Bug 1120045 - Pref off allowing media plugins on Linux systems which can't sandbox them. r=jesup

This does *not* affect the sandboxing requirement for EME CDMs added in bug 1074561; that is enforced separately and regardless of this pref. Bonus fix: GC unused includes of sandbox headers.
2024-09-13 09:24:08 -07:00 · 2015-01-28 10:06:53 -08:00 · 2015-01-28 10:06:53 -08:00 · 74292f3851
commit 74292f3851
parent e8fb5ca6f9
3 changed files with 17 additions and 4 deletions
--- a/dom/media/gmp/GMPChild.cpp
+++ b/dom/media/gmp/GMPChild.cpp
@ -37,9 +37,6 @@ static const int MAX_VOUCHER_LENGTH = 500000;
 #if defined(XP_WIN)
 #define TARGET_SANDBOX_EXPORTS
 #include "mozilla/sandboxTarget.h"
-#elif defined (XP_LINUX)
-#include "mozilla/Sandbox.h"
-#include "mozilla/SandboxInfo.h"
 #elif defined(XP_MACOSX)
 #include "mozilla/Sandbox.h"
 #endif
--- a/dom/media/gmp/GMPService.cpp
+++ b/dom/media/gmp/GMPService.cpp
@ -775,6 +775,15 @@ class CreateGMPParentTask : public nsRunnable {
 public:
  NS_IMETHOD Run() {
    MOZ_ASSERT(NS_IsMainThread());
+#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+    if (!SandboxInfo::Get().CanSandboxMedia()) {
+      if (!Preferences::GetBool("media.gmp.insecure.allow")) {
+        NS_WARNING("Denying media plugin load due to lack of sandboxing.");
+        return NS_ERROR_NOT_AVAILABLE;
+      }
+      NS_WARNING("Loading media plugin despite lack of sandboxing.");
+    }
+#endif
    mParent = new GMPParent();
    return NS_OK;
  }
@ -832,7 +841,7 @@ GeckoMediaPluginService::AddOnGMPThread(const nsAString& aDirectory)
  MOZ_ASSERT(mainThread);
  mozilla::SyncRunnable::DispatchToThread(mainThread, task);
  nsRefPtr<GMPParent> gmp = task->GetParent();
-  rv = gmp->Init(this, directory);
+  rv = gmp ? gmp->Init(this, directory) : NS_ERROR_NOT_AVAILABLE;
  if (NS_FAILED(rv)) {
    NS_WARNING("Can't Create GMPParent");
    return;
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -4541,3 +4541,10 @@ pref("reader.font_type", "sans-serif");
 // Whether or not the user has interacted with the reader mode toolbar.
 // This is used to show a first-launch tip in reader mode.
 pref("reader.has_used_toolbar", false);
+
+#if defined(XP_LINUX) && defined(MOZ_GMP_SANDBOX)
+// Whether to allow, on a Linux system that doesn't support the necessary sandboxing
+// features, loading Gecko Media Plugins unsandboxed.  However, EME CDMs will not be
+// loaded without sandboxing even if this pref is changed.
+pref("media.gmp.insecure.allow", false);
+#endif