Since ContentChild itself may be created before the observer service is
started, we cannot create an observer to simply listen for the
xpcom-shutdown event. Thankfully we do not need to do anything special
upon receiving the event -- we just need to know if it has been fired
when we called RecvSetXPCOMProcessAttributes. As such, this patch
creates a canary using ClearOnShutdown. If the canary is cleared, then
we know xpcom-shutdown has been issued, and we should abort the
initialization process.
fixup
It has been observed on nightly and beta that the compositer thread
fails to shutdown gracefully due to lingering references. From what
can be determined, it appears as if the content process references
are what are keeping it alive. The shutdown of CompositorBridgeChild
was altered because a top level protocol was added above it in a
previous change in bug 1365927. This protocol tree is ultimately
what is keeping the thread alive. As such, this patch adds an
explicit shutdown of the protocol, to ensure it gets released in a
timely manner.
This change will be backed out if it appears to have no effect on
the crash rate in nightly 57.
These are all easy cases where an nsXPIDLCString local variable is set via
getter_Copies() and then is only used in ways that nsCStrings can also be used
(i.e. no null checks or implicit conversions to |char*|).
In every case the patch trivially replaces the nsXPIDLCString with an
nsCString. (Also, there are a couple of unused nsXPIDLCString variables that
the patch simply removes.)
I don't bother to label the runnables in the parent process being fired by
VisitedQuery, as we are not planning to perform scheduling in the parent process
if I remember correctly. It would be possible to label those runnables as well.
MozReview-Commit-ID: EosNOu62fEV
Moves IsDevelopmentBuild(), GetRepoDir(), and GetObjectDir() out of
SandboxSettings because they also need to be used by ExtensionProtocolHandler
to do security checks on developer builds as a result of how developer builds
rely on symlinks to the repo dir from system extension directories.
Remove the Linux-implementation of GetRepoDir() and GetObjectDir()
because the Linux content sandbox implementation and the
ExtensionProtocolHandler checks don't need them.
MozReview-Commit-ID: KwBFUnh6Cml
--HG--
extra : rebase_source : 3529a18ea802699ff968b798a7c560613469809b
Without this patch, all remote process types share a process name of
"Web Content". With this patch, specific names are added for "file",
"extension", and "webLargeAllocationTypes", with the default of "web"
left as the default "Web Content".
This patch also eliminates undocumented b2g-era legacy logic that had a
notion of whether it's acceptable to override the process name. In the
b2g era, I believe processes were named based on the "app" that was
running. It would have made sense to have the process initially named
the preallocated process, then to change the process to its app name
when specialized, trying to make it hard/impossible for the process to
rename itself so it couldn't masquerade as another app if it became
compromised.
--HG--
extra : source : c76be2df2c2855ddf2fafc323ddb2898dd65eba4
nsXPIDLStrings are marked as VOIDED upon initialization. Most of these local
nsXPIDLString variables are immediately set via getter_Copies(), which will
either assign a string value (using Adopt()) or do SetIsVoid(). These can be
trivially converted to nsString, which will get the same treatment.
The patch suitably converts the remaining nsXPIDLString local variable as well.
--HG--
extra : rebase_source : 5fff9f2c6844559198f601853f8db08564add7d5
This is similar like the previous patch, but for the 8-bit string variants.
Also, it changes assignment to Adopt() in GetCString() and GetDefaultCString()
to avoid an extra copy.
--HG--
extra : rebase_source : eba805c3a7b809d5ccd6e853b1c9010db9477667
On Mac developer builds, read the repo path and object dir path from the
Info.plist files in the application bundle instead of the
MOZ_DEVELOPER_REPO_DIR and MOZ_DEVELOPER_OBJ_DIR environment variables.
MozReview-Commit-ID: 8UtjkNPGUM1
--HG--
extra : rebase_source : 3e4ce32f2e2c40f8d899bc9190e48298081458d9
On developer builds, use $MOZ_DEVELOPER_OBJ_DIR to whitelist the object dir in the content sandbox so that symlinks to the object dir from .app/ files can be loaded.
MozReview-Commit-ID: J4YdpxgbD8i
--HG--
extra : rebase_source : 19e369fe9ae29418d9d79e1fb83246474d858f34
Alessio Placitelli
Mats Palmgren
Andrew Osmond
Andrea Marchesini
Jonathan Kew
Michael Layzell
Bevis Tseng
Stone Shih
Nicholas Nethercote
Sebastian Hengst
Bill McCloskey
Haik Aftandilian
Eric Rahm
Jan Varga
Andrew Sutherland
Amy Chung
Chun-Min Chang
Carsten "Tomcat" Book
Gian-Carlo Pascutto
Marco Castelluccio
Ryan VanderMeulen
Samael Wang