diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp index 436e80332070..b3607ed3575b 100644 --- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -189,7 +189,8 @@ ContentParent::PreallocateAppProcess() sPreallocatedAppProcess = new ContentParent(MAGIC_PREALLOCATED_APP_MANIFEST_URL, - /*isBrowserElement=*/false); + /*isBrowserElement=*/false, + base::PRIVILEGES_DEFAULT); sPreallocatedAppProcess->Init(); } @@ -275,6 +276,19 @@ ContentParent::GetNewOrUsed(bool aForBrowserElement) return p; } +static bool +AppNeedsInheritedOSPrivileges(mozIApplication* aApp) +{ + bool needsInherit = false; + // FIXME/bug 785592: implement a CameraBridge so we don't have to + // hack around with OS permissions + if (NS_FAILED(aApp->HasPermission("camera", &needsInherit))) { + NS_WARNING("Unable to check permissions. Breakage may follow."); + return false; + } + return needsInherit; +} + /*static*/ TabParent* ContentParent::CreateBrowser(mozIApplication* aApp, bool aIsBrowserElement) { @@ -326,13 +340,20 @@ ContentParent::CreateBrowser(mozIApplication* aApp, bool aIsBrowserElement) nsRefPtr p = gAppContentParents->Get(manifestURL); if (!p) { - p = MaybeTakePreallocatedAppProcess(); - if (p) { - p->SetManifestFromPreallocated(manifestURL); - } else { - NS_WARNING("Unable to use pre-allocated app process"); - p = new ContentParent(manifestURL, aIsBrowserElement); + if (AppNeedsInheritedOSPrivileges(aApp)) { + p = new ContentParent(manifestURL, aIsBrowserElement, + base::PRIVILEGES_INHERIT); p->Init(); + } else { + p = MaybeTakePreallocatedAppProcess(); + if (p) { + p->SetManifestFromPreallocated(manifestURL); + } else { + NS_WARNING("Unable to use pre-allocated app process"); + p = new ContentParent(manifestURL, aIsBrowserElement, + base::PRIVILEGES_DEFAULT); + p->Init(); + } } gAppContentParents->Put(manifestURL, p); } @@ -658,8 +679,11 @@ ContentParent::GetTestShellSingleton() } ContentParent::ContentParent(const nsAString& aAppManifestURL, - bool aIsForBrowser) - : mGeolocationWatchID(-1) + bool aIsForBrowser, + ChildOSPrivileges aOSPrivileges) + : mSubprocess(nullptr) + , mOSPrivileges(aOSPrivileges) + , mGeolocationWatchID(-1) , mRunToCompletionDepth(0) , mShouldCallUnblockChild(false) , mIsAlive(true) @@ -671,7 +695,8 @@ ContentParent::ContentParent(const nsAString& aAppManifestURL, nsDebugImpl::SetMultiprocessMode("Parent"); NS_ASSERTION(NS_IsMainThread(), "Wrong thread!"); - mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content); + mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content, + aOSPrivileges); bool useOffMainThreadCompositing = !!CompositorParent::CompositorLoop(); if (useOffMainThreadCompositing) { diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h index 53f4f0a13a2d..56625c17c637 100644 --- a/dom/ipc/ContentParent.h +++ b/dom/ipc/ContentParent.h @@ -117,6 +117,8 @@ protected: virtual void ActorDestroy(ActorDestroyReason why); private: + typedef base::ChildPrivileges ChildOSPrivileges; + static nsDataHashtable *gAppContentParents; static nsTArray* gNonAppContentParents; static nsTArray* gPrivateContent; @@ -131,7 +133,8 @@ private: using PContentParent::SendPBrowserConstructor; using PContentParent::SendPTestShellConstructor; - ContentParent(const nsAString& aAppManifestURL, bool aIsForBrowser); + ContentParent(const nsAString& aAppManifestURL, bool aIsForBrowser, + ChildOSPrivileges aOSPrivileges = base::PRIVILEGES_DEFAULT); virtual ~ContentParent(); void Init(); @@ -282,6 +285,7 @@ private: virtual void ProcessingError(Result what) MOZ_OVERRIDE; GeckoChildProcessHost* mSubprocess; + ChildOSPrivileges mOSPrivileges; int32_t mGeolocationWatchID; int mRunToCompletionDepth;