diff --git a/browser/app/nsBrowserApp.cpp b/browser/app/nsBrowserApp.cpp
index 4957b4244ebd..517972b3855b 100644
--- a/browser/app/nsBrowserApp.cpp
+++ b/browser/app/nsBrowserApp.cpp
@@ -393,11 +393,6 @@ int main(int argc, char* argv[], char* envp[]) {
childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction;
}
-
- if (GetGeckoProcessType() == GeckoProcessType_RemoteSandboxBroker) {
- childData.sandboxBrokerServices =
- mozilla::sandboxing::GetInitializedBrokerServices();
- }
# endif
rv = gBootstrap->XRE_InitChildProcess(argc, argv, &childData);
diff --git a/dom/chrome-webidl/ChromeUtils.webidl b/dom/chrome-webidl/ChromeUtils.webidl
index 6a99703db153..94443d38883a 100644
--- a/dom/chrome-webidl/ChromeUtils.webidl
+++ b/dom/chrome-webidl/ChromeUtils.webidl
@@ -794,7 +794,6 @@ enum WebIDLProcType {
"vr",
"rdd",
"socket",
- "remoteSandboxBroker",
"inference",
#ifdef MOZ_ENABLE_FORKSERVER
"forkServer",
diff --git a/dom/docs/ipc/process_model.rst b/dom/docs/ipc/process_model.rst
index a57fc7152929..ad6dd430c518 100644
--- a/dom/docs/ipc/process_model.rst
+++ b/dom/docs/ipc/process_model.rst
@@ -63,7 +63,6 @@ Diagram
| Data Decoder (RDD) Process |
| Network (Socket) Process |
| Utility Process |
- | Remote Sandbox Broker Process |
| Fork Server |
>
@@ -291,17 +290,6 @@ Network (Socket) Process
The socket process is used to separate certain networking operations from the parent process, allowing them to be performed more directly in a partially sandboxed process. The eventual goal is to move all TCP/UDP network operations into this dedicated process, and is being tracked in `Bug 1322426 `_.
-.. _remote-sandbox-process:
-
-Remote Sandbox Broker Process
------------------------------
-
-:platform: Windows on ARM only
-:primary protocol: `PRemoteSandboxBroker `_
-:sandboxed?: no
-
-In order to run sandboxed x86 plugin processes from Windows-on-ARM, the remote sandbox broker process is launched in x86-mode, and used to launch sandboxed x86 subprocesses. This avoids issues with the sandboxing layer, which unfortunately assumes that pointer width matches between the sandboxer and sandboxing process. To avoid this, the remote sandbox broker is used as an x86 sandboxing process which wraps these plugins.
-
.. _fork-server:
Fork Server
diff --git a/ipc/app/MozillaRuntimeMain.cpp b/ipc/app/MozillaRuntimeMain.cpp
index 68eae06910bb..e58dcf609ae9 100644
--- a/ipc/app/MozillaRuntimeMain.cpp
+++ b/ipc/app/MozillaRuntimeMain.cpp
@@ -88,11 +88,6 @@ int main(int argc, char* argv[]) {
childData.ProvideLogFunction = mozilla::sandboxing::ProvideLogFunction;
}
-
- if (GetGeckoProcessType() == GeckoProcessType_RemoteSandboxBroker) {
- childData.sandboxBrokerServices =
- mozilla::sandboxing::GetInitializedBrokerServices();
- }
#endif
nsresult rv = bootstrap->XRE_InitChildProcess(argc, argv, &childData);
diff --git a/ipc/docs/ipdl.rst b/ipc/docs/ipdl.rst
index a65f9f9eeeff..7a3e77e4f917 100644
--- a/ipc/docs/ipdl.rst
+++ b/ipc/docs/ipdl.rst
@@ -753,7 +753,6 @@ process type:
``VR`` VR process
``RDD`` Remote Data Decoder (RDD) process
``Socket`` Socket/Networking process
-``RemoteSandboxBroker`` Remote Sandbox Broker process
``ForkServer`` Fork Server process
``Utility`` Utility process
============================= =================================================
diff --git a/ipc/docs/processes.rst b/ipc/docs/processes.rst
index 6664151121e1..f9a53fbe10d9 100644
--- a/ipc/docs/processes.rst
+++ b/ipc/docs/processes.rst
@@ -523,12 +523,8 @@ Windows Sandbox
_______________
- Introduce a new ``SandboxBroker::SetSecurityLevelForXXXProcess()`` that
- defines the new sandbox in both
-
- + the sandbox broker basing yourself on that `example
- `_
- + the remote sandbox broker getting `inspired by
- `_
+ defines the new sandbox in the sandbox broker basing yourself on this
+ `example `_
- Add new case handling in ``WindowsProcessLauncher::DoSetup()`` calling
``SandboxBroker::SetSecurityLevelForXXXProcess()`` in `GeckoChildProcessHost
diff --git a/ipc/glue/GeckoChildProcessHost.cpp b/ipc/glue/GeckoChildProcessHost.cpp
index cab42fac2064..64ea0be19434 100644
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@@ -75,9 +75,6 @@
# include "WinUtils.h"
# include "mozilla/Preferences.h"
# include "mozilla/sandboxing/sandboxLogging.h"
-# if defined(_ARM64_)
-# include "mozilla/remoteSandboxBroker.h"
-# endif
# endif
# include "mozilla/NativeNt.h"
@@ -1550,19 +1547,7 @@ Result WindowsProcessLauncher::DoSetup() {
# if defined(MOZ_SANDBOX) || defined(_ARM64_)
const bool isGMP = mProcessType == GeckoProcessType_GMPlugin;
const bool isWidevine = isGMP && Contains(mChildArgs, "gmp-widevinecdm");
-# if defined(_ARM64_)
- bool useRemoteSandboxBroker = false;
- if (mLaunchArch & (base::PROCESS_ARCH_I386 | base::PROCESS_ARCH_X86_64)) {
- // On Windows on ARM64 for ClearKey and Widevine, and for the sandbox
- // launcher process, we want to run the x86 plugin-container.exe in
- // the "i686" subdirectory, instead of the aarch64 plugin-container.exe.
- // So insert "i686" into the exePath.
- exePath = exePath.DirName().AppendASCII("i686").Append(exePath.BaseName());
- useRemoteSandboxBroker =
- mProcessType != GeckoProcessType_RemoteSandboxBroker;
- }
-# endif // if defined(_ARM64_)
-# endif // defined(MOZ_SANDBOX) || defined(_ARM64_)
+# endif // defined(MOZ_SANDBOX) || defined(_ARM64_)
mCmdLine.emplace(exePath.ToWStringHack());
@@ -1585,12 +1570,7 @@ Result WindowsProcessLauncher::DoSetup() {
}
# if defined(MOZ_SANDBOX)
-# if defined(_ARM64_)
- if (useRemoteSandboxBroker)
- mResults.mSandboxBroker = new RemoteSandboxBroker(mLaunchArch);
- else
-# endif // if defined(_ARM64_)
- mResults.mSandboxBroker = new SandboxBroker();
+ mResults.mSandboxBroker = new SandboxBroker();
// XXX: Bug 1124167: We should get rid of the process specific logic for
// sandboxing in this class at some point. Unfortunately it will take a bit
@@ -1666,9 +1646,6 @@ Result WindowsProcessLauncher::DoSetup() {
mUseSandbox = true;
}
break;
- case GeckoProcessType_RemoteSandboxBroker:
- // We don't sandbox the sandbox launcher...
- break;
case GeckoProcessType_Default:
default:
MOZ_CRASH("Bad process type in GeckoChildProcessHost");
diff --git a/ipc/ipdl/sync-messages.ini b/ipc/ipdl/sync-messages.ini
index f444b4ffae36..714cd97a1324 100644
--- a/ipc/ipdl/sync-messages.ini
+++ b/ipc/ipdl/sync-messages.ini
@@ -296,8 +296,6 @@ description = legacy sync IPC - please add detailed description
description = Lets unprivileged child processes synchronously get a description of the app that handles a given protocol scheme
[PClientSource::WorkerSyncPing]
description = Synchronous ping allowing worker thread to confirm actor is created. Necessary to avoid racing with ClientHandle actors on main thread.
-[PRemoteSandboxBroker::LaunchApp]
-description = Synchronous launch of a child process that in turn launches and sandboxes another process. Called on a dedicated thread and targets a dedicated process, so this shouldn't block anything.
[PSandboxTesting::GetSpecialDirectory]
description = Testing only - get a special directory path.
# WebGL internals
diff --git a/ipc/ipdl/test/ipdl/error/PUnknownProc.ipdl b/ipc/ipdl/test/ipdl/error/PUnknownProc.ipdl
index 0ec4e3f3c73a..396a0a1d0060 100644
--- a/ipc/ipdl/test/ipdl/error/PUnknownProc.ipdl
+++ b/ipc/ipdl/test/ipdl/error/PUnknownProc.ipdl
@@ -1,4 +1,4 @@
-//error: invalid value for attribute `ChildProc', expected one of: any, anychild, anydom, compositor, Parent, Content, IPDLUnitTest, GMPlugin, GPU, VR, RDD, Socket, RemoteSandboxBroker, ForkServer, Utility
+//error: invalid value for attribute `ChildProc', expected one of: any, anychild, anydom, compositor, Parent, Content, IPDLUnitTest, GMPlugin, GPU, VR, RDD, Socket, ForkServer, Utility
[ChildProc=unknowntype]
protocol PUnknownProc {
diff --git a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/process/GeckoProcessType.java b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/process/GeckoProcessType.java
index 92ab60990810..4e26cb261465 100644
--- a/mobile/android/geckoview/src/main/java/org/mozilla/gecko/process/GeckoProcessType.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/gecko/process/GeckoProcessType.java
@@ -10,7 +10,7 @@ import org.mozilla.gecko.annotation.WrapForJNI;
public enum GeckoProcessType {
// These need to match the stringified names from the GeckoProcessType enum
PARENT("default"),
- PLUGIN("plugin"),
+ OBSOLETE1("plugin"),
CONTENT("tab"),
IPDLUNITTEST("ipdlunittest"),
GMPLUGIN("gmplugin"),
@@ -18,7 +18,7 @@ public enum GeckoProcessType {
VR("vr"),
RDD("rdd"),
SOCKET("socket"),
- REMOTESANDBOXBROKER("sandboxbroker"),
+ OBSOLETE2("sandboxbroker"),
FORKSERVER("forkserver"),
UTILITY("utility");
diff --git a/security/sandbox/moz.build b/security/sandbox/moz.build
index 68f3e88e6168..fccf8377dcb2 100644
--- a/security/sandbox/moz.build
+++ b/security/sandbox/moz.build
@@ -27,7 +27,6 @@ elif CONFIG["OS_ARCH"] == "WINNT":
FORCE_STATIC_LIB = True
DIRS += [
- "win/src/remotesandboxbroker",
"win/src/sandboxbroker",
"win/src/sandboxtarget",
]
diff --git a/security/sandbox/win/src/remotesandboxbroker/PRemoteSandboxBroker.ipdl b/security/sandbox/win/src/remotesandboxbroker/PRemoteSandboxBroker.ipdl
deleted file mode 100644
index 139380259fe6..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/PRemoteSandboxBroker.ipdl
+++ /dev/null
@@ -1,36 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-using mozilla::dom::NativeThreadId from "mozilla/dom/NativeThreadId.h";
-
-namespace mozilla {
-
-struct EnvVar {
- nsString name;
- nsString value;
-};
-
-struct LaunchParameters {
- nsString path;
- nsString args;
- EnvVar[] env;
- uint32_t processType;
- uint32_t sandboxLevel;
- nsString[] allowedReadFiles;
- uint64_t[] shareHandles;
- bool enableLogging;
-};
-
-[NeedsOtherPid, NestedUpTo=inside_sync, ChildProc=RemoteSandboxBroker]
-sync protocol PRemoteSandboxBroker
-{
-parent:
- async InitCrashReporter(NativeThreadId threadId);
-child:
- [Nested=inside_sync] sync LaunchApp(LaunchParameters params)
- returns (bool ok, uint64_t handle);
-};
-
-} // namespace mozilla
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.cpp b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.cpp
deleted file mode 100644
index 9d6b146d520b..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.cpp
+++ /dev/null
@@ -1,87 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#include "RemoteSandboxBrokerChild.h"
-#include "chrome/common/ipc_channel.h"
-#include "mozilla/ipc/CrashReporterClient.h"
-#include "nsDebugImpl.h"
-#include "mozilla/ipc/CrashReporterClient.h"
-#include "RemoteSandboxBrokerProcessChild.h"
-
-using namespace mozilla::ipc;
-
-namespace mozilla {
-
-RemoteSandboxBrokerChild::RemoteSandboxBrokerChild() {
- nsDebugImpl::SetMultiprocessMode("RemoteSandboxBroker");
-}
-
-RemoteSandboxBrokerChild::~RemoteSandboxBrokerChild() {}
-
-bool RemoteSandboxBrokerChild::Init(mozilla::ipc::UntypedEndpoint&& aEndpoint) {
- if (NS_WARN_IF(!aEndpoint.Bind(this))) {
- return false;
- }
- CrashReporterClient::InitSingleton(this);
- return true;
-}
-
-void RemoteSandboxBrokerChild::ActorDestroy(ActorDestroyReason aWhy) {
- if (AbnormalShutdown == aWhy) {
- NS_WARNING("Abnormal shutdown of GMP process!");
- ipc::ProcessChild::QuickExit();
- }
- CrashReporterClient::DestroySingleton();
- XRE_ShutdownChildProcess();
-}
-
-mozilla::ipc::IPCResult RemoteSandboxBrokerChild::RecvLaunchApp(
- LaunchParameters&& aParams, bool* aOutOk, uint64_t* aOutHandle) {
- auto towstring = [](const nsString& s) {
- return std::wstring(s.get(), s.Length());
- };
-
- base::EnvironmentMap envmap;
- for (const EnvVar& env : aParams.env()) {
- envmap[towstring(env.name())] = towstring(env.value());
- }
-
- if (!mSandboxBroker.SetSecurityLevelForGMPlugin(
- AbstractSandboxBroker::SandboxLevel(aParams.sandboxLevel()),
- /* aIsRemoteLaunch */ true)) {
- *aOutOk = false;
- return IPC_OK();
- }
-
- for (const auto& path : aParams.allowedReadFiles()) {
- if (!mSandboxBroker.AllowReadFile(path.get())) {
- *aOutOk = false;
- return IPC_OK();
- }
- }
-
- for (const auto& handle : aParams.shareHandles()) {
- mSandboxBroker.AddHandleToShare(HANDLE(handle));
- }
-
- HANDLE p;
- mozilla::Result err =
- mSandboxBroker.LaunchApp(aParams.path().get(), aParams.args().get(),
- envmap, GeckoProcessType(aParams.processType()),
- aParams.enableLogging(), nullptr, (void**)&p);
- *aOutOk = err.isOk();
- if (*aOutOk) {
- *aOutHandle = uint64_t(p);
- }
-
- for (const auto& handle : aParams.shareHandles()) {
- CloseHandle(HANDLE(handle));
- }
-
- return IPC_OK();
-}
-
-} // namespace mozilla
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.h b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.h
deleted file mode 100644
index cc707609df28..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerChild.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#ifndef RemoteSandboxBrokerChild_h_
-#define RemoteSandboxBrokerChild_h_
-
-#include "mozilla/PRemoteSandboxBrokerChild.h"
-#include "sandboxBroker.h"
-
-namespace mozilla {
-
-class RemoteSandboxBrokerChild : public PRemoteSandboxBrokerChild {
- friend class PRemoteSandboxBrokerChild;
-
- public:
- NS_INLINE_DECL_REFCOUNTING(RemoteSandboxBrokerChild, override)
-
- RemoteSandboxBrokerChild();
- bool Init(mozilla::ipc::UntypedEndpoint&& aEndpoint);
-
- private:
- virtual ~RemoteSandboxBrokerChild();
- mozilla::ipc::IPCResult RecvLaunchApp(LaunchParameters&& aParams,
- bool* aOutOk, uint64_t* aOutHandle);
-
- void ActorDestroy(ActorDestroyReason aWhy);
- SandboxBroker mSandboxBroker;
-};
-
-} // namespace mozilla
-
-#endif
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.cpp b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.cpp
deleted file mode 100644
index 7306f4f7bfa5..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.cpp
+++ /dev/null
@@ -1,83 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#include "RemoteSandboxBrokerParent.h"
-#include "RemoteSandboxBrokerProcessParent.h"
-#include "mozilla/Telemetry.h"
-#include
-
-namespace mozilla {
-
-RefPtr RemoteSandboxBrokerParent::Launch(
- uint32_t aLaunchArch, const nsTArray& aHandlesToShare,
- nsISerialEventTarget* aThread) {
- MOZ_ASSERT(!mProcess);
- if (mProcess) {
- // Don't re-init.
- return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
- }
-
- mProcess = new RemoteSandboxBrokerProcessParent();
-#ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
- mProcess->SetLaunchArchitecture(aLaunchArch);
-#endif
- for (uint64_t handle : aHandlesToShare) {
- mProcess->AddHandleToShare(HANDLE(handle));
- }
-
- auto resolve = [self = RefPtr{this}](base::ProcessHandle handle) {
- self->mOpened = self->mProcess->TakeInitialEndpoint().Bind(self);
- if (!self->mOpened) {
- self->mProcess->Destroy();
- self->mProcess = nullptr;
- return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
- }
- return GenericPromise::CreateAndResolve(true, __func__);
- };
-
- auto reject = [self = RefPtr{this}]() {
- NS_ERROR("failed to launch child in the parent");
- if (self->mProcess) {
- self->mProcess->Destroy();
- self->mProcess = nullptr;
- }
- return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
- };
-
- return mProcess->AsyncLaunch()->Then(aThread, __func__, std::move(resolve),
- std::move(reject));
-}
-
-bool RemoteSandboxBrokerParent::DuplicateFromLauncher(HANDLE aLauncherHandle,
- LPHANDLE aOurHandle) {
- return ::DuplicateHandle(mProcess->GetChildProcessHandle(), aLauncherHandle,
- ::GetCurrentProcess(), aOurHandle, 0, false,
- DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE);
-}
-
-void RemoteSandboxBrokerParent::ActorDestroy(ActorDestroyReason aWhy) {
- if (AbnormalShutdown == aWhy) {
- Telemetry::Accumulate(Telemetry::SUBPROCESS_ABNORMAL_ABORT,
- nsDependentCString(XRE_GeckoProcessTypeToString(
- GeckoProcessType_RemoteSandboxBroker)),
- 1);
- GenerateCrashReport(OtherPid());
- }
- Shutdown();
-}
-
-void RemoteSandboxBrokerParent::Shutdown() {
- if (mOpened) {
- mOpened = false;
- Close();
- }
- if (mProcess) {
- mProcess->Destroy();
- mProcess = nullptr;
- }
-}
-
-} // namespace mozilla
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.h b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.h
deleted file mode 100644
index 7645b689237e..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerParent.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#ifndef RemoteSandboxBrokerParent_h_
-#define RemoteSandboxBrokerParent_h_
-
-#include "mozilla/PRemoteSandboxBrokerParent.h"
-#include "RemoteSandboxBrokerProcessParent.h"
-#include "mozilla/ipc/CrashReporterHelper.h"
-
-namespace mozilla {
-
-class RemoteSandboxBrokerParent
- : public PRemoteSandboxBrokerParent,
- public ipc::CrashReporterHelper {
- friend class PRemoteSandboxBrokerParent;
-
- public:
- NS_INLINE_DECL_REFCOUNTING(RemoteSandboxBrokerParent, override)
-
- bool DuplicateFromLauncher(HANDLE aLauncherHandle, LPHANDLE aOurHandle);
-
- void Shutdown();
-
- // Asynchronously launches the launcher process.
- // Note: we rely on the caller to keep this instance alive
- // until this promise resolves.
- // aThread is the thread to use to resolve the promise on if needed.
- RefPtr Launch(uint32_t aLaunchArch,
- const nsTArray& aHandlesToShare,
- nsISerialEventTarget* aThread);
-
- private:
- ~RemoteSandboxBrokerParent() = default;
-
- void ActorDestroy(ActorDestroyReason aWhy) override;
-
- RemoteSandboxBrokerProcessParent* mProcess = nullptr;
-
- bool mOpened = false;
-};
-
-} // namespace mozilla
-
-#endif // RemoteSandboxBrokerParent_h_
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.cpp b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.cpp
deleted file mode 100644
index 32e7d3b1f448..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.cpp
+++ /dev/null
@@ -1,27 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#include "RemoteSandboxBrokerProcessChild.h"
-
-#include "mozilla/ipc/IOThreadChild.h"
-#include "mozilla/BackgroundHangMonitor.h"
-
-using mozilla::ipc::IOThreadChild;
-
-namespace mozilla {
-
-RemoteSandboxBrokerProcessChild::~RemoteSandboxBrokerProcessChild() {}
-
-bool RemoteSandboxBrokerProcessChild::Init(int aArgc, char* aArgv[]) {
- BackgroundHangMonitor::Startup();
- return mSandboxBrokerChild->Init(TakeInitialEndpoint());
-}
-
-void RemoteSandboxBrokerProcessChild::CleanUp() {
- BackgroundHangMonitor::Shutdown();
-}
-
-} // namespace mozilla
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.h b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.h
deleted file mode 100644
index 7b47f1e828e2..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessChild.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef RemoteSandboxBrokerProcessChild_h_
-#define RemoteSandboxBrokerProcessChild_h_
-
-#include "mozilla/ipc/ProcessChild.h"
-#include "RemoteSandboxBrokerChild.h"
-
-namespace mozilla {
-
-class RemoteSandboxBrokerProcessChild final
- : public mozilla::ipc::ProcessChild {
- protected:
- typedef mozilla::ipc::ProcessChild ProcessChild;
-
- public:
- using ProcessChild::ProcessChild;
- ~RemoteSandboxBrokerProcessChild();
-
- bool Init(int aArgc, char* aArgv[]) override;
- void CleanUp() override;
-
- private:
- RefPtr mSandboxBrokerChild =
- new RemoteSandboxBrokerChild;
-};
-
-} // namespace mozilla
-
-#endif // GMPProcessChild_h_
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.cpp b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.cpp
deleted file mode 100644
index 218753bb520e..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.cpp
+++ /dev/null
@@ -1,35 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#include "RemoteSandboxBrokerProcessParent.h"
-#include
-
-#include "mozilla/ipc/LaunchError.h"
-
-using mozilla::ipc::GeckoChildProcessHost;
-using mozilla::ipc::LaunchError;
-using mozilla::ipc::ProcessHandlePromise;
-
-namespace mozilla {
-
-RemoteSandboxBrokerProcessParent::RemoteSandboxBrokerProcessParent()
- : GeckoChildProcessHost(GeckoProcessType_RemoteSandboxBroker) {
- MOZ_COUNT_CTOR(RemoteSandboxBrokerProcessParent);
-}
-
-RemoteSandboxBrokerProcessParent::~RemoteSandboxBrokerProcessParent() {
- MOZ_COUNT_DTOR(RemoteSandboxBrokerProcessParent);
-}
-
-RefPtr RemoteSandboxBrokerProcessParent::AsyncLaunch() {
- if (!GeckoChildProcessHost::AsyncLaunch()) {
- return ProcessHandlePromise::CreateAndReject(
- LaunchError("RSBPP::AsyncLaunch"), __func__);
- }
- return WhenProcessHandleReady();
-}
-
-} // namespace mozilla
diff --git a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.h b/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.h
deleted file mode 100644
index 434fb9e58549..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/RemoteSandboxBrokerProcessParent.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- * vim: sw=2 ts=4 et :
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef RemoteSandboxBrokerProcessParent_h_
-#define RemoteSandboxBrokerProcessParent_h_
-
-#include "mozilla/Attributes.h"
-#include "base/basictypes.h"
-#include "base/file_path.h"
-#include "base/thread.h"
-#include "mozilla/ipc/GeckoChildProcessHost.h"
-
-class nsIRunnable;
-
-namespace mozilla {
-
-class RemoteSandboxBrokerProcessParent final
- : public mozilla::ipc::GeckoChildProcessHost {
- public:
- RemoteSandboxBrokerProcessParent();
-
- RefPtr AsyncLaunch();
-
- bool CanShutdown() override { return true; }
-
- using mozilla::ipc::GeckoChildProcessHost::GetChildProcessHandle;
-
- // GeckoChildProcessHost does not directly provide `AddHandleToShare` as
- // handles are expected to be passed using `GeckoArgs`. However when
- // `RemoteSandboxBroker` is being used, we have already set up the argument
- // list, so allow adding those handles directly to the broker's launch
- // options.
- void AddHandleToShare(HANDLE aHandle) {
- mLaunchOptions->handles_to_inherit.push_back(aHandle);
- }
-
- private:
- ~RemoteSandboxBrokerProcessParent();
-
- DISALLOW_COPY_AND_ASSIGN(RemoteSandboxBrokerProcessParent);
-};
-
-} // namespace mozilla
-
-#endif // ifndef GMPProcessParent_h
diff --git a/security/sandbox/win/src/remotesandboxbroker/moz.build b/security/sandbox/win/src/remotesandboxbroker/moz.build
deleted file mode 100644
index 6d661ace4c79..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/moz.build
+++ /dev/null
@@ -1,30 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-SOURCES += [
- "remoteSandboxBroker.cpp",
- "RemoteSandboxBrokerChild.cpp",
- "RemoteSandboxBrokerParent.cpp",
- "RemoteSandboxBrokerProcessChild.cpp",
- "RemoteSandboxBrokerProcessParent.cpp",
-]
-
-EXPORTS.mozilla += [
- "remoteSandboxBroker.h",
- "RemoteSandboxBrokerChild.h",
- "RemoteSandboxBrokerParent.h",
- "RemoteSandboxBrokerProcessChild.h",
- "RemoteSandboxBrokerProcessParent.h",
-]
-
-for var in ("UNICODE", "_UNICODE"):
- DEFINES[var] = True
-
-FINAL_LIBRARY = "xul"
-
-IPDL_SOURCES += ["PRemoteSandboxBroker.ipdl"]
-
-include("/ipc/chromium/chromium-config.mozbuild")
diff --git a/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp b/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp
deleted file mode 100644
index f898251d72e7..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.cpp
+++ /dev/null
@@ -1,167 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#include "remoteSandboxBroker.h"
-
-#include "RemoteSandboxBrokerParent.h"
-#include "mozilla/SpinEventLoopUntil.h"
-#include "nsIThread.h"
-
-namespace mozilla {
-
-RemoteSandboxBroker::RemoteSandboxBroker(uint32_t aLaunchArch)
- : mParent(new RemoteSandboxBrokerParent), mLaunchArch(aLaunchArch) {}
-
-RemoteSandboxBroker::~RemoteSandboxBroker() {
- MOZ_ASSERT(
- mShutdown,
- "Shutdown must be called on RemoteSandboxBroker before destruction!");
-}
-
-void RemoteSandboxBroker::Shutdown() {
- MOZ_ASSERT(!mShutdown, "Don't call Shutdown() twice!");
- mShutdown = true;
-
- if (!mIPCLaunchThread) {
- // Can't have launched child process, nothing to shutdown.
- return;
- }
-
- RefPtr self = this;
- mIPCLaunchThread->Dispatch(
- NS_NewRunnableFunction("Remote Sandbox Launch", [self, this]() {
- // Note: `self` here should be the last reference to this instance.
- mParent->Shutdown();
- mIPCLaunchThread = nullptr;
- }));
-}
-
-Result RemoteSandboxBroker::LaunchApp(
- const wchar_t* aPath, const wchar_t* aArguments,
- base::EnvironmentMap& aEnvironment, GeckoProcessType aProcessType,
- const bool aEnableLogging, const IMAGE_THUNK_DATA*, void** aProcessHandle) {
- // Note: we expect to be called on the IPC launch thread from
- // GeckoChildProcesHost while it's launching a child process. The IPC launch
- // thread is a TaskQueue. We can't run a synchronous launch here as that
- // blocks the calling thread while it dispatches a task to the IPC launch
- // thread to spawn the process. Since our calling thread is the IPC launch
- // thread, we'd then be deadlocked. So instead we do an async launch, and spin
- // the event loop until the process launch succeeds.
-
- // We should be on the IPC launch thread. We're shutdown on the IO thread,
- // so save a ref to the IPC launch thread here, so we can close the channel
- // on the IPC launch thread on shutdown.
- mIPCLaunchThread = GetCurrentSerialEventTarget();
-
- mParameters.path() = nsDependentString(aPath);
- mParameters.args() = nsDependentString(aArguments);
-
- auto toNsString = [](const std::wstring& s) {
- return nsDependentString(s.c_str());
- };
- for (auto itr : aEnvironment) {
- mParameters.env().AppendElement(
- EnvVar(toNsString(itr.first), toNsString(itr.second)));
- }
-
- mParameters.processType() = uint32_t(aProcessType);
- mParameters.enableLogging() = aEnableLogging;
-
- enum Result { Pending, Succeeded, Failed };
- Result res = Pending;
- auto resolve = [&](bool ok) {
- res = Succeeded;
- return GenericPromise::CreateAndResolve(ok, __func__);
- };
-
- auto reject = [&](nsresult) {
- res = Failed;
- return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
- };
-
- // We need to wait on the current thread for the process to launch which will
- // block the running IPC Launch taskqueue. We cannot use
- // GetCurrentSerialEventTarget() (as this returns the currently running
- // TaskQueue) to resolve our promise as it will be blocked until we return
- // from this function.
- nsCOMPtr target = NS_GetCurrentThread();
- mParent->Launch(mLaunchArch, mParameters.shareHandles(), target)
- ->Then(target, __func__, std::move(resolve), std::move(reject));
-
- // Spin the event loop while the sandbox launcher process launches.
- SpinEventLoopUntil("RemoteSandboxBroker::LaunchApp"_ns,
- [&]() { return res != Pending; });
-
- if (res == Failed) {
- return Err(mozilla::ipc::LaunchError("RSB::LaunchApp"));
- }
-
- uint64_t handle = 0;
- bool ok = false;
- bool rv = mParent->SendLaunchApp(std::move(mParameters), &ok, &handle) && ok;
- mParameters.shareHandles().Clear();
- if (!rv) {
- mParent->Shutdown();
- return Err(mozilla::ipc::LaunchError("RSB::SendLaunchApp"));
- }
-
- // Duplicate the handle of the child process that the launcher launched from
- // the launcher process's space into this process' space.
- HANDLE ourChildHandle = 0;
- bool dh = mParent->DuplicateFromLauncher((HANDLE)handle, &ourChildHandle);
- if (!dh) {
- mParent->Shutdown();
- return Err(mozilla::ipc::LaunchError("RSB::DuplicateFromLauncher"));
- }
-
- *aProcessHandle = (void**)(ourChildHandle);
-
- return Ok();
-}
-
-bool RemoteSandboxBroker::SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
- bool aIsRemoteLaunch) {
- mParameters.sandboxLevel() = uint32_t(aLevel);
- return true;
-}
-
-bool RemoteSandboxBroker::AllowReadFile(wchar_t const* aFile) {
- mParameters.allowedReadFiles().AppendElement(nsDependentString(aFile));
- return true;
-}
-
-void RemoteSandboxBroker::AddHandleToShare(HANDLE aHandle) {
- mParameters.shareHandles().AppendElement(uint64_t(aHandle));
-}
-
-void RemoteSandboxBroker::SetSecurityLevelForContentProcess(
- int32_t aSandboxLevel, bool aIsFileProcess) {
- MOZ_CRASH(
- "RemoteSandboxBroker::SetSecurityLevelForContentProcess not Implemented");
-}
-
-void RemoteSandboxBroker::SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) {
- MOZ_CRASH(
- "RemoteSandboxBroker::SetSecurityLevelForGPUProcess not Implemented");
-}
-
-bool RemoteSandboxBroker::SetSecurityLevelForRDDProcess() {
- MOZ_CRASH(
- "RemoteSandboxBroker::SetSecurityLevelForRDDProcess not Implemented");
-}
-
-bool RemoteSandboxBroker::SetSecurityLevelForSocketProcess() {
- MOZ_CRASH(
- "RemoteSandboxBroker::SetSecurityLevelForSocketProcess not Implemented");
-}
-
-bool RemoteSandboxBroker::SetSecurityLevelForUtilityProcess(
- mozilla::ipc::SandboxingKind aSandbox) {
- MOZ_CRASH(
- "RemoteSandboxBroker::SetSecurityLevelForUtilityProcess not Implemented");
-}
-
-} // namespace mozilla
diff --git a/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h b/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h
deleted file mode 100644
index bb02470e0ee5..000000000000
--- a/security/sandbox/win/src/remotesandboxbroker/remoteSandboxBroker.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-
-#ifndef __REMOTE_SANDBOXBROKER_H__
-#define __REMOTE_SANDBOXBROKER_H__
-
-#include "sandboxBroker.h"
-#include "RemoteSandboxBrokerParent.h"
-
-#include "mozilla/Result.h"
-#include "mozilla/ipc/LaunchError.h"
-
-namespace mozilla {
-
-// To make sandboxing an x86 plugin-container process on Windows on ARM64,
-// we launch an x86 child process which in turn launches and sandboxes the x86
-// plugin-container child. This means the sandbox broker (in the remote
-// x86 sandbox launcher process) can be same-arch with the process that it's
-// sandboxing, which means all the sandbox's assumptions about things being
-// same arch still hold.
-class RemoteSandboxBroker : public AbstractSandboxBroker {
- public:
- explicit RemoteSandboxBroker(uint32_t aLaunchArch);
-
- void Shutdown() override;
-
- // Note: This should be called on the IPC launch thread, and this spins
- // the event loop. So this means potentially another IPC launch could occur
- // re-entrantly while calling this.
- Result LaunchApp(
- const wchar_t* aPath, const wchar_t* aArguments,
- base::EnvironmentMap& aEnvironment, GeckoProcessType aProcessType,
- const bool aEnableLogging, const IMAGE_THUNK_DATA*,
- void** aProcessHandle) override;
-
- // Security levels for different types of processes
- void SetSecurityLevelForContentProcess(int32_t aSandboxLevel,
- bool aIsFileProcess) override;
- void SetSecurityLevelForGPUProcess(int32_t aSandboxLevel) override;
- bool SetSecurityLevelForRDDProcess() override;
- bool SetSecurityLevelForSocketProcess() override;
- bool SetSecurityLevelForGMPlugin(SandboxLevel aLevel,
- bool aIsRemoteLaunch = false) override;
- bool SetSecurityLevelForUtilityProcess(
- mozilla::ipc::SandboxingKind aSandbox) override;
- bool AllowReadFile(wchar_t const* file) override;
- void AddHandleToShare(HANDLE aHandle) override;
-
- bool IsWin32kLockedDown() final { return false; };
-
- private:
- virtual ~RemoteSandboxBroker();
-
- // Parameters that we use to launch the child process.
- LaunchParameters mParameters;
-
- RefPtr mParent;
-
- // We bind the RemoteSandboxBrokerParent to the IPC launch thread.
- // As such, we must close its channel on the same thread. So we save
- // a reference to the IPC launch thread here.
- nsCOMPtr mIPCLaunchThread;
-
- // True if we've been shutdown.
- bool mShutdown = false;
-
- uint32_t mLaunchArch;
-};
-
-} // namespace mozilla
-
-#endif // __REMOTE_SANDBOXBROKER_H__
diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
index f188359b8d2c..b832304950cf 100644
--- a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
+++ b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -159,31 +159,27 @@ static void CacheDirAndAutoClear(nsIProperties* aDirSvc, const char* aDirKey,
void SandboxBroker::GeckoDependentInitialize() {
MOZ_ASSERT(NS_IsMainThread());
- bool haveXPCOM = XRE_GetProcessType() != GeckoProcessType_RemoteSandboxBroker;
- if (haveXPCOM) {
- // Cache directory paths for use in policy rules, because the directory
- // service must be called on the main thread.
- nsresult rv;
- nsCOMPtr dirSvc =
- do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
- if (NS_FAILED(rv)) {
- MOZ_ASSERT(false,
- "Failed to get directory service, cannot cache directories "
- "for rules.");
- LOG_E(
- "Failed to get directory service, cannot cache directories for "
- "rules.");
- return;
- }
-
- CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
- CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
-#ifdef ENABLE_SYSTEM_EXTENSION_DIRS
- CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR,
- &sUserExtensionsDir);
-#endif
+ // Cache directory paths for use in policy rules, because the directory
+ // service must be called on the main thread.
+ nsresult rv;
+ nsCOMPtr dirSvc =
+ do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
+ if (NS_FAILED(rv)) {
+ MOZ_ASSERT(false,
+ "Failed to get directory service, cannot cache directories "
+ "for rules.");
+ LOG_E(
+ "Failed to get directory service, cannot cache directories for "
+ "rules.");
+ return;
}
+ CacheDirAndAutoClear(dirSvc, NS_APP_USER_PROFILE_50_DIR, &sProfileDir);
+ CacheDirAndAutoClear(dirSvc, NS_WIN_LOCAL_APPDATA_DIR, &sLocalAppDataDir);
+#ifdef ENABLE_SYSTEM_EXTENSION_DIRS
+ CacheDirAndAutoClear(dirSvc, XRE_USER_SYS_EXTENSION_DIR, &sUserExtensionsDir);
+#endif
+
// Create sLaunchErrors up front because ClearOnShutdown must be called on the
// main thread.
sLaunchErrors = new nsTHashtable();
diff --git a/toolkit/components/aboutprocesses/content/aboutProcesses.js b/toolkit/components/aboutprocesses/content/aboutProcesses.js
index 6ee70129a6b9..8f9891d2872f 100644
--- a/toolkit/components/aboutprocesses/content/aboutProcesses.js
+++ b/toolkit/components/aboutprocesses/content/aboutProcesses.js
@@ -519,9 +519,6 @@ var View = {
case "socket":
fluentName = "about-processes-socket-process";
break;
- case "remoteSandboxBroker":
- fluentName = "about-processes-remote-sandbox-broker-process";
- break;
case "forkServer":
fluentName = "about-processes-fork-server-process";
break;
diff --git a/toolkit/components/crashes/tests/xpcshell/test_crash_manager.js b/toolkit/components/crashes/tests/xpcshell/test_crash_manager.js
index c8012031e192..e6369da869e1 100644
--- a/toolkit/components/crashes/tests/xpcshell/test_crash_manager.js
+++ b/toolkit/components/crashes/tests/xpcshell/test_crash_manager.js
@@ -82,7 +82,6 @@ add_task(async function test_process_ping() {
Assert.ok(m.isPingAllowed("gpu"));
Assert.ok(m.isPingAllowed("main"));
Assert.ok(m.isPingAllowed("rdd"));
- Assert.ok(m.isPingAllowed("sandboxbroker"));
Assert.ok(m.isPingAllowed("socket"));
Assert.ok(m.isPingAllowed("utility"));
Assert.ok(m.isPingAllowed("vr"));
@@ -707,7 +706,6 @@ add_task(async function test_child_process_crash_ping() {
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_VR],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_RDD],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_SOCKET],
- m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_REMOTESANDBOXBROKER],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_FORKSERVER],
m.processTypes[Ci.nsIXULRuntime.PROCESS_TYPE_UTILITY],
];
diff --git a/toolkit/components/telemetry/docs/data/crash-ping.rst b/toolkit/components/telemetry/docs/data/crash-ping.rst
index 0b8520745b45..9ceb0121b58e 100644
--- a/toolkit/components/telemetry/docs/data/crash-ping.rst
+++ b/toolkit/components/telemetry/docs/data/crash-ping.rst
@@ -129,8 +129,6 @@ are sent only for the ones below:
+---------------+-------------------------------------------------------------------------------+
| socket | :ref:`Network socket process ` |
+---------------+-------------------------------------------------------------------------------+
-| sandboxbroker | :ref:`Remote sandbox broker ` |
-+---------------+-------------------------------------------------------------------------------+
| forkserver | :ref:`Fork server ` |
+---------------+-------------------------------------------------------------------------------+
| utility | :ref:`Utility process ` |
diff --git a/toolkit/locales/en-US/toolkit/about/aboutProcesses.ftl b/toolkit/locales/en-US/toolkit/about/aboutProcesses.ftl
index 7d67efb81f55..4e8284fb08c0 100644
--- a/toolkit/locales/en-US/toolkit/about/aboutProcesses.ftl
+++ b/toolkit/locales/en-US/toolkit/about/aboutProcesses.ftl
@@ -50,7 +50,6 @@ about-processes-gpu-process = GPU ({ $pid })
about-processes-vr-process = VR ({ $pid })
about-processes-rdd-process = Data Decoder ({ $pid })
about-processes-socket-process = Network ({ $pid })
-about-processes-remote-sandbox-broker-process = Remote Sandbox Broker ({ $pid })
about-processes-fork-server-process = Fork Server ({ $pid })
about-processes-preallocated-process = Preallocated ({ $pid })
about-processes-utility-process = Utility ({ $pid })
diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp
index 8fb78a0d5aec..3360ed0bba60 100644
--- a/toolkit/xre/nsEmbedFunctions.cpp
+++ b/toolkit/xre/nsEmbedFunctions.cpp
@@ -91,7 +91,6 @@
#if defined(MOZ_SANDBOX) && defined(XP_WIN)
# include "mozilla/sandboxTarget.h"
# include "mozilla/sandboxing/loggingCallbacks.h"
-# include "mozilla/RemoteSandboxBrokerProcessChild.h"
#endif
#if defined(MOZ_SANDBOX)
@@ -484,22 +483,12 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
? MessageLoop::TYPE_MOZILLA_CHILD
: MessageLoop::TYPE_DEFAULT;
break;
- case GeckoProcessType_RemoteSandboxBroker:
- uiLoopType = MessageLoop::TYPE_DEFAULT;
- break;
default:
uiLoopType = MessageLoop::TYPE_UI;
break;
}
#if defined(XP_WIN)
-# if defined(MOZ_SANDBOX)
- if (aChildData->sandboxBrokerServices) {
- SandboxBroker::Initialize(aChildData->sandboxBrokerServices, u""_ns);
- SandboxBroker::GeckoDependentInitialize();
- }
-# endif // defined(MOZ_SANDBOX)
-
{
DebugOnly result = mozilla::WindowsBCryptInitialization();
MOZ_ASSERT(result);
@@ -567,13 +556,6 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
std::move(*clientChannel), *parentPID, messageChannelId);
break;
-#if defined(MOZ_SANDBOX) && defined(XP_WIN)
- case GeckoProcessType_RemoteSandboxBroker:
- process = MakeUnique(
- std::move(*clientChannel), *parentPID, messageChannelId);
- break;
-#endif
-
#if defined(MOZ_ENABLE_FORKSERVER)
case GeckoProcessType_ForkServer:
MOZ_CRASH("Fork server should not go here");
@@ -604,12 +586,8 @@ nsresult XRE_InitChildProcess(int aArgc, char* aArgv[],
mozilla::sandboxing::InitLoggingIfRequired(
aChildData->ProvideLogFunction);
#endif
- if (XRE_GetProcessType() != GeckoProcessType_RemoteSandboxBroker) {
- // Remote sandbox launcher process doesn't have prerequisites for
- // these...
- mozilla::FilePreferences::InitDirectoriesAllowlist();
- mozilla::FilePreferences::InitPrefs();
- }
+ mozilla::FilePreferences::InitDirectoriesAllowlist();
+ mozilla::FilePreferences::InitPrefs();
#if defined(MOZ_SANDBOX)
AddContentSandboxLevelAnnotation();
diff --git a/tools/@types/lib.gecko.dom.d.ts b/tools/@types/lib.gecko.dom.d.ts
index 7c950b8ecdc2..727f9fda7eba 100644
--- a/tools/@types/lib.gecko.dom.d.ts
+++ b/tools/@types/lib.gecko.dom.d.ts
@@ -25452,7 +25452,7 @@ type VideoTransferCharacteristics = "bt709" | "hlg" | "iec61966-2-1" | "linear"
type VisibilityState = "hidden" | "visible";
type WakeLockType = "screen";
type WebGLPowerPreference = "default" | "high-performance" | "low-power";
-type WebIDLProcType = "browser" | "extension" | "file" | "forkServer" | "gmpPlugin" | "gpu" | "inference" | "ipdlUnitTest" | "preallocated" | "privilegedabout" | "privilegedmozilla" | "rdd" | "remoteSandboxBroker" | "socket" | "unknown" | "utility" | "vr" | "web" | "webIsolated" | "webServiceWorker" | "withCoopCoep";
+type WebIDLProcType = "browser" | "extension" | "file" | "forkServer" | "gmpPlugin" | "gpu" | "inference" | "ipdlUnitTest" | "preallocated" | "privilegedabout" | "privilegedmozilla" | "rdd" | "socket" | "unknown" | "utility" | "vr" | "web" | "webIsolated" | "webServiceWorker" | "withCoopCoep";
type WebIDLUtilityActorName = "audioDecoder_AppleMedia" | "audioDecoder_Generic" | "audioDecoder_WMF" | "jSOracle" | "mfMediaEngineCDM" | "unknown" | "windowsFileDialog" | "windowsUtils";
type WebTransportCongestionControl = "default" | "low-latency" | "throughput";
type WebTransportErrorSource = "session" | "stream";
diff --git a/tools/@types/lib.gecko.xpcom.d.ts b/tools/@types/lib.gecko.xpcom.d.ts
index ab1d01c23b2f..f7aa3ebac4f9 100644
--- a/tools/@types/lib.gecko.xpcom.d.ts
+++ b/tools/@types/lib.gecko.xpcom.d.ts
@@ -14570,7 +14570,6 @@ interface nsIXULRuntime extends nsISupports, Enums