Bug 1037211 - Remove MOZ_CONTENT_SANDBOX_REPORTER by making it always true. r=kang r=ted

--HG-- extra : amend_source : 450d51dab077794e194bf407044de95627de0cde
2024-09-13 09:24:08 -07:00 · 2014-07-17 14:57:28 -07:00 · 2014-07-17 14:57:28 -07:00 · 1cdd0d8544
commit 1cdd0d8544
parent 59478fd68e
4 changed files with 2 additions and 22 deletions
--- a/configure.in
+++ b/configure.in
@ -3876,7 +3876,6 @@ MOZ_PAY=
 MOZ_AUDIO_CHANNEL_MANAGER=
 NSS_NO_LIBPKIX=
 MOZ_CONTENT_SANDBOX=
-MOZ_CONTENT_SANDBOX_REPORTER=1
 JSGC_USE_EXACT_ROOTING=
 JSGC_GENERATIONAL=

@ -6438,17 +6437,6 @@ fi

 AC_SUBST(MOZ_CONTENT_SANDBOX)

-MOZ_ARG_ENABLE_BOOL(content-sandbox-reporter,
-[ --enable-content-sandbox-reporter        Enable syscall reporter to troubleshoot syscalls denied by the content-processes sandbox],
-    MOZ_CONTENT_SANDBOX_REPORTER=1,
-    MOZ_CONTENT_SANDBOX_REPORTER=)
-
-if test -n "$MOZ_CONTENT_SANDBOX_REPORTER"; then
-    AC_DEFINE(MOZ_CONTENT_SANDBOX_REPORTER)
-fi
-
-AC_SUBST(MOZ_CONTENT_SANDBOX_REPORTER)
-
 dnl ========================================================
 dnl =
 dnl = Module specific options
--- a/security/sandbox/linux/Sandbox.cpp
+++ b/security/sandbox/linux/Sandbox.cpp
@ -112,7 +112,6 @@ SandboxLogJSStack(void)
 *
 * @see InstallSyscallReporter() function.
 */
-#ifdef MOZ_CONTENT_SANDBOX_REPORTER
 static void
 Reporter(int nr, siginfo_t *info, void *void_context)
 {
@ -195,7 +194,6 @@ InstallSyscallReporter(void)
  }
  return 0;
 }
-#endif

 /**
 * This function installs the syscall filter, a.k.a. seccomp.
@ -441,11 +439,9 @@ SetCurrentProcessSandbox()
  PR_ASSERT(gSeccompSandboxLog);
 #endif

-#if defined(MOZ_CONTENT_SANDBOX_REPORTER)
  if (InstallSyscallReporter()) {
    LOG_ERROR("install_syscall_reporter() failed\n");
  }
-#endif

  if (IsSandboxingSupported()) {
    BroadcastSetThreadSandbox();
--- a/security/sandbox/linux/SandboxAssembler.cpp
+++ b/security/sandbox/linux/SandboxAssembler.cpp
@ -139,11 +139,7 @@ Instruction *
 SandboxAssembler::RetKill()
 {
  return mCode.MakeInstruction(BPF_RET + BPF_K,
-#ifdef MOZ_CONTENT_SANDBOX_REPORTER
                               SECCOMP_RET_TRAP,
-#else
-                               SECCOMP_RET_KILL,
-#endif
                               nullptr);
 }

--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@ -101,8 +101,8 @@ SandboxFilterImpl::Build() {
   *
   * How are those syscalls found?
   * 1) via strace -p <child pid> or/and
-   * 2) with MOZ_CONTENT_SANDBOX_REPORTER set, the child will report which system call
-   *    has been denied by seccomp-bpf, just before exiting, via NSPR.
+   * 2) the child will report which system call has been denied by seccomp-bpf,
+   *    just before exiting, via NSPR or Android logging.
   * System call number to name mapping is found in:
   * bionic/libc/kernel/arch-arm/asm/unistd.h
   * or your libc's unistd.h/kernel headers.