2016-05-28 00:54:31 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2012-05-21 15:12:37 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2009-06-29 22:38:29 +04:00
|
|
|
|
|
|
|
#ifndef __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
|
|
|
|
#define __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
|
|
|
|
|
|
|
|
#include "base/file_path.h"
|
|
|
|
#include "base/process_util.h"
|
|
|
|
#include "base/waitable_event.h"
|
|
|
|
#include "chrome/common/child_process_host.h"
|
|
|
|
|
2014-04-04 23:16:16 +04:00
|
|
|
#include "mozilla/DebugOnly.h"
|
2013-05-31 17:16:54 +04:00
|
|
|
#include "mozilla/ipc/FileDescriptor.h"
|
2009-07-20 22:14:41 +04:00
|
|
|
#include "mozilla/Monitor.h"
|
2014-04-04 23:16:16 +04:00
|
|
|
#include "mozilla/StaticPtr.h"
|
2009-07-20 22:14:41 +04:00
|
|
|
|
2014-04-04 23:16:16 +04:00
|
|
|
#include "nsCOMPtr.h"
|
2009-08-19 21:09:51 +04:00
|
|
|
#include "nsXULAppAPI.h" // for GeckoProcessType
|
2010-07-01 07:07:50 +04:00
|
|
|
#include "nsString.h"
|
2009-07-10 23:03:09 +04:00
|
|
|
|
2014-08-27 18:32:55 +04:00
|
|
|
#if defined(XP_WIN) && defined(MOZ_SANDBOX)
|
2014-07-17 03:01:34 +04:00
|
|
|
#include "sandboxBroker.h"
|
|
|
|
#endif
|
|
|
|
|
2009-06-29 22:38:29 +04:00
|
|
|
namespace mozilla {
|
|
|
|
namespace ipc {
|
|
|
|
|
|
|
|
class GeckoChildProcessHost : public ChildProcessHost
|
|
|
|
{
|
2009-07-20 22:14:41 +04:00
|
|
|
protected:
|
|
|
|
typedef mozilla::Monitor Monitor;
|
2012-08-08 03:29:32 +04:00
|
|
|
typedef std::vector<std::string> StringVector;
|
2009-07-20 22:14:41 +04:00
|
|
|
|
2009-06-29 22:38:29 +04:00
|
|
|
public:
|
2012-08-29 16:24:48 +04:00
|
|
|
typedef base::ChildPrivileges ChildPrivileges;
|
2009-10-28 00:52:37 +03:00
|
|
|
typedef base::ProcessHandle ProcessHandle;
|
|
|
|
|
2013-01-18 00:06:36 +04:00
|
|
|
static ChildPrivileges DefaultChildPrivileges();
|
|
|
|
|
2014-08-05 17:19:51 +04:00
|
|
|
explicit GeckoChildProcessHost(GeckoProcessType aProcessType,
|
|
|
|
ChildPrivileges aPrivileges=base::PRIVILEGES_DEFAULT);
|
2009-06-29 22:38:29 +04:00
|
|
|
|
2009-11-10 01:56:55 +03:00
|
|
|
~GeckoChildProcessHost();
|
|
|
|
|
2012-09-17 12:37:20 +04:00
|
|
|
static nsresult GetArchitecturesForBinary(const char *path, uint32_t *result);
|
2010-09-16 10:09:19 +04:00
|
|
|
|
2012-09-17 12:37:20 +04:00
|
|
|
static uint32_t GetSupportedArchitecturesForProcessType(GeckoProcessType type);
|
2010-09-16 10:09:19 +04:00
|
|
|
|
2015-04-27 22:09:45 +03:00
|
|
|
static uint32_t GetUniqueID();
|
|
|
|
|
2012-08-08 03:29:32 +04:00
|
|
|
// Block until the IPC channel for our subprocess is initialized,
|
|
|
|
// but no longer. The child process may or may not have been
|
|
|
|
// created when this method returns.
|
2014-12-30 02:13:28 +03:00
|
|
|
bool AsyncLaunch(StringVector aExtraOpts=StringVector(),
|
|
|
|
base::ProcessArchitecture arch=base::GetCurrentProcessArchitecture());
|
|
|
|
|
|
|
|
virtual bool WaitUntilConnected(int32_t aTimeoutMs = 0);
|
2012-08-08 03:29:32 +04:00
|
|
|
|
|
|
|
// Block until the IPC channel for our subprocess is initialized and
|
|
|
|
// the OS process is created. The subprocess may or may not have
|
|
|
|
// connected back to us when this method returns.
|
|
|
|
//
|
|
|
|
// NB: on POSIX, this method is relatively cheap, and doesn't
|
|
|
|
// require disk IO. On win32 however, it requires at least the
|
|
|
|
// analogue of stat(). This difference induces a semantic
|
|
|
|
// difference in this method: on POSIX, when we return, we know the
|
|
|
|
// subprocess has been created, but we don't know whether its
|
|
|
|
// executable image can be loaded. On win32, we do know that when
|
|
|
|
// we return. But we don't know if dynamic linking succeeded on
|
|
|
|
// either platform.
|
|
|
|
bool LaunchAndWaitForProcessHandle(StringVector aExtraOpts=StringVector());
|
|
|
|
|
|
|
|
// Block until the child process has been created and it connects to
|
|
|
|
// the IPC channel, meaning it's fully initialized. (Or until an
|
|
|
|
// error occurs.)
|
|
|
|
bool SyncLaunch(StringVector aExtraOpts=StringVector(),
|
2012-09-17 12:37:20 +04:00
|
|
|
int32_t timeoutMs=0,
|
2010-09-16 10:09:19 +04:00
|
|
|
base::ProcessArchitecture arch=base::GetCurrentProcessArchitecture());
|
2012-08-08 03:29:32 +04:00
|
|
|
|
2013-05-31 17:16:54 +04:00
|
|
|
virtual bool PerformAsyncLaunch(StringVector aExtraOpts=StringVector(),
|
|
|
|
base::ProcessArchitecture aArch=base::GetCurrentProcessArchitecture());
|
2009-06-29 22:38:29 +04:00
|
|
|
|
2012-09-17 12:37:20 +04:00
|
|
|
virtual void OnChannelConnected(int32_t peer_pid);
|
2016-03-01 02:43:35 +03:00
|
|
|
virtual void OnMessageReceived(IPC::Message&& aMsg);
|
2009-06-29 22:38:29 +04:00
|
|
|
virtual void OnChannelError();
|
2012-07-15 01:21:32 +04:00
|
|
|
virtual void GetQueuedMessages(std::queue<IPC::Message>& queue);
|
2009-06-29 22:38:29 +04:00
|
|
|
|
2013-05-31 17:16:54 +04:00
|
|
|
virtual void InitializeChannel();
|
2009-11-19 00:43:53 +03:00
|
|
|
|
2009-06-29 22:38:29 +04:00
|
|
|
virtual bool CanShutdown() { return true; }
|
|
|
|
|
2009-07-11 10:33:10 +04:00
|
|
|
IPC::Channel* GetChannel() {
|
|
|
|
return channelp();
|
|
|
|
}
|
|
|
|
|
2013-10-01 04:56:16 +04:00
|
|
|
// Returns a "borrowed" handle to the child process - the handle returned
|
|
|
|
// by this function must not be closed by the caller.
|
2009-10-28 00:52:37 +03:00
|
|
|
ProcessHandle GetChildProcessHandle() {
|
|
|
|
return mChildProcessHandle;
|
|
|
|
}
|
|
|
|
|
2013-06-03 14:14:37 +04:00
|
|
|
GeckoProcessType GetProcessType() {
|
|
|
|
return mProcessType;
|
|
|
|
}
|
|
|
|
|
2010-08-27 17:32:45 +04:00
|
|
|
#ifdef XP_MACOSX
|
|
|
|
task_t GetChildTask() {
|
|
|
|
return mChildTask;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-12-28 13:45:16 +04:00
|
|
|
/**
|
|
|
|
* Must run on the IO thread. Cause the OS process to exit and
|
|
|
|
* ensure its OS resources are cleaned up.
|
|
|
|
*/
|
|
|
|
void Join();
|
2010-08-27 17:32:45 +04:00
|
|
|
|
2014-03-21 16:50:07 +04:00
|
|
|
// For bug 943174: Skip the EnsureProcessTerminated call in the destructor.
|
|
|
|
void SetAlreadyDead();
|
|
|
|
|
2016-06-03 22:49:39 +03:00
|
|
|
static void EnableSameExecutableForContentProc() { sRunSelfAsContentProc = true; }
|
|
|
|
|
2009-06-29 22:38:29 +04:00
|
|
|
protected:
|
2009-08-19 21:09:51 +04:00
|
|
|
GeckoProcessType mProcessType;
|
2012-08-29 16:24:48 +04:00
|
|
|
ChildPrivileges mPrivileges;
|
2009-07-20 22:14:41 +04:00
|
|
|
Monitor mMonitor;
|
2009-06-29 22:38:29 +04:00
|
|
|
FilePath mProcessPath;
|
2013-11-02 06:09:45 +04:00
|
|
|
|
2012-08-08 03:29:32 +04:00
|
|
|
// This value must be accessed while holding mMonitor.
|
|
|
|
enum {
|
|
|
|
// This object has been constructed, but the OS process has not
|
|
|
|
// yet.
|
|
|
|
CREATING_CHANNEL = 0,
|
|
|
|
// The IPC channel for our subprocess has been created, but the OS
|
|
|
|
// process has still not been created.
|
|
|
|
CHANNEL_INITIALIZED,
|
|
|
|
// The OS process has been created, but it hasn't yet connected to
|
|
|
|
// our IPC channel.
|
|
|
|
PROCESS_CREATED,
|
|
|
|
// The process is launched and connected to our IPC channel. All
|
|
|
|
// is well.
|
|
|
|
PROCESS_CONNECTED,
|
|
|
|
PROCESS_ERROR
|
|
|
|
} mProcessState;
|
2009-06-29 22:38:29 +04:00
|
|
|
|
2012-08-22 19:56:38 +04:00
|
|
|
static int32_t mChildCounter;
|
2011-03-26 02:40:50 +03:00
|
|
|
|
2012-08-08 03:29:32 +04:00
|
|
|
void PrepareLaunch();
|
|
|
|
|
2010-07-01 07:07:50 +04:00
|
|
|
#ifdef XP_WIN
|
|
|
|
void InitWindowsGroupID();
|
|
|
|
nsString mGroupId;
|
2014-08-27 18:32:55 +04:00
|
|
|
|
|
|
|
#ifdef MOZ_SANDBOX
|
2014-07-17 03:01:34 +04:00
|
|
|
SandboxBroker mSandboxBroker;
|
2014-08-30 04:34:26 +04:00
|
|
|
std::vector<std::wstring> mAllowedFilesRead;
|
2015-02-11 19:25:43 +03:00
|
|
|
std::vector<std::wstring> mAllowedFilesReadWrite;
|
2015-11-17 10:24:34 +03:00
|
|
|
std::vector<std::wstring> mAllowedDirectories;
|
2014-11-29 20:12:18 +03:00
|
|
|
bool mEnableSandboxLogging;
|
2015-01-30 20:48:15 +03:00
|
|
|
int32_t mSandboxLevel;
|
2014-08-27 18:32:55 +04:00
|
|
|
#endif
|
2014-07-17 03:01:34 +04:00
|
|
|
#endif // XP_WIN
|
2010-07-01 07:07:50 +04:00
|
|
|
|
2009-06-29 22:38:29 +04:00
|
|
|
#if defined(OS_POSIX)
|
|
|
|
base::file_handle_mapping_vector mFileMap;
|
|
|
|
#endif
|
|
|
|
|
2009-10-28 00:52:37 +03:00
|
|
|
ProcessHandle mChildProcessHandle;
|
2010-08-27 17:32:45 +04:00
|
|
|
#if defined(OS_MACOSX)
|
|
|
|
task_t mChildTask;
|
|
|
|
#endif
|
2009-10-28 00:52:37 +03:00
|
|
|
|
2013-05-31 17:16:54 +04:00
|
|
|
void OpenPrivilegedHandle(base::ProcessId aPid);
|
|
|
|
|
2009-06-29 22:38:29 +04:00
|
|
|
private:
|
|
|
|
DISALLOW_EVIL_CONSTRUCTORS(GeckoChildProcessHost);
|
2011-03-26 02:40:50 +03:00
|
|
|
|
|
|
|
// Does the actual work for AsyncLaunch, on the IO thread.
|
|
|
|
bool PerformAsyncLaunchInternal(std::vector<std::string>& aExtraOpts,
|
|
|
|
base::ProcessArchitecture arch);
|
2012-07-15 01:21:32 +04:00
|
|
|
|
2013-05-31 17:16:54 +04:00
|
|
|
bool RunPerformAsyncLaunch(StringVector aExtraOpts=StringVector(),
|
2016-05-28 00:54:30 +03:00
|
|
|
base::ProcessArchitecture aArch=base::GetCurrentProcessArchitecture());
|
2012-08-08 03:29:32 +04:00
|
|
|
|
2016-06-03 22:49:39 +03:00
|
|
|
static void GetPathToBinary(FilePath& exePath, GeckoProcessType processType);
|
2014-04-04 23:16:16 +04:00
|
|
|
|
2016-05-26 10:18:00 +03:00
|
|
|
// The buffer is passed to preserve its lifetime until we are done
|
|
|
|
// with launching the sub-process.
|
|
|
|
void SetChildLogName(const char* varName, const char* origLogName,
|
|
|
|
nsACString &buffer);
|
2016-03-11 16:24:00 +03:00
|
|
|
|
2012-07-15 01:21:32 +04:00
|
|
|
// In between launching the subprocess and handing off its IPC
|
|
|
|
// channel, there's a small window of time in which *we* might still
|
|
|
|
// be the channel listener, and receive messages. That's bad
|
|
|
|
// because we have no idea what to do with those messages. So queue
|
|
|
|
// them here until we hand off the eventual listener.
|
|
|
|
//
|
|
|
|
// FIXME/cjones: this strongly indicates bad design. Shame on us.
|
|
|
|
std::queue<IPC::Message> mQueue;
|
2015-04-27 22:09:45 +03:00
|
|
|
|
2016-05-31 15:11:00 +03:00
|
|
|
// Remember original env values so we can restore it (there is no other
|
|
|
|
// simple way how to change environment of a child process than to modify
|
|
|
|
// the current environment).
|
|
|
|
nsCString mRestoreOrigNSPRLogName;
|
|
|
|
nsCString mRestoreOrigMozLogName;
|
|
|
|
|
2015-04-27 22:09:45 +03:00
|
|
|
static uint32_t sNextUniqueID;
|
2016-06-03 22:49:39 +03:00
|
|
|
|
|
|
|
static bool sRunSelfAsContentProc;
|
2009-06-29 22:38:29 +04:00
|
|
|
};
|
|
|
|
|
2013-05-31 17:16:54 +04:00
|
|
|
#ifdef MOZ_NUWA_PROCESS
|
2015-03-21 19:28:04 +03:00
|
|
|
class GeckoExistingProcessHost final : public GeckoChildProcessHost
|
2013-05-31 17:16:54 +04:00
|
|
|
{
|
|
|
|
public:
|
|
|
|
GeckoExistingProcessHost(GeckoProcessType aProcessType,
|
|
|
|
base::ProcessHandle aProcess,
|
|
|
|
const FileDescriptor& aFileDescriptor,
|
|
|
|
ChildPrivileges aPrivileges=base::PRIVILEGES_DEFAULT);
|
|
|
|
|
|
|
|
~GeckoExistingProcessHost();
|
|
|
|
|
|
|
|
virtual bool PerformAsyncLaunch(StringVector aExtraOpts=StringVector(),
|
2015-03-21 19:28:04 +03:00
|
|
|
base::ProcessArchitecture aArch=base::GetCurrentProcessArchitecture()) override;
|
2013-05-31 17:16:54 +04:00
|
|
|
|
2015-03-21 19:28:04 +03:00
|
|
|
virtual void InitializeChannel() override;
|
2013-05-31 17:16:54 +04:00
|
|
|
|
|
|
|
private:
|
|
|
|
base::ProcessHandle mExistingProcessHandle;
|
|
|
|
mozilla::ipc::FileDescriptor mExistingFileDescriptor;
|
|
|
|
};
|
|
|
|
#endif /* MOZ_NUWA_PROCESS */
|
|
|
|
|
2009-06-29 22:38:29 +04:00
|
|
|
} /* namespace ipc */
|
|
|
|
} /* namespace mozilla */
|
|
|
|
|
|
|
|
#endif /* __IPC_GLUE_GECKOCHILDPROCESSHOST_H__ */
|