Closed Bug 1316153 Opened 3 years ago Closed 2 years ago

Remove B2G-specific child process privilege levels from IPC

Categories

(Core :: IPC, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla58
Tracking Status
firefox52 --- wontfix
firefox58 --- fixed

People

(Reporter: jld, Assigned: jld)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Copying this out of my review comment in bug 1147911 comment #30 just to make sure it doesn't get lost:

::: ipc/chromium/src/base/child_privileges.h
@@ +11,5 @@
> +
> +enum ChildPrivileges {
> +  PRIVILEGES_DEFAULT,
> +  PRIVILEGES_UNPRIVILEGED,
> +  PRIVILEGES_INHERIT,

I'm pretty sure we need only one of these three now.  They're a remnant of early B2G when it used Android's group-based permissions (the last of those went away in bug 976398, after which I think everything was UNPRIVILEGED — and UNPRIVILEGED as implemented needs the parent process to be running as root, so it was always B2G-only).  And B2G is gone now.  Currently it looks like everything winds up being INHERIT, but INHERIT being called INHERIT is probably because there used to be actual nested child processes, so it's maybe not the best name.
Too late for firefox 52, mass-wontfix.
No longer blocks: 1369194
Some notes from reviewing patches in bug 1382099:
* This means that SetCurrentProcessPrivileges, and any other uid/gid related stuff in process_util_linux, can go away.
* Also, kLowRightsSubprocesses in GeckoChildProcessHost.cpp can be constant-propagated.
I have a patch that removes ChildPrivileges entirely.  The only thing it's doing right now is communicating whether a content process may handle file:/// from GeckoChildProcessHost to the Windows sandbox, and that can be done more directly.  I'd been thinking of using it on desktop Linux for sandboxing purposes, but there's a cleaner way to do that.
Assignee: nobody → jld
Priority: -- → P3
Priority: P3 → P2
Comment on attachment 8915389 [details]
Bug 1316153 - Remove base::ChildPrivileges from IPC.

https://reviewboard.mozilla.org/r/186580/#review191748

I've only skimmed the IPC stuff.
It's possible that we might want to pass down the remote type as the subtype, but a bool is fine for now.
Also, thinking about it, once we get round to proxying the file access we shouldn't even need that.
Attachment #8915389 - Flags: review?(bobowencode) → review+
Comment on attachment 8915389 [details]
Bug 1316153 - Remove base::ChildPrivileges from IPC.

https://reviewboard.mozilla.org/r/186580/#review193364
Attachment #8915389 - Flags: review?(wmccloskey) → review+
Pushed by jedavis@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/87077c875c63
Remove base::ChildPrivileges from IPC. r=billm,bobowen
https://hg.mozilla.org/mozilla-central/rev/87077c875c63
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.