зеркало из https://github.com/mozilla/gecko-dev.git
Merge autoland to mozilla-central. a=merge
This commit is contained in:
Коммит
f64fd67d89
|
@ -84,11 +84,6 @@ if CONFIG['OS_ARCH'] == 'WINNT':
|
|||
'ole32.dll',
|
||||
]
|
||||
|
||||
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'Darwin':
|
||||
USE_LIBS += [
|
||||
'mozsandbox',
|
||||
]
|
||||
|
||||
if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT':
|
||||
# For sandbox includes and the include dependencies those have
|
||||
LOCAL_INCLUDES += [
|
||||
|
|
|
@ -43,10 +43,6 @@
|
|||
#include "FuzzerDefs.h"
|
||||
#endif
|
||||
|
||||
#ifdef XP_MACOSX
|
||||
#include "mozilla/Sandbox.h"
|
||||
#endif
|
||||
|
||||
#ifdef MOZ_LINUX_32_SSE2_STARTUP_ERROR
|
||||
#include <cpuid.h>
|
||||
#include "mozilla/Unused.h"
|
||||
|
@ -267,16 +263,6 @@ int main(int argc, char* argv[], char* envp[])
|
|||
{
|
||||
mozilla::TimeStamp start = mozilla::TimeStamp::Now();
|
||||
|
||||
#ifdef XP_MACOSX
|
||||
if (argc > 1 && IsArg(argv[1], "contentproc")) {
|
||||
std::string err;
|
||||
if (!mozilla::EarlyStartMacSandboxIfEnabled(argc, argv, err)) {
|
||||
Output("Sandbox error: %s\n", err.c_str());
|
||||
MOZ_CRASH("Sandbox initialization failed");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef MOZ_BROWSER_CAN_BE_CONTENTPROC
|
||||
// We are launching as a content process, delegate to the appropriate
|
||||
// main
|
||||
|
|
|
@ -1026,12 +1026,6 @@ pref("security.sandbox.gpu.level", 0);
|
|||
pref("security.sandbox.gmp.win32k-disable", false);
|
||||
#endif
|
||||
|
||||
#if defined(NIGHTLY_BUILD) && defined(XP_MACOSX) && defined(MOZ_SANDBOX)
|
||||
// Start the Mac sandbox immediately during child process startup instead
|
||||
// of when messaged by the parent after the message loop is running.
|
||||
pref("security.sandbox.content.mac.earlyinit", true);
|
||||
#endif
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// This pref is discussed in bug 1083344, the naming is inspired from its
|
||||
// Windows counterpart, but on Mac it's an integer which means:
|
||||
|
|
|
@ -107,7 +107,6 @@ devtools.jar:
|
|||
skin/images/accessibility.svg (themes/images/accessibility.svg)
|
||||
skin/images/add.svg (themes/images/add.svg)
|
||||
skin/images/arrowhead-left.svg (themes/images/arrowhead-left.svg)
|
||||
skin/images/arrowhead-right.svg (themes/images/arrowhead-right.svg)
|
||||
skin/images/arrowhead-down.svg (themes/images/arrowhead-down.svg)
|
||||
skin/images/arrowhead-up.svg (themes/images/arrowhead-up.svg)
|
||||
skin/images/breadcrumbs-divider.svg (themes/images/breadcrumbs-divider.svg)
|
||||
|
|
|
@ -217,14 +217,13 @@
|
|||
}
|
||||
|
||||
.flex-outline-final {
|
||||
border: 1px solid currentColor;
|
||||
border: 2px solid currentColor;
|
||||
position: relative;
|
||||
grid-column: final-start / final-end;
|
||||
}
|
||||
|
||||
.flex-outline-final.clamped::after {
|
||||
content: "";
|
||||
background-color: var(--theme-body-background);
|
||||
background-image: url(chrome://devtools/skin/images/lock.svg);
|
||||
background-size: 16px;
|
||||
background-repeat: no-repeat;
|
||||
|
@ -236,7 +235,13 @@
|
|||
position: absolute;
|
||||
right: -10px;
|
||||
top: 6px;
|
||||
border-radius: 50%;
|
||||
/* Making sure the icon is visible against any background by creating a plain background
|
||||
around its shape, using a drop-shadow filter. */
|
||||
filter:
|
||||
drop-shadow(1px 0px 0px var(--theme-body-background))
|
||||
drop-shadow(0px 1px 0px var(--theme-body-background))
|
||||
drop-shadow(-1px 0px 0px var(--theme-body-background))
|
||||
drop-shadow(0px -1px 0px var(--theme-body-background));
|
||||
}
|
||||
|
||||
.flex-outline.column .flex-outline-final.clamped::after {
|
||||
|
@ -246,7 +251,7 @@
|
|||
.flex-outline-basis {
|
||||
border-style: dotted;
|
||||
border-width: 3px;
|
||||
margin: 1px 0;
|
||||
margin: 1px;
|
||||
grid-column: basis-start / basis-end;
|
||||
}
|
||||
|
||||
|
@ -255,19 +260,43 @@
|
|||
}
|
||||
|
||||
.flex-outline-delta {
|
||||
background-repeat: round;
|
||||
fill: currentColor;
|
||||
-moz-context-properties: fill;
|
||||
grid-column: delta-start / delta-end;
|
||||
margin: 4px;
|
||||
margin: 3px 0;
|
||||
opacity: .5;
|
||||
position: relative;
|
||||
}
|
||||
|
||||
.flex-outline.growing .flex-outline-delta {
|
||||
background-image: url(chrome://devtools/skin/images/arrowhead-right.svg);
|
||||
.flex-outline-delta::before {
|
||||
content: "";
|
||||
position: absolute;
|
||||
left: 2px;
|
||||
right: 2px;
|
||||
top: calc(50% - .5px);
|
||||
height: 1px;
|
||||
background: currentColor;
|
||||
}
|
||||
|
||||
.flex-outline.shrinking .flex-outline-delta {
|
||||
background-image: url(chrome://devtools/skin/images/arrowhead-left.svg);
|
||||
.flex-outline-delta::after {
|
||||
content: "";
|
||||
position: absolute;
|
||||
width: 5px;
|
||||
height: 5px;
|
||||
top: 50%;
|
||||
border: 1px solid currentColor;
|
||||
}
|
||||
|
||||
.flex-outline.growing .flex-outline-delta:after {
|
||||
right: 2px;
|
||||
border-width: 1px 1px 0 0;
|
||||
transform-origin: top right;
|
||||
transform: rotate(.125turn);
|
||||
}
|
||||
|
||||
.flex-outline.shrinking .flex-outline-delta:after {
|
||||
left: 2px;
|
||||
border-width: 1px 0 0 1px;
|
||||
transform-origin: top left;
|
||||
transform: rotate(-.125turn);
|
||||
}
|
||||
|
||||
.flex-outline-point {
|
||||
|
|
|
@ -194,7 +194,6 @@
|
|||
#endif
|
||||
|
||||
#if defined(XP_MACOSX)
|
||||
#include "nsMacUtilsImpl.h"
|
||||
#include <CoreServices/CoreServices.h>
|
||||
// Info.plist key associated with the developer repo path
|
||||
#define MAC_DEV_REPO_KEY "MozillaDeveloperRepoPath"
|
||||
|
@ -1524,6 +1523,110 @@ ContentChild::RecvReinitRenderingForDeviceReset()
|
|||
}
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
static bool
|
||||
GetAppPaths(nsCString &aAppPath, nsCString &aAppBinaryPath, nsCString &aAppDir)
|
||||
{
|
||||
nsAutoCString appPath;
|
||||
nsAutoCString appBinaryPath(
|
||||
(CommandLine::ForCurrentProcess()->argv()[0]).c_str());
|
||||
|
||||
nsAutoCString::const_iterator start, end;
|
||||
appBinaryPath.BeginReading(start);
|
||||
appBinaryPath.EndReading(end);
|
||||
if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) {
|
||||
end = start;
|
||||
++end; ++end; ++end; ++end;
|
||||
appBinaryPath.BeginReading(start);
|
||||
appPath.Assign(Substring(start, end));
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIFile> app, appBinary;
|
||||
nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath),
|
||||
true, getter_AddRefs(app));
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appBinaryPath),
|
||||
true, getter_AddRefs(appBinary));
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIFile> appDir;
|
||||
nsCOMPtr<nsIProperties> dirSvc =
|
||||
do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID);
|
||||
if (!dirSvc) {
|
||||
return false;
|
||||
}
|
||||
rv = dirSvc->Get(NS_GRE_DIR,
|
||||
NS_GET_IID(nsIFile), getter_AddRefs(appDir));
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
bool exists;
|
||||
rv = appDir->Exists(&exists);
|
||||
if (NS_FAILED(rv) || !exists) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// appDir points to .app/Contents/Resources, for our purposes we want
|
||||
// .app/Contents.
|
||||
nsCOMPtr<nsIFile> appDirParent;
|
||||
rv = appDir->GetParent(getter_AddRefs(appDirParent));
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
rv = app->Normalize();
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
app->GetNativePath(aAppPath);
|
||||
|
||||
rv = appBinary->Normalize();
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
appBinary->GetNativePath(aAppBinaryPath);
|
||||
|
||||
rv = appDirParent->Normalize();
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
appDirParent->GetNativePath(aAppDir);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// This function is only used in an |#ifdef DEBUG| path.
|
||||
#ifdef DEBUG
|
||||
// Given a path to a file, return the directory which contains it.
|
||||
static nsAutoCString
|
||||
GetDirectoryPath(const char *aPath) {
|
||||
nsCOMPtr<nsIFile> file = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID);
|
||||
if (!file ||
|
||||
NS_FAILED(file->InitWithNativePath(nsDependentCString(aPath)))) {
|
||||
MOZ_CRASH("Failed to create or init an nsIFile");
|
||||
}
|
||||
nsCOMPtr<nsIFile> directoryFile;
|
||||
if (NS_FAILED(file->GetParent(getter_AddRefs(directoryFile))) ||
|
||||
!directoryFile) {
|
||||
MOZ_CRASH("Failed to get parent for an nsIFile");
|
||||
}
|
||||
directoryFile->Normalize();
|
||||
nsAutoCString directoryPath;
|
||||
if (NS_FAILED(directoryFile->GetNativePath(directoryPath))) {
|
||||
MOZ_CRASH("Failed to get path for an nsIFile");
|
||||
}
|
||||
return directoryPath;
|
||||
}
|
||||
#endif // DEBUG
|
||||
|
||||
extern "C" {
|
||||
CGError
|
||||
CGSSetDenyWindowServerConnections(bool);
|
||||
|
@ -1555,9 +1658,9 @@ StartMacOSContentSandbox()
|
|||
#endif
|
||||
}
|
||||
|
||||
nsAutoCString appPath;
|
||||
if (!nsMacUtilsImpl::GetAppPath(appPath)) {
|
||||
MOZ_CRASH("Error resolving child process app path");
|
||||
nsAutoCString appPath, appBinaryPath, appDir;
|
||||
if (!GetAppPaths(appPath, appBinaryPath, appDir)) {
|
||||
MOZ_CRASH("Error resolving child process path");
|
||||
}
|
||||
|
||||
ContentChild* cc = ContentChild::GetSingleton();
|
||||
|
@ -1583,9 +1686,9 @@ StartMacOSContentSandbox()
|
|||
info.shouldLog = Preferences::GetBool("security.sandbox.logging.enabled") ||
|
||||
PR_GetEnv("MOZ_SANDBOX_LOGGING");
|
||||
info.appPath.assign(appPath.get());
|
||||
info.appBinaryPath.assign(appBinaryPath.get());
|
||||
info.appDir.assign(appDir.get());
|
||||
info.hasAudio = !Preferences::GetBool("media.cubeb.sandbox");
|
||||
info.hasWindowServer = !Preferences::GetBool(
|
||||
"security.sandbox.content.mac.disconnect-windowserver");
|
||||
|
||||
// These paths are used to whitelist certain directories used by the testing
|
||||
// system. They should not be considered a public API, and are only intended
|
||||
|
@ -1639,8 +1742,7 @@ StartMacOSContentSandbox()
|
|||
if (bloatLog != nullptr) {
|
||||
// |bloatLog| points to a specific file, but we actually write to a sibling
|
||||
// of that path.
|
||||
nsAutoCString bloatDirectoryPath =
|
||||
nsMacUtilsImpl::GetDirectoryPath(bloatLog);
|
||||
nsAutoCString bloatDirectoryPath = GetDirectoryPath(bloatLog);
|
||||
info.debugWriteDir.assign(bloatDirectoryPath.get());
|
||||
}
|
||||
#endif // DEBUG
|
||||
|
|
|
@ -110,7 +110,6 @@
|
|||
#include "mozilla/Unused.h"
|
||||
#include "mozilla/HangDetails.h"
|
||||
#include "nsAnonymousTemporaryFile.h"
|
||||
#include "nsAppDirectoryServiceDefs.h"
|
||||
#include "nsAppRunner.h"
|
||||
#include "nsCDefaultURIFixup.h"
|
||||
#include "nsCExternalHandlerService.h"
|
||||
|
@ -120,7 +119,6 @@
|
|||
#include "nsConsoleService.h"
|
||||
#include "nsContentUtils.h"
|
||||
#include "nsDebugImpl.h"
|
||||
#include "nsDirectoryService.h"
|
||||
#include "nsDirectoryServiceDefs.h"
|
||||
#include "nsEmbedCID.h"
|
||||
#include "nsFrameLoader.h"
|
||||
|
@ -216,10 +214,6 @@
|
|||
#include "signaling/src/peerconnection/WebrtcGlobalParent.h"
|
||||
#endif
|
||||
|
||||
#if defined(XP_MACOSX)
|
||||
#include "nsMacUtilsImpl.h"
|
||||
#endif
|
||||
|
||||
#if defined(ANDROID) || defined(LINUX)
|
||||
#include "nsSystemInfo.h"
|
||||
#endif
|
||||
|
@ -615,10 +609,6 @@ static const char* sObserverTopics[] = {
|
|||
"clear-site-data-reload-needed",
|
||||
};
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
bool ContentParent::sEarlySandboxInit = false;
|
||||
#endif
|
||||
|
||||
// PreallocateProcess is called by the PreallocatedProcessManager.
|
||||
// ContentParent then takes this process back within GetNewOrUsedBrowserProcess.
|
||||
/*static*/ already_AddRefed<ContentParent>
|
||||
|
@ -2140,120 +2130,6 @@ ContentParent::GetTestShellSingleton()
|
|||
return static_cast<TestShellParent*>(p);
|
||||
}
|
||||
|
||||
#ifdef XP_MACOSX
|
||||
void
|
||||
ContentParent::AppendSandboxParams(std::vector<std::string> &aArgs)
|
||||
{
|
||||
nsCOMPtr<nsIProperties>
|
||||
directoryService(do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID));
|
||||
if (!directoryService) {
|
||||
MOZ_CRASH("Failed to get the directory service");
|
||||
}
|
||||
|
||||
// Indicates the child should startup the sandbox
|
||||
aArgs.push_back("-sbStartup");
|
||||
|
||||
// The content sandbox level
|
||||
int contentSandboxLevel =
|
||||
Preferences::GetInt("security.sandbox.content.level");
|
||||
std::ostringstream os;
|
||||
os << contentSandboxLevel;
|
||||
std::string contentSandboxLevelString = os.str();
|
||||
aArgs.push_back("-sbLevel");
|
||||
aArgs.push_back(contentSandboxLevelString);
|
||||
|
||||
// Sandbox logging
|
||||
if (Preferences::GetBool("security.sandbox.logging.enabled") ||
|
||||
PR_GetEnv("MOZ_SANDBOX_LOGGING")) {
|
||||
aArgs.push_back("-sbLogging");
|
||||
}
|
||||
|
||||
// For file content processes
|
||||
if (GetRemoteType().EqualsLiteral(FILE_REMOTE_TYPE)) {
|
||||
aArgs.push_back("-sbAllowFileAccess");
|
||||
}
|
||||
|
||||
// Audio access
|
||||
if (!Preferences::GetBool("media.cubeb.sandbox")) {
|
||||
aArgs.push_back("-sbAllowAudio");
|
||||
}
|
||||
|
||||
// Windowserver access
|
||||
if (!Preferences::GetBool("security.sandbox.content.mac.disconnect-windowserver")) {
|
||||
aArgs.push_back("-sbAllowWindowServer");
|
||||
}
|
||||
|
||||
// .app path (normalized)
|
||||
nsAutoCString appPath;
|
||||
if (!nsMacUtilsImpl::GetAppPath(appPath)) {
|
||||
MOZ_CRASH("Failed to get app dir paths");
|
||||
}
|
||||
aArgs.push_back("-sbAppPath");
|
||||
aArgs.push_back(appPath.get());
|
||||
|
||||
// TESTING_READ_PATH1
|
||||
nsAutoCString testingReadPath1;
|
||||
Preferences::GetCString("security.sandbox.content.mac.testing_read_path1",
|
||||
testingReadPath1);
|
||||
if (!testingReadPath1.IsEmpty()) {
|
||||
aArgs.push_back("-sbTestingReadPath");
|
||||
aArgs.push_back(testingReadPath1.get());
|
||||
}
|
||||
|
||||
// TESTING_READ_PATH2
|
||||
nsAutoCString testingReadPath2;
|
||||
Preferences::GetCString("security.sandbox.content.mac.testing_read_path2",
|
||||
testingReadPath2);
|
||||
if (!testingReadPath2.IsEmpty()) {
|
||||
aArgs.push_back("-sbTestingReadPath");
|
||||
aArgs.push_back(testingReadPath2.get());
|
||||
}
|
||||
|
||||
// TESTING_READ_PATH3, TESTING_READ_PATH4. In development builds,
|
||||
// these are used to whitelist the repo dir and object dir respectively.
|
||||
nsresult rv;
|
||||
if (mozilla::IsDevelopmentBuild()) {
|
||||
// Repo dir
|
||||
nsCOMPtr<nsIFile> repoDir;
|
||||
rv = mozilla::GetRepoDir(getter_AddRefs(repoDir));
|
||||
if (NS_FAILED(rv)) {
|
||||
MOZ_CRASH("Failed to get path to repo dir");
|
||||
}
|
||||
nsCString repoDirPath;
|
||||
Unused << repoDir->GetNativePath(repoDirPath);
|
||||
aArgs.push_back("-sbTestingReadPath");
|
||||
aArgs.push_back(repoDirPath.get());
|
||||
|
||||
// Object dir
|
||||
nsCOMPtr<nsIFile> objDir;
|
||||
rv = mozilla::GetObjDir(getter_AddRefs(objDir));
|
||||
if (NS_FAILED(rv)) {
|
||||
MOZ_CRASH("Failed to get path to build object dir");
|
||||
}
|
||||
nsCString objDirPath;
|
||||
Unused << objDir->GetNativePath(objDirPath);
|
||||
aArgs.push_back("-sbTestingReadPath");
|
||||
aArgs.push_back(objDirPath.get());
|
||||
}
|
||||
|
||||
// DEBUG_WRITE_DIR
|
||||
#ifdef DEBUG
|
||||
// When a content process dies intentionally (|NoteIntentionalCrash|), for
|
||||
// tests it wants to log that it did this. Allow writing to this location
|
||||
// that the testrunner wants.
|
||||
char *bloatLog = PR_GetEnv("XPCOM_MEM_BLOAT_LOG");
|
||||
if (bloatLog != nullptr) {
|
||||
// |bloatLog| points to a specific file, but we actually write to a sibling
|
||||
// of that path.
|
||||
nsAutoCString bloatDirectoryPath =
|
||||
nsMacUtilsImpl::GetDirectoryPath(bloatLog);
|
||||
aArgs.push_back("-sbDebugWriteDir");
|
||||
aArgs.push_back(bloatDirectoryPath.get());
|
||||
}
|
||||
#endif // DEBUG
|
||||
}
|
||||
#endif // XP_MACOSX
|
||||
|
||||
bool
|
||||
ContentParent::LaunchSubprocess(ProcessPriority aInitialPriority /* = PROCESS_PRIORITY_FOREGROUND */)
|
||||
{
|
||||
|
@ -2342,15 +2218,6 @@ ContentParent::LaunchSubprocess(ProcessPriority aInitialPriority /* = PROCESS_PR
|
|||
extraArgs.push_back("-safeMode");
|
||||
}
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// If we're launching a middleman process for a
|
||||
// recording or replay, start the sandbox later.
|
||||
if (sEarlySandboxInit && IsContentSandboxEnabled() &&
|
||||
!IsRecordingOrReplaying()) {
|
||||
AppendSandboxParams(extraArgs);
|
||||
}
|
||||
#endif
|
||||
|
||||
nsCString parentBuildID(mozilla::PlatformBuildID());
|
||||
extraArgs.push_back("-parentBuildID");
|
||||
extraArgs.push_back(parentBuildID.get());
|
||||
|
@ -2470,17 +2337,6 @@ ContentParent::ContentParent(ContentParent* aOpener,
|
|||
NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
|
||||
bool isFile = mRemoteType.EqualsLiteral(FILE_REMOTE_TYPE);
|
||||
mSubprocess = new ContentProcessHost(this, isFile);
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// sEarlySandboxInit is statically initialized to false.
|
||||
// Once we've set it to true due to the pref, avoid checking the
|
||||
// pref on subsequent calls. As a result, changing the earlyinit
|
||||
// pref requires restarting the browser to take effect.
|
||||
if (!ContentParent::sEarlySandboxInit) {
|
||||
ContentParent::sEarlySandboxInit =
|
||||
Preferences::GetBool("security.sandbox.content.mac.earlyinit");
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
ContentParent::~ContentParent()
|
||||
|
@ -2751,15 +2607,6 @@ ContentParent::InitInternal(ProcessPriority aInitialPriority)
|
|||
// of value to take effect.
|
||||
shouldSandbox = IsContentSandboxEnabled();
|
||||
|
||||
#ifdef XP_MACOSX
|
||||
// If the sandbox was initialized during content process
|
||||
// startup, we must not send the SetProcessSandbox message.
|
||||
// If early startup was pref'd off or the process is a
|
||||
// middleman process, send SetProcessSandbox now.
|
||||
shouldSandbox = shouldSandbox &&
|
||||
(!sEarlySandboxInit || IsRecordingOrReplaying());
|
||||
#endif
|
||||
|
||||
#ifdef XP_LINUX
|
||||
if (shouldSandbox) {
|
||||
MOZ_ASSERT(!mSandboxBroker);
|
||||
|
|
|
@ -1262,8 +1262,6 @@ public:
|
|||
// initializing.
|
||||
void MaybeEnableRemoteInputEventQueue();
|
||||
|
||||
void AppendSandboxParams(std::vector<std::string>& aArgs);
|
||||
|
||||
public:
|
||||
void SendGetFilesResponseAndForget(const nsID& aID,
|
||||
const GetFilesResponseResult& aResult);
|
||||
|
@ -1389,13 +1387,6 @@ private:
|
|||
|
||||
static uint64_t sNextTabParentId;
|
||||
static nsDataHashtable<nsUint64HashKey, TabParent*> sNextTabParents;
|
||||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
// When set to true, indicates that content processes should
|
||||
// initialize their sandbox during startup instead of waiting
|
||||
// for the SetProcessSandbox IPDL message.
|
||||
static bool sEarlySandboxInit;
|
||||
#endif
|
||||
};
|
||||
|
||||
} // namespace dom
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
|
||||
#if defined(XP_MACOSX) && defined(MOZ_CONTENT_SANDBOX)
|
||||
#include <stdlib.h>
|
||||
#include "mozilla/Sandbox.h"
|
||||
#endif
|
||||
|
||||
#if (defined(XP_WIN) || defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
|
||||
|
@ -297,16 +296,7 @@ ContentProcess::Init(int aArgc, char* aArgv[])
|
|||
mXREEmbed.Start();
|
||||
#if (defined(XP_MACOSX)) && defined(MOZ_CONTENT_SANDBOX)
|
||||
mContent.SetProfileDir(profileDir);
|
||||
#if defined(DEBUG)
|
||||
// For WebReplay middleman processes, the sandbox is
|
||||
// started after receiving the SetProcessSandbox message.
|
||||
if (IsContentSandboxEnabled() &&
|
||||
Preferences::GetBool("security.sandbox.content.mac.earlyinit") &&
|
||||
!recordreplay::IsMiddleman()) {
|
||||
AssertMacSandboxEnabled();
|
||||
}
|
||||
#endif /* DEBUG */
|
||||
#endif /* XP_MACOSX && MOZ_CONTENT_SANDBOX */
|
||||
#endif
|
||||
|
||||
#if defined(XP_WIN) && defined(MOZ_CONTENT_SANDBOX)
|
||||
SetUpSandboxEnvironment();
|
||||
|
|
|
@ -1,46 +1,43 @@
|
|||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
|
||||
<script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<script type="application/javascript">var scriptRelativePath = "../";</script>
|
||||
<script type="application/javascript" src="../pc.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script class="testbody" type="application/javascript">
|
||||
'use strict';
|
||||
<script class="testbody" type="application/javascript">
|
||||
createHTML({ title: "Test multiple identity fingerprints", bug: "1005152" });
|
||||
|
||||
// here we call the identity provider directly
|
||||
function getIdentityAssertion(fpArray) {
|
||||
var Cu = SpecialPowers.Cu;
|
||||
var rtcid = Cu.import('resource://gre/modules/media/IdpSandbox.jsm');
|
||||
var sandbox = new rtcid.IdpSandbox('example.com', 'idp.js', window);
|
||||
return sandbox.start()
|
||||
.then(idp => SpecialPowers.wrap(idp)
|
||||
.generateAssertion(JSON.stringify({ fingerprint: fpArray }),
|
||||
'https://example.com',
|
||||
{}))
|
||||
.then(assertion => {
|
||||
assertion = SpecialPowers.wrap(assertion);
|
||||
var assertionString = btoa(JSON.stringify(assertion));
|
||||
sandbox.stop();
|
||||
return assertionString;
|
||||
});
|
||||
async function getIdentityAssertion(fingerprint) {
|
||||
const {Cu} = SpecialPowers;
|
||||
const rtcid = Cu.import('resource://gre/modules/media/IdpSandbox.jsm');
|
||||
const sandbox = new rtcid.IdpSandbox('example.com', 'idp.js', window);
|
||||
const idp = SpecialPowers.wrap(await sandbox.start());
|
||||
const assertion = SpecialPowers.wrap(await
|
||||
idp.generateAssertion(JSON.stringify({ fingerprint }),
|
||||
'https://example.com',
|
||||
{}));
|
||||
const assertionString = btoa(JSON.stringify(assertion));
|
||||
sandbox.stop();
|
||||
return assertionString;
|
||||
}
|
||||
|
||||
// This takes a real fingerprint and makes some extra bad ones.
|
||||
function makeFingerprints(algo, digest) {
|
||||
var fingerprints = [];
|
||||
fingerprints.push({ algorithm: algo, digest: digest });
|
||||
function makeFingerprints(algorithm, digest) {
|
||||
const fingerprints = [];
|
||||
fingerprints.push({ algorithm, digest });
|
||||
for (var i = 0; i < 3; ++i) {
|
||||
fingerprints.push({
|
||||
algorithm: algo,
|
||||
algorithm,
|
||||
digest: digest.replace(/:./g, ':' + i.toString(16))
|
||||
});
|
||||
}
|
||||
return fingerprints;
|
||||
}
|
||||
|
||||
var fingerprintRegex = /^a=fingerprint:(\S+) (\S+)/m;
|
||||
var identityRegex = /^a=identity:(\S+)/m;
|
||||
const fingerprintRegex = /^a=fingerprint:(\S+) (\S+)/m;
|
||||
const identityRegex = /^a=identity:(\S+)/m;
|
||||
|
||||
function fingerprintSdp(fingerprints) {
|
||||
return fingerprints.map(fp => 'a=fInGeRpRiNt:' + fp.algorithm +
|
||||
|
@ -50,73 +47,45 @@ function fingerprintSdp(fingerprints) {
|
|||
// Firefox only uses a single fingerprint.
|
||||
// That doesn't mean we have it create SDP that describes two.
|
||||
// This function synthesizes that SDP and tries to set it.
|
||||
function testMultipleFingerprints() {
|
||||
|
||||
runNetworkTest(async () => {
|
||||
// this one fails setRemoteDescription if the identity is not good
|
||||
var pcStrict = new RTCPeerConnection({ peerIdentity: 'someone@example.com'});
|
||||
const pcStrict = new RTCPeerConnection({ peerIdentity: 'someone@example.com'});
|
||||
// this one will be manually tweaked to have two fingerprints
|
||||
var pcDouble = new RTCPeerConnection({});
|
||||
const pcDouble = new RTCPeerConnection({});
|
||||
|
||||
var offer, match, fingerprints;
|
||||
const stream = await getUserMedia({ video: true });
|
||||
ok(stream, 'Got test stream');
|
||||
const [track] = stream.getTracks();
|
||||
pcDouble.addTrack(track, stream);
|
||||
try {
|
||||
const offer = await pcDouble.createOffer();
|
||||
ok(offer, 'Got offer');
|
||||
const match = offer.sdp.match(fingerprintRegex);
|
||||
if (!match) {
|
||||
throw new Error('No fingerprint in offer SDP');
|
||||
}
|
||||
const fingerprints = makeFingerprints(match[1], match[2]);
|
||||
const assertion = await getIdentityAssertion(fingerprints);
|
||||
ok(assertion, 'Should have assertion');
|
||||
|
||||
var fail = msg =>
|
||||
(e => ok(false, 'error in ' + msg + ': ' +
|
||||
(e.message ? (e.message + '\n' + e.stack) : e)));
|
||||
const sdp = offer.sdp.slice(0, match.index) +
|
||||
'a=identity:' + assertion + '\n' +
|
||||
fingerprintSdp(fingerprints.slice(1)) +
|
||||
offer.sdp.slice(match.index);
|
||||
|
||||
navigator.mediaDevices.getUserMedia({ video: true })
|
||||
.then(stream => {
|
||||
ok(stream, 'Got test stream');
|
||||
pcDouble.addStream(stream);
|
||||
return pcDouble.createOffer();
|
||||
})
|
||||
.then(o => {
|
||||
offer = o;
|
||||
ok(offer, 'Got offer');
|
||||
|
||||
match = offer.sdp.match(fingerprintRegex);
|
||||
if (!match) {
|
||||
throw new Error('No fingerprint in offer SDP');
|
||||
}
|
||||
fingerprints = makeFingerprints(match[1], match[2]);
|
||||
return getIdentityAssertion(fingerprints);
|
||||
})
|
||||
.then(assertion => {
|
||||
ok(assertion, 'Should have assertion');
|
||||
|
||||
var sdp = offer.sdp.slice(0, match.index) +
|
||||
'a=identity:' + assertion + '\n' +
|
||||
fingerprintSdp(fingerprints.slice(1)) +
|
||||
offer.sdp.slice(match.index);
|
||||
|
||||
return pcStrict.setRemoteDescription({ type: 'offer', sdp });
|
||||
})
|
||||
.then(() => {
|
||||
ok(true, 'Modified fingerprints were accepted');
|
||||
}, error => {
|
||||
var e = SpecialPowers.wrap(error);
|
||||
ok(false, 'error in test: ' +
|
||||
(e.message ? (e.message + '\n' + e.stack) : e));
|
||||
})
|
||||
.then(() => {
|
||||
pcStrict.close();
|
||||
pcDouble.close();
|
||||
SimpleTest.finish();
|
||||
});
|
||||
}
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
SpecialPowers.pushPrefEnv({
|
||||
set: [
|
||||
[ 'media.peerconnection.identity.enabled', true ],
|
||||
// Disable permission to skip prompt when on platforms the use loopback
|
||||
// test devices (these would normally trigger a prompt).
|
||||
[ 'media.navigator.permission.disabled', true ],
|
||||
// Since this test doesn't include head.js or pc.js, we need to set the fake
|
||||
// device pref manually. On platforms where loopback devices are used they
|
||||
// should still take precedence, however on some platforms no prefs would
|
||||
// be set and the test would fail.
|
||||
[ 'media.navigator.streams.fake', true ]
|
||||
]
|
||||
}, testMultipleFingerprints);
|
||||
await pcStrict.setRemoteDescription({ type: 'offer', sdp });
|
||||
ok(true, 'Modified fingerprints were accepted');
|
||||
} catch (error) {
|
||||
const e = SpecialPowers.wrap(error);
|
||||
ok(false, 'error in test: ' +
|
||||
(e.message ? (e.message + '\n' + e.stack) : e));
|
||||
}
|
||||
pcStrict.close();
|
||||
pcDouble.close();
|
||||
track.stop();
|
||||
networkTestFinished();
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -347,6 +347,8 @@ skip-if = (android_version == '18') # android(Bug 1189784, timeouts on 4.3 emula
|
|||
[test_peerConnection_bug1227781.html]
|
||||
[test_peerConnection_stats.html]
|
||||
skip-if = toolkit == 'android' # android(Bug 1189784, timeouts on 4.3 emulator, Bug 1373858)
|
||||
[test_peerConnection_stats_relayProtocol.html]
|
||||
skip-if = toolkit == 'android' # android(Bug 1189784, timeouts on 4.3 emulator, Bug 1373858)
|
||||
[test_peerConnection_sender_and_receiver_stats.html]
|
||||
skip-if = (android_version == '18') # android(Bug 1189784, timeouts on 4.3 emulator)
|
||||
[test_peerConnection_trackless_sender_stats.html]
|
||||
|
|
|
@ -581,9 +581,8 @@ var PC_REMOTE_TEST_REMOTE_STATS = test => {
|
|||
});
|
||||
}
|
||||
|
||||
var test;
|
||||
runNetworkTest(function (options) {
|
||||
test = new PeerConnectionTest(options);
|
||||
const test = new PeerConnectionTest(options);
|
||||
|
||||
test.chain.insertAfter("PC_LOCAL_WAIT_FOR_MEDIA_FLOW",
|
||||
[PC_LOCAL_TEST_LOCAL_STATS]);
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<script type="application/javascript" src="nonTrickleIce.js"></script>
|
||||
<script type="application/javascript" src="pc.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<pre id="test">
|
||||
<script type="application/javascript">
|
||||
createHTML({
|
||||
bug: "1435789",
|
||||
title: "WebRTC local-candidate relayProtocol stats attribute"
|
||||
});
|
||||
var PC_LOCAL_TEST_LOCAL_STATS_RELAYCANDIDATE = test => {
|
||||
return test.pcLocal.getStats().then(stats => {
|
||||
let haveRelayProtocol = {};
|
||||
for (let [k, v] of stats) {
|
||||
if (v.type == "local-candidate") {
|
||||
haveRelayProtocol[v.candidateType + "-" + v.relayProtocol] = v.relayProtocol;
|
||||
}
|
||||
}
|
||||
is(haveRelayProtocol["host-undefined"], undefined, "relayProtocol not set for host candidates");
|
||||
is(haveRelayProtocol["serverreflexive-undefined"], undefined, "relayProtocol not set for serverreflexive candidates");
|
||||
ok(haveRelayProtocol["relayed-udp"], "Has UDP relay candidate");
|
||||
ok(haveRelayProtocol["relayed-tcp"], "Has TCP relay candidate");
|
||||
// TURN/TLS does not work, see https://bugzilla.mozilla.org/show_bug.cgi?id=1323439
|
||||
// With TURN/TLS working, we should have exactly five entries in haveRelayProtocol.
|
||||
todo(haveRelayProtocol["relayed-tls"], "Has TLS relay candidate. See https://bugzilla.mozilla.org/show_bug.cgi?id=1323439");
|
||||
is(Object.keys(haveRelayProtocol).length, 4, "All candidate types are accounted for");
|
||||
});
|
||||
}
|
||||
|
||||
runNetworkTest(options => {
|
||||
// uses NAT simulator in order to get srflx candidates.
|
||||
SpecialPowers.pushPrefEnv(
|
||||
{
|
||||
'set': [
|
||||
['media.peerconnection.nat_simulator.filtering_type', 'ENDPOINT_INDEPENDENT'],
|
||||
['media.peerconnection.nat_simulator.mapping_type', 'ENDPOINT_INDEPENDENT']
|
||||
]
|
||||
}, function (options) {
|
||||
const test = new PeerConnectionTest(options);
|
||||
makeOffererNonTrickle(test.chain);
|
||||
makeAnswererNonTrickle(test.chain);
|
||||
|
||||
test.chain.removeAfter("PC_LOCAL_WAIT_FOR_MEDIA_FLOW");
|
||||
test.chain.append([PC_LOCAL_TEST_LOCAL_STATS_RELAYCANDIDATE]);
|
||||
|
||||
test.setMediaConstraints([{ audio: true }], [{ audio: true }]);
|
||||
test.run();
|
||||
})
|
||||
}, { useIceServer: true });
|
||||
</script>
|
||||
</pre>
|
||||
</body>
|
||||
</html>
|
|
@ -228,6 +228,7 @@ struct ParamTraits<mozilla::dom::RTCIceCandidateStats>
|
|||
WriteParam(aMsg, aParam.mComponentId);
|
||||
WriteParam(aMsg, aParam.mIpAddress);
|
||||
WriteParam(aMsg, aParam.mMozLocalTransport);
|
||||
WriteParam(aMsg, aParam.mRelayProtocol);
|
||||
WriteParam(aMsg, aParam.mPortNumber);
|
||||
WriteParam(aMsg, aParam.mTransport);
|
||||
WriteRTCStats(aMsg, aParam);
|
||||
|
@ -240,6 +241,7 @@ struct ParamTraits<mozilla::dom::RTCIceCandidateStats>
|
|||
!ReadParam(aMsg, aIter, &(aResult->mComponentId)) ||
|
||||
!ReadParam(aMsg, aIter, &(aResult->mIpAddress)) ||
|
||||
!ReadParam(aMsg, aIter, &(aResult->mMozLocalTransport)) ||
|
||||
!ReadParam(aMsg, aIter, &(aResult->mRelayProtocol)) ||
|
||||
!ReadParam(aMsg, aIter, &(aResult->mPortNumber)) ||
|
||||
!ReadParam(aMsg, aIter, &(aResult->mTransport)) ||
|
||||
!ReadRTCStats(aMsg, aIter, aResult)) {
|
||||
|
|
|
@ -155,7 +155,8 @@ dictionary RTCIceCandidateStats : RTCStats {
|
|||
DOMString candidateId;
|
||||
DOMString ipAddress;
|
||||
DOMString transport;
|
||||
DOMString mozLocalTransport; // needs standardization
|
||||
DOMString mozLocalTransport; // obsoleted by relayProtocol
|
||||
DOMString relayProtocol;
|
||||
long portNumber;
|
||||
RTCStatsIceCandidateType candidateType;
|
||||
};
|
||||
|
|
|
@ -9,23 +9,11 @@
|
|||
#include "mozilla/Bootstrap.h"
|
||||
#include "mozilla/WindowsDllBlocklist.h"
|
||||
|
||||
#ifdef XP_MACOSX
|
||||
#include "mozilla/Sandbox.h"
|
||||
#endif
|
||||
|
||||
using namespace mozilla;
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
#ifdef XP_MACOSX
|
||||
std::string err;
|
||||
if (!mozilla::EarlyStartMacSandboxIfEnabled(argc, argv, err)) {
|
||||
fprintf(stderr, "Sandbox error: %s\n", err.c_str());
|
||||
MOZ_CRASH("Sandbox initialization failed");
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAS_DLL_BLOCKLIST
|
||||
DllBlocklist_Initialize(eDllBlocklistInitFlagIsChildProcess);
|
||||
#endif
|
||||
|
|
|
@ -549,12 +549,6 @@ AddAppDirToCommandLine(std::vector<std::string>& aCmdLine)
|
|||
NS_GET_IID(nsIFile),
|
||||
getter_AddRefs(profileDir));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
// If the profile doesn't exist, normalization will
|
||||
// fail. But we don't return an error here because some
|
||||
// tests require startup with a missing profile dir.
|
||||
// For users, almost universally, the profile will be in
|
||||
// the home directory and normalization isn't required.
|
||||
mozilla::Unused << profileDir->Normalize();
|
||||
nsAutoCString path;
|
||||
MOZ_ALWAYS_SUCCEEDS(profileDir->GetNativePath(path));
|
||||
aCmdLine.push_back("-profile");
|
||||
|
|
|
@ -45,15 +45,15 @@ class ContextChecks
|
|||
* realm/compartment/zone mismatches.
|
||||
*/
|
||||
static void fail(JS::Realm* r1, JS::Realm* r2, int argIndex) {
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Realm mismatch %p vs. %p at argument %d\n",
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Realm mismatch %p vs. %p at argument %d",
|
||||
r1, r2, argIndex);
|
||||
}
|
||||
static void fail(JS::Compartment* c1, JS::Compartment* c2, int argIndex) {
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Compartment mismatch %p vs. %p at argument %d\n",
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Compartment mismatch %p vs. %p at argument %d",
|
||||
c1, c2, argIndex);
|
||||
}
|
||||
static void fail(JS::Zone* z1, JS::Zone* z2, int argIndex) {
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Zone mismatch %p vs. %p at argument %d\n",
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Zone mismatch %p vs. %p at argument %d",
|
||||
z1, z2, argIndex);
|
||||
}
|
||||
|
||||
|
@ -94,7 +94,7 @@ class ContextChecks
|
|||
// zone, see JS_MarkCrossZoneId.
|
||||
if (zone()) {
|
||||
if (!cx->runtime()->gc.atomMarking.atomIsMarked(zone(), thing)) {
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Atom not marked for zone %p at argument %d\n",
|
||||
MOZ_CRASH_UNSAFE_PRINTF("*** Atom not marked for zone %p at argument %d",
|
||||
zone(), argIndex);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2675,13 +2675,12 @@ WrapSeparatorTransform(nsDisplayListBuilder* aBuilder, nsIFrame* aFrame,
|
|||
// one, return an empty Maybe.
|
||||
// The returned clip rect, if there is one, is relative to |aMaskedFrame|.
|
||||
static Maybe<nsRect>
|
||||
ComputeClipForMaskItem(nsDisplayListBuilder* aBuilder, nsIFrame* aMaskedFrame,
|
||||
bool aHandleOpacity)
|
||||
ComputeClipForMaskItem(nsDisplayListBuilder* aBuilder, nsIFrame* aMaskedFrame)
|
||||
{
|
||||
const nsStyleSVGReset* svgReset = aMaskedFrame->StyleSVGReset();
|
||||
|
||||
nsSVGUtils::MaskUsage maskUsage;
|
||||
nsSVGUtils::DetermineMaskUsage(aMaskedFrame, aHandleOpacity, maskUsage);
|
||||
nsSVGUtils::DetermineMaskUsage(aMaskedFrame, false, maskUsage);
|
||||
|
||||
nsPoint offsetToUserSpace = nsLayoutUtils::ComputeOffsetToUserSpace(aBuilder, aMaskedFrame);
|
||||
int32_t devPixelRatio = aMaskedFrame->PresContext()->AppUnitsPerDevPixel();
|
||||
|
@ -2935,16 +2934,18 @@ nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder* aBuilder,
|
|||
aBuilder->EnterSVGEffectsContents(&hoistedScrollInfoItemsStorage);
|
||||
}
|
||||
|
||||
// We build an opacity item if it's not going to be drawn by SVG content.
|
||||
// We could in principle skip creating an nsDisplayOpacity item if
|
||||
// nsDisplayOpacity::NeedsActiveLayer returns false and usingSVGEffects is
|
||||
// true (the nsDisplayFilter/nsDisplayMasksAndClipPaths could handle the
|
||||
// opacity). Since SVG has perf issues where we sometimes spend a lot of
|
||||
// time creating display list items that might be helpful. We'd need to
|
||||
// restore our mechanism to do that (changed in bug 1482403), and we'd
|
||||
// need to invalidate the frame if the value that would be return from
|
||||
// NeedsActiveLayer was to change, which we don't currently do.
|
||||
bool useOpacity =
|
||||
HasVisualOpacity(effectSet) && !nsSVGUtils::CanOptimizeOpacity(this);
|
||||
|
||||
bool needsActiveOpacityLayer = false;
|
||||
// We build an opacity item if it's not going to be drawn by SVG content, or
|
||||
// SVG effects. SVG effects won't handle the opacity if we want an active
|
||||
// layer (for async animations), see
|
||||
// nsSVGIntegrationsUtils::PaintMaskAndClipPath or
|
||||
// nsSVGIntegrationsUtils::PaintFilter.
|
||||
bool useOpacity = HasVisualOpacity(effectSet) &&
|
||||
!nsSVGUtils::CanOptimizeOpacity(this) &&
|
||||
((needsActiveOpacityLayer = nsDisplayOpacity::NeedsActiveLayer(aBuilder, this)) || !usingSVGEffects);
|
||||
bool useBlendMode = effects->mMixBlendMode != NS_STYLE_BLEND_NORMAL;
|
||||
bool useStickyPosition = disp->mPosition == NS_STYLE_POSITION_STICKY &&
|
||||
IsScrollFrameActive(aBuilder,
|
||||
|
@ -3016,7 +3017,7 @@ nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder* aBuilder,
|
|||
|
||||
Maybe<nsRect> clipForMask;
|
||||
if (usingMask) {
|
||||
clipForMask = ComputeClipForMaskItem(aBuilder, this, !useOpacity);
|
||||
clipForMask = ComputeClipForMaskItem(aBuilder, this);
|
||||
}
|
||||
|
||||
nsDisplayListCollection set(aBuilder);
|
||||
|
@ -3195,15 +3196,9 @@ nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder* aBuilder,
|
|||
|
||||
// Skip all filter effects while generating glyph mask.
|
||||
if (usingFilter && !aBuilder->IsForGenerateGlyphMask()) {
|
||||
// If we are going to create a mask display item, handle opacity effect
|
||||
// in that mask display item; Otherwise, take care of opacity in this
|
||||
// filter display item.
|
||||
bool handleOpacity = !usingMask && !useOpacity;
|
||||
|
||||
/* List now emptied, so add the new list to the top. */
|
||||
resultList.AppendToTop(
|
||||
MakeDisplayItem<nsDisplayFilters>(aBuilder, this, &resultList,
|
||||
handleOpacity));
|
||||
resultList.AppendToTop(MakeDisplayItem<nsDisplayFilters>(
|
||||
aBuilder, this, &resultList));
|
||||
}
|
||||
|
||||
if (usingMask) {
|
||||
|
@ -3221,9 +3216,8 @@ nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder* aBuilder,
|
|||
? aBuilder->CurrentActiveScrolledRoot()
|
||||
: containerItemASR;
|
||||
/* List now emptied, so add the new list to the top. */
|
||||
resultList.AppendToTop(
|
||||
MakeDisplayItem<nsDisplayMasksAndClipPaths>(aBuilder, this, &resultList,
|
||||
!useOpacity, maskASR));
|
||||
resultList.AppendToTop(MakeDisplayItem<nsDisplayMasksAndClipPaths>(
|
||||
aBuilder, this, &resultList, maskASR));
|
||||
}
|
||||
|
||||
// Also add the hoisted scroll info items. We need those for APZ scrolling
|
||||
|
@ -3243,6 +3237,9 @@ nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder* aBuilder,
|
|||
// The clip we would set on an element with opacity would clip
|
||||
// all descendant content, but some should not be clipped.
|
||||
DisplayListClipState::AutoSaveRestore opacityClipState(aBuilder);
|
||||
const bool needsActiveOpacityLayer =
|
||||
nsDisplayOpacity::NeedsActiveLayer(aBuilder, this);
|
||||
|
||||
resultList.AppendToTop(
|
||||
MakeDisplayItem<nsDisplayOpacity>(aBuilder, this, &resultList,
|
||||
containerItemASR,
|
||||
|
|
|
@ -414,6 +414,13 @@ public:
|
|||
return true;
|
||||
}
|
||||
|
||||
if (type == DisplayItemType::TYPE_MASK ||
|
||||
type == DisplayItemType::TYPE_FILTER ||
|
||||
type == DisplayItemType::TYPE_SVG_WRAPPER) {
|
||||
// SVG items have some invalidation issues, see bugs 1494110 and 1494663.
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -6539,6 +6539,30 @@ nsDisplayOpacity::ApplyOpacityToChildren(nsDisplayListBuilder* aBuilder)
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if this nsDisplayOpacity contains only a filter or a mask item
|
||||
* that has the same frame as the opacity item. In this case the opacity item
|
||||
* can be optimized away.
|
||||
*/
|
||||
bool
|
||||
nsDisplayOpacity::IsEffectsWrapper() const
|
||||
{
|
||||
if (mList.Count() != 1) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const nsDisplayItem* item = mList.GetBottom();
|
||||
|
||||
if (item->Frame() != mFrame) {
|
||||
// The effect item needs to have the same frame as the opacity item.
|
||||
return false;
|
||||
}
|
||||
|
||||
const DisplayItemType type = item->GetType();
|
||||
return type == DisplayItemType::TYPE_MASK ||
|
||||
type == DisplayItemType::TYPE_FILTER;
|
||||
}
|
||||
|
||||
bool
|
||||
nsDisplayOpacity::ShouldFlattenAway(nsDisplayListBuilder* aBuilder)
|
||||
{
|
||||
|
@ -6561,6 +6585,13 @@ nsDisplayOpacity::ShouldFlattenAway(nsDisplayListBuilder* aBuilder)
|
|||
return false;
|
||||
}
|
||||
|
||||
if (IsEffectsWrapper()) {
|
||||
MOZ_ASSERT(nsSVGIntegrationUtils::UsingEffectsForFrame(mFrame));
|
||||
static_cast<nsDisplayEffectsBase*>(mList.GetBottom())->SetHandleOpacity();
|
||||
mChildOpacityState = ChildOpacityState::Applied;
|
||||
return true;
|
||||
}
|
||||
|
||||
// Return true if we successfully applied opacity to child items, or if
|
||||
// WebRender is not in use. In the latter case, the opacity gets flattened and
|
||||
// applied during layer building.
|
||||
|
@ -9445,7 +9476,6 @@ nsDisplayEffectsBase::nsDisplayEffectsBase(
|
|||
nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity,
|
||||
const ActiveScrolledRoot* aActiveScrolledRoot,
|
||||
bool aClearClipChain)
|
||||
: nsDisplayWrapList(aBuilder,
|
||||
|
@ -9453,17 +9483,16 @@ nsDisplayEffectsBase::nsDisplayEffectsBase(
|
|||
aList,
|
||||
aActiveScrolledRoot,
|
||||
aClearClipChain)
|
||||
, mHandleOpacity(aHandleOpacity)
|
||||
, mHandleOpacity(false)
|
||||
{
|
||||
MOZ_COUNT_CTOR(nsDisplayEffectsBase);
|
||||
}
|
||||
|
||||
nsDisplayEffectsBase::nsDisplayEffectsBase(nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity)
|
||||
nsDisplayList* aList)
|
||||
: nsDisplayWrapList(aBuilder, aFrame, aList)
|
||||
, mHandleOpacity(aHandleOpacity)
|
||||
, mHandleOpacity(false)
|
||||
{
|
||||
MOZ_COUNT_CTOR(nsDisplayEffectsBase);
|
||||
}
|
||||
|
@ -9512,7 +9541,9 @@ nsDisplayEffectsBase::ComputeInvalidationRegion(
|
|||
nsRect bounds = GetBounds(aBuilder, &snap);
|
||||
if (geometry->mFrameOffsetToReferenceFrame != ToReferenceFrame() ||
|
||||
geometry->mUserSpaceOffset != UserSpaceOffset() ||
|
||||
!geometry->mBBox.IsEqualInterior(BBoxInUserSpace())) {
|
||||
!geometry->mBBox.IsEqualInterior(BBoxInUserSpace()) ||
|
||||
geometry->mOpacity != mFrame->StyleEffects()->mOpacity ||
|
||||
geometry->mHandleOpacity != ShouldHandleOpacity()) {
|
||||
// Filter and mask output can depend on the location of the frame's user
|
||||
// space and on the frame's BBox. We need to invalidate if either of these
|
||||
// change relative to the reference frame.
|
||||
|
@ -9633,12 +9664,10 @@ nsDisplayMasksAndClipPaths::nsDisplayMasksAndClipPaths(
|
|||
nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity,
|
||||
const ActiveScrolledRoot* aActiveScrolledRoot)
|
||||
: nsDisplayEffectsBase(aBuilder,
|
||||
aFrame,
|
||||
aList,
|
||||
aHandleOpacity,
|
||||
aActiveScrolledRoot,
|
||||
true)
|
||||
{
|
||||
|
@ -9836,11 +9865,6 @@ nsDisplayMasksAndClipPaths::ComputeInvalidationRegion(
|
|||
bool snap;
|
||||
nsRect bounds = GetBounds(aBuilder, &snap);
|
||||
|
||||
if (mFrame->StyleEffects()->mOpacity != geometry->mOpacity ||
|
||||
mHandleOpacity != geometry->mHandleOpacity) {
|
||||
aInvalidRegion->Or(*aInvalidRegion, bounds);
|
||||
}
|
||||
|
||||
if (mDestRects.Length() != geometry->mDestRects.Length()) {
|
||||
aInvalidRegion->Or(bounds, geometry->mBounds);
|
||||
} else {
|
||||
|
@ -10032,7 +10056,7 @@ nsDisplayMasksAndClipPaths::PrintEffects(nsACString& aTo)
|
|||
nsLayoutUtils::FirstContinuationOrIBSplitSibling(mFrame);
|
||||
bool first = true;
|
||||
aTo += " effects=(";
|
||||
if (mFrame->StyleEffects()->mOpacity != 1.0f && mHandleOpacity) {
|
||||
if (mHandleOpacity) {
|
||||
first = false;
|
||||
aTo += nsPrintfCString("opacity(%f)", mFrame->StyleEffects()->mOpacity);
|
||||
}
|
||||
|
@ -10069,9 +10093,8 @@ nsDisplayMasksAndClipPaths::PrintEffects(nsACString& aTo)
|
|||
|
||||
nsDisplayFilters::nsDisplayFilters(nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity)
|
||||
: nsDisplayEffectsBase(aBuilder, aFrame, aList, aHandleOpacity)
|
||||
nsDisplayList* aList)
|
||||
: nsDisplayEffectsBase(aBuilder, aFrame, aList)
|
||||
, mEffectsBounds(aFrame->GetVisualOverflowRectRelativeToSelf())
|
||||
{
|
||||
MOZ_COUNT_CTOR(nsDisplayFilters);
|
||||
|
@ -10320,7 +10343,7 @@ nsDisplayFilters::PrintEffects(nsACString& aTo)
|
|||
nsLayoutUtils::FirstContinuationOrIBSplitSibling(mFrame);
|
||||
bool first = true;
|
||||
aTo += " effects=(";
|
||||
if (mFrame->StyleEffects()->mOpacity != 1.0f && mHandleOpacity) {
|
||||
if (mHandleOpacity) {
|
||||
first = false;
|
||||
aTo += nsPrintfCString("opacity(%f)", mFrame->StyleEffects()->mOpacity);
|
||||
}
|
||||
|
|
|
@ -5790,6 +5790,7 @@ public:
|
|||
|
||||
private:
|
||||
bool ApplyOpacityToChildren(nsDisplayListBuilder* aBuilder);
|
||||
bool IsEffectsWrapper() const;
|
||||
|
||||
float mOpacity;
|
||||
bool mForEventsAndPluginsOnly : 1;
|
||||
|
@ -6688,13 +6689,11 @@ public:
|
|||
nsDisplayEffectsBase(nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity,
|
||||
const ActiveScrolledRoot* aActiveScrolledRoot,
|
||||
bool aClearClipChain = false);
|
||||
nsDisplayEffectsBase(nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity);
|
||||
nsDisplayList* aList);
|
||||
|
||||
nsDisplayEffectsBase(nsDisplayListBuilder* aBuilder,
|
||||
const nsDisplayEffectsBase& aOther)
|
||||
|
@ -6716,12 +6715,15 @@ public:
|
|||
HitTestState* aState,
|
||||
nsTArray<nsIFrame*>* aOutFrames) override;
|
||||
|
||||
void RestoreState() override { mHandleOpacity = false; }
|
||||
|
||||
bool ShouldFlattenAway(nsDisplayListBuilder* aBuilder) override
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
bool ShouldHandleOpacity() { return mHandleOpacity; }
|
||||
void SetHandleOpacity() { mHandleOpacity = true; }
|
||||
bool ShouldHandleOpacity() const { return mHandleOpacity; }
|
||||
|
||||
gfxRect BBoxInUserSpace() const;
|
||||
gfxPoint UserSpaceOffset() const;
|
||||
|
@ -6757,7 +6759,6 @@ public:
|
|||
nsDisplayMasksAndClipPaths(nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity,
|
||||
const ActiveScrolledRoot* aActiveScrolledRoot);
|
||||
nsDisplayMasksAndClipPaths(nsDisplayListBuilder* aBuilder,
|
||||
const nsDisplayMasksAndClipPaths& aOther)
|
||||
|
@ -6869,8 +6870,7 @@ class nsDisplayFilters : public nsDisplayEffectsBase
|
|||
public:
|
||||
nsDisplayFilters(nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aFrame,
|
||||
nsDisplayList* aList,
|
||||
bool aHandleOpacity);
|
||||
nsDisplayList* aList);
|
||||
|
||||
nsDisplayFilters(nsDisplayListBuilder* aBuilder,
|
||||
const nsDisplayFilters& aOther)
|
||||
|
|
|
@ -131,6 +131,8 @@ nsDisplaySVGEffectGeometry::nsDisplaySVGEffectGeometry(
|
|||
, mBBox(aItem->BBoxInUserSpace())
|
||||
, mUserSpaceOffset(aItem->UserSpaceOffset())
|
||||
, mFrameOffsetToReferenceFrame(aItem->ToReferenceFrame())
|
||||
, mOpacity(aItem->Frame()->StyleEffects()->mOpacity)
|
||||
, mHandleOpacity(aItem->ShouldHandleOpacity())
|
||||
{
|
||||
}
|
||||
|
||||
|
@ -147,8 +149,6 @@ nsDisplayMasksAndClipPathsGeometry::nsDisplayMasksAndClipPathsGeometry(
|
|||
: nsDisplaySVGEffectGeometry(aItem, aBuilder)
|
||||
, nsImageGeometryMixin(aItem, aBuilder)
|
||||
, mDestRects(aItem->GetDestRects())
|
||||
, mOpacity(aItem->Frame()->StyleEffects()->mOpacity)
|
||||
, mHandleOpacity(aItem->ShouldHandleOpacity())
|
||||
{
|
||||
}
|
||||
|
||||
|
|
|
@ -302,6 +302,8 @@ public:
|
|||
gfxRect mBBox;
|
||||
gfxPoint mUserSpaceOffset;
|
||||
nsPoint mFrameOffsetToReferenceFrame;
|
||||
float mOpacity;
|
||||
bool mHandleOpacity;
|
||||
};
|
||||
|
||||
class nsDisplayMasksAndClipPathsGeometry
|
||||
|
@ -318,8 +320,6 @@ public:
|
|||
}
|
||||
|
||||
nsTArray<nsRect> mDestRects;
|
||||
float mOpacity;
|
||||
bool mHandleOpacity;
|
||||
};
|
||||
|
||||
class nsDisplayFiltersGeometry
|
||||
|
|
|
@ -1156,6 +1156,10 @@ static void ToRTCIceCandidateStats(
|
|||
if (candidateType == RTCStatsType::Local_candidate) {
|
||||
cand.mMozLocalTransport.Construct(
|
||||
NS_ConvertASCIItoUTF16(candidate.local_addr.transport.c_str()));
|
||||
if (RTCStatsIceCandidateType(candidate.type) == RTCStatsIceCandidateType::Relayed) {
|
||||
cand.mRelayProtocol.Construct(
|
||||
NS_ConvertASCIItoUTF16(candidate.local_addr.transport.c_str()));
|
||||
}
|
||||
}
|
||||
report->mIceCandidateStats.Value().AppendElement(cand, fallible);
|
||||
if (candidate.trickled) {
|
||||
|
|
|
@ -980,9 +980,9 @@ static uint32_t GetCandidateIpAndTransportMask(const RTCIceCandidateStats *cand)
|
|||
uint32_t res = 0;
|
||||
|
||||
nsAutoCString transport;
|
||||
// prefer local transport for local relay candidates
|
||||
if (cand->mMozLocalTransport.WasPassed()) {
|
||||
transport.Assign(NS_ConvertUTF16toUTF8(cand->mMozLocalTransport.Value()));
|
||||
// prefer relay transport for local relay candidates
|
||||
if (cand->mRelayProtocol.WasPassed()) {
|
||||
transport.Assign(NS_ConvertUTF16toUTF8(cand->mRelayProtocol.Value()));
|
||||
} else {
|
||||
transport.Assign(NS_ConvertUTF16toUTF8(cand->mTransport.Value()));
|
||||
}
|
||||
|
|
|
@ -9,6 +9,8 @@ if CONFIG['MOZ_WIDGET_TOOLKIT']:
|
|||
'gtest',
|
||||
]
|
||||
|
||||
# Important: for these tests to be run, they also need to be added
|
||||
# to testing/cppunittest.ini.
|
||||
CppUnitTests([
|
||||
'TestAlgorithm',
|
||||
'TestArray',
|
||||
|
|
|
@ -45,7 +45,6 @@ typedef struct _MacSandboxInfo {
|
|||
, hasFilePrivileges(false)
|
||||
, hasSandboxedProfile(false)
|
||||
, hasAudio(false)
|
||||
, hasWindowServer(false)
|
||||
, shouldLog(true)
|
||||
{
|
||||
}
|
||||
|
@ -56,7 +55,6 @@ typedef struct _MacSandboxInfo {
|
|||
bool hasFilePrivileges;
|
||||
bool hasSandboxedProfile;
|
||||
bool hasAudio;
|
||||
bool hasWindowServer;
|
||||
MacSandboxPluginInfo pluginInfo;
|
||||
std::string appPath;
|
||||
std::string appBinaryPath;
|
||||
|
@ -69,20 +67,12 @@ typedef struct _MacSandboxInfo {
|
|||
std::string testingReadPath3;
|
||||
std::string testingReadPath4;
|
||||
|
||||
std::string parentPort;
|
||||
std::string crashServerPort;
|
||||
|
||||
bool shouldLog;
|
||||
} MacSandboxInfo;
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage);
|
||||
bool EarlyStartMacSandboxIfEnabled(int aArgc, char** aArgv,
|
||||
std::string &aErrorMessage);
|
||||
#ifdef DEBUG
|
||||
void AssertMacSandboxEnabled();
|
||||
#endif /* DEBUG */
|
||||
|
||||
} // namespace mozilla
|
||||
|
||||
|
|
|
@ -15,8 +15,6 @@
|
|||
#include <stdlib.h>
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
|
||||
#include <iostream>
|
||||
#include <sstream>
|
||||
#include <vector>
|
||||
|
||||
#include "mozilla/Assertions.h"
|
||||
|
@ -226,22 +224,16 @@ bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage)
|
|||
params.push_back(macOSMinor.c_str());
|
||||
params.push_back("APP_PATH");
|
||||
params.push_back(aInfo.appPath.c_str());
|
||||
params.push_back("APP_BINARY_PATH");
|
||||
params.push_back(aInfo.appBinaryPath.c_str());
|
||||
params.push_back("APP_DIR");
|
||||
params.push_back(aInfo.appDir.c_str());
|
||||
params.push_back("PROFILE_DIR");
|
||||
params.push_back(aInfo.profileDir.c_str());
|
||||
params.push_back("HOME_PATH");
|
||||
params.push_back(getenv("HOME"));
|
||||
params.push_back("HAS_SANDBOXED_PROFILE");
|
||||
params.push_back(aInfo.hasSandboxedProfile ? "TRUE" : "FALSE");
|
||||
params.push_back("HAS_WINDOW_SERVER");
|
||||
params.push_back(aInfo.hasWindowServer ? "TRUE" : "FALSE");
|
||||
if (!aInfo.parentPort.empty()) {
|
||||
params.push_back("PARENT_PORT");
|
||||
params.push_back(aInfo.parentPort.c_str());
|
||||
}
|
||||
if (!aInfo.crashServerPort.empty()) {
|
||||
params.push_back("CRASH_PORT");
|
||||
params.push_back(aInfo.crashServerPort.c_str());
|
||||
}
|
||||
if (!aInfo.testingReadPath1.empty()) {
|
||||
params.push_back("TESTING_READ_PATH1");
|
||||
params.push_back(aInfo.testingReadPath1.c_str());
|
||||
|
@ -330,186 +322,4 @@ bool StartMacSandbox(MacSandboxInfo const &aInfo, std::string &aErrorMessage)
|
|||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Fill |aInfo| with content sandbox params parsed from the provided
|
||||
* command line arguments. Return false if any sandbox parameters needed
|
||||
* for early startup of the sandbox are not present in the arguments.
|
||||
*/
|
||||
bool
|
||||
GetContentSandboxParamsFromArgs(int aArgc, char** aArgv, MacSandboxInfo& aInfo)
|
||||
{
|
||||
// Ensure we find these paramaters in the command
|
||||
// line arguments. Return false if any are missing.
|
||||
bool foundSandboxLevel = false;
|
||||
bool foundValidSandboxLevel = false;
|
||||
bool foundParentPort = false;
|
||||
bool foundAppPath = false;
|
||||
|
||||
// Read access directories used in testing
|
||||
int nTestingReadPaths = 0;
|
||||
std::string testingReadPaths[MAX_TESTING_READ_PATHS] = {};
|
||||
|
||||
// Collect sandbox params from CLI arguments
|
||||
for (int i = 0; i < aArgc; i++) {
|
||||
|
||||
if ((strcmp(aArgv[i], "-sbLevel") == 0) && (i + 1 < aArgc)) {
|
||||
std::stringstream ss(aArgv[i+1]);
|
||||
int level = 0;
|
||||
ss >> level;
|
||||
foundSandboxLevel = true;
|
||||
aInfo.level = level;
|
||||
foundValidSandboxLevel = level > 0 && level <= 3 ? true : false;
|
||||
if (!foundValidSandboxLevel) {
|
||||
break;
|
||||
}
|
||||
i++;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strcmp(aArgv[i], "-sbLogging") == 0) {
|
||||
aInfo.shouldLog = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strcmp(aArgv[i], "-sbAllowFileAccess") == 0) {
|
||||
aInfo.hasFilePrivileges = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strcmp(aArgv[i], "-sbAllowAudio") == 0) {
|
||||
aInfo.hasAudio = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strcmp(aArgv[i], "-sbAllowWindowServer") == 0) {
|
||||
aInfo.hasWindowServer = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((strcmp(aArgv[i], "-sbAppPath") == 0) && (i + 1 < aArgc)) {
|
||||
foundAppPath = true;
|
||||
aInfo.appPath.assign(aArgv[i+1]);
|
||||
i++;
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((strcmp(aArgv[i], "-sbTestingReadPath") == 0) && (i + 1 < aArgc)) {
|
||||
MOZ_ASSERT(nTestingReadPaths < MAX_TESTING_READ_PATHS);
|
||||
testingReadPaths[nTestingReadPaths] = aArgv[i+1];
|
||||
nTestingReadPaths++;
|
||||
i++;
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((strcmp(aArgv[i], "-profile") == 0) && (i + 1 < aArgc)) {
|
||||
aInfo.hasSandboxedProfile = true;
|
||||
aInfo.profileDir.assign(aArgv[i+1]);
|
||||
i++;
|
||||
continue;
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
if ((strcmp(aArgv[i], "-sbDebugWriteDir") == 0) && (i + 1 < aArgc)) {
|
||||
aInfo.debugWriteDir.assign(aArgv[i+1]);
|
||||
i++;
|
||||
continue;
|
||||
}
|
||||
#endif // DEBUG
|
||||
|
||||
// Handle positional arguments
|
||||
if (strstr(aArgv[i], "org.mozilla.machname") != NULL) {
|
||||
foundParentPort = true;
|
||||
aInfo.parentPort.assign(aArgv[i]);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strstr(aArgv[i], "gecko-crash-server-pipe") != NULL) {
|
||||
aInfo.crashServerPort.assign(aArgv[i]);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if (!foundSandboxLevel) {
|
||||
fprintf(stderr, "Content sandbox disabled due to "
|
||||
"missing sandbox CLI level parameter.\n");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!foundValidSandboxLevel) {
|
||||
fprintf(stderr, "Content sandbox disabled due to invalid"
|
||||
"sandbox level (%d)\n", aInfo.level);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!foundParentPort) {
|
||||
fprintf(stderr, "Content sandbox disabled due to "
|
||||
"missing sandbox CLI parent port parameter.\n");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!foundAppPath) {
|
||||
fprintf(stderr, "Content sandbox disabled due to "
|
||||
"missing sandbox CLI app path parameter.\n");
|
||||
return false;
|
||||
}
|
||||
|
||||
aInfo.testingReadPath1 = testingReadPaths[0];
|
||||
aInfo.testingReadPath2 = testingReadPaths[1];
|
||||
aInfo.testingReadPath3 = testingReadPaths[2];
|
||||
aInfo.testingReadPath4 = testingReadPaths[3];
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns true if no errors were encountered or if early sandbox startup is
|
||||
* not enabled for this process. Returns false if an error was encountered.
|
||||
*/
|
||||
bool
|
||||
EarlyStartMacSandboxIfEnabled(int aArgc, char** aArgv,
|
||||
std::string &aErrorMessage)
|
||||
{
|
||||
bool earlyStartupEnabled = false;
|
||||
|
||||
// Check for the -sbStartup CLI parameter which
|
||||
// indicates we should start the sandbox now.
|
||||
for (int i = 0; i < aArgc; i++) {
|
||||
if (strcmp(aArgv[i], "-sbStartup") == 0) {
|
||||
earlyStartupEnabled = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// The sandbox will be started later when/if parent
|
||||
// sends the sandbox startup message. Return true
|
||||
// indicating no errors occurred.
|
||||
if (!earlyStartupEnabled) {
|
||||
return true;
|
||||
}
|
||||
|
||||
MacSandboxInfo info;
|
||||
info.type = MacSandboxType_Content;
|
||||
if (!GetContentSandboxParamsFromArgs(aArgc, aArgv, info)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return StartMacSandbox(info, aErrorMessage);
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
/*
|
||||
* Ensures that a process sandbox is enabled by attempting to enable
|
||||
* a new sandbox policy and ASSERT'ing that this fails. This depends
|
||||
* on sandbox_init() failing when called again after a sandbox has
|
||||
* already been successfully enabled.
|
||||
*/
|
||||
void
|
||||
AssertMacSandboxEnabled()
|
||||
{
|
||||
char *errorbuf = NULL;
|
||||
int rv = sandbox_init("(version 1)(deny default)", 0, &errorbuf);
|
||||
MOZ_ASSERT(rv != 0);
|
||||
}
|
||||
#endif /* DEBUG */
|
||||
|
||||
} // namespace mozilla
|
||||
|
|
|
@ -6,8 +6,6 @@
|
|||
#ifndef mozilla_SandboxPolicies_h
|
||||
#define mozilla_SandboxPolicies_h
|
||||
|
||||
#define MAX_TESTING_READ_PATHS 4
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
static const char pluginSandboxRules[] = R"SANDBOX_LITERAL(
|
||||
|
@ -52,17 +50,16 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
|
|||
(define sandbox-level-3 (param "SANDBOX_LEVEL_3"))
|
||||
(define macosMinorVersion (string->number (param "MAC_OS_MINOR")))
|
||||
(define appPath (param "APP_PATH"))
|
||||
(define appBinaryPath (param "APP_BINARY_PATH"))
|
||||
(define appdir-path (param "APP_DIR"))
|
||||
(define hasProfileDir (param "HAS_SANDBOXED_PROFILE"))
|
||||
(define profileDir (param "PROFILE_DIR"))
|
||||
(define hasWindowServer (param "HAS_WINDOW_SERVER"))
|
||||
(define home-path (param "HOME_PATH"))
|
||||
(define debugWriteDir (param "DEBUG_WRITE_DIR"))
|
||||
(define testingReadPath1 (param "TESTING_READ_PATH1"))
|
||||
(define testingReadPath2 (param "TESTING_READ_PATH2"))
|
||||
(define testingReadPath3 (param "TESTING_READ_PATH3"))
|
||||
(define testingReadPath4 (param "TESTING_READ_PATH4"))
|
||||
(define parentPort (param "PARENT_PORT"))
|
||||
(define crashPort (param "CRASH_PORT"))
|
||||
|
||||
(if (string=? should-log "TRUE")
|
||||
(deny default)
|
||||
|
@ -84,12 +81,12 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
|
|||
(subpath "/System")
|
||||
(subpath "/usr/lib")
|
||||
(subpath "/Library/GPUBundles")
|
||||
(subpath appPath))
|
||||
(subpath appdir-path))
|
||||
(allow file-read*
|
||||
(subpath "/System")
|
||||
(subpath "/usr/lib")
|
||||
(subpath "/Library/GPUBundles")
|
||||
(subpath appPath)))
|
||||
(subpath appdir-path)))
|
||||
|
||||
; Allow read access to standard system paths.
|
||||
(allow file-read*
|
||||
|
@ -188,14 +185,6 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
|
|||
(ipc-posix-name-regex #"^CFPBS:"))
|
||||
|
||||
(allow signal (target self))
|
||||
(if (string? parentPort)
|
||||
(allow mach-lookup (global-name parentPort)))
|
||||
(if (string? crashPort)
|
||||
(allow mach-lookup (global-name crashPort)))
|
||||
(if (string=? hasWindowServer "TRUE")
|
||||
(allow mach-lookup (global-name "com.apple.windowserver.active")))
|
||||
(allow mach-lookup (global-name "com.apple.coreservices.launchservicesd"))
|
||||
(allow mach-lookup (global-name "com.apple.lsd.mapdb"))
|
||||
|
||||
(if (>= macosMinorVersion 13)
|
||||
(allow mach-lookup
|
||||
|
@ -241,7 +230,9 @@ static const char contentSandboxRules[] = R"SANDBOX_LITERAL(
|
|||
(home-subpath "/Library/Colors")
|
||||
(home-subpath "/Library/Keyboard Layouts")
|
||||
(home-subpath "/Library/Input Methods")
|
||||
(home-subpath "/Library/Spelling"))
|
||||
(home-subpath "/Library/Spelling")
|
||||
(literal appPath)
|
||||
(literal appBinaryPath))
|
||||
|
||||
(if (defined? 'file-map-executable)
|
||||
(begin
|
||||
|
|
|
@ -1,17 +1,20 @@
|
|||
[ShowSSEConfig]
|
||||
[TestPrintf]
|
||||
[TestAppShellSteadyState]
|
||||
[TestAlgorithm]
|
||||
[TestArray]
|
||||
[TestArrayUtils]
|
||||
[TestAtomics]
|
||||
[TestBinarySearch]
|
||||
[TestBloomFilter]
|
||||
[TestBufferList]
|
||||
[TestCasting]
|
||||
[TestCeilingFloor]
|
||||
[TestCheckedInt]
|
||||
[TestCountPopulation]
|
||||
[TestCountZeroes]
|
||||
[TestDefineEnum]
|
||||
[TestDoublyLinkedList]
|
||||
[TestDllInterceptor]
|
||||
skip-if = os != 'win'
|
||||
[TestEndian]
|
||||
|
@ -20,6 +23,7 @@ skip-if = os != 'win'
|
|||
[TestEnumTypeTraits]
|
||||
[TestFastBernoulliTrial]
|
||||
[TestFloatingPoint]
|
||||
[TestFunctionTypeTraits]
|
||||
[TestIntegerPrintfMacros]
|
||||
[TestIntegerRange]
|
||||
[TestJSONWriter]
|
||||
|
@ -28,12 +32,16 @@ skip-if = os != 'win'
|
|||
[TestMacroForEach]
|
||||
[TestMathAlgorithms]
|
||||
[TestMaybe]
|
||||
[TestNonDereferenceable]
|
||||
[TestNotNull]
|
||||
[TestParseFTPList]
|
||||
[TestPLDHash]
|
||||
[TestPair]
|
||||
[TestPoisonArea]
|
||||
skip-if = os == 'android' # Bug 1147630
|
||||
[TestRange]
|
||||
[TestRefPtr]
|
||||
[TestResult]
|
||||
[TestRollingMean]
|
||||
[TestScopeExit]
|
||||
[TestSegmentedVector]
|
||||
|
@ -44,14 +52,18 @@ skip-if = os == 'android' # Bug 1147630
|
|||
[TestSPSCQueue]
|
||||
[TestSyncRunnable]
|
||||
[TestTemplateLib]
|
||||
[TestTextUtils]
|
||||
[TestThreadSafeWeakPtr]
|
||||
[TestTuple]
|
||||
[TestTypeTraits]
|
||||
[TestTypedEnum]
|
||||
[TestUniquePtr]
|
||||
[TestUtf8]
|
||||
[TestVariant]
|
||||
[TestVector]
|
||||
[TestVolatileBuffer]
|
||||
[TestWeakPtr]
|
||||
[TestWrappingOperations]
|
||||
[TestXorShift128PlusRNG]
|
||||
[buffered_stun_socket_unittest]
|
||||
[ice_unittest]
|
||||
|
|
|
@ -850,7 +850,7 @@ ICEStats.prototype = {
|
|||
var type = c.candidateType;
|
||||
|
||||
if (c.type == "local-candidate" && c.candidateType == "relayed") {
|
||||
type = `${c.candidateType}-${c.mozLocalTransport}`;
|
||||
type = `${c.candidateType}-${c.relayProtocol}`;
|
||||
}
|
||||
|
||||
return `${c.ipAddress}:${c.portNumber}/${c.transport}(${type})`;
|
||||
|
|
|
@ -716,14 +716,7 @@ Preamble_gettimeofday(CallArguments* aArguments)
|
|||
static PreambleResult
|
||||
Preamble_fcntl(CallArguments* aArguments)
|
||||
{
|
||||
// We don't record any outputs for fcntl other than its return value, but
|
||||
// some commands have an output parameter they write additional data to.
|
||||
// Handle this by only allowing a limited set of commands to be used when
|
||||
// events are not passed through and we are recording/replaying the outputs.
|
||||
if (AreThreadEventsPassedThrough()) {
|
||||
return PreambleResult::Redirect;
|
||||
}
|
||||
|
||||
// Make sure fcntl is only used with a limited set of commands.
|
||||
auto& cmd = aArguments->Arg<1, size_t>();
|
||||
switch (cmd) {
|
||||
case F_GETFL:
|
||||
|
|
|
@ -6,13 +6,6 @@
|
|||
|
||||
#include "nsMacUtilsImpl.h"
|
||||
|
||||
#include "base/command_line.h"
|
||||
#include "nsDirectoryServiceDefs.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIFile.h"
|
||||
#include "nsIProperties.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
|
||||
#include <CoreFoundation/CoreFoundation.h>
|
||||
|
||||
NS_IMPL_ISUPPORTS(nsMacUtilsImpl, nsIMacUtils)
|
||||
|
@ -132,64 +125,3 @@ nsMacUtilsImpl::GetIsTranslated(bool* aIsTranslated)
|
|||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
bool
|
||||
nsMacUtilsImpl::GetAppPath(nsCString &aAppPath)
|
||||
{
|
||||
nsAutoCString appPath;
|
||||
nsAutoCString appBinaryPath(
|
||||
(CommandLine::ForCurrentProcess()->argv()[0]).c_str());
|
||||
|
||||
nsAutoCString::const_iterator start, end;
|
||||
appBinaryPath.BeginReading(start);
|
||||
appBinaryPath.EndReading(end);
|
||||
if (RFindInReadable(NS_LITERAL_CSTRING(".app/Contents/MacOS/"), start, end)) {
|
||||
end = start;
|
||||
++end; ++end; ++end; ++end;
|
||||
appBinaryPath.BeginReading(start);
|
||||
appPath.Assign(Substring(start, end));
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIFile> app;
|
||||
nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(appPath),
|
||||
true, getter_AddRefs(app));
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
rv = app->Normalize();
|
||||
if (NS_FAILED(rv)) {
|
||||
return false;
|
||||
}
|
||||
app->GetNativePath(aAppPath);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
#if defined(DEBUG)
|
||||
// Given a path to a file, return the directory which contains it.
|
||||
nsAutoCString
|
||||
nsMacUtilsImpl::GetDirectoryPath(const char *aPath)
|
||||
{
|
||||
nsCOMPtr<nsIFile> file = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID);
|
||||
if (!file ||
|
||||
NS_FAILED(file->InitWithNativePath(nsDependentCString(aPath)))) {
|
||||
MOZ_CRASH("Failed to create or init an nsIFile");
|
||||
}
|
||||
nsCOMPtr<nsIFile> directoryFile;
|
||||
if (NS_FAILED(file->GetParent(getter_AddRefs(directoryFile))) ||
|
||||
!directoryFile) {
|
||||
MOZ_CRASH("Failed to get parent for an nsIFile");
|
||||
}
|
||||
directoryFile->Normalize();
|
||||
nsAutoCString directoryPath;
|
||||
if (NS_FAILED(directoryFile->GetNativePath(directoryPath))) {
|
||||
MOZ_CRASH("Failed to get path for an nsIFile");
|
||||
}
|
||||
return directoryPath;
|
||||
}
|
||||
#endif /* DEBUG */
|
||||
#endif /* MOZ_CONTENT_SANDBOX */
|
||||
|
|
|
@ -21,14 +21,6 @@ public:
|
|||
{
|
||||
}
|
||||
|
||||
#if defined(MOZ_CONTENT_SANDBOX)
|
||||
static bool GetAppPath(nsCString &aAppPath);
|
||||
|
||||
#ifdef DEBUG
|
||||
static nsAutoCString GetDirectoryPath(const char *aPath);
|
||||
#endif /* DEBUG */
|
||||
#endif /* MOZ_CONTENT_SANDBOX */
|
||||
|
||||
private:
|
||||
~nsMacUtilsImpl()
|
||||
{
|
||||
|
|
Загрузка…
Ссылка в новой задаче