Bug 1548406 - Part 1 - Simplify MacSandboxInfo and sandbox type enums r=handyman

Replace the MacSandboxType_Plugin sandbox type with MacSandboxType_Flash and MacSandboxType_GMP so that there is a 1:1 association between MacSandboxType values and sandbox policies.

Remove the MacSandboxPluginType enum. Instead of having different MacSandboxPluginTypes, we will just have MacSandboxType_GMP. We only use GMP for two plugin types, Widevine and OpenH264, and they only differ in that Widevine requires accss to the WindowServer.

Remove the MacSandboxPluginInfo struct and move the two needed fields pluginPath and pluginBinaryPath to MacSandboxInfo.

Differential Revision: https://phabricator.services.mozilla.com/D29585

--HG--
extra : moz-landing-system : lando

dom/media/gmp/GMPChild.cpp

@@ -192,7 +192,7 @@ static bool GetAppPaths(nsCString& aAppPath, nsCString& aAppBinaryPath) {
   return true;
 }
 
-bool GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType) {
+bool GMPChild::SetMacSandboxInfo(bool aAllowWindowServer) {
   if (!mGMPLoader) {
     return false;
   }
@@ -206,12 +206,12 @@ bool GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType) {
   }
 
   MacSandboxInfo info;
-  info.type = MacSandboxType_Plugin;
+  info.type = MacSandboxType_GMP;
   info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
                    PR_GetEnv("MOZ_SANDBOX_LOGGING");
-  info.pluginInfo.type = aPluginType;
+  info.hasWindowServer = aAllowWindowServer;
-  info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
+  info.pluginPath.assign(pluginDirectoryPath.get());
-  info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());
+  info.pluginBinaryPath.assign(pluginFilePath.get());
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
 
@@ -562,18 +562,14 @@ mozilla::ipc::IPCResult GMPChild::AnswerStartPlugin(const nsString& aAdapter) {
 #endif
   bool isChromium = aAdapter.EqualsLiteral("chromium");
 #if defined(MOZ_SANDBOX) && defined(XP_MACOSX)
-  MacSandboxPluginType pluginType = MacSandboxPluginType_GMPlugin_Default;
+  // Use of the chromium adapter indicates we are going to be
-  if (isChromium) {
+  // running the Widevine plugin which requires access to the
-    pluginType = MacSandboxPluginType_GMPlugin_EME_Widevine;
+  // WindowServer in the Mac GMP sandbox policy.
-  }
+  if (!SetMacSandboxInfo(isChromium /* allow-window-server */)) {
-  if (!SetMacSandboxInfo(pluginType)) {
     NS_WARNING("Failed to set Mac GMP sandbox info");
     delete platformAPI;
     return IPC_FAIL(
-        this, nsPrintfCString(
+        this, nsPrintfCString("Failed to set Mac GMP sandbox info.").get());
-                  "Failed to set Mac GMP sandbox info with plugin type %d.",
-                  pluginType)
-                  .get());
   }
 #endif
 

dom/media/gmp/GMPChild.h

@@ -35,7 +35,7 @@ class GMPChild : public PGMPChild {
   GMPStorageChild* GetGMPStorage();
 
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
-  bool SetMacSandboxInfo(MacSandboxPluginType aPluginType);
+  bool SetMacSandboxInfo(bool aAllowWindowServer);
 #endif
 
  private:

dom/plugins/ipc/PluginModuleChild.cpp

@@ -313,9 +313,8 @@ bool PluginModuleChild::InitForChrome(const std::string& aPluginFilename,
 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
   if (mFlashSandboxLevel > 0) {
     MacSandboxInfo flashSandboxInfo;
-    flashSandboxInfo.type = MacSandboxType_Plugin;
+    flashSandboxInfo.type = MacSandboxType_Flash;
-    flashSandboxInfo.pluginInfo.type = MacSandboxPluginType_Flash;
+    flashSandboxInfo.pluginBinaryPath = aPluginFilename;
-    flashSandboxInfo.pluginInfo.pluginBinaryPath = aPluginFilename;
     flashSandboxInfo.level = mFlashSandboxLevel;
     flashSandboxInfo.shouldLog = mEnableFlashSandboxLogging;
 

security/sandbox/mac/Sandbox.h

@@ -10,33 +10,13 @@
 
 enum MacSandboxType {
   MacSandboxType_Default = 0,
-  MacSandboxType_Plugin,
   MacSandboxType_Content,
+  MacSandboxType_Flash,
+  MacSandboxType_GMP,
   MacSandboxType_Utility,
   MacSandboxType_Invalid
 };
 
-enum MacSandboxPluginType {
-  MacSandboxPluginType_Default = 0,
-  MacSandboxPluginType_GMPlugin_Default,       // Any Gecko Media Plugin
-  MacSandboxPluginType_GMPlugin_OpenH264,      // Gecko Media Plugin, OpenH264
-  MacSandboxPluginType_GMPlugin_EME,           // Gecko Media Plugin, EME
-  MacSandboxPluginType_GMPlugin_EME_Widevine,  // Gecko Media Plugin, Widevine
-  MacSandboxPluginType_Flash,                  // Flash
-  MacSandboxPluginType_Invalid
-};
-
-typedef struct _MacSandboxPluginInfo {
-  _MacSandboxPluginInfo() : type(MacSandboxPluginType_Default) {}
-  _MacSandboxPluginInfo(const struct _MacSandboxPluginInfo& other)
-      : type(other.type),
-        pluginPath(other.pluginPath),
-        pluginBinaryPath(other.pluginBinaryPath) {}
-  MacSandboxPluginType type;
-  std::string pluginPath;
-  std::string pluginBinaryPath;
-} MacSandboxPluginInfo;
-
 typedef struct _MacSandboxInfo {
   _MacSandboxInfo()
       : type(MacSandboxType_Default),
@@ -71,13 +51,16 @@ typedef struct _MacSandboxInfo {
   bool hasSandboxedProfile;
   bool hasAudio;
   bool hasWindowServer;
-  MacSandboxPluginInfo pluginInfo;
+
   std::string appPath;
   std::string appBinaryPath;
   std::string appDir;
   std::string profileDir;
   std::string debugWriteDir;
 
+  std::string pluginPath;
+  std::string pluginBinaryPath;
+
   std::string testingReadPath1;
   std::string testingReadPath2;
   std::string testingReadPath3;

security/sandbox/mac/Sandbox.mm

@@ -241,7 +241,7 @@ bool StartMacSandbox(MacSandboxInfo const& aInfo, std::string& aErrorMessage) {
   // stay in scope until sandbox_init_with_parameters is called.
   std::string flashCacheDir, flashTempDir, flashPath;
 
-  if (aInfo.type == MacSandboxType_Plugin && aInfo.pluginInfo.type == MacSandboxPluginType_Flash) {
+  if (aInfo.type == MacSandboxType_Flash) {
     profile = SandboxPolicyFlash;
 
     params.push_back("SHOULD_LOG");
@@ -259,7 +259,7 @@ bool StartMacSandbox(MacSandboxInfo const& aInfo, std::string& aErrorMessage) {
     params.push_back(getenv("HOME"));
 
     params.push_back("PLUGIN_BINARY_PATH");
-    if (!GetRealPath(flashPath, aInfo.pluginInfo.pluginBinaryPath.c_str())) {
+    if (!GetRealPath(flashPath, aInfo.pluginBinaryPath.c_str())) {
       return false;
     }
     params.push_back(flashPath.c_str());
@@ -294,12 +294,12 @@ bool StartMacSandbox(MacSandboxInfo const& aInfo, std::string& aErrorMessage) {
       params.push_back("CRASH_PORT");
       params.push_back(aInfo.crashServerPort.c_str());
     }
-  } else if (aInfo.type == MacSandboxType_Plugin) {
+  } else if (aInfo.type == MacSandboxType_GMP) {
     profile = const_cast<char*>(SandboxPolicyGMP);
     params.push_back("SHOULD_LOG");
     params.push_back(aInfo.shouldLog ? "TRUE" : "FALSE");
     params.push_back("PLUGIN_BINARY_PATH");
-    params.push_back(aInfo.pluginInfo.pluginBinaryPath.c_str());
+    params.push_back(aInfo.pluginBinaryPath.c_str());
     params.push_back("APP_PATH");
     params.push_back(aInfo.appPath.c_str());
     params.push_back("APP_BINARY_PATH");