Backed out changeset 11a036eafea2 (bug 1147911)

2016-11-23 18:32:42 +01:00 · 2016-11-23 18:32:42 +01:00 · c7964131c3
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -1817,9 +1817,7 @@ ContentParent::ContentParent(ContentParent* aOpener,
 #endif

  NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
-  ChildPrivileges privs = mRemoteType.EqualsLiteral("file")
-                          ? base::PRIVILEGES_FILEREAD
-                          : base::PRIVILEGES_DEFAULT;
+  ChildPrivileges privs = base::PRIVILEGES_DEFAULT;
  mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content, privs);
 }

--- a/ipc/chromium/moz.build
+++ b/ipc/chromium/moz.build
@ -58,11 +58,6 @@ if os_win:
        'src/chrome/common/process_watcher_win.cc',
        'src/chrome/common/transport_dib_win.cc',
    ]
-
-    EXPORTS.base += [
-        'src/base/child_privileges.h',
-    ]
-
 elif not CONFIG['MOZ_SYSTEM_LIBEVENT']:
    DIRS += ['src/third_party']

--- a/ipc/chromium/src/base/child_privileges.h
+++ b/ipc/chromium/src/base/child_privileges.h
@ -1,23 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef BASE_CHILD_PRIVILEGS_H_
-#define BASE_CHILD_PRIVILEGS_H_
-
-namespace base {
-
-enum ChildPrivileges {
-  PRIVILEGES_DEFAULT,
-  PRIVILEGES_UNPRIVILEGED,
-  PRIVILEGES_INHERIT,
-  // PRIVILEGES_DEFAULT plus file read permissions, used for file content process.
-  PRIVILEGES_FILEREAD,
-  PRIVILEGES_LAST
-};
-
-} // namespace base
-
-#endif  // BASE_CHILD_PRIVILEGS_H_
--- a/ipc/chromium/src/base/process_util.h
+++ b/ipc/chromium/src/base/process_util.h
@ -36,7 +36,6 @@
 #include <unistd.h>
 #endif

-#include "base/child_privileges.h"
 #include "base/command_line.h"
 #include "base/process.h"

@ -144,6 +143,13 @@ void SetAllFDsToCloseOnExec();
 void CloseSuperfluousFds(const base::InjectiveMultimap& saved_map);
 #endif

+enum ChildPrivileges {
+  PRIVILEGES_DEFAULT,
+  PRIVILEGES_UNPRIVILEGED,
+  PRIVILEGES_INHERIT,
+  PRIVILEGES_LAST
+};
+
 #if defined(OS_WIN)
 // Runs the given application name with the given command line. Normally, the
 // first command line argument should be the path to the process, and don't
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@ -761,8 +761,7 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
 #if defined(OS_LINUX) || defined(OS_MACOSX) || defined(OS_BSD)
  base::environment_map newEnvVars;
  ChildPrivileges privs = mPrivileges;
-  if (privs == base::PRIVILEGES_DEFAULT ||
-      privs == base::PRIVILEGES_FILEREAD) {
+  if (privs == base::PRIVILEGES_DEFAULT) {
    privs = DefaultChildPrivileges();
  }

@ -1055,8 +1054,7 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
        // For now we treat every failure as fatal in SetSecurityLevelForContentProcess
        // and just crash there right away. Should this change in the future then we
        // should also handle the error here.
-        mSandboxBroker.SetSecurityLevelForContentProcess(mSandboxLevel,
-                                                         mPrivileges);
+        mSandboxBroker.SetSecurityLevelForContentProcess(mSandboxLevel);
        shouldSandboxCurrentProcess = true;
        AddContentSandboxAllowedFiles(mSandboxLevel, mAllowedFilesRead);
      }
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@ -92,8 +92,7 @@ SandboxBroker::LaunchApp(const wchar_t *aPath,

 #if defined(MOZ_CONTENT_SANDBOX)
 void
-SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
-                                                 base::ChildPrivileges aPrivs)
+SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel)
 {
  MOZ_RELEASE_ASSERT(mPolicy, "mPolicy must be set before this call.");

@ -128,16 +127,6 @@ SandboxBroker::SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
    delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
  }

-  // If PRIVILEGES_FILEREAD required, don't allow settings that block reads.
-  if (aPrivs == base::ChildPrivileges::PRIVILEGES_FILEREAD) {
-    if (accessTokenLevel < sandbox::USER_NON_ADMIN) {
-      accessTokenLevel = sandbox::USER_NON_ADMIN;
-    }
-    if (delayedIntegrityLevel > sandbox::INTEGRITY_LEVEL_LOW) {
-      delayedIntegrityLevel = sandbox::INTEGRITY_LEVEL_LOW;
-    }
-  }
-
  sandbox::ResultCode result = mPolicy->SetJobLevel(jobLevel,
                                                    0 /* ui_exceptions */);
  MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.h
@ -10,8 +10,6 @@
 #include <stdint.h>
 #include <windows.h>

-#include "base/child_privileges.h"
-
 namespace sandbox {
  class BrokerServices;
  class TargetPolicy;
@ -34,8 +32,7 @@ public:

  // Security levels for different types of processes
 #if defined(MOZ_CONTENT_SANDBOX)
-  void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
-                                         base::ChildPrivileges aPrivs);
+  void SetSecurityLevelForContentProcess(int32_t aSandboxLevel);
 #endif
  bool SetSecurityLevelForPluginProcess(int32_t aSandboxLevel);
  enum SandboxLevel {