025a5f
diff -up firefox-68.0/config/makefiles/rust.mk.rust-network-check firefox-68.0/config/makefiles/rust.mk
025a5f
--- firefox-68.0/config/makefiles/rust.mk.rust-network-check	2019-06-06 10:29:18.984737603 +0200
025a5f
+++ firefox-68.0/config/makefiles/rust.mk	2019-06-06 11:39:51.581028835 +0200
025a5f
@@ -127,7 +127,7 @@ export RUST_BACKTRACE=full
025a5f
 export MOZ_TOPOBJDIR=$(topobjdir)
025a5f
 
025a5f
 target_rust_ltoable := force-cargo-library-build
025a5f
-target_rust_nonltoable := force-cargo-test-run force-cargo-library-check $(foreach b,build check,force-cargo-program-$(b))
025a5f
+target_rust_nonltoable := force-cargo-test-run $(foreach b,build check,force-cargo-program-$(b))
025a5f
 
025a5f
 $(target_rust_ltoable): RUSTFLAGS:=$(rustflags_override) $(RUSTFLAGS) $(if $(MOZ_LTO_RUST),-Clinker-plugin-lto)
025a5f
 $(target_rust_nonltoable): RUSTFLAGS:=$(rustflags_override) $(RUSTFLAGS)
025a5f
@@ -238,19 +238,9 @@ force-cargo-library-build:
025a5f
 	$(call CARGO_BUILD) --lib $(cargo_target_flag) $(rust_features_flag) -- $(cargo_rustc_flags)
025a5f
 
025a5f
 $(RUST_LIBRARY_FILE): force-cargo-library-build
025a5f
-# When we are building in --enable-release mode; we add an additional check to confirm
025a5f
-# that we are not importing any networking-related functions in rust code. This reduces
025a5f
-# the chance of proxy bypasses originating from rust code.
025a5f
-ifndef DEVELOPER_OPTIONS
025a5f
-ifndef MOZ_DEBUG_RUST
025a5f
-ifeq ($(OS_ARCH), Linux)
025a5f
-	$(call py_action,check_binary,--target --networking $@)
025a5f
-endif
025a5f
-endif
025a5f
-endif
025a5f
 
025a5f
 force-cargo-library-check:
025a5f
-	$(call CARGO_CHECK) --lib $(cargo_target_flag) $(rust_features_flag)
025a5f
+	@true
025a5f
 else
025a5f
 force-cargo-library-check:
025a5f
 	@true
025a5f
diff -up firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py.rust-network-check firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py
025a5f
--- firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py.rust-network-check	2019-05-20 18:17:57.000000000 +0200
025a5f
+++ firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py	2019-06-06 10:29:18.986737599 +0200
025a5f
@@ -250,43 +250,6 @@ def check_mozglue_order(target, binary):
025a5f
         raise RuntimeError('Could not parse readelf output?')
025a5f
 
025a5f
 
025a5f
-def check_networking(binary):
025a5f
-    retcode = 0
025a5f
-    networking_functions = set([
025a5f
-        # socketpair is not concerning; it is restricted to AF_UNIX
025a5f
-        "socket", "connect", "accept", "bind", "listen",
025a5f
-        "getsockname", "getsockopt", "setsockopt",
025a5f
-        "recv", "recvfrom",
025a5f
-        "send", "sendto",
025a5f
-        # We would be concerned by recvmsg and sendmsg; but we believe
025a5f
-        # they are okay as documented in 1376621#c23
025a5f
-        "gethostbyname", "gethostbyaddr", "gethostent", "sethostent", "endhostent",
025a5f
-        "gethostent_r", "gethostbyname2", "gethostbyaddr_r", "gethostbyname_r",
025a5f
-        "gethostbyname2_r",
025a5f
-        "getaddrinfo", "getservent", "getservbyname", "getservbyport", "setservent",
025a5f
-        "getprotoent", "getprotobyname", "getprotobynumber", "setprotoent",
025a5f
-        "endprotoent"])
025a5f
-    bad_occurences_names = set()
025a5f
-
025a5f
-    try:
025a5f
-        for sym in at_least_one(iter_symbols(binary)):
025a5f
-            if sym['addr'] == 0 and sym['name'] in networking_functions:
025a5f
-                bad_occurences_names.add(sym['name'])
025a5f
-    except Empty:
025a5f
-        raise RuntimeError('Could not parse llvm-objdump output?')
025a5f
-
025a5f
-    basename = os.path.basename(binary)
025a5f
-    if bad_occurences_names:
025a5f
-        s = 'TEST-UNEXPECTED-FAIL | check_networking | {} | Identified {} ' + \
025a5f
-            'networking function(s) being imported in the rust static library ({})'
025a5f
-        print(s.format(basename, len(bad_occurences_names),
025a5f
-            ",".join(sorted(bad_occurences_names))),
025a5f
-            file=sys.stderr)
025a5f
-        retcode = 1
025a5f
-    elif buildconfig.substs.get('MOZ_AUTOMATION'):
025a5f
-        print('TEST-PASS | check_networking | {}'.format(basename))
025a5f
-    return retcode
025a5f
-
025a5f
 def checks(target, binary):
025a5f
     # The clang-plugin is built as target but is really a host binary.
025a5f
     # Cheat and pretend we were passed the right argument.
025a5f
@@ -330,8 +293,6 @@ def main(args):
025a5f
                         help='Perform checks for a host binary')
025a5f
     parser.add_argument('--target', action='store_true',
025a5f
                         help='Perform checks for a target binary')
025a5f
-    parser.add_argument('--networking', action='store_true',
025a5f
-                        help='Perform checks for networking functions')
025a5f
 
025a5f
     parser.add_argument('binary', metavar='PATH',
025a5f
                         help='Location of the binary to check')
025a5f
@@ -343,14 +304,7 @@ def main(args):
025a5f
               file=sys.stderr)
025a5f
         return 1
025a5f
 
025a5f
-    if options.networking and options.host:
025a5f
-        print('--networking is only valid with --target',
025a5f
-               file=sys.stderr)
025a5f
-        return 1
025a5f
-
025a5f
-    if options.networking:
025a5f
-        return check_networking(options.binary)
025a5f
-    elif options.host:
025a5f
+    if options.host:
025a5f
         return checks(HOST, options.binary)
025a5f
     elif options.target:
025a5f
         return checks(TARGET, options.binary)