Move sandboxing into the constellation crate.

components/compositing/Cargo.toml

@@ -33,6 +33,3 @@ serde = "0.7"
 serde_macros = "0.7"
 time = "0.1.17"
 url = {version = "1.0.0", features = ["heap_size"]}
-
-[target.'cfg(not(target_os = "windows"))'.dependencies]
-gaol = {git = "https://github.com/servo/gaol"}

components/compositing/lib.rs

@@ -15,8 +15,6 @@ extern crate app_units;
 
 extern crate azure;
 extern crate euclid;
-#[cfg(not(target_os = "windows"))]
-extern crate gaol;
 extern crate gfx;
 extern crate gfx_traits;
 extern crate gleam;
@@ -59,8 +57,6 @@ mod compositor;
 mod compositor_layer;
 pub mod compositor_thread;
 mod delayed_composition;
-#[cfg(not(target_os = "windows"))]
-pub mod sandboxing;
 mod surface_map;
 mod touch;
 pub mod windowing;

components/compositing/sandboxing.rs

@@ -1,40 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-use gaol::profile::{Operation, PathPattern, Profile};
-use std::path::PathBuf;
-use util::resource_files;
-
-/// Our content process sandbox profile on Mac. As restrictive as possible.
-#[cfg(target_os = "macos")]
-pub fn content_process_sandbox_profile() -> Profile {
-    use gaol::platform;
-    Profile::new(vec![
-        Operation::FileReadAll(PathPattern::Literal(PathBuf::from("/dev/urandom"))),
-        Operation::FileReadAll(PathPattern::Subpath(resource_files::resources_dir_path())),
-        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from("/Library/Fonts"))),
-        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from("/System/Library/Fonts"))),
-        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from(
-                    "/System/Library/Frameworks/ApplicationServices.framework"))),
-        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from(
-                    "/System/Library/Frameworks/CoreGraphics.framework"))),
-        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/"))),
-        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/Library"))),
-        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/System"))),
-        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/etc"))),
-        Operation::SystemInfoRead,
-        Operation::PlatformSpecific(platform::macos::Operation::MachLookup(
-                b"com.apple.FontServer".to_vec())),
-    ]).expect("Failed to create sandbox profile!")
-}
-
-/// Our content process sandbox profile on Linux. As restrictive as possible.
-#[cfg(not(target_os = "macos"))]
-pub fn content_process_sandbox_profile() -> Profile {
-    Profile::new(vec![
-        Operation::FileReadAll(PathPattern::Literal(PathBuf::from("/dev/urandom"))),
-        Operation::FileReadAll(PathPattern::Subpath(resource_files::resources_dir_path())),
-    ]).expect("Failed to create sandbox profile!")
-}
-