccompBPF);
break;
#endif
// In the future, content processes will be able to use some of
// these.
default:
// Other cases intentionally left blank.
break;
@ -626,40 +606,4 @@ SandboxEarlyInit(GeckoProcessType aType)
}
}
#ifdef MOZ_GMP_SANDBOX
/**
* Starts the seccomp sandbox for a media plugin process. Should be
* called only once, and before any potentially harmful content is
* loaded -- including the plugin itself, if it's considered untrusted.
*
* The file indicated by aFilePath, if non-null, can be open()ed
* read-only, once, after the sandbox starts; it should be the .so
* file implementing the not-yet-loaded plugin.
*
* Will normally make the process exit on failure.
*/
void
SetMediaPluginSandbox(const char *aFilePath)
{
if (!SandboxInfo::Get().Test(SandboxInfo::kEnabledForMedia)) {
return;
}
MOZ_ASSERT(!gMediaPluginFile.mPath);
if (aFilePath) {
gMediaPluginFile.mPath = strdup(aFilePath);
gMediaPluginFile.mFd = open(aFilePath, O_RDONLY | O_CLOEXEC);
if (gMediaPluginFile.mFd == -1) {
SANDBOX_LOG_ERROR("failed to open plugin file %s: %s",
aFilePath, strerror(errno));
MOZ_CRASH();
}
} else {
gMediaPluginFile.mFd = -1;
}
// Finally, start the sandbox.
SetCurrentProcessSandbox(GetMediaSandboxPolicy(&gMediaPluginFile));
}
#endif // MOZ_GMP_SANDBOX
} // namespace mozilla

7
security/sandbox/linux/Sandbox.h

@ -19,13 +19,6 @@ namespace mozilla {
// This must be called early, while the process is still single-threaded.
MOZ_EXPORT void SandboxEarlyInit(GeckoProcessType aType);
#ifdef MOZ_GMP_SANDBOX
// Call only if SandboxInfo::CanSandboxMedia() returns true.
// (No-op if MOZ_DISABLE_GMP_SANDBOX is set.)
// aFilePath is the path to the plugin file.
MOZ_EXPORT void SetMediaPluginSandbox(const char *aFilePath);
#endif
} // namespace mozilla
#endif // mozilla_Sandbox_h

129
security/sandbox/linux/SandboxFilter.cpp

@ -340,133 +340,4 @@ public:
// The process-type-specific syscall rules start here:
#ifdef MOZ_GMP_SANDBOX
// Unlike for content, the GeckoMediaPlugin seccomp-bpf policy needs
// to be an effective sandbox by itself, because we allow GMP on Linux
// systems where that's the only sandboxing mechanism we can use.
//
// Be especially careful about what this policy allows.
class GMPSandboxPolicy : public SandboxPolicyCommon {
static intptr_t OpenTrap(const sandbox::arch_seccomp_data& aArgs,
void* aux)
{
auto plugin = static_cast<SandboxOpenedFile*>(aux);
const char* path;
int flags;
switch (aArgs.nr) {
#ifdef __NR_open
case __NR_open:
path = reinterpret_cast<const char*>(aArgs.args[0]);
flags = static_cast<int>(aArgs.args[1]);
break;
#endif
case __NR_openat:
// The path has to be absolute to match the pre-opened file (see
// assertion in ctor) so the dirfd argument is ignored.
path = reinterpret_cast<const char*>(aArgs.args[1]);
flags = static_cast<int>(aArgs.args[2]);
break;
default:
MOZ_CRASH("unexpected syscall number");
}
if (strcmp(path, plugin->mPath) != 0) {
SANDBOX_LOG_ERROR("attempt to open file %s (flags=0%o) which is not the"
" media plugin %s", path, flags, plugin->mPath);
return -EPERM;
}
if ((flags & O_ACCMODE) != O_RDONLY) {
SANDBOX_LOG_ERROR("non-read-only open of file %s attempted (flags=0%o)",
path, flags);
return -EPERM;
}
int fd = plugin->mFd.exchange(-1);
if (fd < 0) {
SANDBOX_LOG_ERROR("multiple opens of media plugin file unimplemented");
return -ENOSYS;
}
return fd;
}
static intptr_t SchedTrap(const sandbox::arch_seccomp_data& aArgs,
void* aux)
{
const pid_t tid = syscall(__NR_gettid);
if (aArgs.args[0] == static_cast<uint64_t>(tid)) {
return syscall(aArgs.nr,
0,
aArgs.args[1],
aArgs.args[2],
aArgs.args[3],
aArgs.args[4],
aArgs.args[5]);
}
SANDBOX_LOG_ERROR("unsupported tid in SchedTrap");
return BlockedSyscallTrap(aArgs, nullptr);
}
SandboxOpenedFile* mPlugin;
public:
explicit GMPSandboxPolicy(SandboxOpenedFile* aPlugin)
: mPlugin(aPlugin)
{
MOZ_ASSERT(aPlugin->mPath[0] == '/', "plugin path should be absolute");
}
virtual ~GMPSandboxPolicy() { }
virtual ResultExpr EvaluateSyscall(int sysno) const override {
switch (sysno) {
// Simulate opening the plugin file.
#ifdef __NR_open
case __NR_open:
#endif
case __NR_openat:
return Trap(OpenTrap, mPlugin);
// ipc::Shmem
case __NR_mprotect:
return Allow();
case __NR_madvise: {
Arg<int> advice(2);
return If(advice == MADV_DONTNEED, Allow())
.ElseIf(advice == MADV_FREE, Allow())
#ifdef MOZ_ASAN
.ElseIf(advice == MADV_NOHUGEPAGE, Allow())
.ElseIf(advice == MADV_DONTDUMP, Allow())
#endif
.Else(InvalidSyscall());
}
case __NR_brk:
CASES_FOR_geteuid:
return Allow();
case __NR_sched_getparam:
case __NR_sched_getscheduler:
case __NR_sched_get_priority_min:
case __NR_sched_get_priority_max:
case __NR_sched_setscheduler: {
Arg<pid_t> pid(0);
return If(pid == 0, Allow())
.Else(Trap(SchedTrap, nullptr));
}
// For clock(3) on older glibcs; bug 1304220.
case __NR_times:
return Allow();
default:
return SandboxPolicyCommon::EvaluateSyscall(sysno);
}
}
};
UniquePtr<sandbox::bpf_dsl::Policy>
GetMediaSandboxPolicy(SandboxOpenedFile* aPlugin)
{
return UniquePtr<sandbox::bpf_dsl::Policy>(new GMPSandboxPolicy(aPlugin));
}
#endif // MOZ_GMP_SANDBOX
}

9
security/sandbox/linux/SandboxFilter.h

@ -18,15 +18,6 @@ class Policy;
namespace mozilla {
#ifdef MOZ_GMP_SANDBOX
struct SandboxOpenedFile {
const char *mPath;
Atomic<int> mFd;
};
UniquePtr<sandbox::bpf_dsl::Policy> GetMediaSandboxPolicy(SandboxOpenedFile* aPlugin);
#endif
} // namespace mozilla
#endif

5
security/sandbox/linux/SandboxInfo.cpp

@ -225,11 +225,6 @@ SandboxInfo::SandboxInfo() {
}
}
#ifdef MOZ_GMP_SANDBOX
if (!getenv("MOZ_DISABLE_GMP_SANDBOX")) {
flags |= kEnabledForMedia;
}
#endif
if (getenv("MOZ_SANDBOX_VERBOSE")) {
flags |= kVerbose;
}

Loading…
Cancel
Save