mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 782456, part 2: Inherit privileges in apps that have permissions that require them. Sigh. r=jlebar

This commit is contained in:
Chris Jones 2012-08-29 09:24:48 -03:00
Родитель 0e062741d9
Коммит 10b2881af1
2 изменённых файлов: 40 добавлений и 11 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

45
dom/ipc/ContentParent.cpp
Просмотреть файл

@ -189,7 +189,8 @@ ContentParent::PreallocateAppProcess()
sPreallocatedAppProcess =
new ContentParent(MAGIC_PREALLOCATED_APP_MANIFEST_URL,
/*isBrowserElement=*/false);
/*isBrowserElement=*/false,
base::PRIVILEGES_DEFAULT);
sPreallocatedAppProcess->Init();
}
@ -275,6 +276,19 @@ ContentParent::GetNewOrUsed(bool aForBrowserElement)
return p;
}
static bool
AppNeedsInheritedOSPrivileges(mozIApplication* aApp)
{
bool needsInherit = false;
// FIXME/bug 785592: implement a CameraBridge so we don't have to
// hack around with OS permissions
if (NS_FAILED(aApp->HasPermission("camera", &needsInherit))) {
NS_WARNING("Unable to check permissions. Breakage may follow.");
return false;
}
return needsInherit;
}
/*static*/ TabParent*
ContentParent::CreateBrowser(mozIApplication* aApp, bool aIsBrowserElement)
{
@ -326,13 +340,20 @@ ContentParent::CreateBrowser(mozIApplication* aApp, bool aIsBrowserElement)
nsRefPtr<ContentParent> p = gAppContentParents->Get(manifestURL);
if (!p) {
p = MaybeTakePreallocatedAppProcess();
if (p) {
p->SetManifestFromPreallocated(manifestURL);
} else {
NS_WARNING("Unable to use pre-allocated app process");
p = new ContentParent(manifestURL, aIsBrowserElement);
if (AppNeedsInheritedOSPrivileges(aApp)) {
p = new ContentParent(manifestURL, aIsBrowserElement,
base::PRIVILEGES_INHERIT);
p->Init();
} else {
p = MaybeTakePreallocatedAppProcess();
if (p) {
p->SetManifestFromPreallocated(manifestURL);
} else {
NS_WARNING("Unable to use pre-allocated app process");
p = new ContentParent(manifestURL, aIsBrowserElement,
base::PRIVILEGES_DEFAULT);
p->Init();
}
}
gAppContentParents->Put(manifestURL, p);
}
@ -658,8 +679,11 @@ ContentParent::GetTestShellSingleton()
}
ContentParent::ContentParent(const nsAString& aAppManifestURL,
bool aIsForBrowser)
: mGeolocationWatchID(-1)
bool aIsForBrowser,
ChildOSPrivileges aOSPrivileges)
: mSubprocess(nullptr)
, mOSPrivileges(aOSPrivileges)
, mGeolocationWatchID(-1)
, mRunToCompletionDepth(0)
, mShouldCallUnblockChild(false)
, mIsAlive(true)
@ -671,7 +695,8 @@ ContentParent::ContentParent(const nsAString& aAppManifestURL,
nsDebugImpl::SetMultiprocessMode("Parent");
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content);
mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content,
aOSPrivileges);
bool useOffMainThreadCompositing = !!CompositorParent::CompositorLoop();
if (useOffMainThreadCompositing) {

6
dom/ipc/ContentParent.h
Просмотреть файл

@ -117,6 +117,8 @@ protected:
virtual void ActorDestroy(ActorDestroyReason why);
private:
typedef base::ChildPrivileges ChildOSPrivileges;
static nsDataHashtable<nsStringHashKey, ContentParent*> *gAppContentParents;
static nsTArray<ContentParent*>* gNonAppContentParents;
static nsTArray<ContentParent*>* gPrivateContent;
@ -131,7 +133,8 @@ private:
using PContentParent::SendPBrowserConstructor;
using PContentParent::SendPTestShellConstructor;
ContentParent(const nsAString& aAppManifestURL, bool aIsForBrowser);
ContentParent(const nsAString& aAppManifestURL, bool aIsForBrowser,
ChildOSPrivileges aOSPrivileges = base::PRIVILEGES_DEFAULT);
virtual ~ContentParent();
void Init();
@ -282,6 +285,7 @@ private:
virtual void ProcessingError(Result what) MOZ_OVERRIDE;
GeckoChildProcessHost* mSubprocess;
ChildOSPrivileges mOSPrivileges;
int32_t mGeolocationWatchID;
int mRunToCompletionDepth;