Bug 1431441 - Part 6 - Start middleman WebReplay process sandbox later r=Alex_Gaynor

Depends on D7357 Differential Revision: https://phabricator.services.mozilla.com/D8474 --HG-- extra : moz-landing-system : lando
2018-10-12 14:13:53 +00:00 · 2018-10-12 14:13:53 +00:00 · 14311766a1
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -2343,7 +2343,10 @@ ContentParent::LaunchSubprocess(ProcessPriority aInitialPriority /* = PROCESS_PR
  }

 #if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
-  if (sEarlySandboxInit && IsContentSandboxEnabled()) {
+  // If we're launching a middleman process for a
+  // recording or replay, start the sandbox later.
+  if (sEarlySandboxInit && IsContentSandboxEnabled() &&
+      !IsRecordingOrReplaying()) {
    AppendSandboxParams(extraArgs);
  }
 #endif
@ -2751,7 +2754,10 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority)
 #ifdef XP_MACOSX
  // If the sandbox was initialized during content process
  // startup, we must not send the SetProcessSandbox message.
-  shouldSandbox = shouldSandbox && !sEarlySandboxInit;
+  // If early startup was pref'd off or the process is a
+  // middleman process, send SetProcessSandbox now.
+  shouldSandbox = shouldSandbox &&
+    (!sEarlySandboxInit || IsRecordingOrReplaying());
 #endif

 #ifdef XP_LINUX
--- a/dom/ipc/ContentProcess.cpp
+++ b/dom/ipc/ContentProcess.cpp
@ -298,8 +298,11 @@ ContentProcess::Init(int aArgc, char* aArgv[])
 #if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
  mContent.SetProfileDir(profileDir);
 #if defined(DEBUG)
+  // For WebReplay middleman processes, the sandbox is
+  // started after receiving the SetProcessSandbox message.
  if (IsContentSandboxEnabled() &&
-      Preferences::GetBool("security.sandbox.content.mac.earlyinit")) {
+      Preferences::GetBool("security.sandbox.content.mac.earlyinit") &&
+      !recordreplay::IsMiddleman()) {
    AssertMacSandboxEnabled();
  }
 #endif /* DEBUG */