Bug 1074561 - Disable EME plugins on Linux if sandboxing is unavailable. r=jesup

--HG--
extra : amend_source : 5e2192974cce18fd94abff72c9def32cfbaf675d

content/media/gmp/GMPParent.cpp

@@ -18,6 +18,9 @@
 #include "nsIObserverService.h"
 #include "GMPTimerParent.h"
 #include "runnable_utils.h"
+#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#include "mozilla/Sandbox.h"
+#endif
 
 #include "mozilla/dom/CrashReporterParent.h"
 using mozilla::dom::CrashReporterParent;
@@ -852,6 +855,17 @@ GMPParent::ReadGMPMetaData()
       }
     }
 
+#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+    if (cap->mAPIName.EqualsLiteral("eme-decrypt") &&
+        !mozilla::CanSandboxMediaPlugin()) {
+      printf_stderr("GMPParent::ReadGMPMetaData: Plugin \"%s\" is an EME CDM"
+                    " but this system can't sandbox it; not loading.\n",
+                    mDisplayName.get());
+      delete cap;
+      return NS_ERROR_FAILURE;
+    }
+#endif
+
     mCapabilities.AppendElement(cap);
   }
 

content/media/gmp/GMPService.cpp

@@ -22,6 +22,9 @@
 #include "nsComponentManagerUtils.h"
 #include "mozilla/Preferences.h"
 #include "runnable_utils.h"
+#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+#include "mozilla/Sandbox.h"
+#endif
 
 namespace mozilla {
 
@@ -432,6 +435,14 @@ GeckoMediaPluginService::GetGMPDecryptor(nsTArray<nsCString>* aTags,
                                          const nsAString& aOrigin,
                                          GMPDecryptorProxy** aDecryptor)
 {
+#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+  if (!mozilla::CanSandboxMediaPlugin()) {
+    NS_WARNING("GeckoMediaPluginService::GetGMPDecryptor: "
+               "EME decryption not available without sandboxing support.");
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+#endif
+
   MOZ_ASSERT(NS_GetCurrentThread() == mGMPThread);
   NS_ENSURE_ARG(aTags && aTags->Length() > 0);
   NS_ENSURE_ARG(aDecryptor);