The WMF audio decoder recalculated the timestamp of each audio sample according to the number of frames decoded so far.
This is incompatible with the trimming mechanism that rely on the timestamps of the audio to be matching what is found in the container.
All the other audio decoders do it that way already.
Depends on D20969
Differential Revision: https://phabricator.services.mozilla.com/D21305
--HG--
extra : moz-landing-system : lando
This prevents re-creating a new audio decoder which on Android can take an awful long time.
Differential Revision: https://phabricator.services.mozilla.com/D20969
--HG--
extra : moz-landing-system : lando
This adds a mechanism that discards tabs when the browser detects a low-memory
scenario. Tabs are discarded in LRU order prioritizing regular tabs over
pinned ones, pinned ones over tabs playing audio and all of the previous over
pinned tabs playing audio.
Differential Revision: https://phabricator.services.mozilla.com/D20476
--HG--
extra : moz-landing-system : lando
This removes the need to go through the browser-to-tab mapping when discarding
a tab and simplifies the relevant code. Besides being renamed discardBrowser()
was also split so that one can check if a tab can be discarded prior to trying
it.
Differential Revision: https://phabricator.services.mozilla.com/D20475
--HG--
extra : moz-landing-system : lando
As per the following change to the HTML spec:
86b05f8a07
when running a requestAnimationFrame callback it should be possible to cancel
another requestAnimationFrame callback scheduled to run in the same frame by
using cancelAnimationFrame.
See issue:
https://github.com/whatwg/html/issues/4359
Differential Revision: https://phabricator.services.mozilla.com/D20974
--HG--
extra : moz-landing-system : lando
In the next patch in this series we want to compare the handle of frame
callbacks we are about to run, with a set of canceled handles stored on the
document. This patch makes us pass the handles along with the callbacks so we
can do that.
Incidentally doing this allows us to just swap array elements when building up
the refresh driver's set of callbacks to run. That is hopefully a little more
efficient than running the implicit conversion operator on each item and then
appending to an array.
Differential Revision: https://phabricator.services.mozilla.com/D20973
--HG--
extra : moz-landing-system : lando
* Add form autofill outcome AUTOFILL_RESULT.PASSWORD_AUTOCOMPLETE_NEW_PASSWORD
* Autocomplete behavior is not changed
Differential Revision: https://phabricator.services.mozilla.com/D21274
--HG--
extra : moz-landing-system : lando
Each instance has an instance of Java ExoPlayer that consumes memory in the
limited JVM heap. Too many concurrent players will cause OutOfMemoryError.
Differential Revision: https://phabricator.services.mozilla.com/D20420
--HG--
extra : moz-landing-system : lando
When reviewing https://bugzilla.mozilla.org/show_bug.cgi?id=1521052 I did not think about Firefox for Android which is not using e10s.
This means the main DebuggerServer will be killed when there are no connections left. Happy to discuss more about the preferred solution.
This is a regression in 66 and I hope to uplift a fix for this.
Differential Revision: https://phabricator.services.mozilla.com/D20830
--HG--
extra : moz-landing-system : lando
The seccomp-bpf policy is currently just the "common" policy with no
additions (but with the fixes in bug 1511560 to enable shared memory
creation). The file broker policy allows shared memory creation and
nothing else. The namespace setup is the same as for GMP (i.e., as
restrictive as we currently can be).
The sandbox can be turned off for troubleshooting by setting the
environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other
process types.
Tested against https://demo.bitmovin.com/public/firefox/av1/ with the
necessary prefs set.
Depends on D20895
Differential Revision: https://phabricator.services.mozilla.com/D14525
--HG--
extra : moz-landing-system : lando
Counting CPUs accesses the filesystem (sysfs or procfs), which we'd like
to disallow when sandboxed if possible, and fails silently if access
is denied. Because the CPU count rarely changes, this patch handles
that problem for the RDD process by caching a copy before starting
sandboxing.
Tested with a local patch to have the sandbox file broker client crash
if accessing the sysfs node for the CPU count, to verify that it's not
accessed.
Depends on D14524
Differential Revision: https://phabricator.services.mozilla.com/D20895
--HG--
extra : moz-landing-system : lando
File descriptors are sometimes dup()ed in the process of communicating
them over IPC; some of this may be unnecessary (due to insufficient
use of move-only types), but dup() is relatively harmless. It was
previously allowed for both content and GMP, so this doesn't change
anything.
The handling of ftruncate is a little complicated -- it's used for IPC
shared memory, but only when creating segments; so GMP doesn't allow
it and should continue not allowing it, but content needs it and RDD
will as well. As a result, the subclass indicates if it will be needed.
Note that even when we have memfd_create support (bug 1440203),
ftruncate is still necessary even though brokering may not.
Depends on D14523
Differential Revision: https://phabricator.services.mozilla.com/D14524
--HG--
extra : moz-landing-system : lando
The sandbox broker uses socketpair to construct the per-request channels
over which responses are sent; thus, if and only if the policy will be
using brokering, it will allow socketpair as safely as possible (i.e.,
denying datagram sockets if possible).
Depends on D14522
Differential Revision: https://phabricator.services.mozilla.com/D14523
--HG--
extra : moz-landing-system : lando
madvise is used by our malloc (and probably others), and mprotect is
used with shared memory, including when created by another process, so
the common policy should include those rules.
Depends on D14521
Differential Revision: https://phabricator.services.mozilla.com/D14522
--HG--
extra : moz-landing-system : lando
This will allow other policies to use brokering if needed (e.g., RDD and
similar utility processes may need to access /dev/shm to create shared
memory). The concrete policy class can deny filesystem access completely
(matching the current behavior of the GMP policy) by passing nullptr to
the superclass constructor instead.
Depends on D14520
Differential Revision: https://phabricator.services.mozilla.com/D14521
--HG--
extra : moz-landing-system : lando
ContentSandboxPolicy currently allows direct filesystem access if it
isn't given a broker client; this is a legacy design from the B2G era,
before the current idea of "sandbox level". With this patch, it allows
filesystem access at level 1, and above that it requires brokering.
This is both to reduce the opportunities for accidentally having a
too-permissive sandbox and to prepare for refactoring the broker glue in
bug 1511560.
Depends on D14519
Differential Revision: https://phabricator.services.mozilla.com/D14520
--HG--
extra : moz-landing-system : lando
Level 1 is meant to enable some seccomp-bpf filtering, but still allow
direct access to the filesystem, and level 2 is where brokering starts.
This was accidentally broken in 1365257 (making "level 1" act like level
2); this patch fixes that.
This feature obviously isn't used much given how long nobody noticed it was
broken, but it's useful to have around for troubleshooting, and it's
actually easier to fix it than edit it out of the documentation.
Differential Revision: https://phabricator.services.mozilla.com/D14519
--HG--
extra : moz-landing-system : lando
This disables the camera for win64-aarch64 for Windows versions below
19H1. These versions have problems with the DirectShow implementation
which prevent the camera from working properly.
Differential Revision: https://phabricator.services.mozilla.com/D21272
--HG--
extra : moz-landing-system : lando
When a user first upgrades to a version where incognito is enabled,
add the permission to all enabled extensions. This preserves user workflow
and addresses other issues (e.g. proxy). This will only happen once.
Differential Revision: https://phabricator.services.mozilla.com/D19442
--HG--
extra : moz-landing-system : lando
Ciure Andrei
Dorel Luca
Jean-Yves Avenard
Jeff Gilbert
Nika Layzell
Gabriele Svelto
Robert Strong
Brian Birtles
Steve Fink
Byron Campen [:bwc]
James Willcox
Nihanth Subramanya
Mike Conley
Johann Hofmann
jcit
Sam Foster
John Lin
Felipe Gomes
Andrea Marchesini
Julian Descottes
Jed Davis
Dan Minor
Botond Ballo
Shane Caraveo