Bug 1317735 - Consolidate env vars for logging. r=jimm

Assigns the preference security.sandbox.logging.enabled and the environment variable MOZ_SANDBOX_LOGGING to control whether or not sandbox violations are logged.  The pref defaults to true.  On Linux, only the environment variable is considered.

--HG--
extra : rebase_source : f67870a74795228548b290aec32d08552c068874

browser/app/profile/firefox.js

@@ -939,12 +939,6 @@ pref("browser.tabs.remote.autostart", false);
 pref("browser.tabs.remote.desktopbehavior", true);
 
 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
-// When this pref is true the Windows process sandbox will set up dummy
-// interceptions and log to the browser console when calls fail in the sandboxed
-// process and also if they are subsequently allowed by the broker process.
-// This will require a restart.
-pref("security.sandbox.windows.log", false);
-
 // Controls whether and how the Windows NPAPI plugin process is sandboxed.
 // To get a different setting for a particular plugin replace "default", with
 // the plugin's nice file name, see: nsPluginTag::GetNiceFileName.
@@ -1033,15 +1027,10 @@ pref("security.sandbox.content.tempDirSuffix", "");
 #endif
 
 #if defined(MOZ_SANDBOX)
-#if defined(XP_MACOSX)
 // This pref determines if messages relevant to sandbox violations are
 // logged.
-// At present, this setting refers only to mac sandbox messages sent to
-// the system console but the setting will be used on other platforms
-// in the future.
 pref("security.sandbox.logging.enabled", true);
 #endif
-#endif
 
 // This pref governs whether we attempt to work around problems caused by
 // plugins using OS calls to manipulate the cursor while running out-of-

dom/ipc/ContentChild.cpp

@@ -1443,7 +1443,8 @@ StartMacOSContentSandbox()
   MacSandboxInfo info;
   info.type = MacSandboxType_Content;
   info.level = info.level = sandboxLevel;
-  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled", true);
+  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
+                   PR_GetEnv("MOZ_SANDBOX_LOGGING");
   info.appPath.assign(appPath.get());
   info.appBinaryPath.assign(appBinaryPath.get());
   info.appDir.assign(appDir.get());

dom/media/gmp/GMPChild.cpp

@@ -220,7 +220,8 @@ GMPChild::SetMacSandboxInfo(MacSandboxPluginType aPluginType)
 
   MacSandboxInfo info;
   info.type = MacSandboxType_Plugin;
-  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled", true);
+  info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
+                   PR_GetEnv("MOZ_SANDBOX_LOGGING");
   info.pluginInfo.type = aPluginType;
   info.pluginInfo.pluginPath.assign(pluginDirectoryPath.get());
   info.pluginInfo.pluginBinaryPath.assign(pluginFilePath.get());

ipc/glue/GeckoChildProcessHost.cpp

@@ -337,7 +337,7 @@ GeckoChildProcessHost::PrepareLaunch()
   if (mProcessType == GeckoProcessType_Content) {
     mSandboxLevel = Preferences::GetInt("security.sandbox.content.level");
     mEnableSandboxLogging =
-      Preferences::GetBool("security.sandbox.windows.log");
+      Preferences::GetBool("security.sandbox.logging.enabled");
   }
 #endif
 
@@ -346,7 +346,7 @@ GeckoChildProcessHost::PrepareLaunch()
   // thread and they may not have access to prefs in the child process, so allow
   // them to turn on logging via an environment variable.
   mEnableSandboxLogging = mEnableSandboxLogging
-                          || !!PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING");
+                          || !!PR_GetEnv("MOZ_SANDBOX_LOGGING");
 #endif
 #endif
 }

security/sandbox/chromium-shim/sandbox/win/loggingCallbacks.h

@@ -86,8 +86,8 @@ InitLoggingIfRequired(ProvideLogFunctionCb aProvideLogFunctionCb)
     return;
   }
 
-  if (Preferences::GetBool("security.sandbox.windows.log") ||
-      PR_GetEnv("MOZ_WIN_SANDBOX_LOGGING")) {
+  if (Preferences::GetBool("security.sandbox.logging.enabled") ||
+      PR_GetEnv("MOZ_SANDBOX_LOGGING")) {
     aProvideLogFunctionCb(Log);
 
 #if defined(MOZ_CONTENT_SANDBOX)

security/sandbox/linux/SandboxInfo.cpp

@@ -238,7 +238,7 @@ SandboxInfo::SandboxInfo() {
     flags |= kEnabledForMedia;
   }
 #endif
-  if (getenv("MOZ_SANDBOX_VERBOSE")) {
+  if (getenv("MOZ_SANDBOX_LOGGING")) {
     flags |= kVerbose;
   }
 

security/sandbox/linux/SandboxInfo.h

@@ -29,7 +29,7 @@ public:
     kEnabledForContent = 1 << 1,
     // Config flag MOZ_GMP_SANDBOX; env var MOZ_DISABLE_GMP_SANDBOX.
     kEnabledForMedia   = 1 << 2,
-    // Env var MOZ_SANDBOX_VERBOSE.
+    // Env var MOZ_SANDBOX_LOGGING.
     kVerbose           = 1 << 3,
     // Kernel can atomically set system call filtering on entire thread group.
     kHasSeccompTSync   = 1 << 4,