Use a new executable for the GMP process named "<App Name> Media Plugin Helper" so that the content processes (using the plugin-container executable) and the GMP process can be signed with different entitlements allowing for the use of more secure entitlements.
In order for the new executable to load the Widevine plugin, a change is needed in the codesigning infrastructure repo to generate the .sig file for the new executable.
To get the security benefits of using a new executable for GMP, additional changes are needed in the codesigning infrastructure repo to enable signing plugin-container and the new executable with a reduced set of entitlements.
The executable is a copy of plugin-container renamed as "<App Name> Media Plugin Helper" so it appears with a user friendly name in Activity Monitor. For example, "Firefox Media Plugin Helper". (The GMP process runs with limited privileges preventing it from setting its own "nice" process name.)
Pref off the change until the .sig file change lands and media playback has been validated on production builds.
Differential Revision: https://phabricator.services.mozilla.com/D175796
Use a new executable for the GMP process named "<App Name> Media Plugin Helper" so that the content processes (using the plugin-container executable) and the GMP process can be signed with different entitlements allowing for the use of more secure entitlements.
To get the benefits of using a new executable for GMP, additional changes are needed in the codesigning infrastructure repo to enable signing plugin-container and the new executable with a reduced set of entitlements.
The executable is built as media-plugin-helper and then renamed to "<App Name> Media Plugin Helper" so it appears with a user friendly name in Activity Monitor. For example, "Firefox Media Plugin Helper". (The GMP process runs with limited privileges preventing it from setting its own "nice" process name.)
Limit the change to Nightly at this time to allow validation of using a new executable and then enabling the strong entitlements.
Differential Revision: https://phabricator.services.mozilla.com/D175796
As with the socket process, we can't automated test that the block works in the GPU process, but I manually verified this. I did add an automated test that ensures blocking something in the GPU process doesn't block it in other processes.
Differential Revision: https://phabricator.services.mozilla.com/D167399
As with the socket process, we can't automated test that the block works in the GPU process, but I manually verified this. I did add an automated test that ensures blocking something in the GPU process doesn't block it in other processes.
Differential Revision: https://phabricator.services.mozilla.com/D167399
Now that SetGeckoProcessType() is called earlier, we can use that to determine if we are a utility process instead of parsing command-line arguments
Differential Revision: https://phabricator.services.mozilla.com/D158811
This means we can include these files in other binaries when we need earlier
access to the process type and use consistent code.
Differential Revision: https://phabricator.services.mozilla.com/D152198
Change XUL and other dylibs to be built with an @rpath/<dylib> install name (LC_ID_DYLIB) instead of @executable_path/<dylib>.
Change executables to be built with an @rpath dyld search path set to @executable_path by default so that @rpath/<dylib> dylibs in the same directory can be resolved. For executables not in the same directory as @rpath dylibs, such as plugin-container, set a relative @rpath such as @executable_path/../../../.
Previously, dylib install names were set as @executable_path/<dylib> allowing them to be resolved by dyld for the loading executable if the executable resided in the same directory as the dylib. For executables not in the same directory as the dylibs, dyld resolved these dylibs using DYLD_LIBRARY_PATH set before launching the process by Firefox code. With this change, loading does not rely on DYLD environment variables. Instead, dylibs have an install name set as @rpath/<dylib> and each executable loading a dylib has its @rpath set at compile-time to refer to dylib directory.
Differential Revision: https://phabricator.services.mozilla.com/D147360
This patch adds a library that contains an interposer function for
pthread_create(). The interposer will setup an alternate signal stack to
handle crashes - thus enabling us to catch stack overflows - and then call the
real pthread_create() function. Since the interposer needs to appear in the
linker's search order before libpthread we manually link it into firefox,
plugin-container and xpcshell's executables ASAP.
Differential Revision: https://phabricator.services.mozilla.com/D132736
While mingw builds don't require user32 and advapi32 explicitly, it doesn't
hurt for them to be there (and they're required for clang-cl build).
Likewise, while clang-builds don't require uuid and userenv explicitly
because they're pulled in via #pragmas in the source code, mingw doesn't
support those #pragmas and needs them explicitly, which doesn't hurt the
clang-cl builds.
Differential Revision: https://phabricator.services.mozilla.com/D134737
While mingw builds don't require user32 and advapi32 explicitly, it doesn't
hurt for them to be there (and they're required for clang-cl build).
Likewise, while clang-builds don't require uuid and userenv explicitly
because they're pulled in via #pragmas in the source code, mingw doesn't
support those #pragmas and needs them explicitly, which doesn't hurt the
clang-cl builds.
Differential Revision: https://phabricator.services.mozilla.com/D134737
In optimized builds, it's stripped out at link time, because it's been
unused since bug 1505445 moved the sandbox initialization into libxul.
But in non-optimized builds, it's not, and that pulls in CoreFoundation
symbols, but we're not linking plugin-container against CoreFoundation
(we do link firefox to it for other uses).
This wasn't a problem before bug 1747160 because we were linking
everything against CoreFoundation (indirectly).
Differential Revision: https://phabricator.services.mozilla.com/D134587
We will only run the processes in CET compatible modules only mode when not
using the JIT code. So marking xul.dll as compatible should be OK.
Differential Revision: https://phabricator.services.mozilla.com/D117551
We know that some GV installations (particularly but not exlcusively Focus) are
failing to load `libxul.so` during early Gecko bootstrapping. Unfortunately
a boolean pass/fail result is not giving us sufficient information to be able to
properly troubleshoot this problem.
This patch adds `mozilla::Result`-based return values to `XPCOMGlueLoad` and
`GetBootstrap` in an effort to produce more actionable information about these
failures.
We include either a `nsresult` or, if the failure is rooted in a dynamic linker
failure, appropriate platform-specific error information:
* On Unix-based platforms, a `UniqueFreePtr<char>` containing the string from `dlerror(3)`;
* On Windows, the Win32 `DWORD` error code from `GetLastError()`.
For non-Android platforms, I updated them to handle the new return type, but
otherwise did not make any further changes.
For Android, we include the error information in the message string that we pass
into the Java `Exception` that is subsequently thrown.
Differential Revision: https://phabricator.services.mozilla.com/D104263
Since python creates little-endian utf-16 consistently whether
cross-compiling from Linux or compiling natively on macOS, we could
write a small script that essentially replaces iconv. On the other hand,
we're also doing some manual preprocessing on the InfoPlist.strings.in
files, and we might as well use the preprocessor for that.
So, we augment the preprocessor to allow an explicit output encoding
other than utf-8, and use the preprocessor instead of `sed | iconv`.
Differential Revision: https://phabricator.services.mozilla.com/D96013
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
This patch introduces `nt::VirtualQuery` which consumes only ntdll's functions
to reduce dependency in `MMPolicy` on kernel32.dll. With this, `MMPolicy` still
depends on kernel32.dll, that will be solved by a coming patch.
Differential Revision: https://phabricator.services.mozilla.com/D68342
--HG--
extra : moz-landing-system : lando
This patch introduces `nt::VirtualQuery` which consumes only ntdll's functions
to reduce dependency in `MMPolicy` on kernel32.dll. With this, `MMPolicy` still
depends on kernel32.dll, that will be solved by a coming patch.
Differential Revision: https://phabricator.services.mozilla.com/D68342
--HG--
extra : moz-landing-system : lando
Florian Quèze
Sandor Molnar
Haik Aftandilian
Narcis Beleuzu
Gabriele Svelto
Stephen A Pohl
Greg Stoll
Cosmin Sabou
Ryan VanderMeulen
Bob Owen
Cristian Tuns
Alexandre Lissy
Mike Hommey
Iulian Moraru
Aaron Klotz
Ricky Stewart
Bogdan Tara
Dorel Luca
Toshihito Kikuchi
Daniel Varga