KotJohansson
/
UXP
mirror of https://github.com/roytam1/UXP
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove sandbox ductwork conditional code.

pull/1/head
wolfbeast 4 years ago committed by Roy Tam
parent
aa9ae963f6
commit
c8462db202
44 changed files with 5 additions and 916 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 25
      application/palemoon/app/nsBrowserApp.cpp
  2. 15
      application/palemoon/installer/package-manifest.in
  3. 16
      browser/app/moz.build
  4. 26
      browser/app/nsBrowserApp.cpp
  5. 26
      browser/app/profile/firefox.js
  6. 15
      browser/installer/package-manifest.in
  7. 1
      build/directive4.py
  8. 6
      dom/ipc/moz.build
  9. 34
      dom/media/gmp/GMPProcessParent.cpp
  10. 8
      dom/media/gmp/rlz/GMPDeviceBinding.cpp
  11. 7
      dom/media/gmp/rlz/moz.build
  12. 19
      dom/plugins/base/nsPluginTags.cpp
  13. 10
      dom/plugins/ipc/PluginProcessChild.cpp
  14. 85
      dom/plugins/ipc/PluginProcessParent.cpp
  15. 6
      dom/plugins/ipc/moz.build
  16. 37
      ipc/app/moz.build
  17. 11
      ipc/app/pie/moz.build
  18. 5
      ipc/contentproc/moz.build
  19. 40
      ipc/contentproc/plugin-container.cpp
  20. 217
      ipc/glue/GeckoChildProcessHost.cpp
  21. 13
      ipc/glue/GeckoChildProcessHost.h
  22. 16
      ipc/glue/ProtocolUtils.cpp
  23. 7
      ipc/glue/moz.build
  24. 16
      js/xpconnect/shell/moz.build
  25. 7
      js/xpconnect/shell/xpcshell.cpp
  26. 13
      js/xpconnect/src/XPCShellImpl.cpp
  27. 5
      mobile/android/installer/package-manifest.in
  28. 20
      old-configure.in
  29. 2
      security/sandbox/chromium/base/time/time.cc
  30. 4
      security/sandbox/chromium/base/time/time.h
  31. 21
      toolkit/content/aboutSupport.js
  32. 14
      toolkit/content/aboutSupport.xhtml
  33. 2
      toolkit/locales/en-US/chrome/global/aboutSupport.dtd
  34. 7
      toolkit/modules/AppConstants.jsm
  35. 20
      toolkit/modules/Troubleshoot.jsm
  36. 6
      toolkit/toolkit.mozbuild
  37. 6
      toolkit/xre/moz.build
  38. 42
      toolkit/xre/nsAppRunner.cpp
  39. 16
      toolkit/xre/nsEmbedFunctions.cpp
  40. 27
      xpcom/base/nsSystemInfo.cpp
  41. 19
      xpcom/build/XREChildData.h
  42. 12
      xpcom/build/XREShellData.h
  43. 13
      xpcom/build/nsXREAppData.h
  44. 4
      xpcom/glue/AppData.cpp

25
application/palemoon/app/nsBrowserApp.cpp
Unescape View File

@ -31,9 +31,6 @@
#endif
#define XRE_WANT_ENVIRON
#define strcasecmp _stricmp
#ifdef MOZ_SANDBOX
#include "mozilla/sandboxing/SandboxInitialization.h"
#endif
#endif
#include "BinaryPath.h"
@ -43,8 +40,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/WindowsDllBlocklist.h"
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \
&& !(defined(XP_LINUX) && defined(MOZ_SANDBOX))
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID)
#define MOZ_BROWSER_CAN_BE_CONTENTPROC
#include "../../ipc/contentproc/plugin-container.cpp"
#endif
@ -207,10 +203,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
}
XREShellData shellData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
shellData.sandboxBrokerServices =
sandboxing::GetInitializedBrokerServices();
#endif
return XRE_XPCShellMain(--argc, argv, envp, &shellData);
}
@ -262,12 +254,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0;
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
sandbox::BrokerServices* brokerServices =
sandboxing::GetInitializedBrokerServices();
appData.sandboxBrokerServices = brokerServices;
#endif
#ifdef LIBFUZZER
if (getenv("LIBFUZZER"))
XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main);
@ -369,15 +355,6 @@ int main(int argc, char* argv[], char* envp[])
// We are launching as a content process, delegate to the appropriate
// main
if (argc > 1 && IsArg(argv[1], "contentproc")) {
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
// We need to initialize the sandbox TargetServices before InitXPCOMGlue
// because we might need the sandbox broker to give access to some files.
if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) {
Output("Failed to initialize the sandbox target services.");
return 255;
}
#endif
nsresult rv = InitXPCOMGlue(argv[0], nullptr);
if (NS_FAILED(rv)) {
return 255;

15
application/palemoon/installer/package-manifest.in
Unescape View File

@ -334,21 +334,6 @@
@RESPATH@/chrome/pippki@JAREXT@
@RESPATH@/chrome/pippki.manifest
; For process sandboxing
#if defined(MOZ_SANDBOX)
#if defined(XP_WIN)
#if defined(WOW_HELPER)
@BINPATH@/wow_helper.exe
#endif
#endif
#endif
#if defined(MOZ_SANDBOX)
#if defined(XP_LINUX)
@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@
#endif
#endif
; for Solaris SPARC
#ifdef SOLARIS
bin/libfreebl_32fpu_3.so

16
browser/app/moz.build
Unescape View File

@ -48,22 +48,6 @@ if CONFIG['OS_ARCH'] == 'WINNT':
for cdm in CONFIG['MOZ_EME_MODULES']:
DEFINES['MOZ_%s_EME' % cdm.upper()] = True
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'sandbox_s',
]
DELAYLOAD_DLLS += [
'winmm.dll',
'user32.dll',
]
# Control the default heap size.
# This is the heap returned by GetProcessHeap().
# As we use the CRT heap, the default size is too large and wastes VM.

26
browser/app/nsBrowserApp.cpp
Unescape View File

@ -31,9 +31,6 @@
#endif
#define XRE_WANT_ENVIRON
#define strcasecmp _stricmp
#ifdef MOZ_SANDBOX
#include "mozilla/sandboxing/SandboxInitialization.h"
#endif
#endif
#include "BinaryPath.h"
@ -43,8 +40,7 @@
#include "mozilla/Telemetry.h"
#include "mozilla/WindowsDllBlocklist.h"
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID) \
&& !(defined(XP_LINUX) && defined(MOZ_SANDBOX))
#if !defined(MOZ_WIDGET_COCOA) && !defined(MOZ_WIDGET_ANDROID)
#define MOZ_BROWSER_CAN_BE_CONTENTPROC
#include "../../ipc/contentproc/plugin-container.cpp"
#endif
@ -207,11 +203,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
}
XREShellData shellData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
shellData.sandboxBrokerServices =
sandboxing::GetInitializedBrokerServices();
#endif
return XRE_XPCShellMain(--argc, argv, envp, &shellData);
}
@ -262,12 +253,6 @@ static int do_main(int argc, char* argv[], char* envp[], nsIFile *xreDirectory)
DllBlocklist_CheckStatus() ? NS_XRE_DLL_BLOCKLIST_ENABLED : 0;
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
sandbox::BrokerServices* brokerServices =
sandboxing::GetInitializedBrokerServices();
appData.sandboxBrokerServices = brokerServices;
#endif
#ifdef LIBFUZZER
if (getenv("LIBFUZZER"))
XRE_LibFuzzerSetMain(argc, argv, libfuzzer_main);
@ -369,15 +354,6 @@ int main(int argc, char* argv[], char* envp[])
// We are launching as a content process, delegate to the appropriate
// main
if (argc > 1 && IsArg(argv[1], "contentproc")) {
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
// We need to initialize the sandbox TargetServices before InitXPCOMGlue
// because we might need the sandbox broker to give access to some files.
if (IsSandboxedProcess() && !sandboxing::GetInitializedTargetServices()) {
Output("Failed to initialize the sandbox target services.");
return 255;
}
#endif
nsresult rv = InitXPCOMGlue(argv[0], nullptr);
if (NS_FAILED(rv)) {
return 255;

26
browser/app/profile/firefox.js
Unescape View File

@ -921,32 +921,6 @@ pref("dom.ipc.shims.enabledWarnings", false);
pref("browser.tabs.remote.autostart", false);
pref("browser.tabs.remote.desktopbehavior", true);
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
// When this pref is true the Windows process sandbox will set up dummy
// interceptions and log to the browser console when calls fail in the sandboxed
// process and also if they are subsequently allowed by the broker process.
// This will require a restart.
pref("security.sandbox.windows.log", false);
// Controls whether and how the Windows NPAPI plugin process is sandboxed.
// To get a different setting for a particular plugin replace "default", with
// the plugin's nice file name, see: nsPluginTag::GetNiceFileName.
// On windows these levels are:
// 0 - no sandbox
// 1 - sandbox with USER_NON_ADMIN access token level
// 2 - a more strict sandbox, which might cause functionality issues. This now
// includes running at low integrity.
// 3 - the strongest settings we seem to be able to use without breaking
// everything, but will probably cause some functionality restrictions
pref("dom.ipc.plugins.sandbox-level.default", 0);
#if defined(_AMD64_)
// The lines in PluginModuleParent.cpp should be changed in line with this.
pref("dom.ipc.plugins.sandbox-level.flash", 2);
#else
pref("dom.ipc.plugins.sandbox-level.flash", 0);
#endif
#endif
// This pref governs whether we attempt to work around problems caused by
// plugins using OS calls to manipulate the cursor while running out-of-
// process. These workarounds all involve intercepting (hooking) certain

15
browser/installer/package-manifest.in
Unescape View File

@ -744,21 +744,6 @@
@RESPATH@/components/pipnss.xpt
@RESPATH@/components/pippki.xpt
; For process sandboxing
#if defined(MOZ_SANDBOX)
#if defined(XP_WIN)
#if defined(WOW_HELPER)
@BINPATH@/wow_helper.exe
#endif
#endif
#endif
#if defined(MOZ_SANDBOX)
#if defined(XP_LINUX)
@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@
#endif
#endif
; for Solaris SPARC
#ifdef SOLARIS
bin/libfreebl_32fpu_3.so

1
build/directive4.py
Unescape View File

@ -33,7 +33,6 @@ if ('MOZ_OFFICIAL_BRANDING' in listConfig) or (strBrandingDirectory.endswith("br
# Applies to Pale Moon and Basilisk
if ('MC_BASILISK' in listConfig) or ('MC_PALEMOON' in listConfig):
listViolations += [
'MOZ_SANDBOX',
'MOZ_SYSTEM_LIBEVENT',
'MOZ_SYSTEM_NSS',
'MOZ_SYSTEM_NSPR',

6
dom/ipc/moz.build
Unescape View File

@ -140,12 +140,6 @@ LOCAL_INCLUDES += [
'/xpcom/threads',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
if CONFIG['OS_ARCH'] != 'WINNT':
LOCAL_INCLUDES += [
'/modules/libjar',

34
dom/media/gmp/GMPProcessParent.cpp
Unescape View File

@ -8,9 +8,6 @@
#include "GMPUtils.h"
#include "nsIFile.h"
#include "nsIRunnable.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "WinUtils.h"
#endif
#include "base/string_util.h"
#include "base/process_util.h"
@ -56,38 +53,7 @@ GMPProcessParent::Launch(int32_t aTimeoutMs)
vector<string> args;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
std::wstring wGMPPath = UTF8ToWide(mGMPPath.c_str());
// The sandbox doesn't allow file system rules where the paths contain
// symbolic links or junction points. Sometimes the Users folder has been
// moved to another drive using a junction point, so allow for this specific
// case. See bug 1236680 for details.
if (!widget::WinUtils::ResolveJunctionPointsAndSymLinks(wGMPPath)) {
GMP_LOG("ResolveJunctionPointsAndSymLinks failed for GMP path=%S",
wGMPPath.c_str());
NS_WARNING("ResolveJunctionPointsAndSymLinks failed for GMP path.");
return false;
}
GMP_LOG("GMPProcessParent::Launch() resolved path to %S", wGMPPath.c_str());
// If the GMP path is a network path that is not mapped to a drive letter,
// then we need to fix the path format for the sandbox rule.
wchar_t volPath[MAX_PATH];
if (::GetVolumePathNameW(wGMPPath.c_str(), volPath, MAX_PATH) &&
::GetDriveTypeW(volPath) == DRIVE_REMOTE &&
wGMPPath.compare(0, 2, L"\\\\") == 0) {
std::wstring sandboxGMPPath(wGMPPath);
sandboxGMPPath.insert(1, L"??\\UNC");
mAllowedFilesRead.push_back(sandboxGMPPath + L"\\*");
} else {
mAllowedFilesRead.push_back(wGMPPath + L"\\*");
}
args.push_back(WideToUTF8(wGMPPath));
#else
args.push_back(mGMPPath);
#endif
args.push_back(string(voucherPath.BeginReading(), voucherPath.EndReading()));

8
dom/media/gmp/rlz/GMPDeviceBinding.cpp
Unescape View File

@ -12,10 +12,6 @@
#ifdef XP_WIN
#include "windows.h"
#ifdef MOZ_SANDBOX
#include <intrin.h>
#include <assert.h>
#endif
#endif
#if defined(HASH_NODE_ID_WITH_DEVICE_ID)
@ -35,10 +31,6 @@
#ifdef XP_WIN
#include "windows.h"
#ifdef MOZ_SANDBOX
#include <intrin.h>
#include <assert.h>
#endif
#endif
#ifdef XP_MACOSX

7
dom/media/gmp/rlz/moz.build
Unescape View File

@ -13,13 +13,6 @@ UNIFIED_SOURCES += [
'GMPDeviceBinding.cpp',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ['WINNT', 'Darwin']:
DEFINES['HASH_NODE_ID_WITH_DEVICE_ID'] = 1;
UNIFIED_SOURCES += [
'lib/string_utils.cc',
'sha256.c',
]
if CONFIG['OS_TARGET'] == 'WINNT':
UNIFIED_SOURCES += [
'win/lib/machine_id_win.cc',

19
dom/plugins/base/nsPluginTags.cpp
Unescape View File

@ -427,24 +427,7 @@ void nsPluginTag::InitMime(const char* const* aMimeTypes,
void
nsPluginTag::InitSandboxLevel()
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
nsAutoCString sandboxPref("dom.ipc.plugins.sandbox-level.");
sandboxPref.Append(GetNiceFileName());
if (NS_FAILED(Preferences::GetInt(sandboxPref.get(), &mSandboxLevel))) {
mSandboxLevel = Preferences::GetInt("dom.ipc.plugins.sandbox-level.default"
);
}
#if defined(_AMD64_)
// As level 2 is now the default NPAPI sandbox level for 64-bit flash, we
// don't want to allow a lower setting unless this environment variable is
// set. This should be changed if the firefox.js pref file is changed.
if (mIsFlashPlugin &&
!PR_GetEnv("MOZ_ALLOW_WEAKER_SANDBOX") && mSandboxLevel < 2) {
mSandboxLevel = 2;
}
#endif
#endif
/* STUB */
}
#if !defined(XP_WIN) && !defined(XP_MACOSX)

10
dom/plugins/ipc/PluginProcessChild.cpp
Unescape View File

@ -22,10 +22,6 @@ extern "C" CGError CGSSetDebugOptions(int options);
#ifdef XP_WIN
bool ShouldProtectPluginCurrentDirectory(char16ptr_t pluginFilePath);
#if defined(MOZ_SANDBOX)
#define TARGET_SANDBOX_EXPORTS
#include "mozilla/sandboxTarget.h"
#endif
#endif
using mozilla::ipc::IOThreadChild;
@ -107,12 +103,6 @@ PluginProcessChild::Init()
pluginFilename = WideToUTF8(values[0]);
#if defined(MOZ_SANDBOX)
// This is probably the earliest we would want to start the sandbox.
// As we attempt to tighten the sandbox, we may need to consider moving this
// to later in the plugin initialization.
mozilla::SandboxTarget::Instance()->StartSandbox();
#endif
#else
# error Sorry
#endif

85
dom/plugins/ipc/PluginProcessParent.cpp
Unescape View File

@ -14,10 +14,6 @@
#include "mozilla/Telemetry.h"
#include "nsThreadUtils.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "nsDirectoryServiceDefs.h"
#endif
using std::vector;
using std::string;
@ -40,95 +36,14 @@ PluginProcessParent::~PluginProcessParent()
{
}
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
static void
AddSandboxAllowedFile(vector<std::wstring>& aAllowedFiles, nsIProperties* aDirSvc,
const char* aDir, const nsAString& aSuffix = EmptyString())
{
nsCOMPtr<nsIFile> userDir;
nsresult rv = aDirSvc->Get(aDir, NS_GET_IID(nsIFile), getter_AddRefs(userDir));
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
nsAutoString userDirPath;
rv = userDir->GetPath(userDirPath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
if (!aSuffix.IsEmpty()) {
userDirPath.Append(aSuffix);
}
aAllowedFiles.push_back(std::wstring(userDirPath.get()));
return;
}
static void
AddSandboxAllowedFiles(int32_t aSandboxLevel,
vector<std::wstring>& aAllowedFilesRead,
vector<std::wstring>& aAllowedFilesReadWrite,
vector<std::wstring>& aAllowedDirectories)
{
if (aSandboxLevel < 2) {
return;
}
nsresult rv;
nsCOMPtr<nsIProperties> dirSvc =
do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
// Higher than level 2 currently removes the users own rights.
if (aSandboxLevel > 2) {
AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR);
AddSandboxAllowedFile(aAllowedFilesRead, dirSvc, NS_WIN_HOME_DIR,
NS_LITERAL_STRING("\\*"));
}
// Level 2 and above is now using low integrity, so we need to give write
// access to the Flash directories.
// This should be made Flash specific (Bug 1171396).
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player\\*"));
AddSandboxAllowedFile(aAllowedFilesReadWrite, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe\\Flash Player\\*"));
// Access also has to be given to create the parent directories as they may
// not exist.
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_LOCAL_APPDATA_DIR,
NS_LITERAL_STRING("\\Macromedia\\Flash Player"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe"));
AddSandboxAllowedFile(aAllowedDirectories, dirSvc, NS_WIN_APPDATA_DIR,
NS_LITERAL_STRING("\\Adobe\\Flash Player"));
}
#endif
bool
PluginProcessParent::Launch(mozilla::UniquePtr<LaunchCompleteTask> aLaunchCompleteTask,
int32_t aSandboxLevel)
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
mSandboxLevel = aSandboxLevel;
AddSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead,
mAllowedFilesReadWrite, mAllowedDirectories);
#else
if (aSandboxLevel != 0) {
MOZ_ASSERT(false,
"Can't enable an NPAPI process sandbox for platform/build.");
}
#endif
ProcessArchitecture currentArchitecture = base::GetCurrentProcessArchitecture();
uint32_t containerArchitectures = GetSupportedArchitecturesForProcessType(GeckoProcessType_Plugin);

6
dom/plugins/ipc/moz.build
Unescape View File

@ -125,12 +125,6 @@ LOCAL_INCLUDES += [
'/xpcom/base/',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
DEFINES['FORCE_PR_LOG'] = True
if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk3':

37
ipc/app/moz.build
Unescape View File

@ -43,47 +43,10 @@ if CONFIG['OS_ARCH'] == 'WINNT':
'nss3.dll',
]
if CONFIG['MOZ_SANDBOX']:
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'sandbox_s',
]
DELAYLOAD_DLLS += [
'winmm.dll',
'user32.dll',
]
DELAYLOAD_DLLS += [
'xul.dll',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ('Linux', 'Android'):
USE_LIBS += [
'mozsandbox',
]
# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build. Work around that by
# forcing there to be only one partition.
if '-flto' in CONFIG['OS_CXXFLAGS'] and not CONFIG['CLANG_CXX']:
LDFLAGS += ['--param lto-partitions=1']
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] == 'Darwin':
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'mozsandbox',
]
if CONFIG['_MSC_VER']:
# Always enter a Windows program through wmain, whether or not we're
# a console application.

11
ipc/app/pie/moz.build
Unescape View File

@ -16,15 +16,4 @@ LOCAL_INCLUDES += [
'/xpcom/base',
]
if CONFIG['MOZ_SANDBOX']:
USE_LIBS += [
'mozsandbox',
]
# gcc lto likes to put the top level asm in syscall.cc in a different partition
# from the function using it which breaks the build. Work around that by
# forcing there to be only one partition.
if '-flto' in CONFIG['OS_CXXFLAGS'] and not CONFIG['CLANG_CXX']:
LDFLAGS += ['--param lto-partitions=1']
LDFLAGS += ['-pie']

5
ipc/contentproc/moz.build
Unescape View File

@ -18,8 +18,3 @@ if CONFIG['OS_ARCH'] == 'WINNT':
'/xpcom/base',
]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]

40
ipc/contentproc/plugin-container.cpp
Unescape View File

@ -22,11 +22,6 @@
#include "GMPLoader.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "mozilla/sandboxing/SandboxInitialization.h"
#include "mozilla/sandboxing/sandboxLogging.h"
#endif
#ifdef MOZ_WIDGET_GONK
# include <sys/time.h>
# include <sys/resource.h>
@ -62,26 +57,10 @@ InitializeBinder(void *aDummy) {
}
#endif
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
class WinSandboxStarter : public mozilla::gmp::SandboxStarter {
public:
virtual bool Start(const char *aLibPath) override {
if (IsSandboxedProcess()) {
mozilla::sandboxing::LowerSandbox();
}
return true;
}
};
#endif
mozilla::gmp::SandboxStarter*
MakeSandboxStarter()
{
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
return new WinSandboxStarter();
#else
return nullptr;
#endif
}
int
@ -95,27 +74,8 @@ content_process_main(int argc, char* argv[])
XREChildData childData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
if (IsSandboxedProcess()) {
childData.sandboxTargetServices =
mozilla::sandboxing::GetInitializedTargetServices();
if (!childData.sandboxTargetServices) {
return 1;
}
childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction;
}
#endif
XRE_SetProcessType(argv[--argc]);
#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
// This has to happen while we're still single-threaded, and on
// B2G that means before the Android Binder library is
// initialized.
mozilla::SandboxEarlyInit(XRE_GetProcessType());
#endif
#ifdef MOZ_WIDGET_GONK
// This creates a ThreadPool for binder ipc. A ThreadPool is necessary to
// receive binder calls, though not necessary to send binder calls.

217
ipc/glue/GeckoChildProcessHost.cpp
Unescape View File

@ -39,12 +39,6 @@
#ifdef XP_WIN
#include "nsIWinTaskbar.h"
#define NS_TASKBAR_CONTRACTID "@mozilla.org/windows-taskbar;1"
#if defined(MOZ_SANDBOX)
#include "mozilla/Preferences.h"
#include "mozilla/sandboxing/sandboxLogging.h"
#include "nsDirectoryServiceUtils.h"
#endif
#endif
#include "nsTArray.h"
@ -97,10 +91,6 @@ GeckoChildProcessHost::GeckoChildProcessHost(GeckoProcessType aProcessType,
mPrivileges(aPrivileges),
mMonitor("mozilla.ipc.GeckChildProcessHost.mMonitor"),
mProcessState(CREATING_CHANNEL),
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
mEnableSandboxLogging(false),
mSandboxLevel(0),
#endif
mChildProcessHandle(0)
#if defined(MOZ_WIDGET_COCOA)
, mChildTask(MACH_PORT_NULL)
@ -307,14 +297,6 @@ GeckoChildProcessHost::PrepareLaunch()
if (mProcessType == GeckoProcessType_Plugin) {
InitWindowsGroupID();
}
#if defined(MOZ_SANDBOX)
// For other process types we can't rely on them being launched on main
// thread and they may not have access to prefs in the child process, so allow
// them to turn on logging via an environment variable.
mEnableSandboxLogging = mEnableSandboxLogging
|| !!PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING");
#endif
#endif
}
@ -599,91 +581,6 @@ AddAppDirToCommandLine(std::vector<std::string>& aCmdLine)
}
}
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
static void
MaybeAddNsprLogFileAccess(std::vector<std::wstring>& aAllowedFilesReadWrite)
{
const char* nsprLogFileEnv = PR_GetEnv("NSPR_LOG_FILE");
if (!nsprLogFileEnv) {
return;
}
nsDependentCString nsprLogFilePath(nsprLogFileEnv);
nsCOMPtr<nsIFile> nsprLogFile;
nsresult rv = NS_NewNativeLocalFile(nsprLogFilePath, true,
getter_AddRefs(nsprLogFile));
if (NS_FAILED(rv)) {
// Not an absolute path, try it as a relative one.
nsresult rv = NS_GetSpecialDirectory(NS_OS_CURRENT_WORKING_DIR,
getter_AddRefs(nsprLogFile));
if (NS_FAILED(rv) || !nsprLogFile) {
NS_WARNING("Failed to get current working directory");
return;
}
rv = nsprLogFile->AppendRelativeNativePath(nsprLogFilePath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
}
nsAutoString resolvedFilePath;
rv = nsprLogFile->GetPath(resolvedFilePath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
// Update the environment variable as well as adding the rule, because the
// Chromium sandbox can only allow access to fully qualified file paths. This
// only affects the environment for the child process we're about to create,
// because this will get reset to the original value in PerformAsyncLaunch.
aAllowedFilesReadWrite.push_back(std::wstring(resolvedFilePath.get()));
nsAutoCString resolvedEnvVar("NSPR_LOG_FILE=");
AppendUTF16toUTF8(resolvedFilePath, resolvedEnvVar);
PR_SetEnv(resolvedEnvVar.get());
}
static void
AddContentSandboxAllowedFiles(int32_t aSandboxLevel,
std::vector<std::wstring>& aAllowedFilesRead)
{
if (aSandboxLevel < 1) {
return;
}
nsCOMPtr<nsIFile> binDir;
nsresult rv = NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(binDir));
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
nsAutoString binDirPath;
rv = binDir->GetPath(binDirPath);
if (NS_WARN_IF(NS_FAILED(rv))) {
return;
}
// If bin directory is on a remote drive add read access.
wchar_t volPath[MAX_PATH];
if (!::GetVolumePathNameW(binDirPath.get(), volPath, MAX_PATH)) {
return;
}
if (::GetDriveTypeW(volPath) != DRIVE_REMOTE) {
return;
}
// Convert network share path to format for sandbox policy.
if (Substring(binDirPath, 0, 2).Equals(L"\\\\")) {
binDirPath.InsertLiteral(u"??\\UNC", 1);
}
binDirPath.AppendLiteral(u"\\*");
aAllowedFilesRead.push_back(std::wstring(binDirPath.get()));
}
#endif
bool
GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExtraOpts, base::ProcessArchitecture arch)
{
@ -808,27 +705,6 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
}
#endif // MOZ_WIDGET_GONK
#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
// Preload libmozsandbox.so so that sandbox-related interpositions
// can be defined there instead of in the executable.
// (This could be made conditional on intent to use sandboxing, but
// it's harmless for non-sandboxed processes.)
{
nsAutoCString preload;
// Prepend this, because people can and do preload libpthread.
// (See bug 1222500.)
preload.AssignLiteral("libmozsandbox.so");
if (const char* oldPreload = PR_GetEnv("LD_PRELOAD")) {
// Doesn't matter if oldPreload is ""; extra separators are ignored.
preload.Append(' ');
preload.Append(oldPreload);
}
// Explicitly construct the std::string to make it clear that this
// isn't retaining a pointer to the nsCString's buffer.
newEnvVars["LD_PRELOAD"] = std::string(preload.get());
}
#endif
// remap the IPC socket fd to a well-known int, as the OS does for
// STDOUT_FILENO, for example
int srcChannelFd, dstChannelFd;
@ -994,74 +870,6 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
}
}
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
bool shouldSandboxCurrentProcess = false;
// XXX: Bug 1124167: We should get rid of the process specific logic for
// sandboxing in this class at some point. Unfortunately it will take a bit
// of reorganizing so I don't think this patch is the right time.
switch (mProcessType) {
case GeckoProcessType_Content:
break;
case GeckoProcessType_Plugin:
if (mSandboxLevel > 0 &&
!PR_GetEnv("MOZ_DISABLE_NPAPI_SANDBOX")) {
bool ok = mSandboxBroker.SetSecurityLevelForPluginProcess(mSandboxLevel);
if (!ok) {
return false;
}
shouldSandboxCurrentProcess = true;
}
break;
case GeckoProcessType_IPDLUnitTest:
// XXX: We don't sandbox this process type yet
break;
case GeckoProcessType_GMPlugin:
if (!PR_GetEnv("MOZ_DISABLE_GMP_SANDBOX")) {
// The Widevine CDM on Windows can only load at USER_RESTRICTED,
// not at USER_LOCKDOWN. So look in the command line arguments
// to see if we're loading the path to the Widevine CDM, and if
// so use sandbox level USER_RESTRICTED instead of USER_LOCKDOWN.
bool isWidevine = std::any_of(aExtraOpts.begin(), aExtraOpts.end(),
[](const std::string arg) { return arg.find("gmp-widevinecdm") != std::string::npos; });
auto level = isWidevine ? SandboxBroker::Restricted : SandboxBroker::LockDown;
bool ok = mSandboxBroker.SetSecurityLevelForGMPlugin(level);
if (!ok) {
return false;
}
shouldSandboxCurrentProcess = true;
}
break;
case GeckoProcessType_GPU:
break;
case GeckoProcessType_Default:
default:
MOZ_CRASH("Bad process type in GeckoChildProcessHost");
break;
};
if (shouldSandboxCurrentProcess) {
MaybeAddNsprLogFileAccess(mAllowedFilesReadWrite);
for (auto it = mAllowedFilesRead.begin();
it != mAllowedFilesRead.end();
++it) {
mSandboxBroker.AllowReadFile(it->c_str());
}
for (auto it = mAllowedFilesReadWrite.begin();
it != mAllowedFilesReadWrite.end();
++it) {
mSandboxBroker.AllowReadWriteFile(it->c_str());
}
for (auto it = mAllowedDirectories.begin();
it != mAllowedDirectories.end();
++it) {
mSandboxBroker.AllowDirectory(it->c_str());
}
}
#endif // XP_WIN && MOZ_SANDBOX
// Add the application directory path (-appdir path)
AddAppDirToCommandLine(cmdLine);
@ -1078,33 +886,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
// Process type
cmdLine.AppendLooseValue(UTF8ToWide(childProcessType));
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
if (shouldSandboxCurrentProcess) {
if (mSandboxBroker.LaunchApp(cmdLine.program().c_str(),
cmdLine.command_line_string().c_str(),
mEnableSandboxLogging,
&process)) {
EnvironmentLog("MOZ_PROCESS_LOG").print(
"==> process %d launched child process %d (%S)\n",
base::GetCurrentProcId(), base::GetProcId(process),
cmdLine.command_line_string().c_str());
}
} else
#endif
{
base::LaunchApp(cmdLine, false, false, &process);
#ifdef MOZ_SANDBOX
// We need to be able to duplicate handles to some types of non-sandboxed
// child processes.
if (mProcessType == GeckoProcessType_Content ||
mProcessType == GeckoProcessType_GPU ||
mProcessType == GeckoProcessType_GMPlugin) {
if (!mSandboxBroker.AddTargetPeer(process)) {
NS_WARNING("Failed to add content process as target peer.");
}
}
#endif
}
#else

13
ipc/glue/GeckoChildProcessHost.h
Unescape View File

@ -21,10 +21,6 @@
#include "nsXULAppAPI.h" // for GeckoProcessType
#include "nsString.h"
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
#include "sandboxBroker.h"
#endif
namespace mozilla {
namespace ipc {
@ -153,15 +149,6 @@ protected:
#ifdef XP_WIN
void InitWindowsGroupID();
nsString mGroupId;
#ifdef MOZ_SANDBOX
SandboxBroker mSandboxBroker;
std::vector<std::wstring> mAllowedFilesRead;
std::vector<std::wstring> mAllowedFilesReadWrite;
std::vector<std::wstring> mAllowedDirectories;
bool mEnableSandboxLogging;
int32_t mSandboxLevel;
#endif
#endif // XP_WIN
#if defined(OS_POSIX)

16
ipc/glue/ProtocolUtils.cpp
Unescape View File

@ -20,11 +20,6 @@
#include "mozilla/Unused.h"
#include "nsPrintfCString.h"
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
#define TARGET_SANDBOX_EXPORTS
#include "mozilla/sandboxTarget.h"
#endif
#include "nsAutoPtr.h"
using namespace IPC;
@ -162,17 +157,6 @@ bool DuplicateHandle(HANDLE aSourceHandle,
}
#if defined(MOZ_SANDBOX)
// Try the broker next (will fail if not sandboxed).
if (SandboxTarget::Instance()->BrokerDuplicateHandle(aSourceHandle,
aTargetProcessId,
aTargetHandle,
aDesiredAccess,
aOptions)) {
return true;
}
#endif
// Finally, see if we already have access to the process.
ScopedProcessHandle targetProcess(OpenProcess(PROCESS_DUP_HANDLE,
FALSE,

7
ipc/glue/moz.build
Unescape View File

@ -196,12 +196,5 @@ for var in ('MOZ_CHILD_PROCESS_NAME', 'MOZ_CHILD_PROCESS_NAME_PIE',
'MOZ_CHILD_PROCESS_BUNDLE', 'DLL_PREFIX', 'DLL_SUFFIX'):
DEFINES[var] = '"%s"' % CONFIG[var]
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
'/security/sandbox/win/src/sandboxbroker',
]
if CONFIG['GNU_CXX']:
CXXFLAGS += ['-Wno-shadow']

16
js/xpconnect/shell/moz.build
Unescape View File

@ -35,22 +35,6 @@ if CONFIG['_MSC_VER']:
if CONFIG['OS_ARCH'] == 'WINNT':
RCINCLUDE = 'xpcshell.rc'
if CONFIG['MOZ_SANDBOX']:
# For sandbox includes and the include dependencies those have
LOCAL_INCLUDES += [
'/security/sandbox/chromium',
'/security/sandbox/chromium-shim',
]
USE_LIBS += [
'sandbox_s',
]
DELAYLOAD_DLLS += [
'winmm.dll',
'user32.dll',
]
DELAYLOAD_DLLS += [
'xul.dll',
]

7
js/xpconnect/shell/xpcshell.cpp
Unescape View File

@ -22,9 +22,6 @@
#define XRE_DONT_PROTECT_DLL_LOAD
#define XRE_WANT_ENVIRON
#include "nsWindowsWMain.cpp"
#ifdef MOZ_SANDBOX
#include "mozilla/sandboxing/SandboxInitialization.h"
#endif
#endif
#ifdef MOZ_WIDGET_GTK
@ -54,10 +51,6 @@ main(int argc, char** argv, char** envp)
#endif
XREShellData shellData;
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
shellData.sandboxBrokerServices =
mozilla::sandboxing::GetInitializedBrokerServices();
#endif
int result = XRE_XPCShellMain(argc, argv, envp, &shellData);

13
js/xpconnect/src/XPCShellImpl.cpp
Unescape View File

@ -44,9 +44,6 @@
#ifdef XP_WIN
#include "mozilla/widget/AudioSession.h"
#include <windows.h>
#if defined(MOZ_SANDBOX)
#include "SandboxBroker.h"
#endif
#endif
// all this crap is needed to do the interactive shell stuff
@ -1484,16 +1481,6 @@ XRE_XPCShellMain(int argc, char** argv, char** envp,
// Plugin may require audio session if installed plugin can initialize
// asynchronized.
AutoAudioSession audioSession;
#if defined(MOZ_SANDBOX)
// Required for sandboxed child processes.
if (aShellData->sandboxBrokerServices) {
SandboxBroker::Initialize(aShellData->sandboxBrokerServices);
} else {
NS_WARNING("Failed to initialize broker services, sandboxed "
"processes will fail to start.");
}
#endif
#endif
{

5
mobile/android/installer/package-manifest.in
Unescape View File

@ -502,11 +502,6 @@
;
@BINPATH@/components/pipnss.xpt
; For process sandboxing
#if defined(MOZ_SANDBOX)
@BINPATH@/@DLL_PREFIX@mozsandbox@DLL_SUFFIX@
#endif
[mobile]
@BINPATH@/chrome/chrome@JAREXT@
@BINPATH@/chrome/chrome.manifest

20
old-configure.in
Unescape View File

@ -2311,7 +2311,6 @@ MOZ_INSTALL_TRACKING=
ACCESSIBILITY=1
MOZ_TIME_MANAGER=
MOZ_AUDIO_CHANNEL_MANAGER=
MOZ_SANDBOX=
MOZ_BINARY_EXTENSIONS=
MOZ_JETPACK=1
MOZ_DEVTOOLS_SERVER=1
@ -3923,24 +3922,6 @@ if test -n "$MOZ_NO_SMART_CARDS"; then
fi
AC_SUBST(MOZ_NO_SMART_CARDS)
dnl ========================================================
dnl = Sandboxing support
dnl ========================================================
MOZ_ARG_ENABLE_BOOL(sandbox,
[ --enable-sandbox Enable sandboxing support],
MOZ_SANDBOX=1,
MOZ_SANDBOX=)
if test -n "$MOZ_TSAN" -o -n "$MOZ_ASAN"; then
# Bug 1182565: TSan conflicts with sandboxing on Linux.
# Bug 1287971: LSan also conflicts with sandboxing on Linux.
case $OS_TARGET in
Linux|Android)
MOZ_SANDBOX=
;;
esac
fi
dnl ========================================================
dnl =
dnl = Module specific options
@ -5771,7 +5752,6 @@ MOZ_OFFICIAL_BRANDING=$MOZ_OFFICIAL_BRANDING
MOZ_BRANDING_DIRECTORY=$MOZ_BRANDING_DIRECTORY
MC_BASILISK=$MC_BASILISK
MC_PALEMOON=$MC_PALEMOON
MOZ_SANDBOX=$MOZ_SANDBOX
MOZ_EME=$MOZ_EME
MOZ_WEBRTC=$MOZ_WEBRTC
MOZ_SYSTEM_LIBEVENT=$MOZ_SYSTEM_LIBEVENT

2
security/sandbox/chromium/base/time/time.cc
Unescape View File

@ -242,7 +242,6 @@ Time Time::LocalMidnight() const {
return FromLocalExploded(exploded);
}
#if !defined(MOZ_SANDBOX)
// static
bool Time::FromStringInternal(const char* time_string,
bool is_local,
@ -263,7 +262,6 @@ bool Time::FromStringInternal(const char* time_string,
*parsed_time = Time(result_time);
return true;
}
#endif
std::ostream& operator<<(std::ostream& os, Time time) {
Time::Exploded exploded;

4
security/sandbox/chromium/base/time/time.h
Unescape View File

@ -522,7 +522,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
return FromExploded(true, exploded);
}
#if !defined(MOZ_SANDBOX)
// Converts a string representation of time to a Time object.
// An example of a time string which is converted is as below:-
// "Tue, 15 Nov 1994 12:45:26 GMT". If the timezone is not specified
@ -537,7 +536,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
static bool FromUTCString(const char* time_string, Time* parsed_time) {
return FromStringInternal(time_string, false, parsed_time);
}
#endif
// Fills the given exploded structure with either the local time or UTC from
// this time structure (containing UTC).
@ -565,7 +563,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
// |is_local = true| or UTC |is_local = false|.
static Time FromExploded(bool is_local, const Exploded& exploded);
#if !defined(MOZ_SANDBOX)
// Converts a string representation of time to a Time object.
// An example of a time string which is converted is as below:-
// "Tue, 15 Nov 1994 12:45:26 GMT". If the timezone is not specified
@ -576,7 +573,6 @@ class BASE_EXPORT Time : public time_internal::TimeBase<Time> {
static bool FromStringInternal(const char* time_string,
bool is_local,
Time* parsed_time);
#endif
};
// Inline the TimeDelta factory methods, for fast TimeDelta construction.

21
toolkit/content/aboutSupport.js
Unescape View File

@ -497,26 +497,7 @@ var snapshotFormatters = {
$("prefs-user-js-section").style.display = "";
// Clear the no-copy class
$("prefs-user-js-section").className = "";
},
sandbox: function sandbox(data) {
if (!AppConstants.MOZ_SANDBOX)
return;
let strings = stringBundle();
let tbody = $("sandbox-tbody");
for (let key in data) {
// Simplify the display a little in the common case.
if (key === "hasPrivilegedUserNamespaces" &&
data[key] === data["hasUserNamespaces"]) {
continue;
}
tbody.appendChild($.new("tr", [
$.new("th", strings.GetStringFromName(key), "column"),
$.new("td", data[key])
]));
}
},
}
};
var $ = document.getElementById.bind(document);

14
toolkit/content/aboutSupport.xhtml
Unescape View File

@ -475,20 +475,6 @@
</tbody>
</table>
<!-- - - - - - - - - - - - - - - - - - - - - -->
#if defined(MOZ_SANDBOX)
<h2 class="major-section" id="sandbox">
&aboutSupport.sandboxTitle;
</h2>
<table>
<tbody id="sandbox-tbody">
</tbody>
</table>
#endif
</div>
</body>

2
toolkit/locales/en-US/chrome/global/aboutSupport.dtd
Unescape View File

@ -109,8 +109,6 @@ variant of aboutSupport.showDir.label. -->
<!ENTITY aboutSupport.copyTextToClipboard.label "Copy text to clipboard">
<!ENTITY aboutSupport.copyRawDataToClipboard.label "Copy raw data to clipboard">
<!ENTITY aboutSupport.sandboxTitle "Sandbox">
<!ENTITY aboutSupport.safeModeTitle "Try Safe Mode">
<!ENTITY aboutSupport.restartInSafeMode.label "Restart with Add-ons Disabled…">

7
toolkit/modules/AppConstants.jsm
Unescape View File

@ -81,13 +81,6 @@ this.AppConstants = Object.freeze({
false,