Bug 1236108 - Add temp directory for sandboxed content processes to directory service. r=bsmedberg, a=lizzard

This is needed so that chrome processes know where sandboxed content
processes will be writing their temp files, and so that content processes know
where to write.

MozReview-Commit-ID: BK9bTxFGvZO

toolkit/xre/nsXREDirProvider.cpp

@@ -397,6 +397,14 @@ nsXREDirProvider::GetFile(const char* aProperty, bool* aPersistent,
     bool unused;
     rv = dirsvc->GetFile("XCurProcD", &unused, getter_AddRefs(file));
   }
+#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+  else if (!strcmp(aProperty, NS_APP_CONTENT_PROCESS_TEMP_DIR)) {
+    if (!mContentTempDir && NS_FAILED((rv = LoadContentProcessTempDir()))) {
+      return rv;
+    }
+    rv = mContentTempDir->Clone(getter_AddRefs(file));
+  }
+#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
   else if (NS_SUCCEEDED(GetProfileStartupDir(getter_AddRefs(file)))) {
     // We need to allow component, xpt, and chrome registration to
     // occur prior to the profile-after-change notification.
@@ -620,6 +628,50 @@ LoadExtensionDirectories(nsINIParser &parser,
   while (true);
 }
 
+#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+
+static const char*
+GetContentProcessTempBaseDirKey()
+{
+#if defined(XP_WIN)
+  return NS_WIN_LOW_INTEGRITY_TEMP_BASE;
+#else
+  return NS_OS_TEMP_DIR;
+#endif
+}
+
+nsresult
+nsXREDirProvider::LoadContentProcessTempDir()
+{
+  nsCOMPtr<nsIFile> localFile;
+
+  nsresult rv = NS_GetSpecialDirectory(GetContentProcessTempBaseDirKey(),
+                                       getter_AddRefs(localFile));
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  nsAutoString tempDirSuffix;
+  rv = Preferences::GetString("security.sandbox.content.tempDirSuffix",
+                              &tempDirSuffix);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  if (tempDirSuffix.IsEmpty()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  rv = localFile->Append(NS_LITERAL_STRING("Temp-") + tempDirSuffix);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  localFile.swap(mContentTempDir);
+  return NS_OK;
+}
+
+#endif // defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
+
 void
 nsXREDirProvider::LoadExtensionBundleDirectories()
 {
@@ -869,6 +921,7 @@ nsXREDirProvider::DoStartup()
 
     static const char16_t kStartup[] = {'s','t','a','r','t','u','p','\0'};
     obsSvc->NotifyObservers(nullptr, "profile-do-change", kStartup);
+
     // Init the Extension Manager
     nsCOMPtr<nsIObserver> em = do_GetService("@mozilla.org/addons/integration;1");
     if (em) {

toolkit/xre/nsXREDirProvider.h

@@ -121,6 +121,11 @@ protected:
   // delimiters.
   static inline nsresult AppendProfileString(nsIFile* aFile, const char* aPath);
 
+#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+  // Load the temp directory for sandboxed content processes
+  nsresult LoadContentProcessTempDir();
+#endif
+
   // Calculate and register extension and theme bundle directories.
   void LoadExtensionBundleDirectories();
 
@@ -141,6 +146,9 @@ protected:
   nsCOMPtr<nsIFile>      mProfileDir;
   nsCOMPtr<nsIFile>      mProfileLocalDir;
   bool                   mProfileNotified;
+#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+  nsCOMPtr<nsIFile>      mContentTempDir;
+#endif
   nsCOMArray<nsIFile>    mAppBundleDirectories;
   nsCOMArray<nsIFile>    mExtensionDirectories;
   nsCOMArray<nsIFile>    mThemeDirectories;

xpcom/io/nsAppDirectoryServiceDefs.h

@@ -83,4 +83,9 @@
 #define NS_APP_INDEXEDDB_PARENT_DIR             "indexedDBPDir"
 
 #define NS_APP_PERMISSION_PARENT_DIR            "permissionDBPDir"
-#endif
+
+#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+#define NS_APP_CONTENT_PROCESS_TEMP_DIR         "ContentTmpD"
+#endif // (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
+
+#endif // nsAppDirectoryServiceDefs_h___