Move sandboxing into the constellation crate.

components/constellation/constellation.rs

@@ -16,8 +16,6 @@ use clipboard::ClipboardContext;
 use compositing::CompositorMsg as FromCompositorMsg;
 use compositing::compositor_thread::CompositorProxy;
 use compositing::compositor_thread::Msg as ToCompositorMsg;
-#[cfg(not(target_os = "windows"))]
-use compositing::sandboxing;
 use compositing::{AnimationTickType, SendableFrameTree};
 use devtools_traits::{ChromeToDevtoolsControlMsg, DevtoolsControlMsg};
 use euclid::scale_factor::ScaleFactor;
@@ -49,6 +47,8 @@ use pipeline::{InitialPipelineState, Pipeline, UnprivilegedPipelineContent};
 use profile_traits::mem;
 use profile_traits::time;
 use rand::{random, Rng, SeedableRng, StdRng};
+#[cfg(not(target_os = "windows"))]
+use sandboxing::content_process_sandbox_profile;
 use script_traits::{AnimationState, CompositorEvent, ConstellationControlMsg};
 use script_traits::{DocumentState, LayoutControlMsg};
 use script_traits::{IFrameLoadInfo, IFrameSandboxState, TimerEventRequest};
@@ -482,7 +482,7 @@ impl<LTF: LayoutThreadFactory, STF: ScriptThreadFactory> Constellation<LTF, STF>
                 command.env("RUST_BACKTRACE", value);
             }
 
-            let profile = sandboxing::content_process_sandbox_profile();
+            let profile = content_process_sandbox_profile();
             ChildProcess::Sandboxed(Sandbox::new(profile).start(&mut command)
                                     .expect("Failed to start sandboxed child process!"))
         } else {

components/constellation/lib.rs

@@ -43,7 +43,11 @@ extern crate webrender_traits;
 
 mod constellation;
 mod pipeline;
+#[cfg(not(target_os = "windows"))]
+mod sandboxing;
 mod timer_scheduler;
 
 pub use constellation::{Constellation, InitialConstellationState};
 pub use pipeline::UnprivilegedPipelineContent;
+#[cfg(not(target_os = "windows"))]
+pub use sandboxing::content_process_sandbox_profile;

components/constellation/sandboxing.rs

@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+use gaol::profile::{Operation, PathPattern, Profile};
+use std::path::PathBuf;
+use util::resource_files;
+
+/// Our content process sandbox profile on Mac. As restrictive as possible.
+#[cfg(target_os = "macos")]
+pub fn content_process_sandbox_profile() -> Profile {
+    use gaol::platform;
+    Profile::new(vec![
+        Operation::FileReadAll(PathPattern::Literal(PathBuf::from("/dev/urandom"))),
+        Operation::FileReadAll(PathPattern::Subpath(resource_files::resources_dir_path())),
+        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from("/Library/Fonts"))),
+        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from("/System/Library/Fonts"))),
+        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from(
+                    "/System/Library/Frameworks/ApplicationServices.framework"))),
+        Operation::FileReadAll(PathPattern::Subpath(PathBuf::from(
+                    "/System/Library/Frameworks/CoreGraphics.framework"))),
+        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/"))),
+        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/Library"))),
+        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/System"))),
+        Operation::FileReadMetadata(PathPattern::Literal(PathBuf::from("/etc"))),
+        Operation::SystemInfoRead,
+        Operation::PlatformSpecific(platform::macos::Operation::MachLookup(
+                b"com.apple.FontServer".to_vec())),
+    ]).expect("Failed to create sandbox profile!")
+}
+
+/// Our content process sandbox profile on Linux. As restrictive as possible.
+#[cfg(not(target_os = "macos"))]
+pub fn content_process_sandbox_profile() -> Profile {
+    Profile::new(vec![
+        Operation::FileReadAll(PathPattern::Literal(PathBuf::from("/dev/urandom"))),
+        Operation::FileReadAll(PathPattern::Subpath(resource_files::resources_dir_path())),
+    ]).expect("Failed to create sandbox profile!")
+}
+