Bug 1441801 Part 1: Stop using the chromium sandbox DLL blocking mech…

…anism on Nightly. r=jimm
Brli · Mar 1, 2018 · c8f5295 · c8f5295
1 parent 45a0b7c
commit c8f5295
Showing 1 changed file with 1 addition and 51 deletions.
diff --git a/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp b/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
@@ -7,9 +7,6 @@
 #include "sandboxBroker.h"
 
 #include <string>
-#if defined(NIGHTLY_BUILD)
-#include <vector>
-#endif
 
 #include "base/win/windows_version.h"
 #include "mozilla/Assertions.h"
@@ -31,32 +28,6 @@
 #include "sandbox/win/src/security_level.h"
 #include "WinUtils.h"
 
-#if defined(NIGHTLY_BUILD)
-
-// This list of DLLs have been found to cause instability in sandboxed child
-// processes and so they will be unloaded if they attempt to load.
-const std::vector<std::wstring> kDllsToUnload = {
-  // Symantec Corporation (bug 1400637)
-  L"ffm64.dll",
-  L"ffm.dll",
-  L"prntm64.dll",
-
-  // HitmanPro - SurfRight now part of Sophos (bug 1400637)
-  L"hmpalert.dll",
-
-  // Avast Antivirus (bug 1400637)
-  L"snxhk64.dll",
-  L"snxhk.dll",
-
-  // Webroot SecureAnywhere (bug 1400637)
-  L"wrusr.dll",
-
-  // Comodo Internet Security (bug 1400637)
-  L"guard32.dll",
-};
-
-#endif
-
 namespace mozilla
 {
 
@@ -258,30 +229,9 @@ SandboxBroker::LaunchApp(const wchar_t *aPath,
                      sandbox::TargetPolicy::FILES_ALLOW_ANY, logFileName);
   }
 
-  sandbox::ResultCode result;
-#if defined(NIGHTLY_BUILD)
-
-  // Add DLLs to the policy that have been found to cause instability with the
-  // sandbox, so that they will be unloaded when they attempt to load.
-  for (std::wstring dllToUnload : kDllsToUnload) {
-    // Similar to Chromium, we only add a DLL if it is loaded in this process.
-    if (::GetModuleHandleW(dllToUnload.c_str())) {
-      result = mPolicy->AddDllToUnload(dllToUnload.c_str());
-      MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
-                         "AddDllToUnload should never fail, what happened?");
-    }
-  }
-
-  // Add K7 Computing DLL to be blocked even if not loaded in the parent, as we
-  // are still getting crash reports for it.
-  result = mPolicy->AddDllToUnload(L"k7pswsen.dll");
-  MOZ_RELEASE_ASSERT(sandbox::SBOX_ALL_OK == result,
-                     "AddDllToUnload should never fail, what happened?");
-
-#endif
-
   // Ceate the sandboxed process
   PROCESS_INFORMATION targetInfo = {0};
+  sandbox::ResultCode result;
   sandbox::ResultCode last_warning = sandbox::SBOX_ALL_OK;
   DWORD last_error = ERROR_SUCCESS;
   result = sBrokerService->SpawnTarget(aPath, aArguments, aEnvironment, mPolicy,