commit f1edecc8d8b622292ad619d6542bea759df005d2 parent eac139398c374e80e8c82ae73cde765d5a64a869 Author: Atila Butkovits <abutkovits@mozilla.com> Date: Tue, 23 Dec 2025 20:10:19 +0200 Revert "Bug 1957156 - Define a LoadModule IPDL message in the PKCS#11 utility process. r=keeler,ipc-reviewers,nika" as requested for causing failures in macos signing jobs. This reverts commit 5626a548d0b71d6ddfb136249264b7a739500c17. Revert "Bug 1957156 - Start the PKCS#11 module utility process behind a pref in Nightly. r=ipc-reviewers,keeler,nika" This reverts commit 17d106ca7c233a3ad709b3e599557560a8a929bd. Revert "Bug 1957156 - Let the PKCS#11 process run a dedicated executable on macOS in Nightly. r=haik,nika" This reverts commit a9b9132117bd5ea14901812c8faa195201e0e1a8. Revert "Bug 1957156 - Add a new utility process kind for PKCS#11 module loading. r=haik,ipc-reviewers,fluent-reviewers,bolsson,keeler,nika" This reverts commit 2485ac302318c676883060feb0dc099a8a73191b. Revert "Bug 1957156 - Cleanup pass in utility code. r=ipc-reviewers,nika,haik" This reverts commit 57603811195db25088f3a41bc12007f3ee1a1fe7. Diffstat:
43 files changed, 161 insertions(+), 745 deletions(-)
diff --git a/browser/installer/Makefile.in b/browser/installer/Makefile.in @@ -63,12 +63,6 @@ DEFINES += -DMOZ_CHILD_PROCESS_NAME=$(MOZ_CHILD_PROCESS_NAME) DEFINES += -DMOZ_EME_PROCESS_NAME="$(MOZ_EME_PROCESS_NAME)" DEFINES += -DMOZ_GPU_PROCESS_NAME="$(MOZ_GPU_PROCESS_NAME)" -ifdef NIGHTLY_BUILD -ifndef MOZ_NO_SMART_CARDS -DEFINES += -DMOZ_PKCS11_PROCESS_NAME="$(MOZ_PKCS11_PROCESS_NAME)" -endif -endif - # Set MSVC dlls version to package, if any. ifdef MOZ_NO_DEBUG_RTL ifdef WIN32_REDIST_DIR diff --git a/browser/installer/allowed-dupes.mn b/browser/installer/allowed-dupes.mn @@ -13,15 +13,10 @@ plugin-container.app/Contents/PkgInfo updater.app/Contents/PkgInfo media-plugin-helper.app/Contents/PkgInfo gpu-helper.app/Contents/PkgInfo -security-module-helper.app/Contents/PkgInfo media-plugin-helper.app/Contents/MacOS/@MOZ_APP_DISPLAYNAME@ Media Plugin Helper gpu-helper.app/Contents/MacOS/@MOZ_APP_DISPLAYNAME@ GPU Helper plugin-container.app/Contents/MacOS/plugin-container -security-module-helper.app/Contents/MacOS/@MOZ_APP_DISPLAYNAME@ Security Module Helper - -media-plugin-helper.app/Contents/Resources/English.lproj/InfoPlist.strings -security-module-helper.app/Contents/Resources/English.lproj/InfoPlist.strings # Duplicated on Linux by browser/branding/branding-common.mozbuild #ifdef XP_LINUX diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in @@ -87,11 +87,6 @@ @BINPATH@/@MOZ_CHILD_PROCESS_NAME@.app/ @BINPATH@/@MOZ_EME_PROCESS_NAME@.app/ @BINPATH@/@MOZ_GPU_PROCESS_NAME@.app/ -#ifdef NIGHTLY_BUILD -#ifndef MOZ_NO_SMART_CARDS -@BINPATH@/@MOZ_PKCS11_PROCESS_NAME@.app/ -#endif -#endif #endif #ifdef XP_WIN @BINPATH@/@MOZ_CHILD_PROCESS_NAME@ diff --git a/dom/chrome-webidl/ChromeUtils.webidl b/dom/chrome-webidl/ChromeUtils.webidl @@ -941,7 +941,6 @@ enum WebIDLUtilityActorName { "jSOracle", "windowsUtils", "windowsFileDialog", - "pkcs11Module", }; dictionary UtilityActorsDictionary { diff --git a/ipc/app/Makefile.in b/ipc/app/Makefile.in @@ -34,15 +34,4 @@ libs:: $(call py_action,preprocessor $(MOZ_GPU_PROCESS_NAME).app/Contents/Resources/English.lproj/InfoPlist.strings,-Fsubstitution --output-encoding utf-16 -DAPP_NAME='$(MOZ_GPU_PROCESS_NAME_BRANDED)' $(srcdir)/macbuild/Contents/Resources/English.lproj/InfoPlist.strings.in -o $(DIST)/bin/$(MOZ_GPU_PROCESS_NAME).app/Contents/Resources/English.lproj/InfoPlist.strings) $(NSINSTALL) -D $(DIST)/bin/$(MOZ_GPU_PROCESS_NAME).app/Contents/MacOS cp $(DIST)/bin/$(MOZ_CHILD_PROCESS_NAME) "$(DIST)/bin/$(MOZ_GPU_PROCESS_NAME).app/Contents/MacOS/$(MOZ_GPU_PROCESS_NAME_BRANDED)" -ifdef NIGHTLY_BUILD -ifndef MOZ_NO_SMART_CARDS - # security-module-helper - $(NSINSTALL) -D $(DIST)/bin/$(MOZ_PKCS11_PROCESS_NAME).app - rsync -a -C --exclude '*.in' $(srcdir)/macbuild/Contents $(DIST)/bin/$(MOZ_PKCS11_PROCESS_NAME).app - $(call py_action,preprocessor $(MOZ_PKCS11_PROCESS_NAME).app/Contents/Info.plist,-Fsubstitution -DEXECUTABLE='$(MOZ_PKCS11_PROCESS_NAME_BRANDED)' -DBUNDLEID='$(MOZ_PKCS11_PROCESS_BUNDLEID)' -DMOZ_PKCS11_PROCESS_NAME_BRANDED='$(MOZ_PKCS11_PROCESS_NAME_BRANDED)' -DMOZ_DEVELOPER_REPO_PATH='$(topsrcdir)' -DMOZ_DEVELOPER_OBJ_PATH='$(topobjdir)' $(srcdir)/macbuild/Contents/Info.plist.in -o $(DIST)/bin/$(MOZ_PKCS11_PROCESS_NAME).app/Contents/Info.plist) - $(call py_action,preprocessor $(MOZ_PKCS11_PROCESS_NAME).app/Contents/Resources/English.lproj/InfoPlist.strings,-Fsubstitution --output-encoding utf-16 -DAPP_NAME='$(MOZ_PKCS11_PROCESS_BUNDLENAME)' $(srcdir)/macbuild/Contents/Resources/English.lproj/InfoPlist.strings.in -o $(DIST)/bin/$(MOZ_PKCS11_PROCESS_NAME).app/Contents/Resources/English.lproj/InfoPlist.strings) - $(NSINSTALL) -D $(DIST)/bin/$(MOZ_PKCS11_PROCESS_NAME).app/Contents/MacOS - cp $(DIST)/bin/$(MOZ_CHILD_PROCESS_NAME) "$(DIST)/bin/$(MOZ_PKCS11_PROCESS_NAME).app/Contents/MacOS/$(MOZ_PKCS11_PROCESS_NAME_BRANDED)" -endif -endif endif #} diff --git a/ipc/glue/GeckoChildProcessHost.cpp b/ipc/glue/GeckoChildProcessHost.cpp @@ -157,15 +157,16 @@ class BaseProcessLauncher { geckoargs::ChildProcessArgs&& aExtraOpts) : mProcessType(aHost->mProcessType), mLaunchOptions(std::move(aHost->mLaunchOptions)), - mChildArgs(std::move(aExtraOpts)), + mChildArgs(std::move(aExtraOpts)) #ifdef XP_WIN - mGroupId(aHost->mGroupId), + , + mGroupId(aHost->mGroupId) #endif - mUtilitySandbox(aHost->mUtilitySandbox) #if defined(XP_WIN) && defined(MOZ_SANDBOX) , mAllowedFilesRead(aHost->mAllowedFilesRead), mSandboxLevel(aHost->mSandboxLevel), + mSandbox(aHost->mSandbox), mIsFileContent(aHost->mIsFileContent), mEnableSandboxLogging(aHost->mEnableSandboxLogging) #endif @@ -212,8 +213,7 @@ class BaseProcessLauncher { void MapChildLogging(); - static BinPathType GetPathToBinary(FilePath&, GeckoProcessType, - SandboxingKind sandboxKind); + static BinPathType GetPathToBinary(FilePath&, GeckoProcessType); void GetChildLogName(const char* origLogName, nsACString& buffer); @@ -231,10 +231,10 @@ class BaseProcessLauncher { #ifdef XP_WIN nsString mGroupId; #endif - SandboxingKind mUtilitySandbox; #if defined(XP_WIN) && defined(MOZ_SANDBOX) std::vector<std::wstring> mAllowedFilesRead; int32_t mSandboxLevel; + SandboxingKind mSandbox; bool mIsFileContent; bool mEnableSandboxLogging; #endif @@ -511,8 +511,7 @@ void GeckoChildProcessHost::Destroy() { // static mozilla::BinPathType BaseProcessLauncher::GetPathToBinary( - FilePath& exePath, GeckoProcessType processType, - SandboxingKind utilitySandbox) { + FilePath& exePath, GeckoProcessType processType) { exePath = {}; BinPathType pathType = XRE_GetChildProcBinPathType(processType); @@ -545,12 +544,6 @@ mozilla::BinPathType BaseProcessLauncher::GetPathToBinary( // Use the GPU helper executable bundleName = MOZ_GPU_PROCESS_BUNDLENAME; executableLeafName = MOZ_GPU_PROCESS_NAME_BRANDED; -# if defined(NIGHTLY_BUILD) && !defined(MOZ_NO_SMART_CARDS) - } else if (processType == GeckoProcessType_Utility && - utilitySandbox == PKCS11_MODULE) { - bundleName = MOZ_PKCS11_PROCESS_BUNDLENAME; - executableLeafName = MOZ_PKCS11_PROCESS_NAME_BRANDED; -# endif // NIGHTLY_BUILD && !MOZ_NO_SMART_CARDS } else { // the default child process executable bundleName = MOZ_CHILD_PROCESS_BUNDLENAME; @@ -633,7 +626,7 @@ void GeckoChildProcessHost::SetEnv(const char* aKey, const char* aValue) { bool GeckoChildProcessHost::PrepareLaunch( geckoargs::ChildProcessArgs& aExtraOpts) { #if defined(XP_LINUX) && defined(MOZ_SANDBOX) - if (!SandboxLaunch::Configure(mProcessType, mUtilitySandbox, aExtraOpts, + if (!SandboxLaunch::Configure(mProcessType, mSandbox, aExtraOpts, mLaunchOptions.get())) { return false; } @@ -1253,8 +1246,7 @@ Result<Ok, LaunchError> PosixProcessLauncher::DoSetup() { } FilePath exePath; - BinPathType pathType = - GetPathToBinary(exePath, mProcessType, mUtilitySandbox); + BinPathType pathType = GetPathToBinary(exePath, mProcessType); // Make sure the executable path is present at the start of our argument list. // If we're using BinPathType::Self, also add the `-contentproc` argument. @@ -1578,8 +1570,7 @@ Result<Ok, LaunchError> WindowsProcessLauncher::DoSetup() { } FilePath exePath; - BinPathType pathType = - GetPathToBinary(exePath, mProcessType, mUtilitySandbox); + BinPathType pathType = GetPathToBinary(exePath, mProcessType); mCmdLine.emplace(exePath.ToWStringHack()); @@ -1673,9 +1664,9 @@ Result<Ok, LaunchError> WindowsProcessLauncher::DoSetup() { } break; case GeckoProcessType_Utility: - if (IsUtilitySandboxEnabled(mUtilitySandbox)) { + if (IsUtilitySandboxEnabled(mSandbox)) { if (!mResults.mSandboxBroker->SetSecurityLevelForUtilityProcess( - mUtilitySandbox)) { + mSandbox)) { return Err(LaunchError("SetSecurityLevelForUtilityProcess")); } mUseSandbox = true; diff --git a/ipc/glue/GeckoChildProcessHost.h b/ipc/glue/GeckoChildProcessHost.h @@ -19,7 +19,6 @@ #include "mozilla/ipc/NodeChannel.h" #include "mozilla/ipc/LaunchError.h" #include "mozilla/ipc/ScopedPort.h" -#include "mozilla/ipc/UtilityProcessSandboxing.h" #include "mozilla/Atomics.h" #include "mozilla/LinkedList.h" #include "mozilla/Monitor.h" @@ -46,6 +45,10 @@ # include "mozilla/Sandbox.h" #endif +#if defined(MOZ_SANDBOX) +# include "mozilla/ipc/UtilityProcessSandboxing.h" +#endif + #if (defined(XP_WIN) && defined(_ARM64_)) || \ (defined(XP_MACOSX) && defined(__aarch64__)) # define ALLOW_GECKO_CHILD_PROCESS_ARCH @@ -257,12 +260,9 @@ class GeckoChildProcessHost : public SupportsWeakPtr, # endif #endif // XP_WIN - // Only set by UtilityProcessHost. The sandbox policy associated with - // mUtilitySandbox will only be honored under MOZ_SANDBOX. However, on macOS, - // we will choose the proper firefox binary to run independently of - // MOZ_SANDBOX. This ensures that the utility process always runs with the - // expected set of entitlements. - SandboxingKind mUtilitySandbox; +#if defined(MOZ_SANDBOX) + SandboxingKind mSandbox; +#endif mozilla::RWLock mHandleLock; ProcessHandle mChildProcessHandle MOZ_GUARDED_BY(mHandleLock); diff --git a/ipc/glue/PUtilityProcess.ipdl b/ipc/glue/PUtilityProcess.ipdl @@ -16,10 +16,6 @@ include protocol PWindowsUtils; include protocol PWinFileDialog; #endif -#ifndef MOZ_NO_SMART_CARDS -include protocol PPKCS11Module; -#endif // !MOZ_NO_SMART_CARDS - #if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS) include protocol PSandboxTesting; #endif @@ -111,10 +107,6 @@ child: async StartJSOracleService(Endpoint<PJSOracleChild> aEndpoint); -#ifndef MOZ_NO_SMART_CARDS - async StartPKCS11ModuleService(Endpoint<PPKCS11ModuleChild> aEndpoint); -#endif // !MOZ_NO_SMART_CARDS - #if defined(XP_WIN) async StartWindowsUtilsService(Endpoint<PWindowsUtilsChild> aEndpoint); async StartWinFileDialogService(Endpoint<PWinFileDialogChild> aEndpoint); diff --git a/ipc/glue/UtilityProcessChild.cpp b/ipc/glue/UtilityProcessChild.cpp @@ -233,19 +233,6 @@ mozilla::ipc::IPCResult UtilityProcessChild::RecvRequestMemoryReport( return IPC_OK(); } -#ifndef MOZ_NO_SMART_CARDS -IPCResult UtilityProcessChild::RecvStartPKCS11ModuleService( - Endpoint<PPKCS11ModuleChild>&& aEndpoint) { - auto child = MakeRefPtr<psm::PKCS11ModuleChild>(); - if (!child || NS_FAILED(child->Start(std::move(aEndpoint)))) { - return IPC_FAIL(this, "Failed to create and start PKCS11ModuleChild"); - } - - mPKCS11ModuleInstance = std::move(child); - return IPC_OK(); -} -#endif // !MOZ_NO_SMART_CARDS - #if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS) mozilla::ipc::IPCResult UtilityProcessChild::RecvInitSandboxTesting( Endpoint<PSandboxTestingChild>&& aEndpoint) { @@ -400,10 +387,6 @@ void UtilityProcessChild::ActorDestroy(ActorDestroyReason aWhy) { mWindowsUtilsInstance = nullptr; # endif -# ifndef MOZ_NO_SMART_CARDS - mPKCS11ModuleInstance = nullptr; -# endif // !MOZ_NO_SMART_CARDS - // Wait until all RemoteMediaManagerParent have closed. // It is still possible some may not have clean up yet, and we might hit // timeout. Our xpcom-shutdown listener should take care of cleaning the diff --git a/ipc/glue/UtilityProcessChild.h b/ipc/glue/UtilityProcessChild.h @@ -10,10 +10,6 @@ #include "mozilla/ipc/UtilityMediaServiceParent.h" #include "ChildProfilerController.h" -#ifndef MOZ_NO_SMART_CARDS -# include "mozilla/psm/PKCS11ModuleChild.h" -#endif // !MOZ_NO_SMART_CARDS - #if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS) # include "mozilla/PSandboxTestingChild.h" #endif @@ -86,11 +82,6 @@ class UtilityProcessChild final : public PUtilityProcessChild { AsyncBlockers& AsyncShutdownService() { return mShutdownBlockers; } -#ifndef MOZ_NO_SMART_CARDS - IPCResult RecvStartPKCS11ModuleService( - Endpoint<PPKCS11ModuleChild>&& aEndpoint); -#endif // !MOZ_NO_SMART_CARDS - void ActorDestroy(ActorDestroyReason aWhy) override; #if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS) @@ -114,9 +105,6 @@ class UtilityProcessChild final : public PUtilityProcessChild { #ifdef XP_WIN RefPtr<PWindowsUtilsChild> mWindowsUtilsInstance; #endif -#ifndef MOZ_NO_SMART_CARDS - RefPtr<psm::PKCS11ModuleChild> mPKCS11ModuleInstance; -#endif // !MOZ_NO_SMART_CARDS AsyncBlockers mShutdownBlockers; }; diff --git a/ipc/glue/UtilityProcessHost.cpp b/ipc/glue/UtilityProcessHost.cpp @@ -56,6 +56,10 @@ LazyLogModule gUtilityProcessLog("utilityproc"); ("UtilityProcessHost=%p, " msg, this, ##__VA_ARGS__)) #endif +#if defined(XP_MACOSX) && defined(MOZ_SANDBOX) +bool UtilityProcessHost::sLaunchWithMacSandbox = false; +#endif + UtilityProcessHost::UtilityProcessHost(SandboxingKind aSandbox, RefPtr<Listener> aListener) : GeckoChildProcessHost(GeckoProcessType_Utility), @@ -67,15 +71,24 @@ UtilityProcessHost::UtilityProcessHost(SandboxingKind aSandbox, this, aSandbox); #if defined(XP_MACOSX) && defined(MOZ_SANDBOX) - mDisableOSActivityMode = IsUtilitySandboxEnabled(aSandbox); + if (!sLaunchWithMacSandbox) { + sLaunchWithMacSandbox = IsUtilitySandboxEnabled(aSandbox); + } + mDisableOSActivityMode = sLaunchWithMacSandbox; +#endif +#if defined(MOZ_SANDBOX) + mSandbox = aSandbox; #endif - mUtilitySandbox = aSandbox; } UtilityProcessHost::~UtilityProcessHost() { MOZ_COUNT_DTOR(UtilityProcessHost); +#if defined(MOZ_SANDBOX) LOGD("[%p] UtilityProcessHost::~UtilityProcessHost sandboxingKind=%" PRIu64, - this, mUtilitySandbox); + this, mSandbox); +#else + LOGD("[%p] UtilityProcessHost::~UtilityProcessHost", this); +#endif } bool UtilityProcessHost::Launch(geckoargs::ChildProcessArgs aExtraOpts) { @@ -183,17 +196,15 @@ void UtilityProcessHost::InitAfterConnect(bool aSucceeded) { #if defined(XP_LINUX) && defined(MOZ_SANDBOX) UniquePtr<SandboxBroker::Policy> policy; - if (IsUtilitySandboxEnabled(mUtilitySandbox)) { - switch (mUtilitySandbox) { - case SandboxingKind::GENERIC_UTILITY: - policy = SandboxBrokerPolicyFactory::GetUtilityProcessPolicy( - GetActor()->OtherPid()); - break; - - default: - MOZ_ASSERT(false, "Invalid SandboxingKind"); - break; - } + switch (mSandbox) { + case SandboxingKind::GENERIC_UTILITY: + policy = SandboxBrokerPolicyFactory::GetUtilityProcessPolicy( + GetActor()->OtherPid()); + break; + + default: + MOZ_ASSERT(false, "Invalid SandboxingKind"); + break; } if (policy != nullptr) { brokerFd = Some(FileDescriptor()); @@ -351,7 +362,7 @@ MacSandboxType UtilityProcessHost::GetMacSandboxType() { #ifdef MOZ_WMF_CDM_LPAC_SANDBOX void UtilityProcessHost::EnsureWidevineL1PathForSandbox( geckoargs::ChildProcessArgs& aExtraOpts) { - if (mUtilitySandbox != SandboxingKind::MF_MEDIA_ENGINE_CDM) { + if (mSandbox != SandboxingKind::MF_MEDIA_ENGINE_CDM) { return; } diff --git a/ipc/glue/UtilityProcessHost.h b/ipc/glue/UtilityProcessHost.h @@ -108,8 +108,10 @@ class UtilityProcessHost final : public mozilla::ipc::GeckoChildProcessHost { void DestroyProcess(); #if defined(XP_MACOSX) && defined(MOZ_SANDBOX) - // Sandbox utility processes based on IsUtilitySandboxEnabled() - bool IsMacSandboxLaunchEnabled() override { return mDisableOSActivityMode; } + static bool sLaunchWithMacSandbox; + + // Sandbox the Utility process at launch for all instances + bool IsMacSandboxLaunchEnabled() override { return sLaunchWithMacSandbox; } // Override so we can turn on Utility process-specific sandbox logging bool FillMacSandboxInfo(MacSandboxInfo& aInfo) override; diff --git a/ipc/glue/UtilityProcessManager.cpp b/ipc/glue/UtilityProcessManager.cpp @@ -29,10 +29,6 @@ #include "mozilla/GeckoArgs.h" -#ifndef MOZ_NO_SMART_CARDS -# include "mozilla/psm/PPKCS11ModuleChild.h" -#endif // !MOZ_NO_SMART_CARDS - namespace mozilla::ipc { extern LazyLogModule gUtilityProcessLog; @@ -518,31 +514,6 @@ UtilityProcessManager::CreateWinFileDialogActor() { #endif // XP_WIN -#ifndef MOZ_NO_SMART_CARDS -RefPtr<UtilityProcessManager::PKCS11ModulePromise> -UtilityProcessManager::StartPKCS11Module() { - using RetPromise = PKCS11ModulePromise; - auto parent = MakeRefPtr<psm::PKCS11ModuleParent>(); - auto startPromise = StartUtility(parent, SandboxingKind::PKCS11_MODULE); - return startPromise->Then( - GetMainThreadSerialEventTarget(), __func__, - [parent = std::move(parent)]() mutable { - if (!parent->CanSend()) { - MOZ_ASSERT(false, "PKCS11ModuleParent lost in the middle"); - return RetPromise::CreateAndReject( - LaunchError("StartPKCS11Module: !parent->CanSend()"), - __PRETTY_FUNCTION__); - } - return RetPromise::CreateAndResolve(std::move(parent), __func__); - }, - [](LaunchError&& aError) { - MOZ_ASSERT_UNREACHABLE( - "StartPKCS11Module: failure when starting actor"); - return RetPromise::CreateAndReject(std::move(aError), __func__); - }); -} -#endif // !MOZ_NO_SMART_CARDS - bool UtilityProcessManager::IsProcessLaunching(SandboxingKind aSandbox) { MOZ_ASSERT(NS_IsMainThread()); diff --git a/ipc/glue/UtilityProcessManager.h b/ipc/glue/UtilityProcessManager.h @@ -15,10 +15,6 @@ #include "mozilla/PRemoteMediaManagerChild.h" -#ifndef MOZ_NO_SMART_CARDS -# include "mozilla/psm/PKCS11ModuleParent.h" -#endif // !MOZ_NO_SMART_CARDS - namespace mozilla { class MemoryReportingProcess; @@ -57,10 +53,6 @@ class UtilityProcessManager final : public UtilityProcessHost::Listener { using WinFileDialogPromise = LaunchPromise<widget::filedialog::ProcessProxy>; #endif -#ifndef MOZ_NO_SMART_CARDS - using PKCS11ModulePromise = LaunchPromise<RefPtr<psm::PKCS11ModuleParent>>; -#endif // !MOZ_NO_SMART_CARDS - static RefPtr<UtilityProcessManager> GetSingleton(); static RefPtr<UtilityProcessManager> GetIfExists(); @@ -91,10 +83,6 @@ class UtilityProcessManager final : public UtilityProcessHost::Listener { RefPtr<WinFileDialogPromise> CreateWinFileDialogActor(); #endif -#ifndef MOZ_NO_SMART_CARDS - RefPtr<PKCS11ModulePromise> StartPKCS11Module(); -#endif // !MOZ_NO_SMART_CARDS - void OnProcessUnexpectedShutdown(UtilityProcessHost* aHost); // Returns the platform pid for this utility sandbox process. diff --git a/ipc/glue/UtilityProcessSandboxing.cpp b/ipc/glue/UtilityProcessSandboxing.cpp @@ -42,15 +42,6 @@ bool IsUtilitySandboxEnabled(const char* envVar, SandboxingKind aKind) { } #endif -#ifndef MOZ_NO_SMART_CARDS - // For now, don't enable sandboxing for the pkcs11 module loader process. - // pkcs11 modules have historically been loaded in the parent process and may - // have sandboxing-compatibility problems. - if (aKind == SandboxingKind::PKCS11_MODULE) { - return false; - } -#endif // !MOZ_NO_SMART_CARDS - if (envVar == nullptr) { return true; } diff --git a/ipc/glue/UtilityProcessSandboxing.h b/ipc/glue/UtilityProcessSandboxing.h @@ -31,9 +31,6 @@ enum SandboxingKind : uint64_t { WINDOWS_UTILS, WINDOWS_FILE_DIALOG, #endif -#ifndef MOZ_NO_SMART_CARDS - PKCS11_MODULE, -#endif // !MOZ_NO_SMART_CARDS COUNT, diff --git a/ipc/glue/moz.build b/ipc/glue/moz.build @@ -294,13 +294,6 @@ elif CONFIG["TARGET_OS"] == "iOS": elif CONFIG["MOZ_WIDGET_TOOLKIT"] == "android": OS_LIBS += ["android"] -extra_vars = () -if CONFIG["NIGHTLY_BUILD"] and not CONFIG["MOZ_NO_SMART_CARDS"]: - extra_vars = ( - "MOZ_PKCS11_PROCESS_NAME_BRANDED", - "MOZ_PKCS11_PROCESS_BUNDLENAME", - ) - for var in ( "MOZ_CHILD_PROCESS_NAME", "MOZ_CHILD_PROCESS_BUNDLENAME", @@ -308,7 +301,7 @@ for var in ( "MOZ_EME_PROCESS_BUNDLENAME", "MOZ_GPU_PROCESS_NAME_BRANDED", "MOZ_GPU_PROCESS_BUNDLENAME", -) + extra_vars: +): DEFINES[var] = '"%s"' % CONFIG[var] if CONFIG["MOZ_SANDBOX"] and CONFIG["OS_ARCH"] == "WINNT": diff --git a/ipc/glue/test/gtest/TestUtilityProcess.cpp b/ipc/glue/test/gtest/TestUtilityProcess.cpp @@ -3,13 +3,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -#include <algorithm> -#include <type_traits> - #include "gtest/gtest.h" -#include "mozilla/gtest/ipc/TestUtilityProcess.h" -#include "mozilla/gtest/WaitFor.h" -#include "nsThreadUtils.h" +#include "mozilla/SpinEventLoopUntil.h" #include "mozilla/ipc/UtilityProcessManager.h" @@ -32,86 +27,116 @@ #endif // XP_MACOSX using namespace mozilla; -using namespace mozilla::gtest::ipc; using namespace mozilla::ipc; -// Note that some test suites inherit TestUtilityProcess, so any change here -// will propagate there. Please ensure compatibility. -/* static */ void TestUtilityProcess::SetUpTestSuite() { +#define WAIT_FOR_EVENTS \ + SpinEventLoopUntil("UtilityProcess::emptyUtil"_ns, [&]() { return done; }); + +bool setupDone = false; + +class UtilityProcess : public ::testing::Test { + protected: + void SetUp() override { + if (setupDone) { + return; + } + +#if defined(MOZ_WIDGET_ANDROID) || defined(XP_MACOSX) + appShell = do_GetService(NS_APPSHELLSERVICE_CONTRACTID); +#endif // defined(MOZ_WIDGET_ANDROID) || defined(XP_MACOSX) + #if defined(XP_WIN) && defined(MOZ_SANDBOX) - // Ensure only one execution even with GTEST_REPEAT>1 - static bool sOnce = false; - if (!sOnce) { mozilla::SandboxBroker::GeckoDependentInitialize(); - sOnce = true; - } #endif // defined(XP_WIN) && defined(MOZ_SANDBOX) + setupDone = true; + } + #if defined(MOZ_WIDGET_ANDROID) || defined(XP_MACOSX) - // Ensure that the app shell service is running - nsCOMPtr<nsIAppShellService> appShell = - do_GetService(NS_APPSHELLSERVICE_CONTRACTID); + nsCOMPtr<nsIAppShellService> appShell; #endif // defined(MOZ_WIDGET_ANDROID) || defined(XP_MACOSX) +}; + +TEST_F(UtilityProcess, ProcessManager) { + RefPtr<UtilityProcessManager> utilityProc = + UtilityProcessManager::GetSingleton(); + ASSERT_NE(utilityProc, nullptr); } -TEST_F(TestUtilityProcess, LaunchAllKinds) { - using kind_t = std::underlying_type<SandboxingKind>::type; +TEST_F(UtilityProcess, NoProcess) { + RefPtr<UtilityProcessManager> utilityProc = + UtilityProcessManager::GetSingleton(); + EXPECT_NE(utilityProc, nullptr); - auto manager = UtilityProcessManager::GetSingleton(); - ASSERT_TRUE(manager); + Maybe<int32_t> noPid = + utilityProc->ProcessPid(SandboxingKind::GENERIC_UTILITY); + ASSERT_TRUE(noPid.isNothing()); +} - auto currentPid = base::GetCurrentProcId(); - ASSERT_GE(currentPid, base::ProcessId(1)); +TEST_F(UtilityProcess, LaunchProcess) { + bool done = false; - // Launch all kinds - for (kind_t i = 0; i < SandboxingKind::COUNT; ++i) { - auto kind = static_cast<SandboxingKind>(i); - auto res = WaitFor(manager->LaunchProcess(kind)); - ASSERT_TRUE(res.isOk()) - << "First launch LaunchError: " << res.inspectErr().FunctionName() << ", " - << res.inspectErr().ErrorCode(); - } + RefPtr<UtilityProcessManager> utilityProc = + UtilityProcessManager::GetSingleton(); + EXPECT_NE(utilityProc, nullptr); - // Collect process identifiers - std::array<base::ProcessId, SandboxingKind::COUNT> pids{}; - for (kind_t i = 0; i < SandboxingKind::COUNT; ++i) { - auto kind = static_cast<SandboxingKind>(i); - auto utilityPid = manager->ProcessPid(kind); - ASSERT_TRUE(utilityPid.isSome()) - << "No PID for kind " << kind; - ASSERT_GE(*utilityPid, base::ProcessId(1)); - ASSERT_NE(*utilityPid, currentPid); + int32_t thisPid = base::GetCurrentProcId(); + EXPECT_GE(thisPid, 1); - printf_stderr("Utility process running as PID %" PRIPID "\n", *utilityPid); + utilityProc->LaunchProcess(SandboxingKind::GENERIC_UTILITY) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [&]() mutable { + EXPECT_TRUE(true); - pids[i] = *utilityPid; - } + Maybe<int32_t> utilityPid = + utilityProc->ProcessPid(SandboxingKind::GENERIC_UTILITY); + EXPECT_TRUE(utilityPid.isSome()); + EXPECT_GE(*utilityPid, 1); + EXPECT_NE(*utilityPid, thisPid); - // Re-launching should resolve immediately with process identifiers unchanged - for (kind_t i = 0; i < SandboxingKind::COUNT; ++i) { - auto kind = static_cast<SandboxingKind>(i); - auto res = WaitFor(manager->LaunchProcess(kind)); - ASSERT_TRUE(res.isOk()) - << "Second launch LaunchError: " << res.inspectErr().FunctionName() << ", " - << res.inspectErr().ErrorCode(); + printf_stderr("UtilityProcess running as %d\n", *utilityPid); - ASSERT_TRUE(manager->ProcessPid(kind) == Some(pids[i])); - } + done = true; + }, + [&](LaunchError const&) { + EXPECT_TRUE(false); + done = true; + }); - // Check that every process identifier is unique - std::sort(pids.begin(), pids.end()); - auto adjacentEqualPids = std::adjacent_find(pids.begin(), pids.end()); - ASSERT_TRUE(adjacentEqualPids == pids.end()); + WAIT_FOR_EVENTS; +} - // After being individually shut down, a process is no longer referenced - for (kind_t i = 0; i < SandboxingKind::COUNT; ++i) { - auto kind = static_cast<SandboxingKind>(i); - manager->CleanShutdown(kind); - ASSERT_TRUE(manager->ProcessPid(kind).isNothing()); - } +TEST_F(UtilityProcess, DestroyProcess) { + bool done = false; + + RefPtr<UtilityProcessManager> utilityProc = + UtilityProcessManager::GetSingleton(); - // Drain the event queue. - NS_ProcessPendingEvents(nullptr); + utilityProc->LaunchProcess(SandboxingKind::GENERIC_UTILITY) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [&]() { + Maybe<int32_t> utilityPid = + utilityProc->ProcessPid(SandboxingKind::GENERIC_UTILITY); + EXPECT_TRUE(utilityPid.isSome()); + EXPECT_GE(*utilityPid, 1); + + utilityProc->CleanShutdown(SandboxingKind::GENERIC_UTILITY); + + utilityPid = + utilityProc->ProcessPid(SandboxingKind::GENERIC_UTILITY); + EXPECT_TRUE(utilityPid.isNothing()); + + EXPECT_TRUE(true); + done = true; + }, + [&](LaunchError const&) { + EXPECT_TRUE(false); + done = true; + }); + + WAIT_FOR_EVENTS; } #if defined(XP_WIN) @@ -122,7 +147,9 @@ static void LoadLibraryCrash_Test() { L"2b49036e-6ba3-400c-a297-38fa1f6c5255.dll"); } -TEST_F(TestUtilityProcess, LoadLibraryCrash) { +TEST_F(UtilityProcess, LoadLibraryCrash) { ASSERT_DEATH_IF_SUPPORTED(LoadLibraryCrash_Test(), ""); } #endif // defined(XP_WIN) + +#undef WAIT_FOR_EVENTS diff --git a/ipc/glue/test/gtest/TestUtilityProcess.h b/ipc/glue/test/gtest/TestUtilityProcess.h @@ -1,20 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_gtest_ipc_TestUtilityProcess_h -#define mozilla_gtest_ipc_TestUtilityProcess_h - -#include "gtest/gtest.h" - -namespace mozilla::gtest::ipc { - -class TestUtilityProcess : public ::testing::Test { - protected: - static void SetUpTestSuite(); -}; - -} // namespace mozilla::gtest::ipc - -#endif // mozilla_gtest_ipc_TestUtilityProcess_h diff --git a/ipc/glue/test/gtest/TestUtilityProcessSandboxing.cpp b/ipc/glue/test/gtest/TestUtilityProcessSandboxing.cpp @@ -8,8 +8,6 @@ #include "mozilla/gtest/MozHelpers.h" #include "mozilla/ipc/UtilityProcessSandboxing.h" -#include <sstream> - using namespace mozilla; using namespace mozilla::ipc; @@ -57,7 +55,7 @@ TEST(UtilityProcessSandboxing, ParseEnvVar_DisableWMFOnly) } #endif // defined(XP_WIN) -TEST(UtilityProcessSandboxing, ParseEnvVar_DisableMultiple) +TEST(UtilityProcessSandboxing, ParseEnvVar_DisableGenericOnly_Multiples) { EXPECT_FALSE(IsUtilitySandboxEnabled("utility:1,utility:0,utility:2", SandboxingKind::GENERIC_UTILITY)); @@ -71,9 +69,6 @@ TEST(UtilityProcessSandboxing, ParseEnvVar_DisableMultiple) IsUtilitySandboxEnabled("utility:1,utility:0,utility:2", SandboxingKind::UTILITY_AUDIO_DECODING_WMF)); #endif // XP_WIN - std::ostringstream envVar; - envVar << "utility:" << (SandboxingKind::COUNT + 1) - << ",utility:0,utility:" << (SandboxingKind::COUNT + 3); - EXPECT_TRUE( - IsUtilitySandboxEnabled(envVar.str().c_str(), SandboxingKind::COUNT)); + EXPECT_TRUE(IsUtilitySandboxEnabled("utility:8,utility:0,utility:6", + SandboxingKind::COUNT)); } diff --git a/ipc/glue/test/gtest/moz.build b/ipc/glue/test/gtest/moz.build @@ -6,10 +6,6 @@ Library("ipcgluetest") -EXPORTS.mozilla.gtest.ipc += [ - "TestUtilityProcess.h", -] - UNIFIED_SOURCES = [ "TestAsyncBlockers.cpp", "TestUtilityProcess.cpp", diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml @@ -17425,16 +17425,6 @@ value: true mirror: always -#if defined(NIGHTLY_BUILD) && !defined(MOZ_NO_SMART_CARDS) -# If true, load PKCS#11 third-party modules in a dedicated utility process -# rather than the main process. (Well, that's the long-term goal for the code -# paths behind this pref, but right now this is still work in progress!) -- name: security.utility_pkcs11_module_process.enabled - type: bool - value: false - mirror: once -#endif // NIGHTLY_BUILD && !MOZ_NO_SMART_CARDS - - name: security.pki.cert_short_lifetime_in_days type: RelaxedAtomicUint32 value: 10 diff --git a/security/mac/hardenedruntime/developer/security-module-helper.xml b/security/mac/hardenedruntime/developer/security-module-helper.xml @@ -1,21 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<!-- - Entitlements to apply to the security-module-helper.app bundle during - codesigning of developer builds. ---> -<plist version="1.0"> - <dict> - <!-- Allow loading third party pkcs11 libraries --> - <key>com.apple.security.cs.disable-library-validation</key><true/> - - <!-- For SmartCardServices(7) --> - <key>com.apple.security.smartcard</key><true/> - - <!-- Allow dyld environment variables for debugging --> - <key>com.apple.security.cs.allow-dyld-environment-variables</key><true/> - - <!-- Allow debuggers to attach to running executables --> - <key>com.apple.security.get-task-allow</key><true/> - </dict> -</plist> diff --git a/security/mac/hardenedruntime/production/security-module-helper.xml b/security/mac/hardenedruntime/production/security-module-helper.xml @@ -1,15 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> -<!-- - Entitlements to apply to the security-module-helper.app bundle during - codesigning of production channel builds. ---> -<plist version="1.0"> - <dict> - <!-- Allow loading third party pkcs11 libraries --> - <key>com.apple.security.cs.disable-library-validation</key><true/> - - <!-- For SmartCardServices(7) --> - <key>com.apple.security.smartcard</key><true/> - </dict> -</plist> diff --git a/security/manager/ssl/PKCS11ModuleChild.cpp b/security/manager/ssl/PKCS11ModuleChild.cpp @@ -1,54 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifdef MOZ_NO_SMART_CARDS -# error This file should not be used under MOZ_NO_SMART_CARDS. -#endif // MOZ_NO_SMART_CARDS - -#include "mozilla/psm/PKCS11ModuleChild.h" - -#include "mozilla/ipc/Endpoint.h" -#include "nsDebugImpl.h" - -#include <chrono> -#include <thread> - -namespace mozilla::psm { - -nsresult PKCS11ModuleChild::Start(Endpoint<PPKCS11ModuleChild>&& aEndpoint) { - MOZ_ASSERT(NS_IsMainThread()); - MOZ_ASSERT(!mTaskQueue); - - nsDebugImpl::SetMultiprocessMode("PKCS11ModuleChild"); - - nsresult rv = NS_CreateBackgroundTaskQueue("PKCS11ModuleChild", - getter_AddRefs(mTaskQueue)); - if (NS_FAILED(rv)) { - return rv; - } - - rv = mTaskQueue->Dispatch(NS_NewRunnableFunction( - "PKCS11ModuleChild::StartBind", - [self = RefPtr{this}, endpoint = std::move(aEndpoint)]() mutable { - MOZ_ALWAYS_TRUE(endpoint.Bind(self)); - })); - return rv; -} - -ipc::IPCResult PKCS11ModuleChild::RecvLoadModule( - nsString&& aModule, LoadModuleResolver&& aResolver) { - if (aModule != u"MySecretModule"_ns) { - aResolver(NS_ERROR_NOT_IMPLEMENTED); - return IPC_OK(); - } - - // Simulate a long but successful load - std::this_thread::sleep_for(std::chrono::seconds(1)); - aResolver(NS_OK); - - return IPC_OK(); -} - -} // namespace mozilla::psm diff --git a/security/manager/ssl/PKCS11ModuleChild.h b/security/manager/ssl/PKCS11ModuleChild.h @@ -1,38 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_psm_PKCS11ModuleChild_h -#define mozilla_psm_PKCS11ModuleChild_h - -#ifdef MOZ_NO_SMART_CARDS -# error This file should not be used under MOZ_NO_SMART_CARDS. -#endif // MOZ_NO_SMART_CARDS - -#include "mozilla/psm/PPKCS11ModuleChild.h" -#include "nsIObserver.h" -#include "nsISupports.h" - -namespace mozilla::psm { - -class PKCS11ModuleChild final : public PPKCS11ModuleChild { - public: - NS_INLINE_DECL_THREADSAFE_REFCOUNTING(PKCS11ModuleChild, override); - - PKCS11ModuleChild() = default; - - nsresult Start(Endpoint<PPKCS11ModuleChild>&& aEndpoint); - - ipc::IPCResult RecvLoadModule(nsString&& aModule, - LoadModuleResolver&& aResolver); - - private: - nsCOMPtr<nsISerialEventTarget> mTaskQueue; - - ~PKCS11ModuleChild() = default; -}; - -} // namespace mozilla::psm - -#endif // mozilla_psm_PKCS11ModuleChild_h diff --git a/security/manager/ssl/PKCS11ModuleParent.cpp b/security/manager/ssl/PKCS11ModuleParent.cpp @@ -1,40 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifdef MOZ_NO_SMART_CARDS -# error This file should not be used under MOZ_NO_SMART_CARDS. -#endif // MOZ_NO_SMART_CARDS - -#include "mozilla/psm/PKCS11ModuleParent.h" - -namespace mozilla::psm { - -nsresult PKCS11ModuleParent::BindToUtilityProcess( - const RefPtr<ipc::UtilityProcessParent>& aUtilityParent) { - Endpoint<PPKCS11ModuleParent> parentEnd; - Endpoint<PPKCS11ModuleChild> childEnd; - nsresult rv = PPKCS11Module::CreateEndpoints( - ipc::EndpointProcInfo::Current(), aUtilityParent->OtherEndpointProcInfo(), - &parentEnd, &childEnd); - - if (NS_FAILED(rv)) { - MOZ_ASSERT_UNREACHABLE("Protocol endpoints failure"); - return NS_ERROR_FAILURE; - } - - if (!aUtilityParent->SendStartPKCS11ModuleService(std::move(childEnd))) { - MOZ_ASSERT_UNREACHABLE("StartPKCS11Module service failure"); - return NS_ERROR_FAILURE; - } - - if (!parentEnd.Bind(this)) { - MOZ_ASSERT_UNREACHABLE("StartPKCS11Module service failure"); - return NS_ERROR_FAILURE; - } - - return NS_OK; -} - -} // namespace mozilla::psm diff --git a/security/manager/ssl/PKCS11ModuleParent.h b/security/manager/ssl/PKCS11ModuleParent.h @@ -1,37 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef mozilla_psm_PKCS11ModuleParent_h -#define mozilla_psm_PKCS11ModuleParent_h - -#ifdef MOZ_NO_SMART_CARDS -# error This file should not be used under MOZ_NO_SMART_CARDS. -#endif // MOZ_NO_SMART_CARDS - -#include "mozilla/ProcInfo.h" - -#include "mozilla/ipc/UtilityProcessParent.h" -#include "mozilla/psm/PPKCS11ModuleParent.h" - -namespace mozilla::psm { - -class PKCS11ModuleParent final : public PPKCS11ModuleParent { - public: - NS_INLINE_DECL_THREADSAFE_REFCOUNTING(PKCS11ModuleParent, override); - - explicit PKCS11ModuleParent() = default; - - UtilityActorName GetActorName() { return UtilityActorName::Pkcs11Module; } - - nsresult BindToUtilityProcess( - const RefPtr<ipc::UtilityProcessParent>& aUtilityParent); - - private: - ~PKCS11ModuleParent() = default; -}; - -} // namespace mozilla::psm - -#endif // mozilla_psm_PKCS11ModuleParent_h diff --git a/security/manager/ssl/PPKCS11Module.ipdl b/security/manager/ssl/PPKCS11Module.ipdl @@ -1,19 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -namespace mozilla { - -namespace psm { - -[ChildProc=Utility] -protocol PPKCS11Module -{ - child: - async LoadModule(nsString aModule) returns (nsresult rv); -}; - -} // namespace psm - -} // namespace mozilla diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build @@ -214,21 +214,6 @@ if CONFIG["OS_ARCH"] == "WINNT": "CredentialManagerSecret.cpp", ] -if not CONFIG["MOZ_NO_SMART_CARDS"]: - EXPORTS.mozilla.psm += [ - "PKCS11ModuleChild.h", - "PKCS11ModuleParent.h", - ] - - UNIFIED_SOURCES += [ - "PKCS11ModuleChild.cpp", - "PKCS11ModuleParent.cpp", - ] - - IPDL_SOURCES += [ - "PPKCS11Module.ipdl", - ] - FINAL_LIBRARY = "xul" LOCAL_INCLUDES += [ diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp @@ -79,10 +79,6 @@ # include <sys/vfs.h> #endif -#ifndef MOZ_NO_SMART_CARDS -# include "mozilla/ipc/UtilityProcessManager.h" -#endif // !MOZ_NO_SMART_CARDS - using namespace mozilla; using namespace mozilla::psm; @@ -1524,44 +1520,6 @@ nsresult nsNSSComponent::InitializeNSS() { } MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode)); -#if defined(NIGHTLY_BUILD) && !defined(MOZ_NO_SMART_CARDS) - if (!inSafeMode && - StaticPrefs::security_utility_pkcs11_module_process_enabled_AtStartup()) { - auto manager = ipc::UtilityProcessManager::GetSingleton(); - MOZ_ASSERT(manager); - if (manager) { - // You may need to store the launchPromise in the nsNSSComponent, - // depending on how you design its API. - auto launchPromise = manager->StartPKCS11Module(); - launchPromise->Then( - GetCurrentSerialEventTarget(), __func__, - [](RefPtr<PKCS11ModuleParent>&& parent) { - MOZ_RELEASE_ASSERT(parent); - parent->SendLoadModule(u"MySecretModule"_ns) - ->Then( - GetCurrentSerialEventTarget(), __func__, - [](nsresult res) { - // We have a result from the utility process! - // Check that we successfully loaded MySecretModule. - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(res)); - }, - [](ipc::ResponseRejectReason reason) { - // We ran into an IPC Error. - MOZ_LOG(gPIPNSSLog, LogLevel::Debug, - ("Loading MySecretModule failed: %d", - static_cast<int>(reason))); - }); - }, - [](base::LaunchError&& aError) { - // We ran into a launch error. - MOZ_LOG(gPIPNSSLog, LogLevel::Debug, - ("Failed to start the PKCS#11 process: %s, %ld", - aError.FunctionName().get(), aError.ErrorCode())); - }); - } - } -#endif // NIGHTLY_BUILD && !MOZ_NO_SMART_CARDS - rv = InitializeNSSWithFallbacks(profileStr, nocertdb, inSafeMode); MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv)); if (NS_FAILED(rv)) { diff --git a/security/manager/ssl/tests/gtest/UtilityPKCS11ModuleTest.cpp b/security/manager/ssl/tests/gtest/UtilityPKCS11ModuleTest.cpp @@ -1,86 +0,0 @@ -/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifdef MOZ_NO_SMART_CARDS -# error This file should not be used under MOZ_NO_SMART_CARDS. -#endif // MOZ_NO_SMART_CARDS - -#include "gtest/gtest.h" -#include "mozilla/gtest/ipc/TestUtilityProcess.h" -#include "mozilla/gtest/WaitFor.h" -#include "mozilla/ipc/UtilityProcessManager.h" -#include "mozilla/psm/PKCS11ModuleParent.h" -#include "nsThreadUtils.h" - -#include <vector> - -using namespace mozilla; -using namespace mozilla::gtest::ipc; -using namespace mozilla::ipc; -using namespace mozilla::psm; - -class psm_UtilityPKCS11Module : public TestUtilityProcess {}; - -TEST_F(psm_UtilityPKCS11Module, Launch) { - auto manager = UtilityProcessManager::GetSingleton(); - ASSERT_TRUE(manager); - - auto res = WaitFor(manager->StartPKCS11Module()); - ASSERT_TRUE(res.isOk()) - << "LaunchError: " << res.inspectErr().FunctionName() << ", " - << res.inspectErr().ErrorCode(); - - auto parent = res.unwrap(); - ASSERT_TRUE(parent); - ASSERT_TRUE(parent->CanSend()); - - auto utilityPid = manager->ProcessPid(SandboxingKind::PKCS11_MODULE); - ASSERT_TRUE(utilityPid.isSome()); - ASSERT_GE(*utilityPid, base::ProcessId(1)); - - manager->CleanShutdown(SandboxingKind::PKCS11_MODULE); - - utilityPid = manager->ProcessPid(SandboxingKind::PKCS11_MODULE); - ASSERT_TRUE(utilityPid.isNothing()); - - // Drain the event queue. - NS_ProcessPendingEvents(nullptr); -} - -TEST_F(psm_UtilityPKCS11Module, LoadModule) { - auto manager = UtilityProcessManager::GetSingleton(); - ASSERT_TRUE(manager); - - auto res = WaitFor(manager->StartPKCS11Module()); - ASSERT_TRUE(res.isOk()) - << "LaunchError: " << res.inspectErr().FunctionName() << ", " - << res.inspectErr().ErrorCode(); - - auto parent = res.unwrap(); - ASSERT_TRUE(parent); - ASSERT_TRUE(parent->CanSend()); - - std::vector<std::pair<nsString, nsresult>> expectedResultValues{ - std::make_pair(u"MySecretModule"_ns, NS_OK), - std::make_pair(u"AnyOtherModule"_ns, NS_ERROR_NOT_IMPLEMENTED)}; - for (const auto& [module, expected] : expectedResultValues) { - NS_ConvertUTF16toUTF8 utf8Module(module); - printf_stderr("Loading module %s\n", utf8Module.get()); - - auto ipcResult = WaitFor(parent->SendLoadModule(module)); - ASSERT_TRUE(ipcResult.isOk()) - << "ResponseRejectReason: " - << static_cast<std::underlying_type<ResponseRejectReason>::type>( - ipcResult.inspectErr()); - - auto result = ipcResult.inspect(); - ASSERT_EQ(result, expected); - } - - manager->CleanShutdown(SandboxingKind::PKCS11_MODULE); - - // Drain the event queue. - NS_ProcessPendingEvents(nullptr); -} diff --git a/security/manager/ssl/tests/gtest/moz.build b/security/manager/ssl/tests/gtest/moz.build @@ -15,11 +15,6 @@ SOURCES += [ "TLSIntoleranceTest.cpp", ] -if not CONFIG["MOZ_NO_SMART_CARDS"]: - SOURCES += [ - "UtilityPKCS11ModuleTest.cpp", - ] - LOCAL_INCLUDES += [ "/security/certverifier", "/security/manager/ssl", diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp @@ -36,7 +36,6 @@ #include "mozilla/WinDllServices.h" #include "mozilla/WindowsVersion.h" #include "mozilla/ipc/LaunchError.h" -#include "mozilla/ipc/UtilityProcessSandboxing.h" #include "nsAppDirectoryServiceDefs.h" #include "nsCOMPtr.h" #include "nsDirectoryServiceDefs.h" @@ -1857,8 +1856,6 @@ bool BuildUtilitySandbox(sandbox::TargetConfig* config, bool SandboxBroker::SetSecurityLevelForUtilityProcess( mozilla::ipc::SandboxingKind aSandbox) { - MOZ_ASSERT(IsUtilitySandboxEnabled(aSandbox)); - if (!mPolicy) { return false; } @@ -1876,6 +1873,11 @@ bool SandboxBroker::SetSecurityLevelForUtilityProcess( #endif case mozilla::ipc::SandboxingKind::WINDOWS_UTILS: return BuildUtilitySandbox(config, WindowsUtilitySandboxProps()); + case mozilla::ipc::SandboxingKind::WINDOWS_FILE_DIALOG: + // This process type is not sandboxed. (See commentary in + // `ipc::IsUtilitySandboxEnabled()`.) + MOZ_ASSERT_UNREACHABLE("No sandboxing for this process type"); + return false; default: MOZ_ASSERT_UNREACHABLE("Unknown sandboxing value"); return false; diff --git a/taskcluster/config.yml b/taskcluster/config.yml @@ -875,15 +875,6 @@ mac-signing: globs: - "/Contents/MacOS/media-plugin-helper.app" - # Only built in Nightly builds for now. For other builds, the - # globs will match nothing, and so nothing will happen. - - deep: false - runtime: true - force: true - entitlements: public/build/security/security-module-helper.xml - globs: - - "/Contents/MacOS/security-module-helper.app" - - deep: false runtime: true force: true @@ -933,15 +924,6 @@ mac-signing: globs: - "/Contents/MacOS/media-plugin-helper.app" - # Only built in Nightly builds for now. For other builds, the - # globs will match nothing, and so nothing will happen. - - deep: false - runtime: true - force: true - entitlements: public/build/security/security-module-helper.xml - globs: - - "/Contents/MacOS/security-module-helper.app" - - deep: false runtime: true force: true diff --git a/taskcluster/kinds/build/macosx-native.yml b/taskcluster/kinds/build/macosx-native.yml @@ -18,9 +18,6 @@ task-defaults: - name: public/build/security/plugin-container.xml path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/plugin-container.xml type: file - - name: public/build/security/security-module-helper.xml - path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/security-module-helper.xml - type: file run: using: mozharness script: "mozharness/scripts/fx_desktop_build.py" diff --git a/taskcluster/kinds/build/macosx.yml b/taskcluster/kinds/build/macosx.yml @@ -17,9 +17,6 @@ task-defaults: - name: public/build/security/plugin-container.xml path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/plugin-container.xml type: file - - name: public/build/security/security-module-helper.xml - path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/security-module-helper.xml - type: file run: using: mozharness actions: [get-secrets, build] diff --git a/taskcluster/kinds/instrumented-build/kind.yml b/taskcluster/kinds/instrumented-build/kind.yml @@ -128,9 +128,6 @@ tasks: - name: public/build/security/plugin-container.xml path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/plugin-container.xml type: file - - name: public/build/security/security-module-helper.xml - path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/security-module-helper.xml - type: file run: using: mozharness actions: [get-secrets, build] @@ -177,9 +174,6 @@ tasks: - name: public/build/security/plugin-container.xml path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/plugin-container.xml type: file - - name: public/build/security/security-module-helper.xml - path: checkouts/gecko/security/mac/hardenedruntime/{entitlement_directory}/security-module-helper.xml - type: file run: using: mozharness actions: [get-secrets, build] diff --git a/toolkit/components/aboutprocesses/content/aboutProcesses.js b/toolkit/components/aboutprocesses/content/aboutProcesses.js @@ -917,10 +917,6 @@ var View = { fluentName = "about-processes-utility-actor-windows-file-dialog"; break; - case "pkcs11Module": - fluentName = "about-processes-utility-actor-pkcs11-module"; - break; - default: fluentName = "about-processes-utility-actor-unknown"; break; diff --git a/toolkit/components/processtools/ProcInfo_common.cpp b/toolkit/components/processtools/ProcInfo_common.cpp @@ -59,8 +59,6 @@ nsCString GetUtilityActorName(const UtilityActorName aActorName) { return "windows-utils"_ns; case UtilityActorName::WindowsFileDialog: return "windows-file-dialog"_ns; - case UtilityActorName::Pkcs11Module: - return "pkcs11-module"_ns; default: return "unknown"_ns; } diff --git a/toolkit/locales/en-US/toolkit/about/aboutProcesses.ftl b/toolkit/locales/en-US/toolkit/about/aboutProcesses.ftl @@ -135,7 +135,6 @@ about-processes-utility-actor-mf-media-engine = Windows Media Foundation Media E about-processes-utility-actor-js-oracle = JavaScript Oracle about-processes-utility-actor-windows-utils = Windows Utils about-processes-utility-actor-windows-file-dialog = Windows File Dialog -about-processes-utility-actor-pkcs11-module = Security Module Helper ## Displaying CPU (percentage and total) ## Variables: diff --git a/toolkit/moz.configure b/toolkit/moz.configure @@ -3719,17 +3719,6 @@ option(env="MOZ_PKG_SPECIAL", nargs=1, help="Name of special moz flavor") set_config("MOZ_PKG_SPECIAL", depends_if("MOZ_PKG_SPECIAL")(lambda x: x[0])) -# Smart card support -# ============================================================== -@depends(target) -def disable_smart_cards(target): - return target.os == "Android" - - -set_config("MOZ_NO_SMART_CARDS", True, when=disable_smart_cards) -set_define("MOZ_NO_SMART_CARDS", True, when=disable_smart_cards) - - # OSX Packaging # ============================================================== @@ -3829,47 +3818,6 @@ with only_when(target_is_osx): set_config("MOZ_GPU_PROCESS_BUNDLEID", moz_gpu_process_bundle_id) - with only_when(milestone.is_nightly & ~disable_smart_cards): - # Security Module Helper - # - # Set up configuration strings for building and referencing the PKCS#11 - # utility process executable. For a local developer build where the - # display name is "Nightly", the strings will be as follows. - # - # MOZ_PKCS11_PROCESS_NAME = security-module-helper - # MOZ_PKCS11_PROCESS_NAME_BRANDED = Nightly Security Module Helper - # MOZ_PKCS11_PROCESS_NAME_BUNDLENAME = security-module-helper.app - # MOZ_PKCS11_PROCESS_BUNDLEID = org.mozilla.nightly-security-module-helper - moz_pkcs11_process_name = dependable("security-module-helper") - - set_config("MOZ_PKCS11_PROCESS_NAME", moz_pkcs11_process_name) - set_config( - "MOZ_PKCS11_PROCESS_NAME_BRANDED", - depends_if(moz_app_displayname)( - lambda name: f"{name} Security Module Helper" - ), - ) - set_config( - "MOZ_PKCS11_PROCESS_BUNDLENAME", - depends(moz_pkcs11_process_name)(lambda name: f"{name}.app"), - ) - - # Generate a lower case string with no spaces to be used as the bundle ID - # for the PKCS11 helper .app of the form org.mozilla.<executable-name>. - @depends(moz_app_displayname, moz_pkcs11_process_name, "--with-distribution-id") - def moz_pkcs11_process_bundle_id( - app_displayname, pkcs11_process_name, distribution_id - ): - if not app_displayname: - return - - pkcs11_process_bundle_id = app_displayname.replace(" ", "-").lower() - return ( - f"{distribution_id[0]}.{pkcs11_process_bundle_id}-{pkcs11_process_name}" - ) - - set_config("MOZ_PKCS11_PROCESS_BUNDLEID", moz_pkcs11_process_bundle_id) - # JS Packaging # ============================================================== @@ -4072,6 +4020,16 @@ with only_when(target_has_linux_kernel & compile_environment): ) +# Smart card support +# ============================================================== +@depends(build_project) +def disable_smart_cards(build_project): + return build_project == "mobile/android" + + +set_config("MOZ_NO_SMART_CARDS", True, when=disable_smart_cards) +set_define("MOZ_NO_SMART_CARDS", True, when=disable_smart_cards) + # Enable UniFFI fixtures # ============================================================== # These are used to test the uniffi-bindgen-gecko-js code generation. They diff --git a/tools/lint/license.yml b/tools/lint/license.yml @@ -48,13 +48,11 @@ license: - security/mac/hardenedruntime/developer/media-plugin-helper.xml - security/mac/hardenedruntime/developer/plugin-container.xml - security/mac/hardenedruntime/developer/utility.xml - - security/mac/hardenedruntime/developer/security-module-helper.xml - security/mac/hardenedruntime/production/nightly.browser.xml - security/mac/hardenedruntime/production/firefox.browser.xml - security/mac/hardenedruntime/production/firefoxdeveloperedition.browser.xml - security/mac/hardenedruntime/production/media-plugin-helper.xml - security/mac/hardenedruntime/production/plugin-container.xml - - security/mac/hardenedruntime/production/security-module-helper.xml - testing/marionette/harness/marionette_harness/www/ # Browsertime can't handle this script when there's a comment at the top - testing/raptor/browsertime/browsertime_benchmark.js