Bug 1779312 - Rename `SANDBOX_LOG_ERROR` to just `SANDBOX_LOG`. r=glandium

Originally this was written for B2G and used the Android logging facility, which (like syslog) includes a severity level. However, all current usage is on desktop where we just write to stderr, and there was never much demand to add support for any log levels besides "error". More importantly for the current situation, renaming the macro to `SANDBOX_LOG` avoids confusion between `SANDBOX_LOG_ERROR` and `SANDBOX_LOG_ERRNO` (or `SANDBOX_LOG_ERROR_ERRNO` or whatever). Differential Revision: https://phabricator.services.mozilla.com/D152097
2022-07-27 19:41:04 +00:00 · 2022-07-27 19:41:04 +00:00 · fd918ffb96
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@ -142,7 +142,7 @@ MOZ_NEVER_INLINE static void SigSysHandler(int nr, siginfo_t* info,
  // TODO, someday when this is enabled on MIPS: include the two extra
  // args in the error message.
-  SANDBOX_LOG_ERROR(
+  SANDBOX_LOG(
      "seccomp sandbox violation: pid %d, tid %d, syscall %d,"
      " args %d %d %d %d %d %d.%s",
      report.mPid, report.mTid, report.mSyscall, report.mArgs[0],
@ -222,22 +222,21 @@ static void InstallSigSysHandler(void) {
    if (!aUseTSync && errno == ETXTBSY) {
      return false;
    }
-    SANDBOX_LOG_ERROR("prctl(PR_SET_NO_NEW_PRIVS) failed: %s", strerror(errno));
+    SANDBOX_LOG("prctl(PR_SET_NO_NEW_PRIVS) failed: %s", strerror(errno));
    MOZ_CRASH("prctl(PR_SET_NO_NEW_PRIVS)");
  }
  if (aUseTSync) {
    if (syscall(__NR_seccomp, SECCOMP_SET_MODE_FILTER,
                SECCOMP_FILTER_FLAG_TSYNC, aProg) != 0) {
-      SANDBOX_LOG_ERROR("thread-synchronized seccomp failed: %s",
+      SANDBOX_LOG("thread-synchronized seccomp failed: %s", strerror(errno));
                        strerror(errno));
      MOZ_CRASH("seccomp+tsync failed, but kernel supports tsync");
    }
  } else {
    if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, (unsigned long)aProg, 0,
              0)) {
-      SANDBOX_LOG_ERROR("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER) failed: %s",
+      SANDBOX_LOG("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER) failed: %s",
-                        strerror(errno));
+                  strerror(errno));
      MOZ_CRASH("prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER)");
    }
  }
@ -317,7 +316,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) {
  myTid = syscall(__NR_gettid);
  taskdp = opendir("/proc/self/task");
  if (taskdp == nullptr) {
-    SANDBOX_LOG_ERROR("opendir /proc/self/task: %s\n", strerror(errno));
+    SANDBOX_LOG("opendir /proc/self/task: %s\n", strerror(errno));
    MOZ_CRASH("failed while trying to open directory /proc/self/task");
  }
@ -348,12 +347,12 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) {
      gSetSandboxDone = 0;
      if (syscall(__NR_tgkill, pid, tid, tsyncSignum) != 0) {
        if (errno == ESRCH) {
-          SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid);
+          SANDBOX_LOG("Thread %d unexpectedly exited.", tid);
          // Rescan threads, in case it forked before exiting.
          sandboxProgress = true;
          continue;
        }
-        SANDBOX_LOG_ERROR("tgkill(%d,%d): %s\n", pid, tid, strerror(errno));
+        SANDBOX_LOG("tgkill(%d,%d): %s\n", pid, tid, strerror(errno));
        MOZ_CRASH("failed while trying to send a signal to a thread");
      }
      // It's unlikely, but if the thread somehow manages to exit
@ -381,7 +380,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) {
        if (syscall(__NR_futex, reinterpret_cast<int*>(&gSetSandboxDone),
                    FUTEX_WAIT, 0, &futexTimeout) != 0) {
          if (errno != EWOULDBLOCK && errno != ETIMEDOUT && errno != EINTR) {
-            SANDBOX_LOG_ERROR("FUTEX_WAIT: %s\n", strerror(errno));
+            SANDBOX_LOG("FUTEX_WAIT: %s\n", strerror(errno));
            MOZ_CRASH("failed during FUTEX_WAIT");
          }
        }
@ -395,7 +394,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) {
        // Has the thread ceased to exist?
        if (syscall(__NR_tgkill, pid, tid, 0) != 0) {
          if (errno == ESRCH) {
-            SANDBOX_LOG_ERROR("Thread %d unexpectedly exited.", tid);
+            SANDBOX_LOG("Thread %d unexpectedly exited.", tid);
          }
          // Rescan threads, in case it forked before exiting.
          // Also, if it somehow failed in a way that wasn't ESRCH,
@ -408,7 +407,7 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) {
        if (now.tv_sec > timeLimit.tv_sec ||
            (now.tv_sec == timeLimit.tv_sec &&
             now.tv_nsec > timeLimit.tv_nsec)) {
-          SANDBOX_LOG_ERROR(
+          SANDBOX_LOG(
              "Thread %d unresponsive for %d seconds."
              "  Killing process.",
              tid, crashDelay);
@ -424,8 +423,8 @@ static void BroadcastSetThreadSandbox(const sock_fprog* aFilter) {
  oldHandler = signal(tsyncSignum, SIG_DFL);
  if (oldHandler != SetThreadSandboxHandler) {
    // See the comment on FindFreeSignalNumber about race conditions.
-    SANDBOX_LOG_ERROR("handler for signal %d was changed to %p!", tsyncSignum,
+    SANDBOX_LOG("handler for signal %d was changed to %p!", tsyncSignum,
-                      oldHandler);
+                oldHandler);
    MOZ_CRASH("handler for the signal was changed to another");
  }
  gSeccompTsyncBroadcastSignum = 0;
@ -482,7 +481,7 @@ void SandboxEarlyInit() {
    // masked.
    const int tsyncSignum = FindFreeSignalNumber();
    if (tsyncSignum == 0) {
-      SANDBOX_LOG_ERROR("No available signal numbers!");
+      SANDBOX_LOG("No available signal numbers!");
      MOZ_CRASH("failed while trying to find a free signal number");
    }
    gSeccompTsyncBroadcastSignum = tsyncSignum;
@ -499,8 +498,7 @@ void SandboxEarlyInit() {
      } else {
        MOZ_CRASH("failed because the signal is in use by another handler");
      }
-      SANDBOX_LOG_ERROR("signal %d in use by handler %p!\n", tsyncSignum,
+      SANDBOX_LOG("signal %d in use by handler %p!\n", tsyncSignum, oldHandler);
                        oldHandler);
    }
  }
 }
@ -561,7 +559,7 @@ static void SetCurrentProcessSandbox(
    return sandbox::bpf_dsl::Trap(
        [](const sandbox::arch_seccomp_data&, void* aux) -> intptr_t {
          auto error = reinterpret_cast<const char*>(aux);
-          SANDBOX_LOG_ERROR("Panic: %s", error);
+          SANDBOX_LOG("Panic: %s", error);
          MOZ_CRASH("Sandbox Panic");
          // unreachable
        },
@ -598,12 +596,12 @@ static void SetCurrentProcessSandbox(
  const SandboxInfo info = SandboxInfo::Get();
  if (info.Test(SandboxInfo::kHasSeccompTSync)) {
    if (info.Test(SandboxInfo::kVerbose)) {
-      SANDBOX_LOG_ERROR("using seccomp tsync");
+      SANDBOX_LOG("using seccomp tsync");
    }
    ApplySandboxWithTSync(&fprog);
  } else {
    if (info.Test(SandboxInfo::kVerbose)) {
-      SANDBOX_LOG_ERROR("no tsync support; using signal broadcast");
+      SANDBOX_LOG("no tsync support; using signal broadcast");
    }
    BroadcastSetThreadSandbox(&fprog);
  }
@ -666,8 +664,8 @@ void SetMediaPluginSandbox(const char* aFilePath) {
  SandboxOpenedFile plugin(aFilePath);
  if (!plugin.IsOpen()) {
-    SANDBOX_LOG_ERROR("failed to open plugin file %s: %s", aFilePath,
+    SANDBOX_LOG("failed to open plugin file %s: %s", aFilePath,
-                      strerror(errno));
+                strerror(errno));
    MOZ_CRASH("failed while trying to open the plugin file ");
  }
--- a/security/sandbox/linux/SandboxBrokerClient.cpp
+++ b/security/sandbox/linux/SandboxBrokerClient.cpp
@ -47,11 +47,11 @@ int SandboxBrokerClient::DoCall(const Request* aReq, const char* aPath,
                                             getpid(), aPath + kProcSelfLen);
    if (static_cast<size_t>(len) < sizeof(rewrittenPath)) {
      if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-        SANDBOX_LOG_ERROR("rewriting %s -> %s", aPath, rewrittenPath);
+        SANDBOX_LOG("rewriting %s -> %s", aPath, rewrittenPath);
      }
      path = rewrittenPath;
    } else {
-      SANDBOX_LOG_ERROR("not rewriting unexpectedly long path %s", aPath);
+      SANDBOX_LOG("not rewriting unexpectedly long path %s", aPath);
    }
  }
@ -113,8 +113,8 @@ int SandboxBrokerClient::DoCall(const Request* aReq, const char* aPath,
    return -recvErrno;
  }
  if (recvd == 0) {
-    SANDBOX_LOG_ERROR("Unexpected EOF, op %d flags 0%o path %s", aReq->mOp,
+    SANDBOX_LOG("Unexpected EOF, op %d flags 0%o path %s", aReq->mOp,
-                      aReq->mFlags, path);
+                aReq->mFlags, path);
    return -EIO;
  }
  MOZ_ASSERT(static_cast<size_t>(recvd) <= ios[0].iov_len + ios[1].iov_len);
@ -132,8 +132,8 @@ int SandboxBrokerClient::DoCall(const Request* aReq, const char* aPath,
    // actually exist, if it's something that's optional or part of a
    // search path (e.g., shared libraries).  In those cases, this
    // error message is expected.
-    SANDBOX_LOG_ERROR("Failed errno %d op %s flags 0%o path %s", resp.mError,
+    SANDBOX_LOG("Failed errno %d op %s flags 0%o path %s", resp.mError,
-                      OperationDescription[aReq->mOp], aReq->mFlags, path);
+                OperationDescription[aReq->mOp], aReq->mFlags, path);
  }
  if (openedFd >= 0) {
    close(openedFd);
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@ -303,8 +303,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto path = reinterpret_cast<const char*>(aArgs.args[1]);
    auto flags = static_cast<int>(aArgs.args[2]);
    if (fd != AT_FDCWD && path[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative openat(%d, \"%s\", 0%o)", fd,
+      SANDBOX_LOG("unsupported fd-relative openat(%d, \"%s\", 0%o)", fd, path,
-                        path, flags);
+                  flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Open(path, flags);
@ -323,8 +323,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    // Starting with kernel 5.8+ and glibc 2.33, there is faccessat2 that
    // supports flags, handled below.
    if (fd != AT_FDCWD && path[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative faccessat(%d, \"%s\", %d)", fd,
+      SANDBOX_LOG("unsupported fd-relative faccessat(%d, \"%s\", %d)", fd, path,
-                        path, mode);
+                  mode);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Access(path, mode);
@ -337,9 +337,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto mode = static_cast<int>(aArgs.args[2]);
    auto flags = static_cast<int>(aArgs.args[3]);
    if (fd != AT_FDCWD && path[0] != '/') {
-      SANDBOX_LOG_ERROR(
+      SANDBOX_LOG("unsupported fd-relative faccessat2(%d, \"%s\", %d, %d)", fd,
-          "unsupported fd-relative faccessat2(%d, \"%s\", %d, %d)", fd, path,
+                  path, mode, flags);
          mode, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    if ((flags & ~AT_EACCESS) == 0) {
@ -369,16 +368,15 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    }
    if (fd != AT_FDCWD && path && path[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, 0x%x)",
+      SANDBOX_LOG("unsupported fd-relative fstatat(%d, \"%s\", %p, 0x%x)", fd,
-                        fd, path, buf, flags);
+                  path, buf, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    int badFlags = flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT);
    if (badFlags != 0) {
-      SANDBOX_LOG_ERROR(
+      SANDBOX_LOG("unsupported flags 0x%x in fstatat(%d, \"%s\", %p, 0x%x)",
-          "unsupported flags 0x%x in fstatat(%d, \"%s\", %p, 0x%x)", badFlags,
+                  badFlags, fd, path, buf, flags);
          fd, path, buf, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return (flags & AT_SYMLINK_NOFOLLOW) == 0 ? broker->Stat(path, buf)
@ -392,13 +390,13 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto mode = static_cast<mode_t>(aArgs.args[2]);
    auto flags = static_cast<int>(aArgs.args[3]);
    if (fd != AT_FDCWD && path[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative chmodat(%d, \"%s\", 0%o, %d)",
+      SANDBOX_LOG("unsupported fd-relative chmodat(%d, \"%s\", 0%o, %d)", fd,
-                        fd, path, mode, flags);
+                  path, mode, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    if (flags != 0) {
-      SANDBOX_LOG_ERROR("unsupported flags in chmodat(%d, \"%s\", 0%o, %d)", fd,
+      SANDBOX_LOG("unsupported flags in chmodat(%d, \"%s\", 0%o, %d)", fd, path,
-                        path, mode, flags);
+                  mode, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Chmod(path, mode);
@ -413,15 +411,14 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto flags = static_cast<int>(aArgs.args[4]);
    if ((fd != AT_FDCWD && path[0] != '/') ||
        (fd2 != AT_FDCWD && path2[0] != '/')) {
-      SANDBOX_LOG_ERROR(
+      SANDBOX_LOG(
          "unsupported fd-relative linkat(%d, \"%s\", %d, \"%s\", 0x%x)", fd,
          path, fd2, path2, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    if (flags != 0) {
-      SANDBOX_LOG_ERROR(
+      SANDBOX_LOG("unsupported flags in linkat(%d, \"%s\", %d, \"%s\", 0x%x)",
-          "unsupported flags in linkat(%d, \"%s\", %d, \"%s\", 0x%x)", fd, path,
+                  fd, path, fd2, path2, flags);
          fd2, path2, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Link(path, path2);
@ -433,8 +430,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto fd2 = static_cast<int>(aArgs.args[1]);
    auto path2 = reinterpret_cast<const char*>(aArgs.args[2]);
    if (fd2 != AT_FDCWD && path2[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative symlinkat(\"%s\", %d, \"%s\")",
+      SANDBOX_LOG("unsupported fd-relative symlinkat(\"%s\", %d, \"%s\")", path,
-                        path, fd2, path2);
+                  fd2, path2);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Symlink(path, path2);
@ -448,9 +445,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto path2 = reinterpret_cast<const char*>(aArgs.args[3]);
    if ((fd != AT_FDCWD && path[0] != '/') ||
        (fd2 != AT_FDCWD && path2[0] != '/')) {
-      SANDBOX_LOG_ERROR(
+      SANDBOX_LOG("unsupported fd-relative renameat(%d, \"%s\", %d, \"%s\")",
-          "unsupported fd-relative renameat(%d, \"%s\", %d, \"%s\")", fd, path,
+                  fd, path, fd2, path2);
          fd2, path2);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Rename(path, path2);
@ -462,8 +458,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto path = reinterpret_cast<const char*>(aArgs.args[1]);
    auto mode = static_cast<mode_t>(aArgs.args[2]);
    if (fd != AT_FDCWD && path[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative mkdirat(%d, \"%s\", 0%o)", fd,
+      SANDBOX_LOG("unsupported fd-relative mkdirat(%d, \"%s\", 0%o)", fd, path,
-                        path, mode);
+                  mode);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Mkdir(path, mode);
@ -479,14 +475,14 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
      return -ENOENT;
    }
    if (fd != AT_FDCWD && path[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative unlinkat(%d, \"%s\", 0x%x)",
+      SANDBOX_LOG("unsupported fd-relative unlinkat(%d, \"%s\", 0x%x)", fd,
-                        fd, path, flags);
+                  path, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    int badFlags = flags & ~AT_REMOVEDIR;
    if (badFlags != 0) {
-      SANDBOX_LOG_ERROR("unsupported flags 0x%x in unlinkat(%d, \"%s\", 0x%x)",
+      SANDBOX_LOG("unsupported flags 0x%x in unlinkat(%d, \"%s\", 0x%x)",
-                        badFlags, fd, path, flags);
+                  badFlags, fd, path, flags);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return (flags & AT_REMOVEDIR) == 0 ? broker->Unlink(path)
@ -500,8 +496,8 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
    auto buf = reinterpret_cast<char*>(aArgs.args[2]);
    auto size = static_cast<size_t>(aArgs.args[3]);
    if (fd != AT_FDCWD && path[0] != '/') {
-      SANDBOX_LOG_ERROR("unsupported fd-relative readlinkat(%d, %s, %p, %d)",
+      SANDBOX_LOG("unsupported fd-relative readlinkat(%d, %s, %p, %d)", fd,
-                        fd, path, buf, size);
+                  path, buf, size);
      return BlockedSyscallTrap(aArgs, nullptr);
    }
    return broker->Readlink(path, buf, size);
@ -1345,7 +1341,7 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
    if (std::find(whitelist.begin(), whitelist.end(), sysno) !=
        whitelist.end()) {
      if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-        SANDBOX_LOG_ERROR("Allowing syscall nr %d via whitelist", sysno);
+        SANDBOX_LOG("Allowing syscall nr %d via whitelist", sysno);
      }
      return Allow();
    }
@ -1674,8 +1670,8 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
    }
    if ((flags & O_ACCMODE) != O_RDONLY) {
-      SANDBOX_LOG_ERROR("non-read-only open of file %s attempted (flags=0%o)",
+      SANDBOX_LOG("non-read-only open of file %s attempted (flags=0%o)", path,
-                        path, flags);
+                  flags);
      return -EROFS;
    }
    int fd = files->GetDesc(path);
--- a/security/sandbox/linux/SandboxLogging.h
+++ b/security/sandbox/linux/SandboxLogging.h
@ -7,7 +7,7 @@
 #ifndef mozilla_SandboxLogging_h
 #define mozilla_SandboxLogging_h
-// This header defines the SANDBOX_LOG_ERROR macro used in the Linux
+// This header defines the SANDBOX_LOG macro used in the Linux
 // sandboxing code.  It uses Android logging on Android and writes to
 // stderr otherwise.  Android logging has severity levels; currently
 // only "error" severity is exposed here, and this isn't marked when
@ -43,7 +43,7 @@ void SandboxLogError(const char* aMessage);
 // Note that SafeSPrintf doesn't accept size modifiers or %u; all
 // decimal integers are %d, because it uses C++11 variadic templates
 // to use the actual argument type.
-#define SANDBOX_LOG_ERROR(fmt, args...)                        \
+#define SANDBOX_LOG(fmt, args...)                              \
  do {                                                         \
    char _sandboxLogBuf[SANDBOX_LOG_LEN];                      \
    ::base::strings::SafeSPrintf(_sandboxLogBuf, fmt, ##args); \
--- a/security/sandbox/linux/SandboxOpenedFiles.cpp
+++ b/security/sandbox/linux/SandboxOpenedFiles.cpp
@ -45,14 +45,14 @@ int SandboxOpenedFile::GetDesc() const {
    if (fd >= 0) {
      fd = dup(fd);
      if (fd < 0) {
-        SANDBOX_LOG_ERROR("dup: %s", strerror(errno));
+        SANDBOX_LOG("dup: %s", strerror(errno));
      }
    }
  } else {
    fd = TakeDesc();
  }
  if (fd < 0 && !mExpectError) {
-    SANDBOX_LOG_ERROR("unexpected multiple open of file %s", Path());
+    SANDBOX_LOG("unexpected multiple open of file %s", Path());
  }
  return fd;
 }
@ -70,7 +70,7 @@ int SandboxOpenedFiles::GetDesc(const char* aPath) const {
      return file.GetDesc();
    }
  }
-  SANDBOX_LOG_ERROR("attempt to open unexpected file %s", aPath);
+  SANDBOX_LOG("attempt to open unexpected file %s", aPath);
  return -1;
 }
--- a/security/sandbox/linux/SandboxReporterClient.cpp
+++ b/security/sandbox/linux/SandboxReporterClient.cpp
@ -81,7 +81,7 @@ void SandboxReporterClient::SendReport(const SandboxReport& aReport) {
  if (sent != sizeof(SandboxReport)) {
    MOZ_DIAGNOSTIC_ASSERT(sent == -1);
-    SANDBOX_LOG_ERROR("Failed to report rejected syscall: %s", strerror(errno));
+    SANDBOX_LOG("Failed to report rejected syscall: %s", strerror(errno));
  }
 }
--- a/security/sandbox/linux/broker/SandboxBroker.cpp
+++ b/security/sandbox/linux/broker/SandboxBroker.cpp
@ -47,7 +47,7 @@ SandboxBroker::SandboxBroker(UniquePtr<const Policy> aPolicy, int aChildPid,
    : mChildPid(aChildPid), mPolicy(std::move(aPolicy)) {
  int fds[2];
  if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, fds)) {
-    SANDBOX_LOG_ERROR("SandboxBroker: socketpair failed: %s", strerror(errno));
+    SANDBOX_LOG("SandboxBroker: socketpair failed: %s", strerror(errno));
    mFileDesc = -1;
    aClientFd = -1;
    return;
@ -56,8 +56,7 @@ SandboxBroker::SandboxBroker(UniquePtr<const Policy> aPolicy, int aChildPid,
  aClientFd = fds[1];
  if (!PlatformThread::Create(0, this, &mThread)) {
-    SANDBOX_LOG_ERROR("SandboxBroker: thread creation failed: %s",
+    SANDBOX_LOG("SandboxBroker: thread creation failed: %s", strerror(errno));
                      strerror(errno));
    close(mFileDesc);
    close(aClientFd);
    mFileDesc = -1;
@ -156,7 +155,7 @@ void SandboxBroker::Policy::AddPath(int aPerms, const char* aPath,
  MOZ_ASSERT(perms & MAY_ACCESS);
  if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-    SANDBOX_LOG_ERROR("policy for %s: %d -> %d", aPath, perms, perms | aPerms);
+    SANDBOX_LOG("policy for %s: %d -> %d", aPath, perms, perms | aPerms);
  }
  perms |= aPerms;
 }
@ -237,8 +236,8 @@ void SandboxBroker::Policy::AddPrefixInternal(int aPerms,
  int newPerms = perms | aPerms | RECURSIVE;
  if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-    SANDBOX_LOG_ERROR("policy for %s: %d -> %d",
+    SANDBOX_LOG("policy for %s: %d -> %d", PromiseFlatCString(aPath).get(),
-                      PromiseFlatCString(aPath).get(), perms, newPerms);
+                perms, newPerms);
  }
  perms = newPerms;
 }
@ -302,7 +301,7 @@ void SandboxBroker::Policy::FixRecursivePermissions() {
  mMap.SwapElements(oldMap);
  if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-    SANDBOX_LOG_ERROR("fixing recursive policy entries");
+    SANDBOX_LOG("fixing recursive policy entries");
  }
  for (const auto& entry : oldMap) {
@ -332,8 +331,8 @@ void SandboxBroker::Policy::FixRecursivePermissions() {
        // if a child is set with FORCE_DENY, do not compute inheritedPerms
        if ((localPerms & FORCE_DENY) == FORCE_DENY) {
          if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-            SANDBOX_LOG_ERROR("skip inheritence policy for %s: %d",
+            SANDBOX_LOG("skip inheritence policy for %s: %d",
-                              PromiseFlatCString(path).get(), localPerms);
+                        PromiseFlatCString(path).get(), localPerms);
          }
        } else {
          inheritedPerms |= ancestorPerms & ~RECURSIVE;
@ -344,15 +343,15 @@ void SandboxBroker::Policy::FixRecursivePermissions() {
    const int newPerms = localPerms | inheritedPerms;
    if ((newPerms & ~RECURSIVE) == inheritedPerms) {
      if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-        SANDBOX_LOG_ERROR("removing redundant %s: %d -> %d",
+        SANDBOX_LOG("removing redundant %s: %d -> %d",
-                          PromiseFlatCString(path).get(), localPerms, newPerms);
+                    PromiseFlatCString(path).get(), localPerms, newPerms);
      }
      // Skip adding this entry to the new map.
      continue;
    }
    if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-      SANDBOX_LOG_ERROR("new policy for %s: %d -> %d",
+      SANDBOX_LOG("new policy for %s: %d -> %d", PromiseFlatCString(path).get(),
-                        PromiseFlatCString(path).get(), localPerms, newPerms);
+                  localPerms, newPerms);
    }
    mMap.InsertOrUpdate(path, newPerms);
  }
@ -627,7 +626,7 @@ int SandboxBroker::SymlinkPermissions(const char* aPath,
      ReverseSymlinks(nsDependentCString(pathBufSymlink, aPathLen));
  if (!orig.IsEmpty()) {
    if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-      SANDBOX_LOG_ERROR("Reversing %s -> %s", aPath, orig.get());
+      SANDBOX_LOG("Reversing %s -> %s", aPath, orig.get());
    }
    base::strlcpy(pathBufSymlink, orig.get(), sizeof(pathBufSymlink));
  }
@ -681,11 +680,11 @@ void SandboxBroker::ThreadMain(void) {
  // always try /tmp anyway in the substitution code
  if (NS_FAILED(rv) || mTempPath.IsEmpty()) {
    if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-      SANDBOX_LOG_ERROR("Tempdir: /tmp");
+      SANDBOX_LOG("Tempdir: /tmp");
    }
  } else {
    if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-      SANDBOX_LOG_ERROR("Tempdir: %s", mTempPath.get());
+      SANDBOX_LOG("Tempdir: %s", mTempPath.get());
    }
    // If it's /tmp, clear it here so we don't compare against
    // it twice. Just let the fallback code do the work.
@ -721,7 +720,7 @@ void SandboxBroker::ThreadMain(void) {
    const ssize_t recvd = RecvWithFd(mFileDesc, ios, 2, &respfd);
    if (recvd == 0) {
      if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-        SANDBOX_LOG_ERROR("EOF from pid %d", mChildPid);
+        SANDBOX_LOG("EOF from pid %d", mChildPid);
      }
      break;
    }
@ -729,18 +728,18 @@ void SandboxBroker::ThreadMain(void) {
    // at least in some cases, but protocol violation indicates a
    // hostile client, so terminate the broker instead.
    if (recvd < 0) {
-      SANDBOX_LOG_ERROR("bad read from pid %d: %s", mChildPid, strerror(errno));
+      SANDBOX_LOG("bad read from pid %d: %s", mChildPid, strerror(errno));
      shutdown(mFileDesc, SHUT_RD);
      break;
    }
    if (recvd < static_cast<ssize_t>(sizeof(req))) {
-      SANDBOX_LOG_ERROR("bad read from pid %d (%d < %d)", mChildPid, recvd,
+      SANDBOX_LOG("bad read from pid %d (%d < %d)", mChildPid, recvd,
-                        sizeof(req));
+                  sizeof(req));
      shutdown(mFileDesc, SHUT_RD);
      break;
    }
    if (respfd == -1) {
-      SANDBOX_LOG_ERROR("no response fd from pid %d", mChildPid);
+      SANDBOX_LOG("no response fd from pid %d", mChildPid);
      shutdown(mFileDesc, SHUT_RD);
      break;
    }
@ -762,7 +761,7 @@ void SandboxBroker::ThreadMain(void) {
    // 0 terminated.
    size_t recvBufLen = static_cast<size_t>(recvd) - sizeof(req);
    if (recvBufLen > 0 && recvBuf[recvBufLen - 1] != 0) {
-      SANDBOX_LOG_ERROR("corrupted path buffer from pid %d", mChildPid);
+      SANDBOX_LOG("corrupted path buffer from pid %d", mChildPid);
      shutdown(mFileDesc, SHUT_RD);
      break;
    }
@ -972,8 +971,8 @@ void SandboxBroker::ThreadMain(void) {
                nsDependentCString xlat(respBuf, respSize);
                if (!orig.Equals(xlat) && xlat[0] == '/') {
                  if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-                    SANDBOX_LOG_ERROR("Recording mapping %s -> %s", xlat.get(),
+                    SANDBOX_LOG("Recording mapping %s -> %s", xlat.get(),
-                                      orig.get());
+                                orig.get());
                  }
                  mSymlinkMap.InsertOrUpdate(xlat, orig);
                }
@ -986,8 +985,8 @@ void SandboxBroker::ThreadMain(void) {
                  if (!orig.Equals(resolvedXlat) &&
                      !xlat.Equals(resolvedXlat)) {
                    if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-                      SANDBOX_LOG_ERROR("Recording mapping %s -> %s",
+                      SANDBOX_LOG("Recording mapping %s -> %s",
-                                        resolvedXlat.get(), orig.get());
+                                  resolvedXlat.get(), orig.get());
                    }
                    mSymlinkMap.InsertOrUpdate(resolvedXlat, orig);
                  }
@ -1028,8 +1027,8 @@ void SandboxBroker::ThreadMain(void) {
    const size_t numIO = ios[1].iov_len > 0 ? 2 : 1;
    const ssize_t sent = SendWithFd(respfd, ios, numIO, openedFd);
    if (sent < 0) {
-      SANDBOX_LOG_ERROR("failed to send broker response to pid %d: %s",
+      SANDBOX_LOG("failed to send broker response to pid %d: %s", mChildPid,
-                        mChildPid, strerror(errno));
+                  strerror(errno));
    } else {
      MOZ_ASSERT(static_cast<size_t>(sent) == ios[0].iov_len + ios[1].iov_len);
    }
@ -1072,7 +1071,7 @@ void SandboxBroker::AuditPermissive(int aOp, int aFlags, int aPerms,
    errno = 0;
  }
-  SANDBOX_LOG_ERROR(
+  SANDBOX_LOG(
      "SandboxBroker: would have denied op=%s rflags=%o perms=%d path=%s for "
      "pid=%d"
      " permissive=1 error=\"%s\"",
@ -1083,7 +1082,7 @@ void SandboxBroker::AuditPermissive(int aOp, int aFlags, int aPerms,
 void SandboxBroker::AuditDenial(int aOp, int aFlags, int aPerms,
                                const char* aPath) {
  if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-    SANDBOX_LOG_ERROR(
+    SANDBOX_LOG(
        "SandboxBroker: denied op=%s rflags=%o perms=%d path=%s for pid=%d",
        OperationDescription[aOp], aFlags, aPerms, aPath, mChildPid);
  }
--- a/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
+++ b/security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp
@ -142,7 +142,7 @@ static void JoinPathIfRelative(const nsACString& aCwd, const nsACString& inPath,
                               nsACString& outPath) {
  if (inPath.Length() < 1) {
    outPath.Assign(aCwd);
-    SANDBOX_LOG_ERROR("Unjoinable path: %s", PromiseFlatCString(aCwd).get());
+    SANDBOX_LOG("Unjoinable path: %s", PromiseFlatCString(aCwd).get());
    return;
  }
  const char* startChar = inPath.BeginReading();
@ -257,8 +257,8 @@ static void AddPathsFromFile(SandboxBroker::Policy* aPolicy,
    return;
  }
  if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-    SANDBOX_LOG_ERROR("Adding paths from %s to policy.",
+    SANDBOX_LOG("Adding paths from %s to policy.",
-                      PromiseFlatCString(aPath).get());
+                PromiseFlatCString(aPath).get());
  }
  // Find the parent dir where this file sits in.
@ -273,8 +273,7 @@ static void AddPathsFromFile(SandboxBroker::Policy* aPolicy,
    return;
  }
  if (SandboxInfo::Get().Test(SandboxInfo::kVerbose)) {
-    SANDBOX_LOG_ERROR("Parent path is %s",
+    SANDBOX_LOG("Parent path is %s", PromiseFlatCString(parentPath).get());
                      PromiseFlatCString(parentPath).get());
  }
  AddPathsFromFileInternal(aPolicy, parentPath, aPath);
 }
--- a/security/sandbox/linux/glue/SandboxCrash.cpp
+++ b/security/sandbox/linux/glue/SandboxCrash.cpp
@ -58,13 +58,12 @@ static void SandboxLogJSStack(void) {
    frame->GetName(cx, funName);
    if (!funName.IsVoid() || !fileName.IsVoid()) {
-      SANDBOX_LOG_ERROR("JS frame %d: %s %s line %d", i,
+      SANDBOX_LOG("JS frame %d: %s %s line %d", i,
-                        funName.IsVoid() ? "(anonymous)"
+                  funName.IsVoid() ? "(anonymous)"
-                                         : NS_ConvertUTF16toUTF8(funName).get(),
+                                   : NS_ConvertUTF16toUTF8(funName).get(),
-                        fileName.IsVoid()
+                  fileName.IsVoid() ? "(no file)"
-                            ? "(no file)"
+                                    : NS_ConvertUTF16toUTF8(fileName).get(),
-                            : NS_ConvertUTF16toUTF8(fileName).get(),
+                  lineNumber);
                        lineNumber);
    }
    frame = frame->GetCaller(cx);
@ -78,7 +77,7 @@ static void SandboxPrintStackFrame(uint32_t aFrameNumber, void* aPC, void* aSP,
  MozDescribeCodeAddress(aPC, &details);
  MozFormatCodeAddressDetails(buf, sizeof(buf), aFrameNumber, aPC, &details);
-  SANDBOX_LOG_ERROR("frame %s", buf);
+  SANDBOX_LOG("frame %s", buf);
 }
 static void SandboxLogCStack(const void* aFirstFramePC) {
@ -87,7 +86,7 @@ static void SandboxLogCStack(const void* aFirstFramePC) {
  // x86 frame pointer walking may or may not work (bug 1082276).
  MozStackWalk(SandboxPrintStackFrame, aFirstFramePC, /* max */ 0, nullptr);
-  SANDBOX_LOG_ERROR("end of stack.");
+  SANDBOX_LOG("end of stack.");
 }
 static void SandboxCrash(int nr, siginfo_t* info, void* void_context,
@ -96,7 +95,7 @@ static void SandboxCrash(int nr, siginfo_t* info, void* void_context,
  bool dumped = CrashReporter::WriteMinidumpForSigInfo(nr, info, void_context);
  if (!dumped) {
-    SANDBOX_LOG_ERROR(
+    SANDBOX_LOG(
        "crash reporter is disabled (or failed);"
        " trying stack trace:");
    SandboxLogCStack(aFirstFramePC);
--- a/security/sandbox/linux/launch/SandboxLaunch.cpp
+++ b/security/sandbox/linux/launch/SandboxLaunch.cpp
@ -130,7 +130,7 @@ static bool IsGraphicsOkWithoutNetwork() {
      accessFlags = R_OK | W_OK;
    }
    if (access(socketPath.get(), accessFlags) != 0) {
-      SANDBOX_LOG_ERROR(
+      SANDBOX_LOG(
          "%s is inaccessible (%s); can't isolate network namespace in"
          " content processes",
          socketPath.get(), strerror(errno));
@ -417,7 +417,7 @@ SandboxFork::SandboxFork(int aFlags, bool aChroot, int aServerFd, int aClientFd)
    int fds[2];
    int rv = socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, fds);
    if (rv != 0) {
-      SANDBOX_LOG_ERROR("socketpair: %s", strerror(errno));
+      SANDBOX_LOG("socketpair: %s", strerror(errno));
      MOZ_CRASH("socketpair failed");
    }
    mChrootClient = fds[0];
@ -452,7 +452,7 @@ static void BlockAllSignals(sigset_t* aOldSigs) {
  MOZ_RELEASE_ASSERT(rv == 0);
  rv = pthread_sigmask(SIG_BLOCK, &allSigs, aOldSigs);
  if (rv != 0) {
-    SANDBOX_LOG_ERROR("pthread_sigmask (block all): %s", strerror(rv));
+    SANDBOX_LOG("pthread_sigmask (block all): %s", strerror(rv));
    MOZ_CRASH("pthread_sigmask");
  }
 }
@ -463,7 +463,7 @@ static void RestoreSignals(const sigset_t* aOldSigs) {
  // state right now:
  int rv = pthread_sigmask(SIG_SETMASK, aOldSigs, nullptr);
  if (rv != 0) {
-    SANDBOX_LOG_ERROR("pthread_sigmask (restore): %s", strerror(rv));
+    SANDBOX_LOG("pthread_sigmask (restore): %s", strerror(rv));
    MOZ_CRASH("pthread_sigmask");
  }
 }
@ -592,7 +592,7 @@ static void ConfigureUserNamespace(uid_t uid, gid_t gid) {
 static void DropAllCaps() {
  if (!LinuxCapabilities().SetCurrent()) {
-    SANDBOX_LOG_ERROR("capset (drop all): %s", strerror(errno));
+    SANDBOX_LOG("capset (drop all): %s", strerror(errno));
  }
 }
@ -656,7 +656,7 @@ void SandboxFork::StartChrootServer() {
  LinuxCapabilities caps;
  caps.Effective(CAP_SYS_CHROOT) = true;
  if (!caps.SetCurrent()) {
-    SANDBOX_LOG_ERROR("capset (chroot helper): %s", strerror(errno));
+    SANDBOX_LOG("capset (chroot helper): %s", strerror(errno));
    MOZ_DIAGNOSTIC_ASSERT(false);
  }
--- a/security/sandbox/linux/reporter/SandboxReporter.cpp
+++ b/security/sandbox/linux/reporter/SandboxReporter.cpp
@ -50,16 +50,14 @@ bool SandboxReporter::Init() {
  int fds[2];
  if (0 != socketpair(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0, fds)) {
-    SANDBOX_LOG_ERROR("SandboxReporter: socketpair failed: %s",
+    SANDBOX_LOG("SandboxReporter: socketpair failed: %s", strerror(errno));
                      strerror(errno));
    return false;
  }
  mClientFd = fds[0];
  mServerFd = fds[1];
  if (!PlatformThread::Create(0, this, &mThread)) {
-    SANDBOX_LOG_ERROR("SandboxReporter: thread creation failed: %s",
+    SANDBOX_LOG("SandboxReporter: thread creation failed: %s", strerror(errno));
                      strerror(errno));
    close(mClientFd);
    close(mServerFd);
    mClientFd = mServerFd = -1;
@ -261,19 +259,19 @@ void SandboxReporter::ThreadMain(void) {
      if (errno == EINTR) {
        continue;
      }
-      SANDBOX_LOG_ERROR("SandboxReporter: recvmsg: %s", strerror(errno));
+      SANDBOX_LOG("SandboxReporter: recvmsg: %s", strerror(errno));
    }
    if (recvd <= 0) {
      break;
    }
    if (static_cast<size_t>(recvd) < sizeof(rep)) {
-      SANDBOX_LOG_ERROR("SandboxReporter: packet too short (%d < %d)", recvd,
+      SANDBOX_LOG("SandboxReporter: packet too short (%d < %d)", recvd,
-                        sizeof(rep));
+                  sizeof(rep));
      continue;
    }
    if (msg.msg_flags & MSG_TRUNC) {
-      SANDBOX_LOG_ERROR("SandboxReporter: packet too long");
+      SANDBOX_LOG("SandboxReporter: packet too long");
      continue;
    }