Merging upstream version 125.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 42 insertions, 25 deletions

diff --git a/security/sandbox/test/browser_content_sandbox_fs_snap.js b/security/sandbox/test/browser_content_sandbox_fs_snap.js
index a8b26a1e31..06f04c1d33 100644
--- a/security/sandbox/test/browser_content_sandbox_fs_snap.js
+++ b/security/sandbox/test/browser_content_sandbox_fs_snap.js
@@ -18,7 +18,7 @@ Services.scriptloader.loadSubScript(
 add_task(async function () {
   // Ensure that SNAP is there
   const snap = Services.env.get("SNAP");
-  ok(snap.length > 1, "SNAP is defined");
+  Assert.greater(snap.length, 1, "SNAP is defined");
 
   // If it is there, do actual testing
   sanityChecks();
diff --git a/security/sandbox/test/browser_content_sandbox_fs_xdg.js b/security/sandbox/test/browser_content_sandbox_fs_xdg.js
index f5150fc329..34dee9d1a0 100644
--- a/security/sandbox/test/browser_content_sandbox_fs_xdg.js
+++ b/security/sandbox/test/browser_content_sandbox_fs_xdg.js
@@ -18,7 +18,7 @@ Services.scriptloader.loadSubScript(
 add_task(async function () {
   // Ensure that XDG_CONFIG_HOME is there
   const xdgConfigHome = Services.env.get("XDG_CONFIG_HOME");
-  ok(xdgConfigHome.length > 1, "XDG_CONFIG_HOME is defined");
+  Assert.greater(xdgConfigHome.length, 1, "XDG_CONFIG_HOME is defined");
 
   // If it is there, do actual testing
   sanityChecks();
diff --git a/security/sandbox/test/browser_content_sandbox_syscalls.js b/security/sandbox/test/browser_content_sandbox_syscalls.js
index dab47cf356..71d3c7ad12 100644
--- a/security/sandbox/test/browser_content_sandbox_syscalls.js
+++ b/security/sandbox/test/browser_content_sandbox_syscalls.js
@@ -262,7 +262,7 @@ add_task(async function () {
   }
 
   info(`security.sandbox.content.level=${level}`);
-  ok(level > 0, "content sandbox is enabled.");
+  Assert.greater(level, 0, "content sandbox is enabled.");
 
   let areSyscallsSandboxed = areContentSyscallsSandboxed(level);
 
@@ -282,7 +282,7 @@ add_task(async function () {
     // exec something harmless, this should fail
     let cmd = getOSExecCmd();
     let rv = await SpecialPowers.spawn(browser, [{ lib, cmd }], callExec);
-    ok(rv == -1, `exec(${cmd}) is not permitted`);
+    Assert.equal(rv, -1, `exec(${cmd}) is not permitted`);
   }
 
   // use open syscall
@@ -295,7 +295,7 @@ add_task(async function () {
       [{ lib, path, flags }],
       callOpen
     );
-    ok(fd < 0, "opening a file for writing in home is not permitted");
+    Assert.less(fd, 0, "opening a file for writing in home is not permitted");
   }
 
   // use open syscall
@@ -311,19 +311,24 @@ add_task(async function () {
       callOpen
     );
     if (isMac()) {
-      ok(
-        fd === -1,
+      Assert.strictEqual(
+        fd,
+        -1,
         "opening a file for writing in content temp is not permitted"
       );
     } else {
-      ok(fd >= 0, "opening a file for writing in content temp is permitted");
+      Assert.greaterOrEqual(
+        fd,
+        0,
+        "opening a file for writing in content temp is permitted"
+      );
     }
   }
 
   // use fork syscall
   if (isLinux() || isMac()) {
     let rv = await SpecialPowers.spawn(browser, [{ lib }], callFork);
-    ok(rv == -1, "calling fork is not permitted");
+    Assert.equal(rv, -1, "calling fork is not permitted");
   }
 
   // On macOS before 10.10 the |sysctl-name| predicate didn't exist for
@@ -336,21 +341,21 @@ add_task(async function () {
       [{ lib, name: "kern.boottime" }],
       callSysctl
     );
-    ok(rv == -1, "calling sysctl('kern.boottime') is not permitted");
+    Assert.equal(rv, -1, "calling sysctl('kern.boottime') is not permitted");
 
     rv = await SpecialPowers.spawn(
       browser,
       [{ lib, name: "net.inet.ip.ttl" }],
       callSysctl
     );
-    ok(rv == -1, "calling sysctl('net.inet.ip.ttl') is not permitted");
+    Assert.equal(rv, -1, "calling sysctl('net.inet.ip.ttl') is not permitted");
 
     rv = await SpecialPowers.spawn(
       browser,
       [{ lib, name: "hw.ncpu" }],
       callSysctl
     );
-    ok(rv == 0, "calling sysctl('hw.ncpu') is permitted");
+    Assert.equal(rv, 0, "calling sysctl('hw.ncpu') is permitted");
   }
 
   if (isLinux()) {
@@ -359,7 +364,11 @@ add_task(async function () {
     // verify we block PR_CAPBSET_READ with EINVAL
     let option = lazy.LIBC.PR_CAPBSET_READ;
     let rv = await SpecialPowers.spawn(browser, [{ lib, option }], callPrctl);
-    ok(rv === lazy.LIBC.EINVAL, "prctl(PR_CAPBSET_READ) is blocked");
+    Assert.strictEqual(
+      rv,
+      lazy.LIBC.EINVAL,
+      "prctl(PR_CAPBSET_READ) is blocked"
+    );
 
     const kernelVersion = await getKernelVersion();
     const glibcVersion = getGlibcVersion();
@@ -375,8 +384,9 @@ add_task(async function () {
         [{ lib, dirfd, path, mode, flag: 0x01 }],
         callFaccessat2
       );
-      ok(
-        rv === lazy.LIBC.ENOSYS,
+      Assert.strictEqual(
+        rv,
+        lazy.LIBC.ENOSYS,
         "faccessat2 (flag=0x01) was blocked with ENOSYS"
       );
 
@@ -385,8 +395,9 @@ add_task(async function () {
         [{ lib, dirfd, path, mode, flag: lazy.LIBC.AT_EACCESS }],
         callFaccessat2
       );
-      ok(
-        rv === lazy.LIBC.EACCES,
+      Assert.strictEqual(
+        rv,
+        lazy.LIBC.EACCES,
         "faccessat2 (flag=0x200) was allowed, errno=EACCES"
       );
     } else {
diff --git a/security/sandbox/test/browser_content_sandbox_utils.js b/security/sandbox/test/browser_content_sandbox_utils.js
index ce6ed39ff6..9b4c4af70a 100644
--- a/security/sandbox/test/browser_content_sandbox_utils.js
+++ b/security/sandbox/test/browser_content_sandbox_utils.js
@@ -33,7 +33,7 @@ function sanityChecks() {
   }
 
   info(`security.sandbox.content.level=${level}`);
-  ok(level > 0, "content sandbox is enabled.");
+  Assert.greater(level, 0, "content sandbox is enabled.");
 
   let isFileIOSandboxed = isContentFileIOSandboxed(level);
 
@@ -234,7 +234,7 @@ function isContentFileIOSandboxed(level) {
 
 // Returns the lowest sandbox level where blanket reading of the profile
 // directory from the content process should be blocked by the sandbox.
-function minProfileReadSandboxLevel(level) {
+function minProfileReadSandboxLevel() {
   switch (Services.appinfo.OS) {
     case "WINNT":
       return 3;
@@ -250,7 +250,7 @@ function minProfileReadSandboxLevel(level) {
 
 // Returns the lowest sandbox level where blanket reading of the home
 // directory from the content process should be blocked by the sandbox.
-function minHomeReadSandboxLevel(level) {
+function minHomeReadSandboxLevel() {
   switch (Services.appinfo.OS) {
     case "WINNT":
       return 3;
@@ -391,8 +391,9 @@ function GetBrowserType(type) {
   }
 
   browserType = GetBrowserType[type];
-  ok(
-    browserType.remoteType === type,
+  Assert.strictEqual(
+    browserType.remoteType,
+    type,
     `GetBrowserType(${type}) returns a ${type} process`
   );
   return browserType;
@@ -445,8 +446,9 @@ async function runTestsList(tests) {
       test.func
     );
 
-    ok(
-      result.ok == test.ok,
+    Assert.equal(
+      result.ok,
+      test.ok,
       `reading ${test.desc} from a ${processType} process ` +
         `is ${okString} (${test.file.path})`
     );
@@ -454,7 +456,11 @@ async function runTestsList(tests) {
     // if the directory is not expected to be readable,
     // ensure the listing has zero entries
     if (test.func === readDir && !test.ok) {
-      ok(result.numEntries == 0, `directory list is empty (${test.file.path})`);
+      Assert.equal(
+        result.numEntries,
+        0,
+        `directory list is empty (${test.file.path})`
+      );
     }
 
     if (test.cleanup != undefined) {