diff --git a/browser/components/BrowserComponents.manifest b/browser/components/BrowserComponents.manifest index 2217b44978fb..db6c1e172af2 100644 --- a/browser/components/BrowserComponents.manifest +++ b/browser/components/BrowserComponents.manifest @@ -36,6 +36,24 @@ category browser-window-unload moz-src:///browser/components/tabbrowser/NewTabPa category browser-window-delayed-startup resource:///modules/taskbartabs/TaskbarTabs.sys.mjs TaskbarTabs.init # App startup consumers + +category browser-first-window-ready resource:///modules/AboutNewTab.sys.mjs AboutNewTab.init +category browser-first-window-ready resource:///modules/ContentCrashHandlers.sys.mjs TabCrashHandler.init +category browser-first-window-ready resource:///modules/ProcessHangMonitor.sys.mjs ProcessHangMonitor.init +category browser-first-window-ready resource://gre/modules/PageThumbs.sys.mjs PageThumbs.init +category browser-first-window-ready resource://gre/modules/NewTabUtils.sys.mjs NewTabUtils.init +category browser-first-window-ready resource:///modules/PageActions.sys.mjs PageActions.init +category browser-first-window-ready resource://gre/modules/DoHController.sys.mjs DoHController.init +category browser-first-window-ready moz-src:///toolkit/profile/ProfilesDatastoreService.sys.mjs ProfilesDatastoreService.init +category browser-first-window-ready resource:///modules/profiles/SelectableProfileService.sys.mjs SelectableProfileService.init +category browser-first-window-ready moz-src:///browser/components/protections/ContentBlockingPrefs.sys.mjs ContentBlockingPrefs.init +category browser-first-window-ready resource://gre/modules/CaptchaDetectionPingUtils.sys.mjs CaptchaDetectionPingUtils.init +#ifdef MOZ_SANDBOX +#ifdef XP_LINUX +category browser-first-window-ready resource://gre/modules/SandboxUtils.sys.mjs SandboxUtils.maybeWarnAboutMissingUserNamespaces +#endif +#endif + category browser-idle-startup resource:///modules/PlacesUIUtils.sys.mjs PlacesUIUtils.unblockToolbars category browser-idle-startup resource:///modules/BuiltInThemes.sys.mjs BuiltInThemes.ensureBuiltInThemes category browser-idle-startup resource://gre/modules/RFPHelper.sys.mjs RFPHelper.init diff --git a/browser/components/BrowserGlue.sys.mjs b/browser/components/BrowserGlue.sys.mjs index 0983f4eaa198..bde641f7112a 100644 --- a/browser/components/BrowserGlue.sys.mjs +++ b/browser/components/BrowserGlue.sys.mjs @@ -9,7 +9,6 @@ const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { AboutHomeStartupCache: "resource:///modules/AboutHomeStartupCache.sys.mjs", - AboutNewTab: "resource:///modules/AboutNewTab.sys.mjs", AWToolbarButton: "resource:///modules/aboutwelcome/AWToolbarUtils.sys.mjs", ASRouter: "resource:///modules/asrouter/ASRouter.sys.mjs", ASRouterDefaultConfig: @@ -22,8 +21,6 @@ ChromeUtils.defineESModuleGetters(lazy, { BrowserUtils: "resource://gre/modules/BrowserUtils.sys.mjs", BrowserUsageTelemetry: "resource:///modules/BrowserUsageTelemetry.sys.mjs", BrowserWindowTracker: "resource:///modules/BrowserWindowTracker.sys.mjs", - CaptchaDetectionPingUtils: - "resource://gre/modules/CaptchaDetectionPingUtils.sys.mjs", ContentBlockingPrefs: "moz-src:///browser/components/protections/ContentBlockingPrefs.sys.mjs", ContextualIdentityService: @@ -36,7 +33,6 @@ ChromeUtils.defineESModuleGetters(lazy, { "moz-src:///browser/components/DesktopActorRegistry.sys.mjs", Discovery: "resource:///modules/Discovery.sys.mjs", DistributionManagement: "resource:///modules/distribution.sys.mjs", - DoHController: "resource://gre/modules/DoHController.sys.mjs", DownloadsViewableInternally: "resource:///modules/DownloadsViewableInternally.sys.mjs", ExtensionsUI: "resource:///modules/ExtensionsUI.sys.mjs", @@ -48,13 +44,10 @@ ChromeUtils.defineESModuleGetters(lazy, { LoginBreaches: "resource:///modules/LoginBreaches.sys.mjs", LoginHelper: "resource://gre/modules/LoginHelper.sys.mjs", MigrationUtils: "resource:///modules/MigrationUtils.sys.mjs", - NewTabUtils: "resource://gre/modules/NewTabUtils.sys.mjs", NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs", OnboardingMessageProvider: "resource:///modules/asrouter/OnboardingMessageProvider.sys.mjs", - PageActions: "resource:///modules/PageActions.sys.mjs", PageDataService: "resource:///modules/pagedata/PageDataService.sys.mjs", - PageThumbs: "resource://gre/modules/PageThumbs.sys.mjs", PdfJs: "resource://pdf.js/PdfJs.sys.mjs", PlacesBrowserStartup: "moz-src:///browser/components/places/PlacesBrowserStartup.sys.mjs", @@ -62,22 +55,16 @@ ChromeUtils.defineESModuleGetters(lazy, { // eslint-disable-next-line mozilla/valid-lazy PluginManager: "resource:///actors/PluginParent.sys.mjs", PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.sys.mjs", - ProcessHangMonitor: "resource:///modules/ProcessHangMonitor.sys.mjs", ProfileDataUpgrader: "moz-src:///browser/components/ProfileDataUpgrader.sys.mjs", - ProfilesDatastoreService: - "moz-src:///toolkit/profile/ProfilesDatastoreService.sys.mjs", RemoteSecuritySettings: "resource://gre/modules/psm/RemoteSecuritySettings.sys.mjs", RemoteSettings: "resource://services-settings/remote-settings.sys.mjs", SafeBrowsing: "resource://gre/modules/SafeBrowsing.sys.mjs", Sanitizer: "resource:///modules/Sanitizer.sys.mjs", - SandboxUtils: "resource://gre/modules/SandboxUtils.sys.mjs", ScreenshotsUtils: "resource:///modules/ScreenshotsUtils.sys.mjs", SearchSERPTelemetry: "moz-src:///browser/components/search/SearchSERPTelemetry.sys.mjs", - SelectableProfileService: - "resource:///modules/profiles/SelectableProfileService.sys.mjs", SessionStartup: "resource:///modules/sessionstore/SessionStartup.sys.mjs", SessionStore: "resource:///modules/sessionstore/SessionStore.sys.mjs", ShortcutUtils: "resource://gre/modules/ShortcutUtils.sys.mjs", @@ -88,7 +75,6 @@ ChromeUtils.defineESModuleGetters(lazy, { TelemetryReportingPolicy: "resource://gre/modules/TelemetryReportingPolicy.sys.mjs", TRRRacer: "resource:///modules/TRRPerformance.sys.mjs", - TabCrashHandler: "resource:///modules/ContentCrashHandlers.sys.mjs", WebChannel: "resource://gre/modules/WebChannel.sys.mjs", WebProtocolHandlerRegistrar: "resource:///modules/WebProtocolHandlerRegistrar.sys.mjs", @@ -661,16 +647,6 @@ BrowserGlue.prototype = { ); }, - _verifySandboxUserNamespaces: function BG_verifySandboxUserNamespaces(aWin) { - if (!AppConstants.MOZ_SANDBOX) { - return; - } - - lazy.SandboxUtils.maybeWarnAboutMissingUserNamespaces( - aWin.gNotificationBox - ); - }, - _earlyBlankFirstPaint(cmdLine) { let startTime = Cu.now(); @@ -818,12 +794,6 @@ BrowserGlue.prototype = { // the first browser window has finished initializing _onFirstWindowLoaded: function BG__onFirstWindowLoaded(aWindow) { - lazy.AboutNewTab.init(); - - lazy.TabCrashHandler.init(); - - lazy.ProcessHangMonitor.init(); - // A channel for "remote troubleshooting" code... let channel = new lazy.WebChannel( "remote-troubleshooting", @@ -854,24 +824,6 @@ BrowserGlue.prototype = { lazy.WeaveService.init(); } - lazy.PageThumbs.init(); - - lazy.NewTabUtils.init(); - - lazy.PageActions.init(); - - lazy.DoHController.init(); - - lazy.ProfilesDatastoreService.init().catch(console.error); - lazy.SelectableProfileService.init().catch(console.error); - - this._firstWindowTelemetry(aWindow); - - lazy.ContentBlockingPrefs.init(); - lazy.CaptchaDetectionPingUtils.init(); - - this._verifySandboxUserNamespaces(aWindow); - lazy.BrowserUtils.callModulesFromCategory( { categoryName: "browser-first-window-ready", @@ -879,6 +831,8 @@ BrowserGlue.prototype = { }, aWindow ); + + this._firstWindowTelemetry(aWindow); }, _maybeOfferProfileReset() { diff --git a/browser/components/tests/browser/browser_browserGlue_userNamespacesNotification.js b/browser/components/tests/browser/browser_browserGlue_userNamespacesNotification.js index d7765ebd8bd8..b0e307c6fede 100644 --- a/browser/components/tests/browser/browser_browserGlue_userNamespacesNotification.js +++ b/browser/components/tests/browser/browser_browserGlue_userNamespacesNotification.js @@ -3,9 +3,6 @@ "use strict"; -const kCID = "@mozilla.org/browser/browserglue;1"; -const BrowserGlue = Cc[kCID].getService(Ci.nsISupports).wrappedJSObject; - const kNotificationSelector = 'notification-message[message-bar-type="infobar"]' + '[value="sandbox-unprivileged-namespaces"]'; @@ -39,6 +36,9 @@ async function getNotification(shouldBeNull = false) { } if (AppConstants.platform === "linux" && AppConstants.MOZ_SANDBOX) { + let { SandboxUtils } = ChromeUtils.importESModule( + "resource://gre/modules/SandboxUtils.sys.mjs" + ); add_setup(async function setup() { await SpecialPowers.pushPrefEnv({ set: [["security.sandbox.warn_unprivileged_namespaces", true]], @@ -59,7 +59,7 @@ if (AppConstants.platform === "linux" && AppConstants.MOZ_SANDBOX) { "No existing notification" ); setHasUsernamespaces(true); - BrowserGlue._verifySandboxUserNamespaces(window); + SandboxUtils.maybeWarnAboutMissingUserNamespaces(window); const notification = await getNotification(/* shouldBeNull */ true); Assert.equal( @@ -76,7 +76,7 @@ if (AppConstants.platform === "linux" && AppConstants.MOZ_SANDBOX) { "No existing notification" ); setHasUsernamespaces(false); - BrowserGlue._verifySandboxUserNamespaces(window); + SandboxUtils.maybeWarnAboutMissingUserNamespaces(window); const notification = await getNotification(); Assert.notEqual( @@ -97,7 +97,7 @@ if (AppConstants.platform === "linux" && AppConstants.MOZ_SANDBOX) { set: [["security.sandbox.warn_unprivileged_namespaces", false]], }); setHasUsernamespaces(false); - BrowserGlue._verifySandboxUserNamespaces(window); + SandboxUtils.maybeWarnAboutMissingUserNamespaces(window); const notification = await getNotification(/* shouldBeNull */ true); Assert.equal( @@ -125,7 +125,7 @@ if (AppConstants.platform === "linux" && AppConstants.MOZ_SANDBOX) { "Pref is enabled" ); setHasUsernamespaces(false); - BrowserGlue._verifySandboxUserNamespaces(window); + SandboxUtils.maybeWarnAboutMissingUserNamespaces(window); const notification = await getNotification(); const dontShowAgain = notification.querySelector(".notification-button"); @@ -147,8 +147,10 @@ if (AppConstants.platform === "linux" && AppConstants.MOZ_SANDBOX) { document.querySelector(kNotificationSelector), "No existing notification" ); - BrowserGlue._verifySandboxUserNamespaces(window); - const notification = await getNotification(/* shouldBeNull */ true); - Assert.equal(null, notification, "Notification is not shown on non linux"); + await Assert.rejects( + fetch("resource://gre/modules/SandboxUtils.sys.mjs"), + /NetworkError when attempting to fetch/, + "SandboxUtils should not be packaged." + ); }); } diff --git a/security/sandbox/common/SandboxUtils.sys.mjs b/security/sandbox/common/SandboxUtils.sys.mjs index fc3ed4ce54dd..1a70b67bf20f 100644 --- a/security/sandbox/common/SandboxUtils.sys.mjs +++ b/security/sandbox/common/SandboxUtils.sys.mjs @@ -8,11 +8,11 @@ export var SandboxUtils = { /** * Show a notification bar if user is running without unprivileged namespace * - * @param {NotificationBox} aNotificationBox - * The target notification box where notification will be added + * @param {Window} aWindow + * The window where the notification will be displayed. */ maybeWarnAboutMissingUserNamespaces: - function SU_maybeWarnAboutMissingUserNamespaces(aNotificationBox) { + function SU_maybeWarnAboutMissingUserNamespaces(aWindow) { if (AppConstants.platform !== "linux") { return; } @@ -41,7 +41,8 @@ export var SandboxUtils = { return; } - const mozXulElement = aNotificationBox.stack.ownerGlobal.MozXULElement; + let box = aWindow.gNotificationBox; + const mozXulElement = box.stack.ownerGlobal.MozXULElement; mozXulElement.insertFTLIfNeeded("toolkit/updates/elevation.ftl"); let buttons = [ @@ -58,11 +59,11 @@ export var SandboxUtils = { ]; // Now actually create the notification - aNotificationBox.appendNotification( + box.appendNotification( "sandbox-unprivileged-namespaces", { label: { "l10n-id": "sandbox-missing-unprivileged-namespaces" }, - priority: aNotificationBox.PRIORITY_WARNING_HIGH, + priority: box.PRIORITY_WARNING_HIGH, }, buttons ); diff --git a/security/sandbox/common/moz.build b/security/sandbox/common/moz.build index bc7117df322e..c1c2c4ad3eb7 100644 --- a/security/sandbox/common/moz.build +++ b/security/sandbox/common/moz.build @@ -45,9 +45,10 @@ if CONFIG["MOZ_SANDBOX"] and CONFIG["MOZ_DEBUG"] and CONFIG["ENABLE_TESTS"]: "/netwerk/base", ] -EXTRA_JS_MODULES += [ - "SandboxUtils.sys.mjs", -] +if CONFIG["MOZ_SANDBOX"] and CONFIG["OS_TARGET"] == "Linux": + EXTRA_JS_MODULES += [ + "SandboxUtils.sys.mjs", + ] include("/ipc/chromium/chromium-config.mozbuild")