diff -up firefox-68.0/config/makefiles/rust.mk.rust-network-check firefox-68.0/config/makefiles/rust.mk --- firefox-68.0/config/makefiles/rust.mk.rust-network-check 2019-06-06 10:29:18.984737603 +0200 +++ firefox-68.0/config/makefiles/rust.mk 2019-06-06 11:39:51.581028835 +0200 @@ -127,7 +127,7 @@ export RUST_BACKTRACE=full export MOZ_TOPOBJDIR=$(topobjdir) target_rust_ltoable := force-cargo-library-build -target_rust_nonltoable := force-cargo-test-run force-cargo-library-check $(foreach b,build check,force-cargo-program-$(b)) +target_rust_nonltoable := force-cargo-test-run $(foreach b,build check,force-cargo-program-$(b)) $(target_rust_ltoable): RUSTFLAGS:=$(rustflags_override) $(RUSTFLAGS) $(if $(MOZ_LTO_RUST),-Clinker-plugin-lto) $(target_rust_nonltoable): RUSTFLAGS:=$(rustflags_override) $(RUSTFLAGS) @@ -238,19 +238,9 @@ force-cargo-library-build: $(call CARGO_BUILD) --lib $(cargo_target_flag) $(rust_features_flag) -- $(cargo_rustc_flags) $(RUST_LIBRARY_FILE): force-cargo-library-build -# When we are building in --enable-release mode; we add an additional check to confirm -# that we are not importing any networking-related functions in rust code. This reduces -# the chance of proxy bypasses originating from rust code. -ifndef DEVELOPER_OPTIONS -ifndef MOZ_DEBUG_RUST -ifeq ($(OS_ARCH), Linux) - $(call py_action,check_binary,--target --networking $@) -endif -endif -endif force-cargo-library-check: - $(call CARGO_CHECK) --lib $(cargo_target_flag) $(rust_features_flag) + @true else force-cargo-library-check: @true diff -up firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py.rust-network-check firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py --- firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py.rust-network-check 2019-05-20 18:17:57.000000000 +0200 +++ firefox-68.0/python/mozbuild/mozbuild/action/check_binary.py 2019-06-06 10:29:18.986737599 +0200 @@ -250,43 +250,6 @@ def check_mozglue_order(target, binary): raise RuntimeError('Could not parse readelf output?') -def check_networking(binary): - retcode = 0 - networking_functions = set([ - # socketpair is not concerning; it is restricted to AF_UNIX - "socket", "connect", "accept", "bind", "listen", - "getsockname", "getsockopt", "setsockopt", - "recv", "recvfrom", - "send", "sendto", - # We would be concerned by recvmsg and sendmsg; but we believe - # they are okay as documented in 1376621#c23 - "gethostbyname", "gethostbyaddr", "gethostent", "sethostent", "endhostent", - "gethostent_r", "gethostbyname2", "gethostbyaddr_r", "gethostbyname_r", - "gethostbyname2_r", - "getaddrinfo", "getservent", "getservbyname", "getservbyport", "setservent", - "getprotoent", "getprotobyname", "getprotobynumber", "setprotoent", - "endprotoent"]) - bad_occurences_names = set() - - try: - for sym in at_least_one(iter_symbols(binary)): - if sym['addr'] == 0 and sym['name'] in networking_functions: - bad_occurences_names.add(sym['name']) - except Empty: - raise RuntimeError('Could not parse llvm-objdump output?') - - basename = os.path.basename(binary) - if bad_occurences_names: - s = 'TEST-UNEXPECTED-FAIL | check_networking | {} | Identified {} ' + \ - 'networking function(s) being imported in the rust static library ({})' - print(s.format(basename, len(bad_occurences_names), - ",".join(sorted(bad_occurences_names))), - file=sys.stderr) - retcode = 1 - elif buildconfig.substs.get('MOZ_AUTOMATION'): - print('TEST-PASS | check_networking | {}'.format(basename)) - return retcode - def checks(target, binary): # The clang-plugin is built as target but is really a host binary. # Cheat and pretend we were passed the right argument. @@ -330,8 +293,6 @@ def main(args): help='Perform checks for a host binary') parser.add_argument('--target', action='store_true', help='Perform checks for a target binary') - parser.add_argument('--networking', action='store_true', - help='Perform checks for networking functions') parser.add_argument('binary', metavar='PATH', help='Location of the binary to check') @@ -343,14 +304,7 @@ def main(args): file=sys.stderr) return 1 - if options.networking and options.host: - print('--networking is only valid with --target', - file=sys.stderr) - return 1 - - if options.networking: - return check_networking(options.binary) - elif options.host: + if options.host: return checks(HOST, options.binary) elif options.target: return checks(TARGET, options.binary)