summaryrefslogtreecommitdiffstats
path: root/dom/media/gmp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
commit26a029d407be480d791972afb5975cf62c9360a6 (patch)
treef435a8308119effd964b339f76abb83a57c29483 /dom/media/gmp
parentInitial commit. (diff)
downloadfirefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz
firefox-26a029d407be480d791972afb5975cf62c9360a6.zip
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/media/gmp')
-rw-r--r--dom/media/gmp/CDMStorageIdProvider.cpp68
-rw-r--r--dom/media/gmp/CDMStorageIdProvider.h41
-rw-r--r--dom/media/gmp/ChromiumCDMAdapter.cpp307
-rw-r--r--dom/media/gmp/ChromiumCDMAdapter.h81
-rw-r--r--dom/media/gmp/ChromiumCDMCallback.h56
-rw-r--r--dom/media/gmp/ChromiumCDMCallbackProxy.cpp159
-rw-r--r--dom/media/gmp/ChromiumCDMCallbackProxy.h62
-rw-r--r--dom/media/gmp/ChromiumCDMChild.cpp866
-rw-r--r--dom/media/gmp/ChromiumCDMChild.h148
-rw-r--r--dom/media/gmp/ChromiumCDMParent.cpp1371
-rw-r--r--dom/media/gmp/ChromiumCDMParent.h232
-rw-r--r--dom/media/gmp/ChromiumCDMProxy.cpp638
-rw-r--r--dom/media/gmp/ChromiumCDMProxy.h136
-rw-r--r--dom/media/gmp/DecryptJob.cpp46
-rw-r--r--dom/media/gmp/DecryptJob.h36
-rw-r--r--dom/media/gmp/GMPCallbackBase.h24
-rw-r--r--dom/media/gmp/GMPChild.cpp798
-rw-r--r--dom/media/gmp/GMPChild.h123
-rw-r--r--dom/media/gmp/GMPContentChild.cpp131
-rw-r--r--dom/media/gmp/GMPContentChild.h70
-rw-r--r--dom/media/gmp/GMPContentParent.cpp223
-rw-r--r--dom/media/gmp/GMPContentParent.h108
-rw-r--r--dom/media/gmp/GMPCrashHelper.h37
-rw-r--r--dom/media/gmp/GMPCrashHelperHolder.cpp31
-rw-r--r--dom/media/gmp/GMPCrashHelperHolder.h63
-rw-r--r--dom/media/gmp/GMPDiskStorage.cpp454
-rw-r--r--dom/media/gmp/GMPLoader.cpp203
-rw-r--r--dom/media/gmp/GMPLoader.h80
-rw-r--r--dom/media/gmp/GMPLog.h62
-rw-r--r--dom/media/gmp/GMPMemoryStorage.cpp75
-rw-r--r--dom/media/gmp/GMPMessageUtils.h190
-rw-r--r--dom/media/gmp/GMPNativeTypes.h18
-rw-r--r--dom/media/gmp/GMPParent.cpp1372
-rw-r--r--dom/media/gmp/GMPParent.h258
-rw-r--r--dom/media/gmp/GMPPlatform.cpp296
-rw-r--r--dom/media/gmp/GMPPlatform.h45
-rw-r--r--dom/media/gmp/GMPProcessChild.cpp56
-rw-r--r--dom/media/gmp/GMPProcessChild.h40
-rw-r--r--dom/media/gmp/GMPProcessParent.cpp382
-rw-r--r--dom/media/gmp/GMPProcessParent.h105
-rw-r--r--dom/media/gmp/GMPSanitizedExports.h22
-rw-r--r--dom/media/gmp/GMPService.cpp574
-rw-r--r--dom/media/gmp/GMPService.h129
-rw-r--r--dom/media/gmp/GMPServiceChild.cpp649
-rw-r--r--dom/media/gmp/GMPServiceChild.h176
-rw-r--r--dom/media/gmp/GMPServiceParent.cpp2095
-rw-r--r--dom/media/gmp/GMPServiceParent.h300
-rw-r--r--dom/media/gmp/GMPSharedMemManager.cpp89
-rw-r--r--dom/media/gmp/GMPSharedMemManager.h78
-rw-r--r--dom/media/gmp/GMPStorage.h39
-rw-r--r--dom/media/gmp/GMPStorageChild.cpp244
-rw-r--r--dom/media/gmp/GMPStorageChild.h94
-rw-r--r--dom/media/gmp/GMPStorageParent.cpp194
-rw-r--r--dom/media/gmp/GMPStorageParent.h47
-rw-r--r--dom/media/gmp/GMPTimerChild.cpp59
-rw-r--r--dom/media/gmp/GMPTimerChild.h45
-rw-r--r--dom/media/gmp/GMPTimerParent.cpp105
-rw-r--r--dom/media/gmp/GMPTimerParent.h56
-rw-r--r--dom/media/gmp/GMPTypes.ipdlh116
-rw-r--r--dom/media/gmp/GMPUtils.cpp228
-rw-r--r--dom/media/gmp/GMPUtils.h83
-rw-r--r--dom/media/gmp/GMPVideoDecoderChild.cpp210
-rw-r--r--dom/media/gmp/GMPVideoDecoderChild.h75
-rw-r--r--dom/media/gmp/GMPVideoDecoderParent.cpp461
-rw-r--r--dom/media/gmp/GMPVideoDecoderParent.h103
-rw-r--r--dom/media/gmp/GMPVideoDecoderProxy.h57
-rw-r--r--dom/media/gmp/GMPVideoEncodedFrameImpl.cpp226
-rw-r--r--dom/media/gmp/GMPVideoEncodedFrameImpl.h116
-rw-r--r--dom/media/gmp/GMPVideoEncoderChild.cpp203
-rw-r--r--dom/media/gmp/GMPVideoEncoderChild.h75
-rw-r--r--dom/media/gmp/GMPVideoEncoderParent.cpp307
-rw-r--r--dom/media/gmp/GMPVideoEncoderParent.h85
-rw-r--r--dom/media/gmp/GMPVideoEncoderProxy.h56
-rw-r--r--dom/media/gmp/GMPVideoHost.cpp94
-rw-r--r--dom/media/gmp/GMPVideoHost.h54
-rw-r--r--dom/media/gmp/GMPVideoPlaneImpl.cpp179
-rw-r--r--dom/media/gmp/GMPVideoPlaneImpl.h61
-rw-r--r--dom/media/gmp/GMPVideoi420FrameImpl.cpp328
-rw-r--r--dom/media/gmp/GMPVideoi420FrameImpl.h80
-rw-r--r--dom/media/gmp/PChromiumCDM.ipdl129
-rw-r--r--dom/media/gmp/PGMP.ipdl89
-rw-r--r--dom/media/gmp/PGMPContent.ipdl37
-rw-r--r--dom/media/gmp/PGMPService.ipdl42
-rw-r--r--dom/media/gmp/PGMPStorage.ipdl37
-rw-r--r--dom/media/gmp/PGMPTimer.ipdl26
-rw-r--r--dom/media/gmp/PGMPVideoDecoder.ipdl50
-rw-r--r--dom/media/gmp/PGMPVideoEncoder.ipdl48
-rw-r--r--dom/media/gmp/README.txt1
-rw-r--r--dom/media/gmp/gmp-api/gmp-entrypoints.h73
-rw-r--r--dom/media/gmp/gmp-api/gmp-errors.h59
-rw-r--r--dom/media/gmp/gmp-api/gmp-platform.h102
-rw-r--r--dom/media/gmp/gmp-api/gmp-storage.h110
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-codec.h302
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-decode.h125
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-encode.h133
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-frame-encoded.h92
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-frame-i420.h142
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-frame.h48
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-host.h53
-rw-r--r--dom/media/gmp/gmp-api/gmp-video-plane.h94
-rw-r--r--dom/media/gmp/moz.build149
-rw-r--r--dom/media/gmp/mozIGeckoMediaPluginChromeService.idl58
-rw-r--r--dom/media/gmp/mozIGeckoMediaPluginService.idl131
-rw-r--r--dom/media/gmp/rlz/OWNERS4
-rw-r--r--dom/media/gmp/rlz/README.mozilla4
-rw-r--r--dom/media/gmp/rlz/lib/assert.h14
-rw-r--r--dom/media/gmp/rlz/lib/crc8.cc90
-rw-r--r--dom/media/gmp/rlz/lib/crc8.h24
-rw-r--r--dom/media/gmp/rlz/lib/machine_id.cc93
-rw-r--r--dom/media/gmp/rlz/lib/machine_id.h33
-rw-r--r--dom/media/gmp/rlz/lib/string_utils.cc34
-rw-r--r--dom/media/gmp/rlz/lib/string_utils.h20
-rw-r--r--dom/media/gmp/rlz/mac/lib/machine_id_mac.cc322
-rw-r--r--dom/media/gmp/rlz/moz.build34
-rw-r--r--dom/media/gmp/rlz/win/lib/machine_id_win.cc136
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineFileIO.cpp100
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineFileIO.h41
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineUtils.cpp61
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineUtils.h84
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp142
-rw-r--r--dom/media/gmp/widevine-adapter/WidevineVideoFrame.h54
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module.h1359
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module_export.h38
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module_ext.h64
-rw-r--r--dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h121
-rw-r--r--dom/media/gmp/widevine-adapter/moz.build21
126 files changed, 22706 insertions, 0 deletions
diff --git a/dom/media/gmp/CDMStorageIdProvider.cpp b/dom/media/gmp/CDMStorageIdProvider.cpp
new file mode 100644
index 0000000000..52255879b3
--- /dev/null
+++ b/dom/media/gmp/CDMStorageIdProvider.cpp
@@ -0,0 +1,68 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CDMStorageIdProvider.h"
+#include "GMPLog.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICryptoHash.h"
+
+#ifdef SUPPORT_STORAGE_ID
+# include "rlz/lib/machine_id.h"
+#endif
+
+namespace mozilla {
+
+/*static*/
+nsCString CDMStorageIdProvider::ComputeStorageId(const nsCString& aOriginSalt) {
+#ifndef SUPPORT_STORAGE_ID
+ return ""_ns;
+#else
+ GMP_LOG_DEBUG("CDMStorageIdProvider::ComputeStorageId");
+
+ std::string machineId;
+ if (!rlz_lib::GetMachineId(&machineId)) {
+ GMP_LOG_DEBUG(
+ "CDMStorageIdProvider::ComputeStorageId: get machineId failed.");
+ return ""_ns;
+ }
+
+ std::string originSalt(aOriginSalt.BeginReading(), aOriginSalt.Length());
+ std::string input =
+ machineId + originSalt + CDMStorageIdProvider::kBrowserIdentifier;
+ nsCOMPtr<nsICryptoHash> hasher;
+ nsresult rv = NS_NewCryptoHash(nsICryptoHash::SHA256, getter_AddRefs(hasher));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_LOG_DEBUG(
+ "CDMStorageIdProvider::ComputeStorageId: failed to initialize "
+ "hash(0x%08" PRIx32 ")",
+ static_cast<uint32_t>(rv));
+ return ""_ns;
+ }
+
+ rv = hasher->Update(reinterpret_cast<const uint8_t*>(input.c_str()),
+ input.size());
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_LOG_DEBUG(
+ "CDMStorageIdProvider::ComputeStorageId: failed to update "
+ "hash(0x%08" PRIx32 ")",
+ static_cast<uint32_t>(rv));
+ return ""_ns;
+ }
+
+ nsCString storageId;
+ rv = hasher->Finish(false, storageId);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_LOG_DEBUG(
+ "CDMStorageIdProvider::ComputeStorageId: failed to get the final hash "
+ "result(0x%08" PRIx32 ")",
+ static_cast<uint32_t>(rv));
+ return ""_ns;
+ }
+ return storageId;
+#endif
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/CDMStorageIdProvider.h b/dom/media/gmp/CDMStorageIdProvider.h
new file mode 100644
index 0000000000..6904792607
--- /dev/null
+++ b/dom/media/gmp/CDMStorageIdProvider.h
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CDMStorageIdProvider_h_
+#define CDMStorageIdProvider_h_
+
+/**
+ * CDM will try to request a latest version(0) of storage id.
+ * If the storage id computation algorithm changed, we should increase the
+ * kCurrentVersion.
+ */
+
+#include <string>
+
+#include "nsString.h"
+
+namespace mozilla {
+
+class CDMStorageIdProvider {
+ static constexpr const char* kBrowserIdentifier = "mozilla_firefox_gecko";
+
+ public:
+ // Should increase the value when the storage id algorithm changed.
+ static constexpr int kCurrentVersion = 1;
+ static constexpr int kCDMRequestLatestVersion = 0;
+
+ // Return empty string when
+ // 1. Call on unsupported storageid platform.
+ // 2. Failed to compute the storage id.
+ // This function only provide the storage id for kCurrentVersion=1.
+ // If you want to change the algorithm or output of storageid,
+ // you should keep the version 1 storage id and consider to provide
+ // higher version storage id in another function.
+ static nsCString ComputeStorageId(const nsCString& aOriginSalt);
+};
+
+} // namespace mozilla
+
+#endif // CDMStorageIdProvider_h_
diff --git a/dom/media/gmp/ChromiumCDMAdapter.cpp b/dom/media/gmp/ChromiumCDMAdapter.cpp
new file mode 100644
index 0000000000..a5e866f83e
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMAdapter.cpp
@@ -0,0 +1,307 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ChromiumCDMAdapter.h"
+
+#include <utility>
+
+#include "GMPLog.h"
+#include "WidevineUtils.h"
+#include "content_decryption_module.h"
+#include "content_decryption_module_ext.h"
+#include "gmp-api/gmp-entrypoints.h"
+#include "gmp-api/gmp-video-codec.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/HelperMacros.h"
+#include "mozilla/dom/KeySystemNames.h"
+
+#ifdef XP_WIN
+# include "WinUtils.h"
+# include "nsWindowsDllInterceptor.h"
+# include <windows.h>
+# include <strsafe.h>
+# include <unordered_map>
+# include <vector>
+#else
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <unistd.h>
+# include <fcntl.h>
+#endif
+
+const GMPPlatformAPI* sPlatform = nullptr;
+
+namespace mozilla {
+
+#ifdef XP_WIN
+static void InitializeHooks();
+#endif
+
+ChromiumCDMAdapter::ChromiumCDMAdapter(
+ nsTArray<std::pair<nsCString, nsCString>>&& aHostPathPairs) {
+#ifdef XP_WIN
+ InitializeHooks();
+#endif
+ PopulateHostFiles(std::move(aHostPathPairs));
+}
+
+void ChromiumCDMAdapter::SetAdaptee(PRLibrary* aLib) { mLib = aLib; }
+
+void* ChromiumCdmHost(int aHostInterfaceVersion, void* aUserData) {
+ GMP_LOG_DEBUG("ChromiumCdmHostFunc(%d, %p)", aHostInterfaceVersion,
+ aUserData);
+ if (aHostInterfaceVersion != cdm::Host_10::kVersion) {
+ return nullptr;
+ }
+ return aUserData;
+}
+
+#ifdef MOZILLA_OFFICIAL
+static cdm::HostFile TakeToCDMHostFile(HostFileData& aHostFileData) {
+ return cdm::HostFile(aHostFileData.mBinary.Path().get(),
+ aHostFileData.mBinary.TakePlatformFile(),
+ aHostFileData.mSig.TakePlatformFile());
+}
+#endif
+
+GMPErr ChromiumCDMAdapter::GMPInit(const GMPPlatformAPI* aPlatformAPI) {
+ GMP_LOG_DEBUG("ChromiumCDMAdapter::GMPInit");
+ sPlatform = aPlatformAPI;
+ if (NS_WARN_IF(!mLib)) {
+ MOZ_CRASH("Missing library!");
+ return GMPGenericErr;
+ }
+
+#ifdef MOZILLA_OFFICIAL
+ // Note: we must call the VerifyCdmHost_0 function if it's present before
+ // we call the initialize function.
+ auto verify = reinterpret_cast<decltype(::VerifyCdmHost_0)*>(
+ PR_FindFunctionSymbol(mLib, MOZ_STRINGIFY(VerifyCdmHost_0)));
+ if (verify) {
+ nsTArray<cdm::HostFile> files;
+ for (HostFileData& hostFile : mHostFiles) {
+ files.AppendElement(TakeToCDMHostFile(hostFile));
+ }
+ bool result = verify(files.Elements(), files.Length());
+ GMP_LOG_DEBUG("%s VerifyCdmHost_0 returned %d", __func__, result);
+ MOZ_DIAGNOSTIC_ASSERT(result, "Verification failed!");
+ }
+#endif
+
+ auto init = reinterpret_cast<decltype(::INITIALIZE_CDM_MODULE)*>(
+ PR_FindFunctionSymbol(mLib, MOZ_STRINGIFY(INITIALIZE_CDM_MODULE)));
+ if (!init) {
+ MOZ_CRASH("Missing init method!");
+ return GMPGenericErr;
+ }
+
+ GMP_LOG_DEBUG(MOZ_STRINGIFY(INITIALIZE_CDM_MODULE) "()");
+ init();
+
+ return GMPNoErr;
+}
+
+GMPErr ChromiumCDMAdapter::GMPGetAPI(const char* aAPIName, void* aHostAPI,
+ void** aPluginAPI,
+ const nsACString& aKeySystem) {
+ MOZ_ASSERT(
+ aKeySystem.EqualsLiteral(kWidevineKeySystemName) ||
+ aKeySystem.EqualsLiteral(kClearKeyKeySystemName) ||
+ aKeySystem.EqualsLiteral(kClearKeyWithProtectionQueryKeySystemName) ||
+ aKeySystem.EqualsLiteral("fake"),
+ "Should not get an unrecognized key system. Why didn't it get "
+ "blocked by MediaKeySystemAccess?");
+ GMP_LOG_DEBUG("ChromiumCDMAdapter::GMPGetAPI(%s, 0x%p, 0x%p, %s) this=0x%p",
+ aAPIName, aHostAPI, aPluginAPI,
+ PromiseFlatCString(aKeySystem).get(), this);
+ bool isCdm10 = !strcmp(aAPIName, CHROMIUM_CDM_API);
+
+ if (!isCdm10) {
+ MOZ_ASSERT_UNREACHABLE("We only support and expect cdm10!");
+ GMP_LOG_DEBUG(
+ "ChromiumCDMAdapter::GMPGetAPI(%s, 0x%p, 0x%p) this=0x%p got "
+ "unsupported CDM version!",
+ aAPIName, aHostAPI, aPluginAPI, this);
+ return GMPGenericErr;
+ }
+ auto create = reinterpret_cast<decltype(::CreateCdmInstance)*>(
+ PR_FindFunctionSymbol(mLib, "CreateCdmInstance"));
+ if (!create) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMAdapter::GMPGetAPI(%s, 0x%p, 0x%p) this=0x%p "
+ "FAILED to find CreateCdmInstance",
+ aAPIName, aHostAPI, aPluginAPI, this);
+ return GMPGenericErr;
+ }
+
+ const int version = cdm::ContentDecryptionModule_10::kVersion;
+ void* cdm = create(version, aKeySystem.BeginReading(), aKeySystem.Length(),
+ &ChromiumCdmHost, aHostAPI);
+ if (!cdm) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMAdapter::GMPGetAPI(%s, 0x%p, 0x%p) this=0x%p "
+ "FAILED to create cdm version %d",
+ aAPIName, aHostAPI, aPluginAPI, this, version);
+ return GMPGenericErr;
+ }
+ GMP_LOG_DEBUG("cdm: 0x%p, version: %d", cdm, version);
+ *aPluginAPI = cdm;
+
+ return *aPluginAPI ? GMPNoErr : GMPNotImplementedErr;
+}
+
+void ChromiumCDMAdapter::GMPShutdown() {
+ GMP_LOG_DEBUG("ChromiumCDMAdapter::GMPShutdown()");
+
+ decltype(::DeinitializeCdmModule)* deinit;
+ deinit =
+ (decltype(deinit))(PR_FindFunctionSymbol(mLib, "DeinitializeCdmModule"));
+ if (deinit) {
+ GMP_LOG_DEBUG("DeinitializeCdmModule()");
+ deinit();
+ }
+}
+
+/* static */
+bool ChromiumCDMAdapter::Supports(int32_t aModuleVersion,
+ int32_t aInterfaceVersion,
+ int32_t aHostVersion) {
+ return aModuleVersion == CDM_MODULE_VERSION &&
+ aInterfaceVersion == cdm::ContentDecryptionModule_10::kVersion &&
+ aHostVersion == cdm::Host_10::kVersion;
+}
+
+#ifdef XP_WIN
+
+static WindowsDllInterceptor sKernel32Intercept;
+
+typedef DWORD(WINAPI* QueryDosDeviceWFnPtr)(_In_opt_ LPCWSTR lpDeviceName,
+ _Out_ LPWSTR lpTargetPath,
+ _In_ DWORD ucchMax);
+
+static WindowsDllInterceptor::FuncHookType<QueryDosDeviceWFnPtr>
+ sOriginalQueryDosDeviceWFnPtr;
+
+static std::unordered_map<std::wstring, std::wstring>* sDeviceNames = nullptr;
+
+DWORD WINAPI QueryDosDeviceWHook(LPCWSTR lpDeviceName, LPWSTR lpTargetPath,
+ DWORD ucchMax) {
+ if (!sDeviceNames) {
+ return 0;
+ }
+ std::wstring name = std::wstring(lpDeviceName);
+ auto iter = sDeviceNames->find(name);
+ if (iter == sDeviceNames->end()) {
+ return 0;
+ }
+ const std::wstring& device = iter->second;
+ if (device.size() + 1 > ucchMax) {
+ return 0;
+ }
+ PodCopy(lpTargetPath, device.c_str(), device.size());
+ lpTargetPath[device.size()] = 0;
+ GMP_LOG_DEBUG("QueryDosDeviceWHook %S -> %S", lpDeviceName, lpTargetPath);
+ return device.size();
+}
+
+static std::vector<std::wstring> GetDosDeviceNames() {
+ std::vector<std::wstring> v;
+ std::vector<wchar_t> buf;
+ buf.resize(1024);
+ DWORD rv = GetLogicalDriveStringsW(buf.size(), buf.data());
+ if (rv == 0 || rv > buf.size()) {
+ return v;
+ }
+
+ // buf will be a list of null terminated strings, with the last string
+ // being 0 length.
+ const wchar_t* p = buf.data();
+ const wchar_t* end = &buf.back();
+ size_t l;
+ while (p < end && (l = wcsnlen_s(p, end - p)) > 0) {
+ // The string is of the form "C:\". We need to strip off the trailing
+ // backslash.
+ std::wstring drive = std::wstring(p, p + l);
+ if (drive.back() == '\\') {
+ drive.erase(drive.end() - 1);
+ }
+ v.push_back(std::move(drive));
+ p += l + 1;
+ }
+ return v;
+}
+
+static std::wstring GetDeviceMapping(const std::wstring& aDosDeviceName) {
+ wchar_t buf[MAX_PATH] = {0};
+ DWORD rv = QueryDosDeviceW(aDosDeviceName.c_str(), buf, MAX_PATH);
+ if (rv == 0) {
+ return std::wstring(L"");
+ }
+ return std::wstring(buf, buf + rv);
+}
+
+static void InitializeHooks() {
+ static bool initialized = false;
+ if (initialized) {
+ return;
+ }
+ initialized = true;
+ sDeviceNames = new std::unordered_map<std::wstring, std::wstring>();
+ for (const std::wstring& name : GetDosDeviceNames()) {
+ sDeviceNames->emplace(name, GetDeviceMapping(name));
+ }
+
+ sKernel32Intercept.Init("kernelbase.dll");
+ sOriginalQueryDosDeviceWFnPtr.Set(sKernel32Intercept, "QueryDosDeviceW",
+ &QueryDosDeviceWHook);
+}
+#endif
+
+HostFile::HostFile(HostFile&& aOther)
+ : mPath(aOther.mPath), mFile(aOther.TakePlatformFile()) {}
+
+HostFile::~HostFile() {
+ if (mFile != cdm::kInvalidPlatformFile) {
+#ifdef XP_WIN
+ CloseHandle(mFile);
+#else
+ close(mFile);
+#endif
+ mFile = cdm::kInvalidPlatformFile;
+ }
+}
+
+#ifdef XP_WIN
+HostFile::HostFile(const nsCString& aPath)
+ : mPath(NS_ConvertUTF8toUTF16(aPath)) {
+ HANDLE handle =
+ CreateFileW(mPath.get(), GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,
+ NULL, OPEN_EXISTING, 0, NULL);
+ mFile = (handle == INVALID_HANDLE_VALUE) ? cdm::kInvalidPlatformFile : handle;
+}
+#endif
+
+#ifndef XP_WIN
+HostFile::HostFile(const nsCString& aPath) : mPath(aPath) {
+ // Note: open() returns -1 on failure; i.e. kInvalidPlatformFile.
+ mFile = open(aPath.get(), O_RDONLY);
+}
+#endif
+
+cdm::PlatformFile HostFile::TakePlatformFile() {
+ cdm::PlatformFile f = mFile;
+ mFile = cdm::kInvalidPlatformFile;
+ return f;
+}
+
+void ChromiumCDMAdapter::PopulateHostFiles(
+ nsTArray<std::pair<nsCString, nsCString>>&& aHostPathPairs) {
+ for (const auto& pair : aHostPathPairs) {
+ mHostFiles.AppendElement(HostFileData(mozilla::HostFile(pair.first),
+ mozilla::HostFile(pair.second)));
+ }
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/ChromiumCDMAdapter.h b/dom/media/gmp/ChromiumCDMAdapter.h
new file mode 100644
index 0000000000..747345fb27
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMAdapter.h
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ChromiumAdapter_h_
+#define ChromiumAdapter_h_
+
+#include "GMPLoader.h"
+#include "prlink.h"
+#include "GMPUtils.h"
+#include "nsTArray.h"
+#include "content_decryption_module_ext.h"
+#include "nsString.h"
+
+#include <utility>
+
+struct GMPPlatformAPI;
+
+namespace mozilla {
+
+#if defined(XP_WIN)
+typedef nsString HostFileString;
+#else
+typedef nsCString HostFileString;
+#endif
+
+class HostFile {
+ public:
+ explicit HostFile(const nsCString& aPath);
+ HostFile(HostFile&& aOther);
+ ~HostFile();
+
+ const HostFileString& Path() const { return mPath; }
+ cdm::PlatformFile TakePlatformFile();
+
+ private:
+ const HostFileString mPath;
+ cdm::PlatformFile mFile = cdm::kInvalidPlatformFile;
+};
+
+struct HostFileData {
+ HostFileData(HostFile&& aBinary, HostFile&& aSig)
+ : mBinary(std::move(aBinary)), mSig(std::move(aSig)) {}
+
+ HostFileData(HostFileData&& aOther)
+ : mBinary(std::move(aOther.mBinary)), mSig(std::move(aOther.mSig)) {}
+
+ ~HostFileData() = default;
+
+ HostFile mBinary;
+ HostFile mSig;
+};
+
+class ChromiumCDMAdapter : public gmp::GMPAdapter {
+ public:
+ explicit ChromiumCDMAdapter(
+ nsTArray<std::pair<nsCString, nsCString>>&& aHostPathPairs);
+
+ void SetAdaptee(PRLibrary* aLib) override;
+
+ // These are called in place of the corresponding GMP API functions.
+ GMPErr GMPInit(const GMPPlatformAPI* aPlatformAPI) override;
+ GMPErr GMPGetAPI(const char* aAPIName, void* aHostAPI, void** aPluginAPI,
+ const nsACString& aKeySystem) override;
+ void GMPShutdown() override;
+
+ static bool Supports(int32_t aModuleVersion, int32_t aInterfaceVersion,
+ int32_t aHostVersion);
+
+ private:
+ void PopulateHostFiles(
+ nsTArray<std::pair<nsCString, nsCString>>&& aHostFilePaths);
+
+ PRLibrary* mLib = nullptr;
+ nsTArray<HostFileData> mHostFiles;
+};
+
+} // namespace mozilla
+
+#endif // ChromiumAdapter_h_
diff --git a/dom/media/gmp/ChromiumCDMCallback.h b/dom/media/gmp/ChromiumCDMCallback.h
new file mode 100644
index 0000000000..3f62634933
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMCallback.h
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ChromiumCDMCallback_h_
+#define ChromiumCDMCallback_h_
+
+#include "mozilla/CDMProxy.h"
+#include "mozilla/dom/MediaKeyStatusMapBinding.h" // For MediaKeyStatus
+#include "mozilla/dom/MediaKeyMessageEventBinding.h" // For MediaKeyMessageType
+#include "mozilla/gmp/GMPTypes.h" // For CDMKeyInformation
+
+namespace mozilla {
+class ErrorResult;
+}
+
+class ChromiumCDMCallback {
+ public:
+ virtual ~ChromiumCDMCallback() = default;
+
+ virtual void SetSessionId(uint32_t aPromiseId,
+ const nsCString& aSessionId) = 0;
+
+ virtual void ResolveLoadSessionPromise(uint32_t aPromiseId,
+ bool aSuccessful) = 0;
+
+ virtual void ResolvePromiseWithKeyStatus(uint32_t aPromiseId,
+ uint32_t aKeyStatus) = 0;
+
+ virtual void ResolvePromise(uint32_t aPromiseId) = 0;
+
+ virtual void RejectPromise(uint32_t aPromiseId, mozilla::ErrorResult&& aError,
+ const nsCString& aErrorMessage) = 0;
+
+ virtual void SessionMessage(const nsACString& aSessionId,
+ uint32_t aMessageType,
+ nsTArray<uint8_t>&& aMessage) = 0;
+
+ virtual void SessionKeysChange(
+ const nsCString& aSessionId,
+ nsTArray<mozilla::gmp::CDMKeyInformation>&& aKeysInfo) = 0;
+
+ virtual void ExpirationChange(const nsCString& aSessionId,
+ double aSecondsSinceEpoch) = 0;
+
+ virtual void SessionClosed(const nsCString& aSessionId) = 0;
+
+ virtual void QueryOutputProtectionStatus() = 0;
+
+ virtual void Terminated() = 0;
+
+ virtual void Shutdown() = 0;
+};
+
+#endif
diff --git a/dom/media/gmp/ChromiumCDMCallbackProxy.cpp b/dom/media/gmp/ChromiumCDMCallbackProxy.cpp
new file mode 100644
index 0000000000..481534c0e4
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMCallbackProxy.cpp
@@ -0,0 +1,159 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ChromiumCDMCallbackProxy.h"
+
+#include <type_traits>
+
+#include "ChromiumCDMProxy.h"
+#include "content_decryption_module.h"
+
+namespace mozilla {
+
+template <class Func, class... Args>
+void ChromiumCDMCallbackProxy::DispatchToMainThread(const char* const aLabel,
+ Func aFunc,
+ Args&&... aArgs) {
+ mMainThread->Dispatch(
+ // Use decay to ensure all the types are passed by value not by reference.
+ NewRunnableMethod<std::decay_t<Args>...>(aLabel, mProxy, aFunc,
+ std::forward<Args>(aArgs)...),
+ NS_DISPATCH_NORMAL);
+}
+
+void ChromiumCDMCallbackProxy::SetSessionId(uint32_t aPromiseId,
+ const nsCString& aSessionId) {
+ DispatchToMainThread("ChromiumCDMProxy::OnSetSessionId",
+ &ChromiumCDMProxy::OnSetSessionId, aPromiseId,
+ NS_ConvertUTF8toUTF16(aSessionId));
+}
+
+void ChromiumCDMCallbackProxy::ResolveLoadSessionPromise(uint32_t aPromiseId,
+ bool aSuccessful) {
+ DispatchToMainThread("ChromiumCDMProxy::OnResolveLoadSessionPromise",
+ &ChromiumCDMProxy::OnResolveLoadSessionPromise,
+ aPromiseId, aSuccessful);
+}
+
+void ChromiumCDMCallbackProxy::ResolvePromise(uint32_t aPromiseId) {
+ DispatchToMainThread("ChromiumCDMProxy::ResolvePromise",
+ &ChromiumCDMProxy::ResolvePromise, aPromiseId);
+}
+
+void ChromiumCDMCallbackProxy::RejectPromise(uint32_t aPromiseId,
+ ErrorResult&& aException,
+ const nsCString& aErrorMessage) {
+ // Use CopyableErrorResult to store our exception in the runnable,
+ // because ErrorResult is not OK to move across threads.
+ DispatchToMainThread<decltype(&ChromiumCDMProxy::RejectPromiseOnMainThread),
+ int32_t, StoreCopyPassByRRef<CopyableErrorResult>,
+ const nsCString&>(
+ "ChromiumCDMProxy::RejectPromise",
+ &ChromiumCDMProxy::RejectPromiseOnMainThread, aPromiseId,
+ std::move(aException), aErrorMessage);
+}
+
+static dom::MediaKeyMessageType ToDOMMessageType(uint32_t aMessageType) {
+ switch (static_cast<cdm::MessageType>(aMessageType)) {
+ case cdm::kLicenseRequest:
+ return dom::MediaKeyMessageType::License_request;
+ case cdm::kLicenseRenewal:
+ return dom::MediaKeyMessageType::License_renewal;
+ case cdm::kLicenseRelease:
+ return dom::MediaKeyMessageType::License_release;
+ case cdm::kIndividualizationRequest:
+ return dom::MediaKeyMessageType::Individualization_request;
+ }
+ MOZ_ASSERT_UNREACHABLE("Invalid cdm::MessageType enum value.");
+ return dom::MediaKeyMessageType::License_request;
+}
+
+void ChromiumCDMCallbackProxy::SessionMessage(const nsACString& aSessionId,
+ uint32_t aMessageType,
+ nsTArray<uint8_t>&& aMessage) {
+ DispatchToMainThread("ChromiumCDMProxy::OnSessionMessage",
+ &ChromiumCDMProxy::OnSessionMessage,
+ NS_ConvertUTF8toUTF16(aSessionId),
+ ToDOMMessageType(aMessageType), std::move(aMessage));
+}
+
+static dom::MediaKeyStatus ToDOMMediaKeyStatus(uint32_t aStatus) {
+ switch (static_cast<cdm::KeyStatus>(aStatus)) {
+ case cdm::kUsable:
+ return dom::MediaKeyStatus::Usable;
+ case cdm::kInternalError:
+ return dom::MediaKeyStatus::Internal_error;
+ case cdm::kExpired:
+ return dom::MediaKeyStatus::Expired;
+ case cdm::kOutputRestricted:
+ return dom::MediaKeyStatus::Output_restricted;
+ case cdm::kOutputDownscaled:
+ return dom::MediaKeyStatus::Output_downscaled;
+ case cdm::kStatusPending:
+ return dom::MediaKeyStatus::Status_pending;
+ case cdm::kReleased:
+ return dom::MediaKeyStatus::Released;
+ }
+ MOZ_ASSERT_UNREACHABLE("Invalid cdm::KeyStatus enum value.");
+ return dom::MediaKeyStatus::Internal_error;
+}
+
+void ChromiumCDMCallbackProxy::ResolvePromiseWithKeyStatus(
+ uint32_t aPromiseId, uint32_t aKeyStatus) {
+ DispatchToMainThread("ChromiumCDMProxy::OnResolvePromiseWithKeyStatus",
+ &ChromiumCDMProxy::OnResolvePromiseWithKeyStatus,
+ aPromiseId, ToDOMMediaKeyStatus(aKeyStatus));
+}
+
+void ChromiumCDMCallbackProxy::SessionKeysChange(
+ const nsCString& aSessionId,
+ nsTArray<mozilla::gmp::CDMKeyInformation>&& aKeysInfo) {
+ bool keyStatusesChange = false;
+ {
+ auto caps = mProxy->Capabilites().Lock();
+ for (const auto& keyInfo : aKeysInfo) {
+ keyStatusesChange |= caps->SetKeyStatus(
+ keyInfo.mKeyId(), NS_ConvertUTF8toUTF16(aSessionId),
+ dom::Optional<dom::MediaKeyStatus>(
+ ToDOMMediaKeyStatus(keyInfo.mStatus())));
+ }
+ }
+ if (keyStatusesChange) {
+ DispatchToMainThread("ChromiumCDMProxy::OnKeyStatusesChange",
+ &ChromiumCDMProxy::OnKeyStatusesChange,
+ NS_ConvertUTF8toUTF16(aSessionId));
+ }
+}
+
+void ChromiumCDMCallbackProxy::ExpirationChange(const nsCString& aSessionId,
+ double aSecondsSinceEpoch) {
+ DispatchToMainThread("ChromiumCDMProxy::OnExpirationChange",
+ &ChromiumCDMProxy::OnExpirationChange,
+ NS_ConvertUTF8toUTF16(aSessionId),
+ UnixTime(aSecondsSinceEpoch * 1000));
+}
+
+void ChromiumCDMCallbackProxy::SessionClosed(const nsCString& aSessionId) {
+ DispatchToMainThread("ChromiumCDMProxy::OnSessionClosed",
+ &ChromiumCDMProxy::OnSessionClosed,
+ NS_ConvertUTF8toUTF16(aSessionId));
+}
+
+void ChromiumCDMCallbackProxy::QueryOutputProtectionStatus() {
+ DispatchToMainThread("ChromiumCDMProxy::QueryOutputProtectionStatus",
+ &ChromiumCDMProxy::QueryOutputProtectionStatus);
+}
+
+void ChromiumCDMCallbackProxy::Terminated() {
+ DispatchToMainThread("ChromiumCDMProxy::Terminated",
+ &ChromiumCDMProxy::Terminated);
+}
+
+void ChromiumCDMCallbackProxy::Shutdown() {
+ DispatchToMainThread("ChromiumCDMProxy::Shutdown",
+ &ChromiumCDMProxy::Shutdown);
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/ChromiumCDMCallbackProxy.h b/dom/media/gmp/ChromiumCDMCallbackProxy.h
new file mode 100644
index 0000000000..5b240f9102
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMCallbackProxy.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ChromiumCDMCallbackProxy_h_
+#define ChromiumCDMCallbackProxy_h_
+
+#include "ChromiumCDMCallback.h"
+#include "ChromiumCDMProxy.h"
+#include "nsThreadUtils.h"
+
+namespace mozilla {
+
+class ChromiumCDMCallbackProxy : public ChromiumCDMCallback {
+ public:
+ ChromiumCDMCallbackProxy(ChromiumCDMProxy* aProxy,
+ nsIEventTarget* aMainThread)
+ : mProxy(aProxy), mMainThread(aMainThread) {}
+
+ void SetSessionId(uint32_t aPromiseId, const nsCString& aSessionId) override;
+
+ void ResolveLoadSessionPromise(uint32_t aPromiseId,
+ bool aSuccessful) override;
+
+ void ResolvePromiseWithKeyStatus(uint32_t aPromiseId,
+ uint32_t aKeyStatus) override;
+
+ void ResolvePromise(uint32_t aPromiseId) override;
+
+ void RejectPromise(uint32_t aPromiseId, ErrorResult&& aException,
+ const nsCString& aErrorMessage) override;
+
+ void SessionMessage(const nsACString& aSessionId, uint32_t aMessageType,
+ nsTArray<uint8_t>&& aMessage) override;
+
+ void SessionKeysChange(
+ const nsCString& aSessionId,
+ nsTArray<mozilla::gmp::CDMKeyInformation>&& aKeysInfo) override;
+
+ void ExpirationChange(const nsCString& aSessionId,
+ double aSecondsSinceEpoch) override;
+
+ void SessionClosed(const nsCString& aSessionId) override;
+
+ void QueryOutputProtectionStatus() override;
+
+ void Terminated() override;
+
+ void Shutdown() override;
+
+ private:
+ template <class Func, class... Args>
+ void DispatchToMainThread(const char* const aLabel, Func aFunc,
+ Args&&... aArgs);
+ // Warning: Weak ref.
+ ChromiumCDMProxy* mProxy;
+ const nsCOMPtr<nsIEventTarget> mMainThread;
+};
+
+} // namespace mozilla
+#endif
diff --git a/dom/media/gmp/ChromiumCDMChild.cpp b/dom/media/gmp/ChromiumCDMChild.cpp
new file mode 100644
index 0000000000..4592f2e291
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMChild.cpp
@@ -0,0 +1,866 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ChromiumCDMChild.h"
+#include "GMPContentChild.h"
+#include "WidevineUtils.h"
+#include "WidevineFileIO.h"
+#include "WidevineVideoFrame.h"
+#include "GMPLog.h"
+#include "GMPPlatform.h"
+#include "mozilla/Unused.h"
+#include "nsPrintfCString.h"
+#include "base/time.h"
+#include "GMPUtils.h"
+#include "mozilla/ScopeExit.h"
+#include "CDMStorageIdProvider.h"
+#include "nsReadableUtils.h"
+
+#include <type_traits>
+
+namespace mozilla::gmp {
+
+ChromiumCDMChild::ChromiumCDMChild(GMPContentChild* aPlugin)
+ : mPlugin(aPlugin) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild:: ctor this=%p", this);
+}
+
+void ChromiumCDMChild::Init(cdm::ContentDecryptionModule_10* aCDM,
+ const nsACString& aStorageId) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ mCDM = aCDM;
+ MOZ_ASSERT(mCDM);
+ mStorageId = aStorageId;
+}
+
+void ChromiumCDMChild::TimerExpired(void* aContext) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::TimerExpired(context=0x%p)", aContext);
+ if (mCDM) {
+ mCDM->TimerExpired(aContext);
+ }
+}
+
+class CDMShmemBuffer : public CDMBuffer {
+ public:
+ CDMShmemBuffer(ChromiumCDMChild* aProtocol, ipc::Shmem aShmem)
+ : mProtocol(aProtocol), mSize(aShmem.Size<uint8_t>()), mShmem(aShmem) {
+ GMP_LOG_DEBUG("CDMShmemBuffer(size=%" PRIu32 ") created", Size());
+ // Note: Chrome initializes the size of a buffer to it capacity. We do the
+ // same.
+ }
+
+ CDMShmemBuffer(ChromiumCDMChild* aProtocol, ipc::Shmem aShmem,
+ WidevineBuffer* aLocalBuffer)
+ : CDMShmemBuffer(aProtocol, aShmem) {
+ MOZ_ASSERT(aLocalBuffer->Size() == Size());
+ memcpy(Data(), aLocalBuffer->Data(),
+ std::min<uint32_t>(aLocalBuffer->Size(), Size()));
+ }
+
+ ~CDMShmemBuffer() override {
+ GMP_LOG_DEBUG("CDMShmemBuffer(size=%" PRIu32 ") destructed writable=%d",
+ Size(), mShmem.IsWritable());
+ if (mShmem.IsWritable()) {
+ // The shmem wasn't extracted to send its data back up to the parent
+ // process, so we can reuse the shmem.
+ mProtocol->GiveBuffer(std::move(mShmem));
+ }
+ }
+
+ void Destroy() override {
+ GMP_LOG_DEBUG("CDMShmemBuffer::Destroy(size=%" PRIu32 ")", Size());
+ delete this;
+ }
+ uint32_t Capacity() const override { return mShmem.Size<uint8_t>(); }
+
+ uint8_t* Data() override { return mShmem.get<uint8_t>(); }
+
+ void SetSize(uint32_t aSize) override {
+ MOZ_ASSERT(aSize <= Capacity());
+ // Note: We can't use the shmem's size member after ExtractShmem(),
+ // has been called, so we track the size exlicitly so that we can use
+ // Size() in logging after we've called ExtractShmem().
+ GMP_LOG_DEBUG("CDMShmemBuffer::SetSize(size=%" PRIu32 ")", Size());
+ mSize = aSize;
+ }
+
+ uint32_t Size() const override { return mSize; }
+
+ ipc::Shmem ExtractShmem() {
+ ipc::Shmem shmem = mShmem;
+ mShmem = ipc::Shmem();
+ return shmem;
+ }
+
+ CDMShmemBuffer* AsShmemBuffer() override { return this; }
+
+ private:
+ RefPtr<ChromiumCDMChild> mProtocol;
+ uint32_t mSize;
+ mozilla::ipc::Shmem mShmem;
+ CDMShmemBuffer(const CDMShmemBuffer&);
+ void operator=(const CDMShmemBuffer&);
+};
+
+static auto ToString(const nsTArray<ipc::Shmem>& aBuffers) {
+ return StringJoin(","_ns, aBuffers, [](auto& s, const ipc::Shmem& shmem) {
+ s.AppendInt(static_cast<uint32_t>(shmem.Size<uint8_t>()));
+ });
+}
+
+cdm::Buffer* ChromiumCDMChild::Allocate(uint32_t aCapacity) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::Allocate(capacity=%" PRIu32
+ ") bufferSizes={%s}",
+ aCapacity, ToString(mBuffers).get());
+ MOZ_ASSERT(IsOnMessageLoopThread());
+
+ if (mBuffers.IsEmpty()) {
+ Unused << SendIncreaseShmemPoolSize();
+ }
+
+ // Find the shmem with the least amount of wasted space if we were to
+ // select it for this sized allocation. We need to do this because shmems
+ // for decrypted audio as well as video frames are both stored in this
+ // list, and we don't want to use the video frame shmems for audio samples.
+ const size_t invalid = std::numeric_limits<size_t>::max();
+ size_t best = invalid;
+ auto wastedSpace = [this, aCapacity](size_t index) {
+ return mBuffers[index].Size<uint8_t>() - aCapacity;
+ };
+ for (size_t i = 0; i < mBuffers.Length(); i++) {
+ if (mBuffers[i].Size<uint8_t>() >= aCapacity &&
+ (best == invalid || wastedSpace(i) < wastedSpace(best))) {
+ best = i;
+ }
+ }
+ if (best == invalid) {
+ // The parent process should have bestowed upon us a shmem of appropriate
+ // size, but did not! Do a "dive and catch", and create an non-shared
+ // memory buffer. The parent will detect this and send us an extra shmem
+ // so future frames can be in shmems, i.e. returned on the fast path.
+ return new WidevineBuffer(aCapacity);
+ }
+ ipc::Shmem shmem = mBuffers[best];
+ mBuffers.RemoveElementAt(best);
+ return new CDMShmemBuffer(this, shmem);
+}
+
+void ChromiumCDMChild::SetTimer(int64_t aDelayMs, void* aContext) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::SetTimer(delay=%" PRId64 ", context=0x%p)",
+ aDelayMs, aContext);
+ RefPtr<ChromiumCDMChild> self(this);
+ SetTimerOnMainThread(
+ NewGMPTask([self, aContext]() { self->TimerExpired(aContext); }),
+ aDelayMs);
+}
+
+cdm::Time ChromiumCDMChild::GetCurrentWallTime() {
+ return base::Time::Now().ToDoubleT();
+}
+
+template <typename MethodType, typename... ParamType>
+void ChromiumCDMChild::CallMethod(MethodType aMethod, ParamType&&... aParams) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ // Avoid calling member function after destroy.
+ if (!mDestroyed) {
+ Unused << (this->*aMethod)(std::forward<ParamType>(aParams)...);
+ }
+}
+
+template <typename MethodType, typename... ParamType>
+void ChromiumCDMChild::CallOnMessageLoopThread(const char* const aName,
+ MethodType aMethod,
+ ParamType&&... aParams) {
+ if (NS_WARN_IF(!mPlugin)) {
+ return;
+ }
+
+ if (IsOnMessageLoopThread()) {
+ CallMethod(aMethod, std::forward<ParamType>(aParams)...);
+ } else {
+ auto m = &ChromiumCDMChild::CallMethod<
+ decltype(aMethod), const std::remove_reference_t<ParamType>&...>;
+ RefPtr<mozilla::Runnable> t =
+ NewRunnableMethod<decltype(aMethod),
+ const std::remove_reference_t<ParamType>...>(
+ aName, this, m, aMethod, std::forward<ParamType>(aParams)...);
+ mPlugin->GMPMessageLoop()->PostTask(t.forget());
+ }
+}
+
+void ChromiumCDMChild::OnResolveKeyStatusPromise(uint32_t aPromiseId,
+ cdm::KeyStatus aKeyStatus) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnResolveKeyStatusPromise(pid=%" PRIu32
+ "keystatus=%d)",
+ aPromiseId, aKeyStatus);
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnResolveKeyStatusPromise",
+ &ChromiumCDMChild::SendOnResolvePromiseWithKeyStatus,
+ aPromiseId, static_cast<uint32_t>(aKeyStatus));
+}
+
+bool ChromiumCDMChild::OnResolveNewSessionPromiseInternal(
+ uint32_t aPromiseId, const nsACString& aSessionId) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ if (mLoadSessionPromiseIds.Contains(aPromiseId)) {
+ // As laid out in the Chromium CDM API, if the CDM fails to load
+ // a session it calls OnResolveNewSessionPromise with nullptr as the
+ // sessionId. We can safely assume this means that we have failed to load a
+ // session as the other methods specify calling 'OnRejectPromise' when they
+ // fail.
+ bool loadSuccessful = !aSessionId.IsEmpty();
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::OnResolveNewSessionPromise(pid=%u, sid=%s) "
+ "resolving %s load session ",
+ aPromiseId, PromiseFlatCString(aSessionId).get(),
+ (loadSuccessful ? "successful" : "failed"));
+ mLoadSessionPromiseIds.RemoveElement(aPromiseId);
+ return SendResolveLoadSessionPromise(aPromiseId, loadSuccessful);
+ }
+
+ return SendOnResolveNewSessionPromise(aPromiseId, aSessionId);
+}
+void ChromiumCDMChild::OnResolveNewSessionPromise(uint32_t aPromiseId,
+ const char* aSessionId,
+ uint32_t aSessionIdSize) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnResolveNewSessionPromise(pid=%" PRIu32
+ ", sid=%s)",
+ aPromiseId, aSessionId);
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnResolveNewSessionPromise",
+ &ChromiumCDMChild::OnResolveNewSessionPromiseInternal,
+ aPromiseId, nsCString(aSessionId, aSessionIdSize));
+}
+
+void ChromiumCDMChild::OnResolvePromise(uint32_t aPromiseId) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnResolvePromise(pid=%" PRIu32 ")",
+ aPromiseId);
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnResolvePromise",
+ &ChromiumCDMChild::SendOnResolvePromise, aPromiseId);
+}
+
+void ChromiumCDMChild::OnRejectPromise(uint32_t aPromiseId,
+ cdm::Exception aException,
+ uint32_t aSystemCode,
+ const char* aErrorMessage,
+ uint32_t aErrorMessageSize) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnRejectPromise(pid=%" PRIu32
+ ", err=%" PRIu32 " code=%" PRIu32 ", msg='%s')",
+ aPromiseId, aException, aSystemCode, aErrorMessage);
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnRejectPromise",
+ &ChromiumCDMChild::SendOnRejectPromise, aPromiseId,
+ static_cast<uint32_t>(aException), aSystemCode,
+ nsCString(aErrorMessage, aErrorMessageSize));
+}
+
+void ChromiumCDMChild::OnSessionMessage(const char* aSessionId,
+ uint32_t aSessionIdSize,
+ cdm::MessageType aMessageType,
+ const char* aMessage,
+ uint32_t aMessageSize) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnSessionMessage(sid=%s, type=%" PRIu32
+ " size=%" PRIu32 ")",
+ aSessionId, aMessageType, aMessageSize);
+ CopyableTArray<uint8_t> message;
+ message.AppendElements(aMessage, aMessageSize);
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnSessionMessage",
+ &ChromiumCDMChild::SendOnSessionMessage,
+ nsCString(aSessionId, aSessionIdSize),
+ static_cast<uint32_t>(aMessageType), message);
+}
+
+static auto ToString(const cdm::KeyInformation* aKeysInfo,
+ uint32_t aKeysInfoCount) {
+ return StringJoin(","_ns, Span{aKeysInfo, aKeysInfoCount},
+ [](auto& str, const cdm::KeyInformation& key) {
+ str.Append(ToHexString(key.key_id, key.key_id_size));
+ str.AppendLiteral("=");
+ str.AppendInt(key.status);
+ });
+}
+
+void ChromiumCDMChild::OnSessionKeysChange(const char* aSessionId,
+ uint32_t aSessionIdSize,
+ bool aHasAdditionalUsableKey,
+ const cdm::KeyInformation* aKeysInfo,
+ uint32_t aKeysInfoCount) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnSessionKeysChange(sid=%s) keys={%s}",
+ aSessionId, ToString(aKeysInfo, aKeysInfoCount).get());
+
+ CopyableTArray<CDMKeyInformation> keys;
+ keys.SetCapacity(aKeysInfoCount);
+ for (uint32_t i = 0; i < aKeysInfoCount; i++) {
+ const cdm::KeyInformation& key = aKeysInfo[i];
+ nsTArray<uint8_t> kid;
+ kid.AppendElements(key.key_id, key.key_id_size);
+ keys.AppendElement(CDMKeyInformation(kid, key.status, key.system_code));
+ }
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnSessionMessage",
+ &ChromiumCDMChild::SendOnSessionKeysChange,
+ nsCString(aSessionId, aSessionIdSize), keys);
+}
+
+void ChromiumCDMChild::OnExpirationChange(const char* aSessionId,
+ uint32_t aSessionIdSize,
+ cdm::Time aNewExpiryTime) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnExpirationChange(sid=%s, time=%lf)",
+ aSessionId, aNewExpiryTime);
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnExpirationChange",
+ &ChromiumCDMChild::SendOnExpirationChange,
+ nsCString(aSessionId, aSessionIdSize),
+ aNewExpiryTime);
+}
+
+void ChromiumCDMChild::OnSessionClosed(const char* aSessionId,
+ uint32_t aSessionIdSize) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::OnSessionClosed(sid=%s)", aSessionId);
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::OnSessionClosed",
+ &ChromiumCDMChild::SendOnSessionClosed,
+ nsCString(aSessionId, aSessionIdSize));
+}
+
+void ChromiumCDMChild::QueryOutputProtectionStatus() {
+ GMP_LOG_DEBUG("ChromiumCDMChild::QueryOutputProtectionStatus()");
+ // We'll handle the response in `CompleteQueryOutputProtectionStatus`.
+ CallOnMessageLoopThread("gmp::ChromiumCDMChild::QueryOutputProtectionStatus",
+ &ChromiumCDMChild::SendOnQueryOutputProtectionStatus);
+}
+
+void ChromiumCDMChild::OnInitialized(bool aSuccess) {
+ MOZ_ASSERT(!mInitPromise.IsEmpty(),
+ "mInitPromise should exist during init callback!");
+ if (!aSuccess) {
+ mInitPromise.RejectIfExists(NS_ERROR_FAILURE, __func__);
+ }
+ mInitPromise.ResolveIfExists(true, __func__);
+}
+
+cdm::FileIO* ChromiumCDMChild::CreateFileIO(cdm::FileIOClient* aClient) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::CreateFileIO()");
+ if (!mPersistentStateAllowed) {
+ return nullptr;
+ }
+ return new WidevineFileIO(aClient);
+}
+
+void ChromiumCDMChild::RequestStorageId(uint32_t aVersion) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RequestStorageId() aVersion = %u", aVersion);
+ // aVersion >= 0x80000000 are reserved.
+ if (aVersion >= 0x80000000) {
+ mCDM->OnStorageId(aVersion, nullptr, 0);
+ return;
+ }
+ if (aVersion > CDMStorageIdProvider::kCurrentVersion) {
+ mCDM->OnStorageId(aVersion, nullptr, 0);
+ return;
+ }
+
+ mCDM->OnStorageId(CDMStorageIdProvider::kCurrentVersion,
+ !mStorageId.IsEmpty()
+ ? reinterpret_cast<const uint8_t*>(mStorageId.get())
+ : nullptr,
+ mStorageId.Length());
+}
+
+ChromiumCDMChild::~ChromiumCDMChild() {
+ GMP_LOG_DEBUG("ChromiumCDMChild:: dtor this=%p", this);
+}
+
+bool ChromiumCDMChild::IsOnMessageLoopThread() {
+ return mPlugin && mPlugin->GMPMessageLoop() == MessageLoop::current();
+}
+
+void ChromiumCDMChild::ActorDestroy(ActorDestroyReason aReason) {
+ mPlugin = nullptr;
+}
+
+void ChromiumCDMChild::PurgeShmems() {
+ for (ipc::Shmem& shmem : mBuffers) {
+ DeallocShmem(shmem);
+ }
+ mBuffers.Clear();
+}
+
+ipc::IPCResult ChromiumCDMChild::RecvPurgeShmems() {
+ PurgeShmems();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvInit(
+ const bool& aAllowDistinctiveIdentifier, const bool& aAllowPersistentState,
+ InitResolver&& aResolver) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvInit(distinctiveId=%s, persistentState=%s)",
+ aAllowDistinctiveIdentifier ? "true" : "false",
+ aAllowPersistentState ? "true" : "false");
+ mPersistentStateAllowed = aAllowPersistentState;
+
+ RefPtr<ChromiumCDMChild::InitPromise> promise = mInitPromise.Ensure(__func__);
+ promise->Then(
+ mPlugin->GMPMessageLoop()->SerialEventTarget(), __func__,
+ [aResolver](bool /* unused */) { aResolver(true); },
+ [aResolver](nsresult rv) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvInit() init promise rejected with "
+ "rv=%" PRIu32,
+ static_cast<uint32_t>(rv));
+ aResolver(false);
+ });
+
+ if (mCDM) {
+ // Once the CDM is initialized we expect it to resolve mInitPromise via
+ // ChromiumCDMChild::OnInitialized
+ mCDM->Initialize(aAllowDistinctiveIdentifier, aAllowPersistentState,
+ // We do not yet support hardware secure codecs
+ false);
+ } else {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvInit() mCDM not set! Is GMP shutting down?");
+ mInitPromise.RejectIfExists(NS_ERROR_FAILURE, __func__);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvSetServerCertificate(
+ const uint32_t& aPromiseId, nsTArray<uint8_t>&& aServerCert)
+
+{
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvSetServerCertificate() certlen=%zu",
+ aServerCert.Length());
+ if (mCDM) {
+ mCDM->SetServerCertificate(aPromiseId, aServerCert.Elements(),
+ aServerCert.Length());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvCreateSessionAndGenerateRequest(
+ const uint32_t& aPromiseId, const uint32_t& aSessionType,
+ const uint32_t& aInitDataType, nsTArray<uint8_t>&& aInitData) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvCreateSessionAndGenerateRequest("
+ "pid=%" PRIu32 ", sessionType=%" PRIu32 ", initDataType=%" PRIu32
+ ") initDataLen=%zu",
+ aPromiseId, aSessionType, aInitDataType, aInitData.Length());
+ MOZ_ASSERT(aSessionType <= cdm::SessionType::kPersistentUsageRecord);
+ MOZ_ASSERT(aInitDataType <= cdm::InitDataType::kWebM);
+ if (mCDM) {
+ mCDM->CreateSessionAndGenerateRequest(
+ aPromiseId, static_cast<cdm::SessionType>(aSessionType),
+ static_cast<cdm::InitDataType>(aInitDataType), aInitData.Elements(),
+ aInitData.Length());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvLoadSession(
+ const uint32_t& aPromiseId, const uint32_t& aSessionType,
+ const nsACString& aSessionId) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvLoadSession(pid=%u, type=%u, sessionId=%s)",
+ aPromiseId, aSessionType, PromiseFlatCString(aSessionId).get());
+ if (mCDM) {
+ mLoadSessionPromiseIds.AppendElement(aPromiseId);
+ mCDM->LoadSession(aPromiseId, static_cast<cdm::SessionType>(aSessionType),
+ aSessionId.BeginReading(), aSessionId.Length());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvUpdateSession(
+ const uint32_t& aPromiseId, const nsACString& aSessionId,
+ nsTArray<uint8_t>&& aResponse) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvUpdateSession(pid=%" PRIu32
+ ", sid=%s) responseLen=%zu",
+ aPromiseId, PromiseFlatCString(aSessionId).get(),
+ aResponse.Length());
+ if (mCDM) {
+ mCDM->UpdateSession(aPromiseId, aSessionId.BeginReading(),
+ aSessionId.Length(), aResponse.Elements(),
+ aResponse.Length());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvCloseSession(
+ const uint32_t& aPromiseId, const nsACString& aSessionId) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvCloseSession(pid=%" PRIu32 ", sid=%s)",
+ aPromiseId, PromiseFlatCString(aSessionId).get());
+ if (mCDM) {
+ mCDM->CloseSession(aPromiseId, aSessionId.BeginReading(),
+ aSessionId.Length());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvRemoveSession(
+ const uint32_t& aPromiseId, const nsACString& aSessionId) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvRemoveSession(pid=%" PRIu32 ", sid=%s)",
+ aPromiseId, PromiseFlatCString(aSessionId).get());
+ if (mCDM) {
+ mCDM->RemoveSession(aPromiseId, aSessionId.BeginReading(),
+ aSessionId.Length());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ChromiumCDMChild::RecvCompleteQueryOutputProtectionStatus(
+ const bool& aSuccess, const uint32_t& aLinkMask,
+ const uint32_t& aProtectionMask) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvCompleteQueryOutputProtectionStatus(aSuccess=%s, "
+ "aLinkMask=%" PRIu32 ", aProtectionMask=%" PRIu32 ")",
+ aSuccess ? "true" : "false", aLinkMask, aProtectionMask);
+
+ if (mCDM) {
+ cdm::QueryResult queryResult = aSuccess ? cdm::QueryResult::kQuerySucceeded
+ : cdm::QueryResult::kQueryFailed;
+ mCDM->OnQueryOutputProtectionStatus(queryResult, aLinkMask,
+ aProtectionMask);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvGetStatusForPolicy(
+ const uint32_t& aPromiseId, const cdm::HdcpVersion& aMinHdcpVersion) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvGetStatusForPolicy(pid=%" PRIu32
+ ", MinHdcpVersion=%" PRIu32 ")",
+ aPromiseId, static_cast<uint32_t>(aMinHdcpVersion));
+ if (mCDM) {
+ cdm::Policy policy;
+ policy.min_hdcp_version = aMinHdcpVersion;
+ mCDM->GetStatusForPolicy(aPromiseId, policy);
+ }
+ return IPC_OK();
+}
+
+static void InitInputBuffer(const CDMInputBuffer& aBuffer,
+ nsTArray<cdm::SubsampleEntry>& aSubSamples,
+ cdm::InputBuffer_2& aInputBuffer) {
+ aInputBuffer.data = aBuffer.mData().get<uint8_t>();
+ aInputBuffer.data_size = aBuffer.mData().Size<uint8_t>();
+
+ if (aBuffer.mEncryptionScheme() != cdm::EncryptionScheme::kUnencrypted) {
+ MOZ_ASSERT(aBuffer.mEncryptionScheme() == cdm::EncryptionScheme::kCenc ||
+ aBuffer.mEncryptionScheme() == cdm::EncryptionScheme::kCbcs);
+ aInputBuffer.key_id = aBuffer.mKeyId().Elements();
+ aInputBuffer.key_id_size = aBuffer.mKeyId().Length();
+
+ aInputBuffer.iv = aBuffer.mIV().Elements();
+ aInputBuffer.iv_size = aBuffer.mIV().Length();
+
+ aSubSamples.SetCapacity(aBuffer.mClearBytes().Length());
+ for (size_t i = 0; i < aBuffer.mCipherBytes().Length(); i++) {
+ aSubSamples.AppendElement(cdm::SubsampleEntry{aBuffer.mClearBytes()[i],
+ aBuffer.mCipherBytes()[i]});
+ }
+ aInputBuffer.subsamples = aSubSamples.Elements();
+ aInputBuffer.num_subsamples = aSubSamples.Length();
+ aInputBuffer.encryption_scheme = aBuffer.mEncryptionScheme();
+ }
+ aInputBuffer.pattern.crypt_byte_block = aBuffer.mCryptByteBlock();
+ aInputBuffer.pattern.skip_byte_block = aBuffer.mSkipByteBlock();
+ aInputBuffer.timestamp = aBuffer.mTimestamp();
+}
+
+bool ChromiumCDMChild::HasShmemOfSize(size_t aSize) const {
+ for (const ipc::Shmem& shmem : mBuffers) {
+ if (shmem.Size<uint8_t>() == aSize) {
+ return true;
+ }
+ }
+ return false;
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvDecrypt(
+ const uint32_t& aId, const CDMInputBuffer& aBuffer) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDecrypt()");
+
+ // Parent should have already gifted us a shmem to use as output.
+ size_t outputShmemSize = aBuffer.mData().Size<uint8_t>();
+ MOZ_ASSERT(HasShmemOfSize(outputShmemSize));
+
+ // Ensure we deallocate the shmem used to send input.
+ RefPtr<ChromiumCDMChild> self = this;
+ auto autoDeallocateInputShmem =
+ MakeScopeExit([&, self] { self->DeallocShmem(aBuffer.mData()); });
+
+ // On failure, we need to ensure that the shmem that the parent sent
+ // for the CDM to use to return output back to the parent is deallocated.
+ // Otherwise, it will leak.
+ auto autoDeallocateOutputShmem = MakeScopeExit([self, outputShmemSize] {
+ self->mBuffers.RemoveElementsBy(
+ [outputShmemSize, self](ipc::Shmem& aShmem) {
+ if (aShmem.Size<uint8_t>() != outputShmemSize) {
+ return false;
+ }
+ self->DeallocShmem(aShmem);
+ return true;
+ });
+ });
+
+ if (!mCDM) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDecrypt() no CDM");
+ Unused << SendDecryptFailed(aId, cdm::kDecryptError);
+ return IPC_OK();
+ }
+ if (aBuffer.mClearBytes().Length() != aBuffer.mCipherBytes().Length()) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvDecrypt() clear/cipher bytes length doesn't "
+ "match");
+ Unused << SendDecryptFailed(aId, cdm::kDecryptError);
+ return IPC_OK();
+ }
+
+ cdm::InputBuffer_2 input = {};
+ nsTArray<cdm::SubsampleEntry> subsamples;
+ InitInputBuffer(aBuffer, subsamples, input);
+
+ WidevineDecryptedBlock output;
+ cdm::Status status = mCDM->Decrypt(input, &output);
+
+ // CDM should have allocated a cdm::Buffer for output.
+ CDMShmemBuffer* buffer =
+ output.DecryptedBuffer()
+ ? static_cast<CDMShmemBuffer*>(output.DecryptedBuffer())
+ : nullptr;
+ MOZ_ASSERT_IF(buffer, buffer->AsShmemBuffer());
+ if (status != cdm::kSuccess || !buffer) {
+ Unused << SendDecryptFailed(aId, status);
+ return IPC_OK();
+ }
+
+ // Success! Return the decrypted sample to parent.
+ MOZ_ASSERT(!HasShmemOfSize(outputShmemSize));
+ ipc::Shmem shmem = buffer->ExtractShmem();
+ if (SendDecrypted(aId, cdm::kSuccess, std::move(shmem))) {
+ // No need to deallocate the output shmem; it should have been returned
+ // to the content process.
+ autoDeallocateOutputShmem.release();
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvInitializeVideoDecoder(
+ const CDMVideoDecoderConfig& aConfig) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ MOZ_ASSERT(!mDecoderInitialized);
+ if (!mCDM) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvInitializeVideoDecoder() no CDM");
+ Unused << SendOnDecoderInitDone(cdm::kInitializationError);
+ return IPC_OK();
+ }
+ cdm::VideoDecoderConfig_2 config = {};
+ config.codec = static_cast<cdm::VideoCodec>(aConfig.mCodec());
+ config.profile = static_cast<cdm::VideoCodecProfile>(aConfig.mProfile());
+ config.format = static_cast<cdm::VideoFormat>(aConfig.mFormat());
+ config.coded_size =
+ mCodedSize = {aConfig.mImageWidth(), aConfig.mImageHeight()};
+ nsTArray<uint8_t> extraData(aConfig.mExtraData().Clone());
+ config.extra_data = extraData.Elements();
+ config.extra_data_size = extraData.Length();
+ config.encryption_scheme = aConfig.mEncryptionScheme();
+ cdm::Status status = mCDM->InitializeVideoDecoder(config);
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvInitializeVideoDecoder() status=%u",
+ status);
+ Unused << SendOnDecoderInitDone(status);
+ mDecoderInitialized = status == cdm::kSuccess;
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvDeinitializeVideoDecoder() {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDeinitializeVideoDecoder()");
+ MOZ_ASSERT(mDecoderInitialized);
+ if (mDecoderInitialized && mCDM) {
+ mCDM->DeinitializeDecoder(cdm::kStreamTypeVideo);
+ }
+ mDecoderInitialized = false;
+ PurgeShmems();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvResetVideoDecoder() {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvResetVideoDecoder()");
+ if (mDecoderInitialized && mCDM) {
+ mCDM->ResetDecoder(cdm::kStreamTypeVideo);
+ }
+ Unused << SendResetVideoDecoderComplete();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvDecryptAndDecodeFrame(
+ const CDMInputBuffer& aBuffer) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDecryptAndDecodeFrame() t=%" PRId64 ")",
+ aBuffer.mTimestamp());
+ MOZ_ASSERT(mDecoderInitialized);
+
+ if (!mCDM) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDecryptAndDecodeFrame() no CDM");
+ Unused << SendDecodeFailed(cdm::kDecodeError);
+ return IPC_OK();
+ }
+
+ RefPtr<ChromiumCDMChild> self = this;
+ auto autoDeallocateShmem =
+ MakeScopeExit([&, self] { self->DeallocShmem(aBuffer.mData()); });
+
+ // The output frame may not have the same timestamp as the frame we put in.
+ // We may need to input a number of frames before we receive output. The
+ // CDM's decoder reorders to ensure frames output are in presentation order.
+ // So we need to store the durations of the frames input, and retrieve them
+ // on output.
+ mFrameDurations.Insert(aBuffer.mTimestamp(), aBuffer.mDuration());
+
+ cdm::InputBuffer_2 input = {};
+ nsTArray<cdm::SubsampleEntry> subsamples;
+ InitInputBuffer(aBuffer, subsamples, input);
+
+ WidevineVideoFrame frame;
+ cdm::Status rv = mCDM->DecryptAndDecodeFrame(input, &frame);
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDecryptAndDecodeFrame() t=%" PRId64
+ " CDM decoder rv=%d",
+ aBuffer.mTimestamp(), rv);
+
+ switch (rv) {
+ case cdm::kNeedMoreData:
+ Unused << SendDecodeFailed(rv);
+ break;
+ case cdm::kNoKey:
+ GMP_LOG_DEBUG("NoKey for sample at time=%" PRId64 "!", input.timestamp);
+ // Somehow our key became unusable. Typically this would happen when
+ // a stream requires output protection, and the configuration changed
+ // such that output protection is no longer available. For example, a
+ // non-compliant monitor was attached. The JS player should notice the
+ // key status changing to "output-restricted", and is supposed to switch
+ // to a stream that doesn't require OP. In order to keep the playback
+ // pipeline rolling, just output a black frame. See bug 1343140.
+ if (!frame.InitToBlack(mCodedSize.width, mCodedSize.height,
+ input.timestamp)) {
+ Unused << SendDecodeFailed(cdm::kDecodeError);
+ break;
+ }
+ [[fallthrough]];
+ case cdm::kSuccess:
+ if (frame.FrameBuffer()) {
+ ReturnOutput(frame);
+ break;
+ }
+ // CDM didn't set a frame buffer on the sample, report it as an error.
+ [[fallthrough]];
+ default:
+ Unused << SendDecodeFailed(rv);
+ break;
+ }
+
+ return IPC_OK();
+}
+
+void ChromiumCDMChild::ReturnOutput(WidevineVideoFrame& aFrame) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ MOZ_ASSERT(aFrame.FrameBuffer());
+ gmp::CDMVideoFrame output;
+ output.mFormat() = static_cast<cdm::VideoFormat>(aFrame.Format());
+ output.mImageWidth() = aFrame.Size().width;
+ output.mImageHeight() = aFrame.Size().height;
+ output.mYPlane() = {aFrame.PlaneOffset(cdm::VideoPlane::kYPlane),
+ aFrame.Stride(cdm::VideoPlane::kYPlane)};
+ output.mUPlane() = {aFrame.PlaneOffset(cdm::VideoPlane::kUPlane),
+ aFrame.Stride(cdm::VideoPlane::kUPlane)};
+ output.mVPlane() = {aFrame.PlaneOffset(cdm::VideoPlane::kVPlane),
+ aFrame.Stride(cdm::VideoPlane::kVPlane)};
+ output.mTimestamp() = aFrame.Timestamp();
+
+ uint64_t duration = 0;
+ if (mFrameDurations.Find(aFrame.Timestamp(), duration)) {
+ output.mDuration() = duration;
+ }
+
+ CDMBuffer* base = reinterpret_cast<CDMBuffer*>(aFrame.FrameBuffer());
+ if (base->AsShmemBuffer()) {
+ ipc::Shmem shmem = base->AsShmemBuffer()->ExtractShmem();
+ Unused << SendDecodedShmem(output, std::move(shmem));
+ } else {
+ MOZ_ASSERT(base->AsArrayBuffer());
+ Unused << SendDecodedData(output, base->AsArrayBuffer()->ExtractBuffer());
+ }
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvDrain() {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ if (!mCDM) {
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDrain() no CDM");
+ Unused << SendDrainComplete();
+ return IPC_OK();
+ }
+ WidevineVideoFrame frame;
+ cdm::InputBuffer_2 sample = {};
+ cdm::Status rv = mCDM->DecryptAndDecodeFrame(sample, &frame);
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDrain(); DecryptAndDecodeFrame() rv=%d",
+ rv);
+ if (rv == cdm::kSuccess) {
+ MOZ_ASSERT(frame.Format() != cdm::kUnknownVideoFormat);
+ ReturnOutput(frame);
+ } else {
+ Unused << SendDrainComplete();
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvDestroy() {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ GMP_LOG_DEBUG("ChromiumCDMChild::RecvDestroy()");
+
+ MOZ_ASSERT(!mDecoderInitialized);
+
+ mInitPromise.RejectIfExists(NS_ERROR_ABORT, __func__);
+
+ if (mCDM) {
+ mCDM->Destroy();
+ mCDM = nullptr;
+ }
+ mDestroyed = true;
+
+ Unused << Send__delete__(this);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ChromiumCDMChild::RecvGiveBuffer(ipc::Shmem&& aBuffer) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+
+ GiveBuffer(std::move(aBuffer));
+ return IPC_OK();
+}
+
+void ChromiumCDMChild::GiveBuffer(ipc::Shmem&& aBuffer) {
+ MOZ_ASSERT(IsOnMessageLoopThread());
+ size_t sz = aBuffer.Size<uint8_t>();
+ mBuffers.AppendElement(std::move(aBuffer));
+ GMP_LOG_DEBUG(
+ "ChromiumCDMChild::RecvGiveBuffer(capacity=%zu"
+ ") bufferSizes={%s} mDecoderInitialized=%d",
+ sz, ToString(mBuffers).get(), mDecoderInitialized);
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/ChromiumCDMChild.h b/dom/media/gmp/ChromiumCDMChild.h
new file mode 100644
index 0000000000..1bf153a5d5
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMChild.h
@@ -0,0 +1,148 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ChromiumCDMChild_h_
+#define ChromiumCDMChild_h_
+
+#include "content_decryption_module.h"
+#include "mozilla/gmp/PChromiumCDMChild.h"
+#include "SimpleMap.h"
+#include "WidevineVideoFrame.h"
+
+namespace mozilla::gmp {
+
+class GMPContentChild;
+
+class ChromiumCDMChild : public PChromiumCDMChild, public cdm::Host_10 {
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PChromiumCDMChild.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(ChromiumCDMChild, final);
+
+ explicit ChromiumCDMChild(GMPContentChild* aPlugin);
+
+ void Init(cdm::ContentDecryptionModule_10* aCDM,
+ const nsACString& aStorageId);
+
+ void TimerExpired(void* aContext);
+
+ // cdm::Host_10 implementation
+ cdm::Buffer* Allocate(uint32_t aCapacity) override;
+ void SetTimer(int64_t aDelayMs, void* aContext) override;
+ cdm::Time GetCurrentWallTime() override;
+ void OnResolveKeyStatusPromise(uint32_t aPromiseId,
+ cdm::KeyStatus aKeyStatus) override;
+ void OnResolveNewSessionPromise(uint32_t aPromiseId, const char* aSessionId,
+ uint32_t aSessionIdSize) override;
+ void OnResolvePromise(uint32_t aPromiseId) override;
+ void OnRejectPromise(uint32_t aPromiseId, cdm::Exception aException,
+ uint32_t aSystemCode, const char* aErrorMessage,
+ uint32_t aErrorMessageSize) override;
+ void OnSessionMessage(const char* aSessionId, uint32_t aSessionIdSize,
+ cdm::MessageType aMessageType, const char* aMessage,
+ uint32_t aMessageSize) override;
+ void OnSessionKeysChange(const char* aSessionId, uint32_t aSessionIdSize,
+ bool aHasAdditionalUsableKey,
+ const cdm::KeyInformation* aKeysInfo,
+ uint32_t aKeysInfoCount) override;
+ void OnExpirationChange(const char* aSessionId, uint32_t aSessionIdSize,
+ cdm::Time aNewExpiryTime) override;
+ void OnSessionClosed(const char* aSessionId,
+ uint32_t aSessionIdSize) override;
+ void SendPlatformChallenge(const char* aServiceId, uint32_t aServiceIdSize,
+ const char* aChallenge,
+ uint32_t aChallengeSize) override {}
+ void EnableOutputProtection(uint32_t aDesiredProtectionMask) override {}
+ void QueryOutputProtectionStatus() override;
+ void OnDeferredInitializationDone(cdm::StreamType aStreamType,
+ cdm::Status aDecoderStatus) override {}
+ void RequestStorageId(uint32_t aVersion) override;
+ cdm::FileIO* CreateFileIO(cdm::FileIOClient* aClient) override;
+ void OnInitialized(bool aSuccess) override;
+ // end cdm::Host_10 specific methods
+
+ void GiveBuffer(ipc::Shmem&& aBuffer);
+
+ protected:
+ ~ChromiumCDMChild();
+
+ bool OnResolveNewSessionPromiseInternal(uint32_t aPromiseId,
+ const nsACString& aSessionId);
+
+ bool IsOnMessageLoopThread();
+
+ void ActorDestroy(ActorDestroyReason aReason) override;
+
+ ipc::IPCResult RecvGiveBuffer(ipc::Shmem&& aShmem) override;
+ ipc::IPCResult RecvPurgeShmems() override;
+ void PurgeShmems();
+ ipc::IPCResult RecvInit(const bool& aAllowDistinctiveIdentifier,
+ const bool& aAllowPersistentState,
+ InitResolver&& aResolver) override;
+ ipc::IPCResult RecvSetServerCertificate(
+ const uint32_t& aPromiseId, nsTArray<uint8_t>&& aServerCert) override;
+ ipc::IPCResult RecvCreateSessionAndGenerateRequest(
+ const uint32_t& aPromiseId, const uint32_t& aSessionType,
+ const uint32_t& aInitDataType, nsTArray<uint8_t>&& aInitData) override;
+ ipc::IPCResult RecvLoadSession(const uint32_t& aPromiseId,
+ const uint32_t& aSessionType,
+ const nsACString& aSessionId) override;
+ ipc::IPCResult RecvUpdateSession(const uint32_t& aPromiseId,
+ const nsACString& aSessionId,
+ nsTArray<uint8_t>&& aResponse) override;
+ ipc::IPCResult RecvCloseSession(const uint32_t& aPromiseId,
+ const nsACString& aSessionId) override;
+ ipc::IPCResult RecvRemoveSession(const uint32_t& aPromiseId,
+ const nsACString& aSessionId) override;
+ ipc::IPCResult RecvCompleteQueryOutputProtectionStatus(
+ const bool& aSuccess, const uint32_t& aLinkMask,
+ const uint32_t& aProtectionMask) override;
+ ipc::IPCResult RecvGetStatusForPolicy(
+ const uint32_t& aPromiseId,
+ const cdm::HdcpVersion& aMinHdcpVersion) override;
+ ipc::IPCResult RecvDecrypt(const uint32_t& aId,
+ const CDMInputBuffer& aBuffer) override;
+ ipc::IPCResult RecvInitializeVideoDecoder(
+ const CDMVideoDecoderConfig& aConfig) override;
+ ipc::IPCResult RecvDeinitializeVideoDecoder() override;
+ ipc::IPCResult RecvResetVideoDecoder() override;
+ ipc::IPCResult RecvDecryptAndDecodeFrame(
+ const CDMInputBuffer& aBuffer) override;
+ ipc::IPCResult RecvDrain() override;
+ ipc::IPCResult RecvDestroy() override;
+
+ void ReturnOutput(WidevineVideoFrame& aFrame);
+ bool HasShmemOfSize(size_t aSize) const;
+
+ template <typename MethodType, typename... ParamType>
+ void CallMethod(MethodType, ParamType&&...);
+
+ template <typename MethodType, typename... ParamType>
+ void CallOnMessageLoopThread(const char* const, MethodType, ParamType&&...);
+
+ GMPContentChild* mPlugin = nullptr;
+ cdm::ContentDecryptionModule_10* mCDM = nullptr;
+
+ typedef SimpleMap<uint64_t> DurationMap;
+ DurationMap mFrameDurations;
+ nsTArray<uint32_t> mLoadSessionPromiseIds;
+
+ cdm::Size mCodedSize = {0, 0};
+ nsTArray<ipc::Shmem> mBuffers;
+
+ bool mDecoderInitialized = false;
+ bool mPersistentStateAllowed = false;
+ bool mDestroyed = false;
+ nsCString mStorageId;
+
+ typedef MozPromise<bool, nsresult, /* IsExclusive = */ true> InitPromise;
+ // Created when we RecvInit, should be resolved once the CDM is initialized
+ // or rejected if init fails.
+ MozPromiseHolder<InitPromise> mInitPromise;
+};
+
+} // namespace mozilla::gmp
+
+#endif // ChromiumCDMChild_h_
diff --git a/dom/media/gmp/ChromiumCDMParent.cpp b/dom/media/gmp/ChromiumCDMParent.cpp
new file mode 100644
index 0000000000..b2465f611e
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMParent.cpp
@@ -0,0 +1,1371 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ChromiumCDMParent.h"
+
+#include "ChromiumCDMCallback.h"
+#include "ChromiumCDMCallbackProxy.h"
+#include "ChromiumCDMProxy.h"
+#include "content_decryption_module.h"
+#include "GMPContentChild.h"
+#include "GMPContentParent.h"
+#include "GMPLog.h"
+#include "GMPService.h"
+#include "GMPUtils.h"
+#include "VideoUtils.h"
+#include "mozilla/dom/MediaKeyMessageEventBinding.h"
+#include "mozilla/gmp/GMPTypes.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/StaticPrefs_media.h"
+#include "mozilla/Unused.h"
+#include "AnnexB.h"
+#include "H264.h"
+
+#define NS_DispatchToMainThread(...) CompileError_UseAbstractMainThreadInstead
+
+namespace mozilla::gmp {
+
+using namespace eme;
+
+ChromiumCDMParent::ChromiumCDMParent(GMPContentParent* aContentParent,
+ uint32_t aPluginId)
+ : mPluginId(aPluginId),
+ mContentParent(aContentParent),
+ mVideoShmemLimit(StaticPrefs::media_eme_chromium_api_video_shmems())
+#ifdef DEBUG
+ ,
+ mGMPThread(aContentParent->GMPEventTarget())
+#endif
+{
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::ChromiumCDMParent(this=%p, contentParent=%p, "
+ "id=%" PRIu32 ")",
+ this, aContentParent, aPluginId);
+}
+
+RefPtr<ChromiumCDMParent::InitPromise> ChromiumCDMParent::Init(
+ ChromiumCDMCallback* aCDMCallback, bool aAllowDistinctiveIdentifier,
+ bool aAllowPersistentState, nsIEventTarget* aMainThread) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::Init(this=%p) shutdown=%s abormalShutdown=%s "
+ "actorDestroyed=%s",
+ this, mIsShutdown ? "true" : "false",
+ mAbnormalShutdown ? "true" : "false", mActorDestroyed ? "true" : "false");
+ if (!aCDMCallback || !aMainThread) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::Init(this=%p) failed "
+ "nullCallback=%s nullMainThread=%s",
+ this, !aCDMCallback ? "true" : "false",
+ !aMainThread ? "true" : "false");
+
+ return ChromiumCDMParent::InitPromise::CreateAndReject(
+ MediaResult(NS_ERROR_FAILURE,
+ nsPrintfCString("ChromiumCDMParent::Init() failed "
+ "nullCallback=%s nullMainThread=%s",
+ !aCDMCallback ? "true" : "false",
+ !aMainThread ? "true" : "false")),
+ __func__);
+ }
+
+ RefPtr<ChromiumCDMParent::InitPromise> promise =
+ mInitPromise.Ensure(__func__);
+ RefPtr<ChromiumCDMParent> self = this;
+ SendInit(aAllowDistinctiveIdentifier, aAllowPersistentState)
+ ->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [self, aCDMCallback](bool aSuccess) {
+ if (!aSuccess) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::Init() failed with callback from "
+ "child indicating CDM failed init");
+ self->mInitPromise.RejectIfExists(
+ MediaResult(NS_ERROR_FAILURE,
+ "ChromiumCDMParent::Init() failed with callback "
+ "from child indicating CDM failed init"),
+ __func__);
+ return;
+ }
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::Init() succeeded with callback from child");
+ self->mCDMCallback = aCDMCallback;
+ self->mInitPromise.ResolveIfExists(true /* unused */, __func__);
+ },
+ [self](ResponseRejectReason&& aReason) {
+ RefPtr<gmp::GeckoMediaPluginService> service =
+ gmp::GeckoMediaPluginService::GetGeckoMediaPluginService();
+ bool xpcomWillShutdown =
+ service && service->XPCOMWillShutdownReceived();
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::Init(this=%p) failed "
+ "shutdown=%s cdmCrash=%s actorDestroyed=%s "
+ "browserShutdown=%s promiseRejectReason=%d",
+ self.get(), self->mIsShutdown ? "true" : "false",
+ self->mAbnormalShutdown ? "true" : "false",
+ self->mActorDestroyed ? "true" : "false",
+ xpcomWillShutdown ? "true" : "false",
+ static_cast<int>(aReason));
+ self->mInitPromise.RejectIfExists(
+ MediaResult(
+ NS_ERROR_FAILURE,
+ nsPrintfCString("ChromiumCDMParent::Init() failed "
+ "shutdown=%s cdmCrash=%s actorDestroyed=%s "
+ "browserShutdown=%s promiseRejectReason=%d",
+ self->mIsShutdown ? "true" : "false",
+ self->mAbnormalShutdown ? "true" : "false",
+ self->mActorDestroyed ? "true" : "false",
+ xpcomWillShutdown ? "true" : "false",
+ static_cast<int>(aReason))),
+ __func__);
+ });
+ return promise;
+}
+
+void ChromiumCDMParent::CreateSession(uint32_t aCreateSessionToken,
+ uint32_t aSessionType,
+ uint32_t aInitDataType,
+ uint32_t aPromiseId,
+ const nsTArray<uint8_t>& aInitData) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::CreateSession(this=%p)", this);
+ if (mIsShutdown) {
+ RejectPromiseShutdown(aPromiseId);
+ return;
+ }
+ if (!SendCreateSessionAndGenerateRequest(aPromiseId, aSessionType,
+ aInitDataType, aInitData)) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Failed to send generateRequest to CDM process."_ns);
+ return;
+ }
+ mPromiseToCreateSessionToken.InsertOrUpdate(aPromiseId, aCreateSessionToken);
+}
+
+void ChromiumCDMParent::LoadSession(uint32_t aPromiseId, uint32_t aSessionType,
+ nsString aSessionId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::LoadSession(this=%p, pid=%" PRIu32
+ ", type=%" PRIu32 ", sid=%s)",
+ this, aPromiseId, aSessionType,
+ NS_ConvertUTF16toUTF8(aSessionId).get());
+ if (mIsShutdown) {
+ RejectPromiseShutdown(aPromiseId);
+ return;
+ }
+ if (!SendLoadSession(aPromiseId, aSessionType,
+ NS_ConvertUTF16toUTF8(aSessionId))) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Failed to send loadSession to CDM process."_ns);
+ return;
+ }
+}
+
+void ChromiumCDMParent::SetServerCertificate(uint32_t aPromiseId,
+ const nsTArray<uint8_t>& aCert) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::SetServerCertificate(this=%p)", this);
+ if (mIsShutdown) {
+ RejectPromiseShutdown(aPromiseId);
+ return;
+ }
+ if (!SendSetServerCertificate(aPromiseId, aCert)) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Failed to send setServerCertificate to CDM process"_ns);
+ }
+}
+
+void ChromiumCDMParent::UpdateSession(const nsCString& aSessionId,
+ uint32_t aPromiseId,
+ const nsTArray<uint8_t>& aResponse) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::UpdateSession(this=%p)", this);
+ if (mIsShutdown) {
+ RejectPromiseShutdown(aPromiseId);
+ return;
+ }
+ if (!SendUpdateSession(aPromiseId, aSessionId, aResponse)) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Failed to send updateSession to CDM process"_ns);
+ }
+}
+
+void ChromiumCDMParent::CloseSession(const nsCString& aSessionId,
+ uint32_t aPromiseId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::CloseSession(this=%p)", this);
+ if (mIsShutdown) {
+ RejectPromiseShutdown(aPromiseId);
+ return;
+ }
+ if (!SendCloseSession(aPromiseId, aSessionId)) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Failed to send closeSession to CDM process"_ns);
+ }
+}
+
+void ChromiumCDMParent::RemoveSession(const nsCString& aSessionId,
+ uint32_t aPromiseId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RemoveSession(this=%p)", this);
+ if (mIsShutdown) {
+ RejectPromiseShutdown(aPromiseId);
+ return;
+ }
+ if (!SendRemoveSession(aPromiseId, aSessionId)) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Failed to send removeSession to CDM process"_ns);
+ }
+}
+
+void ChromiumCDMParent::NotifyOutputProtectionStatus(bool aSuccess,
+ uint32_t aLinkMask,
+ uint32_t aProtectionMask) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::NotifyOutputProtectionStatus(this=%p)",
+ this);
+ if (mIsShutdown) {
+ return;
+ }
+ const bool haveCachedValue = mOutputProtectionLinkMask.isSome();
+ if (mAwaitingOutputProtectionInformation && !aSuccess) {
+ MOZ_DIAGNOSTIC_ASSERT(
+ !haveCachedValue,
+ "Should not have a cached value if we're still awaiting infomation");
+ // We're awaiting info and don't yet have a cached value, and the check
+ // failed, don't cache the result, just forward the failure.
+ CompleteQueryOutputProtectionStatus(false, aLinkMask, aProtectionMask);
+ return;
+ }
+ if (!mAwaitingOutputProtectionInformation && haveCachedValue && !aSuccess) {
+ // We're not awaiting info, already have a cached value, and the check
+ // failed. Ignore this, we'll update our info from any future successful
+ // checks.
+ return;
+ }
+ MOZ_ASSERT(aSuccess, "Failed checks should be handled by this point");
+ // Update our protection information.
+ mOutputProtectionLinkMask = Some(aLinkMask);
+
+ if (mAwaitingOutputProtectionInformation) {
+ // If we have an outstanding query, service that query with this
+ // information.
+ mAwaitingOutputProtectionInformation = false;
+ MOZ_ASSERT(!haveCachedValue,
+ "If we were waiting on information, we shouldn't have yet "
+ "cached a value");
+ CompleteQueryOutputProtectionStatus(true, mOutputProtectionLinkMask.value(),
+ aProtectionMask);
+ }
+}
+
+void ChromiumCDMParent::CompleteQueryOutputProtectionStatus(
+ bool aSuccess, uint32_t aLinkMask, uint32_t aProtectionMask) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::CompleteQueryOutputProtectionStatus(this=%p) "
+ "mIsShutdown=%s aSuccess=%s aLinkMask=%" PRIu32,
+ this, mIsShutdown ? "true" : "false", aSuccess ? "true" : "false",
+ aLinkMask);
+ if (mIsShutdown) {
+ return;
+ }
+ Unused << SendCompleteQueryOutputProtectionStatus(aSuccess, aLinkMask,
+ aProtectionMask);
+}
+
+static cdm::HdcpVersion ToCDMHdcpVersion(
+ const dom::HDCPVersion& aMinHdcpVersion) {
+ switch (aMinHdcpVersion) {
+ case dom::HDCPVersion::_1_0:
+ return cdm::HdcpVersion::kHdcpVersion1_0;
+ case dom::HDCPVersion::_1_1:
+ return cdm::HdcpVersion::kHdcpVersion1_1;
+ case dom::HDCPVersion::_1_2:
+ return cdm::HdcpVersion::kHdcpVersion1_2;
+ case dom::HDCPVersion::_1_3:
+ return cdm::HdcpVersion::kHdcpVersion1_3;
+ case dom::HDCPVersion::_1_4:
+ return cdm::HdcpVersion::kHdcpVersion1_4;
+ case dom::HDCPVersion::_2_0:
+ return cdm::HdcpVersion::kHdcpVersion2_0;
+ case dom::HDCPVersion::_2_1:
+ return cdm::HdcpVersion::kHdcpVersion2_1;
+ case dom::HDCPVersion::_2_2:
+ return cdm::HdcpVersion::kHdcpVersion2_2;
+ case dom::HDCPVersion::_2_3:
+ return cdm::HdcpVersion::kHdcpVersion2_3;
+ // When adding another version remember to update GMPMessageUtils so that we
+ // can serialize it correctly and have correct bounds on the enum!
+ default:
+ MOZ_ASSERT_UNREACHABLE("Unexpected HDCP version!");
+ return cdm::HdcpVersion::kHdcpVersionNone;
+ }
+}
+
+void ChromiumCDMParent::GetStatusForPolicy(
+ uint32_t aPromiseId, const dom::HDCPVersion& aMinHdcpVersion) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::GetStatusForPolicy(this=%p)", this);
+ if (mIsShutdown) {
+ RejectPromiseShutdown(aPromiseId);
+ return;
+ }
+ if (!SendGetStatusForPolicy(aPromiseId, ToCDMHdcpVersion(aMinHdcpVersion))) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Failed to send getStatusForPolicy to CDM process"_ns);
+ }
+}
+
+bool ChromiumCDMParent::InitCDMInputBuffer(gmp::CDMInputBuffer& aBuffer,
+ MediaRawData* aSample) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ const CryptoSample& crypto = aSample->mCrypto;
+ if (crypto.mEncryptedSizes.Length() != crypto.mPlainSizes.Length()) {
+ GMP_LOG_DEBUG("InitCDMInputBuffer clear/cipher subsamples don't match");
+ return false;
+ }
+
+ Shmem shmem;
+ if (!AllocShmem(aSample->Size(), &shmem)) {
+ return false;
+ }
+ memcpy(shmem.get<uint8_t>(), aSample->Data(), aSample->Size());
+ cdm::EncryptionScheme encryptionScheme = cdm::EncryptionScheme::kUnencrypted;
+ switch (crypto.mCryptoScheme) {
+ case CryptoScheme::None:
+ break; // Default to none
+ case CryptoScheme::Cenc:
+ encryptionScheme = cdm::EncryptionScheme::kCenc;
+ break;
+ case CryptoScheme::Cbcs:
+ encryptionScheme = cdm::EncryptionScheme::kCbcs;
+ break;
+ default:
+ GMP_LOG_DEBUG(
+ "InitCDMInputBuffer got unexpected encryption scheme with "
+ "value of %" PRIu8 ". Treating as no encryption.",
+ static_cast<uint8_t>(crypto.mCryptoScheme));
+ MOZ_ASSERT_UNREACHABLE("Should not have unrecognized encryption type");
+ break;
+ }
+
+ const nsTArray<uint8_t>& iv = encryptionScheme != cdm::EncryptionScheme::kCbcs
+ ? crypto.mIV
+ : crypto.mConstantIV;
+ aBuffer = gmp::CDMInputBuffer(
+ shmem, crypto.mKeyId, iv, aSample->mTime.ToMicroseconds(),
+ aSample->mDuration.ToMicroseconds(), crypto.mPlainSizes,
+ crypto.mEncryptedSizes, crypto.mCryptByteBlock, crypto.mSkipByteBlock,
+ encryptionScheme);
+ return true;
+}
+
+bool ChromiumCDMParent::SendBufferToCDM(uint32_t aSizeInBytes) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::SendBufferToCDM() size=%" PRIu32,
+ aSizeInBytes);
+ Shmem shmem;
+ if (!AllocShmem(aSizeInBytes, &shmem)) {
+ return false;
+ }
+ if (!SendGiveBuffer(std::move(shmem))) {
+ DeallocShmem(shmem);
+ return false;
+ }
+ return true;
+}
+
+RefPtr<DecryptPromise> ChromiumCDMParent::Decrypt(MediaRawData* aSample) {
+ if (mIsShutdown) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ return DecryptPromise::CreateAndReject(DecryptResult(GenericErr, aSample),
+ __func__);
+ }
+ CDMInputBuffer buffer;
+ if (!InitCDMInputBuffer(buffer, aSample)) {
+ return DecryptPromise::CreateAndReject(DecryptResult(GenericErr, aSample),
+ __func__);
+ }
+ // Send a buffer to the CDM to store the output. The CDM will either fill
+ // it with the decrypted sample and return it, or deallocate it on failure.
+ if (!SendBufferToCDM(aSample->Size())) {
+ DeallocShmem(buffer.mData());
+ return DecryptPromise::CreateAndReject(DecryptResult(GenericErr, aSample),
+ __func__);
+ }
+
+ RefPtr<DecryptJob> job = new DecryptJob(aSample);
+ if (!SendDecrypt(job->mId, buffer)) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::Decrypt(this=%p) failed to send decrypt message",
+ this);
+ DeallocShmem(buffer.mData());
+ return DecryptPromise::CreateAndReject(DecryptResult(GenericErr, aSample),
+ __func__);
+ }
+ RefPtr<DecryptPromise> promise = job->Ensure();
+ mDecrypts.AppendElement(job);
+ return promise;
+}
+
+ipc::IPCResult ChromiumCDMParent::Recv__delete__() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ MOZ_ASSERT(mIsShutdown);
+ GMP_LOG_DEBUG("ChromiumCDMParent::Recv__delete__(this=%p)", this);
+ if (mContentParent) {
+ mContentParent->ChromiumCDMDestroyed(this);
+ mContentParent = nullptr;
+ }
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnResolvePromiseWithKeyStatus(
+ const uint32_t& aPromiseId, const uint32_t& aKeyStatus) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::RecvOnResolvePromiseWithKeyStatus(this=%p, "
+ "pid=%" PRIu32 ", keystatus=%" PRIu32 ")",
+ this, aPromiseId, aKeyStatus);
+ if (!mCDMCallback || mIsShutdown) {
+ return IPC_OK();
+ }
+
+ mCDMCallback->ResolvePromiseWithKeyStatus(aPromiseId, aKeyStatus);
+
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnResolveNewSessionPromise(
+ const uint32_t& aPromiseId, const nsCString& aSessionId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::RecvOnResolveNewSessionPromise(this=%p, pid=%" PRIu32
+ ", sid=%s)",
+ this, aPromiseId, aSessionId.get());
+ if (!mCDMCallback || mIsShutdown) {
+ return IPC_OK();
+ }
+
+ Maybe<uint32_t> token = mPromiseToCreateSessionToken.Extract(aPromiseId);
+ if (token.isNothing()) {
+ RejectPromiseWithStateError(aPromiseId,
+ "Lost session token for new session."_ns);
+ return IPC_OK();
+ }
+
+ mCDMCallback->SetSessionId(token.value(), aSessionId);
+
+ ResolvePromise(aPromiseId);
+
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvResolveLoadSessionPromise(
+ const uint32_t& aPromiseId, const bool& aSuccessful) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::RecvResolveLoadSessionPromise(this=%p, pid=%" PRIu32
+ ", successful=%d)",
+ this, aPromiseId, aSuccessful);
+ if (!mCDMCallback || mIsShutdown) {
+ return IPC_OK();
+ }
+
+ mCDMCallback->ResolveLoadSessionPromise(aPromiseId, aSuccessful);
+
+ return IPC_OK();
+}
+
+void ChromiumCDMParent::ResolvePromise(uint32_t aPromiseId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::ResolvePromise(this=%p, pid=%" PRIu32 ")",
+ this, aPromiseId);
+
+ // Note: The MediaKeys rejects all pending DOM promises when it
+ // initiates shutdown.
+ if (!mCDMCallback || mIsShutdown) {
+ return;
+ }
+
+ mCDMCallback->ResolvePromise(aPromiseId);
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnResolvePromise(
+ const uint32_t& aPromiseId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ ResolvePromise(aPromiseId);
+ return IPC_OK();
+}
+
+void ChromiumCDMParent::RejectPromise(uint32_t aPromiseId,
+ ErrorResult&& aException,
+ const nsCString& aErrorMessage) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RejectPromise(this=%p, pid=%" PRIu32 ")",
+ this, aPromiseId);
+ // Note: The MediaKeys rejects all pending DOM promises when it
+ // initiates shutdown.
+ if (!mCDMCallback || mIsShutdown) {
+ // Suppress the exception as it will not be explicitly handled due to the
+ // early return.
+ aException.SuppressException();
+ return;
+ }
+
+ mCDMCallback->RejectPromise(aPromiseId, std::move(aException), aErrorMessage);
+}
+
+void ChromiumCDMParent::RejectPromiseShutdown(uint32_t aPromiseId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ RejectPromiseWithStateError(aPromiseId, "CDM is shutdown"_ns);
+}
+
+void ChromiumCDMParent::RejectPromiseWithStateError(
+ uint32_t aPromiseId, const nsCString& aErrorMessage) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ ErrorResult rv;
+ rv.ThrowInvalidStateError(aErrorMessage);
+ RejectPromise(aPromiseId, std::move(rv), aErrorMessage);
+}
+
+static ErrorResult ToErrorResult(uint32_t aException,
+ const nsCString& aErrorMessage) {
+ // XXXbz could we have a CopyableErrorResult sent to us with a better error
+ // message?
+ ErrorResult rv;
+ switch (static_cast<cdm::Exception>(aException)) {
+ case cdm::Exception::kExceptionNotSupportedError:
+ rv.ThrowNotSupportedError(aErrorMessage);
+ break;
+ case cdm::Exception::kExceptionInvalidStateError:
+ rv.ThrowInvalidStateError(aErrorMessage);
+ break;
+ case cdm::Exception::kExceptionTypeError:
+ rv.ThrowTypeError(aErrorMessage);
+ break;
+ case cdm::Exception::kExceptionQuotaExceededError:
+ rv.ThrowQuotaExceededError(aErrorMessage);
+ break;
+ default:
+ MOZ_ASSERT_UNREACHABLE("Invalid cdm::Exception enum value.");
+ // Note: Unique placeholder.
+ rv.ThrowTimeoutError(aErrorMessage);
+ };
+ return rv;
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnRejectPromise(
+ const uint32_t& aPromiseId, const uint32_t& aException,
+ const uint32_t& aSystemCode, const nsCString& aErrorMessage) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ RejectPromise(aPromiseId, ToErrorResult(aException, aErrorMessage),
+ aErrorMessage);
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnSessionMessage(
+ const nsCString& aSessionId, const uint32_t& aMessageType,
+ nsTArray<uint8_t>&& aMessage) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvOnSessionMessage(this=%p, sid=%s)",
+ this, aSessionId.get());
+ if (!mCDMCallback || mIsShutdown) {
+ return IPC_OK();
+ }
+
+ mCDMCallback->SessionMessage(aSessionId, aMessageType, std::move(aMessage));
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnSessionKeysChange(
+ const nsCString& aSessionId, nsTArray<CDMKeyInformation>&& aKeysInfo) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvOnSessionKeysChange(this=%p)", this);
+ if (!mCDMCallback || mIsShutdown) {
+ return IPC_OK();
+ }
+
+ mCDMCallback->SessionKeysChange(aSessionId, std::move(aKeysInfo));
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnExpirationChange(
+ const nsCString& aSessionId, const double& aSecondsSinceEpoch) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvOnExpirationChange(this=%p) time=%lf",
+ this, aSecondsSinceEpoch);
+ if (!mCDMCallback || mIsShutdown) {
+ return IPC_OK();
+ }
+
+ mCDMCallback->ExpirationChange(aSessionId, aSecondsSinceEpoch);
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnSessionClosed(
+ const nsCString& aSessionId) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvOnSessionClosed(this=%p)", this);
+ if (!mCDMCallback || mIsShutdown) {
+ return IPC_OK();
+ }
+
+ mCDMCallback->SessionClosed(aSessionId);
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnQueryOutputProtectionStatus() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::RecvOnQueryOutputProtectionStatus(this=%p) "
+ "mIsShutdown=%s mCDMCallback=%s mAwaitingOutputProtectionInformation=%s",
+ this, mIsShutdown ? "true" : "false", mCDMCallback ? "true" : "false",
+ mAwaitingOutputProtectionInformation ? "true" : "false");
+ if (mIsShutdown) {
+ // We're shutdown, don't try to service the query.
+ return IPC_OK();
+ }
+ if (!mCDMCallback) {
+ // We don't have a callback. We're not yet outputting anything so can report
+ // we're safe.
+ CompleteQueryOutputProtectionStatus(true, uint32_t{}, uint32_t{});
+ return IPC_OK();
+ }
+
+ if (mOutputProtectionLinkMask.isSome()) {
+ MOZ_DIAGNOSTIC_ASSERT(
+ !mAwaitingOutputProtectionInformation,
+ "If we have a cached value we should not be awaiting information");
+ // We have a cached value, use that.
+ CompleteQueryOutputProtectionStatus(true, mOutputProtectionLinkMask.value(),
+ uint32_t{});
+ return IPC_OK();
+ }
+
+ // We need to call up the stack to get the info. The CDM proxy will finish
+ // the request via `NotifyOutputProtectionStatus`.
+ mAwaitingOutputProtectionInformation = true;
+ mCDMCallback->QueryOutputProtectionStatus();
+ return IPC_OK();
+}
+
+DecryptStatus ToDecryptStatus(uint32_t aStatus) {
+ switch (static_cast<cdm::Status>(aStatus)) {
+ case cdm::kSuccess:
+ return DecryptStatus::Ok;
+ case cdm::kNoKey:
+ return DecryptStatus::NoKeyErr;
+ default:
+ return DecryptStatus::GenericErr;
+ }
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvDecryptFailed(const uint32_t& aId,
+ const uint32_t& aStatus) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvDecryptFailed(this=%p, id=%" PRIu32
+ ", status=%" PRIu32 ")",
+ this, aId, aStatus);
+
+ if (mIsShutdown) {
+ MOZ_ASSERT(mDecrypts.IsEmpty());
+ return IPC_OK();
+ }
+
+ for (size_t i = 0; i < mDecrypts.Length(); i++) {
+ if (mDecrypts[i]->mId == aId) {
+ mDecrypts[i]->PostResult(ToDecryptStatus(aStatus));
+ mDecrypts.RemoveElementAt(i);
+ break;
+ }
+ }
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvDecrypted(const uint32_t& aId,
+ const uint32_t& aStatus,
+ ipc::Shmem&& aShmem) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvDecrypted(this=%p, id=%" PRIu32
+ ", status=%" PRIu32 ")",
+ this, aId, aStatus);
+
+ // We must deallocate the shmem once we've copied the result out of it
+ // in PostResult below.
+ auto autoDeallocateShmem = MakeScopeExit([&, this] { DeallocShmem(aShmem); });
+
+ if (mIsShutdown) {
+ MOZ_ASSERT(mDecrypts.IsEmpty());
+ return IPC_OK();
+ }
+ for (size_t i = 0; i < mDecrypts.Length(); i++) {
+ if (mDecrypts[i]->mId == aId) {
+ mDecrypts[i]->PostResult(
+ ToDecryptStatus(aStatus),
+ Span<const uint8_t>(aShmem.get<uint8_t>(), aShmem.Size<uint8_t>()));
+ mDecrypts.RemoveElementAt(i);
+ break;
+ }
+ }
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvIncreaseShmemPoolSize() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("%s(this=%p) limit=%" PRIu32 " active=%" PRIu32, __func__, this,
+ mVideoShmemLimit, mVideoShmemsActive);
+
+ // Put an upper limit on the number of shmems we tolerate the CDM asking
+ // for, to prevent a memory blow-out. In practice, we expect the CDM to
+ // need less than 5, but some encodings require more.
+ // We'd expect CDMs to not have video frames larger than 720p-1080p
+ // (due to DRM robustness requirements), which is about 1.5MB-3MB per
+ // frame.
+ if (mVideoShmemLimit > 50) {
+ mDecodePromise.RejectIfExists(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("Failled to ensure CDM has enough shmems.")),
+ __func__);
+ Shutdown();
+ return IPC_OK();
+ }
+ mVideoShmemLimit++;
+
+ EnsureSufficientShmems(mVideoFrameBufferSize);
+
+ return IPC_OK();
+}
+
+bool ChromiumCDMParent::PurgeShmems() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::PurgeShmems(this=%p) frame_size=%zu"
+ " limit=%" PRIu32 " active=%" PRIu32,
+ this, mVideoFrameBufferSize, mVideoShmemLimit, mVideoShmemsActive);
+
+ if (mVideoShmemsActive == 0) {
+ // We haven't allocated any shmems, nothing to do here.
+ return true;
+ }
+ if (!SendPurgeShmems()) {
+ return false;
+ }
+ mVideoShmemsActive = 0;
+ return true;
+}
+
+bool ChromiumCDMParent::EnsureSufficientShmems(size_t aVideoFrameSize) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::EnsureSufficientShmems(this=%p) "
+ "size=%zu expected_size=%zu limit=%" PRIu32 " active=%" PRIu32,
+ this, aVideoFrameSize, mVideoFrameBufferSize, mVideoShmemLimit,
+ mVideoShmemsActive);
+
+ // The Chromium CDM API requires us to implement a synchronous
+ // interface to supply buffers to the CDM for it to write decrypted samples
+ // into. We want our buffers to be backed by shmems, in order to reduce
+ // the overhead of transferring decoded frames. However due to sandboxing
+ // restrictions, the CDM process cannot allocate shmems itself.
+ // We don't want to be doing synchronous IPC to request shmems from the
+ // content process, nor do we want to have to do intr IPC or make async
+ // IPC conform to the sync allocation interface. So instead we have the
+ // content process pre-allocate a set of shmems and give them to the CDM
+ // process in advance of them being needed.
+ //
+ // When the CDM needs to allocate a buffer for storing a decoded video
+ // frame, the CDM host gives it one of these shmems' buffers. When this
+ // is sent back to the content process, we upload it to a GPU surface,
+ // and send the shmem back to the CDM process so it can reuse it.
+ //
+ // Normally the CDM won't allocate more than one buffer at once, but
+ // we've seen cases where it allocates multiple buffers, returns one and
+ // holds onto the rest. So we need to ensure we have several extra
+ // shmems pre-allocated for the CDM. This threshold is set by the pref
+ // media.eme.chromium-api.video-shmems.
+ //
+ // We also have a failure recovery mechanism; if the CDM asks for more
+ // buffers than we have shmem's available, ChromiumCDMChild gives the
+ // CDM a non-shared memory buffer, and returns the frame to the parent
+ // in an nsTArray<uint8_t> instead of a shmem. The child then sends a
+ // message to the parent asking it to increase the number of shmems in
+ // the pool. Via this mechanism we should recover from incorrectly
+ // predicting how many shmems to pre-allocate.
+ //
+ // At decoder start up, we guess how big the shmems need to be based on
+ // the video frame dimensions. If we guess wrong, the CDM will follow
+ // the non-shmem path, and we'll re-create the shmems of the correct size.
+ // This meanns we can recover from guessing the shmem size wrong.
+ // We must re-take this path after every decoder de-init/re-init, as the
+ // frame sizes should change every time we switch video stream.
+
+ if (mVideoFrameBufferSize < aVideoFrameSize) {
+ if (!PurgeShmems()) {
+ return false;
+ }
+ mVideoFrameBufferSize = aVideoFrameSize;
+ }
+
+ while (mVideoShmemsActive < mVideoShmemLimit) {
+ if (!SendBufferToCDM(mVideoFrameBufferSize)) {
+ return false;
+ }
+ mVideoShmemsActive++;
+ }
+
+ return true;
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvDecodedData(const CDMVideoFrame& aFrame,
+ nsTArray<uint8_t>&& aData) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvDecodedData(this=%p) time=%" PRId64,
+ this, aFrame.mTimestamp());
+
+ if (mIsShutdown || mDecodePromise.IsEmpty()) {
+ return IPC_OK();
+ }
+
+ if (!EnsureSufficientShmems(aData.Length())) {
+ mDecodePromise.RejectIfExists(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("Failled to ensure CDM has enough shmems.")),
+ __func__);
+ return IPC_OK();
+ }
+
+ RefPtr<VideoData> v = CreateVideoFrame(aFrame, aData);
+ if (!v) {
+ mDecodePromise.RejectIfExists(
+ MediaResult(NS_ERROR_OUT_OF_MEMORY,
+ RESULT_DETAIL("Can't create VideoData")),
+ __func__);
+ return IPC_OK();
+ }
+
+ ReorderAndReturnOutput(std::move(v));
+
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvDecodedShmem(const CDMVideoFrame& aFrame,
+ ipc::Shmem&& aShmem) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvDecodedShmem(this=%p) time=%" PRId64
+ " duration=%" PRId64,
+ this, aFrame.mTimestamp(), aFrame.mDuration());
+
+ // On failure we need to deallocate the shmem we're to return to the
+ // CDM. On success we return it to the CDM to be reused.
+ auto autoDeallocateShmem =
+ MakeScopeExit([&, this] { this->DeallocShmem(aShmem); });
+
+ if (mIsShutdown || mDecodePromise.IsEmpty()) {
+ return IPC_OK();
+ }
+
+ RefPtr<VideoData> v = CreateVideoFrame(
+ aFrame, Span<uint8_t>(aShmem.get<uint8_t>(), aShmem.Size<uint8_t>()));
+ if (!v) {
+ mDecodePromise.RejectIfExists(
+ MediaResult(NS_ERROR_OUT_OF_MEMORY,
+ RESULT_DETAIL("Can't create VideoData")),
+ __func__);
+ return IPC_OK();
+ }
+
+ // Return the shmem to the CDM so the shmem can be reused to send us
+ // another frame.
+ if (!SendGiveBuffer(std::move(aShmem))) {
+ mDecodePromise.RejectIfExists(
+ MediaResult(NS_ERROR_OUT_OF_MEMORY,
+ RESULT_DETAIL("Can't return shmem to CDM process")),
+ __func__);
+ return IPC_OK();
+ }
+
+ // Don't need to deallocate the shmem since the CDM process is responsible
+ // for it again.
+ autoDeallocateShmem.release();
+
+ ReorderAndReturnOutput(std::move(v));
+
+ return IPC_OK();
+}
+
+void ChromiumCDMParent::ReorderAndReturnOutput(RefPtr<VideoData>&& aFrame) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ if (mMaxRefFrames == 0) {
+ mDecodePromise.ResolveIfExists(
+ MediaDataDecoder::DecodedData({std::move(aFrame)}), __func__);
+ return;
+ }
+ mReorderQueue.Push(std::move(aFrame));
+ MediaDataDecoder::DecodedData results;
+ while (mReorderQueue.Length() > mMaxRefFrames) {
+ results.AppendElement(mReorderQueue.Pop());
+ }
+ mDecodePromise.Resolve(std::move(results), __func__);
+}
+
+already_AddRefed<VideoData> ChromiumCDMParent::CreateVideoFrame(
+ const CDMVideoFrame& aFrame, Span<uint8_t> aData) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ MOZ_ASSERT(aData.Length() > 0);
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::CreateVideoFrame(this=%p aFrame.mFormat=%" PRIu32 ")",
+ this, aFrame.mFormat());
+
+ if (aFrame.mFormat() == cdm::VideoFormat::kUnknownVideoFormat) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::CreateVideoFrame(this=%p) Got kUnknownVideoFormat, "
+ "bailing.",
+ this);
+ return nullptr;
+ }
+
+ if (aFrame.mFormat() == cdm::VideoFormat::kYUV420P9 ||
+ aFrame.mFormat() == cdm::VideoFormat::kYUV422P9 ||
+ aFrame.mFormat() == cdm::VideoFormat::kYUV444P9) {
+ // If we ever hit this we can reconsider support, but 9 bit formats
+ // should be so rare as to be non-existent.
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::CreateVideoFrame(this=%p) Got a 9 bit depth pixel "
+ "format. We don't support these, bailing.",
+ this);
+ return nullptr;
+ }
+
+ VideoData::YCbCrBuffer b;
+
+ // Determine the dimensions of our chroma planes, color depth and chroma
+ // subsampling.
+ uint32_t chromaWidth = (aFrame.mImageWidth() + 1) / 2;
+ uint32_t chromaHeight = (aFrame.mImageHeight() + 1) / 2;
+ gfx::ColorDepth colorDepth = gfx::ColorDepth::COLOR_8;
+ gfx::ChromaSubsampling chromaSubsampling =
+ gfx::ChromaSubsampling::HALF_WIDTH_AND_HEIGHT;
+ switch (aFrame.mFormat()) {
+ case cdm::VideoFormat::kYv12:
+ case cdm::VideoFormat::kI420:
+ break;
+ case cdm::VideoFormat::kYUV420P10:
+ colorDepth = gfx::ColorDepth::COLOR_10;
+ break;
+ case cdm::VideoFormat::kYUV422P10:
+ chromaHeight = aFrame.mImageHeight();
+ colorDepth = gfx::ColorDepth::COLOR_10;
+ chromaSubsampling = gfx::ChromaSubsampling::HALF_WIDTH;
+ break;
+ case cdm::VideoFormat::kYUV444P10:
+ chromaWidth = aFrame.mImageWidth();
+ chromaHeight = aFrame.mImageHeight();
+ colorDepth = gfx::ColorDepth::COLOR_10;
+ chromaSubsampling = gfx::ChromaSubsampling::FULL;
+ break;
+ case cdm::VideoFormat::kYUV420P12:
+ colorDepth = gfx::ColorDepth::COLOR_12;
+ break;
+ case cdm::VideoFormat::kYUV422P12:
+ chromaHeight = aFrame.mImageHeight();
+ colorDepth = gfx::ColorDepth::COLOR_12;
+ chromaSubsampling = gfx::ChromaSubsampling::HALF_WIDTH;
+ break;
+ case cdm::VideoFormat::kYUV444P12:
+ chromaWidth = aFrame.mImageWidth();
+ chromaHeight = aFrame.mImageHeight();
+ colorDepth = gfx::ColorDepth::COLOR_12;
+ chromaSubsampling = gfx::ChromaSubsampling::FULL;
+ break;
+ default:
+ MOZ_ASSERT_UNREACHABLE("Should handle all formats");
+ return nullptr;
+ }
+
+ // Since we store each plane separately we can just roll the offset
+ // into our pointer to that plane and store that.
+ b.mPlanes[0].mData = aData.Elements() + aFrame.mYPlane().mPlaneOffset();
+ b.mPlanes[0].mWidth = aFrame.mImageWidth();
+ b.mPlanes[0].mHeight = aFrame.mImageHeight();
+ b.mPlanes[0].mStride = aFrame.mYPlane().mStride();
+ b.mPlanes[0].mSkip = 0;
+
+ b.mPlanes[1].mData = aData.Elements() + aFrame.mUPlane().mPlaneOffset();
+ b.mPlanes[1].mWidth = chromaWidth;
+ b.mPlanes[1].mHeight = chromaHeight;
+ b.mPlanes[1].mStride = aFrame.mUPlane().mStride();
+ b.mPlanes[1].mSkip = 0;
+
+ b.mPlanes[2].mData = aData.Elements() + aFrame.mVPlane().mPlaneOffset();
+ b.mPlanes[2].mWidth = chromaWidth;
+ b.mPlanes[2].mHeight = chromaHeight;
+ b.mPlanes[2].mStride = aFrame.mVPlane().mStride();
+ b.mPlanes[2].mSkip = 0;
+
+ b.mColorDepth = colorDepth;
+ b.mChromaSubsampling = chromaSubsampling;
+
+ // We unfortunately can't know which colorspace the video is using at this
+ // stage.
+ b.mYUVColorSpace =
+ DefaultColorSpace({aFrame.mImageWidth(), aFrame.mImageHeight()});
+
+ gfx::IntRect pictureRegion(0, 0, aFrame.mImageWidth(), aFrame.mImageHeight());
+
+ mozilla::Result<already_AddRefed<VideoData>, MediaResult> r =
+ VideoData::CreateAndCopyData(
+ mVideoInfo, mImageContainer, mLastStreamOffset,
+ media::TimeUnit::FromMicroseconds(
+ CheckedInt64(aFrame.mTimestamp()).value()),
+ media::TimeUnit::FromMicroseconds(
+ CheckedInt64(aFrame.mDuration()).value()),
+ b, false, media::TimeUnit::FromMicroseconds(-1), pictureRegion,
+ mKnowsCompositor);
+ RefPtr<VideoData> v = r.unwrapOr(nullptr);
+
+ if (!v || !v->mImage) {
+ NS_WARNING("Failed to decode video frame.");
+ return v.forget();
+ }
+
+ // This is a DRM image.
+ v->mImage->SetIsDRM(true);
+
+ return v.forget();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvDecodeFailed(const uint32_t& aStatus) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvDecodeFailed(this=%p status=%" PRIu32
+ ")",
+ this, aStatus);
+ if (mIsShutdown) {
+ MOZ_ASSERT(mDecodePromise.IsEmpty());
+ return IPC_OK();
+ }
+
+ if (aStatus == cdm::kNeedMoreData) {
+ mDecodePromise.ResolveIfExists(nsTArray<RefPtr<MediaData>>(), __func__);
+ return IPC_OK();
+ }
+
+ mDecodePromise.RejectIfExists(
+ MediaResult(
+ NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL(
+ "ChromiumCDMParent::RecvDecodeFailed with status %s (%" PRIu32
+ ")",
+ CdmStatusToString(aStatus), aStatus)),
+ __func__);
+ return IPC_OK();
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvShutdown() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::RecvShutdown(this=%p)", this);
+ Shutdown();
+ return IPC_OK();
+}
+
+void ChromiumCDMParent::ActorDestroy(ActorDestroyReason aWhy) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::ActorDestroy(this=%p, reason=%d)", this,
+ aWhy);
+ MOZ_ASSERT(!mActorDestroyed);
+ mActorDestroyed = true;
+ // Shutdown() will clear mCDMCallback, so let's keep a reference for later
+ // use.
+ auto callback = mCDMCallback;
+ if (!mIsShutdown) {
+ // Plugin crash.
+ MOZ_ASSERT(aWhy == AbnormalShutdown);
+ Shutdown();
+ }
+ MOZ_ASSERT(mIsShutdown);
+ RefPtr<ChromiumCDMParent> kungFuDeathGrip(this);
+ if (mContentParent) {
+ mContentParent->ChromiumCDMDestroyed(this);
+ mContentParent = nullptr;
+ }
+ mAbnormalShutdown = (aWhy == AbnormalShutdown);
+ if (mAbnormalShutdown && callback) {
+ callback->Terminated();
+ }
+ MaybeDisconnect(mAbnormalShutdown);
+}
+
+RefPtr<MediaDataDecoder::InitPromise> ChromiumCDMParent::InitializeVideoDecoder(
+ const gmp::CDMVideoDecoderConfig& aConfig, const VideoInfo& aInfo,
+ RefPtr<layers::ImageContainer> aImageContainer,
+ RefPtr<layers::KnowsCompositor> aKnowsCompositor) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ if (mIsShutdown) {
+ return MediaDataDecoder::InitPromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+ }
+
+ // The Widevine CDM version 1.4.8.970 and above contain a video decoder that
+ // does not optimally allocate video frames; it requests buffers much larger
+ // than required. The exact formula the CDM uses to calculate their frame
+ // sizes isn't obvious, but they normally request around or slightly more
+ // than 1.5X the optimal amount. So pad the size of buffers we allocate so
+ // that we're likely to have buffers big enough to accomodate the CDM's weird
+ // frame size calculation.
+ const size_t bufferSize =
+ 1.7 * I420FrameBufferSizePadded(aInfo.mImage.width, aInfo.mImage.height);
+ if (bufferSize <= 0) {
+ return MediaDataDecoder::InitPromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("Video frame buffer size is invalid.")),
+ __func__);
+ }
+
+ if (!EnsureSufficientShmems(bufferSize)) {
+ return MediaDataDecoder::InitPromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("Failed to init shmems for video decoder")),
+ __func__);
+ }
+
+ if (!SendInitializeVideoDecoder(aConfig)) {
+ return MediaDataDecoder::InitPromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("Failed to send init video decoder to CDM")),
+ __func__);
+ }
+
+ mMaxRefFrames = (aConfig.mCodec() == cdm::VideoCodec::kCodecH264)
+ ? H264::HasSPS(aInfo.mExtraData)
+ ? H264::ComputeMaxRefFrames(aInfo.mExtraData)
+ : 16
+ : 0;
+
+ mVideoDecoderInitialized = true;
+ mImageContainer = aImageContainer;
+ mKnowsCompositor = aKnowsCompositor;
+ mVideoInfo = aInfo;
+ mVideoFrameBufferSize = bufferSize;
+
+ return mInitVideoDecoderPromise.Ensure(__func__);
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvOnDecoderInitDone(
+ const uint32_t& aStatus) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::RecvOnDecoderInitDone(this=%p, status=%" PRIu32 ")",
+ this, aStatus);
+ if (mIsShutdown) {
+ MOZ_ASSERT(mInitVideoDecoderPromise.IsEmpty());
+ return IPC_OK();
+ }
+ if (aStatus == static_cast<uint32_t>(cdm::kSuccess)) {
+ mInitVideoDecoderPromise.ResolveIfExists(TrackInfo::kVideoTrack, __func__);
+ } else {
+ mVideoDecoderInitialized = false;
+ mInitVideoDecoderPromise.RejectIfExists(
+ MediaResult(
+ NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("CDM init decode failed with status %s (%" PRIu32 ")",
+ CdmStatusToString(aStatus), aStatus)),
+ __func__);
+ }
+ return IPC_OK();
+}
+
+RefPtr<MediaDataDecoder::DecodePromise>
+ChromiumCDMParent::DecryptAndDecodeFrame(MediaRawData* aSample) {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ if (mIsShutdown) {
+ return MediaDataDecoder::DecodePromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+ }
+
+ GMP_LOG_DEBUG("ChromiumCDMParent::DecryptAndDecodeFrame t=%" PRId64,
+ aSample->mTime.ToMicroseconds());
+
+ CDMInputBuffer buffer;
+
+ if (!InitCDMInputBuffer(buffer, aSample)) {
+ return MediaDataDecoder::DecodePromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR, "Failed to init CDM buffer."),
+ __func__);
+ }
+
+ mLastStreamOffset = aSample->mOffset;
+
+ if (!SendDecryptAndDecodeFrame(buffer)) {
+ GMP_LOG_DEBUG(
+ "ChromiumCDMParent::Decrypt(this=%p) failed to send decrypt message.",
+ this);
+ DeallocShmem(buffer.mData());
+ return MediaDataDecoder::DecodePromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ "Failed to send decrypt to CDM process."),
+ __func__);
+ }
+
+ return mDecodePromise.Ensure(__func__);
+}
+
+RefPtr<MediaDataDecoder::FlushPromise> ChromiumCDMParent::FlushVideoDecoder() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ if (mIsShutdown) {
+ MOZ_ASSERT(mReorderQueue.IsEmpty());
+ return MediaDataDecoder::FlushPromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+ }
+
+ mReorderQueue.Clear();
+
+ mDecodePromise.RejectIfExists(NS_ERROR_DOM_MEDIA_CANCELED, __func__);
+ if (!SendResetVideoDecoder()) {
+ return MediaDataDecoder::FlushPromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ "Failed to send flush to CDM."),
+ __func__);
+ }
+ return mFlushDecoderPromise.Ensure(__func__);
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvResetVideoDecoderComplete() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ MOZ_ASSERT(mReorderQueue.IsEmpty());
+ if (mIsShutdown) {
+ MOZ_ASSERT(mFlushDecoderPromise.IsEmpty());
+ return IPC_OK();
+ }
+ mFlushDecoderPromise.ResolveIfExists(true, __func__);
+ return IPC_OK();
+}
+
+RefPtr<MediaDataDecoder::DecodePromise> ChromiumCDMParent::Drain() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ MOZ_ASSERT(mDecodePromise.IsEmpty(), "Must wait for decoding to complete");
+ if (mIsShutdown) {
+ return MediaDataDecoder::DecodePromise::CreateAndReject(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+ }
+
+ RefPtr<MediaDataDecoder::DecodePromise> p = mDecodePromise.Ensure(__func__);
+ if (!SendDrain()) {
+ mDecodePromise.Resolve(MediaDataDecoder::DecodedData(), __func__);
+ }
+ return p;
+}
+
+ipc::IPCResult ChromiumCDMParent::RecvDrainComplete() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ if (mIsShutdown) {
+ MOZ_ASSERT(mDecodePromise.IsEmpty());
+ return IPC_OK();
+ }
+
+ MediaDataDecoder::DecodedData samples;
+ while (!mReorderQueue.IsEmpty()) {
+ samples.AppendElement(mReorderQueue.Pop());
+ }
+
+ mDecodePromise.ResolveIfExists(std::move(samples), __func__);
+ return IPC_OK();
+}
+RefPtr<ShutdownPromise> ChromiumCDMParent::ShutdownVideoDecoder() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ if (mIsShutdown || !mVideoDecoderInitialized) {
+ return ShutdownPromise::CreateAndResolve(true, __func__);
+ }
+ mInitVideoDecoderPromise.RejectIfExists(NS_ERROR_DOM_MEDIA_CANCELED,
+ __func__);
+ mDecodePromise.RejectIfExists(NS_ERROR_DOM_MEDIA_CANCELED, __func__);
+ MOZ_ASSERT(mFlushDecoderPromise.IsEmpty());
+ if (!SendDeinitializeVideoDecoder()) {
+ return ShutdownPromise::CreateAndResolve(true, __func__);
+ }
+ mVideoDecoderInitialized = false;
+
+ GMP_LOG_DEBUG("ChromiumCDMParent::~ShutdownVideoDecoder(this=%p) ", this);
+
+ // The ChromiumCDMChild will purge its shmems, so if the decoder is
+ // reinitialized the shmems need to be re-allocated, and they may need
+ // to be a different size.
+ mVideoShmemsActive = 0;
+ mVideoFrameBufferSize = 0;
+ return ShutdownPromise::CreateAndResolve(true, __func__);
+}
+
+void ChromiumCDMParent::Shutdown() {
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+ GMP_LOG_DEBUG("ChromiumCDMParent::Shutdown(this=%p)", this);
+
+ if (mIsShutdown) {
+ return;
+ }
+ mIsShutdown = true;
+
+ // If we're shutting down due to the plugin shutting down due to application
+ // shutdown, we should tell the CDM proxy to also shutdown. Otherwise the
+ // proxy will shutdown when the owning MediaKeys is destroyed during cycle
+ // collection, and that will not shut down cleanly as the GMP thread will be
+ // shutdown by then.
+ if (mCDMCallback) {
+ mCDMCallback->Shutdown();
+ }
+
+ // We may be called from a task holding the last reference to the CDM
+ // callback, so let's clear our local weak pointer to ensure it will not be
+ // used afterward (including from an already-queued task, e.g.: ActorDestroy).
+ mCDMCallback = nullptr;
+
+ mReorderQueue.Clear();
+
+ for (RefPtr<DecryptJob>& decrypt : mDecrypts) {
+ decrypt->PostResult(eme::AbortedErr);
+ }
+ mDecrypts.Clear();
+
+ if (mVideoDecoderInitialized && !mActorDestroyed) {
+ Unused << SendDeinitializeVideoDecoder();
+ mVideoDecoderInitialized = false;
+ }
+
+ // Note: MediaKeys rejects all outstanding promises when it initiates
+ // shutdown.
+ mPromiseToCreateSessionToken.Clear();
+
+ mInitPromise.RejectIfExists(
+ MediaResult(NS_ERROR_DOM_ABORT_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+
+ mInitVideoDecoderPromise.RejectIfExists(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+ mDecodePromise.RejectIfExists(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+ mFlushDecoderPromise.RejectIfExists(
+ MediaResult(NS_ERROR_DOM_MEDIA_FATAL_ERR,
+ RESULT_DETAIL("ChromiumCDMParent is shutdown")),
+ __func__);
+
+ if (!mActorDestroyed) {
+ Unused << SendDestroy();
+ }
+}
+
+} // namespace mozilla::gmp
+
+#undef NS_DispatchToMainThread
diff --git a/dom/media/gmp/ChromiumCDMParent.h b/dom/media/gmp/ChromiumCDMParent.h
new file mode 100644
index 0000000000..2a88d1ed09
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMParent.h
@@ -0,0 +1,232 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ChromiumCDMParent_h_
+#define ChromiumCDMParent_h_
+
+#include "DecryptJob.h"
+#include "GMPCrashHelper.h"
+#include "GMPCrashHelperHolder.h"
+#include "GMPMessageUtils.h"
+#include "mozilla/gmp/PChromiumCDMParent.h"
+#include "mozilla/RefPtr.h"
+#include "nsTHashMap.h"
+#include "PlatformDecoderModule.h"
+#include "ImageContainer.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/Span.h"
+#include "ReorderQueue.h"
+
+class ChromiumCDMCallback;
+
+namespace mozilla {
+
+class ErrorResult;
+class MediaRawData;
+class ChromiumCDMProxy;
+
+namespace gmp {
+
+class GMPContentParent;
+
+/**
+ * ChromiumCDMParent is the content process IPC actor used to communicate with a
+ * CDM in the GMP process (where ChromiumCDMChild lives). All non-static
+ * members of this class are GMP thread only.
+ */
+class ChromiumCDMParent final : public PChromiumCDMParent,
+ public GMPCrashHelperHolder {
+ friend class PChromiumCDMParent;
+
+ public:
+ typedef MozPromise<bool, MediaResult, /* IsExclusive = */ true> InitPromise;
+
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PChromiumCDMParent.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(ChromiumCDMParent, final)
+
+ ChromiumCDMParent(GMPContentParent* aContentParent, uint32_t aPluginId);
+
+ uint32_t PluginId() const { return mPluginId; }
+
+ RefPtr<InitPromise> Init(ChromiumCDMCallback* aCDMCallback,
+ bool aAllowDistinctiveIdentifier,
+ bool aAllowPersistentState,
+ nsIEventTarget* aMainThread);
+
+ void CreateSession(uint32_t aCreateSessionToken, uint32_t aSessionType,
+ uint32_t aInitDataType, uint32_t aPromiseId,
+ const nsTArray<uint8_t>& aInitData);
+
+ void LoadSession(uint32_t aPromiseId, uint32_t aSessionType,
+ nsString aSessionId);
+
+ void SetServerCertificate(uint32_t aPromiseId,
+ const nsTArray<uint8_t>& aCert);
+
+ void UpdateSession(const nsCString& aSessionId, uint32_t aPromiseId,
+ const nsTArray<uint8_t>& aResponse);
+
+ void CloseSession(const nsCString& aSessionId, uint32_t aPromiseId);
+
+ void RemoveSession(const nsCString& aSessionId, uint32_t aPromiseId);
+
+ // Notifies this parent of the current output protection status. This will
+ // update cached status and resolve outstanding queries from the CDM if one
+ // exists.
+ void NotifyOutputProtectionStatus(bool aSuccess, uint32_t aLinkMask,
+ uint32_t aProtectionMask);
+
+ void GetStatusForPolicy(uint32_t aPromiseId,
+ const dom::HDCPVersion& aMinHdcpVersion);
+
+ RefPtr<DecryptPromise> Decrypt(MediaRawData* aSample);
+
+ // TODO: Add functions for clients to send data to CDM, and
+ // a Close() function.
+ RefPtr<MediaDataDecoder::InitPromise> InitializeVideoDecoder(
+ const gmp::CDMVideoDecoderConfig& aConfig, const VideoInfo& aInfo,
+ RefPtr<layers::ImageContainer> aImageContainer,
+ RefPtr<layers::KnowsCompositor> aKnowsCompositor);
+
+ RefPtr<MediaDataDecoder::DecodePromise> DecryptAndDecodeFrame(
+ MediaRawData* aSample);
+
+ RefPtr<MediaDataDecoder::FlushPromise> FlushVideoDecoder();
+
+ RefPtr<MediaDataDecoder::DecodePromise> Drain();
+
+ RefPtr<ShutdownPromise> ShutdownVideoDecoder();
+
+ void Shutdown();
+
+ protected:
+ ~ChromiumCDMParent() = default;
+
+ ipc::IPCResult Recv__delete__() override;
+ ipc::IPCResult RecvOnResolvePromiseWithKeyStatus(const uint32_t& aPromiseId,
+ const uint32_t& aKeyStatus);
+ ipc::IPCResult RecvOnResolveNewSessionPromise(const uint32_t& aPromiseId,
+ const nsCString& aSessionId);
+ ipc::IPCResult RecvResolveLoadSessionPromise(const uint32_t& aPromiseId,
+ const bool& aSuccessful);
+ ipc::IPCResult RecvOnResolvePromise(const uint32_t& aPromiseId);
+ ipc::IPCResult RecvOnRejectPromise(const uint32_t& aPromiseId,
+ const uint32_t& aError,
+ const uint32_t& aSystemCode,
+ const nsCString& aErrorMessage);
+ ipc::IPCResult RecvOnSessionMessage(const nsCString& aSessionId,
+ const uint32_t& aMessageType,
+ nsTArray<uint8_t>&& aMessage);
+ ipc::IPCResult RecvOnSessionKeysChange(
+ const nsCString& aSessionId, nsTArray<CDMKeyInformation>&& aKeysInfo);
+ ipc::IPCResult RecvOnExpirationChange(const nsCString& aSessionId,
+ const double& aSecondsSinceEpoch);
+ ipc::IPCResult RecvOnSessionClosed(const nsCString& aSessionId);
+ ipc::IPCResult RecvOnQueryOutputProtectionStatus();
+ ipc::IPCResult RecvDecrypted(const uint32_t& aId, const uint32_t& aStatus,
+ ipc::Shmem&& aData);
+ ipc::IPCResult RecvDecryptFailed(const uint32_t& aId,
+ const uint32_t& aStatus);
+ ipc::IPCResult RecvOnDecoderInitDone(const uint32_t& aStatus);
+ ipc::IPCResult RecvDecodedShmem(const CDMVideoFrame& aFrame,
+ ipc::Shmem&& aShmem);
+ ipc::IPCResult RecvDecodedData(const CDMVideoFrame& aFrame,
+ nsTArray<uint8_t>&& aData);
+ ipc::IPCResult RecvDecodeFailed(const uint32_t& aStatus);
+ ipc::IPCResult RecvShutdown();
+ ipc::IPCResult RecvResetVideoDecoderComplete();
+ ipc::IPCResult RecvDrainComplete();
+ ipc::IPCResult RecvIncreaseShmemPoolSize();
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+ bool SendBufferToCDM(uint32_t aSizeInBytes);
+
+ void ReorderAndReturnOutput(RefPtr<VideoData>&& aFrame);
+
+ void RejectPromise(uint32_t aPromiseId, ErrorResult&& aException,
+ const nsCString& aErrorMessage);
+
+ void ResolvePromise(uint32_t aPromiseId);
+ // Helpers to reject our promise if we are shut down.
+ void RejectPromiseShutdown(uint32_t aPromiseId);
+ // Helper to reject our promise with an InvalidStateError and the given
+ // message.
+ void RejectPromiseWithStateError(uint32_t aPromiseId,
+ const nsCString& aErrorMessage);
+
+ // Complete the CDMs request for us to check protection status by responding
+ // to the CDM child with the requested info.
+ void CompleteQueryOutputProtectionStatus(bool aSuccess, uint32_t aLinkMask,
+ uint32_t aProtectionMask);
+
+ bool InitCDMInputBuffer(gmp::CDMInputBuffer& aBuffer, MediaRawData* aSample);
+
+ bool PurgeShmems();
+ bool EnsureSufficientShmems(size_t aVideoFrameSize);
+ already_AddRefed<VideoData> CreateVideoFrame(const CDMVideoFrame& aFrame,
+ Span<uint8_t> aData);
+
+ const uint32_t mPluginId;
+ GMPContentParent* mContentParent;
+ // Note: this pointer is a weak reference as ChromiumCDMProxy has a strong
+ // reference to the ChromiumCDMCallback.
+ ChromiumCDMCallback* mCDMCallback = nullptr;
+ nsTHashMap<nsUint32HashKey, uint32_t> mPromiseToCreateSessionToken;
+ nsTArray<RefPtr<DecryptJob>> mDecrypts;
+
+ MozPromiseHolder<InitPromise> mInitPromise;
+
+ MozPromiseHolder<MediaDataDecoder::InitPromise> mInitVideoDecoderPromise;
+ MozPromiseHolder<MediaDataDecoder::DecodePromise> mDecodePromise;
+
+ RefPtr<layers::ImageContainer> mImageContainer;
+ RefPtr<layers::KnowsCompositor> mKnowsCompositor;
+ VideoInfo mVideoInfo;
+ int64_t mLastStreamOffset = 0;
+
+ MozPromiseHolder<MediaDataDecoder::FlushPromise> mFlushDecoderPromise;
+
+ size_t mVideoFrameBufferSize = 0;
+
+ // Count of the number of shmems in the set used to return decoded video
+ // frames from the CDM to Gecko.
+ uint32_t mVideoShmemsActive = 0;
+ // Maximum number of shmems to use to return decoded video frames.
+ uint32_t mVideoShmemLimit;
+
+ // Tracks if we have an outstanding request for output protection information.
+ // This will be set to true if the CDM requests the information and we haven't
+ // yet received it from up the stack and need to query up.
+ bool mAwaitingOutputProtectionInformation = false;
+ // The cached link mask for QueryOutputProtectionStatus related calls. If
+ // this isn't set we'll call up the stack to MediaKeys to request the
+ // information, otherwise we'll use the cached value and rely on MediaKeys
+ // to notify us if the mask changes.
+ Maybe<uint32_t> mOutputProtectionLinkMask;
+
+ bool mIsShutdown = false;
+ bool mVideoDecoderInitialized = false;
+ bool mActorDestroyed = false;
+ bool mAbnormalShutdown = false;
+
+ // The H.264 decoder in Widevine CDM versions 970 and later output in decode
+ // order rather than presentation order, so we reorder in presentation order
+ // before presenting. mMaxRefFrames is non-zero if we have an initialized
+ // decoder and we are decoding H.264. If so, it stores the maximum length of
+ // the reorder queue that we need. Note we may have multiple decoders for the
+ // life time of this object, but never more than one active at once.
+ uint32_t mMaxRefFrames = 0;
+ ReorderQueue mReorderQueue;
+
+#ifdef DEBUG
+ // The GMP thread. Used to MOZ_ASSERT methods run on the GMP thread.
+ const nsCOMPtr<nsISerialEventTarget> mGMPThread;
+#endif
+};
+
+} // namespace gmp
+} // namespace mozilla
+
+#endif // ChromiumCDMParent_h_
diff --git a/dom/media/gmp/ChromiumCDMProxy.cpp b/dom/media/gmp/ChromiumCDMProxy.cpp
new file mode 100644
index 0000000000..e8d871a113
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMProxy.cpp
@@ -0,0 +1,638 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ChromiumCDMProxy.h"
+#include "ChromiumCDMCallbackProxy.h"
+#include "MediaResult.h"
+#include "mozilla/dom/MediaKeySession.h"
+#include "mozilla/dom/MediaKeysBinding.h"
+#include "GMPUtils.h"
+#include "nsPrintfCString.h"
+#include "GMPService.h"
+#include "content_decryption_module.h"
+
+#define NS_DispatchToMainThread(...) CompileError_UseAbstractMainThreadInstead
+
+namespace mozilla {
+
+ChromiumCDMProxy::ChromiumCDMProxy(dom::MediaKeys* aKeys,
+ const nsAString& aKeySystem,
+ GMPCrashHelper* aCrashHelper,
+ bool aDistinctiveIdentifierRequired,
+ bool aPersistentStateRequired)
+ : CDMProxy(aKeys, aKeySystem, aDistinctiveIdentifierRequired,
+ aPersistentStateRequired),
+ mCrashHelper(aCrashHelper),
+ mCDMMutex("ChromiumCDMProxy"),
+ mGMPThread(GetGMPThread()) {
+ MOZ_ASSERT(NS_IsMainThread());
+}
+
+ChromiumCDMProxy::~ChromiumCDMProxy() {
+ EME_LOG("ChromiumCDMProxy::~ChromiumCDMProxy(this=%p)", this);
+}
+
+void ChromiumCDMProxy::Init(PromiseId aPromiseId, const nsAString& aOrigin,
+ const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ RefPtr<GMPCrashHelper> helper(std::move(mCrashHelper));
+
+ NS_ENSURE_TRUE_VOID(!mKeys.IsNull());
+
+ EME_LOG("ChromiumCDMProxy::Init(this=%p, pid=%" PRIu32
+ ", origin=%s, topLevelOrigin=%s, "
+ "gmp=%s)",
+ this, aPromiseId, NS_ConvertUTF16toUTF8(aOrigin).get(),
+ NS_ConvertUTF16toUTF8(aTopLevelOrigin).get(),
+ NS_ConvertUTF16toUTF8(aGMPName).get());
+
+ if (!mGMPThread) {
+ RejectPromiseWithStateError(
+ aPromiseId, "Couldn't get GMP thread ChromiumCDMProxy::Init"_ns);
+ return;
+ }
+
+ if (aGMPName.IsEmpty()) {
+ RejectPromiseWithStateError(
+ aPromiseId, nsPrintfCString("Unknown GMP for keysystem '%s'",
+ NS_ConvertUTF16toUTF8(mKeySystem).get()));
+ return;
+ }
+
+ gmp::NodeIdParts nodeIdParts{nsString(aOrigin), nsString(aTopLevelOrigin),
+ nsString(aGMPName)};
+ nsCOMPtr<nsISerialEventTarget> thread = mGMPThread;
+ RefPtr<ChromiumCDMProxy> self(this);
+ nsCString keySystem = NS_ConvertUTF16toUTF8(mKeySystem);
+ RefPtr<Runnable> task(NS_NewRunnableFunction(
+ "ChromiumCDMProxy::Init",
+ [self, nodeIdParts, helper, aPromiseId, thread, keySystem]() -> void {
+ MOZ_ASSERT(self->IsOnOwnerThread());
+
+ RefPtr<gmp::GeckoMediaPluginService> service =
+ gmp::GeckoMediaPluginService::GetGeckoMediaPluginService();
+ if (!service) {
+ self->RejectPromiseWithStateError(
+ aPromiseId,
+ nsLiteralCString("Couldn't get GeckoMediaPluginService in "
+ "ChromiumCDMProxy::Init"));
+ return;
+ }
+ RefPtr<gmp::GetCDMParentPromise> promise =
+ service->GetCDM(nodeIdParts, keySystem, helper);
+ promise->Then(
+ thread, __func__,
+ [self, aPromiseId, thread](RefPtr<gmp::ChromiumCDMParent> cdm) {
+ // service->GetCDM succeeded
+ self->mCallback =
+ MakeUnique<ChromiumCDMCallbackProxy>(self, self->mMainThread);
+ cdm->Init(self->mCallback.get(),
+ self->mDistinctiveIdentifierRequired,
+ self->mPersistentStateRequired, self->mMainThread)
+ ->Then(
+ self->mMainThread, __func__,
+ [self, aPromiseId, cdm](bool /* unused */) {
+ // CDM init succeeded
+ {
+ MutexAutoLock lock(self->mCDMMutex);
+ self->mCDM = cdm;
+ }
+ if (self->mIsShutdown) {
+ self->RejectPromiseWithStateError(
+ aPromiseId, nsLiteralCString(
+ "ChromiumCDMProxy shutdown "
+ "during ChromiumCDMProxy::Init"));
+ // If shutdown happened while waiting to init, we
+ // need to explicitly shutdown the CDM to avoid it
+ // referencing this proxy which is on its way out.
+ self->ShutdownCDMIfExists();
+ return;
+ }
+ self->OnCDMCreated(aPromiseId);
+ },
+ [self, aPromiseId](MediaResult aResult) {
+ // CDM init failed.
+ ErrorResult rv;
+ // XXXbz MediaResult should really store a
+ // CopyableErrorResult or something. See
+ // <https://bugzilla.mozilla.org/show_bug.cgi?id=1612216>.
+ rv.Throw(aResult.Code());
+ self->RejectPromise(aPromiseId, std::move(rv),
+ aResult.Message());
+ });
+ },
+ [self, aPromiseId](MediaResult rv) {
+ // service->GetCDM failed
+ ErrorResult result;
+ // XXXbz MediaResult should really store a CopyableErrorResult or
+ // something. See
+ // <https://bugzilla.mozilla.org/show_bug.cgi?id=1612216>.
+ result.Throw(rv.Code());
+ self->RejectPromise(aPromiseId, std::move(result),
+ rv.Description());
+ });
+ }));
+
+ mGMPThread->Dispatch(task.forget());
+}
+
+void ChromiumCDMProxy::OnCDMCreated(uint32_t aPromiseId) {
+ EME_LOG("ChromiumCDMProxy::OnCDMCreated(this=%p, pid=%" PRIu32
+ ") isMainThread=%d",
+ this, aPromiseId, NS_IsMainThread());
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mKeys.IsNull()) {
+ return;
+ }
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ // This should only be called once the CDM has been created.
+ MOZ_ASSERT(cdm);
+ if (cdm) {
+ mKeys->OnCDMCreated(aPromiseId, cdm->PluginId());
+ } else {
+ // No CDM? Shouldn't be possible, but reject the promise anyway...
+ constexpr auto err = "Null CDM in OnCDMCreated()"_ns;
+ ErrorResult rv;
+ rv.ThrowInvalidStateError(err);
+ mKeys->RejectPromise(aPromiseId, std::move(rv), err);
+ }
+}
+
+void ChromiumCDMProxy::ShutdownCDMIfExists() {
+ EME_LOG(
+ "ChromiumCDMProxy::ShutdownCDMIfExists(this=%p) mCDM=%p, mIsShutdown=%s",
+ this, mCDM.get(), mIsShutdown ? "true" : "false");
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(mGMPThread);
+ MOZ_ASSERT(mIsShutdown,
+ "Should only shutdown the CDM if the proxy is shutting down");
+ RefPtr<gmp::ChromiumCDMParent> cdm;
+ {
+ MutexAutoLock lock(mCDMMutex);
+ cdm.swap(mCDM);
+ }
+ if (cdm) {
+ // We need to keep this proxy alive until the parent has finished its
+ // Shutdown (as it may still try to use the proxy until then).
+ RefPtr<ChromiumCDMProxy> self(this);
+ nsCOMPtr<nsIRunnable> task = NS_NewRunnableFunction(
+ "ChromiumCDMProxy::Shutdown", [self, cdm]() { cdm->Shutdown(); });
+ mGMPThread->Dispatch(task.forget());
+ }
+}
+
+#ifdef DEBUG
+bool ChromiumCDMProxy::IsOnOwnerThread() {
+ return mGMPThread && mGMPThread->IsOnCurrentThread();
+}
+#endif
+
+static uint32_t ToCDMSessionType(dom::MediaKeySessionType aSessionType) {
+ switch (aSessionType) {
+ case dom::MediaKeySessionType::Temporary:
+ return static_cast<uint32_t>(cdm::kTemporary);
+ case dom::MediaKeySessionType::Persistent_license:
+ return static_cast<uint32_t>(cdm::kPersistentLicense);
+ default:
+ return static_cast<uint32_t>(cdm::kTemporary);
+ };
+};
+
+static uint32_t ToCDMInitDataType(const nsAString& aInitDataType) {
+ if (aInitDataType.EqualsLiteral("cenc")) {
+ return static_cast<uint32_t>(cdm::kCenc);
+ }
+ if (aInitDataType.EqualsLiteral("webm")) {
+ return static_cast<uint32_t>(cdm::kWebM);
+ }
+ if (aInitDataType.EqualsLiteral("keyids")) {
+ return static_cast<uint32_t>(cdm::kKeyIds);
+ }
+ return static_cast<uint32_t>(cdm::kCenc);
+}
+
+void ChromiumCDMProxy::CreateSession(uint32_t aCreateSessionToken,
+ dom::MediaKeySessionType aSessionType,
+ PromiseId aPromiseId,
+ const nsAString& aInitDataType,
+ nsTArray<uint8_t>& aInitData) {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::CreateSession(this=%p, token=%" PRIu32
+ ", type=%d, pid=%" PRIu32
+ ") "
+ "initDataLen=%zu",
+ this, aCreateSessionToken, (int)aSessionType, aPromiseId,
+ aInitData.Length());
+
+ uint32_t sessionType = ToCDMSessionType(aSessionType);
+ uint32_t initDataType = ToCDMInitDataType(aInitDataType);
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ RejectPromiseWithStateError(aPromiseId, "Null CDM in CreateSession"_ns);
+ return;
+ }
+
+ mGMPThread->Dispatch(NewRunnableMethod<uint32_t, uint32_t, uint32_t, uint32_t,
+ nsTArray<uint8_t>>(
+ "gmp::ChromiumCDMParent::CreateSession", cdm,
+ &gmp::ChromiumCDMParent::CreateSession, aCreateSessionToken, sessionType,
+ initDataType, aPromiseId, std::move(aInitData)));
+}
+
+void ChromiumCDMProxy::LoadSession(PromiseId aPromiseId,
+ dom::MediaKeySessionType aSessionType,
+ const nsAString& aSessionId) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ RejectPromiseWithStateError(aPromiseId, "Null CDM in LoadSession"_ns);
+ return;
+ }
+
+ mGMPThread->Dispatch(NewRunnableMethod<uint32_t, uint32_t, nsString>(
+ "gmp::ChromiumCDMParent::LoadSession", cdm,
+ &gmp::ChromiumCDMParent::LoadSession, aPromiseId,
+ ToCDMSessionType(aSessionType), aSessionId));
+}
+
+void ChromiumCDMProxy::SetServerCertificate(PromiseId aPromiseId,
+ nsTArray<uint8_t>& aCert) {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::SetServerCertificate(this=%p, pid=%" PRIu32
+ ") certLen=%zu",
+ this, aPromiseId, aCert.Length());
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ RejectPromiseWithStateError(aPromiseId,
+ "Null CDM in SetServerCertificate"_ns);
+ return;
+ }
+
+ mGMPThread->Dispatch(NewRunnableMethod<uint32_t, nsTArray<uint8_t>>(
+ "gmp::ChromiumCDMParent::SetServerCertificate", cdm,
+ &gmp::ChromiumCDMParent::SetServerCertificate, aPromiseId,
+ std::move(aCert)));
+}
+
+void ChromiumCDMProxy::UpdateSession(const nsAString& aSessionId,
+ PromiseId aPromiseId,
+ nsTArray<uint8_t>& aResponse) {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::UpdateSession(this=%p, sid='%s', pid=%" PRIu32
+ ") "
+ "responseLen=%zu",
+ this, NS_ConvertUTF16toUTF8(aSessionId).get(), aPromiseId,
+ aResponse.Length());
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ RejectPromiseWithStateError(aPromiseId, "Null CDM in UpdateSession"_ns);
+ return;
+ }
+ mGMPThread->Dispatch(
+ NewRunnableMethod<nsCString, uint32_t, nsTArray<uint8_t>>(
+ "gmp::ChromiumCDMParent::UpdateSession", cdm,
+ &gmp::ChromiumCDMParent::UpdateSession,
+ NS_ConvertUTF16toUTF8(aSessionId), aPromiseId, std::move(aResponse)));
+}
+
+void ChromiumCDMProxy::CloseSession(const nsAString& aSessionId,
+ PromiseId aPromiseId) {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::CloseSession(this=%p, sid='%s', pid=%" PRIu32 ")",
+ this, NS_ConvertUTF16toUTF8(aSessionId).get(), aPromiseId);
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ RejectPromiseWithStateError(aPromiseId, "Null CDM in CloseSession"_ns);
+ return;
+ }
+ mGMPThread->Dispatch(NewRunnableMethod<nsCString, uint32_t>(
+ "gmp::ChromiumCDMParent::CloseSession", cdm,
+ &gmp::ChromiumCDMParent::CloseSession, NS_ConvertUTF16toUTF8(aSessionId),
+ aPromiseId));
+}
+
+void ChromiumCDMProxy::RemoveSession(const nsAString& aSessionId,
+ PromiseId aPromiseId) {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::RemoveSession(this=%p, sid='%s', pid=%" PRIu32 ")",
+ this, NS_ConvertUTF16toUTF8(aSessionId).get(), aPromiseId);
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ RejectPromiseWithStateError(aPromiseId, "Null CDM in RemoveSession"_ns);
+ return;
+ }
+ mGMPThread->Dispatch(NewRunnableMethod<nsCString, uint32_t>(
+ "gmp::ChromiumCDMParent::RemoveSession", cdm,
+ &gmp::ChromiumCDMParent::RemoveSession, NS_ConvertUTF16toUTF8(aSessionId),
+ aPromiseId));
+}
+
+void ChromiumCDMProxy::QueryOutputProtectionStatus() {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::QueryOutputProtectionStatus(this=%p)", this);
+
+ if (mKeys.IsNull()) {
+ EME_LOG(
+ "ChromiumCDMProxy::QueryOutputProtectionStatus(this=%p), mKeys "
+ "missing!",
+ this);
+ // If we can't get mKeys, we're probably in shutdown. But do our best to
+ // respond to the request and indicate the check failed.
+ NotifyOutputProtectionStatus(OutputProtectionCheckStatus::CheckFailed,
+ OutputProtectionCaptureStatus::Unused);
+ return;
+ }
+ // The keys will call back via `NotifyOutputProtectionStatus` to notify the
+ // result of the check.
+ mKeys->CheckIsElementCapturePossible();
+}
+
+void ChromiumCDMProxy::NotifyOutputProtectionStatus(
+ OutputProtectionCheckStatus aCheckStatus,
+ OutputProtectionCaptureStatus aCaptureStatus) {
+ MOZ_ASSERT(NS_IsMainThread());
+ // If the check failed aCaptureStatus should be unused, otherwise not.
+ MOZ_ASSERT_IF(aCheckStatus == OutputProtectionCheckStatus::CheckFailed,
+ aCaptureStatus == OutputProtectionCaptureStatus::Unused);
+ MOZ_ASSERT_IF(aCheckStatus == OutputProtectionCheckStatus::CheckSuccessful,
+ aCaptureStatus != OutputProtectionCaptureStatus::Unused);
+ EME_LOG(
+ "ChromiumCDMProxy::NotifyOutputProtectionStatus(this=%p) "
+ "aCheckStatus=%" PRIu8 " aCaptureStatus=%" PRIu8,
+ this, static_cast<uint8_t>(aCheckStatus),
+ static_cast<uint8_t>(aCaptureStatus));
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ // If we're in shutdown the CDM may have been cleared while a notification
+ // is in flight. If this happens outside of shutdown we have a bug.
+ MOZ_ASSERT(mIsShutdown);
+ return;
+ }
+
+ uint32_t linkMask{};
+ uint32_t protectionMask{}; // Unused/always zeroed.
+ if (aCheckStatus == OutputProtectionCheckStatus::CheckSuccessful &&
+ aCaptureStatus == OutputProtectionCaptureStatus::CapturePossilbe) {
+ // The result indicates the capture is possible, so set the mask
+ // to indicate this.
+ linkMask |= cdm::OutputLinkTypes::kLinkTypeNetwork;
+ }
+ mGMPThread->Dispatch(NewRunnableMethod<bool, uint32_t, uint32_t>(
+ "gmp::ChromiumCDMParent::NotifyOutputProtectionStatus", cdm,
+ &gmp::ChromiumCDMParent::NotifyOutputProtectionStatus,
+ aCheckStatus == OutputProtectionCheckStatus::CheckSuccessful, linkMask,
+ protectionMask));
+}
+
+void ChromiumCDMProxy::Shutdown() {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::Shutdown(this=%p) mCDM=%p, mIsShutdown=%s", this,
+ mCDM.get(), mIsShutdown ? "true" : "false");
+ if (mIsShutdown) {
+ return;
+ }
+ mIsShutdown = true;
+ mKeys.Clear();
+ ShutdownCDMIfExists();
+}
+
+void ChromiumCDMProxy::RejectPromise(PromiseId aId, ErrorResult&& aException,
+ const nsCString& aReason) {
+ if (!NS_IsMainThread()) {
+ // Use CopyableErrorResult to store our exception in the runnable,
+ // because ErrorResult is not OK to move across threads.
+ mMainThread->Dispatch(
+ NewRunnableMethod<PromiseId, StoreCopyPassByRRef<CopyableErrorResult>,
+ nsCString>(
+ "ChromiumCDMProxy::RejectPromise", this,
+ &ChromiumCDMProxy::RejectPromiseOnMainThread, aId,
+ std::move(aException), aReason),
+ NS_DISPATCH_NORMAL);
+ return;
+ }
+ EME_LOG("ChromiumCDMProxy::RejectPromise(this=%p, pid=%" PRIu32
+ ", code=0x%x, "
+ "reason='%s')",
+ this, aId, aException.ErrorCodeAsInt(), aReason.get());
+ if (!mKeys.IsNull()) {
+ mKeys->RejectPromise(aId, std::move(aException), aReason);
+ } else {
+ // We don't have a MediaKeys object to pass the exception to, so silence
+ // the exception to avoid it asserting due to being unused.
+ aException.SuppressException();
+ }
+}
+
+void ChromiumCDMProxy::RejectPromiseWithStateError(PromiseId aId,
+ const nsCString& aReason) {
+ ErrorResult rv;
+ rv.ThrowInvalidStateError(aReason);
+ RejectPromise(aId, std::move(rv), aReason);
+}
+
+void ChromiumCDMProxy::RejectPromiseOnMainThread(
+ PromiseId aId, CopyableErrorResult&& aException, const nsCString& aReason) {
+ // Moving into or out of a non-copyable ErrorResult will assert that both
+ // ErorResults are from our current thread. Avoid the assertion by moving
+ // into a current-thread CopyableErrorResult first. Note that this is safe,
+ // because CopyableErrorResult never holds state that can't move across
+ // threads.
+ CopyableErrorResult rv(std::move(aException));
+ RejectPromise(aId, std::move(rv), aReason);
+}
+
+void ChromiumCDMProxy::ResolvePromise(PromiseId aId) {
+ if (!NS_IsMainThread()) {
+ mMainThread->Dispatch(
+ NewRunnableMethod<PromiseId>("ChromiumCDMProxy::ResolvePromise", this,
+ &ChromiumCDMProxy::ResolvePromise, aId),
+ NS_DISPATCH_NORMAL);
+ return;
+ }
+
+ EME_LOG("ChromiumCDMProxy::ResolvePromise(this=%p, pid=%" PRIu32 ")", this,
+ aId);
+ if (!mKeys.IsNull()) {
+ mKeys->ResolvePromise(aId);
+ } else {
+ NS_WARNING("ChromiumCDMProxy unable to resolve promise!");
+ }
+}
+
+void ChromiumCDMProxy::OnSetSessionId(uint32_t aCreateSessionToken,
+ const nsAString& aSessionId) {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::OnSetSessionId(this=%p, token=%" PRIu32
+ ", sid='%s')",
+ this, aCreateSessionToken, NS_ConvertUTF16toUTF8(aSessionId).get());
+
+ if (mKeys.IsNull()) {
+ return;
+ }
+ RefPtr<dom::MediaKeySession> session(
+ mKeys->GetPendingSession(aCreateSessionToken));
+ if (session) {
+ session->SetSessionId(aSessionId);
+ }
+}
+
+void ChromiumCDMProxy::OnResolveLoadSessionPromise(uint32_t aPromiseId,
+ bool aSuccess) {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mKeys.IsNull()) {
+ return;
+ }
+ mKeys->OnSessionLoaded(aPromiseId, aSuccess);
+}
+
+void ChromiumCDMProxy::OnResolvePromiseWithKeyStatus(
+ uint32_t aPromiseId, dom::MediaKeyStatus aKeyStatus) {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mKeys.IsNull()) {
+ return;
+ }
+ mKeys->ResolvePromiseWithKeyStatus(aPromiseId, aKeyStatus);
+}
+
+void ChromiumCDMProxy::OnSessionMessage(const nsAString& aSessionId,
+ dom::MediaKeyMessageType aMessageType,
+ const nsTArray<uint8_t>& aMessage) {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mKeys.IsNull()) {
+ return;
+ }
+ RefPtr<dom::MediaKeySession> session(mKeys->GetSession(aSessionId));
+ if (session) {
+ session->DispatchKeyMessage(aMessageType, aMessage);
+ }
+}
+
+void ChromiumCDMProxy::OnKeyStatusesChange(const nsAString& aSessionId) {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mKeys.IsNull()) {
+ return;
+ }
+ RefPtr<dom::MediaKeySession> session(mKeys->GetSession(aSessionId));
+ if (session) {
+ session->DispatchKeyStatusesChange();
+ }
+}
+
+void ChromiumCDMProxy::OnExpirationChange(const nsAString& aSessionId,
+ UnixTime aExpiryTime) {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mKeys.IsNull()) {
+ return;
+ }
+ RefPtr<dom::MediaKeySession> session(mKeys->GetSession(aSessionId));
+ if (session) {
+ // Expiry of 0 is interpreted as "never expire". See bug 1345341.
+ double t = (aExpiryTime == 0) ? std::numeric_limits<double>::quiet_NaN()
+ : static_cast<double>(aExpiryTime);
+ session->SetExpiration(t);
+ }
+}
+
+void ChromiumCDMProxy::OnSessionClosed(const nsAString& aSessionId) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ bool keyStatusesChange = false;
+ {
+ auto caps = Capabilites().Lock();
+ keyStatusesChange = caps->RemoveKeysForSession(nsString(aSessionId));
+ }
+ if (keyStatusesChange) {
+ OnKeyStatusesChange(aSessionId);
+ }
+ if (mKeys.IsNull()) {
+ return;
+ }
+ RefPtr<dom::MediaKeySession> session(mKeys->GetSession(aSessionId));
+ if (session) {
+ session->OnClosed();
+ }
+}
+
+void ChromiumCDMProxy::OnDecrypted(uint32_t aId, DecryptStatus aResult,
+ const nsTArray<uint8_t>& aDecryptedData) {}
+
+void ChromiumCDMProxy::OnSessionError(const nsAString& aSessionId,
+ nsresult aException, uint32_t aSystemCode,
+ const nsAString& aMsg) {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mKeys.IsNull()) {
+ return;
+ }
+ RefPtr<dom::MediaKeySession> session(mKeys->GetSession(aSessionId));
+ if (session) {
+ session->DispatchKeyError(aSystemCode);
+ }
+ LogToConsole(aMsg);
+}
+
+void ChromiumCDMProxy::OnRejectPromise(uint32_t aPromiseId,
+ ErrorResult&& aException,
+ const nsCString& aMsg) {
+ MOZ_ASSERT(NS_IsMainThread());
+ RejectPromise(aPromiseId, std::move(aException), aMsg);
+}
+
+RefPtr<DecryptPromise> ChromiumCDMProxy::Decrypt(MediaRawData* aSample) {
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ return DecryptPromise::CreateAndReject(
+ DecryptResult(eme::AbortedErr, aSample), __func__);
+ }
+ RefPtr<MediaRawData> sample = aSample;
+ return InvokeAsync(mGMPThread, __func__,
+ [cdm, sample]() { return cdm->Decrypt(sample); });
+}
+
+void ChromiumCDMProxy::GetStatusForPolicy(
+ PromiseId aPromiseId, const dom::HDCPVersion& aMinHdcpVersion) {
+ MOZ_ASSERT(NS_IsMainThread());
+ EME_LOG("ChromiumCDMProxy::GetStatusForPolicy(this=%p, pid=%" PRIu32
+ ") minHdcpVersion=%s",
+ this, aPromiseId,
+ dom::HDCPVersionValues::GetString(aMinHdcpVersion).data());
+
+ RefPtr<gmp::ChromiumCDMParent> cdm = GetCDMParent();
+ if (!cdm) {
+ RejectPromiseWithStateError(aPromiseId,
+ "Null CDM in GetStatusForPolicy"_ns);
+ return;
+ }
+
+ mGMPThread->Dispatch(NewRunnableMethod<uint32_t, dom::HDCPVersion>(
+ "gmp::ChromiumCDMParent::GetStatusForPolicy", cdm,
+ &gmp::ChromiumCDMParent::GetStatusForPolicy, aPromiseId,
+ aMinHdcpVersion));
+}
+
+void ChromiumCDMProxy::Terminated() {
+ if (!mKeys.IsNull()) {
+ mKeys->Terminated();
+ }
+}
+
+already_AddRefed<gmp::ChromiumCDMParent> ChromiumCDMProxy::GetCDMParent() {
+ MutexAutoLock lock(mCDMMutex);
+ RefPtr<gmp::ChromiumCDMParent> cdm = mCDM;
+ return cdm.forget();
+}
+
+} // namespace mozilla
+
+#undef NS_DispatchToMainThread
diff --git a/dom/media/gmp/ChromiumCDMProxy.h b/dom/media/gmp/ChromiumCDMProxy.h
new file mode 100644
index 0000000000..190ffebf2e
--- /dev/null
+++ b/dom/media/gmp/ChromiumCDMProxy.h
@@ -0,0 +1,136 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ChromiumCDMProxy_h_
+#define ChromiumCDMProxy_h_
+
+#include "mozilla/AbstractThread.h"
+#include "mozilla/CDMProxy.h"
+#include "ChromiumCDMParent.h"
+
+namespace mozilla {
+
+class ErrorResult;
+class MediaRawData;
+class DecryptJob;
+class ChromiumCDMCallbackProxy;
+class ChromiumCDMProxy : public CDMProxy {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(ChromiumCDMProxy, override)
+
+ ChromiumCDMProxy(dom::MediaKeys* aKeys, const nsAString& aKeySystem,
+ GMPCrashHelper* aCrashHelper,
+ bool aAllowDistinctiveIdentifier,
+ bool aAllowPersistentState);
+
+ void Init(PromiseId aPromiseId, const nsAString& aOrigin,
+ const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName) override;
+
+ void CreateSession(uint32_t aCreateSessionToken,
+ dom::MediaKeySessionType aSessionType,
+ PromiseId aPromiseId, const nsAString& aInitDataType,
+ nsTArray<uint8_t>& aInitData) override;
+
+ void LoadSession(PromiseId aPromiseId, dom::MediaKeySessionType aSessionType,
+ const nsAString& aSessionId) override;
+
+ void SetServerCertificate(PromiseId aPromiseId,
+ nsTArray<uint8_t>& aCert) override;
+
+ void UpdateSession(const nsAString& aSessionId, PromiseId aPromiseId,
+ nsTArray<uint8_t>& aResponse) override;
+
+ void CloseSession(const nsAString& aSessionId, PromiseId aPromiseId) override;
+
+ void RemoveSession(const nsAString& aSessionId,
+ PromiseId aPromiseId) override;
+
+ void QueryOutputProtectionStatus() override;
+
+ void NotifyOutputProtectionStatus(
+ OutputProtectionCheckStatus aCheckStatus,
+ OutputProtectionCaptureStatus aCaptureStatus) override;
+
+ void Shutdown() override;
+
+ void Terminated() override;
+
+ void OnSetSessionId(uint32_t aCreateSessionToken,
+ const nsAString& aSessionId) override;
+
+ void OnResolveLoadSessionPromise(uint32_t aPromiseId, bool aSuccess) override;
+
+ void OnSessionMessage(const nsAString& aSessionId,
+ dom::MediaKeyMessageType aMessageType,
+ const nsTArray<uint8_t>& aMessage) override;
+
+ void OnExpirationChange(const nsAString& aSessionId,
+ UnixTime aExpiryTime) override;
+
+ void OnSessionClosed(const nsAString& aSessionId) override;
+
+ void OnSessionError(const nsAString& aSessionId, nsresult aException,
+ uint32_t aSystemCode, const nsAString& aMsg) override;
+
+ void OnRejectPromise(uint32_t aPromiseId, ErrorResult&& aException,
+ const nsCString& aMsg) override;
+
+ RefPtr<DecryptPromise> Decrypt(MediaRawData* aSample) override;
+
+ void OnDecrypted(uint32_t aId, DecryptStatus aResult,
+ const nsTArray<uint8_t>& aDecryptedData) override;
+
+ void RejectPromise(PromiseId aId, ErrorResult&& aException,
+ const nsCString& aReason) override;
+ // Reject promise with an InvalidStateError and the given message.
+ void RejectPromiseWithStateError(PromiseId aId, const nsCString& aReason);
+ // For use for moving rejections from off-main thread.
+ void RejectPromiseOnMainThread(PromiseId aId,
+ CopyableErrorResult&& aException,
+ const nsCString& aReason);
+
+ void ResolvePromise(PromiseId aId) override;
+
+ void OnKeyStatusesChange(const nsAString& aSessionId) override;
+
+ void GetStatusForPolicy(PromiseId aPromiseId,
+ const dom::HDCPVersion& aMinHdcpVersion) override;
+
+#ifdef DEBUG
+ bool IsOnOwnerThread() override;
+#endif
+
+ ChromiumCDMProxy* AsChromiumCDMProxy() override { return this; }
+
+ // Threadsafe. Note this may return a reference to a shutdown
+ // CDM, which will fail on all operations.
+ already_AddRefed<gmp::ChromiumCDMParent> GetCDMParent();
+
+ void OnResolvePromiseWithKeyStatus(uint32_t aPromiseId,
+ dom::MediaKeyStatus aKeyStatus);
+
+ private:
+ void OnCDMCreated(uint32_t aPromiseId);
+ void ShutdownCDMIfExists();
+
+ ~ChromiumCDMProxy();
+
+ // True if Shutdown() has been called. Should only be read and written on
+ // main thread.
+ bool mIsShutdown = false;
+
+ RefPtr<GMPCrashHelper> mCrashHelper;
+
+ Mutex mCDMMutex MOZ_UNANNOTATED;
+ RefPtr<gmp::ChromiumCDMParent> mCDM;
+ nsCOMPtr<nsISerialEventTarget> mGMPThread;
+ UniquePtr<ChromiumCDMCallbackProxy> mCallback;
+};
+
+} // namespace mozilla
+
+#endif // ChromiumCDMProxy_h_
diff --git a/dom/media/gmp/DecryptJob.cpp b/dom/media/gmp/DecryptJob.cpp
new file mode 100644
index 0000000000..affda3668f
--- /dev/null
+++ b/dom/media/gmp/DecryptJob.cpp
@@ -0,0 +1,46 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "DecryptJob.h"
+#include "mozilla/Atomics.h"
+
+namespace mozilla {
+
+static Atomic<uint32_t> sDecryptJobInstanceCount(0u);
+
+DecryptJob::DecryptJob(MediaRawData* aSample)
+ : mId(++sDecryptJobInstanceCount), mSample(aSample) {}
+
+RefPtr<DecryptPromise> DecryptJob::Ensure() {
+ return mPromise.Ensure(__func__);
+}
+
+void DecryptJob::PostResult(DecryptStatus aResult) {
+ nsTArray<uint8_t> empty;
+ PostResult(aResult, empty);
+}
+
+void DecryptJob::PostResult(DecryptStatus aResult,
+ Span<const uint8_t> aDecryptedData) {
+ if (aDecryptedData.Length() != mSample->Size()) {
+ NS_WARNING("CDM returned incorrect number of decrypted bytes");
+ }
+ if (aResult == eme::Ok) {
+ UniquePtr<MediaRawDataWriter> writer(mSample->CreateWriter());
+ PodCopy(writer->Data(), aDecryptedData.Elements(),
+ std::min<size_t>(aDecryptedData.Length(), mSample->Size()));
+ } else if (aResult == eme::NoKeyErr) {
+ NS_WARNING("CDM returned NoKeyErr");
+ // We still have the encrypted sample, so we can re-enqueue it to be
+ // decrypted again once the key is usable again.
+ } else {
+ nsAutoCString str("CDM returned decode failure DecryptStatus=");
+ str.AppendInt(aResult);
+ NS_WARNING(str.get());
+ }
+ mPromise.Resolve(DecryptResult(aResult, mSample), __func__);
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/DecryptJob.h b/dom/media/gmp/DecryptJob.h
new file mode 100644
index 0000000000..c4f25206e3
--- /dev/null
+++ b/dom/media/gmp/DecryptJob.h
@@ -0,0 +1,36 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DecryptJob_h_
+#define DecryptJob_h_
+
+#include "mozilla/CDMProxy.h"
+#include "mozilla/Span.h"
+
+namespace mozilla {
+
+class DecryptJob {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DecryptJob)
+
+ explicit DecryptJob(MediaRawData* aSample);
+
+ void PostResult(DecryptStatus aResult, Span<const uint8_t> aDecryptedData);
+ void PostResult(DecryptStatus aResult);
+
+ RefPtr<DecryptPromise> Ensure();
+
+ const uint32_t mId;
+ RefPtr<MediaRawData> mSample;
+
+ private:
+ ~DecryptJob() = default;
+ MozPromiseHolder<DecryptPromise> mPromise;
+};
+
+} // namespace mozilla
+
+#endif // DecryptJob_h_
diff --git a/dom/media/gmp/GMPCallbackBase.h b/dom/media/gmp/GMPCallbackBase.h
new file mode 100644
index 0000000000..7284f18e86
--- /dev/null
+++ b/dom/media/gmp/GMPCallbackBase.h
@@ -0,0 +1,24 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPCallbackBase_h_
+#define GMPCallbackBase_h_
+
+#include "nsISupportsImpl.h"
+
+class GMPCallbackBase {
+ public:
+ NS_INLINE_DECL_PURE_VIRTUAL_REFCOUNTING
+
+ virtual ~GMPCallbackBase() = default;
+
+ // The GMP code will call this if the codec crashes or shuts down. It's
+ // expected that the consumer (destination of this callback) will respond
+ // by dropping their reference to the proxy, allowing the proxy/parent to
+ // be destroyed.
+ virtual void Terminated() = 0;
+};
+
+#endif
diff --git a/dom/media/gmp/GMPChild.cpp b/dom/media/gmp/GMPChild.cpp
new file mode 100644
index 0000000000..1eea8b108b
--- /dev/null
+++ b/dom/media/gmp/GMPChild.cpp
@@ -0,0 +1,798 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPChild.h"
+
+#include "base/command_line.h"
+#include "base/task.h"
+#include "ChildProfilerController.h"
+#include "ChromiumCDMAdapter.h"
+#include "GeckoProfiler.h"
+#ifdef XP_LINUX
+# include "dlfcn.h"
+#endif
+#include "gmp-video-decode.h"
+#include "gmp-video-encode.h"
+#include "GMPContentChild.h"
+#include "GMPLoader.h"
+#include "GMPLog.h"
+#include "GMPPlatform.h"
+#include "GMPProcessChild.h"
+#include "GMPProcessParent.h"
+#include "GMPUtils.h"
+#include "GMPVideoDecoderChild.h"
+#include "GMPVideoEncoderChild.h"
+#include "GMPVideoHost.h"
+#include "mozilla/Algorithm.h"
+#include "mozilla/BackgroundHangMonitor.h"
+#include "mozilla/FOGIPC.h"
+#include "mozilla/glean/GleanMetrics.h"
+#include "mozilla/ipc/CrashReporterClient.h"
+#include "mozilla/ipc/Endpoint.h"
+#include "mozilla/ipc/ProcessChild.h"
+#include "mozilla/TextUtils.h"
+#include "nsDebugImpl.h"
+#include "nsExceptionHandler.h"
+#include "nsIFile.h"
+#include "nsReadableUtils.h"
+#include "nsThreadManager.h"
+#include "nsXULAppAPI.h"
+#include "nsIXULRuntime.h"
+#include "nsXPCOM.h"
+#include "prio.h"
+#ifdef XP_WIN
+# include <stdlib.h> // for _exit()
+# include "nsIObserverService.h"
+# include "mozilla/Services.h"
+# include "mozilla/WinDllServices.h"
+# include "WinUtils.h"
+#else
+# include <unistd.h> // for _exit()
+#endif
+
+using namespace mozilla::ipc;
+
+namespace mozilla {
+namespace gmp {
+
+#define GMP_CHILD_LOG(loglevel, x, ...) \
+ MOZ_LOG( \
+ GetGMPLog(), (loglevel), \
+ ("GMPChild[pid=%d] " x, (int)base::GetCurrentProcId(), ##__VA_ARGS__))
+
+#define GMP_CHILD_LOG_DEBUG(x, ...) \
+ GMP_CHILD_LOG(LogLevel::Debug, x, ##__VA_ARGS__)
+
+GMPChild::GMPChild()
+ : mGMPMessageLoop(MessageLoop::current()), mGMPLoader(nullptr) {
+ GMP_CHILD_LOG_DEBUG("GMPChild ctor");
+ nsDebugImpl::SetMultiprocessMode("GMP");
+}
+
+GMPChild::~GMPChild() {
+ GMP_CHILD_LOG_DEBUG("GMPChild dtor");
+#ifdef XP_LINUX
+ for (auto& libHandle : mLibHandles) {
+ dlclose(libHandle);
+ }
+#endif
+}
+
+bool GMPChild::Init(const nsAString& aPluginPath, const char* aParentBuildID,
+ mozilla::ipc::UntypedEndpoint&& aEndpoint) {
+ GMP_CHILD_LOG_DEBUG("%s pluginPath=%s useXpcom=%d, useNativeEvent=%d",
+ __FUNCTION__, NS_ConvertUTF16toUTF8(aPluginPath).get(),
+ GMPProcessChild::UseXPCOM(),
+ GMPProcessChild::UseNativeEventProcessing());
+
+ // GMPChild needs nsThreadManager to create the ProfilerChild thread.
+ // It is also used on debug builds for the sandbox tests.
+ if (NS_WARN_IF(NS_FAILED(nsThreadManager::get().Init()))) {
+ return false;
+ }
+
+ if (NS_WARN_IF(!aEndpoint.Bind(this))) {
+ return false;
+ }
+
+ // This must be checked before any IPDL message, which may hit sentinel
+ // errors due to parent and content processes having different
+ // versions.
+ MessageChannel* channel = GetIPCChannel();
+ if (channel && !channel->SendBuildIDsMatchMessage(aParentBuildID)) {
+ // We need to quit this process if the buildID doesn't match the parent's.
+ // This can occur when an update occurred in the background.
+ ipc::ProcessChild::QuickExit();
+ }
+
+ CrashReporterClient::InitSingleton(this);
+
+ if (GMPProcessChild::UseXPCOM()) {
+ if (NS_WARN_IF(NS_FAILED(NS_InitMinimalXPCOM()))) {
+ return false;
+ }
+ } else {
+ BackgroundHangMonitor::Startup();
+ }
+
+ mPluginPath = aPluginPath;
+
+ nsAutoCString processName("GMPlugin Process");
+
+ nsAutoCString pluginName;
+ if (GetPluginName(pluginName)) {
+ processName.AppendLiteral(" (");
+ processName.Append(pluginName);
+ processName.AppendLiteral(")");
+ }
+
+ profiler_set_process_name(processName);
+
+ return true;
+}
+
+void GMPChild::Shutdown() {
+ if (GMPProcessChild::UseXPCOM()) {
+ NS_ShutdownXPCOM(nullptr);
+ } else {
+ BackgroundHangMonitor::Shutdown();
+ }
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvProvideStorageId(
+ const nsCString& aStorageId) {
+ GMP_CHILD_LOG_DEBUG("%s", __FUNCTION__);
+ mStorageId = aStorageId;
+ return IPC_OK();
+}
+
+GMPErr GMPChild::GetAPI(const char* aAPIName, void* aHostAPI, void** aPluginAPI,
+ const nsACString& aKeySystem) {
+ if (!mGMPLoader) {
+ return GMPGenericErr;
+ }
+ return mGMPLoader->GetAPI(aAPIName, aHostAPI, aPluginAPI, aKeySystem);
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvPreloadLibs(const nsCString& aLibs) {
+ // Pre-load libraries that may need to be used by the EME plugin but that
+ // can't be loaded after the sandbox has started.
+#ifdef XP_WIN
+ // Items in this must be lowercase!
+ constexpr static const char16_t* whitelist[] = {
+ u"dxva2.dll", // Get monitor information
+ u"evr.dll", // MFGetStrideForBitmapInfoHeader
+ u"freebl3.dll", // NSS for clearkey CDM
+ u"mfplat.dll", // MFCreateSample, MFCreateAlignedMemoryBuffer,
+ // MFCreateMediaType
+ u"msmpeg2vdec.dll", // H.264 decoder
+ u"nss3.dll", // NSS for clearkey CDM
+ u"ole32.dll", // required for OPM
+ u"oleaut32.dll", // For _bstr_t use in libwebrtc, see bug 1788592
+ u"psapi.dll", // For GetMappedFileNameW, see bug 1383611
+ u"softokn3.dll", // NSS for clearkey CDM
+ u"winmm.dll", // Dependency for widevine
+ };
+ constexpr static bool (*IsASCII)(const char16_t*) =
+ IsAsciiNullTerminated<char16_t>;
+ static_assert(AllOf(std::begin(whitelist), std::end(whitelist), IsASCII),
+ "Items in the whitelist must not contain non-ASCII "
+ "characters!");
+
+ nsTArray<nsCString> libs;
+ SplitAt(", ", aLibs, libs);
+ for (nsCString lib : libs) {
+ ToLowerCase(lib);
+ for (const char16_t* whiteListedLib : whitelist) {
+ if (nsDependentString(whiteListedLib)
+ .EqualsASCII(lib.Data(), lib.Length())) {
+ LoadLibraryW(char16ptr_t(whiteListedLib));
+ break;
+ }
+ }
+ }
+#elif defined(XP_LINUX)
+ constexpr static const char* whitelist[] = {
+ // NSS libraries used by clearkey.
+ "libfreeblpriv3.so",
+ "libsoftokn3.so",
+ // glibc libraries merged into libc.so.6; see bug 1725828 and
+ // the corresponding code in GMPParent.cpp.
+ "libdl.so.2",
+ "libpthread.so.0",
+ "librt.so.1",
+ };
+
+ nsTArray<nsCString> libs;
+ SplitAt(", ", aLibs, libs);
+ for (const nsCString& lib : libs) {
+ for (const char* whiteListedLib : whitelist) {
+ if (lib.EqualsASCII(whiteListedLib)) {
+ auto libHandle = dlopen(whiteListedLib, RTLD_NOW | RTLD_GLOBAL);
+ if (libHandle) {
+ mLibHandles.AppendElement(libHandle);
+ } else {
+ // TODO(bug 1698718): remove the logging once we've identified
+ // the cause of the load failure.
+ const char* error = dlerror();
+ if (error) {
+ // We should always have an error, but gracefully handle just in
+ // case.
+ nsAutoCString nsError{error};
+ CrashReporter::AppendAppNotesToCrashReport(nsError);
+ }
+ // End bug 1698718 logging.
+
+ MOZ_CRASH("Couldn't load lib needed by media plugin");
+ }
+ }
+ }
+ }
+#endif
+ return IPC_OK();
+}
+
+bool GMPChild::GetUTF8LibPath(nsACString& aOutLibPath) {
+ nsCOMPtr<nsIFile> libFile;
+
+#define GMP_PATH_CRASH(explain) \
+ do { \
+ nsAutoString path; \
+ if (!libFile || NS_FAILED(libFile->GetPath(path))) { \
+ path = mPluginPath; \
+ } \
+ CrashReporter::AnnotateCrashReport( \
+ CrashReporter::Annotation::GMPLibraryPath, \
+ NS_ConvertUTF16toUTF8(path)); \
+ MOZ_CRASH(explain); \
+ } while (false)
+
+ nsresult rv = NS_NewLocalFile(mPluginPath, true, getter_AddRefs(libFile));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_PATH_CRASH("Failed to create file for plugin path");
+ return false;
+ }
+
+ nsCOMPtr<nsIFile> parent;
+ rv = libFile->GetParent(getter_AddRefs(parent));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_PATH_CRASH("Failed to get parent file for plugin file");
+ return false;
+ }
+
+ nsAutoString parentLeafName;
+ rv = parent->GetLeafName(parentLeafName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_PATH_CRASH("Failed to get leaf for plugin file");
+ return false;
+ }
+
+ nsAutoString baseName;
+ baseName = Substring(parentLeafName, 4, parentLeafName.Length() - 1);
+
+#if defined(XP_MACOSX)
+ nsAutoString binaryName = u"lib"_ns + baseName + u".dylib"_ns;
+#elif defined(XP_UNIX)
+ nsAutoString binaryName = u"lib"_ns + baseName + u".so"_ns;
+#elif defined(XP_WIN)
+ nsAutoString binaryName = baseName + u".dll"_ns;
+#else
+# error not defined
+#endif
+ rv = libFile->AppendRelativePath(binaryName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_PATH_CRASH("Failed to append lib to plugin file");
+ return false;
+ }
+
+ if (NS_WARN_IF(!FileExists(libFile))) {
+ GMP_PATH_CRASH("Plugin file does not exist");
+ return false;
+ }
+
+ nsAutoString path;
+ rv = libFile->GetPath(path);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_PATH_CRASH("Failed to get path for plugin file");
+ return false;
+ }
+
+ CopyUTF16toUTF8(path, aOutLibPath);
+ return true;
+}
+
+bool GMPChild::GetPluginName(nsACString& aPluginName) const {
+ // Extract the plugin directory name if possible.
+ nsCOMPtr<nsIFile> libFile;
+ nsresult rv = NS_NewLocalFile(mPluginPath, true, getter_AddRefs(libFile));
+ NS_ENSURE_SUCCESS(rv, false);
+
+ nsCOMPtr<nsIFile> parent;
+ rv = libFile->GetParent(getter_AddRefs(parent));
+ NS_ENSURE_SUCCESS(rv, false);
+
+ nsAutoString parentLeafName;
+ rv = parent->GetLeafName(parentLeafName);
+ NS_ENSURE_SUCCESS(rv, false);
+
+ aPluginName.Assign(NS_ConvertUTF16toUTF8(parentLeafName));
+ return true;
+}
+
+static nsCOMPtr<nsIFile> AppendFile(nsCOMPtr<nsIFile>&& aFile,
+ const nsString& aStr) {
+ return (aFile && NS_SUCCEEDED(aFile->Append(aStr))) ? aFile : nullptr;
+}
+
+static nsCOMPtr<nsIFile> CloneFile(const nsCOMPtr<nsIFile>& aFile) {
+ nsCOMPtr<nsIFile> clone;
+ return (aFile && NS_SUCCEEDED(aFile->Clone(getter_AddRefs(clone)))) ? clone
+ : nullptr;
+}
+
+static nsCOMPtr<nsIFile> GetParentFile(const nsCOMPtr<nsIFile>& aFile) {
+ nsCOMPtr<nsIFile> parent;
+ return (aFile && NS_SUCCEEDED(aFile->GetParent(getter_AddRefs(parent))))
+ ? parent
+ : nullptr;
+}
+
+#if defined(XP_WIN)
+static bool IsFileLeafEqualToASCII(const nsCOMPtr<nsIFile>& aFile,
+ const char* aStr) {
+ nsAutoString leafName;
+ return aFile && NS_SUCCEEDED(aFile->GetLeafName(leafName)) &&
+ leafName.EqualsASCII(aStr);
+}
+#endif
+
+#if defined(XP_WIN)
+# define FIREFOX_FILE u"firefox.exe"_ns
+# define XUL_LIB_FILE u"xul.dll"_ns
+#elif defined(XP_MACOSX)
+# define FIREFOX_FILE u"firefox"_ns
+# define XUL_LIB_FILE u"XUL"_ns
+#else
+# define FIREFOX_FILE u"firefox"_ns
+# define XUL_LIB_FILE u"libxul.so"_ns
+#endif
+
+static nsCOMPtr<nsIFile> GetFirefoxAppPath(
+ nsCOMPtr<nsIFile> aPluginContainerPath) {
+ MOZ_ASSERT(aPluginContainerPath);
+#if defined(XP_MACOSX)
+ // On MacOS the firefox binary is a few parent directories up from
+ // plugin-container.
+ // aPluginContainerPath will end with something like:
+ // xxxx/NightlyDebug.app/Contents/MacOS/plugin-container.app/Contents/MacOS/plugin-container
+ nsCOMPtr<nsIFile> path = aPluginContainerPath;
+ for (int i = 0; i < 4; i++) {
+ path = GetParentFile(path);
+ }
+ return path;
+#else
+ nsCOMPtr<nsIFile> parent = GetParentFile(aPluginContainerPath);
+# if XP_WIN
+ if (IsFileLeafEqualToASCII(parent, "i686")) {
+ // We must be on Windows on ARM64, where the plugin-container path will
+ // be in the 'i686' subdir. The firefox.exe is in the parent directory.
+ parent = GetParentFile(parent);
+ }
+# endif
+ return parent;
+#endif
+}
+
+#if defined(XP_MACOSX)
+static bool GetSigPath(const int aRelativeLayers,
+ const nsString& aTargetSigFileName,
+ nsCOMPtr<nsIFile> aExecutablePath,
+ nsCOMPtr<nsIFile>& aOutSigPath) {
+ // The sig file will be located in
+ // xxxx/NightlyDebug.app/Contents/Resources/XUL.sig
+ // xxxx/NightlyDebug.app/Contents/Resources/firefox.sig
+ // xxxx/NightlyDebug.app/Contents/MacOS/plugin-container.app/Contents/Resources/plugin-container.sig
+ // On MacOS the sig file is a few parent directories up from
+ // its executable file.
+ // Start to search the path from the path of the executable file we provided.
+ MOZ_ASSERT(aExecutablePath);
+ nsCOMPtr<nsIFile> path = aExecutablePath;
+ for (int i = 0; i < aRelativeLayers; i++) {
+ nsCOMPtr<nsIFile> parent;
+ if (NS_WARN_IF(NS_FAILED(path->GetParent(getter_AddRefs(parent))))) {
+ return false;
+ }
+ path = parent;
+ }
+ MOZ_ASSERT(path);
+ aOutSigPath = path;
+ return NS_SUCCEEDED(path->Append(u"Resources"_ns)) &&
+ NS_SUCCEEDED(path->Append(aTargetSigFileName));
+}
+#endif
+
+static bool AppendHostPath(nsCOMPtr<nsIFile>& aFile,
+ nsTArray<std::pair<nsCString, nsCString>>& aPaths) {
+ nsString str;
+ if (!FileExists(aFile) || NS_FAILED(aFile->GetPath(str))) {
+ return false;
+ }
+
+ nsCString filePath = NS_ConvertUTF16toUTF8(str);
+ nsCString sigFilePath;
+#if defined(XP_MACOSX)
+ nsAutoString binary;
+ if (NS_FAILED(aFile->GetLeafName(binary))) {
+ return false;
+ }
+ binary.Append(u".sig"_ns);
+ nsCOMPtr<nsIFile> sigFile;
+ if (GetSigPath(2, binary, aFile, sigFile) &&
+ NS_SUCCEEDED(sigFile->GetPath(str))) {
+ CopyUTF16toUTF8(str, sigFilePath);
+ } else {
+ // Cannot successfully get the sig file path.
+ // Assume it is located at the same place as plugin-container
+ // alternatively.
+ sigFilePath = nsCString(NS_ConvertUTF16toUTF8(str) + ".sig"_ns);
+ }
+#else
+ sigFilePath = nsCString(NS_ConvertUTF16toUTF8(str) + ".sig"_ns);
+#endif
+ aPaths.AppendElement(
+ std::make_pair(std::move(filePath), std::move(sigFilePath)));
+ return true;
+}
+
+nsTArray<std::pair<nsCString, nsCString>>
+GMPChild::MakeCDMHostVerificationPaths(const nsACString& aPluginLibPath) {
+ // Record the file path and its sig file path.
+ nsTArray<std::pair<nsCString, nsCString>> paths;
+ // Plugin binary path.
+ paths.AppendElement(
+ std::make_pair(nsCString(aPluginLibPath), aPluginLibPath + ".sig"_ns));
+
+ // Plugin-container binary path.
+ // Note: clang won't let us initialize an nsString from a wstring, so we
+ // need to go through UTF8 to get to an nsString.
+ const std::string pluginContainer =
+ WideToUTF8(CommandLine::ForCurrentProcess()->program());
+ nsString str;
+
+ CopyUTF8toUTF16(nsDependentCString(pluginContainer.c_str()), str);
+ nsCOMPtr<nsIFile> path;
+ if (NS_FAILED(NS_NewLocalFile(str, true, /* aFollowLinks */
+ getter_AddRefs(path))) ||
+ !AppendHostPath(path, paths)) {
+ // Without successfully determining plugin-container's path, we can't
+ // determine libxul's or Firefox's. So give up.
+ return paths;
+ }
+
+#if defined(XP_WIN)
+ // On Windows on ARM64, we should also append the x86 plugin-container's
+ // xul.dll.
+ const bool isWindowsOnARM64 =
+ IsFileLeafEqualToASCII(GetParentFile(path), "i686");
+ if (isWindowsOnARM64) {
+ nsCOMPtr<nsIFile> x86XulPath =
+ AppendFile(GetParentFile(path), XUL_LIB_FILE);
+ if (!AppendHostPath(x86XulPath, paths)) {
+ return paths;
+ }
+ }
+#endif
+
+ // Firefox application binary path.
+ nsCOMPtr<nsIFile> appDir = GetFirefoxAppPath(path);
+ path = AppendFile(CloneFile(appDir), FIREFOX_FILE);
+ if (!AppendHostPath(path, paths)) {
+ return paths;
+ }
+
+ // Libxul path. Note: re-using 'appDir' var here, as we assume libxul is in
+ // the same directory as Firefox executable.
+ appDir->GetPath(str);
+ path = AppendFile(CloneFile(appDir), XUL_LIB_FILE);
+ if (!AppendHostPath(path, paths)) {
+ return paths;
+ }
+
+ return paths;
+}
+
+static auto ToCString(const nsTArray<std::pair<nsCString, nsCString>>& aPairs) {
+ return StringJoin(","_ns, aPairs, [](nsACString& dest, const auto& p) {
+ dest.AppendPrintf("(%s,%s)", p.first.get(), p.second.get());
+ });
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvStartPlugin(const nsString& aAdapter) {
+ GMP_CHILD_LOG_DEBUG("%s", __FUNCTION__);
+
+ nsAutoCString libPath;
+ if (!GetUTF8LibPath(libPath)) {
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::GMPLibraryPath,
+ NS_ConvertUTF16toUTF8(mPluginPath));
+
+#ifdef XP_WIN
+ GMP_CHILD_LOG(LogLevel::Error, "Failed to get lib path with error(%lu).",
+ GetLastError());
+#endif
+ return IPC_FAIL(this, "Failed to get lib path.");
+ }
+
+ auto platformAPI = new GMPPlatformAPI();
+ InitPlatformAPI(*platformAPI, this);
+
+ mGMPLoader = MakeUnique<GMPLoader>();
+#if defined(MOZ_SANDBOX) && !defined(XP_MACOSX)
+ if (!mGMPLoader->CanSandbox()) {
+ GMP_CHILD_LOG_DEBUG("%s Can't sandbox GMP, failing", __FUNCTION__);
+ delete platformAPI;
+ return IPC_FAIL(this, "Can't sandbox GMP.");
+ }
+#endif
+
+ GMPAdapter* adapter = nullptr;
+ if (aAdapter.EqualsLiteral("chromium")) {
+ auto&& paths = MakeCDMHostVerificationPaths(libPath);
+ GMP_CHILD_LOG_DEBUG("%s CDM host paths=%s", __func__,
+ ToCString(paths).get());
+ adapter = new ChromiumCDMAdapter(std::move(paths));
+ }
+
+ if (!mGMPLoader->Load(libPath.get(), libPath.Length(), platformAPI,
+ adapter)) {
+#ifdef XP_WIN
+
+ NS_WARNING(
+ nsPrintfCString("Failed to load GMP with error(%lu).", GetLastError())
+ .get());
+#else
+ NS_WARNING("Failed to load GMP");
+#endif
+ delete platformAPI;
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::GMPLibraryPath,
+ NS_ConvertUTF16toUTF8(mPluginPath));
+
+ return IPC_FAIL(this, "Failed to load GMP.");
+ }
+
+ return IPC_OK();
+}
+
+MessageLoop* GMPChild::GMPMessageLoop() { return mGMPMessageLoop; }
+
+void GMPChild::ActorDestroy(ActorDestroyReason aWhy) {
+ GMP_CHILD_LOG_DEBUG("%s reason=%d", __FUNCTION__, aWhy);
+
+ for (uint32_t i = mGMPContentChildren.Length(); i > 0; i--) {
+ MOZ_ASSERT_IF(aWhy == NormalShutdown,
+ !mGMPContentChildren[i - 1]->IsUsed());
+ mGMPContentChildren[i - 1]->Close();
+ }
+
+ if (mGMPLoader) {
+ mGMPLoader->Shutdown();
+ }
+ if (AbnormalShutdown == aWhy) {
+ NS_WARNING("Abnormal shutdown of GMP process!");
+ ProcessChild::QuickExit();
+ }
+
+ // Send the last bits of Glean data over to the main process.
+ glean::FlushFOGData(
+ [](ByteBuf&& aBuf) { glean::SendFOGData(std::move(aBuf)); });
+
+ if (mProfilerController) {
+ mProfilerController->Shutdown();
+ mProfilerController = nullptr;
+ }
+
+ CrashReporterClient::DestroySingleton();
+
+ XRE_ShutdownChildProcess();
+}
+
+void GMPChild::ProcessingError(Result aCode, const char* aReason) {
+ switch (aCode) {
+ case MsgDropped:
+ _exit(0); // Don't trigger a crash report.
+ case MsgNotKnown:
+ MOZ_CRASH("aborting because of MsgNotKnown");
+ case MsgNotAllowed:
+ MOZ_CRASH("aborting because of MsgNotAllowed");
+ case MsgPayloadError:
+ MOZ_CRASH("aborting because of MsgPayloadError");
+ case MsgProcessingError:
+ MOZ_CRASH("aborting because of MsgProcessingError");
+ case MsgRouteError:
+ MOZ_CRASH("aborting because of MsgRouteError");
+ case MsgValueError:
+ MOZ_CRASH("aborting because of MsgValueError");
+ default:
+ MOZ_CRASH("not reached");
+ }
+}
+
+PGMPTimerChild* GMPChild::AllocPGMPTimerChild() {
+ return new GMPTimerChild(this);
+}
+
+bool GMPChild::DeallocPGMPTimerChild(PGMPTimerChild* aActor) {
+ MOZ_ASSERT(mTimerChild == static_cast<GMPTimerChild*>(aActor));
+ mTimerChild = nullptr;
+ return true;
+}
+
+GMPTimerChild* GMPChild::GetGMPTimers() {
+ if (!mTimerChild) {
+ PGMPTimerChild* sc = SendPGMPTimerConstructor();
+ if (!sc) {
+ return nullptr;
+ }
+ mTimerChild = static_cast<GMPTimerChild*>(sc);
+ }
+ return mTimerChild;
+}
+
+PGMPStorageChild* GMPChild::AllocPGMPStorageChild() {
+ return new GMPStorageChild(this);
+}
+
+bool GMPChild::DeallocPGMPStorageChild(PGMPStorageChild* aActor) {
+ mStorage = nullptr;
+ return true;
+}
+
+GMPStorageChild* GMPChild::GetGMPStorage() {
+ if (!mStorage) {
+ PGMPStorageChild* sc = SendPGMPStorageConstructor();
+ if (!sc) {
+ return nullptr;
+ }
+ mStorage = static_cast<GMPStorageChild*>(sc);
+ }
+ return mStorage;
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvCrashPluginNow() {
+ MOZ_CRASH();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvCloseActive() {
+ for (uint32_t i = mGMPContentChildren.Length(); i > 0; i--) {
+ mGMPContentChildren[i - 1]->CloseActive();
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvInitGMPContentChild(
+ Endpoint<PGMPContentChild>&& aEndpoint) {
+ GMPContentChild* child =
+ mGMPContentChildren.AppendElement(new GMPContentChild(this))->get();
+ aEndpoint.Bind(child);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvFlushFOGData(
+ FlushFOGDataResolver&& aResolver) {
+ GMP_CHILD_LOG_DEBUG("GMPChild RecvFlushFOGData");
+ glean::FlushFOGData(std::move(aResolver));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvTestTriggerMetrics(
+ TestTriggerMetricsResolver&& aResolve) {
+ GMP_CHILD_LOG_DEBUG("GMPChild RecvTestTriggerMetrics");
+ mozilla::glean::test_only_ipc::a_counter.Add(
+ nsIXULRuntime::PROCESS_TYPE_GMPLUGIN);
+ aResolve(true);
+ return IPC_OK();
+}
+
+void GMPChild::GMPContentChildActorDestroy(GMPContentChild* aGMPContentChild) {
+ for (uint32_t i = mGMPContentChildren.Length(); i > 0; i--) {
+ RefPtr<GMPContentChild>& destroyedActor = mGMPContentChildren[i - 1];
+ if (destroyedActor.get() == aGMPContentChild) {
+ SendPGMPContentChildDestroyed();
+ mGMPContentChildren.RemoveElementAt(i - 1);
+ break;
+ }
+ }
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvInitProfiler(
+ Endpoint<PProfilerChild>&& aEndpoint) {
+ mProfilerController =
+ mozilla::ChildProfilerController::Create(std::move(aEndpoint));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvPreferenceUpdate(const Pref& aPref) {
+ Preferences::SetPreference(aPref);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvShutdown(ShutdownResolver&& aResolver) {
+ if (!mProfilerController) {
+ aResolver(""_ns);
+ return IPC_OK();
+ }
+
+ const bool isProfiling = profiler_is_active();
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::ProfilerChildShutdownPhase,
+ isProfiling ? "Profiling - GrabShutdownProfileAndShutdown"_ns
+ : "Not profiling - GrabShutdownProfileAndShutdown"_ns);
+ ProfileAndAdditionalInformation shutdownProfileAndAdditionalInformation =
+ mProfilerController->GrabShutdownProfileAndShutdown();
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::ProfilerChildShutdownPhase,
+ isProfiling ? "Profiling - Destroying ChildProfilerController"_ns
+ : "Not profiling - Destroying ChildProfilerController"_ns);
+ mProfilerController = nullptr;
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::ProfilerChildShutdownPhase,
+ isProfiling ? "Profiling - SendShutdownProfile (resovling)"_ns
+ : "Not profiling - SendShutdownProfile (resolving)"_ns);
+ if (const size_t len = shutdownProfileAndAdditionalInformation.SizeOf();
+ len >= size_t(IPC::Channel::kMaximumMessageSize)) {
+ shutdownProfileAndAdditionalInformation.mProfile =
+ nsPrintfCString("*Profile from pid %u bigger (%zu) than IPC max (%zu)",
+ unsigned(profiler_current_process_id().ToNumber()), len,
+ size_t(IPC::Channel::kMaximumMessageSize));
+ }
+ // Send the shutdown profile to the parent process through our own
+ // message channel, which we know will survive for long enough.
+ aResolver(shutdownProfileAndAdditionalInformation.mProfile);
+ CrashReporter::AnnotateCrashReport(
+ CrashReporter::Annotation::ProfilerChildShutdownPhase,
+ isProfiling ? "Profiling - SendShutdownProfile (resolved)"_ns
+ : "Not profiling - SendShutdownProfile (resolved)"_ns);
+ return IPC_OK();
+}
+
+#if defined(XP_WIN)
+mozilla::ipc::IPCResult GMPChild::RecvInitDllServices(
+ const bool& aCanRecordReleaseTelemetry,
+ const bool& aIsReadyForBackgroundProcessing) {
+ if (aCanRecordReleaseTelemetry) {
+ RefPtr<DllServices> dllSvc(DllServices::Get());
+ dllSvc->StartUntrustedModulesProcessor(aIsReadyForBackgroundProcessing);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvGetUntrustedModulesData(
+ GetUntrustedModulesDataResolver&& aResolver) {
+ RefPtr<DllServices> dllSvc(DllServices::Get());
+ dllSvc->GetUntrustedModulesData()->Then(
+ GetMainThreadSerialEventTarget(), __func__,
+ [aResolver](Maybe<UntrustedModulesData>&& aData) {
+ aResolver(std::move(aData));
+ },
+ [aResolver](nsresult aReason) { aResolver(Nothing()); });
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPChild::RecvUnblockUntrustedModulesThread() {
+ if (nsCOMPtr<nsIObserverService> obs =
+ mozilla::services::GetObserverService()) {
+ obs->NotifyObservers(nullptr, "unblock-untrusted-modules-thread", nullptr);
+ }
+ return IPC_OK();
+}
+#endif // defined(XP_WIN)
+
+} // namespace gmp
+} // namespace mozilla
+
+#undef GMP_CHILD_LOG_DEBUG
+#undef __CLASS__
diff --git a/dom/media/gmp/GMPChild.h b/dom/media/gmp/GMPChild.h
new file mode 100644
index 0000000000..2973827691
--- /dev/null
+++ b/dom/media/gmp/GMPChild.h
@@ -0,0 +1,123 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPChild_h_
+#define GMPChild_h_
+
+#include "mozilla/gmp/PGMPChild.h"
+#include "GMPTimerChild.h"
+#include "GMPStorageChild.h"
+#include "GMPLoader.h"
+#include "gmp-entrypoints.h"
+#include "prlink.h"
+
+namespace mozilla {
+
+class ChildProfilerController;
+
+namespace gmp {
+
+class GMPContentChild;
+
+class GMPChild : public PGMPChild {
+ friend class PGMPChild;
+
+ public:
+ NS_INLINE_DECL_REFCOUNTING(GMPChild, override)
+
+ GMPChild();
+
+ bool Init(const nsAString& aPluginPath, const char* aParentBuildID,
+ mozilla::ipc::UntypedEndpoint&& aEndpoint);
+ void Shutdown();
+ MessageLoop* GMPMessageLoop();
+
+ // Main thread only.
+ GMPTimerChild* GetGMPTimers();
+ GMPStorageChild* GetGMPStorage();
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ bool SetMacSandboxInfo(bool aAllowWindowServer);
+#endif
+
+ private:
+ friend class GMPContentChild;
+
+ virtual ~GMPChild();
+
+ bool GetUTF8LibPath(nsACString& aOutLibPath);
+
+ bool GetPluginName(nsACString& aPluginName) const;
+
+ mozilla::ipc::IPCResult RecvProvideStorageId(const nsCString& aStorageId);
+
+ mozilla::ipc::IPCResult RecvStartPlugin(const nsString& aAdapter);
+ mozilla::ipc::IPCResult RecvPreloadLibs(const nsCString& aLibs);
+
+ PGMPTimerChild* AllocPGMPTimerChild();
+ bool DeallocPGMPTimerChild(PGMPTimerChild* aActor);
+
+ PGMPStorageChild* AllocPGMPStorageChild();
+ bool DeallocPGMPStorageChild(PGMPStorageChild* aActor);
+
+ void GMPContentChildActorDestroy(GMPContentChild* aGMPContentChild);
+
+ mozilla::ipc::IPCResult RecvCrashPluginNow();
+ mozilla::ipc::IPCResult RecvCloseActive();
+
+ mozilla::ipc::IPCResult RecvInitGMPContentChild(
+ Endpoint<PGMPContentChild>&& aEndpoint);
+
+ mozilla::ipc::IPCResult RecvFlushFOGData(FlushFOGDataResolver&& aResolver);
+
+ mozilla::ipc::IPCResult RecvTestTriggerMetrics(
+ TestTriggerMetricsResolver&& aResolve);
+
+ mozilla::ipc::IPCResult RecvInitProfiler(
+ Endpoint<mozilla::PProfilerChild>&& aEndpoint);
+
+ mozilla::ipc::IPCResult RecvPreferenceUpdate(const Pref& aPref);
+
+ mozilla::ipc::IPCResult RecvShutdown(ShutdownResolver&& aResolver);
+
+#if defined(XP_WIN)
+ mozilla::ipc::IPCResult RecvInitDllServices(
+ const bool& aCanRecordReleaseTelemetry,
+ const bool& aIsReadyForBackgroundProcessing);
+
+ mozilla::ipc::IPCResult RecvGetUntrustedModulesData(
+ GetUntrustedModulesDataResolver&& aResolver);
+ mozilla::ipc::IPCResult RecvUnblockUntrustedModulesThread();
+#endif // defined(XP_WIN)
+
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+ void ProcessingError(Result aCode, const char* aReason) override;
+
+ GMPErr GetAPI(const char* aAPIName, void* aHostAPI, void** aPluginAPI,
+ const nsACString& aKeySystem = ""_ns);
+
+ nsTArray<std::pair<nsCString, nsCString>> MakeCDMHostVerificationPaths(
+ const nsACString& aPluginLibPath);
+
+ nsTArray<RefPtr<GMPContentChild>> mGMPContentChildren;
+
+ RefPtr<GMPTimerChild> mTimerChild;
+ RefPtr<GMPStorageChild> mStorage;
+
+ RefPtr<ChildProfilerController> mProfilerController;
+
+ MessageLoop* mGMPMessageLoop;
+ nsString mPluginPath;
+ nsCString mStorageId;
+ UniquePtr<GMPLoader> mGMPLoader;
+#ifdef XP_LINUX
+ nsTArray<void*> mLibHandles;
+#endif
+};
+
+} // namespace gmp
+} // namespace mozilla
+
+#endif // GMPChild_h_
diff --git a/dom/media/gmp/GMPContentChild.cpp b/dom/media/gmp/GMPContentChild.cpp
new file mode 100644
index 0000000000..85fc6e7a70
--- /dev/null
+++ b/dom/media/gmp/GMPContentChild.cpp
@@ -0,0 +1,131 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPContentChild.h"
+#include "GMPChild.h"
+#include "GMPVideoDecoderChild.h"
+#include "GMPVideoEncoderChild.h"
+#include "ChromiumCDMChild.h"
+#include "base/task.h"
+#include "GMPUtils.h"
+
+namespace mozilla::gmp {
+
+MessageLoop* GMPContentChild::GMPMessageLoop() {
+ return mGMPChild->GMPMessageLoop();
+}
+
+void GMPContentChild::CheckThread() {
+ MOZ_ASSERT(mGMPChild->mGMPMessageLoop == MessageLoop::current());
+}
+
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+mozilla::ipc::IPCResult GMPContentChild::RecvInitSandboxTesting(
+ Endpoint<PSandboxTestingChild>&& aEndpoint) {
+ if (!SandboxTestingChild::Initialize(std::move(aEndpoint))) {
+ return IPC_FAIL(
+ this, "InitSandboxTesting failed to initialise the child process.");
+ }
+ return IPC_OK();
+}
+#endif
+
+void GMPContentChild::ActorDestroy(ActorDestroyReason aWhy) {
+ mGMPChild->GMPContentChildActorDestroy(this);
+}
+
+void GMPContentChild::ProcessingError(Result aCode, const char* aReason) {
+ mGMPChild->ProcessingError(aCode, aReason);
+}
+
+already_AddRefed<PGMPVideoDecoderChild>
+GMPContentChild::AllocPGMPVideoDecoderChild() {
+ return MakeAndAddRef<GMPVideoDecoderChild>(this);
+}
+
+already_AddRefed<PGMPVideoEncoderChild>
+GMPContentChild::AllocPGMPVideoEncoderChild() {
+ return MakeAndAddRef<GMPVideoEncoderChild>(this);
+}
+
+already_AddRefed<PChromiumCDMChild> GMPContentChild::AllocPChromiumCDMChild(
+ const nsACString& aKeySystem) {
+ return MakeAndAddRef<ChromiumCDMChild>(this);
+}
+
+mozilla::ipc::IPCResult GMPContentChild::RecvPGMPVideoDecoderConstructor(
+ PGMPVideoDecoderChild* aActor) {
+ auto vdc = static_cast<GMPVideoDecoderChild*>(aActor);
+
+ void* vd = nullptr;
+ GMPErr err = mGMPChild->GetAPI(GMP_API_VIDEO_DECODER, &vdc->Host(), &vd);
+ if (err != GMPNoErr || !vd) {
+ return IPC_FAIL(this, "GMPGetAPI call failed trying to construct decoder.");
+ }
+
+ vdc->Init(static_cast<GMPVideoDecoder*>(vd));
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPContentChild::RecvPGMPVideoEncoderConstructor(
+ PGMPVideoEncoderChild* aActor) {
+ auto vec = static_cast<GMPVideoEncoderChild*>(aActor);
+
+ void* ve = nullptr;
+ GMPErr err = mGMPChild->GetAPI(GMP_API_VIDEO_ENCODER, &vec->Host(), &ve);
+ if (err != GMPNoErr || !ve) {
+ return IPC_FAIL(this, "GMPGetAPI call failed trying to construct encoder.");
+ }
+
+ vec->Init(static_cast<GMPVideoEncoder*>(ve));
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPContentChild::RecvPChromiumCDMConstructor(
+ PChromiumCDMChild* aActor, const nsACString& aKeySystem) {
+ ChromiumCDMChild* child = static_cast<ChromiumCDMChild*>(aActor);
+ cdm::Host_10* host10 = child;
+
+ void* cdm = nullptr;
+ GMPErr err = mGMPChild->GetAPI(CHROMIUM_CDM_API, host10, &cdm, aKeySystem);
+ if (err != GMPNoErr || !cdm) {
+ return IPC_FAIL(this, "GMPGetAPI call failed trying to get CDM.");
+ }
+
+ child->Init(static_cast<cdm::ContentDecryptionModule_10*>(cdm),
+ mGMPChild->mStorageId);
+
+ return IPC_OK();
+}
+
+void GMPContentChild::CloseActive() {
+ // Invalidate and remove any remaining API objects.
+ const ManagedContainer<PGMPVideoDecoderChild>& videoDecoders =
+ ManagedPGMPVideoDecoderChild();
+ for (const auto& key : videoDecoders) {
+ key->SendShutdown();
+ }
+
+ const ManagedContainer<PGMPVideoEncoderChild>& videoEncoders =
+ ManagedPGMPVideoEncoderChild();
+ for (const auto& key : videoEncoders) {
+ key->SendShutdown();
+ }
+
+ const ManagedContainer<PChromiumCDMChild>& cdms = ManagedPChromiumCDMChild();
+ for (const auto& key : cdms) {
+ key->SendShutdown();
+ }
+}
+
+bool GMPContentChild::IsUsed() {
+ return !ManagedPGMPVideoDecoderChild().IsEmpty() ||
+ !ManagedPGMPVideoEncoderChild().IsEmpty() ||
+ !ManagedPChromiumCDMChild().IsEmpty();
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPContentChild.h b/dom/media/gmp/GMPContentChild.h
new file mode 100644
index 0000000000..9db5d82f11
--- /dev/null
+++ b/dom/media/gmp/GMPContentChild.h
@@ -0,0 +1,70 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPContentChild_h_
+#define GMPContentChild_h_
+
+#include "mozilla/gmp/PGMPContentChild.h"
+#include "GMPSharedMemManager.h"
+
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+# include "mozilla/SandboxTestingChild.h"
+#endif
+
+namespace mozilla::gmp {
+
+class GMPChild;
+
+/**
+ * This class allows the GMP process to receive requests to create GMP
+ * decoder/encoder objects on behalf of the parent/content processes.
+ */
+class GMPContentChild : public PGMPContentChild, public GMPSharedMem {
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPContentChild.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPContentChild, final)
+
+ explicit GMPContentChild(GMPChild* aChild) : mGMPChild(aChild) {}
+
+ MessageLoop* GMPMessageLoop();
+
+ mozilla::ipc::IPCResult RecvPGMPVideoDecoderConstructor(
+ PGMPVideoDecoderChild* aActor) override;
+ mozilla::ipc::IPCResult RecvPGMPVideoEncoderConstructor(
+ PGMPVideoEncoderChild* aActor) override;
+ mozilla::ipc::IPCResult RecvPChromiumCDMConstructor(
+ PChromiumCDMChild* aActor, const nsACString& aKeySystem) override;
+
+ already_AddRefed<PGMPVideoDecoderChild> AllocPGMPVideoDecoderChild();
+
+ already_AddRefed<PGMPVideoEncoderChild> AllocPGMPVideoEncoderChild();
+
+ already_AddRefed<PChromiumCDMChild> AllocPChromiumCDMChild(
+ const nsACString& aKeySystem);
+
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+ mozilla::ipc::IPCResult RecvInitSandboxTesting(
+ Endpoint<PSandboxTestingChild>&& aEndpoint);
+#endif
+
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+ void ProcessingError(Result aCode, const char* aReason) override;
+
+ // GMPSharedMem
+ void CheckThread() override;
+
+ void CloseActive();
+ bool IsUsed();
+
+ GMPChild* mGMPChild;
+
+ private:
+ ~GMPContentChild() = default;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPContentChild_h_
diff --git a/dom/media/gmp/GMPContentParent.cpp b/dom/media/gmp/GMPContentParent.cpp
new file mode 100644
index 0000000000..4483dfe784
--- /dev/null
+++ b/dom/media/gmp/GMPContentParent.cpp
@@ -0,0 +1,223 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPContentParent.h"
+#include "GMPLog.h"
+#include "GMPParent.h"
+#include "GMPServiceChild.h"
+#include "GMPVideoDecoderParent.h"
+#include "GMPVideoEncoderParent.h"
+#include "ChromiumCDMParent.h"
+#include "mozIGeckoMediaPluginService.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Unused.h"
+#include "base/task.h"
+
+namespace mozilla::gmp {
+
+static const char* GetBoolString(bool aBool) {
+ return aBool ? "true" : "false";
+}
+
+GMPContentParent::GMPContentParent(GMPParent* aParent)
+ : mParent(aParent), mPluginId(0) {
+ GMP_LOG_DEBUG("GMPContentParent::GMPContentParent(this=%p), aParent=%p", this,
+ aParent);
+ if (mParent) {
+ SetDisplayName(mParent->GetDisplayName());
+ SetPluginId(mParent->GetPluginId());
+ SetPluginType(mParent->GetPluginType());
+ }
+}
+
+GMPContentParent::~GMPContentParent() {
+ GMP_LOG_DEBUG(
+ "GMPContentParent::~GMPContentParent(this=%p) mVideoDecoders.IsEmpty=%s, "
+ "mVideoEncoders.IsEmpty=%s, mChromiumCDMs.IsEmpty=%s, "
+ "mCloseBlockerCount=%" PRIu32,
+ this, GetBoolString(mVideoDecoders.IsEmpty()),
+ GetBoolString(mVideoEncoders.IsEmpty()),
+ GetBoolString(mChromiumCDMs.IsEmpty()), mCloseBlockerCount);
+}
+
+void GMPContentParent::ActorDestroy(ActorDestroyReason aWhy) {
+ GMP_LOG_DEBUG("GMPContentParent::ActorDestroy(this=%p, aWhy=%d)", this,
+ static_cast<int>(aWhy));
+ MOZ_ASSERT(mVideoDecoders.IsEmpty() && mVideoEncoders.IsEmpty() &&
+ mChromiumCDMs.IsEmpty());
+}
+
+void GMPContentParent::CheckThread() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+}
+
+void GMPContentParent::ChromiumCDMDestroyed(ChromiumCDMParent* aCDM) {
+ GMP_LOG_DEBUG("GMPContentParent::ChromiumCDMDestroyed(this=%p, aCDM=%p)",
+ this, aCDM);
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+
+ MOZ_ALWAYS_TRUE(mChromiumCDMs.RemoveElement(aCDM));
+ CloseIfUnused();
+}
+
+void GMPContentParent::VideoDecoderDestroyed(GMPVideoDecoderParent* aDecoder) {
+ GMP_LOG_DEBUG("GMPContentParent::VideoDecoderDestroyed(this=%p, aDecoder=%p)",
+ this, aDecoder);
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+
+ // If the constructor fails, we'll get called before it's added
+ Unused << NS_WARN_IF(!mVideoDecoders.RemoveElement(aDecoder));
+ CloseIfUnused();
+}
+
+void GMPContentParent::VideoEncoderDestroyed(GMPVideoEncoderParent* aEncoder) {
+ GMP_LOG_DEBUG("GMPContentParent::VideoEncoderDestroyed(this=%p, aEncoder=%p)",
+ this, aEncoder);
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+
+ // If the constructor fails, we'll get called before it's added
+ Unused << NS_WARN_IF(!mVideoEncoders.RemoveElement(aEncoder));
+ CloseIfUnused();
+}
+
+void GMPContentParent::AddCloseBlocker() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ ++mCloseBlockerCount;
+ GMP_LOG_DEBUG(
+ "GMPContentParent::AddCloseBlocker(this=%p) mCloseBlockerCount=%" PRIu32,
+ this, mCloseBlockerCount);
+}
+
+void GMPContentParent::RemoveCloseBlocker() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ --mCloseBlockerCount;
+ GMP_LOG_DEBUG(
+ "GMPContentParent::RemoveCloseBlocker(this=%p) "
+ "mCloseBlockerCount=%" PRIu32,
+ this, mCloseBlockerCount);
+ CloseIfUnused();
+}
+
+void GMPContentParent::CloseIfUnused() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_LOG_DEBUG(
+ "GMPContentParent::CloseIfUnused(this=%p) mVideoDecoders.IsEmpty=%s, "
+ "mVideoEncoders.IsEmpty=%s, mChromiumCDMs.IsEmpty=%s, "
+ "mCloseBlockerCount=%" PRIu32,
+ this, GetBoolString(mVideoDecoders.IsEmpty()),
+ GetBoolString(mVideoEncoders.IsEmpty()),
+ GetBoolString(mChromiumCDMs.IsEmpty()), mCloseBlockerCount);
+ if (mVideoDecoders.IsEmpty() && mVideoEncoders.IsEmpty() &&
+ mChromiumCDMs.IsEmpty() && mCloseBlockerCount == 0) {
+ RefPtr<GMPContentParent> toClose;
+ if (mParent) {
+ toClose = mParent->ForgetGMPContentParent();
+ } else {
+ toClose = this;
+ RefPtr<GeckoMediaPluginServiceChild> gmp(
+ GeckoMediaPluginServiceChild::GetSingleton());
+ if (gmp) {
+ gmp->RemoveGMPContentParent(toClose);
+ }
+ }
+ NS_DispatchToCurrentThread(NewRunnableMethod(
+ "gmp::GMPContentParent::Close", toClose, &GMPContentParent::Close));
+ }
+}
+
+nsCOMPtr<nsISerialEventTarget> GMPContentParent::GMPEventTarget() {
+ if (!mGMPEventTarget) {
+ GMP_LOG_DEBUG("GMPContentParent::GMPEventTarget(this=%p)", this);
+ nsCOMPtr<mozIGeckoMediaPluginService> mps =
+ do_GetService("@mozilla.org/gecko-media-plugin-service;1");
+ MOZ_ASSERT(mps);
+ if (!mps) {
+ return nullptr;
+ }
+ // Not really safe if we just grab to the mGMPEventTarget, as we don't know
+ // what thread we're running on and other threads may be trying to
+ // access this without locks! However, debug only, and primary failure
+ // mode outside of compiler-helped TSAN is a leak. But better would be
+ // to use swap() under a lock.
+ nsCOMPtr<nsIThread> gmpThread;
+ mps->GetThread(getter_AddRefs(gmpThread));
+ MOZ_ASSERT(gmpThread);
+
+ mGMPEventTarget = gmpThread;
+ }
+
+ return mGMPEventTarget;
+}
+
+already_AddRefed<ChromiumCDMParent> GMPContentParent::GetChromiumCDM(
+ const nsCString& aKeySystem) {
+ GMP_LOG_DEBUG("GMPContentParent::GetChromiumCDM(this=%p aKeySystem=%s)", this,
+ aKeySystem.get());
+
+ RefPtr<ChromiumCDMParent> parent = new ChromiumCDMParent(this, GetPluginId());
+ // TODO: Remove parent from mChromiumCDMs in ChromiumCDMParent::Destroy().
+ mChromiumCDMs.AppendElement(parent);
+
+ if (!SendPChromiumCDMConstructor(parent, aKeySystem)) {
+ MOZ_ASSERT(!mChromiumCDMs.Contains(parent));
+ return nullptr;
+ }
+
+ return parent.forget();
+}
+
+nsresult GMPContentParent::GetGMPVideoDecoder(GMPVideoDecoderParent** aGMPVD) {
+ GMP_LOG_DEBUG("GMPContentParent::GetGMPVideoDecoder(this=%p)", this);
+
+ RefPtr<GMPVideoDecoderParent> vdp = new GMPVideoDecoderParent(this);
+ if (!SendPGMPVideoDecoderConstructor(vdp)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ // This addref corresponds to the Proxy pointer the consumer is returned.
+ // It's dropped by calling Close() on the interface.
+ vdp.get()->AddRef();
+ *aGMPVD = vdp;
+ mVideoDecoders.AppendElement(vdp);
+
+ return NS_OK;
+}
+
+nsresult GMPContentParent::GetGMPVideoEncoder(GMPVideoEncoderParent** aGMPVE) {
+ GMP_LOG_DEBUG("GMPContentParent::GetGMPVideoEncoder(this=%p)", this);
+
+ RefPtr<GMPVideoEncoderParent> vep = new GMPVideoEncoderParent(this);
+ if (!SendPGMPVideoEncoderConstructor(vep)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ // This addref corresponds to the Proxy pointer the consumer is returned.
+ // It's dropped by calling Close() on the interface.
+ vep.get()->AddRef();
+ *aGMPVE = vep;
+ mVideoEncoders.AppendElement(vep);
+
+ return NS_OK;
+}
+
+void GMPContentParentCloseBlocker::Destroy() {
+ MOZ_ASSERT(mParent);
+ MOZ_ASSERT(mEventTarget);
+
+ if (!mEventTarget->IsOnCurrentThread()) {
+ mEventTarget->Dispatch(NS_NewRunnableFunction(
+ __func__, [parent = std::move(mParent), eventTarget = mEventTarget]() {
+ parent->RemoveCloseBlocker();
+ }));
+ mEventTarget = nullptr;
+ return;
+ }
+
+ mParent->RemoveCloseBlocker();
+ mParent = nullptr;
+ mEventTarget = nullptr;
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPContentParent.h b/dom/media/gmp/GMPContentParent.h
new file mode 100644
index 0000000000..f71a4615d3
--- /dev/null
+++ b/dom/media/gmp/GMPContentParent.h
@@ -0,0 +1,108 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPContentParent_h_
+#define GMPContentParent_h_
+
+#include "mozilla/gmp/PGMPContentParent.h"
+#include "GMPSharedMemManager.h"
+#include "GMPNativeTypes.h"
+#include "nsISupportsImpl.h"
+
+namespace mozilla::gmp {
+
+class GMPContentParentCloseBlocker;
+class GMPParent;
+class GMPVideoDecoderParent;
+class GMPVideoEncoderParent;
+class ChromiumCDMParent;
+
+/**
+ * This class allows the parent/content processes to create GMP decoder/encoder
+ * objects in the GMP process.
+ */
+class GMPContentParent final : public PGMPContentParent, public GMPSharedMem {
+ friend class PGMPContentParent;
+
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPContentParent.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPContentParent, final)
+
+ explicit GMPContentParent(GMPParent* aParent = nullptr);
+
+ nsresult GetGMPVideoDecoder(GMPVideoDecoderParent** aGMPVD);
+ void VideoDecoderDestroyed(GMPVideoDecoderParent* aDecoder);
+
+ nsresult GetGMPVideoEncoder(GMPVideoEncoderParent** aGMPVE);
+ void VideoEncoderDestroyed(GMPVideoEncoderParent* aEncoder);
+
+ already_AddRefed<ChromiumCDMParent> GetChromiumCDM(
+ const nsCString& aKeySystem);
+ void ChromiumCDMDestroyed(ChromiumCDMParent* aCDM);
+
+ nsCOMPtr<nsISerialEventTarget> GMPEventTarget();
+
+ // GMPSharedMem
+ void CheckThread() override;
+
+ void SetDisplayName(const nsCString& aDisplayName) {
+ mDisplayName = aDisplayName;
+ }
+ const nsCString& GetDisplayName() const { return mDisplayName; }
+ void SetPluginId(const uint32_t aPluginId) { mPluginId = aPluginId; }
+ uint32_t GetPluginId() const { return mPluginId; }
+ void SetPluginType(GMPPluginType aPluginType) { mPluginType = aPluginType; }
+ GMPPluginType GetPluginType() const { return mPluginType; }
+
+ private:
+ friend class GMPContentParentCloseBlocker;
+
+ void AddCloseBlocker();
+ void RemoveCloseBlocker();
+
+ ~GMPContentParent();
+
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+
+ void CloseIfUnused();
+ // Needed because NewRunnableMethod tried to use the class that the method
+ // lives on to store the receiver, but PGMPContentParent isn't refcounted.
+ void Close() { PGMPContentParent::Close(); }
+
+ nsTArray<RefPtr<GMPVideoDecoderParent>> mVideoDecoders;
+ nsTArray<RefPtr<GMPVideoEncoderParent>> mVideoEncoders;
+ nsTArray<RefPtr<ChromiumCDMParent>> mChromiumCDMs;
+ nsCOMPtr<nsISerialEventTarget> mGMPEventTarget;
+ RefPtr<GMPParent> mParent;
+ nsCString mDisplayName;
+ uint32_t mPluginId;
+ GMPPluginType mPluginType = GMPPluginType::Unknown;
+ uint32_t mCloseBlockerCount = 0;
+};
+
+class GMPContentParentCloseBlocker final {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPContentParentCloseBlocker)
+
+ explicit GMPContentParentCloseBlocker(GMPContentParent* aParent)
+ : mParent(aParent), mEventTarget(aParent->GMPEventTarget()) {
+ MOZ_ASSERT(mEventTarget);
+ mParent->AddCloseBlocker();
+ }
+
+ void Destroy();
+
+ RefPtr<GMPContentParent> mParent;
+
+ private:
+ nsCOMPtr<nsISerialEventTarget> mEventTarget;
+
+ ~GMPContentParentCloseBlocker() { Destroy(); }
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPParent_h_
diff --git a/dom/media/gmp/GMPCrashHelper.h b/dom/media/gmp/GMPCrashHelper.h
new file mode 100644
index 0000000000..0034d54ee7
--- /dev/null
+++ b/dom/media/gmp/GMPCrashHelper.h
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#if !defined(GMPCrashHelper_h_)
+# define GMPCrashHelper_h_
+
+# include "MainThreadUtils.h"
+# include "nsISupportsImpl.h"
+
+class nsPIDOMWindowInner;
+
+namespace mozilla {
+
+// For every GMP actor requested, the caller can specify a crash helper,
+// which is an object which supplies the nsPIDOMWindowInner to which we'll
+// dispatch the PluginCrashed event if the GMP crashes.
+// GMPCrashHelper has threadsafe refcounting. Its release method ensures
+// that instances are destroyed on the main thread.
+class GMPCrashHelper {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING_WITH_DELETE_ON_MAIN_THREAD(
+ GMPCrashHelper);
+
+ // Called on the main thread.
+ virtual already_AddRefed<nsPIDOMWindowInner>
+ GetPluginCrashedEventTarget() = 0;
+
+ protected:
+ virtual ~GMPCrashHelper() { MOZ_ASSERT(NS_IsMainThread()); }
+};
+
+} // namespace mozilla
+
+#endif // GMPCrashHelper_h_
diff --git a/dom/media/gmp/GMPCrashHelperHolder.cpp b/dom/media/gmp/GMPCrashHelperHolder.cpp
new file mode 100644
index 0000000000..1c0182155b
--- /dev/null
+++ b/dom/media/gmp/GMPCrashHelperHolder.cpp
@@ -0,0 +1,31 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPCrashHelperHolder.h"
+#include "GMPService.h"
+#include "mozilla/RefPtr.h"
+#include "nsPIDOMWindow.h"
+#include "mozilla/ipc/ProtocolUtils.h"
+
+namespace mozilla {
+
+void GMPCrashHelperHolder::SetCrashHelper(GMPCrashHelper* aHelper) {
+ mCrashHelper = aHelper;
+}
+
+GMPCrashHelper* GMPCrashHelperHolder::GetCrashHelper() { return mCrashHelper; }
+
+void GMPCrashHelperHolder::MaybeDisconnect(bool aAbnormalShutdown) {
+ if (!aAbnormalShutdown) {
+ RefPtr<gmp::GeckoMediaPluginService> service(
+ gmp::GeckoMediaPluginService::GetGeckoMediaPluginService());
+ if (service) {
+ service->DisconnectCrashHelper(GetCrashHelper());
+ }
+ }
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/GMPCrashHelperHolder.h b/dom/media/gmp/GMPCrashHelperHolder.h
new file mode 100644
index 0000000000..d8c63234da
--- /dev/null
+++ b/dom/media/gmp/GMPCrashHelperHolder.h
@@ -0,0 +1,63 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPCrashHelperHolder_h_
+#define GMPCrashHelperHolder_h_
+
+#include "mozilla/RefPtr.h"
+#include "GMPCrashHelper.h"
+
+namespace mozilla {
+
+// Disconnecting the GMPCrashHelpers at the right time is hard. We need to
+// ensure that in the crashing case that we stay connected until the
+// "gmp-plugin-crashed" message is processed in the content process.
+//
+// We have two channels connecting to the GMP; PGMP which connects from
+// chrome to GMP process, and PGMPContent, which bridges between the content
+// and GMP process. If the GMP crashes both PGMP and PGMPContent receive
+// ActorDestroy messages and begin to shutdown at the same time.
+//
+// However the crash report mini dump must be generated in the chrome
+// process' ActorDestroy, before the "gmp-plugin-crashed" message can be sent
+// to the content process. We fire the "PluginCrashed" event when we handle
+// the "gmp-plugin-crashed" message in the content process, and we need the
+// crash helpers to do that.
+//
+// The PGMPContent's managed actors' ActorDestroy messages are the only shutdown
+// notification we get in the content process, but we can't disconnect the
+// crash handlers there in the crashing case, as ActorDestroy happens before
+// we've received the "gmp-plugin-crashed" message and had a chance for the
+// crash helpers to generate the window to dispatch PluginCrashed to initiate
+// the crash report submission notification box.
+//
+// So we need to ensure that in the content process, the GMPCrashHelpers stay
+// connected to the GMPService until after ActorDestroy messages are received
+// if there's an abnormal shutdown. In the case where the GMP doesn't crash,
+// we do actually want to disconnect GMPCrashHandlers in ActorDestroy, since
+// we don't have any other signal that a GMP actor is shutting down. If we don't
+// disconnect the crash helper there in the normal shutdown case, the helper
+// will stick around forever and leak.
+//
+// In the crashing case, the GMPCrashHelpers are deallocated when the crash
+// report is processed in GeckoMediaPluginService::RunPluginCrashCallbacks().
+//
+// It's a bit yuck that we have to have two paths for disconnecting the crash
+// helpers, but there aren't really any better options.
+class GMPCrashHelperHolder {
+ public:
+ void SetCrashHelper(GMPCrashHelper* aHelper);
+
+ GMPCrashHelper* GetCrashHelper();
+
+ void MaybeDisconnect(bool aAbnormalShutdown);
+
+ private:
+ RefPtr<GMPCrashHelper> mCrashHelper;
+};
+
+} // namespace mozilla
+
+#endif // GMPCrashHelperHolder_h_
diff --git a/dom/media/gmp/GMPDiskStorage.cpp b/dom/media/gmp/GMPDiskStorage.cpp
new file mode 100644
index 0000000000..5f7a023b9b
--- /dev/null
+++ b/dom/media/gmp/GMPDiskStorage.cpp
@@ -0,0 +1,454 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "plhash.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "GMPParent.h"
+#include "gmp-storage.h"
+#include "mozilla/Unused.h"
+#include "mozilla/EndianUtils.h"
+#include "nsClassHashtable.h"
+#include "prio.h"
+#include "nsContentCID.h"
+#include "nsServiceManagerUtils.h"
+
+namespace mozilla::gmp {
+
+// We store the records for a given GMP as files in the profile dir.
+// $profileDir/gmp/$platform/$gmpName/storage/$nodeId/
+static nsresult GetGMPStorageDir(nsIFile** aTempDir, const nsAString& aGMPName,
+ const nsACString& aNodeId) {
+ if (NS_WARN_IF(!aTempDir)) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ nsCOMPtr<mozIGeckoMediaPluginChromeService> mps =
+ do_GetService("@mozilla.org/gecko-media-plugin-service;1");
+ if (NS_WARN_IF(!mps)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIFile> tmpFile;
+ nsresult rv = mps->GetStorageDir(getter_AddRefs(tmpFile));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = tmpFile->Append(aGMPName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = tmpFile->AppendNative("storage"_ns);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = tmpFile->AppendNative(aNodeId);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = tmpFile->Create(nsIFile::DIRECTORY_TYPE, 0700);
+ if (rv != NS_ERROR_FILE_ALREADY_EXISTS && NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ tmpFile.forget(aTempDir);
+
+ return NS_OK;
+}
+
+// Disk-backed GMP storage. Records are stored in files on disk in
+// the profile directory. The record name is a hash of the filename,
+// and we resolve hash collisions by just adding 1 to the hash code.
+// The format of records on disk is:
+// 4 byte, uint32_t $recordNameLength, in little-endian byte order,
+// record name (i.e. $recordNameLength bytes, no null terminator)
+// record bytes (entire remainder of file)
+class GMPDiskStorage : public GMPStorage {
+ public:
+ explicit GMPDiskStorage(const nsACString& aNodeId, const nsAString& aGMPName)
+ : mNodeId(aNodeId), mGMPName(aGMPName) {}
+
+ ~GMPDiskStorage() {
+ // Close all open file handles.
+ for (const auto& record : mRecords.Values()) {
+ if (record->mFileDesc) {
+ PR_Close(record->mFileDesc);
+ record->mFileDesc = nullptr;
+ }
+ }
+ }
+
+ nsresult Init() {
+ // Build our index of records on disk.
+ nsCOMPtr<nsIFile> storageDir;
+ nsresult rv =
+ GetGMPStorageDir(getter_AddRefs(storageDir), mGMPName, mNodeId);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return NS_ERROR_FAILURE;
+ }
+
+ DirectoryEnumerator iter(storageDir, DirectoryEnumerator::FilesAndDirs);
+ for (nsCOMPtr<nsIFile> dirEntry; (dirEntry = iter.Next()) != nullptr;) {
+ PRFileDesc* fd = nullptr;
+ if (NS_WARN_IF(
+ NS_FAILED(dirEntry->OpenNSPRFileDesc(PR_RDONLY, 0, &fd)))) {
+ continue;
+ }
+ int32_t recordLength = 0;
+ nsCString recordName;
+ nsresult err = ReadRecordMetadata(fd, recordLength, recordName);
+ PR_Close(fd);
+ if (NS_WARN_IF(NS_FAILED(err))) {
+ // File is not a valid storage file. Don't index it. Delete the file,
+ // to make our indexing faster in future.
+ dirEntry->Remove(false);
+ continue;
+ }
+
+ nsAutoString filename;
+ rv = dirEntry->GetLeafName(filename);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ continue;
+ }
+
+ mRecords.InsertOrUpdate(recordName,
+ MakeUnique<Record>(filename, recordName));
+ }
+
+ return NS_OK;
+ }
+
+ GMPErr Open(const nsACString& aRecordName) override {
+ MOZ_ASSERT(!IsOpen(aRecordName));
+
+ Record* const record =
+ mRecords.WithEntryHandle(aRecordName, [&](auto&& entry) -> Record* {
+ if (!entry) {
+ // New file.
+ nsAutoString filename;
+ nsresult rv = GetUnusedFilename(aRecordName, filename);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return nullptr;
+ }
+ return entry.Insert(MakeUnique<Record>(filename, aRecordName))
+ .get();
+ }
+
+ return entry->get();
+ });
+ if (!record) {
+ return GMPGenericErr;
+ }
+
+ MOZ_ASSERT(record);
+ if (record->mFileDesc) {
+ NS_WARNING("Tried to open already open record");
+ return GMPRecordInUse;
+ }
+
+ nsresult rv =
+ OpenStorageFile(record->mFilename, ReadWrite, &record->mFileDesc);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return GMPGenericErr;
+ }
+
+ MOZ_ASSERT(IsOpen(aRecordName));
+
+ return GMPNoErr;
+ }
+
+ bool IsOpen(const nsACString& aRecordName) const override {
+ // We are open if we have a record indexed, and it has a valid
+ // file descriptor.
+ const Record* record = mRecords.Get(aRecordName);
+ return record && !!record->mFileDesc;
+ }
+
+ GMPErr Read(const nsACString& aRecordName,
+ nsTArray<uint8_t>& aOutBytes) override {
+ if (!IsOpen(aRecordName)) {
+ return GMPClosedErr;
+ }
+
+ Record* record = nullptr;
+ mRecords.Get(aRecordName, &record);
+ MOZ_ASSERT(record && !!record->mFileDesc); // IsOpen() guarantees this.
+
+ // Our error strategy is to report records with invalid contents as
+ // containing 0 bytes. Zero length records are considered "deleted" by
+ // the GMPStorage API.
+ aOutBytes.SetLength(0);
+
+ int32_t recordLength = 0;
+ nsCString recordName;
+ nsresult err =
+ ReadRecordMetadata(record->mFileDesc, recordLength, recordName);
+ if (NS_WARN_IF(NS_FAILED(err) || recordLength == 0)) {
+ // We failed to read the record metadata. Or the record is 0 length.
+ // Treat damaged records as empty.
+ // ReadRecordMetadata() could fail if the GMP opened a new record and
+ // tried to read it before anything was written to it..
+ return GMPNoErr;
+ }
+
+ if (!aRecordName.Equals(recordName)) {
+ NS_WARNING("Record file contains some other record's contents!");
+ return GMPRecordCorrupted;
+ }
+
+ // After calling ReadRecordMetadata, we should be ready to read the
+ // record data.
+ if (PR_Available(record->mFileDesc) != recordLength) {
+ NS_WARNING("Record file length mismatch!");
+ return GMPRecordCorrupted;
+ }
+
+ aOutBytes.SetLength(recordLength);
+ int32_t bytesRead =
+ PR_Read(record->mFileDesc, aOutBytes.Elements(), recordLength);
+ return (bytesRead == recordLength) ? GMPNoErr : GMPRecordCorrupted;
+ }
+
+ GMPErr Write(const nsACString& aRecordName,
+ const nsTArray<uint8_t>& aBytes) override {
+ if (!IsOpen(aRecordName)) {
+ return GMPClosedErr;
+ }
+
+ Record* record = nullptr;
+ mRecords.Get(aRecordName, &record);
+ MOZ_ASSERT(record && !!record->mFileDesc); // IsOpen() guarantees this.
+
+ // Write operations overwrite the entire record. So close it now.
+ PR_Close(record->mFileDesc);
+ record->mFileDesc = nullptr;
+
+ // Writing 0 bytes means removing (deleting) the file.
+ if (aBytes.Length() == 0) {
+ nsresult rv = RemoveStorageFile(record->mFilename);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ // Could not delete file -> Continue with trying to erase the contents.
+ } else {
+ return GMPNoErr;
+ }
+ }
+
+ // Write operations overwrite the entire record. So re-open the file
+ // in truncate mode, to clear its contents.
+ if (NS_WARN_IF(NS_FAILED(OpenStorageFile(record->mFilename, Truncate,
+ &record->mFileDesc)))) {
+ return GMPGenericErr;
+ }
+
+ // Store the length of the record name followed by the record name
+ // at the start of the file.
+ int32_t bytesWritten = 0;
+ char buf[sizeof(uint32_t)] = {0};
+ LittleEndian::writeUint32(buf, aRecordName.Length());
+ bytesWritten = PR_Write(record->mFileDesc, buf, MOZ_ARRAY_LENGTH(buf));
+ if (bytesWritten != MOZ_ARRAY_LENGTH(buf)) {
+ NS_WARNING("Failed to write GMPStorage record name length.");
+ return GMPRecordCorrupted;
+ }
+ bytesWritten = PR_Write(record->mFileDesc, aRecordName.BeginReading(),
+ aRecordName.Length());
+ if (bytesWritten != (int32_t)aRecordName.Length()) {
+ NS_WARNING("Failed to write GMPStorage record name.");
+ return GMPRecordCorrupted;
+ }
+
+ bytesWritten =
+ PR_Write(record->mFileDesc, aBytes.Elements(), aBytes.Length());
+ if (bytesWritten != (int32_t)aBytes.Length()) {
+ NS_WARNING("Failed to write GMPStorage record data.");
+ return GMPRecordCorrupted;
+ }
+
+ // Try to sync the file to disk, so that in the event of a crash,
+ // the record is less likely to be corrupted.
+ PR_Sync(record->mFileDesc);
+
+ return GMPNoErr;
+ }
+
+ void Close(const nsACString& aRecordName) override {
+ Record* record = nullptr;
+ mRecords.Get(aRecordName, &record);
+ if (record && !!record->mFileDesc) {
+ PR_Close(record->mFileDesc);
+ record->mFileDesc = nullptr;
+ }
+ MOZ_ASSERT(!IsOpen(aRecordName));
+ }
+
+ private:
+ // We store records in a file which is a hash of the record name.
+ // If there is a hash collision, we just keep adding 1 to the hash
+ // code, until we find a free slot.
+ nsresult GetUnusedFilename(const nsACString& aRecordName,
+ nsString& aOutFilename) {
+ nsCOMPtr<nsIFile> storageDir;
+ nsresult rv =
+ GetGMPStorageDir(getter_AddRefs(storageDir), mGMPName, mNodeId);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ uint64_t recordNameHash = HashString(PromiseFlatCString(aRecordName).get());
+ for (int i = 0; i < 1000000; i++) {
+ nsCOMPtr<nsIFile> f;
+ rv = storageDir->Clone(getter_AddRefs(f));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ nsAutoString hashStr;
+ hashStr.AppendInt(recordNameHash);
+ rv = f->Append(hashStr);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ bool exists = false;
+ f->Exists(&exists);
+ if (!exists) {
+ // Filename not in use, we can write into this file.
+ aOutFilename = hashStr;
+ return NS_OK;
+ } else {
+ // Hash collision; just increment the hash name and try that again.
+ ++recordNameHash;
+ continue;
+ }
+ }
+ // Somehow, we've managed to completely fail to find a vacant file name.
+ // Give up.
+ NS_WARNING("GetUnusedFilename had extreme hash collision!");
+ return NS_ERROR_FAILURE;
+ }
+
+ enum OpenFileMode { ReadWrite, Truncate };
+
+ nsresult OpenStorageFile(const nsAString& aFileLeafName,
+ const OpenFileMode aMode, PRFileDesc** aOutFD) {
+ MOZ_ASSERT(aOutFD);
+
+ nsCOMPtr<nsIFile> f;
+ nsresult rv = GetGMPStorageDir(getter_AddRefs(f), mGMPName, mNodeId);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ f->Append(aFileLeafName);
+
+ auto mode = PR_RDWR | PR_CREATE_FILE;
+ if (aMode == Truncate) {
+ mode |= PR_TRUNCATE;
+ }
+
+ return f->OpenNSPRFileDesc(mode, PR_IRWXU, aOutFD);
+ }
+
+ nsresult ReadRecordMetadata(PRFileDesc* aFd, int32_t& aOutRecordLength,
+ nsACString& aOutRecordName) {
+ int32_t offset = PR_Seek(aFd, 0, PR_SEEK_END);
+ PR_Seek(aFd, 0, PR_SEEK_SET);
+
+ if (offset < 0 || offset > GMP_MAX_RECORD_SIZE) {
+ // Refuse to read big records, or records where we can't get a length.
+ return NS_ERROR_FAILURE;
+ }
+ const uint32_t fileLength = static_cast<uint32_t>(offset);
+
+ // At the start of the file the length of the record name is stored in a
+ // uint32_t (little endian byte order) followed by the record name at the
+ // start of the file. The record name is not null terminated. The remainder
+ // of the file is the record's data.
+
+ if (fileLength < sizeof(uint32_t)) {
+ // Record file doesn't have enough contents to store the record name
+ // length. Fail.
+ return NS_ERROR_FAILURE;
+ }
+
+ // Read length, and convert to host byte order.
+ uint32_t recordNameLength = 0;
+ char buf[sizeof(recordNameLength)] = {0};
+ int32_t bytesRead = PR_Read(aFd, &buf, sizeof(recordNameLength));
+ recordNameLength = LittleEndian::readUint32(buf);
+ if (sizeof(recordNameLength) != bytesRead || recordNameLength == 0 ||
+ recordNameLength + sizeof(recordNameLength) > fileLength ||
+ recordNameLength > GMP_MAX_RECORD_NAME_SIZE) {
+ // Record file has invalid contents. Fail.
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCString recordName;
+ recordName.SetLength(recordNameLength);
+ bytesRead = PR_Read(aFd, recordName.BeginWriting(), recordNameLength);
+ if ((uint32_t)bytesRead != recordNameLength) {
+ // Read failed.
+ return NS_ERROR_FAILURE;
+ }
+
+ MOZ_ASSERT(fileLength >= sizeof(recordNameLength) + recordNameLength);
+ int32_t recordLength =
+ fileLength - (sizeof(recordNameLength) + recordNameLength);
+
+ aOutRecordLength = recordLength;
+ aOutRecordName = recordName;
+
+ // Read cursor should be positioned after the record name, before the record
+ // contents.
+ if (PR_Seek(aFd, 0, PR_SEEK_CUR) !=
+ (int32_t)(sizeof(recordNameLength) + recordNameLength)) {
+ NS_WARNING("Read cursor mismatch after ReadRecordMetadata()");
+ return NS_ERROR_FAILURE;
+ }
+
+ return NS_OK;
+ }
+
+ nsresult RemoveStorageFile(const nsAString& aFilename) {
+ nsCOMPtr<nsIFile> f;
+ nsresult rv = GetGMPStorageDir(getter_AddRefs(f), mGMPName, mNodeId);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ rv = f->Append(aFilename);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ return f->Remove(/* bool recursive= */ false);
+ }
+
+ struct Record {
+ Record(const nsAString& aFilename, const nsACString& aRecordName)
+ : mFilename(aFilename), mRecordName(aRecordName), mFileDesc(0) {}
+ ~Record() { MOZ_ASSERT(!mFileDesc); }
+ nsString mFilename;
+ nsCString mRecordName;
+ PRFileDesc* mFileDesc;
+ };
+
+ // Hash record name to record data.
+ nsClassHashtable<nsCStringHashKey, Record> mRecords;
+ const nsCString mNodeId;
+ const nsString mGMPName;
+};
+
+already_AddRefed<GMPStorage> CreateGMPDiskStorage(const nsACString& aNodeId,
+ const nsAString& aGMPName) {
+ RefPtr<GMPDiskStorage> storage(new GMPDiskStorage(aNodeId, aGMPName));
+ if (NS_FAILED(storage->Init())) {
+ NS_WARNING("Failed to initialize on disk GMP storage");
+ return nullptr;
+ }
+ return storage.forget();
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPLoader.cpp b/dom/media/gmp/GMPLoader.cpp
new file mode 100644
index 0000000000..9fa7756165
--- /dev/null
+++ b/dom/media/gmp/GMPLoader.cpp
@@ -0,0 +1,203 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: sw=2 ts=4 et :
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPLoader.h"
+#include <stdio.h>
+#include "mozilla/Attributes.h"
+#include "nsExceptionHandler.h"
+#include "gmp-entrypoints.h"
+#include "prlink.h"
+#include "prenv.h"
+#include "prerror.h"
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
+# include "mozilla/sandboxTarget.h"
+# include "mozilla/sandboxing/SandboxInitialization.h"
+# include "mozilla/sandboxing/sandboxLogging.h"
+#endif
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+# include "mozilla/Sandbox.h"
+# include "mozilla/SandboxInfo.h"
+#endif
+
+#include <string>
+
+#ifdef XP_WIN
+# include <windows.h>
+#endif
+
+namespace mozilla::gmp {
+class PassThroughGMPAdapter : public GMPAdapter {
+ public:
+ ~PassThroughGMPAdapter() override {
+ // Ensure we're always shutdown, even if caller forgets to call
+ // GMPShutdown().
+ GMPShutdown();
+ }
+
+ void SetAdaptee(PRLibrary* aLib) override { mLib = aLib; }
+
+ GMPErr GMPInit(const GMPPlatformAPI* aPlatformAPI) override {
+ if (NS_WARN_IF(!mLib)) {
+ MOZ_CRASH("Missing library!");
+ return GMPGenericErr;
+ }
+ GMPInitFunc initFunc =
+ reinterpret_cast<GMPInitFunc>(PR_FindFunctionSymbol(mLib, "GMPInit"));
+ if (!initFunc) {
+ MOZ_CRASH("Missing init method!");
+ return GMPNotImplementedErr;
+ }
+ return initFunc(aPlatformAPI);
+ }
+
+ GMPErr GMPGetAPI(const char* aAPIName, void* aHostAPI, void** aPluginAPI,
+ const nsACString& /* aKeySystem */) override {
+ if (!mLib) {
+ return GMPGenericErr;
+ }
+ GMPGetAPIFunc getapiFunc = reinterpret_cast<GMPGetAPIFunc>(
+ PR_FindFunctionSymbol(mLib, "GMPGetAPI"));
+ if (!getapiFunc) {
+ return GMPNotImplementedErr;
+ }
+ return getapiFunc(aAPIName, aHostAPI, aPluginAPI);
+ }
+
+ void GMPShutdown() override {
+ if (mLib) {
+ GMPShutdownFunc shutdownFunc = reinterpret_cast<GMPShutdownFunc>(
+ PR_FindFunctionSymbol(mLib, "GMPShutdown"));
+ if (shutdownFunc) {
+ shutdownFunc();
+ }
+ PR_UnloadLibrary(mLib);
+ mLib = nullptr;
+ }
+ }
+
+ private:
+ PRLibrary* mLib = nullptr;
+};
+
+bool GMPLoader::Load(const char* aUTF8LibPath, uint32_t aUTF8LibPathLen,
+ const GMPPlatformAPI* aPlatformAPI, GMPAdapter* aAdapter) {
+ CrashReporter::AutoAnnotateCrashReport autoLibPath(
+ CrashReporter::Annotation::GMPLibraryPath,
+ nsDependentCString(aUTF8LibPath));
+
+ if (!getenv("MOZ_DISABLE_GMP_SANDBOX") && mSandboxStarter &&
+ !mSandboxStarter->Start(aUTF8LibPath)) {
+ MOZ_CRASH("Cannot start sandbox!");
+ return false;
+ }
+
+ // Load the GMP.
+ PRLibSpec libSpec;
+#ifdef XP_WIN
+ int pathLen = MultiByteToWideChar(CP_UTF8, 0, aUTF8LibPath, -1, nullptr, 0);
+ if (pathLen == 0) {
+ MOZ_CRASH("Cannot get path length as wide char!");
+ return false;
+ }
+
+ auto widePath = MakeUnique<wchar_t[]>(pathLen);
+ if (MultiByteToWideChar(CP_UTF8, 0, aUTF8LibPath, -1, widePath.get(),
+ pathLen) == 0) {
+ MOZ_CRASH("Cannot convert path to wide char!");
+ return false;
+ }
+
+ libSpec.value.pathname_u = widePath.get();
+ libSpec.type = PR_LibSpec_PathnameU;
+#else
+ libSpec.value.pathname = aUTF8LibPath;
+ libSpec.type = PR_LibSpec_Pathname;
+#endif
+ PRLibrary* lib = PR_LoadLibraryWithFlags(libSpec, 0);
+ if (!lib) {
+ MOZ_CRASH_UNSAFE_PRINTF("Cannot load plugin as library %d %d",
+ PR_GetError(), PR_GetOSError());
+ return false;
+ }
+
+ mAdapter.reset((!aAdapter) ? new PassThroughGMPAdapter() : aAdapter);
+ mAdapter->SetAdaptee(lib);
+
+ if (mAdapter->GMPInit(aPlatformAPI) != GMPNoErr) {
+ MOZ_CRASH("Cannot initialize plugin adapter!");
+ return false;
+ }
+
+ return true;
+}
+
+GMPErr GMPLoader::GetAPI(const char* aAPIName, void* aHostAPI,
+ void** aPluginAPI, const nsACString& aKeySystem) {
+ return mAdapter->GMPGetAPI(aAPIName, aHostAPI, aPluginAPI, aKeySystem);
+}
+
+void GMPLoader::Shutdown() {
+ if (mAdapter) {
+ mAdapter->GMPShutdown();
+ }
+}
+
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
+class WinSandboxStarter : public mozilla::gmp::SandboxStarter {
+ public:
+ bool Start(const char* aLibPath) override {
+ // Cause advapi32 to load before the sandbox is turned on, as
+ // Widevine version 970 and later require it and the sandbox
+ // blocks it on Win7.
+ unsigned int dummy_rand;
+ rand_s(&dummy_rand);
+
+ mozilla::SandboxTarget::Instance()->StartSandbox();
+ return true;
+ }
+};
+#endif
+
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+namespace {
+class LinuxSandboxStarter : public mozilla::gmp::SandboxStarter {
+ private:
+ LinuxSandboxStarter() = default;
+ friend mozilla::detail::UniqueSelector<LinuxSandboxStarter>::SingleObject
+ mozilla::MakeUnique<LinuxSandboxStarter>();
+
+ public:
+ static UniquePtr<SandboxStarter> Make() {
+ if (mozilla::SandboxInfo::Get().CanSandboxMedia()) {
+ return MakeUnique<LinuxSandboxStarter>();
+ }
+ // Sandboxing isn't possible, but the parent has already
+ // checked that this plugin doesn't require it. (Bug 1074561)
+ return nullptr;
+ }
+ bool Start(const char* aLibPath) override {
+ mozilla::SetMediaPluginSandbox(aLibPath);
+ return true;
+ }
+};
+} // anonymous namespace
+#endif // XP_LINUX && MOZ_SANDBOX
+
+static UniquePtr<SandboxStarter> MakeSandboxStarter() {
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
+ return mozilla::MakeUnique<WinSandboxStarter>();
+#elif defined(XP_LINUX) && defined(MOZ_SANDBOX)
+ return LinuxSandboxStarter::Make();
+#else
+ return nullptr;
+#endif
+}
+
+GMPLoader::GMPLoader() : mSandboxStarter(MakeSandboxStarter()) {}
+
+bool GMPLoader::CanSandbox() const { return !!mSandboxStarter; }
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPLoader.h b/dom/media/gmp/GMPLoader.h
new file mode 100644
index 0000000000..a0e1513d34
--- /dev/null
+++ b/dom/media/gmp/GMPLoader.h
@@ -0,0 +1,80 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: sw=2 ts=4 et :
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMP_LOADER_H__
+#define GMP_LOADER_H__
+
+#include <stdint.h>
+#include "prlink.h"
+#include "gmp-entrypoints.h"
+#include "mozilla/UniquePtr.h"
+#include "nsString.h"
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+# include "mozilla/Sandbox.h"
+#endif
+
+namespace mozilla::gmp {
+
+class SandboxStarter {
+ public:
+ virtual ~SandboxStarter() = default;
+ virtual bool Start(const char* aLibPath) = 0;
+};
+
+// Interface that adapts a plugin to the GMP API.
+class GMPAdapter {
+ public:
+ virtual ~GMPAdapter() = default;
+ // Sets the adapted to plugin library module.
+ // Note: the GMPAdapter is responsible for calling PR_UnloadLibrary on aLib
+ // when it's finished with it.
+ virtual void SetAdaptee(PRLibrary* aLib) = 0;
+
+ // These are called in place of the corresponding GMP API functions.
+ virtual GMPErr GMPInit(const GMPPlatformAPI* aPlatformAPI) = 0;
+ // The `aKeySystem` arg is used to specify the key system when loading CDMs,
+ // and will be ignored by non-CDM GMPs. It is not part of the public GMP API
+ // Gecko exposes.
+ virtual GMPErr GMPGetAPI(const char* aAPIName, void* aHostAPI,
+ void** aPluginAPI, const nsACString& aKeySystem) = 0;
+ virtual void GMPShutdown() = 0;
+};
+
+// Encapsulates activating the sandbox, and loading the GMP.
+// Load() takes an optional GMPAdapter which can be used to adapt non-GMPs
+// to adhere to the GMP API.
+class GMPLoader {
+ public:
+ GMPLoader();
+
+ // Activates the sandbox, then loads the GMP library. If aAdapter is
+ // non-null, the lib path is assumed to be a non-GMP, and the adapter
+ // is initialized with the lib and the adapter is used to interact with
+ // the plugin.
+ bool Load(const char* aUTF8LibPath, uint32_t aLibPathLen,
+ const GMPPlatformAPI* aPlatformAPI, GMPAdapter* aAdapter = nullptr);
+
+ // Retrieves an interface pointer from the GMP. If the GMP is loading a CDM,
+ // aKeySystem is passed to the CDM to allow for key system specific
+ // configuration by the CDM.
+ GMPErr GetAPI(const char* aAPIName, void* aHostAPI, void** aPluginAPI,
+ const nsACString& aKeySystem);
+
+ // Calls the GMPShutdown function exported by the GMP lib, and unloads the
+ // plugin library.
+ void Shutdown();
+
+ bool CanSandbox() const;
+
+ private:
+ UniquePtr<SandboxStarter> mSandboxStarter;
+ UniquePtr<GMPAdapter> mAdapter;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMP_LOADER_H__
diff --git a/dom/media/gmp/GMPLog.h b/dom/media/gmp/GMPLog.h
new file mode 100644
index 0000000000..94e797e827
--- /dev/null
+++ b/dom/media/gmp/GMPLog.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef DOM_MEDIA_GMPLOG_H_
+#define DOM_MEDIA_GMPLOG_H_
+
+#include "content_decryption_module.h"
+#include "gmp-video-codec.h"
+#include "mozilla/Logging.h"
+
+namespace mozilla {
+
+extern LogModule* GetGMPLog();
+extern LogModule* GetGMPLibraryLog();
+extern GMPLogLevel GetGMPLibraryLogLevel();
+
+#define GMP_LOG_ERROR(msg, ...) \
+ MOZ_LOG(GetGMPLog(), LogLevel::Error, (msg, ##__VA_ARGS__))
+#define GMP_LOG_WARNING(msg, ...) \
+ MOZ_LOG(GetGMPLog(), LogLevel::Warning, (msg, ##__VA_ARGS__))
+#define GMP_LOG_INFO(msg, ...) \
+ MOZ_LOG(GetGMPLog(), LogLevel::Info, (msg, ##__VA_ARGS__))
+#define GMP_LOG_DEBUG(msg, ...) \
+ MOZ_LOG(GetGMPLog(), LogLevel::Debug, (msg, ##__VA_ARGS__))
+#define GMP_LOG_VERBOSE(msg, ...) \
+ MOZ_LOG(GetGMPLog(), LogLevel::Verbose, (msg, ##__VA_ARGS__))
+
+// Helpers
+
+inline const char* CdmStatusToString(cdm::Status aStatus) {
+ switch (aStatus) {
+ case cdm::Status::kSuccess:
+ return "success";
+ case cdm::Status::kNeedMoreData:
+ return "need more data";
+ case cdm::Status::kNoKey:
+ return "no key";
+ case cdm::Status::kInitializationError:
+ return "initialization error";
+ case cdm::Status::kDecryptError:
+ return "decrypt error";
+ case cdm::Status::kDecodeError:
+ return "decode error";
+ case cdm::Status::kDeferredInitialization:
+ return "deferred initialization";
+ default:
+ MOZ_ASSERT_UNREACHABLE("Should have coverage of entire enum");
+ return "unexpected status code"; // Gracefully handle disabled asserts.
+ }
+}
+
+inline const char* CdmStatusToString(uint32_t aStatus) {
+ return CdmStatusToString(cdm::Status(aStatus));
+}
+
+// End helpers
+
+} // namespace mozilla
+
+#endif // DOM_MEDIA_GMPLOG_H_
diff --git a/dom/media/gmp/GMPMemoryStorage.cpp b/dom/media/gmp/GMPMemoryStorage.cpp
new file mode 100644
index 0000000000..fe8cfee5f8
--- /dev/null
+++ b/dom/media/gmp/GMPMemoryStorage.cpp
@@ -0,0 +1,75 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPStorage.h"
+#include "nsClassHashtable.h"
+
+namespace mozilla::gmp {
+
+class GMPMemoryStorage : public GMPStorage {
+ public:
+ GMPErr Open(const nsACString& aRecordName) override {
+ MOZ_ASSERT(!IsOpen(aRecordName));
+
+ Record* record = mRecords.GetOrInsertNew(aRecordName);
+ record->mIsOpen = true;
+ return GMPNoErr;
+ }
+
+ bool IsOpen(const nsACString& aRecordName) const override {
+ const Record* record = mRecords.Get(aRecordName);
+ if (!record) {
+ return false;
+ }
+ return record->mIsOpen;
+ }
+
+ GMPErr Read(const nsACString& aRecordName,
+ nsTArray<uint8_t>& aOutBytes) override {
+ const Record* record = mRecords.Get(aRecordName);
+ if (!record) {
+ return GMPGenericErr;
+ }
+ aOutBytes = record->mData.Clone();
+ return GMPNoErr;
+ }
+
+ GMPErr Write(const nsACString& aRecordName,
+ const nsTArray<uint8_t>& aBytes) override {
+ Record* record = nullptr;
+ if (!mRecords.Get(aRecordName, &record)) {
+ return GMPClosedErr;
+ }
+ record->mData = aBytes.Clone();
+ return GMPNoErr;
+ }
+
+ void Close(const nsACString& aRecordName) override {
+ Record* record = nullptr;
+ if (!mRecords.Get(aRecordName, &record)) {
+ return;
+ }
+ if (!record->mData.Length()) {
+ // Record is empty, delete.
+ mRecords.Remove(aRecordName);
+ } else {
+ record->mIsOpen = false;
+ }
+ }
+
+ private:
+ struct Record {
+ nsTArray<uint8_t> mData;
+ bool mIsOpen = false;
+ };
+
+ nsClassHashtable<nsCStringHashKey, Record> mRecords;
+};
+
+already_AddRefed<GMPStorage> CreateGMPMemoryStorage() {
+ return RefPtr<GMPStorage>(new GMPMemoryStorage()).forget();
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPMessageUtils.h b/dom/media/gmp/GMPMessageUtils.h
new file mode 100644
index 0000000000..dd84c8cc20
--- /dev/null
+++ b/dom/media/gmp/GMPMessageUtils.h
@@ -0,0 +1,190 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPMessageUtils_h_
+#define GMPMessageUtils_h_
+
+#include "gmp-video-codec.h"
+#include "gmp-video-frame-encoded.h"
+#include "ipc/EnumSerializer.h"
+#include "ipc/IPCMessageUtilsSpecializations.h"
+#include "GMPNativeTypes.h"
+#include "GMPSanitizedExports.h"
+
+namespace IPC {
+
+template <>
+struct ParamTraits<GMPPluginType>
+ : public ContiguousEnumSerializerInclusive<
+ GMPPluginType, GMPPluginType::Unknown, GMPPluginType::WidevineL1> {};
+
+template <>
+struct ParamTraits<GMPErr>
+ : public ContiguousEnumSerializer<GMPErr, GMPNoErr, GMPLastErr> {};
+
+template <>
+struct ParamTraits<GMPVideoFrameType>
+ : public ContiguousEnumSerializer<GMPVideoFrameType, kGMPKeyFrame,
+ kGMPVideoFrameInvalid> {};
+
+template <>
+struct ParamTraits<GMPVideoCodecComplexity>
+ : public ContiguousEnumSerializer<GMPVideoCodecComplexity,
+ kGMPComplexityNormal,
+ kGMPComplexityInvalid> {};
+
+template <>
+struct ParamTraits<GMPVP8ResilienceMode>
+ : public ContiguousEnumSerializer<GMPVP8ResilienceMode, kResilienceOff,
+ kResilienceInvalid> {};
+
+template <>
+struct ParamTraits<GMPVideoCodecType>
+ : public ContiguousEnumSerializer<GMPVideoCodecType, kGMPVideoCodecVP8,
+ kGMPVideoCodecInvalid> {};
+
+template <>
+struct ParamTraits<GMPVideoCodecMode>
+ : public ContiguousEnumSerializer<GMPVideoCodecMode, kGMPRealtimeVideo,
+ kGMPCodecModeInvalid> {};
+
+template <>
+struct ParamTraits<GMPLogLevel>
+ : public ContiguousEnumSerializerInclusive<GMPLogLevel, kGMPLogDefault,
+ kGMPLogInvalid> {};
+
+template <>
+struct ParamTraits<GMPBufferType>
+ : public ContiguousEnumSerializer<GMPBufferType, GMP_BufferSingle,
+ GMP_BufferInvalid> {};
+
+template <>
+struct ParamTraits<cdm::EncryptionScheme>
+ : public ContiguousEnumSerializerInclusive<
+ cdm::EncryptionScheme, cdm::EncryptionScheme::kUnencrypted,
+ cdm::EncryptionScheme::kCbcs> {};
+
+template <>
+struct ParamTraits<cdm::HdcpVersion>
+ : public ContiguousEnumSerializerInclusive<
+ cdm::HdcpVersion, cdm::HdcpVersion::kHdcpVersionNone,
+ cdm::HdcpVersion::kHdcpVersion2_3> {};
+
+template <>
+struct ParamTraits<GMPSimulcastStream> {
+ typedef GMPSimulcastStream paramType;
+
+ static void Write(MessageWriter* aWriter, const paramType& aParam) {
+ WriteParam(aWriter, aParam.mWidth);
+ WriteParam(aWriter, aParam.mHeight);
+ WriteParam(aWriter, aParam.mNumberOfTemporalLayers);
+ WriteParam(aWriter, aParam.mMaxBitrate);
+ WriteParam(aWriter, aParam.mTargetBitrate);
+ WriteParam(aWriter, aParam.mMinBitrate);
+ WriteParam(aWriter, aParam.mQPMax);
+ }
+
+ static bool Read(MessageReader* aReader, paramType* aResult) {
+ if (ReadParam(aReader, &(aResult->mWidth)) &&
+ ReadParam(aReader, &(aResult->mHeight)) &&
+ ReadParam(aReader, &(aResult->mNumberOfTemporalLayers)) &&
+ ReadParam(aReader, &(aResult->mMaxBitrate)) &&
+ ReadParam(aReader, &(aResult->mTargetBitrate)) &&
+ ReadParam(aReader, &(aResult->mMinBitrate)) &&
+ ReadParam(aReader, &(aResult->mQPMax))) {
+ return true;
+ }
+ return false;
+ }
+};
+
+template <>
+struct ParamTraits<GMPVideoCodec> {
+ typedef GMPVideoCodec paramType;
+
+ static void Write(MessageWriter* aWriter, const paramType& aParam) {
+ WriteParam(aWriter, aParam.mGMPApiVersion);
+ WriteParam(aWriter, aParam.mCodecType);
+ WriteParam(aWriter, static_cast<const nsCString&>(
+ nsDependentCString(aParam.mPLName)));
+ WriteParam(aWriter, aParam.mPLType);
+ WriteParam(aWriter, aParam.mWidth);
+ WriteParam(aWriter, aParam.mHeight);
+ WriteParam(aWriter, aParam.mStartBitrate);
+ WriteParam(aWriter, aParam.mMaxBitrate);
+ WriteParam(aWriter, aParam.mMinBitrate);
+ WriteParam(aWriter, aParam.mMaxFramerate);
+ WriteParam(aWriter, aParam.mFrameDroppingOn);
+ WriteParam(aWriter, aParam.mKeyFrameInterval);
+ WriteParam(aWriter, aParam.mQPMax);
+ WriteParam(aWriter, aParam.mNumberOfSimulcastStreams);
+ for (uint32_t i = 0; i < aParam.mNumberOfSimulcastStreams; i++) {
+ WriteParam(aWriter, aParam.mSimulcastStream[i]);
+ }
+ WriteParam(aWriter, aParam.mMode);
+ WriteParam(aWriter, aParam.mUseThreadedDecode);
+ WriteParam(aWriter, aParam.mLogLevel);
+ }
+
+ static bool Read(MessageReader* aReader, paramType* aResult) {
+ // NOTE: make sure this matches any versions supported
+ if (!ReadParam(aReader, &(aResult->mGMPApiVersion)) ||
+ (aResult->mGMPApiVersion != kGMPVersion33 &&
+ aResult->mGMPApiVersion != kGMPVersion34)) {
+ return false;
+ }
+ if (!ReadParam(aReader, &(aResult->mCodecType))) {
+ return false;
+ }
+
+ nsAutoCString plName;
+ if (!ReadParam(aReader, &plName) ||
+ plName.Length() > kGMPPayloadNameSize - 1) {
+ return false;
+ }
+ memcpy(aResult->mPLName, plName.get(), plName.Length());
+ memset(aResult->mPLName + plName.Length(), 0,
+ kGMPPayloadNameSize - plName.Length());
+
+ if (!ReadParam(aReader, &(aResult->mPLType)) ||
+ !ReadParam(aReader, &(aResult->mWidth)) ||
+ !ReadParam(aReader, &(aResult->mHeight)) ||
+ !ReadParam(aReader, &(aResult->mStartBitrate)) ||
+ !ReadParam(aReader, &(aResult->mMaxBitrate)) ||
+ !ReadParam(aReader, &(aResult->mMinBitrate)) ||
+ !ReadParam(aReader, &(aResult->mMaxFramerate)) ||
+ !ReadParam(aReader, &(aResult->mFrameDroppingOn)) ||
+ !ReadParam(aReader, &(aResult->mKeyFrameInterval))) {
+ return false;
+ }
+
+ if (!ReadParam(aReader, &(aResult->mQPMax)) ||
+ !ReadParam(aReader, &(aResult->mNumberOfSimulcastStreams))) {
+ return false;
+ }
+
+ if (aResult->mNumberOfSimulcastStreams > kGMPMaxSimulcastStreams) {
+ return false;
+ }
+
+ for (uint32_t i = 0; i < aResult->mNumberOfSimulcastStreams; i++) {
+ if (!ReadParam(aReader, &(aResult->mSimulcastStream[i]))) {
+ return false;
+ }
+ }
+
+ if (!ReadParam(aReader, &(aResult->mMode)) ||
+ !ReadParam(aReader, &(aResult->mUseThreadedDecode)) ||
+ !ReadParam(aReader, &(aResult->mLogLevel))) {
+ return false;
+ }
+
+ return true;
+ }
+};
+
+} // namespace IPC
+
+#endif // GMPMessageUtils_h_
diff --git a/dom/media/gmp/GMPNativeTypes.h b/dom/media/gmp/GMPNativeTypes.h
new file mode 100644
index 0000000000..39cf660d56
--- /dev/null
+++ b/dom/media/gmp/GMPNativeTypes.h
@@ -0,0 +1,18 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPNativeTypes_h_
+#define GMPNativeTypes_h_
+
+enum class GMPPluginType {
+ Unknown,
+ Fake,
+ Clearkey,
+ OpenH264,
+ Widevine,
+ WidevineL1,
+};
+
+#endif
diff --git a/dom/media/gmp/GMPParent.cpp b/dom/media/gmp/GMPParent.cpp
new file mode 100644
index 0000000000..115e9b7392
--- /dev/null
+++ b/dom/media/gmp/GMPParent.cpp
@@ -0,0 +1,1372 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPParent.h"
+
+#include "CDMStorageIdProvider.h"
+#include "ChromiumCDMAdapter.h"
+#include "GeckoProfiler.h"
+#include "GMPContentParent.h"
+#include "GMPLog.h"
+#include "GMPTimerParent.h"
+#include "MediaResult.h"
+#include "mozIGeckoMediaPluginService.h"
+#include "mozilla/dom/KeySystemNames.h"
+#include "mozilla/dom/WidevineCDMManifestBinding.h"
+#include "mozilla/FOGIPC.h"
+#include "mozilla/ipc/CrashReporterHost.h"
+#include "mozilla/ipc/Endpoint.h"
+#include "mozilla/ipc/GeckoChildProcessHost.h"
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+# include "mozilla/SandboxInfo.h"
+# include "base/shared_memory.h"
+#endif
+#include "mozilla/Services.h"
+#include "mozilla/SSE.h"
+#include "mozilla/StaticPrefs_media.h"
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIRunnable.h"
+#include "nsIObserverService.h"
+#include "nsIWritablePropertyBag2.h"
+#include "nsPrintfCString.h"
+#include "nsThreadUtils.h"
+#include "ProfilerParent.h"
+#include "runnable_utils.h"
+#ifdef XP_WIN
+# include "mozilla/FileUtilsWin.h"
+# include "mozilla/WinDllServices.h"
+# include "WMFDecoderModule.h"
+#endif
+#if defined(MOZ_WIDGET_ANDROID)
+# include "mozilla/java/GeckoProcessManagerWrappers.h"
+# include "mozilla/java/GeckoProcessTypeWrappers.h"
+#endif // defined(MOZ_WIDGET_ANDROID)
+#if defined(XP_MACOSX)
+# include "nsMacUtilsImpl.h"
+# include "base/process_util.h"
+#endif // defined(XP_MACOSX)
+
+using mozilla::ipc::GeckoChildProcessHost;
+
+using CrashReporter::AnnotationTable;
+
+namespace mozilla::gmp {
+
+#define GMP_PARENT_LOG_DEBUG(x, ...) \
+ GMP_LOG_DEBUG("GMPParent[%p|childPid=%d] " x, this, mChildPid, ##__VA_ARGS__)
+
+#ifdef __CLASS__
+# undef __CLASS__
+#endif
+#define __CLASS__ "GMPParent"
+
+GMPParent::GMPParent()
+ : mState(GMPState::NotLoaded),
+ mPluginId(GeckoChildProcessHost::GetUniqueID()),
+ mProcess(nullptr),
+ mDeleteProcessOnlyOnUnload(false),
+ mAbnormalShutdownInProgress(false),
+ mIsBlockingDeletion(false),
+ mCanDecrypt(false),
+ mGMPContentChildCount(0),
+ mChildPid(0),
+#ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
+ mChildLaunchArch(base::PROCESS_ARCH_INVALID),
+#endif
+ mMainThread(GetMainThreadSerialEventTarget()) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_PARENT_LOG_DEBUG("GMPParent ctor id=%u", mPluginId);
+}
+
+GMPParent::~GMPParent() {
+ // This method is not restricted to a specific thread.
+ GMP_PARENT_LOG_DEBUG("GMPParent dtor id=%u", mPluginId);
+ MOZ_ASSERT(!mProcess);
+}
+
+void GMPParent::CloneFrom(const GMPParent* aOther) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ MOZ_ASSERT(aOther->mDirectory && aOther->mService, "null plugin directory");
+
+ mService = aOther->mService;
+ mDirectory = aOther->mDirectory;
+ mName = aOther->mName;
+ mVersion = aOther->mVersion;
+ mDescription = aOther->mDescription;
+ mDisplayName = aOther->mDisplayName;
+ mPluginType = aOther->mPluginType;
+#if defined(XP_WIN) || defined(XP_LINUX)
+ mLibs = aOther->mLibs;
+#endif
+ for (const GMPCapability& cap : aOther->mCapabilities) {
+ mCapabilities.AppendElement(cap);
+ }
+ mAdapter = aOther->mAdapter;
+
+#ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
+ mChildLaunchArch = aOther->mChildLaunchArch;
+#endif
+}
+
+#if defined(XP_WIN) || defined(XP_MACOSX)
+nsresult GMPParent::GetPluginFileArch(nsIFile* aPluginDir,
+ const nsString& aBaseName,
+ uint32_t& aArchSet) {
+ // Build up the plugin filename
+# if defined(XP_MACOSX)
+ nsAutoString pluginFileName = u"lib"_ns + aBaseName + u".dylib"_ns;
+# elif defined(XP_WIN)
+ nsAutoString pluginFileName = aBaseName + u".dll"_ns;
+# endif
+ GMP_PARENT_LOG_DEBUG("%s: pluginFileName: %s", __FUNCTION__,
+ NS_LossyConvertUTF16toASCII(pluginFileName).get());
+
+ // Create an nsIFile representing the plugin
+ nsCOMPtr<nsIFile> pluginFile;
+ nsresult rv = aPluginDir->Clone(getter_AddRefs(pluginFile));
+ NS_ENSURE_SUCCESS(rv, rv);
+ pluginFile->AppendRelativePath(pluginFileName);
+
+# if defined(XP_MACOSX)
+ // Get the full plugin path
+ nsAutoCString pluginPath;
+ rv = pluginFile->GetNativePath(pluginPath);
+ NS_ENSURE_SUCCESS(rv, rv);
+ GMP_PARENT_LOG_DEBUG("%s: pluginPath: %s", __FUNCTION__, pluginPath.get());
+
+ rv = nsMacUtilsImpl::GetArchitecturesForBinary(pluginPath.get(), &aArchSet);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+# if defined(__aarch64__)
+ mPluginFilePath = pluginPath;
+# endif
+# elif defined(XP_WIN)
+ // Get the full plugin path
+ nsAutoString pluginPath;
+ rv = pluginFile->GetTarget(pluginPath);
+ NS_ENSURE_SUCCESS(rv, rv);
+ GMP_PARENT_LOG_DEBUG("%s: pluginPath: %s", __FUNCTION__,
+ NS_LossyConvertUTF16toASCII(pluginPath).get());
+
+ aArchSet = GetExecutableArchitecture(pluginPath.get());
+ if (aArchSet == base::PROCESS_ARCH_INVALID) {
+ return NS_ERROR_FAILURE;
+ }
+# endif
+
+ return NS_OK;
+}
+#endif // defined(XP_WIN) || defined(XP_MACOSX)
+
+RefPtr<GenericPromise> GMPParent::Init(GeckoMediaPluginServiceParent* aService,
+ nsIFile* aPluginDir) {
+ MOZ_ASSERT(aPluginDir);
+ MOZ_ASSERT(aService);
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+
+ mService = aService;
+ mDirectory = aPluginDir;
+
+ // aPluginDir is <profile-dir>/<gmp-plugin-id>/<version>
+ // where <gmp-plugin-id> should be gmp-gmpopenh264
+ nsCOMPtr<nsIFile> parent;
+ nsresult rv = aPluginDir->GetParent(getter_AddRefs(parent));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return GenericPromise::CreateAndReject(rv, __func__);
+ }
+ nsAutoString parentLeafName;
+ rv = parent->GetLeafName(parentLeafName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return GenericPromise::CreateAndReject(rv, __func__);
+ }
+ GMP_PARENT_LOG_DEBUG("%s: for %s", __FUNCTION__,
+ NS_LossyConvertUTF16toASCII(parentLeafName).get());
+
+ MOZ_ASSERT(parentLeafName.Length() > 4);
+ mName = Substring(parentLeafName, 4);
+
+#if defined(XP_WIN) || defined(XP_MACOSX)
+ uint32_t pluginArch = base::PROCESS_ARCH_INVALID;
+ rv = GetPluginFileArch(
+ aPluginDir,
+# ifdef MOZ_WMF_CDM
+ mName.Equals(u"widevinecdm-l1"_ns) ? u"Google.Widevine.CDM"_ns : mName,
+# else
+ mName,
+# endif
+ pluginArch);
+ if (NS_FAILED(rv)) {
+ GMP_PARENT_LOG_DEBUG("%s: Plugin arch error: %d", __FUNCTION__,
+ uint32_t(rv));
+ } else {
+ GMP_PARENT_LOG_DEBUG("%s: Plugin arch: 0x%x", __FUNCTION__, pluginArch);
+ }
+
+ const uint32_t x86 = base::PROCESS_ARCH_X86_64 | base::PROCESS_ARCH_I386;
+# ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
+ const uint32_t arm64 = base::PROCESS_ARCH_ARM_64;
+
+ mChildLaunchArch = pluginArch;
+ // When executing in an ARM64 process, if the library is x86 or x64,
+ // set |mChildLaunchArch| to x64 and allow the library to be used as long
+ // as this process is a universal binary.
+ if (!(pluginArch & arm64) && (pluginArch & x86)) {
+ bool isWidevine = parentLeafName.Find(u"widevine") != kNotFound;
+ bool isWidevineAllowed =
+ StaticPrefs::media_gmp_widevinecdm_allow_x64_plugin_on_arm64();
+ bool isH264 = parentLeafName.Find(u"openh264") != kNotFound;
+ bool isH264Allowed =
+ StaticPrefs::media_gmp_gmpopenh264_allow_x64_plugin_on_arm64();
+ bool isClearkey = parentLeafName.Find(u"clearkey") != kNotFound;
+ bool isClearkeyAllowed =
+ StaticPrefs::media_gmp_gmpclearkey_allow_x64_plugin_on_arm64();
+
+ // Only allow x64 child GMP processes for Widevine, OpenH264 and Clearkey
+ if (!isWidevine && !isH264 && !isClearkey) {
+ return GenericPromise::CreateAndReject(NS_ERROR_NOT_IMPLEMENTED,
+ __func__);
+ }
+ // And only if prefs permit it.
+ if ((isWidevine && !isWidevineAllowed) || (isH264 && !isH264Allowed) ||
+ (isClearkey && !isClearkeyAllowed)) {
+ return GenericPromise::CreateAndReject(NS_ERROR_PLUGIN_DISABLED,
+ __func__);
+ }
+
+# ifdef XP_MACOSX
+ // We have an x64 library. Get the bundle architecture to determine
+ // if we are a universal binary and hence if we can launch an x64
+ // child process to host this plugin.
+ uint32_t bundleArch = base::PROCESS_ARCH_INVALID;
+ rv = nsMacUtilsImpl::GetArchitecturesForBundle(&bundleArch);
+ if (NS_FAILED(rv)) {
+ // If we fail here, continue as if this is not a univeral binary.
+ GMP_PARENT_LOG_DEBUG("%s: Bundle arch error: %d", __FUNCTION__,
+ uint32_t(rv));
+ } else {
+ GMP_PARENT_LOG_DEBUG("%s: Bundle arch: 0x%x", __FUNCTION__, bundleArch);
+ }
+
+ bool isUniversalBinary = (bundleArch & base::PROCESS_ARCH_X86_64) &&
+ (bundleArch & base::PROCESS_ARCH_ARM_64);
+ if (isUniversalBinary) {
+ mChildLaunchArch = base::PROCESS_ARCH_X86_64;
+ PreTranslateBins();
+ } else {
+ return GenericPromise::CreateAndReject(NS_ERROR_NOT_IMPLEMENTED,
+ __func__);
+ }
+# endif
+ }
+# else
+ // When executing in a non-ARM process, if the library is not x86 or x64,
+ // remove it and return an error. This prevents a child process crash due
+ // to loading an incompatible library and forces a new plugin version to be
+ // downloaded when the check is next performed. This could occur if a profile
+ // is moved from an ARM64 system to an x64 system.
+ if ((pluginArch & x86) == 0) {
+ GMP_PARENT_LOG_DEBUG("%s: Removing plugin directory", __FUNCTION__);
+ aPluginDir->Remove(true);
+ return GenericPromise::CreateAndReject(NS_ERROR_NOT_IMPLEMENTED, __func__);
+ }
+# endif // defined(ALLOW_GECKO_CHILD_PROCESS_ARCH)
+#endif // defined(XP_WIN) || defined(XP_MACOSX)
+
+ return ReadGMPMetaData();
+}
+
+void GMPParent::Crash() {
+ if (mState != GMPState::NotLoaded) {
+ Unused << SendCrashPluginNow();
+ }
+}
+
+class NotifyGMPProcessLoadedTask : public Runnable {
+ public:
+ explicit NotifyGMPProcessLoadedTask(const ::base::ProcessId aProcessId,
+ GMPParent* aGMPParent)
+ : Runnable("NotifyGMPProcessLoadedTask"),
+ mProcessId(aProcessId),
+ mGMPParent(aGMPParent) {}
+
+ NS_IMETHOD Run() override {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ bool canProfile = true;
+
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+ if (SandboxInfo::Get().Test(SandboxInfo::kEnabledForMedia) &&
+ base::SharedMemory::UsingPosixShm()) {
+ canProfile = false;
+ }
+#endif
+
+ nsCOMPtr<nsISerialEventTarget> gmpEventTarget =
+ mGMPParent->GMPEventTarget();
+ if (NS_WARN_IF(!gmpEventTarget)) {
+ return NS_ERROR_FAILURE;
+ }
+
+#if defined(XP_WIN)
+ RefPtr<DllServices> dllSvc(DllServices::Get());
+ bool isReadyForBackgroundProcessing =
+ dllSvc->IsReadyForBackgroundProcessing();
+ gmpEventTarget->Dispatch(NewRunnableMethod<bool, bool>(
+ "GMPParent::SendInitDllServices", mGMPParent,
+ &GMPParent::SendInitDllServices, isReadyForBackgroundProcessing,
+ Telemetry::CanRecordReleaseData()));
+#endif
+
+ if (canProfile) {
+ ipc::Endpoint<PProfilerChild> profilerParent(
+ ProfilerParent::CreateForProcess(mProcessId));
+
+ gmpEventTarget->Dispatch(
+ NewRunnableMethod<ipc::Endpoint<mozilla::PProfilerChild>&&>(
+ "GMPParent::SendInitProfiler", mGMPParent,
+ &GMPParent::SendInitProfiler, std::move(profilerParent)));
+ }
+
+ return NS_OK;
+ }
+
+ ::base::ProcessId mProcessId;
+ const RefPtr<GMPParent> mGMPParent;
+};
+
+nsresult GMPParent::LoadProcess() {
+ MOZ_ASSERT(mDirectory, "Plugin directory cannot be NULL!");
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ MOZ_ASSERT(mState == GMPState::NotLoaded);
+
+ if (NS_WARN_IF(mPluginType == GMPPluginType::WidevineL1)) {
+ GMP_PARENT_LOG_DEBUG("%s: cannot load process for WidevineL1",
+ __FUNCTION__);
+ return NS_ERROR_NOT_IMPLEMENTED;
+ }
+
+ nsAutoString path;
+ if (NS_WARN_IF(NS_FAILED(mDirectory->GetPath(path)))) {
+ return NS_ERROR_FAILURE;
+ }
+ GMP_PARENT_LOG_DEBUG("%s: for %s", __FUNCTION__,
+ NS_ConvertUTF16toUTF8(path).get());
+
+ if (!mProcess) {
+ mProcess = new GMPProcessParent(NS_ConvertUTF16toUTF8(path).get());
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ mProcess->SetRequiresWindowServer(mAdapter.EqualsLiteral("chromium"));
+#endif
+
+#ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
+ mProcess->SetLaunchArchitecture(mChildLaunchArch);
+#endif
+
+ if (!mProcess->Launch(30 * 1000)) {
+ GMP_PARENT_LOG_DEBUG("%s: Failed to launch new child process",
+ __FUNCTION__);
+ mProcess->Delete();
+ mProcess = nullptr;
+ return NS_ERROR_FAILURE;
+ }
+
+ mChildPid = mProcess->GetChildProcessId();
+ GMP_PARENT_LOG_DEBUG("%s: Launched new child process", __FUNCTION__);
+
+ bool opened = mProcess->TakeInitialEndpoint().Bind(this);
+ if (!opened) {
+ GMP_PARENT_LOG_DEBUG("%s: Failed to open channel to new child process",
+ __FUNCTION__);
+ mProcess->Delete();
+ mProcess = nullptr;
+ return NS_ERROR_FAILURE;
+ }
+ GMP_PARENT_LOG_DEBUG("%s: Opened channel to new child process",
+ __FUNCTION__);
+
+ // ComputeStorageId may return empty string, we leave the error handling to
+ // CDM. The CDM will reject the promise once we provide a empty string of
+ // storage id.
+ bool ok =
+ SendProvideStorageId(CDMStorageIdProvider::ComputeStorageId(mNodeId));
+ if (!ok) {
+ GMP_PARENT_LOG_DEBUG("%s: Failed to send storage id to child process",
+ __FUNCTION__);
+ return NS_ERROR_FAILURE;
+ }
+ GMP_PARENT_LOG_DEBUG("%s: Sent storage id to child process", __FUNCTION__);
+
+#if defined(XP_WIN) || defined(XP_LINUX)
+ if (!mLibs.IsEmpty()) {
+ bool ok = SendPreloadLibs(mLibs);
+ if (!ok) {
+ GMP_PARENT_LOG_DEBUG("%s: Failed to send preload-libs to child process",
+ __FUNCTION__);
+ return NS_ERROR_FAILURE;
+ }
+ GMP_PARENT_LOG_DEBUG("%s: Sent preload-libs ('%s') to child process",
+ __FUNCTION__, mLibs.get());
+ }
+#endif
+
+ NS_DispatchToMainThread(new NotifyGMPProcessLoadedTask(OtherPid(), this));
+
+ // Intr call to block initialization on plugin load.
+ if (!SendStartPlugin(mAdapter)) {
+ GMP_PARENT_LOG_DEBUG("%s: Failed to send start to child process",
+ __FUNCTION__);
+ return NS_ERROR_FAILURE;
+ }
+ GMP_PARENT_LOG_DEBUG("%s: Sent StartPlugin to child process", __FUNCTION__);
+ }
+
+ mState = GMPState::Loaded;
+
+ return NS_OK;
+}
+
+void GMPParent::OnPreferenceChange(const mozilla::dom::Pref& aPref) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_PARENT_LOG_DEBUG("%s", __FUNCTION__);
+
+ if (!mProcess || !mProcess->UseXPCOM()) {
+ return;
+ }
+
+ Unused << SendPreferenceUpdate(aPref);
+}
+
+mozilla::ipc::IPCResult GMPParent::RecvPGMPContentChildDestroyed() {
+ --mGMPContentChildCount;
+ if (!IsUsed()) {
+ CloseIfUnused();
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPParent::RecvFOGData(ByteBuf&& aBuf) {
+ GMP_PARENT_LOG_DEBUG("GMPParent RecvFOGData");
+ glean::FOGData(std::move(aBuf));
+ return IPC_OK();
+}
+
+#if defined(XP_WIN)
+mozilla::ipc::IPCResult GMPParent::RecvGetModulesTrust(
+ ModulePaths&& aModPaths, bool aRunAtNormalPriority,
+ GetModulesTrustResolver&& aResolver) {
+ class ModulesTrustRunnable final : public Runnable {
+ public:
+ ModulesTrustRunnable(ModulePaths&& aModPaths, bool aRunAtNormalPriority,
+ GetModulesTrustResolver&& aResolver)
+ : Runnable("GMPParent::RecvGetModulesTrust::ModulesTrustRunnable"),
+ mModPaths(std::move(aModPaths)),
+ mResolver(std::move(aResolver)),
+ mEventTarget(GetCurrentSerialEventTarget()),
+ mRunAtNormalPriority(aRunAtNormalPriority) {}
+
+ NS_IMETHOD Run() override {
+ RefPtr<DllServices> dllSvc(DllServices::Get());
+ dllSvc->GetModulesTrust(std::move(mModPaths), mRunAtNormalPriority)
+ ->Then(
+ mEventTarget, __func__,
+ [self = RefPtr{this}](ModulesMapResult&& aResult) {
+ self->mResolver(Some(ModulesMapResult(std::move(aResult))));
+ },
+ [self = RefPtr{this}](nsresult aRv) {
+ self->mResolver(Nothing());
+ });
+ return NS_OK;
+ }
+
+ private:
+ ~ModulesTrustRunnable() override = default;
+
+ ModulePaths mModPaths;
+ GetModulesTrustResolver mResolver;
+ nsCOMPtr<nsISerialEventTarget> mEventTarget;
+ bool mRunAtNormalPriority;
+ };
+
+ NS_DispatchToMainThread(MakeAndAddRef<ModulesTrustRunnable>(
+ std::move(aModPaths), aRunAtNormalPriority, std::move(aResolver)));
+ return IPC_OK();
+}
+#endif // defined(XP_WIN)
+
+void GMPParent::CloseIfUnused() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_PARENT_LOG_DEBUG("%s", __FUNCTION__);
+
+ if ((mDeleteProcessOnlyOnUnload || mState == GMPState::Loaded ||
+ mState == GMPState::Unloading) &&
+ !IsUsed()) {
+ // Ensure all timers are killed.
+ for (uint32_t i = mTimers.Length(); i > 0; i--) {
+ mTimers[i - 1]->Shutdown();
+ }
+
+ // Shutdown GMPStorage. Given that all protocol actors must be shutdown
+ // (!Used() is true), all storage operations should be complete.
+ for (size_t i = mStorage.Length(); i > 0; i--) {
+ mStorage[i - 1]->Shutdown();
+ }
+ Shutdown();
+ }
+}
+
+void GMPParent::CloseActive(bool aDieWhenUnloaded) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_PARENT_LOG_DEBUG("%s: state %u", __FUNCTION__,
+ uint32_t(GMPState(mState)));
+
+ if (aDieWhenUnloaded) {
+ mDeleteProcessOnlyOnUnload = true; // don't allow this to go back...
+ }
+ if (mState == GMPState::Loaded) {
+ mState = GMPState::Unloading;
+ }
+ if (mState != GMPState::NotLoaded && IsUsed()) {
+ Unused << SendCloseActive();
+ CloseIfUnused();
+ }
+}
+
+void GMPParent::MarkForDeletion() {
+ mDeleteProcessOnlyOnUnload = true;
+ mIsBlockingDeletion = true;
+}
+
+bool GMPParent::IsMarkedForDeletion() { return mIsBlockingDeletion; }
+
+void GMPParent::Shutdown() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_PARENT_LOG_DEBUG("%s", __FUNCTION__);
+
+ if (mAbnormalShutdownInProgress) {
+ return;
+ }
+
+ MOZ_ASSERT(!IsUsed());
+ switch (mState) {
+ case GMPState::NotLoaded:
+ case GMPState::Closing:
+ case GMPState::Closed:
+ return;
+ default:
+ break;
+ }
+
+ RefPtr<GMPParent> self(this);
+ DeleteProcess();
+
+ // XXX Get rid of mDeleteProcessOnlyOnUnload and this code when
+ // Bug 1043671 is fixed
+ if (!mDeleteProcessOnlyOnUnload) {
+ // Destroy ourselves and rise from the fire to save memory
+ mService->ReAddOnGMPThread(self);
+ } // else we've been asked to die and stay dead
+ MOZ_ASSERT(mState == GMPState::NotLoaded || mState == GMPState::Closing);
+}
+
+class NotifyGMPShutdownTask : public Runnable {
+ public:
+ explicit NotifyGMPShutdownTask(const nsAString& aNodeId)
+ : Runnable("NotifyGMPShutdownTask"), mNodeId(aNodeId) {}
+ NS_IMETHOD Run() override {
+ MOZ_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIObserverService> obsService =
+ mozilla::services::GetObserverService();
+ MOZ_ASSERT(obsService);
+ if (obsService) {
+ obsService->NotifyObservers(nullptr, "gmp-shutdown", mNodeId.get());
+ }
+ return NS_OK;
+ }
+ nsString mNodeId;
+};
+
+void GMPParent::ChildTerminated() {
+ RefPtr<GMPParent> self(this);
+ nsCOMPtr<nsISerialEventTarget> gmpEventTarget = GMPEventTarget();
+
+ if (!gmpEventTarget) {
+ // Bug 1163239 - this can happen on shutdown.
+ // PluginTerminated removes the GMP from the GMPService.
+ // On shutdown we can have this case where it is already been
+ // removed so there is no harm in not trying to remove it again.
+ GMP_PARENT_LOG_DEBUG("%s::%s: GMPEventTarget() returned nullptr.",
+ __CLASS__, __FUNCTION__);
+ } else {
+ gmpEventTarget->Dispatch(
+ NewRunnableMethod<RefPtr<GMPParent>>(
+ "gmp::GeckoMediaPluginServiceParent::PluginTerminated", mService,
+ &GeckoMediaPluginServiceParent::PluginTerminated, self),
+ NS_DISPATCH_NORMAL);
+ }
+}
+
+void GMPParent::DeleteProcess() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+
+ switch (mState) {
+ case GMPState::Closed:
+ // Closing has finished, we can proceed to destroy the process.
+ break;
+ case GMPState::Closing:
+ // Closing in progress, just waiting for the shutdown response.
+ GMP_PARENT_LOG_DEBUG("%s: Shutdown handshake in progress.", __FUNCTION__);
+ return;
+ default: {
+ // Don't Close() twice!
+ // Probably remove when bug 1043671 is resolved
+ GMP_PARENT_LOG_DEBUG("%s: Shutdown handshake starting.", __FUNCTION__);
+
+ RefPtr<GMPParent> self = this;
+ nsCOMPtr<nsISerialEventTarget> gmpEventTarget = GMPEventTarget();
+ mState = GMPState::Closing;
+ // Let's attempt to get the profile from the child process if we can
+ // before we destroy it. This is particularly important for the GMP
+ // process because we aggressively shut it down when not in active use, so
+ // it is easy to miss the recordings during profiling.
+ SendShutdown()->Then(
+ gmpEventTarget, __func__,
+ [self](nsCString&& aProfile) {
+ GMP_LOG_DEBUG(
+ "GMPParent[%p|childPid=%d] DeleteProcess: Shutdown handshake "
+ "success, profileLen=%zu.",
+ self.get(), self->mChildPid, aProfile.Length());
+ if (!aProfile.IsEmpty()) {
+ NS_DispatchToMainThread(NS_NewRunnableFunction(
+ "GMPParent::DeleteProcess",
+ [profile = std::move(aProfile)]() {
+ profiler_received_exit_profile(profile);
+ }));
+ }
+ self->mState = GMPState::Closed;
+ self->Close();
+ self->DeleteProcess();
+ },
+ [self](const ipc::ResponseRejectReason&) {
+ GMP_LOG_DEBUG(
+ "GMPParent[%p|childPid=%d] DeleteProcess: Shutdown handshake "
+ "error.",
+ self.get(), self->mChildPid);
+ self->mState = GMPState::Closed;
+ self->Close();
+ self->DeleteProcess();
+ });
+ return;
+ }
+ }
+
+ GMP_PARENT_LOG_DEBUG("%s: Shutting down process.", __FUNCTION__);
+ mProcess->Delete(NewRunnableMethod("gmp::GMPParent::ChildTerminated", this,
+ &GMPParent::ChildTerminated));
+ GMP_PARENT_LOG_DEBUG("%s: Shut down process", __FUNCTION__);
+ mProcess = nullptr;
+
+#if defined(MOZ_WIDGET_ANDROID)
+ if (mState != GMPState::NotLoaded) {
+ nsCOMPtr<nsIEventTarget> launcherThread(ipc::GetIPCLauncher());
+ MOZ_ASSERT(launcherThread);
+
+ auto procType = java::GeckoProcessType::GMPLUGIN();
+ auto selector =
+ java::GeckoProcessManager::Selector::New(procType, OtherPid());
+
+ launcherThread->Dispatch(NS_NewRunnableFunction(
+ "GMPParent::DeleteProcess",
+ [selector =
+ java::GeckoProcessManager::Selector::GlobalRef(selector)]() {
+ java::GeckoProcessManager::ShutdownProcess(selector);
+ }));
+ }
+#endif // defined(MOZ_WIDGET_ANDROID)
+
+ mState = GMPState::NotLoaded;
+
+ nsCOMPtr<nsIRunnable> r =
+ new NotifyGMPShutdownTask(NS_ConvertUTF8toUTF16(mNodeId));
+ mMainThread->Dispatch(r.forget());
+}
+
+GMPState GMPParent::State() const { return mState; }
+
+nsCOMPtr<nsISerialEventTarget> GMPParent::GMPEventTarget() {
+ nsCOMPtr<mozIGeckoMediaPluginService> mps =
+ do_GetService("@mozilla.org/gecko-media-plugin-service;1");
+ MOZ_ASSERT(mps);
+ if (!mps) {
+ return nullptr;
+ }
+ // Note: GeckoMediaPluginService::GetThread() is threadsafe, and returns
+ // nullptr if the GeckoMediaPluginService has started shutdown.
+ nsCOMPtr<nsIThread> gmpThread;
+ mps->GetThread(getter_AddRefs(gmpThread));
+ return gmpThread;
+}
+
+/* static */
+bool GMPCapability::Supports(const nsTArray<GMPCapability>& aCapabilities,
+ const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags) {
+ for (const nsCString& tag : aTags) {
+ if (!GMPCapability::Supports(aCapabilities, aAPI, tag)) {
+ return false;
+ }
+ }
+ return true;
+}
+
+/* static */
+bool GMPCapability::Supports(const nsTArray<GMPCapability>& aCapabilities,
+ const nsACString& aAPI, const nsCString& aTag) {
+ for (const GMPCapability& capabilities : aCapabilities) {
+ if (!capabilities.mAPIName.Equals(aAPI)) {
+ continue;
+ }
+ for (const nsCString& tag : capabilities.mAPITags) {
+ if (tag.Equals(aTag)) {
+#ifdef XP_WIN
+ // Clearkey on Windows advertises that it can decode in its GMP info
+ // file, but uses Windows Media Foundation to decode. That's not present
+ // on Windows XP, and on some Vista, Windows N, and KN variants without
+ // certain services packs.
+ if (tag.EqualsLiteral(kClearKeyKeySystemName)) {
+ if (capabilities.mAPIName.EqualsLiteral(GMP_API_VIDEO_DECODER)) {
+ if (!WMFDecoderModule::CanCreateMFTDecoder(WMFStreamType::H264)) {
+ continue;
+ }
+ }
+ }
+#endif
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+bool GMPParent::EnsureProcessLoaded() {
+ switch (mState) {
+ case GMPState::NotLoaded:
+ return NS_SUCCEEDED(LoadProcess());
+ case GMPState::Loaded:
+ return true;
+ case GMPState::Unloading:
+ case GMPState::Closing:
+ case GMPState::Closed:
+ return false;
+ }
+
+ MOZ_ASSERT_UNREACHABLE("Unhandled GMPState!");
+ return false;
+}
+
+void GMPParent::AddCrashAnnotations() {
+ if (mCrashReporter) {
+ mCrashReporter->AddAnnotation(CrashReporter::Annotation::GMPPlugin, true);
+ mCrashReporter->AddAnnotation(CrashReporter::Annotation::PluginFilename,
+ NS_ConvertUTF16toUTF8(mName));
+ mCrashReporter->AddAnnotation(CrashReporter::Annotation::PluginName,
+ mDisplayName);
+ mCrashReporter->AddAnnotation(CrashReporter::Annotation::PluginVersion,
+ mVersion);
+ }
+}
+
+void GMPParent::GetCrashID(nsString& aResult) {
+ AddCrashAnnotations();
+ GenerateCrashReport(OtherPid(), &aResult);
+}
+
+static void GMPNotifyObservers(const uint32_t aPluginID,
+ const nsACString& aPluginName,
+ const nsAString& aPluginDumpID) {
+ nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
+ nsCOMPtr<nsIWritablePropertyBag2> propbag =
+ do_CreateInstance("@mozilla.org/hash-property-bag;1");
+ if (obs && propbag) {
+ propbag->SetPropertyAsUint32(u"pluginID"_ns, aPluginID);
+ propbag->SetPropertyAsACString(u"pluginName"_ns, aPluginName);
+ propbag->SetPropertyAsAString(u"pluginDumpID"_ns, aPluginDumpID);
+ obs->NotifyObservers(propbag, "gmp-plugin-crash", nullptr);
+ }
+
+ RefPtr<gmp::GeckoMediaPluginService> service =
+ gmp::GeckoMediaPluginService::GetGeckoMediaPluginService();
+ if (service) {
+ service->RunPluginCrashCallbacks(aPluginID, aPluginName);
+ }
+}
+
+void GMPParent::ActorDestroy(ActorDestroyReason aWhy) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_PARENT_LOG_DEBUG("%s: (%d)", __FUNCTION__, (int)aWhy);
+
+ if (AbnormalShutdown == aWhy) {
+ Telemetry::Accumulate(Telemetry::SUBPROCESS_ABNORMAL_ABORT, "gmplugin"_ns,
+ 1);
+ nsString dumpID;
+ GetCrashID(dumpID);
+ if (dumpID.IsEmpty()) {
+ NS_WARNING("GMP crash without crash report");
+ dumpID = mName;
+ dumpID += '-';
+ AppendUTF8toUTF16(mVersion, dumpID);
+ }
+
+ // NotifyObservers is mainthread-only
+ nsCOMPtr<nsIRunnable> r =
+ WrapRunnableNM(&GMPNotifyObservers, mPluginId, mDisplayName, dumpID);
+ mMainThread->Dispatch(r.forget());
+ }
+
+ // warn us off trying to close again
+ mState = GMPState::Closed;
+ mAbnormalShutdownInProgress = true;
+ CloseActive(false);
+
+ // Normal Shutdown() will delete the process on unwind.
+ if (AbnormalShutdown == aWhy) {
+ RefPtr<GMPParent> self(this);
+ // Must not call Close() again in DeleteProcess(), as we'll recurse
+ // infinitely if we do.
+ MOZ_ASSERT(mState == GMPState::Closed);
+ DeleteProcess();
+ // Note: final destruction will be Dispatched to ourself
+ mService->ReAddOnGMPThread(self);
+ }
+}
+
+PGMPStorageParent* GMPParent::AllocPGMPStorageParent() {
+ GMPStorageParent* p = new GMPStorageParent(mNodeId, this);
+ mStorage.AppendElement(p); // Addrefs, released in DeallocPGMPStorageParent.
+ return p;
+}
+
+bool GMPParent::DeallocPGMPStorageParent(PGMPStorageParent* aActor) {
+ GMPStorageParent* p = static_cast<GMPStorageParent*>(aActor);
+ p->Shutdown();
+ mStorage.RemoveElement(p);
+ return true;
+}
+
+mozilla::ipc::IPCResult GMPParent::RecvPGMPStorageConstructor(
+ PGMPStorageParent* aActor) {
+ GMPStorageParent* p = (GMPStorageParent*)aActor;
+ if (NS_FAILED(p->Init())) {
+ // TODO: Verify if this is really a good reason to IPC_FAIL.
+ // There might be shutdown edge cases here.
+ return IPC_FAIL(this,
+ "GMPParent::RecvPGMPStorageConstructor: p->Init() failed.");
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPParent::RecvPGMPTimerConstructor(
+ PGMPTimerParent* actor) {
+ return IPC_OK();
+}
+
+PGMPTimerParent* GMPParent::AllocPGMPTimerParent() {
+ nsCOMPtr<nsISerialEventTarget> target = GMPEventTarget();
+ GMPTimerParent* p = new GMPTimerParent(target);
+ mTimers.AppendElement(
+ p); // Released in DeallocPGMPTimerParent, or on shutdown.
+ return p;
+}
+
+bool GMPParent::DeallocPGMPTimerParent(PGMPTimerParent* aActor) {
+ GMPTimerParent* p = static_cast<GMPTimerParent*>(aActor);
+ p->Shutdown();
+ mTimers.RemoveElement(p);
+ return true;
+}
+
+bool ReadInfoField(GMPInfoFileParser& aParser, const nsCString& aKey,
+ nsACString& aOutValue) {
+ if (!aParser.Contains(aKey) || aParser.Get(aKey).IsEmpty()) {
+ return false;
+ }
+ aOutValue = aParser.Get(aKey);
+ return true;
+}
+
+RefPtr<GenericPromise> GMPParent::ReadGMPMetaData() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ MOZ_ASSERT(mDirectory, "Plugin directory cannot be NULL!");
+ MOZ_ASSERT(!mName.IsEmpty(), "Plugin mName cannot be empty!");
+
+ nsCOMPtr<nsIFile> infoFile;
+ nsresult rv = mDirectory->Clone(getter_AddRefs(infoFile));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return GenericPromise::CreateAndReject(rv, __func__);
+ }
+ infoFile->AppendRelativePath(mName + u".info"_ns);
+
+ if (FileExists(infoFile)) {
+ return ReadGMPInfoFile(infoFile);
+ }
+
+ // Maybe this is the Widevine adapted plugin?
+ nsCOMPtr<nsIFile> manifestFile;
+ rv = mDirectory->Clone(getter_AddRefs(manifestFile));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return GenericPromise::CreateAndReject(rv, __func__);
+ }
+ manifestFile->AppendRelativePath(u"manifest.json"_ns);
+ return ReadChromiumManifestFile(manifestFile);
+}
+
+#if defined(XP_LINUX)
+static void ApplyGlibcWorkaround(nsCString& aLibs) {
+ // These glibc libraries were merged into libc.so.6 as of glibc
+ // 2.34; they now exist only as stub libraries for compatibility and
+ // newly linked code won't depend on them, so we need to ensure
+ // they're loaded for plugins that may have been linked against a
+ // different version of glibc. (See also bug 1725828.)
+ if (!aLibs.IsEmpty()) {
+ aLibs.AppendLiteral(", ");
+ }
+ aLibs.AppendLiteral("libdl.so.2, libpthread.so.0, librt.so.1");
+}
+#endif
+
+#if defined(XP_WIN)
+static void ApplyOleaut32(nsCString& aLibs) {
+ // In the libwebrtc update in bug 1766646 an include of comdef.h for using
+ // _bstr_t was introduced. This resulted in a dependency on comsupp.lib which
+ // contains a `_variant_t vtMissing` that would get cleared in an exit
+ // handler. VariantClear is defined in oleaut32.dll, and so we'd try to load
+ // oleaut32.dll on exit but get denied by the sandbox.
+ // Note that we had includes of comdef.h before bug 1766646 but it is the use
+ // of _bstr_t that triggers the vtMissing exit handler.
+ // See bug 1788592 for details.
+ if (!aLibs.IsEmpty()) {
+ aLibs.AppendLiteral(", ");
+ }
+ aLibs.AppendLiteral("oleaut32.dll");
+}
+#endif
+
+RefPtr<GenericPromise> GMPParent::ReadGMPInfoFile(nsIFile* aFile) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMPInfoFileParser parser;
+ if (!parser.Init(aFile)) {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ nsAutoCString apis;
+ if (!ReadInfoField(parser, "name"_ns, mDisplayName) ||
+ !ReadInfoField(parser, "description"_ns, mDescription) ||
+ !ReadInfoField(parser, "version"_ns, mVersion) ||
+ !ReadInfoField(parser, "apis"_ns, apis)) {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+#if defined(XP_WIN) || defined(XP_LINUX)
+ // "Libraries" field is optional.
+ ReadInfoField(parser, "libraries"_ns, mLibs);
+#endif
+
+ UpdatePluginType();
+
+#ifdef XP_LINUX
+ // The glibc workaround (see above) isn't needed for clearkey
+ // because it's built along with the browser.
+ if (mPluginType != GMPPluginType::Clearkey) {
+ ApplyGlibcWorkaround(mLibs);
+ }
+#endif
+
+#ifdef XP_WIN
+ ApplyOleaut32(mLibs);
+#endif
+
+ nsTArray<nsCString> apiTokens;
+ SplitAt(", ", apis, apiTokens);
+ for (nsCString api : apiTokens) {
+ int32_t tagsStart = api.FindChar('[');
+ if (tagsStart == 0) {
+ // Not allowed to be the first character.
+ // API name must be at least one character.
+ continue;
+ }
+
+ GMPCapability cap;
+ if (tagsStart == -1) {
+ // No tags.
+ cap.mAPIName.Assign(api);
+ } else {
+ auto tagsEnd = api.FindChar(']');
+ if (tagsEnd == -1 || tagsEnd < tagsStart) {
+ // Invalid syntax, skip whole capability.
+ continue;
+ }
+
+ cap.mAPIName.Assign(Substring(api, 0, tagsStart));
+
+ if ((tagsEnd - tagsStart) > 1) {
+ const nsDependentCSubstring ts(
+ Substring(api, tagsStart + 1, tagsEnd - tagsStart - 1));
+ nsTArray<nsCString> tagTokens;
+ SplitAt(":", ts, tagTokens);
+ for (nsCString tag : tagTokens) {
+ cap.mAPITags.AppendElement(tag);
+ }
+ }
+ }
+
+ mCapabilities.AppendElement(std::move(cap));
+ }
+
+ if (mCapabilities.IsEmpty()) {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ return GenericPromise::CreateAndResolve(true, __func__);
+}
+
+RefPtr<GenericPromise> GMPParent::ReadChromiumManifestFile(nsIFile* aFile) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ nsAutoCString json;
+ if (!ReadIntoString(aFile, json, 5 * 1024)) {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ // DOM JSON parsing needs to run on the main thread.
+ return InvokeAsync(mMainThread, this, __func__,
+ &GMPParent::ParseChromiumManifest,
+ NS_ConvertUTF8toUTF16(json));
+}
+
+static bool IsCDMAPISupported(
+ const mozilla::dom::WidevineCDMManifest& aManifest) {
+ if (!aManifest.mX_cdm_module_versions.WasPassed() ||
+ !aManifest.mX_cdm_interface_versions.WasPassed() ||
+ !aManifest.mX_cdm_host_versions.WasPassed()) {
+ return false;
+ }
+
+ nsresult ignored; // Note: ToInteger returns 0 on failure.
+ int32_t moduleVersion =
+ aManifest.mX_cdm_module_versions.Value().ToInteger(&ignored);
+ int32_t interfaceVersion =
+ aManifest.mX_cdm_interface_versions.Value().ToInteger(&ignored);
+ int32_t hostVersion =
+ aManifest.mX_cdm_host_versions.Value().ToInteger(&ignored);
+ return ChromiumCDMAdapter::Supports(moduleVersion, interfaceVersion,
+ hostVersion);
+}
+
+RefPtr<GenericPromise> GMPParent::ParseChromiumManifest(
+ const nsAString& aJSON) {
+ GMP_PARENT_LOG_DEBUG("%s: for '%s'", __FUNCTION__,
+ NS_LossyConvertUTF16toASCII(aJSON).get());
+
+ MOZ_ASSERT(NS_IsMainThread());
+ mozilla::dom::WidevineCDMManifest m;
+ if (!m.Init(aJSON)) {
+ GMP_PARENT_LOG_DEBUG("%s: Failed to initialize json parser, failing.",
+ __FUNCTION__);
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ CopyUTF16toUTF8(m.mName, mDisplayName);
+ CopyUTF16toUTF8(m.mVersion, mVersion);
+
+ if (m.mDescription.WasPassed()) {
+ CopyUTF16toUTF8(m.mDescription.Value(), mDescription);
+ }
+
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+ if (!mozilla::SandboxInfo::Get().CanSandboxMedia()) {
+ nsPrintfCString msg(
+ "GMPParent::ParseChromiumManifest: Plugin \"%s\" is an EME CDM"
+ " but this system can't sandbox it; not loading.",
+ mDisplayName.get());
+ printf_stderr("%s\n", msg.get());
+ GMP_PARENT_LOG_DEBUG("%s", msg.get());
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+#endif
+
+ UpdatePluginType();
+
+ GMPCapability video;
+
+ if (IsCDMAPISupported(m)) {
+ video.mAPIName = nsLiteralCString(CHROMIUM_CDM_API);
+ mAdapter = u"chromium"_ns;
+#ifdef MOZ_WMF_CDM
+ } else if (mPluginType == GMPPluginType::WidevineL1) {
+ video.mAPIName = nsCString(kWidevineExperimentAPIName);
+ mAdapter = NS_ConvertUTF8toUTF16(kWidevineExperimentAPIName);
+#endif
+ } else {
+ GMP_PARENT_LOG_DEBUG("%s: CDM API not supported, failing.", __FUNCTION__);
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ // We hard code a few of the settings because they can't be stored in the
+ // widevine manifest without making our API different to widevine's.
+ switch (mPluginType) {
+ case GMPPluginType::Clearkey:
+ video.mAPITags.AppendElement(nsCString{kClearKeyKeySystemName});
+ video.mAPITags.AppendElement(
+ nsCString{kClearKeyWithProtectionQueryKeySystemName});
+#if XP_WIN
+ mLibs = nsLiteralCString(
+ "dxva2.dll, evr.dll, freebl3.dll, mfh264dec.dll, mfplat.dll, "
+ "msmpeg2vdec.dll, nss3.dll, softokn3.dll");
+#elif XP_LINUX
+ mLibs = "libfreeblpriv3.so, libsoftokn3.so"_ns;
+#endif
+ break;
+ case GMPPluginType::Widevine:
+ video.mAPITags.AppendElement(nsCString{kWidevineKeySystemName});
+#if XP_WIN
+ // psapi.dll added for GetMappedFileNameW, which could possibly be avoided
+ // in future versions, see bug 1383611 for details.
+ mLibs = "dxva2.dll, ole32.dll, psapi.dll, winmm.dll"_ns;
+#endif
+ break;
+#ifdef MOZ_WMF_CDM
+ case GMPPluginType::WidevineL1:
+ video.mAPITags.AppendElement(nsCString{kWidevineExperimentKeySystemName});
+ video.mAPITags.AppendElement(
+ nsCString{kWidevineExperiment2KeySystemName});
+ break;
+#endif
+ case GMPPluginType::Fake:
+ // The fake CDM just exposes a key system with id "fake".
+ video.mAPITags.AppendElement(nsCString{"fake"});
+#if XP_WIN
+ mLibs = "dxva2.dll, ole32.dll"_ns;
+#endif
+ break;
+ default:
+ GMP_PARENT_LOG_DEBUG("%s: Unrecognized key system: %s, failing.",
+ __FUNCTION__, mDisplayName.get());
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+#ifdef XP_LINUX
+ ApplyGlibcWorkaround(mLibs);
+#endif
+
+#ifdef XP_WIN
+ ApplyOleaut32(mLibs);
+#endif
+
+ nsTArray<nsCString> codecs;
+
+ if (m.mX_cdm_codecs.WasPassed()) {
+ nsCString codecsString;
+ codecsString = NS_ConvertUTF16toUTF8(m.mX_cdm_codecs.Value());
+ SplitAt(",", codecsString, codecs);
+ }
+
+ // Parse the codec strings in the manifest and map them to strings used
+ // internally by Gecko for capability recognition.
+ //
+ // Google's code to parse manifests can be used as a reference for strings
+ // the manifest may contain
+ // https://source.chromium.org/chromium/chromium/src/+/master:components/cdm/common/cdm_manifest.cc;l=74;drc=775880ced8a989191281e93854c7f2201f25068f
+ //
+ // Gecko's internal strings can be found at
+ // https://searchfox.org/mozilla-central/rev/ea63a0888d406fae720cf24f4727d87569a8cab5/dom/media/eme/MediaKeySystemAccess.cpp#149-155
+ for (const nsCString& chromiumCodec : codecs) {
+ nsCString codec;
+ if (chromiumCodec.EqualsASCII("vp8")) {
+ codec = "vp8"_ns;
+ } else if (chromiumCodec.EqualsASCII("vp9.0") || // Legacy string.
+ chromiumCodec.EqualsASCII("vp09")) {
+ codec = "vp9"_ns;
+ } else if (chromiumCodec.EqualsASCII("avc1")) {
+ codec = "h264"_ns;
+ } else if (chromiumCodec.EqualsASCII("av01")) {
+ codec = "av1"_ns;
+ } else {
+ GMP_PARENT_LOG_DEBUG("%s: Unrecognized codec: %s.", __FUNCTION__,
+ chromiumCodec.get());
+ MOZ_ASSERT_UNREACHABLE(
+ "Unhandled codec string! Need to add it to the parser.");
+ continue;
+ }
+
+ video.mAPITags.AppendElement(codec);
+ }
+
+ mCapabilities.AppendElement(std::move(video));
+
+ GMP_PARENT_LOG_DEBUG("%s: Successfully parsed manifest.", __FUNCTION__);
+ return GenericPromise::CreateAndResolve(true, __func__);
+}
+
+bool GMPParent::CanBeSharedCrossNodeIds() const {
+ return mNodeId.IsEmpty() &&
+ // XXX bug 1159300 hack -- maybe remove after openh264 1.4
+ // We don't want to use CDM decoders for non-encrypted playback
+ // just yet; especially not for WebRTC. Don't allow CDMs to be used
+ // without a node ID.
+ !mCanDecrypt;
+}
+
+bool GMPParent::CanBeUsedFrom(const nsACString& aNodeId) const {
+ return mNodeId == aNodeId;
+}
+
+void GMPParent::SetNodeId(const nsACString& aNodeId) {
+ MOZ_ASSERT(!aNodeId.IsEmpty());
+ mNodeId = aNodeId;
+}
+
+void GMPParent::UpdatePluginType() {
+ if (mDisplayName.EqualsLiteral("WidevineCdm")) {
+ mPluginType = GMPPluginType::Widevine;
+#ifdef MOZ_WMF_CDM
+ } else if (mDisplayName.EqualsLiteral(kWidevineExperimentAPIName)) {
+ mPluginType = GMPPluginType::WidevineL1;
+#endif
+ } else if (mDisplayName.EqualsLiteral("gmpopenh264")) {
+ mPluginType = GMPPluginType::OpenH264;
+ } else if (mDisplayName.EqualsLiteral("clearkey")) {
+ mPluginType = GMPPluginType::Clearkey;
+ } else if (mDisplayName.EqualsLiteral("fake")) {
+ mPluginType = GMPPluginType::Fake;
+ } else {
+ mPluginType = GMPPluginType::Unknown;
+ }
+}
+
+const nsCString& GMPParent::GetDisplayName() const { return mDisplayName; }
+
+const nsCString& GMPParent::GetVersion() const { return mVersion; }
+
+uint32_t GMPParent::GetPluginId() const { return mPluginId; }
+
+void GMPParent::ResolveGetContentParentPromises() {
+ nsTArray<UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>>> promises =
+ std::move(mGetContentParentPromises);
+ MOZ_ASSERT(mGetContentParentPromises.IsEmpty());
+ RefPtr<GMPContentParentCloseBlocker> blocker(
+ new GMPContentParentCloseBlocker(mGMPContentParent));
+ for (auto& holder : promises) {
+ holder->Resolve(blocker, __func__);
+ }
+}
+
+bool GMPParent::OpenPGMPContent() {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ MOZ_ASSERT(!mGMPContentParent);
+
+ Endpoint<PGMPContentParent> parent;
+ Endpoint<PGMPContentChild> child;
+ if (NS_WARN_IF(NS_FAILED(PGMPContent::CreateEndpoints(
+ base::GetCurrentProcId(), OtherPid(), &parent, &child)))) {
+ return false;
+ }
+
+ mGMPContentParent = new GMPContentParent(this);
+
+ if (!parent.Bind(mGMPContentParent)) {
+ return false;
+ }
+
+ if (!SendInitGMPContentChild(std::move(child))) {
+ return false;
+ }
+
+ ResolveGetContentParentPromises();
+
+ return true;
+}
+
+void GMPParent::RejectGetContentParentPromises() {
+ nsTArray<UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>>> promises =
+ std::move(mGetContentParentPromises);
+ MOZ_ASSERT(mGetContentParentPromises.IsEmpty());
+ for (auto& holder : promises) {
+ holder->Reject(NS_ERROR_FAILURE, __func__);
+ }
+}
+
+void GMPParent::GetGMPContentParent(
+ UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>>&& aPromiseHolder) {
+ MOZ_ASSERT(GMPEventTarget()->IsOnCurrentThread());
+ GMP_PARENT_LOG_DEBUG("%s %p", __FUNCTION__, this);
+
+ if (mGMPContentParent) {
+ RefPtr<GMPContentParentCloseBlocker> blocker(
+ new GMPContentParentCloseBlocker(mGMPContentParent));
+ aPromiseHolder->Resolve(blocker, __func__);
+ } else {
+ mGetContentParentPromises.AppendElement(std::move(aPromiseHolder));
+ // If we don't have a GMPContentParent and we try to get one for the first
+ // time (mGetContentParentPromises.Length() == 1) then call
+ // PGMPContent::Open. If more calls to GetGMPContentParent happen before
+ // mGMPContentParent has been set then we should just store them, so that
+ // they get called when we set mGMPContentParent as a result of the
+ // PGMPContent::Open call.
+ if (mGetContentParentPromises.Length() == 1) {
+ if (!EnsureProcessLoaded() || !OpenPGMPContent()) {
+ RejectGetContentParentPromises();
+ return;
+ }
+ // We want to increment this as soon as possible, to avoid that we'd try
+ // to shut down the GMP process while we're still trying to get a
+ // PGMPContentParent actor.
+ ++mGMPContentChildCount;
+ }
+ }
+}
+
+already_AddRefed<GMPContentParent> GMPParent::ForgetGMPContentParent() {
+ MOZ_ASSERT(mGetContentParentPromises.IsEmpty());
+ return mGMPContentParent.forget();
+}
+
+bool GMPParent::EnsureProcessLoaded(base::ProcessId* aID) {
+ if (!EnsureProcessLoaded()) {
+ return false;
+ }
+ *aID = OtherPid();
+ return true;
+}
+
+void GMPParent::IncrementGMPContentChildCount() { ++mGMPContentChildCount; }
+
+nsString GMPParent::GetPluginBaseName() const { return u"gmp-"_ns + mName; }
+
+#if defined(XP_MACOSX) && defined(__aarch64__)
+void GMPParent::PreTranslateBins() {
+ nsCOMPtr<nsIRunnable> event = mozilla::NewRunnableMethod(
+ "RosettaTranslation", this, &GMPParent::PreTranslateBinsWorker);
+
+ DebugOnly<nsresult> rv =
+ NS_DispatchBackgroundTask(event.forget(), NS_DISPATCH_EVENT_MAY_BLOCK);
+
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+}
+
+void GMPParent::PreTranslateBinsWorker() {
+ int rv = nsMacUtilsImpl::PreTranslateXUL();
+ GMP_PARENT_LOG_DEBUG("%s: XUL translation result: %d", __FUNCTION__, rv);
+
+ rv = nsMacUtilsImpl::PreTranslateBinary(mPluginFilePath);
+ GMP_PARENT_LOG_DEBUG("%s: %s translation result: %d", __FUNCTION__,
+ mPluginFilePath.get(), rv);
+}
+#endif
+
+} // namespace mozilla::gmp
+
+#undef GMP_PARENT_LOG_DEBUG
+#undef __CLASS__
diff --git a/dom/media/gmp/GMPParent.h b/dom/media/gmp/GMPParent.h
new file mode 100644
index 0000000000..a529b31df1
--- /dev/null
+++ b/dom/media/gmp/GMPParent.h
@@ -0,0 +1,258 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPParent_h_
+#define GMPParent_h_
+
+#include "GMPNativeTypes.h"
+#include "GMPProcessParent.h"
+#include "GMPServiceParent.h"
+#include "GMPVideoDecoderParent.h"
+#include "GMPVideoEncoderParent.h"
+#include "GMPTimerParent.h"
+#include "GMPStorageParent.h"
+#include "mozilla/gmp/PGMPParent.h"
+#include "mozilla/ipc/CrashReporterHelper.h"
+#include "nsCOMPtr.h"
+#include "nscore.h"
+#include "nsISupports.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "nsIFile.h"
+#include "mozilla/Atomics.h"
+#include "mozilla/MozPromise.h"
+
+namespace mozilla::gmp {
+
+class GMPCapability {
+ public:
+ explicit GMPCapability() = default;
+ GMPCapability(GMPCapability&& aOther)
+ : mAPIName(std::move(aOther.mAPIName)),
+ mAPITags(std::move(aOther.mAPITags)) {}
+ explicit GMPCapability(const nsACString& aAPIName) : mAPIName(aAPIName) {}
+ explicit GMPCapability(const GMPCapability& aOther) = default;
+ nsCString mAPIName;
+ CopyableTArray<nsCString> mAPITags;
+
+ static bool Supports(const nsTArray<GMPCapability>& aCapabilities,
+ const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags);
+
+ static bool Supports(const nsTArray<GMPCapability>& aCapabilities,
+ const nsACString& aAPI, const nsCString& aTag);
+};
+
+enum class GMPState : uint32_t {
+ NotLoaded,
+ Loaded,
+ Unloading,
+ Closing,
+ Closed
+};
+
+class GMPContentParent;
+
+class GMPParent final
+ : public PGMPParent,
+ public ipc::CrashReporterHelper<GeckoProcessType_GMPlugin> {
+ friend class PGMPParent;
+
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPParent, final)
+
+ GMPParent();
+
+ RefPtr<GenericPromise> Init(GeckoMediaPluginServiceParent* aService,
+ nsIFile* aPluginDir);
+ void CloneFrom(const GMPParent* aOther);
+
+ void Crash();
+
+ nsresult LoadProcess();
+
+ // Called internally to close this if we don't need it
+ void CloseIfUnused();
+
+ // Notify all active de/encoders that we are closing, either because of
+ // normal shutdown or unexpected shutdown/crash.
+ void CloseActive(bool aDieWhenUnloaded);
+
+ // Tell the plugin to die after shutdown.
+ void MarkForDeletion();
+ bool IsMarkedForDeletion();
+
+ // Called by the GMPService to forcibly close active de/encoders at shutdown
+ void Shutdown();
+
+ // This must not be called while we're in the middle of abnormal ActorDestroy
+ void DeleteProcess();
+
+ GMPState State() const;
+ nsCOMPtr<nsISerialEventTarget> GMPEventTarget();
+
+ void OnPreferenceChange(const mozilla::dom::Pref& aPref);
+
+ // A GMP can either be a single instance shared across all NodeIds (like
+ // in the OpenH264 case), or we can require a new plugin instance for every
+ // NodeIds running the plugin (as in the EME plugin case).
+ //
+ // A NodeId is a hash of the ($urlBarOrigin, $ownerDocOrigin) pair.
+ //
+ // Plugins are associated with an NodeIds by calling SetNodeId() before
+ // loading.
+ //
+ // If a plugin has no NodeId specified and it is loaded, it is assumed to
+ // be shared across NodeIds.
+
+ // Specifies that a GMP can only work with the specified NodeIds.
+ void SetNodeId(const nsACString& aNodeId);
+ const nsACString& GetNodeId() const { return mNodeId; }
+
+ const nsCString& GetDisplayName() const;
+ const nsCString& GetVersion() const;
+ uint32_t GetPluginId() const;
+ GMPPluginType GetPluginType() const { return mPluginType; }
+ nsString GetPluginBaseName() const;
+
+ // Returns true if a plugin can be or is being used across multiple NodeIds.
+ bool CanBeSharedCrossNodeIds() const;
+
+ // A GMP can be used from a NodeId if it's already been set to work with
+ // that NodeId, or if it's not been set to work with any NodeId and has
+ // not yet been loaded (i.e. it's not shared across NodeIds).
+ bool CanBeUsedFrom(const nsACString& aNodeId) const;
+
+ already_AddRefed<nsIFile> GetDirectory() {
+ return nsCOMPtr<nsIFile>(mDirectory).forget();
+ }
+
+ void AbortAsyncShutdown();
+
+ // Called when the child process has died.
+ void ChildTerminated();
+
+ bool OpenPGMPContent();
+
+ void GetGMPContentParent(
+ UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>>&& aPromiseHolder);
+ already_AddRefed<GMPContentParent> ForgetGMPContentParent();
+
+ bool EnsureProcessLoaded(base::ProcessId* aID);
+
+ void IncrementGMPContentChildCount();
+
+ const nsTArray<GMPCapability>& GetCapabilities() const {
+ return mCapabilities;
+ }
+
+ private:
+ ~GMPParent();
+ void UpdatePluginType();
+
+ RefPtr<GeckoMediaPluginServiceParent> mService;
+ bool EnsureProcessLoaded();
+ RefPtr<GenericPromise> ReadGMPMetaData();
+ RefPtr<GenericPromise> ReadGMPInfoFile(nsIFile* aFile);
+ RefPtr<GenericPromise> ParseChromiumManifest(
+ const nsAString& aJSON); // Worker thread.
+ RefPtr<GenericPromise> ReadChromiumManifestFile(
+ nsIFile* aFile); // GMP thread.
+ void AddCrashAnnotations();
+ void GetCrashID(nsString& aResult);
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+
+ mozilla::ipc::IPCResult RecvPGMPStorageConstructor(
+ PGMPStorageParent* actor) override;
+ PGMPStorageParent* AllocPGMPStorageParent();
+ bool DeallocPGMPStorageParent(PGMPStorageParent* aActor);
+
+ mozilla::ipc::IPCResult RecvPGMPTimerConstructor(
+ PGMPTimerParent* actor) override;
+ PGMPTimerParent* AllocPGMPTimerParent();
+ bool DeallocPGMPTimerParent(PGMPTimerParent* aActor);
+
+ mozilla::ipc::IPCResult RecvPGMPContentChildDestroyed();
+
+ mozilla::ipc::IPCResult RecvFOGData(ByteBuf&& aBuf);
+
+#if defined(XP_WIN)
+ mozilla::ipc::IPCResult RecvGetModulesTrust(
+ ModulePaths&& aModPaths, bool aRunAtNormalPriority,
+ GetModulesTrustResolver&& aResolver);
+#endif // defined(XP_WIN)
+
+ bool IsUsed() {
+ return mGMPContentChildCount > 0 || !mGetContentParentPromises.IsEmpty();
+ }
+
+ void ResolveGetContentParentPromises();
+ void RejectGetContentParentPromises();
+
+#if defined(XP_MACOSX) && defined(__aarch64__)
+ // We pre-translate XUL and our plugin file to avoid x64 child process
+ // startup delays caused by translation for instances when the child
+ // process binary translations have not already been cached. i.e., the
+ // first time we launch an x64 child process after installation or
+ // update. Measured by binary size of a recent XUL and Widevine plugin,
+ // this makes up 94% of the translation needed. Re-translating the
+ // same binary does not cause translation to occur again.
+ void PreTranslateBins();
+ void PreTranslateBinsWorker();
+#endif
+
+#if defined(XP_WIN) || defined(XP_MACOSX)
+ nsresult GetPluginFileArch(nsIFile* aPluginDir, const nsString& aBaseName,
+ uint32_t& aArchSet);
+#endif
+
+ Atomic<GMPState> mState;
+ nsCOMPtr<nsIFile> mDirectory; // plugin directory on disk
+ nsString mName; // base name of plugin on disk, UTF-16 because used for paths
+ nsCString mDisplayName; // name of plugin displayed to users
+ nsCString mDescription; // description of plugin for display to users
+ nsCString mVersion;
+#if defined(XP_WIN) || defined(XP_LINUX)
+ nsCString mLibs;
+#endif
+ nsString mAdapter;
+ const uint32_t mPluginId;
+ GMPPluginType mPluginType = GMPPluginType::Unknown;
+ nsTArray<GMPCapability> mCapabilities;
+ GMPProcessParent* mProcess;
+ bool mDeleteProcessOnlyOnUnload;
+ bool mAbnormalShutdownInProgress;
+ bool mIsBlockingDeletion;
+
+ bool mCanDecrypt;
+
+ nsTArray<RefPtr<GMPTimerParent>> mTimers;
+ nsTArray<RefPtr<GMPStorageParent>> mStorage;
+ // NodeId the plugin is assigned to, or empty if the the plugin is not
+ // assigned to a NodeId.
+ nsCString mNodeId;
+ // This is used for GMP content in the parent, there may be more of these in
+ // the content processes.
+ RefPtr<GMPContentParent> mGMPContentParent;
+ nsTArray<UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>>>
+ mGetContentParentPromises;
+ uint32_t mGMPContentChildCount;
+
+ int mChildPid;
+
+#ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
+ // The child process architecture to use.
+ uint32_t mChildLaunchArch;
+#endif
+#if defined(XP_MACOSX) && defined(__aarch64__)
+ nsCString mPluginFilePath;
+#endif
+
+ const nsCOMPtr<nsISerialEventTarget> mMainThread;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPParent_h_
diff --git a/dom/media/gmp/GMPPlatform.cpp b/dom/media/gmp/GMPPlatform.cpp
new file mode 100644
index 0000000000..cacd7936eb
--- /dev/null
+++ b/dom/media/gmp/GMPPlatform.cpp
@@ -0,0 +1,296 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPPlatform.h"
+#include "GMPStorageChild.h"
+#include "GMPTimerChild.h"
+#include "mozilla/Monitor.h"
+#include "GMPChild.h"
+#include "mozilla/Mutex.h"
+#include "base/thread.h"
+#include "base/time.h"
+#include "mozilla/ReentrantMonitor.h"
+
+#ifdef XP_WIN
+# include "mozilla/UntrustedModulesProcessor.h"
+#endif
+
+#include <ctime>
+
+namespace mozilla::gmp {
+
+static MessageLoop* sMainLoop = nullptr;
+static GMPChild* sChild = nullptr;
+
+static bool IsOnChildMainThread() {
+ return sMainLoop && sMainLoop == MessageLoop::current();
+}
+
+// We just need a refcounted wrapper for GMPTask objects.
+class GMPRunnable final {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPRunnable)
+
+ explicit GMPRunnable(GMPTask* aTask) : mTask(aTask) { MOZ_ASSERT(mTask); }
+
+ void Run() {
+ mTask->Run();
+ mTask->Destroy();
+ mTask = nullptr;
+ }
+
+ private:
+ ~GMPRunnable() = default;
+
+ GMPTask* mTask;
+};
+
+class GMPSyncRunnable final {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPSyncRunnable)
+
+ GMPSyncRunnable(GMPTask* aTask, MessageLoop* aMessageLoop)
+ : mDone(false),
+ mTask(aTask),
+ mMessageLoop(aMessageLoop),
+ mMonitor("GMPSyncRunnable") {
+ MOZ_ASSERT(mTask);
+ MOZ_ASSERT(mMessageLoop);
+ }
+
+ void Post() {
+ // We assert here for two reasons.
+ // 1) Nobody should be blocking the main thread.
+ // 2) This prevents deadlocks when doing sync calls to main which if the
+ // main thread tries to do a sync call back to the calling thread.
+ MOZ_ASSERT(!IsOnChildMainThread());
+
+ mMessageLoop->PostTask(NewRunnableMethod("gmp::GMPSyncRunnable::Run", this,
+ &GMPSyncRunnable::Run));
+ MonitorAutoLock lock(mMonitor);
+ while (!mDone) {
+ lock.Wait();
+ }
+ }
+
+ void Run() {
+ mTask->Run();
+ mTask->Destroy();
+ mTask = nullptr;
+ MonitorAutoLock lock(mMonitor);
+ mDone = true;
+ lock.Notify();
+ }
+
+ private:
+ ~GMPSyncRunnable() = default;
+
+ bool mDone MOZ_GUARDED_BY(mMonitor);
+ GMPTask* mTask;
+ MessageLoop* mMessageLoop;
+ Monitor mMonitor;
+};
+
+class GMPThreadImpl : public GMPThread {
+ public:
+ GMPThreadImpl();
+ virtual ~GMPThreadImpl();
+
+ // GMPThread
+ void Post(GMPTask* aTask) override;
+ void Join() override;
+
+ private:
+ Mutex mMutex MOZ_UNANNOTATED;
+ base::Thread mThread MOZ_GUARDED_BY(mMutex);
+};
+
+GMPErr CreateThread(GMPThread** aThread) {
+ if (!aThread) {
+ return GMPGenericErr;
+ }
+
+ *aThread = new GMPThreadImpl();
+
+ return GMPNoErr;
+}
+
+GMPErr RunOnMainThread(GMPTask* aTask) {
+ if (!aTask || !sMainLoop) {
+ return GMPGenericErr;
+ }
+
+ RefPtr<GMPRunnable> r = new GMPRunnable(aTask);
+ sMainLoop->PostTask(
+ NewRunnableMethod("gmp::GMPRunnable::Run", r, &GMPRunnable::Run));
+
+ return GMPNoErr;
+}
+
+GMPErr SyncRunOnMainThread(GMPTask* aTask) {
+ if (!aTask || !sMainLoop || IsOnChildMainThread()) {
+ return GMPGenericErr;
+ }
+
+ RefPtr<GMPSyncRunnable> r = new GMPSyncRunnable(aTask, sMainLoop);
+
+ r->Post();
+
+ return GMPNoErr;
+}
+
+class MOZ_CAPABILITY("mutex") GMPMutexImpl : public GMPMutex {
+ public:
+ GMPMutexImpl();
+ virtual ~GMPMutexImpl();
+
+ // GMPMutex
+ void Acquire() override MOZ_CAPABILITY_ACQUIRE();
+ void Release() override MOZ_CAPABILITY_RELEASE();
+ void Destroy() override;
+
+ private:
+ ReentrantMonitor mMonitor MOZ_UNANNOTATED;
+};
+
+GMPErr CreateMutex(GMPMutex** aMutex) {
+ if (!aMutex) {
+ return GMPGenericErr;
+ }
+
+ *aMutex = new GMPMutexImpl();
+
+ return GMPNoErr;
+}
+
+GMPErr CreateRecord(const char* aRecordName, uint32_t aRecordNameSize,
+ GMPRecord** aOutRecord, GMPRecordClient* aClient) {
+ if (aRecordNameSize > GMP_MAX_RECORD_NAME_SIZE || aRecordNameSize == 0) {
+ NS_WARNING("GMP tried to CreateRecord with too long or 0 record name");
+ return GMPGenericErr;
+ }
+ GMPStorageChild* storage = sChild->GetGMPStorage();
+ if (!storage) {
+ return GMPGenericErr;
+ }
+ MOZ_ASSERT(storage);
+ return storage->CreateRecord(nsDependentCString(aRecordName, aRecordNameSize),
+ aOutRecord, aClient);
+}
+
+GMPErr SetTimerOnMainThread(GMPTask* aTask, int64_t aTimeoutMS) {
+ if (!aTask || !sMainLoop || !IsOnChildMainThread()) {
+ return GMPGenericErr;
+ }
+ GMPTimerChild* timers = sChild->GetGMPTimers();
+ NS_ENSURE_TRUE(timers, GMPGenericErr);
+ return timers->SetTimer(aTask, aTimeoutMS);
+}
+
+GMPErr GetClock(GMPTimestamp* aOutTime) {
+ if (!aOutTime) {
+ return GMPGenericErr;
+ }
+ *aOutTime = base::Time::Now().ToDoubleT() * 1000.0;
+ return GMPNoErr;
+}
+
+void InitPlatformAPI(GMPPlatformAPI& aPlatformAPI, GMPChild* aChild) {
+ if (!sMainLoop) {
+ sMainLoop = MessageLoop::current();
+ }
+ if (!sChild) {
+ sChild = aChild;
+ }
+
+ aPlatformAPI.version = 0;
+ aPlatformAPI.createthread = &CreateThread;
+ aPlatformAPI.runonmainthread = &RunOnMainThread;
+ aPlatformAPI.syncrunonmainthread = &SyncRunOnMainThread;
+ aPlatformAPI.createmutex = &CreateMutex;
+ aPlatformAPI.createrecord = &CreateRecord;
+ aPlatformAPI.settimer = &SetTimerOnMainThread;
+ aPlatformAPI.getcurrenttime = &GetClock;
+}
+
+void SendFOGData(ipc::ByteBuf&& buf) {
+ if (sChild) {
+ sChild->SendFOGData(std::move(buf));
+ }
+}
+
+#ifdef XP_WIN
+RefPtr<PGMPChild::GetModulesTrustPromise> SendGetModulesTrust(
+ ModulePaths&& aModules, bool aRunAtNormalPriority) {
+ if (!sChild) {
+ return PGMPChild::GetModulesTrustPromise::CreateAndReject(
+ ipc::ResponseRejectReason::SendError, __func__);
+ }
+ return sChild->SendGetModulesTrust(std::move(aModules), aRunAtNormalPriority);
+}
+#endif
+
+GMPThreadImpl::GMPThreadImpl() : mMutex("GMPThreadImpl"), mThread("GMPThread") {
+ MOZ_COUNT_CTOR(GMPThread);
+}
+
+GMPThreadImpl::~GMPThreadImpl() { MOZ_COUNT_DTOR(GMPThread); }
+
+void GMPThreadImpl::Post(GMPTask* aTask) {
+ MutexAutoLock lock(mMutex);
+
+ if (!mThread.IsRunning()) {
+ bool started = mThread.Start();
+ if (!started) {
+ NS_WARNING("Unable to start GMPThread!");
+ return;
+ }
+ }
+
+ RefPtr<GMPRunnable> r = new GMPRunnable(aTask);
+ mThread.message_loop()->PostTask(
+ NewRunnableMethod("gmp::GMPRunnable::Run", r.get(), &GMPRunnable::Run));
+}
+
+void GMPThreadImpl::Join() {
+ {
+ MutexAutoLock lock(mMutex);
+ if (mThread.IsRunning()) {
+ mThread.Stop();
+ }
+ }
+ delete this;
+}
+
+GMPMutexImpl::GMPMutexImpl() : mMonitor("gmp-mutex") {
+ MOZ_COUNT_CTOR(GMPMutexImpl);
+}
+
+GMPMutexImpl::~GMPMutexImpl() { MOZ_COUNT_DTOR(GMPMutexImpl); }
+
+void GMPMutexImpl::Destroy() { delete this; }
+
+MOZ_PUSH_IGNORE_THREAD_SAFETY
+void GMPMutexImpl::Acquire() { mMonitor.Enter(); }
+
+void GMPMutexImpl::Release() { mMonitor.Exit(); }
+MOZ_POP_THREAD_SAFETY
+
+GMPTask* NewGMPTask(std::function<void()>&& aFunction) {
+ class Task : public GMPTask {
+ public:
+ explicit Task(std::function<void()>&& aFunction)
+ : mFunction(std::move(aFunction)) {}
+ void Destroy() override { delete this; }
+ ~Task() override = default;
+ void Run() override { mFunction(); }
+
+ private:
+ std::function<void()> mFunction;
+ };
+ return new Task(std::move(aFunction));
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPPlatform.h b/dom/media/gmp/GMPPlatform.h
new file mode 100644
index 0000000000..6253305a84
--- /dev/null
+++ b/dom/media/gmp/GMPPlatform.h
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPPlatform_h_
+#define GMPPlatform_h_
+
+#include "mozilla/RefPtr.h"
+#include "gmp-platform.h"
+#include <functional>
+#include "mozilla/gmp/PGMPChild.h"
+
+namespace mozilla {
+#ifdef XP_WIN
+struct ModulePaths;
+#endif
+
+namespace ipc {
+class ByteBuf;
+} // namespace ipc
+
+namespace gmp {
+
+class GMPChild;
+
+void InitPlatformAPI(GMPPlatformAPI& aPlatformAPI, GMPChild* aChild);
+
+GMPErr RunOnMainThread(GMPTask* aTask);
+
+GMPTask* NewGMPTask(std::function<void()>&& aFunction);
+
+GMPErr SetTimerOnMainThread(GMPTask* aTask, int64_t aTimeoutMS);
+
+void SendFOGData(ipc::ByteBuf&& buf);
+
+#ifdef XP_WIN
+RefPtr<PGMPChild::GetModulesTrustPromise> SendGetModulesTrust(
+ ModulePaths&& aModules, bool aRunNormal);
+#endif
+
+} // namespace gmp
+} // namespace mozilla
+
+#endif // GMPPlatform_h_
diff --git a/dom/media/gmp/GMPProcessChild.cpp b/dom/media/gmp/GMPProcessChild.cpp
new file mode 100644
index 0000000000..cf093065bc
--- /dev/null
+++ b/dom/media/gmp/GMPProcessChild.cpp
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPProcessChild.h"
+
+#include "base/command_line.h"
+#include "base/string_util.h"
+#include "mozilla/ipc/IOThreadChild.h"
+#include "mozilla/GeckoArgs.h"
+
+using mozilla::ipc::IOThreadChild;
+
+namespace mozilla::gmp {
+
+/* static */ bool GMPProcessChild::sUseXpcom = false;
+/* static */ bool GMPProcessChild::sUseNativeEventProcessing = true;
+
+void GMPProcessChild::InitStatics(int aArgc, char* aArgv[]) {
+ Maybe<bool> nativeEvent = geckoargs::sPluginNativeEvent.Get(aArgc, aArgv);
+ sUseNativeEventProcessing = nativeEvent.isSome() && *nativeEvent;
+
+ Maybe<uint64_t> prefsLen =
+ geckoargs::sPrefsLen.Get(aArgc, aArgv, CheckArgFlag::None);
+ Maybe<uint64_t> prefMapSize =
+ geckoargs::sPrefMapSize.Get(aArgc, aArgv, CheckArgFlag::None);
+ sUseXpcom = prefsLen.isSome() && prefMapSize.isSome();
+}
+
+GMPProcessChild::~GMPProcessChild() = default;
+
+bool GMPProcessChild::Init(int aArgc, char* aArgv[]) {
+ Maybe<const char*> parentBuildID =
+ geckoargs::sParentBuildID.Get(aArgc, aArgv);
+ if (NS_WARN_IF(parentBuildID.isNothing())) {
+ return false;
+ }
+
+ Maybe<const char*> pluginPath = geckoargs::sPluginPath.Get(aArgc, aArgv);
+ if (NS_WARN_IF(pluginPath.isNothing())) {
+ return false;
+ }
+
+ NS_ConvertUTF8toUTF16 widePluginPath(*pluginPath);
+
+ if (sUseXpcom && NS_WARN_IF(!ProcessChild::InitPrefs(aArgc, aArgv))) {
+ return false;
+ }
+
+ return mPlugin->Init(widePluginPath, *parentBuildID, TakeInitialEndpoint());
+}
+
+void GMPProcessChild::CleanUp() { mPlugin->Shutdown(); }
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPProcessChild.h b/dom/media/gmp/GMPProcessChild.h
new file mode 100644
index 0000000000..7123b323bc
--- /dev/null
+++ b/dom/media/gmp/GMPProcessChild.h
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPProcessChild_h_
+#define GMPProcessChild_h_
+
+#include "mozilla/ipc/ProcessChild.h"
+#include "GMPChild.h"
+
+namespace mozilla::gmp {
+
+class GMPLoader;
+
+class GMPProcessChild final : public mozilla::ipc::ProcessChild {
+ protected:
+ typedef mozilla::ipc::ProcessChild ProcessChild;
+
+ public:
+ using ProcessChild::ProcessChild;
+ ~GMPProcessChild();
+
+ static void InitStatics(int aArgc, char* aArgv[]);
+ static bool UseNativeEventProcessing() { return sUseNativeEventProcessing; }
+ static bool UseXPCOM() { return sUseXpcom; }
+
+ bool Init(int aArgc, char* aArgv[]) override;
+ void CleanUp() override;
+
+ private:
+ const RefPtr<GMPChild> mPlugin = new GMPChild;
+
+ static bool sUseXpcom;
+ static bool sUseNativeEventProcessing;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPProcessChild_h_
diff --git a/dom/media/gmp/GMPProcessParent.cpp b/dom/media/gmp/GMPProcessParent.cpp
new file mode 100644
index 0000000000..f77580ea9a
--- /dev/null
+++ b/dom/media/gmp/GMPProcessParent.cpp
@@ -0,0 +1,382 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: sw=2 ts=2 et :
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPProcessParent.h"
+#include "GMPUtils.h"
+#include "nsIRunnable.h"
+#ifdef XP_WIN
+# include "WinUtils.h"
+#endif
+#include "GMPLog.h"
+#include "mozilla/GeckoArgs.h"
+#include "mozilla/ipc/ProcessChild.h"
+#include "mozilla/ipc/ProcessUtils.h"
+#include "mozilla/StaticPrefs_media.h"
+
+#include "base/string_util.h"
+#include "base/process_util.h"
+
+#include <string>
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+# include "mozilla/Omnijar.h"
+# include "mozilla/Preferences.h"
+# include "mozilla/Sandbox.h"
+# include "mozilla/SandboxSettings.h"
+# include "nsMacUtilsImpl.h"
+#endif
+
+using std::string;
+using std::vector;
+
+using mozilla::gmp::GMPProcessParent;
+using mozilla::ipc::GeckoChildProcessHost;
+
+#ifdef MOZ_WIDGET_ANDROID
+static const int kInvalidFd = -1;
+#endif
+
+namespace mozilla::gmp {
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+bool GMPProcessParent::sLaunchWithMacSandbox = true;
+bool GMPProcessParent::sMacSandboxGMPLogging = false;
+# if defined(DEBUG)
+bool GMPProcessParent::sIsMainThreadInitDone = false;
+# endif
+#endif
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+/* static */
+void GMPProcessParent::InitStaticMainThread() {
+ // The GMPProcessParent constructor is called off the
+ // main thread. Do main thread initialization here.
+ MOZ_ASSERT(NS_IsMainThread());
+ sMacSandboxGMPLogging =
+ Preferences::GetBool("security.sandbox.logging.enabled") ||
+ PR_GetEnv("MOZ_SANDBOX_GMP_LOGGING") || PR_GetEnv("MOZ_SANDBOX_LOGGING");
+ GMP_LOG_DEBUG("GMPProcessParent::InitStaticMainThread: sandbox logging=%s",
+ sMacSandboxGMPLogging ? "true" : "false");
+# if defined(DEBUG)
+ sIsMainThreadInitDone = true;
+# endif
+}
+#endif
+
+GMPProcessParent::GMPProcessParent(const std::string& aGMPPath)
+ : GeckoChildProcessHost(GeckoProcessType_GMPlugin),
+ mGMPPath(aGMPPath),
+ mUseXpcom(StaticPrefs::media_gmp_use_minimal_xpcom())
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ ,
+ mRequiresWindowServer(false)
+#endif
+{
+ MOZ_COUNT_CTOR(GMPProcessParent);
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ MOZ_ASSERT(sIsMainThreadInitDone == true);
+ mDisableOSActivityMode = sLaunchWithMacSandbox;
+#endif
+}
+
+GMPProcessParent::~GMPProcessParent() { MOZ_COUNT_DTOR(GMPProcessParent); }
+
+bool GMPProcessParent::Launch(int32_t aTimeoutMs) {
+ class PrefSerializerRunnable final : public Runnable {
+ public:
+ PrefSerializerRunnable()
+ : Runnable("GMPProcessParent::PrefSerializerRunnable"),
+ mMonitor("GMPProcessParent::PrefSerializerRunnable::mMonitor") {}
+
+ NS_IMETHOD Run() override {
+ auto prefSerializer = MakeUnique<ipc::SharedPreferenceSerializer>();
+ bool success =
+ prefSerializer->SerializeToSharedMemory(GeckoProcessType_GMPlugin,
+ /* remoteType */ ""_ns);
+
+ MonitorAutoLock lock(mMonitor);
+ MOZ_ASSERT(!mComplete);
+ if (success) {
+ mPrefSerializer = std::move(prefSerializer);
+ }
+ mComplete = true;
+ lock.Notify();
+ return NS_OK;
+ }
+
+ void Wait(int32_t aTimeoutMs,
+ UniquePtr<ipc::SharedPreferenceSerializer>& aOut) {
+ MonitorAutoLock lock(mMonitor);
+
+ TimeDuration timeout = TimeDuration::FromMilliseconds(aTimeoutMs);
+ while (!mComplete) {
+ if (lock.Wait(timeout) == CVStatus::Timeout) {
+ return;
+ }
+ }
+
+ aOut = std::move(mPrefSerializer);
+ }
+
+ private:
+ Monitor mMonitor;
+ UniquePtr<ipc::SharedPreferenceSerializer> mPrefSerializer
+ MOZ_GUARDED_BY(mMonitor);
+ bool mComplete MOZ_GUARDED_BY(mMonitor) = false;
+ };
+
+ nsresult rv;
+ vector<string> args;
+ UniquePtr<ipc::SharedPreferenceSerializer> prefSerializer;
+
+ ipc::ProcessChild::AddPlatformBuildID(args);
+
+ if (mUseXpcom) {
+ // Dispatch our runnable to the main thread to grab the serialized prefs. We
+ // can only do this on the main thread, and unfortunately we are the only
+ // process that launches from the non-main thread.
+ auto prefTask = MakeRefPtr<PrefSerializerRunnable>();
+ rv = NS_DispatchToMainThread(prefTask);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ // We don't want to release our thread context while we wait for the main
+ // thread to process the prefs. We already block when waiting for the launch
+ // of the process itself to finish, and the state machine assumes this call
+ // is blocking. This is also important for the buffering of pref updates,
+ // since we know any tasks dispatched with updates won't run until we launch
+ // (or fail to launch) the process.
+ prefTask->Wait(aTimeoutMs, prefSerializer);
+ if (NS_WARN_IF(!prefSerializer)) {
+ return false;
+ }
+
+ prefSerializer->AddSharedPrefCmdLineArgs(*this, args);
+ }
+
+ if (StaticPrefs::media_gmp_use_native_event_processing()) {
+ geckoargs::sPluginNativeEvent.Put(args);
+ }
+
+#ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
+ GMP_LOG_DEBUG("GMPProcessParent::Launch() mLaunchArch: %d", mLaunchArch);
+# if defined(XP_MACOSX)
+ mLaunchOptions->arch = mLaunchArch;
+ if (mLaunchArch == base::PROCESS_ARCH_X86_64) {
+ mLaunchOptions->env_map["MOZ_SHMEM_PAGESIZE_16K"] = 1;
+ }
+# endif
+#endif
+
+ // Resolve symlinks in the plugin path. The sandbox prevents
+ // resolving symlinks in the child process if access to link
+ // source file is denied.
+#ifdef XP_WIN
+ nsAutoString normalizedPath;
+#else
+ nsAutoCString normalizedPath;
+#endif
+ rv = NormalizePath(mGMPPath.c_str(), normalizedPath);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::Launch: "
+ "plugin path normaliziation failed for path: %s",
+ mGMPPath.c_str());
+ }
+
+#ifdef XP_WIN
+ std::wstring wGMPPath;
+ if (NS_SUCCEEDED(rv)) {
+ wGMPPath = normalizedPath.get();
+ } else {
+ wGMPPath = UTF8ToWide(mGMPPath.c_str());
+ }
+
+ // The sandbox doesn't allow file system rules where the paths contain
+ // symbolic links or junction points. Sometimes the Users folder has been
+ // moved to another drive using a junction point, so allow for this specific
+ // case. See bug 1236680 for details.
+ if (NS_WARN_IF(
+ !widget::WinUtils::ResolveJunctionPointsAndSymLinks(wGMPPath))) {
+ GMP_LOG_DEBUG("ResolveJunctionPointsAndSymLinks failed for GMP path=%S",
+ wGMPPath.c_str());
+ return false;
+ }
+ GMP_LOG_DEBUG("GMPProcessParent::Launch() resolved path to %S",
+ wGMPPath.c_str());
+
+# ifdef MOZ_SANDBOX
+ // If the GMP path is a network path that is not mapped to a drive letter,
+ // then we need to fix the path format for the sandbox rule.
+ wchar_t volPath[MAX_PATH];
+ if (::GetVolumePathNameW(wGMPPath.c_str(), volPath, MAX_PATH) &&
+ ::GetDriveTypeW(volPath) == DRIVE_REMOTE &&
+ wGMPPath.compare(0, 2, L"\\\\") == 0) {
+ std::wstring sandboxGMPPath(wGMPPath);
+ sandboxGMPPath.insert(1, L"??\\UNC");
+ mAllowedFilesRead.push_back(sandboxGMPPath + L"\\*");
+ } else {
+ mAllowedFilesRead.push_back(wGMPPath + L"\\*");
+ }
+# endif
+
+ std::string gmpPath = WideToUTF8(wGMPPath);
+ geckoargs::sPluginPath.Put(gmpPath.c_str(), args);
+#else
+ if (NS_SUCCEEDED(rv)) {
+ geckoargs::sPluginPath.Put(normalizedPath.get(), args);
+ } else {
+ geckoargs::sPluginPath.Put(mGMPPath.c_str(), args);
+ }
+#endif
+
+#ifdef MOZ_WIDGET_ANDROID
+ // Add dummy values for pref and pref map to the file descriptors remapping
+ // table. See bug 1440207 and 1481139.
+ AddFdToRemap(kInvalidFd, kInvalidFd);
+ AddFdToRemap(kInvalidFd, kInvalidFd);
+#endif
+
+ // We need to wait until OnChannelConnected to clear the pref serializer, but
+ // SyncLaunch will block until that is called, so we don't actually need to do
+ // any overriding, and it only lives on the stack.
+ return SyncLaunch(args, aTimeoutMs);
+}
+
+void GMPProcessParent::Delete(nsCOMPtr<nsIRunnable> aCallback) {
+ mDeletedCallback = aCallback;
+ XRE_GetIOMessageLoop()->PostTask(NewNonOwningRunnableMethod(
+ "gmp::GMPProcessParent::DoDelete", this, &GMPProcessParent::DoDelete));
+}
+
+void GMPProcessParent::DoDelete() {
+ MOZ_ASSERT(MessageLoop::current() == XRE_GetIOMessageLoop());
+
+ if (mDeletedCallback) {
+ mDeletedCallback->Run();
+ }
+
+ Destroy();
+}
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+bool GMPProcessParent::IsMacSandboxLaunchEnabled() {
+ return sLaunchWithMacSandbox;
+}
+
+void GMPProcessParent::SetRequiresWindowServer(bool aRequiresWindowServer) {
+ mRequiresWindowServer = aRequiresWindowServer;
+}
+
+bool GMPProcessParent::FillMacSandboxInfo(MacSandboxInfo& aInfo) {
+ aInfo.type = MacSandboxType_GMP;
+ aInfo.hasWindowServer = mRequiresWindowServer;
+ aInfo.shouldLog = (aInfo.shouldLog || sMacSandboxGMPLogging);
+ nsAutoCString appPath;
+ if (!nsMacUtilsImpl::GetAppPath(appPath)) {
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: failed to get app path");
+ return false;
+ }
+ aInfo.appPath.assign(appPath.get());
+
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: "
+ "plugin dir path: %s",
+ mGMPPath.c_str());
+ nsCOMPtr<nsIFile> pluginDir;
+ nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(mGMPPath.c_str()), true,
+ getter_AddRefs(pluginDir));
+ if (NS_FAILED(rv)) {
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: "
+ "NS_NewLocalFile failed for plugin dir, rv=%d",
+ uint32_t(rv));
+ return false;
+ }
+
+ rv = pluginDir->Normalize();
+ if (NS_FAILED(rv)) {
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: "
+ "failed to normalize plugin dir path, rv=%d",
+ uint32_t(rv));
+ return false;
+ }
+
+ nsAutoCString resolvedPluginPath;
+ pluginDir->GetNativePath(resolvedPluginPath);
+ aInfo.pluginPath.assign(resolvedPluginPath.get());
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: "
+ "resolved plugin dir path: %s",
+ resolvedPluginPath.get());
+
+ if (!mozilla::IsPackagedBuild()) {
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: IsPackagedBuild()=false");
+
+ // Repo dir
+ nsCOMPtr<nsIFile> repoDir;
+ rv = nsMacUtilsImpl::GetRepoDir(getter_AddRefs(repoDir));
+ if (NS_FAILED(rv)) {
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: failed to get repo dir");
+ return false;
+ }
+ nsCString repoDirPath;
+ Unused << repoDir->GetNativePath(repoDirPath);
+ aInfo.testingReadPath1 = repoDirPath.get();
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: "
+ "repo dir path: %s",
+ repoDirPath.get());
+
+ // Object dir
+ nsCOMPtr<nsIFile> objDir;
+ rv = nsMacUtilsImpl::GetObjDir(getter_AddRefs(objDir));
+ if (NS_FAILED(rv)) {
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: failed to get object dir");
+ return false;
+ }
+ nsCString objDirPath;
+ Unused << objDir->GetNativePath(objDirPath);
+ aInfo.testingReadPath2 = objDirPath.get();
+ GMP_LOG_DEBUG(
+ "GMPProcessParent::FillMacSandboxInfo: "
+ "object dir path: %s",
+ objDirPath.get());
+ }
+ return true;
+}
+#endif
+
+nsresult GMPProcessParent::NormalizePath(const char* aPath,
+ PathString& aNormalizedPath) {
+ nsCOMPtr<nsIFile> fileOrDir;
+ nsresult rv = NS_NewLocalFile(NS_ConvertUTF8toUTF16(aPath), true,
+ getter_AddRefs(fileOrDir));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ rv = fileOrDir->Normalize();
+ NS_ENSURE_SUCCESS(rv, rv);
+
+#ifdef XP_WIN
+ return fileOrDir->GetTarget(aNormalizedPath);
+#else
+ bool isLink = false;
+ rv = fileOrDir->IsSymlink(&isLink);
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (isLink) {
+ return fileOrDir->GetNativeTarget(aNormalizedPath);
+ }
+ return fileOrDir->GetNativePath(aNormalizedPath);
+#endif
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPProcessParent.h b/dom/media/gmp/GMPProcessParent.h
new file mode 100644
index 0000000000..bf16a96380
--- /dev/null
+++ b/dom/media/gmp/GMPProcessParent.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: sw=2 ts=4 et :
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPProcessParent_h
+#define GMPProcessParent_h 1
+
+#include "mozilla/Attributes.h"
+#include "base/basictypes.h"
+#include "base/file_path.h"
+#include "base/thread.h"
+#include "mozilla/ipc/GeckoChildProcessHost.h"
+#include "nsIFile.h"
+
+class nsIRunnable;
+
+namespace mozilla::gmp {
+
+class GMPProcessParent final : public mozilla::ipc::GeckoChildProcessHost {
+ public:
+ explicit GMPProcessParent(const std::string& aGMPPath);
+
+ // Synchronously launch the plugin process. If the process fails to launch
+ // after timeoutMs, this method will return false.
+ bool Launch(int32_t aTimeoutMs);
+
+ void Delete(nsCOMPtr<nsIRunnable> aCallback = nullptr);
+
+ bool CanShutdown() override { return true; }
+ const std::string& GetPluginFilePath() { return mGMPPath; }
+ bool UseXPCOM() const { return mUseXpcom; }
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ // Init static members on the main thread
+ static void InitStaticMainThread();
+
+ // Read prefs and environment variables to determine
+ // when and if to start the Mac sandbox for the child
+ // process. Starting the sandbox at launch is the new
+ // preferred method. Code to support starting the sandbox
+ // later at plugin start time should be removed once
+ // starting at launch is stable and shipping.
+ bool IsMacSandboxLaunchEnabled() override;
+
+ // For process sandboxing purposes, set whether or not this
+ // instance of the GMP process requires access to the macOS
+ // window server. At present, Widevine requires window server
+ // access, but OpenH264 decoding does not.
+ void SetRequiresWindowServer(bool aRequiresWindowServer);
+
+ // Return the sandbox type to be used with this process type.
+ static MacSandboxType GetMacSandboxType() { return MacSandboxType_GMP; };
+#endif
+
+ using mozilla::ipc::GeckoChildProcessHost::GetChildProcessHandle;
+
+ private:
+ ~GMPProcessParent();
+
+ void DoDelete();
+
+ std::string mGMPPath;
+ nsCOMPtr<nsIRunnable> mDeletedCallback;
+
+ // Whether or not XPCOM is enabled in the GMP process.
+ bool mUseXpcom;
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ // Indicates whether we'll start the Mac GMP sandbox during
+ // process launch (earlyinit) which is the new preferred method
+ // or later in the process lifetime.
+ static bool sLaunchWithMacSandbox;
+
+ // Whether or not Mac sandbox violation logging is enabled.
+ static bool sMacSandboxGMPLogging;
+
+ // Override so we can set GMP-specific sandbox parameters
+ bool FillMacSandboxInfo(MacSandboxInfo& aInfo) override;
+
+ // Controls whether or not the sandbox will be configured with
+ // window service access.
+ bool mRequiresWindowServer;
+
+# if defined(DEBUG)
+ // Used to assert InitStaticMainThread() is called before the constructor.
+ static bool sIsMainThreadInitDone;
+# endif
+#endif
+
+ // For normalizing paths to be compatible with sandboxing.
+ // We use normalized paths to generate the sandbox ruleset. Once
+ // the sandbox has been started, resolving symlinks that point to
+ // allowed directories could require reading paths not allowed by
+ // the sandbox, so we should only attempt to load plugin libraries
+ // using normalized paths.
+ static nsresult NormalizePath(const char* aPath, PathString& aNormalizedPath);
+
+ DISALLOW_COPY_AND_ASSIGN(GMPProcessParent);
+};
+
+} // namespace mozilla::gmp
+
+#endif // ifndef GMPProcessParent_h
diff --git a/dom/media/gmp/GMPSanitizedExports.h b/dom/media/gmp/GMPSanitizedExports.h
new file mode 100644
index 0000000000..76c00dba9b
--- /dev/null
+++ b/dom/media/gmp/GMPSanitizedExports.h
@@ -0,0 +1,22 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+// This file exposes symbols from the CDM headers + undefines macros which
+// X11 defines and which clash with the CDM headers.
+//
+// Ideally we can prune where X11 headers are included so that we don't need
+// this, but this band aid is useful until then.
+
+#ifndef DOM_MEDIA_GMP_GMP_API_GMP_SANITIZED_CDM_EXPORTS_H_
+#define DOM_MEDIA_GMP_GMP_API_GMP_SANITIZED_CDM_EXPORTS_H_
+
+// If Status is defined undef it so we don't break the CDM headers.
+#ifdef Status
+# undef Status
+#endif // Status
+#include "content_decryption_module.h"
+
+#endif // DOM_MEDIA_GMP_GMP_API_GMP_SANITIZED_CDM_EXPORTS_H_
diff --git a/dom/media/gmp/GMPService.cpp b/dom/media/gmp/GMPService.cpp
new file mode 100644
index 0000000000..552276356f
--- /dev/null
+++ b/dom/media/gmp/GMPService.cpp
@@ -0,0 +1,574 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPService.h"
+
+#include "ChromiumCDMParent.h"
+#include "GMPLog.h"
+#include "GMPParent.h"
+#include "GMPProcessParent.h"
+#include "GMPServiceChild.h"
+#include "GMPServiceParent.h"
+#include "GMPVideoDecoderParent.h"
+#include "mozilla/ipc/GeckoChildProcessHost.h"
+#include "mozilla/ClearOnShutdown.h"
+#include "mozilla/EventDispatcher.h"
+#include "mozilla/dom/Document.h"
+#include "mozilla/dom/PluginCrashedEvent.h"
+#include "nsThreadUtils.h"
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+# include "mozilla/SandboxInfo.h"
+#endif
+#include "VideoUtils.h"
+#include "mozilla/Services.h"
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsGlobalWindowInner.h"
+#include "nsHashKeys.h"
+#include "nsIObserverService.h"
+#include "nsIXULAppInfo.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsXPCOMPrivate.h"
+#include "prio.h"
+#include "runnable_utils.h"
+
+namespace mozilla {
+
+LogModule* GetGMPLog() {
+ static LazyLogModule sLog("GMP");
+ return sLog;
+}
+
+LogModule* GetGMPLibraryLog() {
+ static LazyLogModule sLog("GMPLibrary");
+ return sLog;
+}
+
+GMPLogLevel GetGMPLibraryLogLevel() {
+ switch (GetGMPLibraryLog()->Level()) {
+ case LogLevel::Disabled:
+ return kGMPLogQuiet;
+ case LogLevel::Error:
+ return kGMPLogError;
+ case LogLevel::Warning:
+ return kGMPLogWarning;
+ case LogLevel::Info:
+ return kGMPLogInfo;
+ case LogLevel::Debug:
+ return kGMPLogDebug;
+ case LogLevel::Verbose:
+ return kGMPLogDetail;
+ }
+ return kGMPLogInvalid;
+}
+
+#ifdef __CLASS__
+# undef __CLASS__
+#endif
+#define __CLASS__ "GMPService"
+
+namespace gmp {
+
+static StaticRefPtr<GeckoMediaPluginService> sSingletonService;
+
+class GMPServiceCreateHelper final : public mozilla::Runnable {
+ RefPtr<GeckoMediaPluginService> mService;
+
+ public:
+ static already_AddRefed<GeckoMediaPluginService> GetOrCreate() {
+ RefPtr<GeckoMediaPluginService> service;
+
+ if (NS_IsMainThread()) {
+ service = GetOrCreateOnMainThread();
+ } else {
+ RefPtr<GMPServiceCreateHelper> createHelper =
+ new GMPServiceCreateHelper();
+
+ mozilla::SyncRunnable::DispatchToThread(GetMainThreadSerialEventTarget(),
+ createHelper, true);
+
+ service = std::move(createHelper->mService);
+ }
+
+ return service.forget();
+ }
+
+ private:
+ GMPServiceCreateHelper() : Runnable("GMPServiceCreateHelper") {}
+
+ ~GMPServiceCreateHelper() { MOZ_ASSERT(!mService); }
+
+ static already_AddRefed<GeckoMediaPluginService> GetOrCreateOnMainThread() {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ if (!sSingletonService) {
+ if (XRE_IsParentProcess()) {
+ RefPtr<GeckoMediaPluginServiceParent> service =
+ new GeckoMediaPluginServiceParent();
+ if (NS_WARN_IF(NS_FAILED(service->Init()))) {
+ return nullptr;
+ }
+ sSingletonService = service;
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ // GMPProcessParent should only be instantiated in the parent
+ // so initialization only needs to be done in the parent.
+ GMPProcessParent::InitStaticMainThread();
+#endif
+ } else {
+ RefPtr<GeckoMediaPluginServiceChild> service =
+ new GeckoMediaPluginServiceChild();
+ if (NS_WARN_IF(NS_FAILED(service->Init()))) {
+ return nullptr;
+ }
+ sSingletonService = service;
+ }
+ ClearOnShutdown(&sSingletonService);
+ }
+
+ RefPtr<GeckoMediaPluginService> service = sSingletonService.get();
+ return service.forget();
+ }
+
+ NS_IMETHOD
+ Run() override {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ mService = GetOrCreateOnMainThread();
+ return NS_OK;
+ }
+};
+
+already_AddRefed<GeckoMediaPluginService>
+GeckoMediaPluginService::GetGeckoMediaPluginService() {
+ return GMPServiceCreateHelper::GetOrCreate();
+}
+
+NS_IMPL_ISUPPORTS(GeckoMediaPluginService, mozIGeckoMediaPluginService,
+ nsIObserver)
+
+GeckoMediaPluginService::GeckoMediaPluginService()
+ : mMutex("GeckoMediaPluginService::mMutex"),
+ mMainThread(GetMainThreadSerialEventTarget()),
+ mGMPThreadShutdown(false),
+ mShuttingDownOnGMPThread(false),
+ mXPCOMWillShutdown(false) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ nsCOMPtr<nsIXULAppInfo> appInfo =
+ do_GetService("@mozilla.org/xre/app-info;1");
+ if (appInfo) {
+ nsAutoCString version;
+ nsAutoCString buildID;
+ if (NS_SUCCEEDED(appInfo->GetVersion(version)) &&
+ NS_SUCCEEDED(appInfo->GetAppBuildID(buildID))) {
+ GMP_LOG_DEBUG(
+ "GeckoMediaPluginService created; Gecko version=%s buildID=%s",
+ version.get(), buildID.get());
+ }
+ }
+}
+
+GeckoMediaPluginService::~GeckoMediaPluginService() = default;
+
+NS_IMETHODIMP
+GeckoMediaPluginService::RunPluginCrashCallbacks(
+ uint32_t aPluginId, const nsACString& aPluginName) {
+ MOZ_ASSERT(NS_IsMainThread());
+ GMP_LOG_DEBUG("%s::%s(%i)", __CLASS__, __FUNCTION__, aPluginId);
+
+ mozilla::UniquePtr<nsTArray<RefPtr<GMPCrashHelper>>> helpers;
+ {
+ MutexAutoLock lock(mMutex);
+ mPluginCrashHelpers.Remove(aPluginId, &helpers);
+ }
+ if (!helpers) {
+ GMP_LOG_DEBUG("%s::%s(%i) No crash helpers, not handling crash.", __CLASS__,
+ __FUNCTION__, aPluginId);
+ return NS_OK;
+ }
+
+ for (const auto& helper : *helpers) {
+ nsCOMPtr<nsPIDOMWindowInner> window = helper->GetPluginCrashedEventTarget();
+ if (NS_WARN_IF(!window)) {
+ continue;
+ }
+ RefPtr<dom::Document> document(window->GetExtantDoc());
+ if (NS_WARN_IF(!document)) {
+ continue;
+ }
+
+ dom::PluginCrashedEventInit init;
+ init.mPluginID = aPluginId;
+ init.mBubbles = true;
+ init.mCancelable = true;
+ init.mGmpPlugin = true;
+ CopyUTF8toUTF16(aPluginName, init.mPluginName);
+ init.mSubmittedCrashReport = false;
+ RefPtr<dom::PluginCrashedEvent> event =
+ dom::PluginCrashedEvent::Constructor(document, u"PluginCrashed"_ns,
+ init);
+ event->SetTrusted(true);
+ event->WidgetEventPtr()->mFlags.mOnlyChromeDispatch = true;
+
+ // MOZ_KnownLive due to bug 1506441
+ EventDispatcher::DispatchDOMEvent(
+ MOZ_KnownLive(nsGlobalWindowInner::Cast(window)), nullptr, event,
+ nullptr, nullptr);
+ }
+
+ return NS_OK;
+}
+
+nsresult GeckoMediaPluginService::Init() {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ nsCOMPtr<nsIObserverService> obsService =
+ mozilla::services::GetObserverService();
+ MOZ_ASSERT(obsService);
+ MOZ_ALWAYS_SUCCEEDS(obsService->AddObserver(
+ this, NS_XPCOM_SHUTDOWN_THREADS_OBSERVER_ID, false));
+
+ // Kick off scanning for plugins
+ nsCOMPtr<nsIThread> thread;
+ return GetThread(getter_AddRefs(thread));
+}
+
+RefPtr<GetCDMParentPromise> GeckoMediaPluginService::GetCDM(
+ const NodeIdParts& aNodeIdParts, const nsACString& aKeySystem,
+ GMPCrashHelper* aHelper) {
+ AssertOnGMPThread();
+
+ if (mShuttingDownOnGMPThread || aKeySystem.IsEmpty()) {
+ nsPrintfCString reason(
+ "%s::%s failed, aKeySystem.IsEmpty() = %d, mShuttingDownOnGMPThread = "
+ "%d.",
+ __CLASS__, __FUNCTION__, aKeySystem.IsEmpty(),
+ mShuttingDownOnGMPThread);
+ return GetCDMParentPromise::CreateAndReject(
+ MediaResult(NS_ERROR_FAILURE, reason.get()), __func__);
+ }
+
+ typedef MozPromiseHolder<GetCDMParentPromise> PromiseHolder;
+ PromiseHolder* rawHolder(new PromiseHolder());
+ RefPtr<GetCDMParentPromise> promise = rawHolder->Ensure(__func__);
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ RefPtr<GMPCrashHelper> helper(aHelper);
+ nsTArray<nsCString> tags{nsCString{aKeySystem}};
+ GetContentParent(aHelper, NodeIdVariant{aNodeIdParts},
+ nsLiteralCString(CHROMIUM_CDM_API), tags)
+ ->Then(
+ thread, __func__,
+ [rawHolder, helper, keySystem = nsCString{aKeySystem}](
+ const RefPtr<GMPContentParentCloseBlocker>& wrapper) {
+ RefPtr<GMPContentParent> parent = wrapper->mParent;
+ MOZ_ASSERT(
+ parent,
+ "Wrapper should wrap a valid parent if we're in this path.");
+ UniquePtr<PromiseHolder> holder(rawHolder);
+ RefPtr<ChromiumCDMParent> cdm = parent->GetChromiumCDM(keySystem);
+ if (!cdm) {
+ nsPrintfCString reason(
+ "%s::%s failed since GetChromiumCDM returns nullptr.",
+ __CLASS__, __FUNCTION__);
+ holder->Reject(MediaResult(NS_ERROR_FAILURE, reason.get()),
+ __func__);
+ return;
+ }
+ if (helper) {
+ cdm->SetCrashHelper(helper);
+ }
+ holder->Resolve(cdm, __func__);
+ },
+ [rawHolder](MediaResult result) {
+ nsPrintfCString reason(
+ "%s::%s failed since GetContentParent rejects the promise with "
+ "reason %s.",
+ __CLASS__, __FUNCTION__, result.Description().get());
+ UniquePtr<PromiseHolder> holder(rawHolder);
+ holder->Reject(MediaResult(NS_ERROR_FAILURE, reason.get()),
+ __func__);
+ });
+
+ return promise;
+}
+
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+RefPtr<GetGMPContentParentPromise>
+GeckoMediaPluginService::GetContentParentForTest() {
+ AssertOnGMPThread();
+
+ nsTArray<nsCString> tags;
+ tags.AppendElement("fake"_ns);
+
+ const nsString origin1 = u"http://example1.com"_ns;
+ const nsString origin2 = u"http://example2.org"_ns;
+ const nsString gmpName = u"gmp-fake"_ns;
+
+ NodeIdParts nodeIdParts = NodeIdParts{origin1, origin2, gmpName};
+
+ if (mShuttingDownOnGMPThread) {
+ nsPrintfCString reason("%s::%s failed, mShuttingDownOnGMPThread = %d.",
+ __CLASS__, __FUNCTION__, mShuttingDownOnGMPThread);
+ return GetGMPContentParentPromise::CreateAndReject(
+ MediaResult(NS_ERROR_FAILURE, reason.get()), __func__);
+ }
+
+ using PromiseHolder = MozPromiseHolder<GetGMPContentParentPromise>;
+ PromiseHolder* rawHolder(new PromiseHolder());
+ RefPtr<GetGMPContentParentPromise> promise = rawHolder->Ensure(__func__);
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ GetContentParent(nullptr, NodeIdVariant{nodeIdParts},
+ nsLiteralCString(CHROMIUM_CDM_API), tags)
+ ->Then(
+ thread, __func__,
+ [rawHolder](const RefPtr<GMPContentParentCloseBlocker>& wrapper) {
+ RefPtr<GMPContentParent> parent = wrapper->mParent;
+ MOZ_ASSERT(
+ parent,
+ "Wrapper should wrap a valid parent if we're in this path.");
+ UniquePtr<PromiseHolder> holder(rawHolder);
+ if (!parent) {
+ nsPrintfCString reason("%s::%s failed since no GMPContentParent.",
+ __CLASS__, __FUNCTION__);
+ holder->Reject(MediaResult(NS_ERROR_FAILURE, reason.get()),
+ __func__);
+ return;
+ }
+ holder->Resolve(wrapper, __func__);
+ },
+ [rawHolder](const MediaResult& result) {
+ nsPrintfCString reason(
+ "%s::%s failed since GetContentParent rejects the promise with "
+ "reason %s.",
+ __CLASS__, __FUNCTION__, result.Description().get());
+ UniquePtr<PromiseHolder> holder(rawHolder);
+ holder->Reject(MediaResult(NS_ERROR_FAILURE, reason.get()),
+ __func__);
+ });
+
+ return promise;
+}
+#endif
+
+void GeckoMediaPluginService::ShutdownGMPThread() {
+ GMP_LOG_DEBUG("%s::%s", __CLASS__, __FUNCTION__);
+ nsCOMPtr<nsIThread> gmpThread;
+ {
+ MutexAutoLock lock(mMutex);
+ mGMPThreadShutdown = true;
+ mGMPThread.swap(gmpThread);
+ }
+
+ if (gmpThread) {
+ gmpThread->Shutdown();
+ }
+}
+
+/* static */
+nsCOMPtr<nsIAsyncShutdownClient> GeckoMediaPluginService::GetShutdownBarrier() {
+ nsCOMPtr<nsIAsyncShutdownService> svc = services::GetAsyncShutdownService();
+ if (NS_WARN_IF(!svc)) {
+ MOZ_ASSERT_UNREACHABLE("No async shutdown service!");
+ return nullptr;
+ }
+
+ nsCOMPtr<nsIAsyncShutdownClient> barrier;
+ nsresult rv = svc->GetXpcomWillShutdown(getter_AddRefs(barrier));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ MOZ_ASSERT_UNREACHABLE("Could not create shutdown barrier!");
+ return nullptr;
+ }
+
+ MOZ_RELEASE_ASSERT(barrier);
+ return barrier;
+}
+
+nsresult GeckoMediaPluginService::GMPDispatch(nsIRunnable* event,
+ uint32_t flags) {
+ nsCOMPtr<nsIRunnable> r(event);
+ return GMPDispatch(r.forget(), flags);
+}
+
+nsresult GeckoMediaPluginService::GMPDispatch(
+ already_AddRefed<nsIRunnable> event, uint32_t flags) {
+ nsCOMPtr<nsIRunnable> r(event);
+ nsCOMPtr<nsIThread> thread;
+ nsresult rv = GetThread(getter_AddRefs(thread));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ return thread->Dispatch(r, flags);
+}
+
+// always call with getter_AddRefs, because it does
+NS_IMETHODIMP
+GeckoMediaPluginService::GetThread(nsIThread** aThread) {
+ MOZ_ASSERT(aThread);
+
+ // This can be called from any thread.
+ MutexAutoLock lock(mMutex);
+
+ return GetThreadLocked(aThread);
+}
+
+// always call with getter_AddRefs, because it does
+nsresult GeckoMediaPluginService::GetThreadLocked(nsIThread** aThread) {
+ MOZ_ASSERT(aThread);
+
+ mMutex.AssertCurrentThreadOwns();
+
+ if (!mGMPThread) {
+ // Don't allow the thread to be created after shutdown has started.
+ if (mGMPThreadShutdown) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsresult rv = NS_NewNamedThread("GMPThread", getter_AddRefs(mGMPThread));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ // Tell the thread to initialize plugins
+ InitializePlugins(mGMPThread);
+ }
+
+ nsCOMPtr<nsIThread> copy = mGMPThread;
+ copy.forget(aThread);
+
+ return NS_OK;
+}
+
+already_AddRefed<nsISerialEventTarget> GeckoMediaPluginService::GetGMPThread() {
+ nsCOMPtr<nsISerialEventTarget> thread;
+ {
+ MutexAutoLock lock(mMutex);
+ thread = mGMPThread;
+ }
+ return thread.forget();
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginService::GetGMPVideoDecoder(
+ GMPCrashHelper* aHelper, nsTArray<nsCString>* aTags,
+ const nsACString& aNodeId,
+ UniquePtr<GetGMPVideoDecoderCallback>&& aCallback) {
+ AssertOnGMPThread();
+ NS_ENSURE_ARG(aTags && aTags->Length() > 0);
+ NS_ENSURE_ARG(aCallback);
+
+ if (mShuttingDownOnGMPThread) {
+ return NS_ERROR_FAILURE;
+ }
+
+ GetGMPVideoDecoderCallback* rawCallback = aCallback.release();
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ RefPtr<GMPCrashHelper> helper(aHelper);
+ GetContentParent(aHelper, NodeIdVariant{nsCString(aNodeId)},
+ nsLiteralCString(GMP_API_VIDEO_DECODER), *aTags)
+ ->Then(
+ thread, __func__,
+ [rawCallback,
+ helper](const RefPtr<GMPContentParentCloseBlocker>& wrapper) {
+ RefPtr<GMPContentParent> parent = wrapper->mParent;
+ UniquePtr<GetGMPVideoDecoderCallback> callback(rawCallback);
+ GMPVideoDecoderParent* actor = nullptr;
+ GMPVideoHostImpl* host = nullptr;
+ if (parent && NS_SUCCEEDED(parent->GetGMPVideoDecoder(&actor))) {
+ host = &(actor->Host());
+ actor->SetCrashHelper(helper);
+ }
+ callback->Done(actor, host);
+ },
+ [rawCallback] {
+ UniquePtr<GetGMPVideoDecoderCallback> callback(rawCallback);
+ callback->Done(nullptr, nullptr);
+ });
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginService::GetGMPVideoEncoder(
+ GMPCrashHelper* aHelper, nsTArray<nsCString>* aTags,
+ const nsACString& aNodeId,
+ UniquePtr<GetGMPVideoEncoderCallback>&& aCallback) {
+ AssertOnGMPThread();
+ NS_ENSURE_ARG(aTags && aTags->Length() > 0);
+ NS_ENSURE_ARG(aCallback);
+
+ if (mShuttingDownOnGMPThread) {
+ return NS_ERROR_FAILURE;
+ }
+
+ GetGMPVideoEncoderCallback* rawCallback = aCallback.release();
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ RefPtr<GMPCrashHelper> helper(aHelper);
+ GetContentParent(aHelper, NodeIdVariant{nsCString(aNodeId)},
+ nsLiteralCString(GMP_API_VIDEO_ENCODER), *aTags)
+ ->Then(
+ thread, __func__,
+ [rawCallback,
+ helper](const RefPtr<GMPContentParentCloseBlocker>& wrapper) {
+ RefPtr<GMPContentParent> parent = wrapper->mParent;
+ UniquePtr<GetGMPVideoEncoderCallback> callback(rawCallback);
+ GMPVideoEncoderParent* actor = nullptr;
+ GMPVideoHostImpl* host = nullptr;
+ if (parent && NS_SUCCEEDED(parent->GetGMPVideoEncoder(&actor))) {
+ host = &(actor->Host());
+ actor->SetCrashHelper(helper);
+ }
+ callback->Done(actor, host);
+ },
+ [rawCallback] {
+ UniquePtr<GetGMPVideoEncoderCallback> callback(rawCallback);
+ callback->Done(nullptr, nullptr);
+ });
+
+ return NS_OK;
+}
+
+void GeckoMediaPluginService::ConnectCrashHelper(uint32_t aPluginId,
+ GMPCrashHelper* aHelper) {
+ if (!aHelper) {
+ return;
+ }
+
+ MutexAutoLock lock(mMutex);
+ mPluginCrashHelpers.WithEntryHandle(aPluginId, [&](auto&& entry) {
+ if (!entry) {
+ entry.Insert(MakeUnique<nsTArray<RefPtr<GMPCrashHelper>>>());
+ } else if (entry.Data()->Contains(aHelper)) {
+ return;
+ }
+ entry.Data()->AppendElement(aHelper);
+ });
+}
+
+void GeckoMediaPluginService::DisconnectCrashHelper(GMPCrashHelper* aHelper) {
+ if (!aHelper) {
+ return;
+ }
+ MutexAutoLock lock(mMutex);
+ for (auto iter = mPluginCrashHelpers.Iter(); !iter.Done(); iter.Next()) {
+ nsTArray<RefPtr<GMPCrashHelper>>* helpers = iter.UserData();
+ if (!helpers->Contains(aHelper)) {
+ continue;
+ }
+ helpers->RemoveElement(aHelper);
+ MOZ_ASSERT(!helpers->Contains(aHelper)); // Ensure there aren't duplicates.
+ if (helpers->IsEmpty()) {
+ iter.Remove();
+ }
+ }
+}
+
+} // namespace gmp
+} // namespace mozilla
+
+#undef __CLASS__
diff --git a/dom/media/gmp/GMPService.h b/dom/media/gmp/GMPService.h
new file mode 100644
index 0000000000..4385a367a6
--- /dev/null
+++ b/dom/media/gmp/GMPService.h
@@ -0,0 +1,129 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPService_h_
+#define GMPService_h_
+
+#include "GMPContentParent.h"
+#include "GMPCrashHelper.h"
+#include "gmp-video-codec.h"
+#include "mozIGeckoMediaPluginService.h"
+#include "mozilla/Atomics.h"
+#include "mozilla/gmp/GMPTypes.h"
+#include "mozilla/MozPromise.h"
+#include "nsCOMPtr.h"
+#include "nsClassHashtable.h"
+#include "nsIObserver.h"
+#include "nsString.h"
+#include "nsTArray.h"
+
+class nsIAsyncShutdownClient;
+class nsIRunnable;
+class nsISerialEventTarget;
+class nsIThread;
+
+template <class>
+struct already_AddRefed;
+
+namespace mozilla {
+
+class GMPCrashHelper;
+class MediaResult;
+
+extern LogModule* GetGMPLog();
+extern LogModule* GetGMPLibraryLog();
+extern GMPLogLevel GetGMPLibraryLogLevel();
+
+namespace gmp {
+
+using GetGMPContentParentPromise =
+ MozPromise<RefPtr<GMPContentParentCloseBlocker>, MediaResult,
+ /* IsExclusive = */ true>;
+using GetCDMParentPromise = MozPromise<RefPtr<ChromiumCDMParent>, MediaResult,
+ /* IsExclusive = */ true>;
+
+class GeckoMediaPluginService : public mozIGeckoMediaPluginService,
+ public nsIObserver {
+ public:
+ static already_AddRefed<GeckoMediaPluginService> GetGeckoMediaPluginService();
+
+ virtual nsresult Init();
+
+ NS_DECL_THREADSAFE_ISUPPORTS
+
+ RefPtr<GetCDMParentPromise> GetCDM(const NodeIdParts& aNodeIdParts,
+ const nsACString& aKeySystem,
+ GMPCrashHelper* aHelper);
+
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+ RefPtr<GetGMPContentParentPromise> GetContentParentForTest();
+#endif
+
+ // mozIGeckoMediaPluginService
+ NS_IMETHOD GetThread(nsIThread** aThread) override MOZ_EXCLUDES(mMutex);
+ nsresult GetThreadLocked(nsIThread** aThread) MOZ_REQUIRES(mMutex);
+ NS_IMETHOD GetGMPVideoDecoder(
+ GMPCrashHelper* aHelper, nsTArray<nsCString>* aTags,
+ const nsACString& aNodeId,
+ UniquePtr<GetGMPVideoDecoderCallback>&& aCallback) override;
+ NS_IMETHOD GetGMPVideoEncoder(
+ GMPCrashHelper* aHelper, nsTArray<nsCString>* aTags,
+ const nsACString& aNodeId,
+ UniquePtr<GetGMPVideoEncoderCallback>&& aCallback) override;
+
+ // TODO: Convert this to MOZ_CAN_RUN_SCRIPT (bug 1415230)
+ MOZ_CAN_RUN_SCRIPT_BOUNDARY NS_IMETHOD RunPluginCrashCallbacks(
+ uint32_t aPluginId, const nsACString& aPluginName) override;
+
+ already_AddRefed<nsISerialEventTarget> GetGMPThread();
+
+ void ConnectCrashHelper(uint32_t aPluginId, GMPCrashHelper* aHelper);
+ void DisconnectCrashHelper(GMPCrashHelper* aHelper);
+
+ bool XPCOMWillShutdownReceived() const { return mXPCOMWillShutdown; }
+
+ protected:
+ GeckoMediaPluginService();
+ virtual ~GeckoMediaPluginService();
+
+ void AssertOnGMPThread() {
+#ifdef DEBUG
+ MutexAutoLock lock(mMutex);
+ MOZ_ASSERT(mGMPThread->IsOnCurrentThread());
+#endif
+ }
+
+ virtual void InitializePlugins(nsISerialEventTarget* aGMPThread) = 0;
+
+ virtual RefPtr<GetGMPContentParentPromise> GetContentParent(
+ GMPCrashHelper* aHelper, const NodeIdVariant& aNodeIdVariant,
+ const nsACString& aAPI, const nsTArray<nsCString>& aTags) = 0;
+
+ nsresult GMPDispatch(nsIRunnable* event, uint32_t flags = NS_DISPATCH_NORMAL);
+ nsresult GMPDispatch(already_AddRefed<nsIRunnable> event,
+ uint32_t flags = NS_DISPATCH_NORMAL);
+ void ShutdownGMPThread();
+
+ static nsCOMPtr<nsIAsyncShutdownClient> GetShutdownBarrier();
+
+ Mutex mMutex; // Protects mGMPThread, mPluginCrashHelpers,
+ // mGMPThreadShutdown and some members in
+ // derived classes.
+
+ const nsCOMPtr<nsISerialEventTarget> mMainThread;
+
+ nsCOMPtr<nsIThread> mGMPThread MOZ_GUARDED_BY(mMutex);
+ bool mGMPThreadShutdown MOZ_GUARDED_BY(mMutex);
+ bool mShuttingDownOnGMPThread;
+ Atomic<bool> mXPCOMWillShutdown;
+
+ nsClassHashtable<nsUint32HashKey, nsTArray<RefPtr<GMPCrashHelper>>>
+ mPluginCrashHelpers MOZ_GUARDED_BY(mMutex);
+};
+
+} // namespace gmp
+} // namespace mozilla
+
+#endif // GMPService_h_
diff --git a/dom/media/gmp/GMPServiceChild.cpp b/dom/media/gmp/GMPServiceChild.cpp
new file mode 100644
index 0000000000..1d8f399aeb
--- /dev/null
+++ b/dom/media/gmp/GMPServiceChild.cpp
@@ -0,0 +1,649 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPServiceChild.h"
+
+#include "GMPLog.h"
+#include "GMPParent.h"
+#include "base/task.h"
+#include "mozIGeckoMediaPluginChromeService.h"
+#include "mozilla/ClearOnShutdown.h"
+#include "mozilla/SchedulerGroup.h"
+#include "mozilla/StaticMutex.h"
+#include "mozilla/StaticPtr.h"
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/ipc/Endpoint.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIObserverService.h"
+#include "nsReadableUtils.h"
+#include "nsXPCOMPrivate.h"
+#include "runnable_utils.h"
+
+namespace mozilla::gmp {
+
+#ifdef __CLASS__
+# undef __CLASS__
+#endif
+#define __CLASS__ "GMPServiceChild"
+
+already_AddRefed<GeckoMediaPluginServiceChild>
+GeckoMediaPluginServiceChild::GetSingleton() {
+ MOZ_ASSERT(!XRE_IsParentProcess());
+ RefPtr<GeckoMediaPluginService> service(
+ GeckoMediaPluginService::GetGeckoMediaPluginService());
+#ifdef DEBUG
+ if (service) {
+ nsCOMPtr<mozIGeckoMediaPluginChromeService> chromeService;
+ CallQueryInterface(service.get(), getter_AddRefs(chromeService));
+ MOZ_ASSERT(!chromeService);
+ }
+#endif
+ return service.forget().downcast<GeckoMediaPluginServiceChild>();
+}
+
+nsresult GeckoMediaPluginServiceChild::Init() {
+ MOZ_ASSERT(NS_IsMainThread());
+ GMP_LOG_DEBUG("%s::%s", __CLASS__, __FUNCTION__);
+
+ nsresult rv = AddShutdownBlocker();
+ if (NS_FAILED(rv)) {
+ MOZ_ASSERT_UNREACHABLE(
+ "We expect xpcom to be live when calling this, so we should be able to "
+ "add a blocker");
+ GMP_LOG_DEBUG("%s::%s failed to add shutdown blocker!", __CLASS__,
+ __FUNCTION__);
+ return rv;
+ }
+
+ return GeckoMediaPluginService::Init();
+}
+
+NS_IMPL_ISUPPORTS_INHERITED(GeckoMediaPluginServiceChild,
+ GeckoMediaPluginService, nsIAsyncShutdownBlocker)
+
+// Used to identify blockers that we put in place.
+static const nsLiteralString kShutdownBlockerName =
+ u"GeckoMediaPluginServiceChild: shutdown"_ns;
+
+// nsIAsyncShutdownBlocker members
+NS_IMETHODIMP
+GeckoMediaPluginServiceChild::GetName(nsAString& aName) {
+ aName = kShutdownBlockerName;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceChild::GetState(nsIPropertyBag**) { return NS_OK; }
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceChild::BlockShutdown(nsIAsyncShutdownClient*) {
+ MOZ_ASSERT(NS_IsMainThread());
+ GMP_LOG_DEBUG("%s::%s", __CLASS__, __FUNCTION__);
+
+ mXPCOMWillShutdown = true;
+
+ MutexAutoLock lock(mMutex);
+ Unused << NS_WARN_IF(NS_FAILED(mGMPThread->Dispatch(
+ NewRunnableMethod("GeckoMediaPluginServiceChild::BeginShutdown", this,
+ &GeckoMediaPluginServiceChild::BeginShutdown))));
+ return NS_OK;
+}
+// End nsIAsyncShutdownBlocker members
+
+GeckoMediaPluginServiceChild::~GeckoMediaPluginServiceChild() {
+ MOZ_ASSERT(!mServiceChild);
+}
+
+RefPtr<GetGMPContentParentPromise>
+GeckoMediaPluginServiceChild::GetContentParent(
+ GMPCrashHelper* aHelper, const NodeIdVariant& aNodeIdVariant,
+ const nsACString& aAPI, const nsTArray<nsCString>& aTags) {
+ AssertOnGMPThread();
+ MOZ_ASSERT(!mShuttingDownOnGMPThread,
+ "Should not be called if GMPThread is shutting down!");
+
+ MozPromiseHolder<GetGMPContentParentPromise>* rawHolder =
+ new MozPromiseHolder<GetGMPContentParentPromise>();
+ RefPtr<GetGMPContentParentPromise> promise = rawHolder->Ensure(__func__);
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+
+ nsCString api(aAPI);
+ RefPtr<GMPCrashHelper> helper(aHelper);
+ RefPtr<GeckoMediaPluginServiceChild> self(this);
+
+ mPendingGetContentParents += 1;
+
+ GetServiceChild()->Then(
+ thread, __func__,
+ [nodeIdVariant = aNodeIdVariant, self, api, tags = aTags.Clone(), helper,
+ rawHolder](GMPServiceChild* child) {
+ nsTArray<base::ProcessId> alreadyBridgedTo;
+
+ // We want to force the content process to keep all of our
+ // GMPContentParent IPDL objects alive while we wait to resolve which
+ // process can satisfy our request. This avoids a race condition where
+ // the last dependency is released before we can acquire our own.
+ auto* rawBlockers =
+ new nsTArray<RefPtr<GMPContentParentCloseBlocker>>();
+ child->GetAndBlockAlreadyBridgedTo(alreadyBridgedTo, *rawBlockers);
+
+ child->SendLaunchGMP(
+ nodeIdVariant, api, tags, alreadyBridgedTo,
+ [rawHolder, self, helper, rawBlockers,
+ child = RefPtr{child}](GMPLaunchResult&& aResult) {
+ UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>> holder(
+ rawHolder);
+ UniquePtr<nsTArray<RefPtr<GMPContentParentCloseBlocker>>>
+ blockers(rawBlockers);
+ if (helper && aResult.pluginId()) {
+ // Note: Even if the launch failed, we need to connect the crash
+ // helper so that if the launch failed due to the plugin
+ // crashing, we can report the crash via the crash reporter. The
+ // crash handling notification will arrive shortly if the launch
+ // failed due to the plugin crashing.
+ self->ConnectCrashHelper(aResult.pluginId(), helper);
+ }
+
+ if (NS_WARN_IF(NS_FAILED(aResult.result()))) {
+ MediaResult error(
+ aResult.result(),
+ nsPrintfCString(
+ "GeckoMediaPluginServiceChild::GetContentParent "
+ "SendLaunchGMPForNodeId failed with description (%s)",
+ aResult.errorDescription().get()));
+
+ GMP_LOG_DEBUG("%s failed to launch GMP with error: %s",
+ __CLASS__, aResult.errorDescription().get());
+ self->mPendingGetContentParents -= 1;
+ self->RemoveShutdownBlockerIfNeeded();
+
+ holder->Reject(error, __func__);
+ return;
+ }
+
+ // If we didn't explicitly fail, we should have been told about a
+ // process running.
+ MOZ_ASSERT(aResult.pid() != base::kInvalidProcessId);
+
+ // It is possible the GMP process may have terminated before we
+ // were able to process this result. In that case, we should just
+ // fail as normal as the initialization of the IPDL objects would
+ // have just failed anyways and produced the same result.
+ bool contains = child->HasAlreadyBridgedTo(aResult.pid());
+ if (NS_WARN_IF(!contains && !aResult.endpoint().IsValid())) {
+ MediaResult error(
+ aResult.result(),
+ "GeckoMediaPluginServiceChild::GetContentParent "
+ "SendLaunchGMPForNodeId failed with process exit"_ns);
+
+ GMP_LOG_DEBUG("%s failed to launch GMP with process exit",
+ __CLASS__);
+ self->mPendingGetContentParents -= 1;
+ self->RemoveShutdownBlockerIfNeeded();
+
+ holder->Reject(error, __func__);
+ return;
+ }
+
+ RefPtr<GMPContentParent> parent =
+ child->GetBridgedGMPContentParent(
+ aResult.pid(), std::move(aResult.endpoint()));
+ if (!contains) {
+ parent->SetDisplayName(aResult.displayName());
+ parent->SetPluginId(aResult.pluginId());
+ parent->SetPluginType(aResult.pluginType());
+ }
+
+ // The content parent is no longer pending.
+ self->mPendingGetContentParents -= 1;
+ MOZ_ASSERT(child->HaveContentParents(),
+ "We should have at least one content parent!");
+ // We don't check if we need to remove the shutdown blocker here
+ // as we should always have at least one live content parent.
+
+ RefPtr<GMPContentParentCloseBlocker> blocker(
+ new GMPContentParentCloseBlocker(parent));
+ holder->Resolve(blocker, __func__);
+ },
+ [rawHolder, self, helper,
+ rawBlockers](const ipc::ResponseRejectReason&) {
+ UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>> holder(
+ rawHolder);
+ UniquePtr<nsTArray<RefPtr<GMPContentParentCloseBlocker>>>
+ blockers(rawBlockers);
+ MediaResult error(
+ NS_ERROR_FAILURE,
+ "GeckoMediaPluginServiceChild::GetContentParent "
+ "SendLaunchGMPForNodeId failed with IPC error"_ns);
+
+ GMP_LOG_DEBUG("%s failed to launch GMP with IPC error",
+ __CLASS__);
+ self->mPendingGetContentParents -= 1;
+ self->RemoveShutdownBlockerIfNeeded();
+
+ holder->Reject(error, __func__);
+ });
+ },
+ [self, rawHolder](MediaResult result) {
+ self->mPendingGetContentParents -= 1;
+ self->RemoveShutdownBlockerIfNeeded();
+ UniquePtr<MozPromiseHolder<GetGMPContentParentPromise>> holder(
+ rawHolder);
+ holder->Reject(result, __func__);
+ });
+
+ return promise;
+}
+
+typedef mozilla::dom::GMPCapabilityData GMPCapabilityData;
+typedef mozilla::dom::GMPAPITags GMPAPITags;
+
+struct GMPCapabilityAndVersion {
+ explicit GMPCapabilityAndVersion(const GMPCapabilityData& aCapabilities)
+ : mName(aCapabilities.name()), mVersion(aCapabilities.version()) {
+ for (const GMPAPITags& tags : aCapabilities.capabilities()) {
+ GMPCapability cap;
+ cap.mAPIName = tags.api();
+ for (const nsACString& tag : tags.tags()) {
+ cap.mAPITags.AppendElement(tag);
+ }
+ mCapabilities.AppendElement(std::move(cap));
+ }
+ }
+
+ nsCString ToString() const {
+ nsCString s;
+ s.Append(mName);
+ s.AppendLiteral(" version=");
+ s.Append(mVersion);
+ s.AppendLiteral(" tags=[");
+ StringJoinAppend(s, " "_ns, mCapabilities,
+ [](auto& tags, const GMPCapability& cap) {
+ tags.Append(cap.mAPIName);
+ for (const nsACString& tag : cap.mAPITags) {
+ tags.AppendLiteral(":");
+ tags.Append(tag);
+ }
+ });
+ s.AppendLiteral("]");
+ return s;
+ }
+
+ nsCString mName;
+ nsCString mVersion;
+ nsTArray<GMPCapability> mCapabilities;
+};
+
+StaticMutex sGMPCapabilitiesMutex;
+StaticAutoPtr<nsTArray<GMPCapabilityAndVersion>> sGMPCapabilities;
+
+static auto GMPCapabilitiesToString() {
+ return StringJoin(", "_ns, *sGMPCapabilities,
+ [](nsACString& dest, const GMPCapabilityAndVersion& gmp) {
+ dest.Append(gmp.ToString());
+ });
+}
+
+/* static */
+void GeckoMediaPluginServiceChild::UpdateGMPCapabilities(
+ nsTArray<GMPCapabilityData>&& aCapabilities) {
+ {
+ // The mutex should unlock before sending the "gmp-changed" observer
+ // service notification.
+ StaticMutexAutoLock lock(sGMPCapabilitiesMutex);
+ if (!sGMPCapabilities) {
+ sGMPCapabilities = new nsTArray<GMPCapabilityAndVersion>();
+ ClearOnShutdown(&sGMPCapabilities);
+ }
+ sGMPCapabilities->Clear();
+ for (const GMPCapabilityData& plugin : aCapabilities) {
+ sGMPCapabilities->AppendElement(GMPCapabilityAndVersion(plugin));
+ }
+
+ GMP_LOG_DEBUG("%s::%s {%s}", __CLASS__, __FUNCTION__,
+ GMPCapabilitiesToString().get());
+ }
+
+ // Fire a notification so that any MediaKeySystemAccess
+ // requests waiting on a CDM to download will retry.
+ nsCOMPtr<nsIObserverService> obsService =
+ mozilla::services::GetObserverService();
+ MOZ_ASSERT(obsService);
+ if (obsService) {
+ obsService->NotifyObservers(nullptr, "gmp-changed", nullptr);
+ }
+}
+
+void GeckoMediaPluginServiceChild::BeginShutdown() {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s: mServiceChild=%p,", __CLASS__, __FUNCTION__,
+ mServiceChild.get());
+ // It's possible this gets called twice if the parent sends us a message to
+ // shutdown and we block shutdown in content in close proximity.
+ mShuttingDownOnGMPThread = true;
+ RemoveShutdownBlockerIfNeeded();
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceChild::HasPluginForAPI(const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags,
+ bool* aHasPlugin) {
+ StaticMutexAutoLock lock(sGMPCapabilitiesMutex);
+ if (!sGMPCapabilities) {
+ *aHasPlugin = false;
+ return NS_OK;
+ }
+
+ nsCString api(aAPI);
+ for (const GMPCapabilityAndVersion& plugin : *sGMPCapabilities) {
+ if (GMPCapability::Supports(plugin.mCapabilities, api, aTags)) {
+ *aHasPlugin = true;
+ return NS_OK;
+ }
+ }
+
+ *aHasPlugin = false;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceChild::FindPluginDirectoryForAPI(
+ const nsACString& aAPI, const nsTArray<nsCString>& aTags,
+ nsIFile** aDirectory) {
+ return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceChild::GetNodeId(
+ const nsAString& aOrigin, const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName, UniquePtr<GetNodeIdCallback>&& aCallback) {
+ AssertOnGMPThread();
+
+ GetNodeIdCallback* rawCallback = aCallback.release();
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ nsString origin(aOrigin);
+ nsString topLevelOrigin(aTopLevelOrigin);
+ nsString gmpName(aGMPName);
+ GetServiceChild()->Then(
+ thread, __func__,
+ [rawCallback, origin, topLevelOrigin, gmpName](GMPServiceChild* child) {
+ child->SendGetGMPNodeId(
+ origin, topLevelOrigin, gmpName,
+ [rawCallback](nsCString&& aId) {
+ UniquePtr<GetNodeIdCallback> callback(rawCallback);
+ callback->Done(NS_OK, aId);
+ },
+ [rawCallback](const ipc::ResponseRejectReason&) {
+ UniquePtr<GetNodeIdCallback> callback(rawCallback);
+ callback->Done(NS_ERROR_FAILURE, ""_ns);
+ });
+ },
+ [rawCallback](nsresult rv) {
+ UniquePtr<GetNodeIdCallback> callback(rawCallback);
+ callback->Done(NS_ERROR_FAILURE, ""_ns);
+ });
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceChild::Observe(nsISupports* aSubject, const char* aTopic,
+ const char16_t* aSomeData) {
+ MOZ_ASSERT(NS_IsMainThread());
+ GMP_LOG_DEBUG("%s::%s: aTopic=%s", __CLASS__, __FUNCTION__, aTopic);
+ if (!strcmp(NS_XPCOM_SHUTDOWN_THREADS_OBSERVER_ID, aTopic)) {
+ if (mServiceChild) {
+ MutexAutoLock lock(mMutex);
+ mozilla::SyncRunnable::DispatchToThread(
+ mGMPThread,
+ WrapRunnable(mServiceChild.get(), &PGMPServiceChild::Close));
+ mServiceChild = nullptr;
+ }
+ ShutdownGMPThread();
+ }
+
+ return NS_OK;
+}
+
+RefPtr<GeckoMediaPluginServiceChild::GetServiceChildPromise>
+GeckoMediaPluginServiceChild::GetServiceChild() {
+ AssertOnGMPThread();
+
+ if (!mServiceChild) {
+ if (mShuttingDownOnGMPThread) {
+ // We have begun shutdown. Don't allow a new connection to the main
+ // process to be instantiated. This also prevents new plugins being
+ // instantiated.
+ return GetServiceChildPromise::CreateAndReject(NS_ERROR_FAILURE,
+ __func__);
+ }
+ dom::ContentChild* contentChild = dom::ContentChild::GetSingleton();
+ if (!contentChild) {
+ return GetServiceChildPromise::CreateAndReject(NS_ERROR_FAILURE,
+ __func__);
+ }
+ MozPromiseHolder<GetServiceChildPromise>* holder =
+ mGetServiceChildPromises.AppendElement();
+ RefPtr<GetServiceChildPromise> promise = holder->Ensure(__func__);
+ if (mGetServiceChildPromises.Length() == 1) {
+ nsCOMPtr<nsIRunnable> r =
+ WrapRunnable(contentChild, &dom::ContentChild::SendCreateGMPService);
+ SchedulerGroup::Dispatch(r.forget());
+ }
+ return promise;
+ }
+ return GetServiceChildPromise::CreateAndResolve(mServiceChild.get(),
+ __func__);
+}
+
+void GeckoMediaPluginServiceChild::SetServiceChild(
+ RefPtr<GMPServiceChild>&& aServiceChild) {
+ AssertOnGMPThread();
+ MOZ_ASSERT(!mServiceChild, "Should not already have service child!");
+ GMP_LOG_DEBUG("%s::%s: aServiceChild=%p", __CLASS__, __FUNCTION__,
+ aServiceChild.get());
+
+ mServiceChild = std::move(aServiceChild);
+
+ nsTArray<MozPromiseHolder<GetServiceChildPromise>> holders =
+ std::move(mGetServiceChildPromises);
+ for (MozPromiseHolder<GetServiceChildPromise>& holder : holders) {
+ holder.Resolve(mServiceChild.get(), __func__);
+ }
+}
+
+void GeckoMediaPluginServiceChild::RemoveGMPContentParent(
+ GMPContentParent* aGMPContentParent) {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG(
+ "%s::%s: aGMPContentParent=%p, mServiceChild=%p, "
+ "mShuttingDownOnGMPThread=%s",
+ __CLASS__, __FUNCTION__, aGMPContentParent, mServiceChild.get(),
+ mShuttingDownOnGMPThread ? "true" : "false");
+
+ if (mServiceChild) {
+ mServiceChild->RemoveGMPContentParent(aGMPContentParent);
+ GMP_LOG_DEBUG(
+ "%s::%s: aGMPContentParent removed, "
+ "mServiceChild->HaveContentParents()=%s",
+ __CLASS__, __FUNCTION__,
+ mServiceChild->HaveContentParents() ? "true" : "false");
+ RemoveShutdownBlockerIfNeeded();
+ }
+}
+
+nsresult GeckoMediaPluginServiceChild::AddShutdownBlocker() {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(!mShuttingDownOnGMPThread,
+ "No call paths should add blockers once we're shutting down!");
+ MOZ_ASSERT(!mShutdownBlockerAdded, "Should only add blocker once!");
+ GMP_LOG_DEBUG("%s::%s ", __CLASS__, __FUNCTION__);
+
+ nsCOMPtr<nsIAsyncShutdownClient> barrier = GetShutdownBarrier();
+ if (NS_WARN_IF(!barrier)) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ nsresult rv =
+ barrier->AddBlocker(this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__),
+ __LINE__, kShutdownBlockerName);
+#ifdef DEBUG
+ mShutdownBlockerAdded = NS_SUCCEEDED(rv);
+#endif
+ return rv;
+}
+
+void GeckoMediaPluginServiceChild::RemoveShutdownBlocker() {
+ AssertOnGMPThread();
+ MOZ_ASSERT(mShuttingDownOnGMPThread,
+ "We should only remove blockers once we're "
+ "shutting down!");
+ GMP_LOG_DEBUG("%s::%s ", __CLASS__, __FUNCTION__);
+ nsresult rv = mMainThread->Dispatch(NS_NewRunnableFunction(
+ "GeckoMediaPluginServiceChild::"
+ "RemoveShutdownBlocker",
+ [this, self = RefPtr<GeckoMediaPluginServiceChild>(this)]() {
+ nsCOMPtr<nsIAsyncShutdownClient> barrier = GetShutdownBarrier();
+ if (NS_WARN_IF(!barrier)) {
+ return;
+ }
+
+ nsresult rv = barrier->RemoveBlocker(this);
+ MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+ }));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ MOZ_ASSERT_UNREACHABLE(
+ "Main thread should always be alive when we "
+ "call this!");
+ }
+}
+
+void GeckoMediaPluginServiceChild::RemoveShutdownBlockerIfNeeded() {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG(
+ "%s::%s mPendingGetContentParents=%" PRIu32
+ " mServiceChild->HaveContentParents()=%s "
+ "mShuttingDownOnGMPThread=%s",
+ __CLASS__, __FUNCTION__, mPendingGetContentParents,
+ mServiceChild && mServiceChild->HaveContentParents() ? "true" : "false",
+ mShuttingDownOnGMPThread ? "true" : "false");
+
+ bool haveOneOrMoreContentParents =
+ mPendingGetContentParents > 0 ||
+ (mServiceChild && mServiceChild->HaveContentParents());
+
+ if (!mShuttingDownOnGMPThread || haveOneOrMoreContentParents) {
+ return;
+ }
+ RemoveShutdownBlocker();
+}
+
+already_AddRefed<GMPContentParent> GMPServiceChild::GetBridgedGMPContentParent(
+ ProcessId aOtherPid, ipc::Endpoint<PGMPContentParent>&& endpoint) {
+ return do_AddRef(mContentParents.LookupOrInsertWith(aOtherPid, [&] {
+ MOZ_ASSERT(aOtherPid == endpoint.OtherPid());
+
+ auto parent = MakeRefPtr<GMPContentParent>();
+
+ DebugOnly<bool> ok = endpoint.Bind(parent);
+ MOZ_ASSERT(ok);
+
+ return parent;
+ }));
+}
+
+void GMPServiceChild::RemoveGMPContentParent(
+ GMPContentParent* aGMPContentParent) {
+ for (auto iter = mContentParents.Iter(); !iter.Done(); iter.Next()) {
+ RefPtr<GMPContentParent>& parent = iter.Data();
+ if (parent == aGMPContentParent) {
+ iter.Remove();
+ break;
+ }
+ }
+}
+
+bool GMPServiceChild::HasAlreadyBridgedTo(base::ProcessId aPid) const {
+ return mContentParents.Contains(aPid);
+}
+
+void GMPServiceChild::GetAndBlockAlreadyBridgedTo(
+ nsTArray<base::ProcessId>& aAlreadyBridgedTo,
+ nsTArray<RefPtr<GMPContentParentCloseBlocker>>& aBlockers) {
+ aAlreadyBridgedTo.SetCapacity(mContentParents.Count());
+ aBlockers.SetCapacity(mContentParents.Count());
+ for (auto iter = mContentParents.Iter(); !iter.Done(); iter.Next()) {
+ aAlreadyBridgedTo.AppendElement(iter.Key());
+ aBlockers.AppendElement(new GMPContentParentCloseBlocker(iter.UserData()));
+ }
+}
+
+class OpenPGMPServiceChild : public mozilla::Runnable {
+ public:
+ OpenPGMPServiceChild(RefPtr<GMPServiceChild>&& aGMPServiceChild,
+ ipc::Endpoint<PGMPServiceChild>&& aEndpoint)
+ : Runnable("gmp::OpenPGMPServiceChild"),
+ mGMPServiceChild(std::move(aGMPServiceChild)),
+ mEndpoint(std::move(aEndpoint)) {}
+
+ NS_IMETHOD Run() override {
+ RefPtr<GeckoMediaPluginServiceChild> gmp =
+ GeckoMediaPluginServiceChild::GetSingleton();
+ MOZ_RELEASE_ASSERT(gmp);
+ MOZ_ASSERT(!gmp->mServiceChild);
+ if (mEndpoint.Bind(mGMPServiceChild.get())) {
+ gmp->SetServiceChild(std::move(mGMPServiceChild));
+ } else {
+ gmp->SetServiceChild(nullptr);
+ }
+ return NS_OK;
+ }
+
+ private:
+ RefPtr<GMPServiceChild> mGMPServiceChild;
+ ipc::Endpoint<PGMPServiceChild> mEndpoint;
+};
+
+/* static */
+bool GMPServiceChild::Create(Endpoint<PGMPServiceChild>&& aGMPService) {
+ RefPtr<GeckoMediaPluginServiceChild> gmp =
+ GeckoMediaPluginServiceChild::GetSingleton();
+ if (NS_WARN_IF(!gmp)) {
+ return false;
+ }
+
+ MOZ_ASSERT(!gmp->mServiceChild);
+
+ RefPtr<GMPServiceChild> serviceChild(new GMPServiceChild());
+
+ nsCOMPtr<nsIThread> gmpThread;
+ nsresult rv = gmp->GetThread(getter_AddRefs(gmpThread));
+ NS_ENSURE_SUCCESS(rv, false);
+
+ rv = gmpThread->Dispatch(
+ new OpenPGMPServiceChild(std::move(serviceChild), std::move(aGMPService)),
+ NS_DISPATCH_NORMAL);
+ return NS_SUCCEEDED(rv);
+}
+
+ipc::IPCResult GMPServiceChild::RecvBeginShutdown() {
+ RefPtr<GeckoMediaPluginServiceChild> service =
+ GeckoMediaPluginServiceChild::GetSingleton();
+ MOZ_ASSERT(service && service->mServiceChild.get() == this);
+ if (service) {
+ service->BeginShutdown();
+ }
+ return IPC_OK();
+}
+
+bool GMPServiceChild::HaveContentParents() const {
+ return mContentParents.Count() > 0;
+}
+
+} // namespace mozilla::gmp
+
+#undef __CLASS__
diff --git a/dom/media/gmp/GMPServiceChild.h b/dom/media/gmp/GMPServiceChild.h
new file mode 100644
index 0000000000..3f56f6f39a
--- /dev/null
+++ b/dom/media/gmp/GMPServiceChild.h
@@ -0,0 +1,176 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPServiceChild_h_
+#define GMPServiceChild_h_
+
+#include "GMPService.h"
+#include "MediaResult.h"
+#include "base/process.h"
+#include "mozilla/dom/PContent.h"
+#include "mozilla/gmp/PGMPServiceChild.h"
+#include "mozilla/MozPromise.h"
+#include "nsIAsyncShutdown.h"
+#include "nsRefPtrHashtable.h"
+
+namespace mozilla::gmp {
+
+class GMPContentParent;
+class GMPContentParentCloseBlocker;
+class GMPServiceChild;
+
+class GeckoMediaPluginServiceChild : public GeckoMediaPluginService,
+ public nsIAsyncShutdownBlocker {
+ friend class GMPServiceChild;
+
+ public:
+ static already_AddRefed<GeckoMediaPluginServiceChild> GetSingleton();
+ nsresult Init() override;
+
+ NS_DECL_ISUPPORTS_INHERITED
+ NS_DECL_NSIASYNCSHUTDOWNBLOCKER
+
+ NS_IMETHOD HasPluginForAPI(const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags,
+ bool* aRetVal) override;
+ NS_IMETHOD FindPluginDirectoryForAPI(const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags,
+ nsIFile** aDirectory) override;
+ NS_IMETHOD GetNodeId(const nsAString& aOrigin,
+ const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName,
+ UniquePtr<GetNodeIdCallback>&& aCallback) override;
+
+ NS_DECL_NSIOBSERVER
+
+ void SetServiceChild(RefPtr<GMPServiceChild>&& aServiceChild);
+
+ void RemoveGMPContentParent(GMPContentParent* aGMPContentParent);
+
+ static void UpdateGMPCapabilities(
+ nsTArray<mozilla::dom::GMPCapabilityData>&& aCapabilities);
+
+ void BeginShutdown();
+
+ protected:
+ void InitializePlugins(nsISerialEventTarget*) override {
+ // Nothing to do here.
+ }
+
+ RefPtr<GetGMPContentParentPromise> GetContentParent(
+ GMPCrashHelper* aHelper, const NodeIdVariant& aNodeIdVariant,
+ const nsACString& aAPI, const nsTArray<nsCString>& aTags) override;
+
+ private:
+ friend class OpenPGMPServiceChild;
+
+ ~GeckoMediaPluginServiceChild() override;
+
+ typedef MozPromise<GMPServiceChild*, MediaResult, /* IsExclusive = */ true>
+ GetServiceChildPromise;
+ RefPtr<GetServiceChildPromise> GetServiceChild();
+
+ nsTArray<MozPromiseHolder<GetServiceChildPromise>> mGetServiceChildPromises;
+ RefPtr<GMPServiceChild> mServiceChild;
+
+ // Shutdown blocker management. A shutdown blocker is used to ensure that
+ // we do not shutdown until all content parents are removed from
+ // GMPServiceChild::mContentParents.
+ //
+ // The following rules let us shutdown block (and thus we shouldn't
+ // violate them):
+ // - We will only call GetContentParent if mShuttingDownOnGMPThread is false.
+ // - mShuttingDownOnGMPThread will become true once profile teardown is
+ // observed in the parent process (and once GMPServiceChild receives a
+ // message from GMPServiceParent) or if we block shutdown (which implies
+ // we're in shutdown).
+ // - If we currently have mPendingGetContentParents > 0 or parents in
+ // GMPServiceChild::mContentParents we should block shutdown so such
+ // parents can be cleanly shutdown.
+ // therefore
+ // - We can block shutdown at xpcom-will-shutdown until our content parents
+ // are handled.
+ // - Because once mShuttingDownOnGMPThread is true we cannot add new content
+ // parents, we know that when mShuttingDownOnGMPThread && all content
+ // parents are handled we'll never add more and it's safe to stop blocking
+ // shutdown.
+ // this relies on
+ // - Once we're shutting down, we need to ensure all content parents are
+ // shutdown and removed. Failure to do so will result in a shutdown stall.
+
+ // Note that at the time of writing there are significant differences in how
+ // xpcom shutdown is handled in release and non-release builds. For example,
+ // in release builds content processes are exited early, so xpcom shutdown
+ // is not observed (and not blocked by blockers). This is important to keep
+ // in mind when testing the shutdown blocking machinery (you won't see most
+ // of it be invoked in release).
+
+ // All of these members should only be used on the GMP thread unless
+ // otherwise noted!
+
+ // Add a shutdown blocker. Main thread only. Should only be called once when
+ // we init the service.
+ nsresult AddShutdownBlocker();
+ // Remove a shutdown blocker. Should be called once at most and only when
+ // mShuttingDownOnGMPThread. Prefer RemoveShutdownBlockerIfNeeded unless
+ // absolutely certain you need to call this directly.
+ void RemoveShutdownBlocker();
+ // Remove shutdown blocker if the following conditions are met:
+ // - mShuttingDownOnGMPThread.
+ // - !mServiceChild->HaveContentParents.
+ // - mPendingGetContentParents == 0.
+ // - mShutdownBlockerHasBeenAdded.
+ void RemoveShutdownBlockerIfNeeded();
+
+#ifdef DEBUG
+ // Track if we've added a shutdown blocker for sanity checking. Main thread
+ // only.
+ bool mShutdownBlockerAdded = false;
+#endif // DEBUG
+ // The number of GetContentParent calls that have not yet been resolved or
+ // rejected. We use this value to help determine if we need to block
+ // shutdown. Should only be used on GMP thread to avoid races.
+ uint32_t mPendingGetContentParents = 0;
+ // End shutdown blocker management.
+};
+
+/**
+ * This class runs in the content process, and allows the content process to
+ * request an IPC connection to the desired GMP process.
+ */
+class GMPServiceChild : public PGMPServiceChild {
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPServiceChild.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPServiceChild, final)
+
+ explicit GMPServiceChild() = default;
+
+ already_AddRefed<GMPContentParent> GetBridgedGMPContentParent(
+ ProcessId aOtherPid, ipc::Endpoint<PGMPContentParent>&& endpoint);
+
+ void RemoveGMPContentParent(GMPContentParent* aGMPContentParent);
+
+ bool HasAlreadyBridgedTo(base::ProcessId aPid) const;
+
+ void GetAndBlockAlreadyBridgedTo(
+ nsTArray<ProcessId>& aAlreadyBridgedTo,
+ nsTArray<RefPtr<GMPContentParentCloseBlocker>>& aBlockers);
+
+ static bool Create(Endpoint<PGMPServiceChild>&& aGMPService);
+
+ ipc::IPCResult RecvBeginShutdown() override;
+
+ bool HaveContentParents() const;
+
+ private:
+ ~GMPServiceChild() = default;
+
+ nsRefPtrHashtable<nsUint64HashKey, GMPContentParent> mContentParents;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPServiceChild_h_
diff --git a/dom/media/gmp/GMPServiceParent.cpp b/dom/media/gmp/GMPServiceParent.cpp
new file mode 100644
index 0000000000..c9fc086d6a
--- /dev/null
+++ b/dom/media/gmp/GMPServiceParent.cpp
@@ -0,0 +1,2095 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPServiceParent.h"
+
+#include <limits>
+
+#include "GMPDecoderModule.h"
+#include "GMPLog.h"
+#include "GMPParent.h"
+#include "GMPVideoDecoderParent.h"
+#include "mozilla/ipc/GeckoChildProcessHost.h"
+#include "base/task.h"
+#include "mozilla/ClearOnShutdown.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/SchedulerGroup.h"
+#include "mozilla/dom/ContentParent.h"
+#include "mozilla/ipc/Endpoint.h"
+#include "nsThreadUtils.h"
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+# include "mozilla/SandboxInfo.h"
+#endif
+#include "VideoUtils.h"
+#include "mozilla/AppShutdown.h"
+#include "mozilla/Services.h"
+#include "mozilla/SpinEventLoopUntil.h"
+#include "mozilla/StaticPrefs_media.h"
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#if defined(XP_WIN)
+# include "mozilla/UntrustedModulesData.h"
+#endif
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsNetUtil.h"
+#include "nsHashKeys.h"
+#include "nsIFile.h"
+#include "nsIObserverService.h"
+#include "nsIXULRuntime.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsXPCOMPrivate.h"
+#include "prio.h"
+#include "runnable_utils.h"
+
+#ifdef DEBUG
+# include "mozilla/dom/MediaKeys.h" // MediaKeys::kMediaKeysRequestTopic
+#endif
+
+#ifdef MOZ_WMF_CDM
+# include "mozilla/MFCDMParent.h"
+#endif
+
+namespace mozilla::gmp {
+
+#ifdef __CLASS__
+# undef __CLASS__
+#endif
+#define __CLASS__ "GMPServiceParent"
+
+static const uint32_t NodeIdSaltLength = 32;
+
+already_AddRefed<GeckoMediaPluginServiceParent>
+GeckoMediaPluginServiceParent::GetSingleton() {
+ MOZ_ASSERT(XRE_IsParentProcess());
+ RefPtr<GeckoMediaPluginService> service(
+ GeckoMediaPluginServiceParent::GetGeckoMediaPluginService());
+#ifdef DEBUG
+ if (service) {
+ nsCOMPtr<mozIGeckoMediaPluginChromeService> chromeService;
+ CallQueryInterface(service.get(), getter_AddRefs(chromeService));
+ MOZ_ASSERT(chromeService);
+ }
+#endif
+ return service.forget().downcast<GeckoMediaPluginServiceParent>();
+}
+
+NS_IMPL_ISUPPORTS_INHERITED(GeckoMediaPluginServiceParent,
+ GeckoMediaPluginService,
+ mozIGeckoMediaPluginChromeService,
+ nsIAsyncShutdownBlocker)
+
+GeckoMediaPluginServiceParent::GeckoMediaPluginServiceParent()
+ : mScannedPluginOnDisk(false),
+ mShuttingDown(false),
+ mWaitingForPluginsSyncShutdown(false),
+ mInitPromiseMonitor("GeckoMediaPluginServiceParent::mInitPromiseMonitor"),
+ mInitPromise(&mInitPromiseMonitor),
+ mLoadPluginsFromDiskComplete(false) {
+ MOZ_ASSERT(NS_IsMainThread());
+}
+
+GeckoMediaPluginServiceParent::~GeckoMediaPluginServiceParent() {
+ MOZ_ASSERT(mPlugins.IsEmpty());
+}
+
+nsresult GeckoMediaPluginServiceParent::Init() {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ if (AppShutdown::GetCurrentShutdownPhase() != ShutdownPhase::NotInShutdown) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIObserverService> obsService =
+ mozilla::services::GetObserverService();
+ MOZ_ASSERT(obsService);
+
+ MOZ_ALWAYS_SUCCEEDS(
+ obsService->AddObserver(this, "profile-change-teardown", false));
+ MOZ_ALWAYS_SUCCEEDS(
+ obsService->AddObserver(this, "last-pb-context-exited", false));
+ MOZ_ALWAYS_SUCCEEDS(
+ obsService->AddObserver(this, "browser:purge-session-history", false));
+ MOZ_ALWAYS_SUCCEEDS(
+ obsService->AddObserver(this, NS_XPCOM_WILL_SHUTDOWN_OBSERVER_ID, false));
+ MOZ_ALWAYS_SUCCEEDS(obsService->AddObserver(this, "nsPref:changed", false));
+
+#ifdef DEBUG
+ MOZ_ALWAYS_SUCCEEDS(obsService->AddObserver(
+ this, dom::MediaKeys::kMediaKeysRequestTopic, false));
+#endif
+
+ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+ if (prefs) {
+ prefs->AddObserver("media.gmp.plugin.crash", this, false);
+ }
+
+ nsresult rv = InitStorage();
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ // Kick off scanning for plugins
+ nsCOMPtr<nsIThread> thread;
+ rv = GetThread(getter_AddRefs(thread));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ // Detect if GMP storage has an incompatible version, and if so nuke it.
+ int32_t version =
+ Preferences::GetInt("media.gmp.storage.version.observed", 0);
+ int32_t expected =
+ Preferences::GetInt("media.gmp.storage.version.expected", 0);
+ if (version != expected) {
+ Preferences::SetInt("media.gmp.storage.version.observed", expected);
+ return GMPDispatch(
+ NewRunnableMethod("gmp::GeckoMediaPluginServiceParent::ClearStorage",
+ this, &GeckoMediaPluginServiceParent::ClearStorage));
+ }
+ return NS_OK;
+}
+
+already_AddRefed<nsIFile> CloneAndAppend(nsIFile* aFile,
+ const nsAString& aDir) {
+ nsCOMPtr<nsIFile> f;
+ nsresult rv = aFile->Clone(getter_AddRefs(f));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return nullptr;
+ }
+
+ rv = f->Append(aDir);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return nullptr;
+ }
+ return f.forget();
+}
+
+static nsresult GMPPlatformString(nsAString& aOutPlatform) {
+ // Append the OS and arch so that we don't reuse the storage if the profile is
+ // copied or used under a different bit-ness, or copied to another platform.
+ nsCOMPtr<nsIXULRuntime> runtime = do_GetService("@mozilla.org/xre/runtime;1");
+ if (!runtime) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsAutoCString OS;
+ nsresult rv = runtime->GetOS(OS);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsAutoCString arch;
+ rv = runtime->GetXPCOMABI(arch);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsCString platform;
+ platform.Append(OS);
+ platform.AppendLiteral("_");
+ platform.Append(arch);
+
+ CopyUTF8toUTF16(platform, aOutPlatform);
+
+ return NS_OK;
+}
+
+nsresult GeckoMediaPluginServiceParent::InitStorage() {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ // GMP storage should be used in the chrome process only.
+ if (!XRE_IsParentProcess()) {
+ return NS_OK;
+ }
+
+ // Directory service is main thread only, so cache the profile dir here
+ // so that we can use it off main thread.
+ nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+ getter_AddRefs(mStorageBaseDir));
+
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = mStorageBaseDir->AppendNative("gmp"_ns);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsAutoString platform;
+ rv = GMPPlatformString(platform);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = mStorageBaseDir->Append(platform);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ return GeckoMediaPluginService::Init();
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::Observe(nsISupports* aSubject,
+ const char* aTopic,
+ const char16_t* aSomeData) {
+ GMP_LOG_DEBUG("%s::%s topic='%s' data='%s'", __CLASS__, __FUNCTION__, aTopic,
+ NS_ConvertUTF16toUTF8(aSomeData).get());
+ if (!strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID)) {
+ nsCOMPtr<nsIPrefBranch> branch(do_QueryInterface(aSubject));
+ if (branch) {
+ bool crashNow = false;
+ if (u"media.gmp.plugin.crash"_ns.Equals(aSomeData)) {
+ branch->GetBoolPref("media.gmp.plugin.crash", &crashNow);
+ }
+ if (crashNow) {
+ nsCOMPtr<nsIThread> gmpThread;
+ {
+ MutexAutoLock lock(mMutex);
+ gmpThread = mGMPThread;
+ }
+ if (gmpThread) {
+ // Note: the GeckoMediaPluginServiceParent singleton is kept alive by
+ // a static refptr that is only cleared in the final stage of shutdown
+ // after everything else is shutdown, so this RefPtr<> is not strictly
+ // necessary so long as that is true, but it's safer.
+ gmpThread->Dispatch(
+ WrapRunnable(RefPtr<GeckoMediaPluginServiceParent>(this),
+ &GeckoMediaPluginServiceParent::CrashPlugins),
+ NS_DISPATCH_NORMAL);
+ }
+ }
+ }
+ } else if (!strcmp("profile-change-teardown", aTopic)) {
+ mWaitingForPluginsSyncShutdown = true;
+
+ nsCOMPtr<nsIThread> gmpThread;
+ DebugOnly<bool> plugins_empty;
+ {
+ MutexAutoLock lock(mMutex);
+ MOZ_ASSERT(!mShuttingDown);
+ mShuttingDown = true;
+ gmpThread = mGMPThread;
+#ifdef DEBUG
+ plugins_empty = mPlugins.IsEmpty();
+#endif
+ }
+
+ if (gmpThread) {
+ GMP_LOG_DEBUG(
+ "%s::%s Starting to unload plugins, waiting for sync shutdown...",
+ __CLASS__, __FUNCTION__);
+ gmpThread->Dispatch(
+ NewRunnableMethod("gmp::GeckoMediaPluginServiceParent::UnloadPlugins",
+ this,
+ &GeckoMediaPluginServiceParent::UnloadPlugins),
+ NS_DISPATCH_NORMAL);
+
+ // Wait for UnloadPlugins() to do sync shutdown...
+ SpinEventLoopUntil(
+ "GeckoMediaPluginServiceParent::Observe "
+ "WaitingForPluginsSyncShutdown"_ns,
+ [&]() { return !mWaitingForPluginsSyncShutdown; });
+ } else {
+ // GMP thread has already shutdown.
+ MOZ_ASSERT(plugins_empty);
+ mWaitingForPluginsSyncShutdown = false;
+ }
+
+ } else if (!strcmp(NS_XPCOM_SHUTDOWN_THREADS_OBSERVER_ID, aTopic)) {
+#ifdef DEBUG
+ MOZ_ASSERT(mShuttingDown);
+#endif
+ ShutdownGMPThread();
+ } else if (!strcmp(NS_XPCOM_WILL_SHUTDOWN_OBSERVER_ID, aTopic)) {
+ mXPCOMWillShutdown = true;
+ } else if (!strcmp("last-pb-context-exited", aTopic)) {
+ // When Private Browsing mode exits, all we need to do is clear
+ // mTempNodeIds. This drops all the node ids we've cached in memory
+ // for PB origin-pairs. If we try to open an origin-pair for non-PB
+ // mode, we'll get the NodeId salt stored on-disk, and if we try to
+ // open a PB mode origin-pair, we'll re-generate new salt.
+ mTempNodeIds.Clear();
+ } else if (!strcmp("browser:purge-session-history", aTopic)) {
+ // Clear everything!
+ if (!aSomeData || nsDependentString(aSomeData).IsEmpty()) {
+ return GMPDispatch(NewRunnableMethod(
+ "gmp::GeckoMediaPluginServiceParent::ClearStorage", this,
+ &GeckoMediaPluginServiceParent::ClearStorage));
+ }
+
+ // Clear nodeIds/records modified after |t|.
+ nsresult rv;
+ PRTime t = nsDependentString(aSomeData).ToInteger64(&rv, 10);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ return GMPDispatch(NewRunnableMethod<PRTime>(
+ "gmp::GeckoMediaPluginServiceParent::ClearRecentHistoryOnGMPThread",
+ this, &GeckoMediaPluginServiceParent::ClearRecentHistoryOnGMPThread,
+ t));
+ } else if (!strcmp("nsPref:changed", aTopic)) {
+ bool hasProcesses = false;
+ {
+ MutexAutoLock lock(mMutex);
+ for (const auto& plugin : mPlugins) {
+ if (plugin->State() == GMPState::Loaded) {
+ hasProcesses = true;
+ break;
+ }
+ }
+ }
+
+ if (hasProcesses) {
+ // We know prefs are ASCII here.
+ NS_LossyConvertUTF16toASCII strData(aSomeData);
+ mozilla::dom::Pref pref(strData, /* isLocked */ false,
+ /* isSanitized */ false, Nothing(), Nothing());
+ Preferences::GetPreference(&pref, GeckoProcessType_GMPlugin,
+ /* remoteType */ ""_ns);
+ return GMPDispatch(NewRunnableMethod<mozilla::dom::Pref&&>(
+ "gmp::GeckoMediaPluginServiceParent::OnPreferenceChanged", this,
+ &GeckoMediaPluginServiceParent::OnPreferenceChanged,
+ std::move(pref)));
+ }
+ }
+
+ return NS_OK;
+}
+
+void GeckoMediaPluginServiceParent::OnPreferenceChanged(
+ mozilla::dom::Pref&& aPref) {
+ AssertOnGMPThread();
+
+ MutexAutoLock lock(mMutex);
+ for (const auto& plugin : mPlugins) {
+ plugin->OnPreferenceChange(aPref);
+ }
+}
+
+RefPtr<GenericPromise> GeckoMediaPluginServiceParent::EnsureInitialized() {
+ MonitorAutoLock lock(mInitPromiseMonitor);
+ if (mLoadPluginsFromDiskComplete) {
+ return GenericPromise::CreateAndResolve(true, __func__);
+ }
+ // We should have an init promise in flight.
+ MOZ_ASSERT(!mInitPromise.IsEmpty());
+ return mInitPromise.Ensure(__func__);
+}
+
+RefPtr<GetGMPContentParentPromise>
+GeckoMediaPluginServiceParent::GetContentParent(
+ GMPCrashHelper* aHelper, const NodeIdVariant& aNodeIdVariant,
+ const nsACString& aAPI, const nsTArray<nsCString>& aTags) {
+ AssertOnGMPThread();
+
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ if (!thread) {
+ MOZ_ASSERT_UNREACHABLE(
+ "We should always be called on GMP thread, so it should be live");
+ return GetGMPContentParentPromise::CreateAndReject(NS_ERROR_FAILURE,
+ __func__);
+ }
+
+ nsCString nodeIdString;
+ nsresult rv = GetNodeId(aNodeIdVariant, nodeIdString);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return GetGMPContentParentPromise::CreateAndReject(NS_ERROR_FAILURE,
+ __func__);
+ }
+
+ auto holder = MakeUnique<MozPromiseHolder<GetGMPContentParentPromise>>();
+ RefPtr<GetGMPContentParentPromise> promise = holder->Ensure(__func__);
+ EnsureInitialized()->Then(
+ thread, __func__,
+ [self = RefPtr<GeckoMediaPluginServiceParent>(this),
+ nodeIdString = std::move(nodeIdString), api = nsCString(aAPI),
+ tags = aTags.Clone(), helper = RefPtr<GMPCrashHelper>(aHelper),
+ holder = std::move(holder)](
+ const GenericPromise::ResolveOrRejectValue& aValue) mutable -> void {
+ if (aValue.IsReject()) {
+ NS_WARNING("GMPService::EnsureInitialized failed.");
+ holder->Reject(NS_ERROR_FAILURE, __func__);
+ return;
+ }
+ RefPtr<GMPParent> gmp =
+ self->SelectPluginForAPI(nodeIdString, api, tags);
+ GMP_LOG_DEBUG("%s: %p returning %p for api %s", __FUNCTION__,
+ self.get(), gmp.get(), api.get());
+ if (!gmp) {
+ NS_WARNING(
+ "GeckoMediaPluginServiceParent::GetContentParentFrom failed");
+ holder->Reject(NS_ERROR_FAILURE, __func__);
+ return;
+ }
+ self->ConnectCrashHelper(gmp->GetPluginId(), helper);
+ gmp->GetGMPContentParent(std::move(holder));
+ });
+
+ return promise;
+}
+
+void GeckoMediaPluginServiceParent::InitializePlugins(
+ nsISerialEventTarget* aGMPThread) {
+ MOZ_ASSERT(aGMPThread);
+ MonitorAutoLock lock(mInitPromiseMonitor);
+ if (mLoadPluginsFromDiskComplete) {
+ return;
+ }
+
+ RefPtr<GeckoMediaPluginServiceParent> self(this);
+ RefPtr<GenericPromise> p = mInitPromise.Ensure(__func__);
+ InvokeAsync(aGMPThread, this, __func__,
+ &GeckoMediaPluginServiceParent::LoadFromEnvironment)
+ ->Then(
+ aGMPThread, __func__,
+ [self]() -> void {
+ MonitorAutoLock lock(self->mInitPromiseMonitor);
+ self->mLoadPluginsFromDiskComplete = true;
+ self->mInitPromise.Resolve(true, __func__);
+ },
+ [self]() -> void {
+ MonitorAutoLock lock(self->mInitPromiseMonitor);
+ self->mLoadPluginsFromDiskComplete = true;
+ self->mInitPromise.Reject(NS_ERROR_FAILURE, __func__);
+ });
+}
+
+void GeckoMediaPluginServiceParent::NotifySyncShutdownComplete() {
+ MOZ_ASSERT(NS_IsMainThread());
+ mWaitingForPluginsSyncShutdown = false;
+}
+
+bool GeckoMediaPluginServiceParent::IsShuttingDown() {
+ AssertOnGMPThread();
+ return mShuttingDownOnGMPThread;
+}
+
+void GeckoMediaPluginServiceParent::UnloadPlugins() {
+ AssertOnGMPThread();
+ MOZ_ASSERT(!mShuttingDownOnGMPThread);
+ mShuttingDownOnGMPThread = true;
+
+ nsTArray<RefPtr<GMPParent>> plugins;
+ {
+ MutexAutoLock lock(mMutex);
+ // Move all plugins references to a local array. This way mMutex won't be
+ // locked when calling CloseActive (to avoid inter-locking).
+ std::swap(plugins, mPlugins);
+
+ for (GMPServiceParent* parent : mServiceParents) {
+ Unused << parent->SendBeginShutdown();
+ }
+
+ GMP_LOG_DEBUG("%s::%s plugins:%zu", __CLASS__, __FUNCTION__,
+ plugins.Length());
+#ifdef DEBUG
+ for (const auto& plugin : plugins) {
+ GMP_LOG_DEBUG("%s::%s plugin: '%s'", __CLASS__, __FUNCTION__,
+ plugin->GetDisplayName().get());
+ }
+#endif
+ }
+
+ // Note: CloseActive may be async; it could actually finish
+ // shutting down when all the plugins have unloaded.
+ for (const auto& plugin : plugins) {
+ plugin->CloseActive(true);
+ }
+
+ nsCOMPtr<nsIRunnable> task = NewRunnableMethod(
+ "GeckoMediaPluginServiceParent::NotifySyncShutdownComplete", this,
+ &GeckoMediaPluginServiceParent::NotifySyncShutdownComplete);
+ mMainThread->Dispatch(task.forget());
+}
+
+void GeckoMediaPluginServiceParent::CrashPlugins() {
+ GMP_LOG_DEBUG("%s::%s", __CLASS__, __FUNCTION__);
+ AssertOnGMPThread();
+
+ MutexAutoLock lock(mMutex);
+ for (size_t i = 0; i < mPlugins.Length(); i++) {
+ mPlugins[i]->Crash();
+ }
+}
+
+RefPtr<GenericPromise> GeckoMediaPluginServiceParent::LoadFromEnvironment() {
+ AssertOnGMPThread();
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ if (!thread) {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ const char* env = PR_GetEnv("MOZ_GMP_PATH");
+ if (!env || !*env) {
+ return GenericPromise::CreateAndResolve(true, __func__);
+ }
+
+ nsString allpaths;
+ if (NS_WARN_IF(NS_FAILED(
+ NS_CopyNativeToUnicode(nsDependentCString(env), allpaths)))) {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ nsTArray<RefPtr<GenericPromise>> promises;
+ uint32_t pos = 0;
+ while (pos < allpaths.Length()) {
+ // Loop over multiple path entries separated by colons (*nix) or
+ // semicolons (Windows)
+ int32_t next = allpaths.FindChar(XPCOM_ENV_PATH_SEPARATOR[0], pos);
+ if (next == -1) {
+ promises.AppendElement(
+ AddOnGMPThread(nsString(Substring(allpaths, pos))));
+ break;
+ } else {
+ promises.AppendElement(
+ AddOnGMPThread(nsString(Substring(allpaths, pos, next - pos))));
+ pos = next + 1;
+ }
+ }
+
+ mScannedPluginOnDisk = true;
+ return GenericPromise::All(thread, promises)
+ ->Then(
+ thread, __func__,
+ []() { return GenericPromise::CreateAndResolve(true, __func__); },
+ []() {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ });
+}
+
+class NotifyObserversTask final : public mozilla::Runnable {
+ public:
+ explicit NotifyObserversTask(const char* aTopic, nsString aData = u""_ns)
+ : Runnable(aTopic), mTopic(aTopic), mData(aData) {}
+ NS_IMETHOD Run() override {
+ MOZ_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIObserverService> obsService =
+ mozilla::services::GetObserverService();
+ MOZ_ASSERT(obsService);
+ if (obsService) {
+ obsService->NotifyObservers(nullptr, mTopic, mData.get());
+ }
+ return NS_OK;
+ }
+
+ private:
+ ~NotifyObserversTask() = default;
+ const char* mTopic;
+ const nsString mData;
+};
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::PathRunnable::Run() {
+ mService->RemoveOnGMPThread(mPath, mOperation == REMOVE_AND_DELETE_FROM_DISK,
+ mDefer);
+
+ mService->UpdateContentProcessGMPCapabilities();
+ return NS_OK;
+}
+
+void GeckoMediaPluginServiceParent::UpdateContentProcessGMPCapabilities(
+ ContentParent* aContentProcess) {
+ if (!NS_IsMainThread()) {
+ nsCOMPtr<nsIRunnable> task = NewRunnableMethod<ContentParent*>(
+ "GeckoMediaPluginServiceParent::UpdateContentProcessGMPCapabilities",
+ this,
+ &GeckoMediaPluginServiceParent::UpdateContentProcessGMPCapabilities,
+ aContentProcess);
+ mMainThread->Dispatch(task.forget());
+ return;
+ }
+
+ typedef mozilla::dom::GMPCapabilityData GMPCapabilityData;
+ typedef mozilla::dom::GMPAPITags GMPAPITags;
+ typedef mozilla::dom::ContentParent ContentParent;
+
+ const uint32_t NO_H264 = 0;
+ const uint32_t HAS_H264 = 1;
+ const uint32_t NO_H264_1_DIR = 2;
+ const uint32_t NO_H264_2_PLUS_DIRS = 3;
+ const uint32_t NO_H264_DIR_IN_PROGRESS = 4;
+ uint32_t hasH264 = NO_H264;
+ if (mDirectoriesAdded == 1) {
+ hasH264 = NO_H264_1_DIR;
+ } else if (mDirectoriesAdded > 1) {
+ hasH264 = NO_H264_2_PLUS_DIRS;
+ }
+ if (mDirectoriesInProgress) {
+ hasH264 = NO_H264_DIR_IN_PROGRESS;
+ }
+ nsTArray<GMPCapabilityData> caps;
+ {
+ MutexAutoLock lock(mMutex);
+ for (const RefPtr<GMPParent>& gmp : mPlugins) {
+ // We have multiple instances of a GMPParent for a given GMP in the
+ // list, one per origin. So filter the list so that we don't include
+ // the same GMP's capabilities twice.
+ NS_ConvertUTF16toUTF8 name(gmp->GetPluginBaseName());
+ bool found = false;
+ for (const GMPCapabilityData& cap : caps) {
+ if (cap.name().Equals(name)) {
+ found = true;
+ break;
+ }
+ }
+ if (found) {
+ continue;
+ }
+ GMPCapabilityData x;
+ x.name() = name;
+ x.version() = gmp->GetVersion();
+ for (const GMPCapability& tag : gmp->GetCapabilities()) {
+ x.capabilities().AppendElement(GMPAPITags(tag.mAPIName, tag.mAPITags));
+ if (tag.mAPIName == nsLiteralCString(GMP_API_VIDEO_ENCODER) &&
+ tag.mAPITags.Contains("h264"_ns)) {
+ hasH264 = HAS_H264;
+ }
+ }
+#ifdef MOZ_WMF_CDM
+ if (name.Equals("gmp-widevinecdm-l1")) {
+ nsCOMPtr<nsIFile> pluginFile = gmp->GetDirectory();
+ MFCDMService::UpdateWidevineL1Path(pluginFile);
+ }
+#endif
+ caps.AppendElement(std::move(x));
+ }
+ }
+
+ Telemetry::Accumulate(Telemetry::MEDIA_GMP_UPDATE_CONTENT_PROCESS_HAS_H264,
+ hasH264);
+
+ if (aContentProcess) {
+ Unused << aContentProcess->SendGMPsChanged(caps);
+ return;
+ }
+
+ for (auto* cp : ContentParent::AllProcesses(ContentParent::eLive)) {
+ Unused << cp->SendGMPsChanged(caps);
+ }
+
+ // For non-e10s, we must fire a notification so that any MediaKeySystemAccess
+ // requests waiting on a CDM to download will retry.
+ nsCOMPtr<nsIObserverService> obsService =
+ mozilla::services::GetObserverService();
+ MOZ_ASSERT(obsService);
+ if (obsService) {
+ obsService->NotifyObservers(nullptr, "gmp-changed", nullptr);
+ }
+}
+
+void GeckoMediaPluginServiceParent::SendFlushFOGData(
+ nsTArray<RefPtr<FlushFOGDataPromise>>& promises) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MutexAutoLock lock(mMutex);
+
+ for (const RefPtr<GMPParent>& gmp : mPlugins) {
+ if (gmp->State() != GMPState::Loaded) {
+ // Plugins that are not in the Loaded state have no process attached to
+ // them, and any IPC we would attempt to send them would be ignored (or
+ // result in a warning on debug builds).
+ continue;
+ }
+ RefPtr<FlushFOGDataPromise::Private> promise =
+ new FlushFOGDataPromise::Private(__func__);
+ // Direct dispatch will resolve the promise on the same thread, which is
+ // faster; FOGIPC will move execution back to the main thread.
+ promise->UseDirectTaskDispatch(__func__);
+ promises.EmplaceBack(promise);
+
+ mGMPThread->Dispatch(
+ NewRunnableMethod<ipc::ResolveCallback<ipc::ByteBuf>&&,
+ ipc::RejectCallback&&>(
+ "GMPParent::SendFlushFOGData", gmp,
+ static_cast<void (GMPParent::*)(
+ mozilla::ipc::ResolveCallback<ipc::ByteBuf>&& aResolve,
+ mozilla::ipc::RejectCallback&& aReject)>(
+ &GMPParent::SendFlushFOGData),
+
+ [promise](ipc::ByteBuf&& aValue) {
+ promise->Resolve(std::move(aValue), __func__);
+ },
+ [promise](ipc::ResponseRejectReason&& aReason) {
+ promise->Reject(std::move(aReason), __func__);
+ }),
+ NS_DISPATCH_NORMAL);
+ }
+}
+
+#if defined(XP_WIN)
+void GeckoMediaPluginServiceParent::SendGetUntrustedModulesData(
+ nsTArray<RefPtr<GetUntrustedModulesDataPromise>>& promises) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MutexAutoLock lock(mMutex);
+
+ for (const RefPtr<GMPParent>& gmp : mPlugins) {
+ if (gmp->State() != GMPState::Loaded) {
+ // Plugins that are not in the Loaded state have no process attached to
+ // them, and any IPC we would attempt to send them would be ignored (or
+ // result in a warning on debug builds).
+ continue;
+ }
+ RefPtr<GetUntrustedModulesDataPromise::Private> promise =
+ new GetUntrustedModulesDataPromise::Private(__func__);
+ // Direct dispatch will resolve the promise on the same thread, which is
+ // faster; IPC will move execution back to the main thread.
+ promise->UseDirectTaskDispatch(__func__);
+ promises.EmplaceBack(promise);
+
+ mGMPThread->Dispatch(
+ NewRunnableMethod<ipc::ResolveCallback<Maybe<UntrustedModulesData>>&&,
+ ipc::RejectCallback&&>(
+ "GMPParent::SendGetUntrustedModulesData", gmp,
+ static_cast<void (GMPParent::*)(
+ mozilla::ipc::ResolveCallback<Maybe<UntrustedModulesData>>&&
+ aResolve,
+ mozilla::ipc::RejectCallback&& aReject)>(
+ &GMPParent::SendGetUntrustedModulesData),
+
+ [promise](Maybe<UntrustedModulesData>&& aValue) {
+ promise->Resolve(std::move(aValue), __func__);
+ },
+ [promise](ipc::ResponseRejectReason&& aReason) {
+ promise->Reject(std::move(aReason), __func__);
+ }),
+ NS_DISPATCH_NORMAL);
+ }
+}
+
+void GeckoMediaPluginServiceParent::SendUnblockUntrustedModulesThread() {
+ MOZ_ASSERT(NS_IsMainThread());
+ MutexAutoLock lock(mMutex);
+
+ for (const RefPtr<GMPParent>& gmp : mPlugins) {
+ if (gmp->State() != GMPState::Loaded) {
+ // Plugins that are not in the Loaded state have no process attached to
+ // them, and any IPC we would attempt to send them would be ignored (or
+ // result in a warning on debug builds).
+ continue;
+ }
+
+ mGMPThread->Dispatch(
+ NewRunnableMethod<>("GMPParent::SendUnblockUntrustedModulesThread", gmp,
+ static_cast<bool (GMPParent::*)()>(
+ &GMPParent::SendUnblockUntrustedModulesThread)),
+ NS_DISPATCH_NORMAL);
+ }
+}
+#endif
+
+RefPtr<PGMPParent::TestTriggerMetricsPromise>
+GeckoMediaPluginServiceParent::TestTriggerMetrics() {
+ MOZ_ASSERT(NS_IsMainThread());
+ {
+ MutexAutoLock lock(mMutex);
+ for (const RefPtr<GMPParent>& gmp : mPlugins) {
+ if (gmp->State() != GMPState::Loaded) {
+ // Plugins that are not in the Loaded state have no process attached to
+ // them, and any IPC we would attempt to send them would be ignored (or
+ // result in a warning on debug builds).
+ continue;
+ }
+
+ RefPtr<PGMPParent::TestTriggerMetricsPromise::Private> promise =
+ new PGMPParent::TestTriggerMetricsPromise::Private(__func__);
+ // Direct dispatch will resolve the promise on the same thread, which is
+ // faster; FOGIPC will move execution back to the main thread.
+ promise->UseDirectTaskDispatch(__func__);
+
+ mGMPThread->Dispatch(
+ NewRunnableMethod<ipc::ResolveCallback<bool>&&,
+ ipc::RejectCallback&&>(
+ "GMPParent::SendTestTriggerMetrics", gmp,
+ static_cast<void (GMPParent::*)(
+ mozilla::ipc::ResolveCallback<bool>&& aResolve,
+ mozilla::ipc::RejectCallback&& aReject)>(
+ &PGMPParent::SendTestTriggerMetrics),
+
+ [promise](bool aValue) {
+ promise->Resolve(std::move(aValue), __func__);
+ },
+ [promise](ipc::ResponseRejectReason&& aReason) {
+ promise->Reject(std::move(aReason), __func__);
+ }),
+ NS_DISPATCH_NORMAL);
+
+ return promise;
+ }
+ }
+
+ return PGMPParent::TestTriggerMetricsPromise::CreateAndReject(
+ ipc::ResponseRejectReason::SendError, __func__);
+}
+
+RefPtr<GenericPromise> GeckoMediaPluginServiceParent::AsyncAddPluginDirectory(
+ const nsAString& aDirectory) {
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ if (!thread) {
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ mDirectoriesAdded++;
+ mDirectoriesInProgress++;
+
+ nsString dir(aDirectory);
+ RefPtr<GeckoMediaPluginServiceParent> self = this;
+ return InvokeAsync(thread, this, __func__,
+ &GeckoMediaPluginServiceParent::AddOnGMPThread, dir)
+ ->Then(
+ mMainThread, __func__,
+ [dir, self](bool aVal) {
+ GMP_LOG_DEBUG(
+ "GeckoMediaPluginServiceParent::AsyncAddPluginDirectory %s "
+ "succeeded",
+ NS_ConvertUTF16toUTF8(dir).get());
+ MOZ_ASSERT(NS_IsMainThread());
+ self->mDirectoriesInProgress--;
+ self->UpdateContentProcessGMPCapabilities();
+ return GenericPromise::CreateAndResolve(aVal, __func__);
+ },
+ [dir, self](nsresult aResult) {
+ GMP_LOG_DEBUG(
+ "GeckoMediaPluginServiceParent::AsyncAddPluginDirectory %s "
+ "failed",
+ NS_ConvertUTF16toUTF8(dir).get());
+ self->mDirectoriesInProgress--;
+ return GenericPromise::CreateAndReject(aResult, __func__);
+ });
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::AddPluginDirectory(const nsAString& aDirectory) {
+ MOZ_ASSERT(NS_IsMainThread());
+ RefPtr<GenericPromise> p = AsyncAddPluginDirectory(aDirectory);
+ Unused << p;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::RemovePluginDirectory(
+ const nsAString& aDirectory) {
+ MOZ_ASSERT(NS_IsMainThread());
+ return GMPDispatch(
+ new PathRunnable(this, aDirectory, PathRunnable::EOperation::REMOVE));
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::RemoveAndDeletePluginDirectory(
+ const nsAString& aDirectory, const bool aDefer) {
+ MOZ_ASSERT(NS_IsMainThread());
+ return GMPDispatch(new PathRunnable(
+ this, aDirectory, PathRunnable::EOperation::REMOVE_AND_DELETE_FROM_DISK,
+ aDefer));
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::HasPluginForAPI(const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags,
+ bool* aHasPlugin) {
+ NS_ENSURE_ARG(!aTags.IsEmpty());
+ NS_ENSURE_ARG(aHasPlugin);
+
+ nsresult rv = EnsurePluginsOnDiskScanned();
+ if (NS_FAILED(rv)) {
+ NS_WARNING("Failed to load GMPs from disk.");
+ return rv;
+ }
+
+ {
+ MutexAutoLock lock(mMutex);
+ nsCString api(aAPI);
+ size_t index = 0;
+ RefPtr<GMPParent> gmp = FindPluginForAPIFrom(index, api, aTags, &index);
+ *aHasPlugin = !!gmp;
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::FindPluginDirectoryForAPI(
+ const nsACString& aAPI, const nsTArray<nsCString>& aTags,
+ nsIFile** aDirectory) {
+ NS_ENSURE_ARG(!aTags.IsEmpty());
+ NS_ENSURE_ARG(aDirectory);
+
+ nsresult rv = EnsurePluginsOnDiskScanned();
+ if (NS_FAILED(rv)) {
+ NS_WARNING("Failed to load GMPs from disk.");
+ return rv;
+ }
+
+ {
+ MutexAutoLock lock(mMutex);
+ nsCString api(aAPI);
+ size_t index = 0;
+ RefPtr<GMPParent> gmp = FindPluginForAPIFrom(index, api, aTags, &index);
+ if (gmp) {
+ nsCOMPtr<nsIFile> dir = gmp->GetDirectory();
+ dir.forget(aDirectory);
+ }
+ }
+
+ return NS_OK;
+}
+
+nsresult GeckoMediaPluginServiceParent::EnsurePluginsOnDiskScanned() {
+ const char* env = nullptr;
+ if (!mScannedPluginOnDisk && (env = PR_GetEnv("MOZ_GMP_PATH")) && *env) {
+ // We have a MOZ_GMP_PATH environment variable which may specify the
+ // location of plugins to load, and we haven't yet scanned the disk to
+ // see if there are plugins there. Get the GMP thread, which will
+ // cause an event to be dispatched to which scans for plugins. We
+ // dispatch a sync event to the GMP thread here in order to wait until
+ // after the GMP thread has scanned any paths in MOZ_GMP_PATH.
+ nsCOMPtr<nsIThread> thread;
+ nsresult rv = GetThread(getter_AddRefs(thread));
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = NS_DispatchAndSpinEventLoopUntilComplete(
+ "GeckoMediaPluginServiceParent::EnsurePluginsOnDiskScanned"_ns, thread,
+ MakeAndAddRef<mozilla::Runnable>("GMPDummyRunnable"));
+ NS_ENSURE_SUCCESS(rv, rv);
+ MOZ_ASSERT(mScannedPluginOnDisk, "Should have scanned MOZ_GMP_PATH by now");
+ }
+
+ return NS_OK;
+}
+
+already_AddRefed<GMPParent> GeckoMediaPluginServiceParent::FindPluginForAPIFrom(
+ size_t aSearchStartIndex, const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags, size_t* aOutPluginIndex) {
+ mMutex.AssertCurrentThreadOwns();
+ for (size_t i = aSearchStartIndex; i < mPlugins.Length(); i++) {
+ RefPtr<GMPParent> gmp = mPlugins[i];
+ if (!GMPCapability::Supports(gmp->GetCapabilities(), aAPI, aTags)) {
+ continue;
+ }
+ if (aOutPluginIndex) {
+ *aOutPluginIndex = i;
+ }
+ return gmp.forget();
+ }
+ return nullptr;
+}
+
+already_AddRefed<GMPParent> GeckoMediaPluginServiceParent::SelectPluginForAPI(
+ const nsACString& aNodeId, const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags) {
+ AssertOnGMPThread();
+
+ GMPParent* gmpToClone = nullptr;
+ {
+ MutexAutoLock lock(mMutex);
+ size_t index = 0;
+ RefPtr<GMPParent> gmp;
+ while ((gmp = FindPluginForAPIFrom(index, aAPI, aTags, &index))) {
+ if (aNodeId.IsEmpty()) {
+ if (gmp->CanBeSharedCrossNodeIds()) {
+ return gmp.forget();
+ }
+ } else if (gmp->CanBeUsedFrom(aNodeId)) {
+ return gmp.forget();
+ }
+
+ if (!gmpToClone ||
+ (gmpToClone->IsMarkedForDeletion() && !gmp->IsMarkedForDeletion())) {
+ // This GMP has the correct type but has the wrong nodeId; hold on to it
+ // in case we need to clone it.
+ // Prefer GMPs in-use for the case where an upgraded plugin version is
+ // waiting for the old one to die. If the old plugin is in use, we
+ // should continue using it so that any persistent state remains
+ // consistent. Otherwise, just check that the plugin isn't scheduled
+ // for deletion.
+ gmpToClone = gmp;
+ }
+ // Loop around and try the next plugin; it may be usable from aNodeId.
+ index++;
+ }
+ }
+
+ // Plugin exists, but we can't use it due to cross-origin separation. Create a
+ // new one.
+ if (gmpToClone) {
+ RefPtr<GMPParent> clone = ClonePlugin(gmpToClone);
+ {
+ MutexAutoLock lock(mMutex);
+ mPlugins.AppendElement(clone);
+ }
+ if (!aNodeId.IsEmpty()) {
+ clone->SetNodeId(aNodeId);
+ }
+ return clone.forget();
+ }
+
+ return nullptr;
+}
+
+static already_AddRefed<GMPParent> CreateGMPParent() {
+ // Should run on the GMP thread.
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+ if (!SandboxInfo::Get().CanSandboxMedia()) {
+ if (!StaticPrefs::media_gmp_insecure_allow()) {
+ NS_WARNING("Denying media plugin load due to lack of sandboxing.");
+ return nullptr;
+ }
+ NS_WARNING("Loading media plugin despite lack of sandboxing.");
+ }
+#endif
+ RefPtr<GMPParent> gmpParent = new GMPParent();
+ return gmpParent.forget();
+}
+
+already_AddRefed<GMPParent> GeckoMediaPluginServiceParent::ClonePlugin(
+ const GMPParent* aOriginal) {
+ AssertOnGMPThread();
+ MOZ_ASSERT(aOriginal);
+
+ RefPtr<GMPParent> gmp = CreateGMPParent();
+ if (!gmp) {
+ NS_WARNING("Can't Create GMPParent");
+ return nullptr;
+ }
+
+ gmp->CloneFrom(aOriginal);
+ return gmp.forget();
+}
+
+RefPtr<GenericPromise> GeckoMediaPluginServiceParent::AddOnGMPThread(
+ nsString aDirectory) {
+#ifdef XP_WIN
+ // On Windows our various test harnesses often pass paths with UNIX dir
+ // separators, or a mix of dir separators. NS_NewLocalFile() can't handle
+ // that, so fixup to match the platform's expected format. This makes us
+ // more robust in the face of bad input and test harnesses changing...
+ std::replace(aDirectory.BeginWriting(), aDirectory.EndWriting(), '/', '\\');
+#endif
+
+ AssertOnGMPThread();
+ nsCString dir = NS_ConvertUTF16toUTF8(aDirectory);
+ nsCOMPtr<nsISerialEventTarget> thread(GetGMPThread());
+ if (!thread) {
+ GMP_LOG_DEBUG("%s::%s: %s No GMP Thread", __CLASS__, __FUNCTION__,
+ dir.get());
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+ GMP_LOG_DEBUG("%s::%s: %s", __CLASS__, __FUNCTION__, dir.get());
+
+ nsCOMPtr<nsIFile> directory;
+ nsresult rv = NS_NewLocalFile(aDirectory, false, getter_AddRefs(directory));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ GMP_LOG_DEBUG("%s::%s: failed to create nsIFile for dir=%s rv=%" PRIx32,
+ __CLASS__, __FUNCTION__, dir.get(),
+ static_cast<uint32_t>(rv));
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ RefPtr<GMPParent> gmp = CreateGMPParent();
+ if (!gmp) {
+ NS_WARNING("Can't Create GMPParent");
+ return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ }
+
+ RefPtr<GeckoMediaPluginServiceParent> self(this);
+ return gmp->Init(this, directory)
+ ->Then(
+ thread, __func__,
+ [gmp, self, dir](bool aVal) {
+ GMP_LOG_DEBUG("%s::%s: %s Succeeded", __CLASS__, __FUNCTION__,
+ dir.get());
+ {
+ MutexAutoLock lock(self->mMutex);
+ self->mPlugins.AppendElement(gmp);
+ }
+ return GenericPromise::CreateAndResolve(aVal, __func__);
+ },
+ [dir](nsresult aResult) {
+ GMP_LOG_DEBUG("%s::%s: %s Failed", __CLASS__, __FUNCTION__,
+ dir.get());
+ return GenericPromise::CreateAndReject(aResult, __func__);
+ });
+}
+
+void GeckoMediaPluginServiceParent::RemoveOnGMPThread(
+ const nsAString& aDirectory, const bool aDeleteFromDisk,
+ const bool aCanDefer) {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s: %s", __CLASS__, __FUNCTION__,
+ NS_LossyConvertUTF16toASCII(aDirectory).get());
+
+ nsCOMPtr<nsIFile> directory;
+ nsresult rv = NS_NewLocalFile(aDirectory, false, getter_AddRefs(directory));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return;
+ }
+
+ // Plugin destruction can modify |mPlugins|. Put them aside for now and
+ // destroy them once we're done with |mPlugins|.
+ nsTArray<RefPtr<GMPParent>> deadPlugins;
+
+ bool inUse = false;
+ MutexAutoLock lock(mMutex);
+ for (size_t i = mPlugins.Length(); i-- > 0;) {
+ nsCOMPtr<nsIFile> pluginpath = mPlugins[i]->GetDirectory();
+ bool equals;
+ if (NS_FAILED(directory->Equals(pluginpath, &equals)) || !equals) {
+ continue;
+ }
+
+ RefPtr<GMPParent> gmp = mPlugins[i];
+ if (aDeleteFromDisk && gmp->State() != GMPState::NotLoaded) {
+ // We have to wait for the child process to release its lib handle
+ // before we can delete the GMP.
+ inUse = true;
+ gmp->MarkForDeletion();
+
+ if (!mPluginsWaitingForDeletion.Contains(aDirectory)) {
+ mPluginsWaitingForDeletion.AppendElement(aDirectory);
+ }
+ }
+
+ if (gmp->State() == GMPState::NotLoaded || !aCanDefer) {
+ // GMP not in use or shutdown is being forced; can shut it down now.
+ deadPlugins.AppendElement(gmp);
+ mPlugins.RemoveElementAt(i);
+ }
+ }
+
+ {
+ MutexAutoUnlock unlock(mMutex);
+ for (auto& gmp : deadPlugins) {
+ gmp->CloseActive(true);
+ }
+ }
+
+ if (aDeleteFromDisk && !inUse) {
+ // Ensure the GMP dir and all files in it are writable, so we have
+ // permission to delete them.
+ directory->SetPermissions(0700);
+ DirectoryEnumerator iter(directory, DirectoryEnumerator::FilesAndDirs);
+ for (nsCOMPtr<nsIFile> dirEntry; (dirEntry = iter.Next()) != nullptr;) {
+ dirEntry->SetPermissions(0700);
+ }
+ if (NS_SUCCEEDED(directory->Remove(true))) {
+ mPluginsWaitingForDeletion.RemoveElement(aDirectory);
+ nsCOMPtr<nsIRunnable> task = new NotifyObserversTask(
+ "gmp-directory-deleted", nsString(aDirectory));
+ mMainThread->Dispatch(task.forget());
+ }
+ }
+} // Ignore mutex not held; MutexAutoUnlock is used above
+
+// May remove when Bug 1043671 is fixed
+static void Dummy(RefPtr<GMPParent> aOnDeathsDoor) {
+ // exists solely to do nothing and let the Runnable kill the GMPParent
+ // when done.
+}
+
+void GeckoMediaPluginServiceParent::PluginTerminated(
+ const RefPtr<GMPParent>& aPlugin) {
+ AssertOnGMPThread();
+
+ if (aPlugin->IsMarkedForDeletion()) {
+ nsString path;
+ RefPtr<nsIFile> dir = aPlugin->GetDirectory();
+ nsresult rv = dir->GetPath(path);
+ NS_ENSURE_SUCCESS_VOID(rv);
+ if (mPluginsWaitingForDeletion.Contains(path)) {
+ RemoveOnGMPThread(path, true /* delete */, true /* can defer */);
+ }
+ }
+}
+
+void GeckoMediaPluginServiceParent::ReAddOnGMPThread(
+ const RefPtr<GMPParent>& aOld) {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s: %p", __CLASS__, __FUNCTION__, (void*)aOld);
+
+ RefPtr<GMPParent> gmp;
+ if (!mShuttingDownOnGMPThread) {
+ // We're not shutting down, so replace the old plugin in the list with a
+ // clone which is in a pristine state. Note: We place the plugin in
+ // the same slot in the array as a hack to ensure if we re-request with
+ // the same capabilities we get an instance of the same plugin.
+ gmp = ClonePlugin(aOld);
+ MutexAutoLock lock(mMutex);
+ MOZ_ASSERT(mPlugins.Contains(aOld));
+ if (mPlugins.Contains(aOld)) {
+ mPlugins[mPlugins.IndexOf(aOld)] = gmp;
+ }
+ } else {
+ // We're shutting down; don't re-add plugin, let the old plugin die.
+ MutexAutoLock lock(mMutex);
+ mPlugins.RemoveElement(aOld);
+ }
+ // Schedule aOld to be destroyed. We can't destroy it from here since we
+ // may be inside ActorDestroyed() for it.
+ NS_DispatchToCurrentThread(WrapRunnableNM(&Dummy, aOld));
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::GetStorageDir(nsIFile** aOutFile) {
+ if (NS_WARN_IF(!mStorageBaseDir)) {
+ return NS_ERROR_FAILURE;
+ }
+ return mStorageBaseDir->Clone(aOutFile);
+}
+
+nsresult WriteToFile(nsIFile* aPath, const nsACString& aFileName,
+ const nsACString& aData) {
+ nsCOMPtr<nsIFile> path;
+ nsresult rv = aPath->Clone(getter_AddRefs(path));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = path->AppendNative(aFileName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ PRFileDesc* f = nullptr;
+ rv = path->OpenNSPRFileDesc(PR_WRONLY | PR_CREATE_FILE, PR_IRWXU, &f);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ int32_t len = PR_Write(f, aData.BeginReading(), aData.Length());
+ PR_Close(f);
+ if (NS_WARN_IF(len < 0 || (size_t)len != aData.Length())) {
+ return NS_ERROR_FAILURE;
+ }
+
+ return NS_OK;
+}
+
+static nsresult ReadFromFile(nsIFile* aPath, const nsACString& aFileName,
+ nsACString& aOutData, int32_t aMaxLength) {
+ nsCOMPtr<nsIFile> path;
+ nsresult rv = aPath->Clone(getter_AddRefs(path));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = path->AppendNative(aFileName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ PRFileDesc* f = nullptr;
+ rv = path->OpenNSPRFileDesc(PR_RDONLY | PR_CREATE_FILE, PR_IRWXU, &f);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ auto size = PR_Seek(f, 0, PR_SEEK_END);
+ PR_Seek(f, 0, PR_SEEK_SET);
+
+ if (size > aMaxLength) {
+ return NS_ERROR_FAILURE;
+ }
+ aOutData.SetLength(size);
+
+ auto len = PR_Read(f, aOutData.BeginWriting(), size);
+ PR_Close(f);
+ if (NS_WARN_IF(len != size)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ return NS_OK;
+}
+
+nsresult ReadSalt(nsIFile* aPath, nsACString& aOutData) {
+ return ReadFromFile(aPath, "salt"_ns, aOutData, NodeIdSaltLength);
+}
+
+already_AddRefed<GMPStorage> GeckoMediaPluginServiceParent::GetMemoryStorageFor(
+ const nsACString& aNodeId) {
+ return do_AddRef(mTempGMPStorage.LookupOrInsertWith(
+ aNodeId, [] { return CreateGMPMemoryStorage(); }));
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::IsPersistentStorageAllowed(
+ const nsACString& aNodeId, bool* aOutAllowed) {
+ AssertOnGMPThread();
+ NS_ENSURE_ARG(aOutAllowed);
+ // We disallow persistent storage for the NodeId used for shared GMP
+ // decoding, to prevent GMP decoding being used to track what a user
+ // watches somehow.
+ *aOutAllowed = !aNodeId.Equals(SHARED_GMP_DECODING_NODE_ID) &&
+ mPersistentStorageAllowed.Get(aNodeId);
+ return NS_OK;
+}
+
+nsresult GeckoMediaPluginServiceParent::GetNodeId(
+ const nsAString& aOrigin, const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName, nsACString& aOutId) {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s: (%s, %s)", __CLASS__, __FUNCTION__,
+ NS_ConvertUTF16toUTF8(aOrigin).get(),
+ NS_ConvertUTF16toUTF8(aTopLevelOrigin).get());
+
+ nsresult rv;
+
+ if (aOrigin.EqualsLiteral("null") || aOrigin.IsEmpty() ||
+ aTopLevelOrigin.EqualsLiteral("null") || aTopLevelOrigin.IsEmpty()) {
+ // (origin, topLevelOrigin) is null or empty; this is for an anonymous
+ // origin, probably a local file, for which we don't provide persistent
+ // storage. Generate a random node id, and don't store it so that the GMP's
+ // storage is temporary and the process for this GMP is not shared with GMP
+ // instances that have the same nodeId.
+ nsAutoCString salt;
+ rv = GenerateRandomPathName(salt, NodeIdSaltLength);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ aOutId = salt;
+ mPersistentStorageAllowed.InsertOrUpdate(salt, false);
+ return NS_OK;
+ }
+
+ const uint32_t hash =
+ AddToHash(HashString(aOrigin), HashString(aTopLevelOrigin));
+
+ if (OriginAttributes::IsPrivateBrowsing(NS_ConvertUTF16toUTF8(aOrigin))) {
+ // For PB mode, we store the node id, indexed by the origin pair and GMP
+ // name, so that if the same origin pair is opened for the same GMP in this
+ // session, it gets the same node id.
+ const uint32_t pbHash = AddToHash(HashString(aGMPName), hash);
+ return mTempNodeIds.WithEntryHandle(pbHash, [&](auto&& entry) {
+ if (!entry) {
+ // No salt stored, generate and temporarily store some for this id.
+ nsAutoCString newSalt;
+ rv = GenerateRandomPathName(newSalt, NodeIdSaltLength);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ auto salt = MakeUnique<nsCString>(newSalt);
+
+ mPersistentStorageAllowed.InsertOrUpdate(*salt, false);
+
+ entry.Insert(std::move(salt));
+ }
+
+ aOutId = *entry.Data();
+ return NS_OK;
+ });
+ }
+
+ // Otherwise, try to see if we've previously generated and stored salt
+ // for this origin pair.
+ nsCOMPtr<nsIFile> path; // $profileDir/gmp/$platform/
+ rv = GetStorageDir(getter_AddRefs(path));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ // $profileDir/gmp/$platform/$gmpName/
+ rv = path->Append(aGMPName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ // $profileDir/gmp/$platform/$gmpName/id/
+ rv = path->AppendNative("id"_ns);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsAutoCString hashStr;
+ hashStr.AppendInt((int64_t)hash);
+
+ // $profileDir/gmp/$platform/$gmpName/id/$hash
+ rv = path->AppendNative(hashStr);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = path->Create(nsIFile::DIRECTORY_TYPE, 0700);
+ if (rv != NS_ERROR_FILE_ALREADY_EXISTS && NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsCOMPtr<nsIFile> saltFile;
+ rv = path->Clone(getter_AddRefs(saltFile));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ rv = saltFile->AppendNative("salt"_ns);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsAutoCString salt;
+ bool exists = false;
+ rv = saltFile->Exists(&exists);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ if (!exists) {
+ // No stored salt for this origin. Generate salt, and store it and
+ // the origin on disk.
+ nsresult rv = GenerateRandomPathName(salt, NodeIdSaltLength);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ MOZ_ASSERT(salt.Length() == NodeIdSaltLength);
+
+ // $profileDir/gmp/$platform/$gmpName/id/$hash/salt
+ rv = WriteToFile(path, "salt"_ns, salt);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ // $profileDir/gmp/$platform/$gmpName/id/$hash/origin
+ rv = WriteToFile(path, "origin"_ns, NS_ConvertUTF16toUTF8(aOrigin));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ // $profileDir/gmp/$platform/$gmpName/id/$hash/topLevelOrigin
+ rv = WriteToFile(path, "topLevelOrigin"_ns,
+ NS_ConvertUTF16toUTF8(aTopLevelOrigin));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ } else {
+ rv = ReadSalt(path, salt);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+ }
+
+ aOutId = salt;
+ mPersistentStorageAllowed.InsertOrUpdate(salt, true);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::GetNodeId(
+ const nsAString& aOrigin, const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName, UniquePtr<GetNodeIdCallback>&& aCallback) {
+ nsCString nodeId;
+ nsresult rv = GetNodeId(aOrigin, aTopLevelOrigin, aGMPName, nodeId);
+ aCallback->Done(rv, nodeId);
+ return rv;
+}
+
+nsresult GeckoMediaPluginServiceParent::GetNodeId(
+ const NodeIdVariant& aNodeIdVariant, nsACString& aOutId) {
+ if (aNodeIdVariant.type() == NodeIdVariant::TnsCString) {
+ // The union already contains a node ID as a string, use that.
+ aOutId = aNodeIdVariant.get_nsCString();
+ return NS_OK;
+ }
+ // The union contains a NodeIdParts, convert it to a node ID string.
+ NodeIdParts nodeIdParts{aNodeIdVariant.get_NodeIdParts()};
+ return GetNodeId(nodeIdParts.mOrigin(), nodeIdParts.mTopLevelOrigin(),
+ nodeIdParts.mGMPName(), aOutId);
+}
+
+static bool ExtractHostName(const nsACString& aOrigin, nsACString& aOutData) {
+ nsCString str;
+ str.Assign(aOrigin);
+ int begin = str.Find("://");
+ // The scheme is missing!
+ if (begin == -1) {
+ return false;
+ }
+
+ int end = str.RFind(":");
+ // Remove the port number
+ if (end != begin) {
+ str.SetLength(end);
+ }
+
+ nsDependentCSubstring host(str, begin + 3);
+ aOutData.Assign(host);
+ return true;
+}
+
+constexpr uint32_t kMaxDomainLength = 253;
+// http://en.wikipedia.org/wiki/Domain_Name_System#Domain_name_syntax
+
+constexpr std::array<nsLiteralCString, 2> kFileNames = {"origin"_ns,
+ "topLevelOrigin"_ns};
+
+bool MatchOrigin(nsIFile* aPath, const nsACString& aSite,
+ const mozilla::OriginAttributesPattern& aPattern) {
+ nsresult rv;
+ nsCString str;
+ nsCString originNoSuffix;
+ for (const auto& fileName : kFileNames) {
+ rv = ReadFromFile(aPath, fileName, str, kMaxDomainLength);
+ mozilla::OriginAttributes originAttributes;
+ if (NS_FAILED(rv) ||
+ !originAttributes.PopulateFromOrigin(str, originNoSuffix)) {
+ // Fails on parsing the originAttributes, treat this as a non-match.
+ return false;
+ }
+
+ if (ExtractHostName(originNoSuffix, str) && str.Equals(aSite) &&
+ aPattern.Matches(originAttributes)) {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool MatchBaseDomain(nsIFile* aPath, const nsACString& aBaseDomain) {
+ nsresult rv;
+ nsCString fileContent;
+ nsCString originNoSuffix;
+ for (const auto& fileName : kFileNames) {
+ rv = ReadFromFile(aPath, fileName, fileContent, kMaxDomainLength);
+ mozilla::OriginAttributes originAttributes;
+ if (NS_FAILED(rv) ||
+ !originAttributes.PopulateFromOrigin(fileContent, originNoSuffix)) {
+ // Fails on parsing the originAttributes, treat this as a non-match.
+ return false;
+ }
+ nsCString originHostname;
+ if (!ExtractHostName(originNoSuffix, originHostname)) {
+ return false;
+ }
+ bool success;
+ rv = net::HasRootDomain(originHostname, aBaseDomain, &success);
+ if (NS_SUCCEEDED(rv) && success) {
+ return true;
+ }
+ }
+ return false;
+}
+
+template <typename T>
+static void KillPlugins(const nsTArray<RefPtr<GMPParent>>& aPlugins,
+ Mutex& aMutex, T&& aFilter) {
+ // Shutdown the plugins when |aFilter| evaluates to true.
+ // After we clear storage data, node IDs will become invalid and shouldn't be
+ // used anymore. We need to kill plugins with such nodeIDs.
+ // Note: we can't shut them down while holding the lock,
+ // as the lock is not re-entrant and shutdown requires taking the lock.
+ // The plugin list is only edited on the GMP thread, so this should be OK.
+ nsTArray<RefPtr<GMPParent>> pluginsToKill;
+ {
+ MutexAutoLock lock(aMutex);
+ for (size_t i = 0; i < aPlugins.Length(); i++) {
+ RefPtr<GMPParent> parent(aPlugins[i]);
+ if (aFilter(parent)) {
+ pluginsToKill.AppendElement(parent);
+ }
+ }
+ }
+
+ for (size_t i = 0; i < pluginsToKill.Length(); i++) {
+ pluginsToKill[i]->CloseActive(false);
+ }
+}
+
+struct NodeFilter {
+ explicit NodeFilter(const nsTArray<nsCString>& nodeIDs) : mNodeIDs(nodeIDs) {}
+ bool operator()(GMPParent* aParent) {
+ return mNodeIDs.Contains(aParent->GetNodeId());
+ }
+
+ private:
+ const nsTArray<nsCString>& mNodeIDs;
+};
+
+void GeckoMediaPluginServiceParent::ClearNodeIdAndPlugin(
+ DirectoryFilter& aFilter) {
+ // $profileDir/gmp/$platform/
+ nsCOMPtr<nsIFile> path;
+ nsresult rv = GetStorageDir(getter_AddRefs(path));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return;
+ }
+
+ // Iterate all sub-folders of $profileDir/gmp/$platform/, i.e. the dirs in
+ // which specific GMPs store their data.
+ DirectoryEnumerator iter(path, DirectoryEnumerator::DirsOnly);
+ for (nsCOMPtr<nsIFile> pluginDir; (pluginDir = iter.Next()) != nullptr;) {
+ ClearNodeIdAndPlugin(pluginDir, aFilter);
+ }
+}
+
+void GeckoMediaPluginServiceParent::ClearNodeIdAndPlugin(
+ nsIFile* aPluginStorageDir, DirectoryFilter& aFilter) {
+ // $profileDir/gmp/$platform/$gmpName/id/
+ nsCOMPtr<nsIFile> path = CloneAndAppend(aPluginStorageDir, u"id"_ns);
+ if (!path) {
+ return;
+ }
+
+ // Iterate all sub-folders of $profileDir/gmp/$platform/$gmpName/id/
+ nsTArray<nsCString> nodeIDsToClear;
+ DirectoryEnumerator iter(path, DirectoryEnumerator::DirsOnly);
+ for (nsCOMPtr<nsIFile> dirEntry; (dirEntry = iter.Next()) != nullptr;) {
+ // dirEntry is the hash of origins, i.e.:
+ // $profileDir/gmp/$platform/$gmpName/id/$originHash/
+ if (!aFilter(dirEntry)) {
+ continue;
+ }
+ nsAutoCString salt;
+ if (NS_SUCCEEDED(ReadSalt(dirEntry, salt))) {
+ // Keep node IDs to clear data/plugins associated with them later.
+ nodeIDsToClear.AppendElement(salt);
+ // Also remove node IDs from the table.
+ mPersistentStorageAllowed.Remove(salt);
+ }
+ // Now we can remove the directory for the origin pair.
+ if (NS_FAILED(dirEntry->Remove(true))) {
+ NS_WARNING("Failed to delete the directory for the origin pair");
+ }
+ }
+
+ // Kill plugin instances that have node IDs being cleared.
+ MOZ_PUSH_IGNORE_THREAD_SAFETY
+ KillPlugins(mPlugins, mMutex, NodeFilter(nodeIDsToClear));
+ MOZ_POP_THREAD_SAFETY
+
+ // Clear all storage in $profileDir/gmp/$platform/$gmpName/storage/$nodeId/
+ path = CloneAndAppend(aPluginStorageDir, u"storage"_ns);
+ if (!path) {
+ return;
+ }
+
+ for (const nsACString& nodeId : nodeIDsToClear) {
+ nsCOMPtr<nsIFile> dirEntry;
+ nsresult rv = path->Clone(getter_AddRefs(dirEntry));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ continue;
+ }
+
+ rv = dirEntry->AppendNative(nodeId);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ continue;
+ }
+
+ if (NS_FAILED(dirEntry->Remove(true))) {
+ NS_WARNING("Failed to delete GMP storage directory for the node");
+ }
+ }
+}
+
+void GeckoMediaPluginServiceParent::ForgetThisSiteOnGMPThread(
+ const nsACString& aSite, const mozilla::OriginAttributesPattern& aPattern) {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s: origin=%s", __CLASS__, __FUNCTION__, aSite.Data());
+
+ struct OriginFilter : public DirectoryFilter {
+ explicit OriginFilter(const nsACString& aSite,
+ const mozilla::OriginAttributesPattern& aPattern)
+ : mSite(aSite), mPattern(aPattern) {}
+ bool operator()(nsIFile* aPath) override {
+ return MatchOrigin(aPath, mSite, mPattern);
+ }
+
+ private:
+ const nsACString& mSite;
+ const mozilla::OriginAttributesPattern& mPattern;
+ } filter(aSite, aPattern);
+
+ ClearNodeIdAndPlugin(filter);
+}
+
+void GeckoMediaPluginServiceParent::ForgetThisBaseDomainOnGMPThread(
+ const nsACString& aBaseDomain) {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s: baseDomain=%s", __CLASS__, __FUNCTION__,
+ aBaseDomain.Data());
+
+ struct BaseDomainFilter : public DirectoryFilter {
+ explicit BaseDomainFilter(const nsACString& aBaseDomain)
+ : mBaseDomain(aBaseDomain) {}
+ bool operator()(nsIFile* aPath) override {
+ return MatchBaseDomain(aPath, mBaseDomain);
+ }
+
+ private:
+ const nsACString& mBaseDomain;
+ } filter(aBaseDomain);
+
+ ClearNodeIdAndPlugin(filter);
+}
+
+void GeckoMediaPluginServiceParent::ClearRecentHistoryOnGMPThread(
+ PRTime aSince) {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s: since=%" PRId64, __CLASS__, __FUNCTION__,
+ (int64_t)aSince);
+
+ struct MTimeFilter : public DirectoryFilter {
+ explicit MTimeFilter(PRTime aSince) : mSince(aSince) {}
+
+ // Return true if any files under aPath is modified after |mSince|.
+ bool IsModifiedAfter(nsIFile* aPath) {
+ PRTime lastModified;
+ nsresult rv = aPath->GetLastModifiedTime(&lastModified);
+ if (NS_SUCCEEDED(rv) && lastModified >= mSince) {
+ return true;
+ }
+ DirectoryEnumerator iter(aPath, DirectoryEnumerator::FilesAndDirs);
+ for (nsCOMPtr<nsIFile> dirEntry; (dirEntry = iter.Next()) != nullptr;) {
+ if (IsModifiedAfter(dirEntry)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ // |aPath| is $profileDir/gmp/$platform/$gmpName/id/$originHash/
+ bool operator()(nsIFile* aPath) override {
+ if (IsModifiedAfter(aPath)) {
+ return true;
+ }
+
+ nsAutoCString salt;
+ if (NS_WARN_IF(NS_FAILED(ReadSalt(aPath, salt)))) {
+ return false;
+ }
+
+ // $profileDir/gmp/$platform/$gmpName/id/
+ nsCOMPtr<nsIFile> idDir;
+ if (NS_WARN_IF(NS_FAILED(aPath->GetParent(getter_AddRefs(idDir))))) {
+ return false;
+ }
+ // $profileDir/gmp/$platform/$gmpName/
+ nsCOMPtr<nsIFile> temp;
+ if (NS_WARN_IF(NS_FAILED(idDir->GetParent(getter_AddRefs(temp))))) {
+ return false;
+ }
+
+ // $profileDir/gmp/$platform/$gmpName/storage/
+ if (NS_WARN_IF(NS_FAILED(temp->Append(u"storage"_ns)))) {
+ return false;
+ }
+ // $profileDir/gmp/$platform/$gmpName/storage/$originSalt
+ return NS_SUCCEEDED(temp->AppendNative(salt)) && IsModifiedAfter(temp);
+ }
+
+ private:
+ const PRTime mSince;
+ } filter(aSince);
+
+ ClearNodeIdAndPlugin(filter);
+
+ nsCOMPtr<nsIRunnable> task =
+ new NotifyObserversTask("gmp-clear-storage-complete");
+ mMainThread->Dispatch(task.forget());
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::ForgetThisSite(const nsAString& aSite,
+ const nsAString& aPattern) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ mozilla::OriginAttributesPattern pattern;
+
+ if (!pattern.Init(aPattern)) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ return ForgetThisSiteNative(aSite, pattern);
+}
+
+nsresult GeckoMediaPluginServiceParent::ForgetThisSiteNative(
+ const nsAString& aSite, const mozilla::OriginAttributesPattern& aPattern) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return GMPDispatch(
+ NewRunnableMethod<nsCString, mozilla::OriginAttributesPattern>(
+ "gmp::GeckoMediaPluginServiceParent::ForgetThisSiteOnGMPThread", this,
+ &GeckoMediaPluginServiceParent::ForgetThisSiteOnGMPThread,
+ NS_ConvertUTF16toUTF8(aSite), aPattern));
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::ForgetThisBaseDomain(
+ const nsAString& aBaseDomain) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return ForgetThisBaseDomainNative(aBaseDomain);
+}
+
+nsresult GeckoMediaPluginServiceParent::ForgetThisBaseDomainNative(
+ const nsAString& aBaseDomain) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return GMPDispatch(NewRunnableMethod<nsCString>(
+ "gmp::GeckoMediaPluginServiceParent::ForgetThisBaseDomainOnGMPThread",
+ this, &GeckoMediaPluginServiceParent::ForgetThisBaseDomainOnGMPThread,
+ NS_ConvertUTF16toUTF8(aBaseDomain)));
+}
+
+static bool IsNodeIdValid(GMPParent* aParent) {
+ return !aParent->GetNodeId().IsEmpty();
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::GetName(nsAString& aName) {
+ aName = u"GeckoMediaPluginServiceParent: shutdown"_ns;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::GetState(nsIPropertyBag**) { return NS_OK; }
+
+NS_IMETHODIMP
+GeckoMediaPluginServiceParent::BlockShutdown(nsIAsyncShutdownClient*) {
+ return NS_OK;
+}
+
+// Called from GMPServiceParent::Create() which holds the lock
+void GeckoMediaPluginServiceParent::ServiceUserCreated(
+ GMPServiceParent* aServiceParent) {
+ MOZ_ASSERT(NS_IsMainThread());
+ mMutex.AssertCurrentThreadOwns();
+
+ MOZ_ASSERT(!mServiceParents.Contains(aServiceParent));
+ mServiceParents.AppendElement(aServiceParent);
+ if (mServiceParents.Length() == 1) {
+ nsCOMPtr<nsIAsyncShutdownClient> barrier = GetShutdownBarrier();
+ MOZ_RELEASE_ASSERT(barrier);
+
+ nsresult rv = barrier->AddBlocker(
+ this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__), __LINE__,
+ u"GeckoMediaPluginServiceParent shutdown"_ns);
+ MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+ }
+}
+
+void GeckoMediaPluginServiceParent::ServiceUserDestroyed(
+ GMPServiceParent* aServiceParent) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MutexAutoLock lock(mMutex);
+ MOZ_ASSERT(mServiceParents.Length() > 0);
+ MOZ_ASSERT(mServiceParents.Contains(aServiceParent));
+ mServiceParents.RemoveElement(aServiceParent);
+ if (mServiceParents.IsEmpty()) {
+ nsCOMPtr<nsIAsyncShutdownClient> barrier = GetShutdownBarrier();
+ MOZ_RELEASE_ASSERT(barrier);
+ nsresult rv = barrier->RemoveBlocker(this);
+ MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+ }
+}
+
+void GeckoMediaPluginServiceParent::ClearStorage() {
+ AssertOnGMPThread();
+ GMP_LOG_DEBUG("%s::%s", __CLASS__, __FUNCTION__);
+
+ // Kill plugins with valid nodeIDs.
+ MOZ_PUSH_IGNORE_THREAD_SAFETY
+ KillPlugins(mPlugins, mMutex, &IsNodeIdValid);
+ MOZ_POP_THREAD_SAFETY
+
+ nsCOMPtr<nsIFile> path; // $profileDir/gmp/$platform/
+ nsresult rv = GetStorageDir(getter_AddRefs(path));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return;
+ }
+
+ if (NS_FAILED(path->Remove(true))) {
+ NS_WARNING("Failed to delete GMP storage directory");
+ }
+
+ // Clear private-browsing storage.
+ mTempGMPStorage.Clear();
+
+ nsCOMPtr<nsIRunnable> task =
+ new NotifyObserversTask("gmp-clear-storage-complete");
+ mMainThread->Dispatch(task.forget());
+}
+
+already_AddRefed<GMPParent> GeckoMediaPluginServiceParent::GetById(
+ uint32_t aPluginId) {
+ MutexAutoLock lock(mMutex);
+ for (const RefPtr<GMPParent>& gmp : mPlugins) {
+ if (gmp->GetPluginId() == aPluginId) {
+ return do_AddRef(gmp);
+ }
+ }
+ return nullptr;
+}
+
+GMPServiceParent::GMPServiceParent(GeckoMediaPluginServiceParent* aService)
+ : mService(aService) {
+ MOZ_ASSERT(NS_IsMainThread(), "Should be constructed on the main thread");
+ MOZ_ASSERT(mService);
+ mService->ServiceUserCreated(this);
+}
+
+GMPServiceParent::~GMPServiceParent() {
+ MOZ_ASSERT(NS_IsMainThread(), "Should be destroyted on the main thread");
+ MOZ_ASSERT(mService);
+ mService->ServiceUserDestroyed(this);
+}
+
+mozilla::ipc::IPCResult GMPServiceParent::RecvLaunchGMP(
+ const NodeIdVariant& aNodeIdVariant, const nsACString& aAPI,
+ nsTArray<nsCString>&& aTags, nsTArray<ProcessId>&& aAlreadyBridgedTo,
+ LaunchGMPResolver&& aResolve) {
+ GMPLaunchResult result;
+
+ if (mService->IsShuttingDown()) {
+ result.pluginId() = 0;
+ result.pluginType() = GMPPluginType::Unknown;
+ result.pid() = base::kInvalidProcessId;
+ result.result() = NS_ERROR_ILLEGAL_DURING_SHUTDOWN;
+ result.errorDescription() = "Service is shutting down."_ns;
+ aResolve(std::move(result));
+ return IPC_OK();
+ }
+
+ nsCString nodeIdString;
+ nsresult rv = mService->GetNodeId(aNodeIdVariant, nodeIdString);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ result.pluginId() = 0;
+ result.pluginType() = GMPPluginType::Unknown;
+ result.pid() = base::kInvalidProcessId;
+ result.result() = rv;
+ result.errorDescription() = "GetNodeId failed."_ns;
+ aResolve(std::move(result));
+ return IPC_OK();
+ }
+
+ RefPtr<GMPParent> gmp =
+ mService->SelectPluginForAPI(nodeIdString, aAPI, aTags);
+ if (gmp) {
+ result.pluginId() = gmp->GetPluginId();
+ result.pluginType() = gmp->GetPluginType();
+ } else {
+ result.pluginId() = 0;
+ result.pluginType() = GMPPluginType::Unknown;
+ result.pid() = base::kInvalidProcessId;
+ result.result() = NS_ERROR_FAILURE;
+ result.errorDescription() = "SelectPluginForAPI returns nullptr."_ns;
+ aResolve(std::move(result));
+ return IPC_OK();
+ }
+
+ if (!gmp->EnsureProcessLoaded(&result.pid())) {
+ result.pid() = base::kInvalidProcessId;
+ result.result() = NS_ERROR_FAILURE;
+ result.errorDescription() = "Process has not loaded."_ns;
+ aResolve(std::move(result));
+ return IPC_OK();
+ }
+
+ MOZ_ASSERT(result.pid() != base::kInvalidProcessId);
+
+ result.displayName() = gmp->GetDisplayName();
+
+ if (aAlreadyBridgedTo.Contains(result.pid())) {
+ result.result() = NS_OK;
+ aResolve(std::move(result));
+ return IPC_OK();
+ }
+
+ Endpoint<PGMPContentParent> parent;
+ Endpoint<PGMPContentChild> child;
+ rv = PGMPContent::CreateEndpoints(OtherPid(), result.pid(), &parent, &child);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ result.result() = rv;
+ result.errorDescription() = "PGMPContent::CreateEndpoints failed."_ns;
+ aResolve(std::move(result));
+ return IPC_OK();
+ }
+
+ if (!gmp->SendInitGMPContentChild(std::move(child))) {
+ result.result() = NS_ERROR_FAILURE;
+ result.errorDescription() = "SendInitGMPContentChild failed."_ns;
+ return IPC_OK();
+ }
+
+ gmp->IncrementGMPContentChildCount();
+
+ result.result() = NS_OK;
+ result.endpoint() = std::move(parent);
+ aResolve(std::move(result));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPServiceParent::RecvGetGMPNodeId(
+ const nsAString& aOrigin, const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName, GetGMPNodeIdResolver&& aResolve) {
+ nsCString id;
+ nsresult rv = mService->GetNodeId(aOrigin, aTopLevelOrigin, aGMPName, id);
+ aResolve(id);
+ if (!NS_SUCCEEDED(rv)) {
+ return IPC_FAIL(
+ this,
+ "GMPServiceParent::RecvGetGMPNodeId: mService->GetNodeId failed.");
+ }
+ return IPC_OK();
+}
+
+class OpenPGMPServiceParent : public mozilla::Runnable {
+ public:
+ OpenPGMPServiceParent(RefPtr<GMPServiceParent>&& aGMPServiceParent,
+ ipc::Endpoint<PGMPServiceParent>&& aEndpoint,
+ bool* aResult)
+ : Runnable("gmp::OpenPGMPServiceParent"),
+ mGMPServiceParent(aGMPServiceParent),
+ mEndpoint(std::move(aEndpoint)),
+ mResult(aResult) {}
+
+ NS_IMETHOD Run() override {
+ *mResult = mEndpoint.Bind(mGMPServiceParent);
+ return NS_OK;
+ }
+
+ private:
+ RefPtr<GMPServiceParent> mGMPServiceParent;
+ ipc::Endpoint<PGMPServiceParent> mEndpoint;
+ bool* mResult;
+};
+
+/* static */
+bool GMPServiceParent::Create(Endpoint<PGMPServiceParent>&& aGMPService) {
+ RefPtr<GeckoMediaPluginServiceParent> gmp =
+ GeckoMediaPluginServiceParent::GetSingleton();
+
+ if (!gmp || gmp->mShuttingDown) {
+ // Shutdown is initiated. There is no point creating a new actor.
+ return false;
+ }
+
+ nsCOMPtr<nsIThread> gmpThread;
+ RefPtr<GMPServiceParent> serviceParent;
+ {
+ MutexAutoLock lock(gmp->mMutex);
+ nsresult rv = gmp->GetThreadLocked(getter_AddRefs(gmpThread));
+ NS_ENSURE_SUCCESS(rv, false);
+ serviceParent = new GMPServiceParent(gmp);
+ }
+ bool ok;
+ nsresult rv = NS_DispatchAndSpinEventLoopUntilComplete(
+ "GMPServiceParent::Create"_ns, gmpThread,
+ do_AddRef(new OpenPGMPServiceParent(std::move(serviceParent),
+ std::move(aGMPService), &ok)));
+
+ if (NS_WARN_IF(NS_FAILED(rv) || !ok)) {
+ return false;
+ }
+
+ // Now that the service parent is set up, it will be released by IPC
+ // refcounting, so we don't need to hold any more references here.
+
+ return true;
+}
+
+} // namespace mozilla::gmp
+
+#undef __CLASS__
diff --git a/dom/media/gmp/GMPServiceParent.h b/dom/media/gmp/GMPServiceParent.h
new file mode 100644
index 0000000000..d3af9f3409
--- /dev/null
+++ b/dom/media/gmp/GMPServiceParent.h
@@ -0,0 +1,300 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPServiceParent_h_
+#define GMPServiceParent_h_
+
+#include "GMPService.h"
+#include "mozilla/dom/ContentParent.h"
+#include "mozilla/gmp/PGMPServiceParent.h"
+#include "mozIGeckoMediaPluginChromeService.h"
+#include "nsClassHashtable.h"
+#include "nsTHashMap.h"
+#include "mozilla/Atomics.h"
+#include "nsNetUtil.h"
+#include "nsIAsyncShutdown.h"
+#include "nsRefPtrHashtable.h"
+#include "nsThreadUtils.h"
+#include "mozilla/gmp/PGMPParent.h"
+#include "mozilla/MozPromise.h"
+#include "GMPStorage.h"
+
+template <class>
+struct already_AddRefed;
+using FlushFOGDataPromise = mozilla::dom::ContentParent::FlushFOGDataPromise;
+using ContentParent = mozilla::dom::ContentParent;
+
+namespace mozilla {
+class OriginAttributesPattern;
+
+namespace gmp {
+
+class GMPParent;
+class GMPServiceParent;
+
+class GeckoMediaPluginServiceParent final
+ : public GeckoMediaPluginService,
+ public mozIGeckoMediaPluginChromeService,
+ public nsIAsyncShutdownBlocker {
+ public:
+ static already_AddRefed<GeckoMediaPluginServiceParent> GetSingleton();
+
+ GeckoMediaPluginServiceParent();
+ nsresult Init() override;
+
+ NS_DECL_ISUPPORTS_INHERITED
+ NS_DECL_NSIASYNCSHUTDOWNBLOCKER
+
+ // mozIGeckoMediaPluginService
+ NS_IMETHOD HasPluginForAPI(const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags,
+ bool* aRetVal) override;
+ NS_IMETHOD FindPluginDirectoryForAPI(const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags,
+ nsIFile** aDirectory) override;
+ NS_IMETHOD GetNodeId(const nsAString& aOrigin,
+ const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName,
+ UniquePtr<GetNodeIdCallback>&& aCallback) override;
+
+ NS_DECL_MOZIGECKOMEDIAPLUGINCHROMESERVICE
+ NS_DECL_NSIOBSERVER
+
+ RefPtr<GenericPromise> EnsureInitialized();
+ RefPtr<GenericPromise> AsyncAddPluginDirectory(const nsAString& aDirectory);
+
+ // GMP thread access only
+ bool IsShuttingDown();
+
+ already_AddRefed<GMPStorage> GetMemoryStorageFor(const nsACString& aNodeId);
+ nsresult ForgetThisSiteNative(
+ const nsAString& aSite, const mozilla::OriginAttributesPattern& aPattern);
+
+ nsresult ForgetThisBaseDomainNative(const nsAString& aBaseDomain);
+
+ // Notifies that some user of this class is created/destroyed.
+ void ServiceUserCreated(GMPServiceParent* aServiceParent);
+ void ServiceUserDestroyed(GMPServiceParent* aServiceParent);
+
+ // If aContentProcess is specified, this will only update GMP caps in that
+ // content process, otherwise will update all content processes.
+ void UpdateContentProcessGMPCapabilities(
+ ContentParent* aContentProcess = nullptr);
+
+ void SendFlushFOGData(nsTArray<RefPtr<FlushFOGDataPromise>>& promises);
+
+#if defined(XP_WIN)
+ using GetUntrustedModulesDataPromise =
+ PGMPParent::GetUntrustedModulesDataPromise;
+
+ void SendGetUntrustedModulesData(
+ nsTArray<RefPtr<GetUntrustedModulesDataPromise>>& promises);
+
+ void SendUnblockUntrustedModulesThread();
+#endif
+
+ /*
+ * ** Test-only Method **
+ *
+ * Trigger GMP-process test metric instrumentation.
+ */
+ RefPtr<PGMPParent::TestTriggerMetricsPromise> TestTriggerMetrics();
+
+ private:
+ friend class GMPServiceParent;
+ class Observer;
+
+ virtual ~GeckoMediaPluginServiceParent();
+
+ void ClearStorage();
+
+ already_AddRefed<GMPParent> SelectPluginForAPI(
+ const nsACString& aNodeId, const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags);
+
+ already_AddRefed<GMPParent> FindPluginForAPIFrom(
+ size_t aSearchStartIndex, const nsACString& aAPI,
+ const nsTArray<nsCString>& aTags, size_t* aOutPluginIndex)
+ MOZ_REQUIRES(mMutex);
+
+ nsresult GetNodeId(const nsAString& aOrigin, const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName, nsACString& aOutId);
+
+ void UnloadPlugins();
+ void CrashPlugins();
+ void NotifySyncShutdownComplete();
+
+ void RemoveOnGMPThread(const nsAString& aDirectory,
+ const bool aDeleteFromDisk, const bool aCanDefer);
+
+ struct DirectoryFilter {
+ virtual bool operator()(nsIFile* aPath) = 0;
+ ~DirectoryFilter() = default;
+ };
+ void ClearNodeIdAndPlugin(DirectoryFilter& aFilter);
+ void ClearNodeIdAndPlugin(nsIFile* aPluginStorageDir,
+ DirectoryFilter& aFilter);
+ void ForgetThisSiteOnGMPThread(
+ const nsACString& aSite,
+ const mozilla::OriginAttributesPattern& aPattern);
+ void ForgetThisBaseDomainOnGMPThread(const nsACString& aBaseDomain);
+ void ClearRecentHistoryOnGMPThread(PRTime aSince);
+ void OnPreferenceChanged(mozilla::dom::Pref&& aPref);
+
+ already_AddRefed<GMPParent> GetById(uint32_t aPluginId);
+
+ protected:
+ friend class GMPParent;
+ void ReAddOnGMPThread(const RefPtr<GMPParent>& aOld);
+ void PluginTerminated(const RefPtr<GMPParent>& aOld);
+ void InitializePlugins(nsISerialEventTarget* GMPThread) override;
+ RefPtr<GenericPromise> LoadFromEnvironment();
+ RefPtr<GenericPromise> AddOnGMPThread(nsString aDirectory);
+
+ RefPtr<GetGMPContentParentPromise> GetContentParent(
+ GMPCrashHelper* aHelper, const NodeIdVariant& aNodeIdVariant,
+ const nsACString& aAPI, const nsTArray<nsCString>& aTags) override;
+
+ private:
+ // Creates a copy of aOriginal. Note that the caller is responsible for
+ // adding this to GeckoMediaPluginServiceParent::mPlugins.
+ already_AddRefed<GMPParent> ClonePlugin(const GMPParent* aOriginal);
+ nsresult EnsurePluginsOnDiskScanned();
+ nsresult InitStorage();
+
+ // Get a string based node ID from a NodeIdVariant. This will
+ // either fetch the internal string, or convert the internal NodeIdParts to a
+ // string. The conversion process is fallible, so the return value should be
+ // checked.
+ nsresult GetNodeId(const NodeIdVariant& aNodeIdVariant, nsACString& aOutId);
+
+ class PathRunnable : public Runnable {
+ public:
+ enum EOperation {
+ REMOVE,
+ REMOVE_AND_DELETE_FROM_DISK,
+ };
+
+ PathRunnable(GeckoMediaPluginServiceParent* aService,
+ const nsAString& aPath, EOperation aOperation,
+ bool aDefer = false)
+ : Runnable("gmp::GeckoMediaPluginServiceParent::PathRunnable"),
+ mService(aService),
+ mPath(aPath),
+ mOperation(aOperation),
+ mDefer(aDefer) {}
+
+ NS_DECL_NSIRUNNABLE
+
+ private:
+ RefPtr<GeckoMediaPluginServiceParent> mService;
+ nsString mPath;
+ EOperation mOperation;
+ bool mDefer;
+ };
+
+ // Protected by mMutex from the base class.
+ nsTArray<RefPtr<GMPParent>> mPlugins MOZ_GUARDED_BY(mMutex);
+
+ // True if we've inspected MOZ_GMP_PATH on the GMP thread and loaded any
+ // plugins found there into mPlugins.
+ Atomic<bool> mScannedPluginOnDisk;
+
+ template <typename T>
+ class MainThreadOnly {
+ public:
+ MOZ_IMPLICIT MainThreadOnly(T aValue) : mValue(aValue) {}
+ operator T&() {
+ MOZ_ASSERT(NS_IsMainThread());
+ return mValue;
+ }
+
+ private:
+ T mValue;
+ };
+
+ MainThreadOnly<bool> mShuttingDown;
+ MainThreadOnly<bool> mWaitingForPluginsSyncShutdown;
+
+ nsTArray<nsString> mPluginsWaitingForDeletion;
+
+ nsCOMPtr<nsIFile> mStorageBaseDir;
+
+ // Hashes of (origin,topLevelOrigin) to the node id for
+ // non-persistent sessions.
+ nsClassHashtable<nsUint32HashKey, nsCString> mTempNodeIds;
+
+ // Hashes node id to whether that node id is allowed to store data
+ // persistently on disk.
+ nsTHashMap<nsCStringHashKey, bool> mPersistentStorageAllowed;
+
+ // Synchronization for barrier that ensures we've loaded GMPs from
+ // MOZ_GMP_PATH before allowing GetContentParentFrom() to proceed.
+ Monitor mInitPromiseMonitor;
+ MozMonitoredPromiseHolder<GenericPromise> mInitPromise;
+ bool mLoadPluginsFromDiskComplete;
+
+ // Hashes nodeId to the hashtable of storage for that nodeId.
+ nsRefPtrHashtable<nsCStringHashKey, GMPStorage> mTempGMPStorage;
+
+ // Tracks how many IPC connections to GMPServices running in content
+ // processes we have. When this is empty we can safely shut down.
+ // Synchronized across thread via mMutex in base class.
+ nsTArray<GMPServiceParent*> mServiceParents;
+
+ uint32_t mDirectoriesAdded = 0;
+ uint32_t mDirectoriesInProgress = 0;
+};
+
+nsresult WriteToFile(nsIFile* aPath, const nsACString& aFileName,
+ const nsACString& aData);
+nsresult ReadSalt(nsIFile* aPath, nsACString& aOutData);
+bool MatchOrigin(nsIFile* aPath, const nsACString& aSite,
+ const mozilla::OriginAttributesPattern& aPattern);
+bool MatchBaseDomain(nsIFile* aPath, const nsACString& aBaseDomain);
+
+/**
+ * This class runs in the parent process, and manages the lifecycle of the GMP
+ * process and brokering the creation of PGMPContent between the parent/content
+ * processes and the GMP process.
+ */
+class GMPServiceParent final : public PGMPServiceParent {
+ public:
+ explicit GMPServiceParent(GeckoMediaPluginServiceParent* aService);
+
+ // Our refcounting is thread safe, and when our refcount drops to zero
+ // we dispatch an event to the main thread to delete the GMPServiceParent.
+ // Note that this means it's safe for references to this object to be
+ // released on a non main thread, but the destructor will always run on
+ // the main thread.
+
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPServiceParent.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING_WITH_DELETE_ON_MAIN_THREAD(
+ GMPServiceParent, final);
+
+ ipc::IPCResult RecvGetGMPNodeId(const nsAString& aOrigin,
+ const nsAString& aTopLevelOrigin,
+ const nsAString& aGMPName,
+ GetGMPNodeIdResolver&& aResolve) override;
+
+ static bool Create(Endpoint<PGMPServiceParent>&& aGMPService);
+
+ ipc::IPCResult RecvLaunchGMP(const NodeIdVariant& aNodeIdVariant,
+ const nsACString& aAPI,
+ nsTArray<nsCString>&& aTags,
+ nsTArray<ProcessId>&& aAlreadyBridgedTo,
+ LaunchGMPResolver&& aResolve) override;
+
+ private:
+ ~GMPServiceParent();
+
+ RefPtr<GeckoMediaPluginServiceParent> mService;
+};
+
+} // namespace gmp
+} // namespace mozilla
+
+#endif // GMPServiceParent_h_
diff --git a/dom/media/gmp/GMPSharedMemManager.cpp b/dom/media/gmp/GMPSharedMemManager.cpp
new file mode 100644
index 0000000000..5da04247cb
--- /dev/null
+++ b/dom/media/gmp/GMPSharedMemManager.cpp
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPSharedMemManager.h"
+#include "GMPMessageUtils.h"
+#include "mozilla/ipc/SharedMemory.h"
+#include "mozilla/StaticPtr.h"
+#include "mozilla/ClearOnShutdown.h"
+
+namespace mozilla::gmp {
+
+// Really one set of pools on each side of the plugin API.
+
+// YUV buffers go from Encoder parent to child; pool there, and then return
+// with Decoded() frames to the Decoder parent and goes into the parent pool.
+// Compressed (encoded) data goes from the Decoder parent to the child;
+// pool there, and then return with Encoded() frames and goes into the parent
+// pool.
+bool GMPSharedMemManager::MgrAllocShmem(GMPSharedMem::GMPMemoryClasses aClass,
+ size_t aSize, ipc::Shmem* aMem) {
+ mData->CheckThread();
+
+ // first look to see if we have a free buffer large enough
+ for (uint32_t i = 0; i < GetGmpFreelist(aClass).Length(); i++) {
+ MOZ_ASSERT(GetGmpFreelist(aClass)[i].IsWritable());
+ if (aSize <= GetGmpFreelist(aClass)[i].Size<uint8_t>()) {
+ *aMem = GetGmpFreelist(aClass)[i];
+ GetGmpFreelist(aClass).RemoveElementAt(i);
+ return true;
+ }
+ }
+
+ // Didn't find a buffer free with enough space; allocate one
+ size_t pagesize = ipc::SharedMemory::SystemPageSize();
+ aSize = (aSize + (pagesize - 1)) & ~(pagesize - 1); // round up to page size
+ bool retval = Alloc(aSize, aMem);
+ if (retval) {
+ // The allocator (or NeedsShmem call) should never return less than we ask
+ // for...
+ MOZ_ASSERT(aMem->Size<uint8_t>() >= aSize);
+ mData->mGmpAllocated[aClass]++;
+ }
+ return retval;
+}
+
+bool GMPSharedMemManager::MgrDeallocShmem(GMPSharedMem::GMPMemoryClasses aClass,
+ ipc::Shmem& aMem) {
+ mData->CheckThread();
+
+ size_t size = aMem.Size<uint8_t>();
+
+ // XXX Bug NNNNNNN Until we put better guards on ipc::shmem, verify we
+ // weren't fed an shmem we already had.
+ for (uint32_t i = 0; i < GetGmpFreelist(aClass).Length(); i++) {
+ if (NS_WARN_IF(aMem == GetGmpFreelist(aClass)[i])) {
+ // Safest to crash in this case; should never happen in normal
+ // operation.
+ MOZ_CRASH("Deallocating Shmem we already have in our cache!");
+ // return true;
+ }
+ }
+
+ // XXX This works; there are better pool algorithms. We need to avoid
+ // "falling off a cliff" with too low a number
+ if (GetGmpFreelist(aClass).Length() > 10) {
+ Dealloc(std::move(GetGmpFreelist(aClass)[0]));
+ GetGmpFreelist(aClass).RemoveElementAt(0);
+ // The allocation numbers will be fubar on the Child!
+ mData->mGmpAllocated[aClass]--;
+ }
+ for (uint32_t i = 0; i < GetGmpFreelist(aClass).Length(); i++) {
+ MOZ_ASSERT(GetGmpFreelist(aClass)[i].IsWritable());
+ if (size < GetGmpFreelist(aClass)[i].Size<uint8_t>()) {
+ GetGmpFreelist(aClass).InsertElementAt(i, aMem);
+ return true;
+ }
+ }
+ GetGmpFreelist(aClass).AppendElement(aMem);
+
+ return true;
+}
+
+uint32_t GMPSharedMemManager::NumInUse(GMPSharedMem::GMPMemoryClasses aClass) {
+ return mData->mGmpAllocated[aClass] - GetGmpFreelist(aClass).Length();
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPSharedMemManager.h b/dom/media/gmp/GMPSharedMemManager.h
new file mode 100644
index 0000000000..1a04bdde14
--- /dev/null
+++ b/dom/media/gmp/GMPSharedMemManager.h
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPSharedMemManager_h_
+#define GMPSharedMemManager_h_
+
+#include "mozilla/ipc/Shmem.h"
+#include "nsTArray.h"
+
+namespace mozilla::gmp {
+
+class GMPSharedMemManager;
+
+class GMPSharedMem {
+ public:
+ typedef enum {
+ kGMPFrameData = 0,
+ kGMPEncodedData,
+ kGMPNumTypes
+ } GMPMemoryClasses;
+
+ // This is a heuristic - max of 10 free in the Child pool, plus those
+ // in-use for the encoder and decoder at the given moment and not yet
+ // returned to the parent pool (which is not included). If more than
+ // this are needed, we presume the client has either crashed or hung
+ // (perhaps temporarily).
+ static const uint32_t kGMPBufLimit = 40;
+
+ GMPSharedMem() {
+ for (size_t i = 0; i < sizeof(mGmpAllocated) / sizeof(mGmpAllocated[0]);
+ i++) {
+ mGmpAllocated[i] = 0;
+ }
+ }
+ virtual ~GMPSharedMem() = default;
+
+ // Parent and child impls will differ here
+ virtual void CheckThread() = 0;
+
+ protected:
+ friend class GMPSharedMemManager;
+
+ nsTArray<ipc::Shmem> mGmpFreelist[GMPSharedMem::kGMPNumTypes];
+ uint32_t mGmpAllocated[GMPSharedMem::kGMPNumTypes];
+};
+
+class GMPSharedMemManager {
+ public:
+ explicit GMPSharedMemManager(GMPSharedMem* aData) : mData(aData) {}
+ virtual ~GMPSharedMemManager() = default;
+
+ virtual bool MgrAllocShmem(GMPSharedMem::GMPMemoryClasses aClass,
+ size_t aSize, ipc::Shmem* aMem);
+ virtual bool MgrDeallocShmem(GMPSharedMem::GMPMemoryClasses aClass,
+ ipc::Shmem& aMem);
+
+ // So we can know if data is "piling up" for the plugin - I.e. it's hung or
+ // crashed
+ virtual uint32_t NumInUse(GMPSharedMem::GMPMemoryClasses aClass);
+
+ // These have to be implemented using the AllocShmem/etc provided by the
+ // IPDL-generated interfaces, so have the Parent/Child implement them.
+ virtual bool Alloc(size_t aSize, ipc::Shmem* aMem) = 0;
+ virtual void Dealloc(ipc::Shmem&& aMem) = 0;
+
+ private:
+ nsTArray<ipc::Shmem>& GetGmpFreelist(GMPSharedMem::GMPMemoryClasses aTypes) {
+ return mData->mGmpFreelist[aTypes];
+ }
+
+ GMPSharedMem* mData;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPSharedMemManager_h_
diff --git a/dom/media/gmp/GMPStorage.h b/dom/media/gmp/GMPStorage.h
new file mode 100644
index 0000000000..aca8ca3f26
--- /dev/null
+++ b/dom/media/gmp/GMPStorage.h
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPStorage_h_
+#define GMPStorage_h_
+
+#include "gmp-storage.h"
+#include "mozilla/AlreadyAddRefed.h"
+#include "nsISupportsImpl.h"
+#include "nsString.h"
+#include "nsTArray.h"
+
+namespace mozilla::gmp {
+
+class GMPStorage {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPStorage)
+
+ virtual GMPErr Open(const nsACString& aRecordName) = 0;
+ virtual bool IsOpen(const nsACString& aRecordName) const = 0;
+ virtual GMPErr Read(const nsACString& aRecordName,
+ nsTArray<uint8_t>& aOutBytes) = 0;
+ virtual GMPErr Write(const nsACString& aRecordName,
+ const nsTArray<uint8_t>& aBytes) = 0;
+ virtual void Close(const nsACString& aRecordName) = 0;
+
+ protected:
+ virtual ~GMPStorage() = default;
+};
+
+already_AddRefed<GMPStorage> CreateGMPMemoryStorage();
+already_AddRefed<GMPStorage> CreateGMPDiskStorage(const nsACString& aNodeId,
+ const nsAString& aGMPName);
+
+} // namespace mozilla::gmp
+
+#endif
diff --git a/dom/media/gmp/GMPStorageChild.cpp b/dom/media/gmp/GMPStorageChild.cpp
new file mode 100644
index 0000000000..b08356e0d6
--- /dev/null
+++ b/dom/media/gmp/GMPStorageChild.cpp
@@ -0,0 +1,244 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPStorageChild.h"
+#include "GMPChild.h"
+#include "gmp-storage.h"
+#include "base/task.h"
+
+#define ON_GMP_THREAD() (mPlugin->GMPMessageLoop() == MessageLoop::current())
+
+#define CALL_ON_GMP_THREAD(_func, ...) \
+ do { \
+ if (ON_GMP_THREAD()) { \
+ _func(__VA_ARGS__); \
+ } else { \
+ mPlugin->GMPMessageLoop()->PostTask( \
+ dont_add_new_uses_of_this::NewRunnableMethod( \
+ this, &GMPStorageChild::_func, ##__VA_ARGS__)); \
+ } \
+ } while (false)
+
+namespace mozilla::gmp {
+
+static nsTArray<uint8_t> ToArray(const uint8_t* aData, uint32_t aDataSize) {
+ nsTArray<uint8_t> data;
+ data.AppendElements(aData, aDataSize);
+ return data;
+}
+
+GMPRecordImpl::GMPRecordImpl(GMPStorageChild* aOwner, const nsCString& aName,
+ GMPRecordClient* aClient)
+ : mName(aName), mClient(aClient), mOwner(aOwner) {}
+
+GMPErr GMPRecordImpl::Open() { return mOwner->Open(this); }
+
+void GMPRecordImpl::OpenComplete(GMPErr aStatus) {
+ mClient->OpenComplete(aStatus);
+}
+
+GMPErr GMPRecordImpl::Read() { return mOwner->Read(this); }
+
+void GMPRecordImpl::ReadComplete(GMPErr aStatus, const uint8_t* aBytes,
+ uint32_t aLength) {
+ mClient->ReadComplete(aStatus, aBytes, aLength);
+}
+
+GMPErr GMPRecordImpl::Write(const uint8_t* aData, uint32_t aDataSize) {
+ return mOwner->Write(this, aData, aDataSize);
+}
+
+void GMPRecordImpl::WriteComplete(GMPErr aStatus) {
+ mClient->WriteComplete(aStatus);
+}
+
+GMPErr GMPRecordImpl::Close() {
+ RefPtr<GMPRecordImpl> kungfuDeathGrip(this);
+ // Delete our self reference.
+ Release();
+ mOwner->Close(this->Name());
+ return GMPNoErr;
+}
+
+GMPStorageChild::GMPStorageChild(GMPChild* aPlugin)
+ : mMonitor("GMPStorageChild"), mPlugin(aPlugin), mShutdown(false) {
+ MOZ_ASSERT(ON_GMP_THREAD());
+}
+
+GMPErr GMPStorageChild::CreateRecord(const nsCString& aRecordName,
+ GMPRecord** aOutRecord,
+ GMPRecordClient* aClient) {
+ MonitorAutoLock lock(mMonitor);
+
+ if (mShutdown) {
+ NS_WARNING("GMPStorage used after it's been shutdown!");
+ return GMPClosedErr;
+ }
+
+ MOZ_ASSERT(aRecordName.Length() && aOutRecord);
+
+ if (HasRecord(aRecordName)) {
+ return GMPRecordInUse;
+ }
+
+ RefPtr<GMPRecordImpl> record(new GMPRecordImpl(this, aRecordName, aClient));
+ mRecords.InsertOrUpdate(aRecordName, RefPtr{record}); // Addrefs
+
+ // The GMPRecord holds a self reference until the GMP calls Close() on
+ // it. This means the object is always valid (even if neutered) while
+ // the GMP expects it to be.
+ record.forget(aOutRecord);
+
+ return GMPNoErr;
+}
+
+bool GMPStorageChild::HasRecord(const nsCString& aRecordName) {
+ mMonitor.AssertCurrentThreadOwns();
+ return mRecords.Contains(aRecordName);
+}
+
+already_AddRefed<GMPRecordImpl> GMPStorageChild::GetRecord(
+ const nsCString& aRecordName) {
+ MonitorAutoLock lock(mMonitor);
+ RefPtr<GMPRecordImpl> record;
+ mRecords.Get(aRecordName, getter_AddRefs(record));
+ return record.forget();
+}
+
+GMPErr GMPStorageChild::Open(GMPRecordImpl* aRecord) {
+ MonitorAutoLock lock(mMonitor);
+
+ if (mShutdown) {
+ NS_WARNING("GMPStorage used after it's been shutdown!");
+ return GMPClosedErr;
+ }
+
+ if (!HasRecord(aRecord->Name())) {
+ // Trying to re-open a record that has already been closed.
+ return GMPClosedErr;
+ }
+
+ CALL_ON_GMP_THREAD(SendOpen, aRecord->Name());
+
+ return GMPNoErr;
+}
+
+GMPErr GMPStorageChild::Read(GMPRecordImpl* aRecord) {
+ MonitorAutoLock lock(mMonitor);
+
+ if (mShutdown) {
+ NS_WARNING("GMPStorage used after it's been shutdown!");
+ return GMPClosedErr;
+ }
+
+ if (!HasRecord(aRecord->Name())) {
+ // Record not opened.
+ return GMPClosedErr;
+ }
+
+ CALL_ON_GMP_THREAD(SendRead, aRecord->Name());
+
+ return GMPNoErr;
+}
+
+GMPErr GMPStorageChild::Write(GMPRecordImpl* aRecord, const uint8_t* aData,
+ uint32_t aDataSize) {
+ if (aDataSize > GMP_MAX_RECORD_SIZE) {
+ return GMPQuotaExceededErr;
+ }
+
+ MonitorAutoLock lock(mMonitor);
+
+ if (mShutdown) {
+ NS_WARNING("GMPStorage used after it's been shutdown!");
+ return GMPClosedErr;
+ }
+
+ if (!HasRecord(aRecord->Name())) {
+ // Record not opened.
+ return GMPClosedErr;
+ }
+
+ CALL_ON_GMP_THREAD(SendWrite, aRecord->Name(), ToArray(aData, aDataSize));
+
+ return GMPNoErr;
+}
+
+GMPErr GMPStorageChild::Close(const nsCString& aRecordName) {
+ MonitorAutoLock lock(mMonitor);
+
+ if (!HasRecord(aRecordName)) {
+ // Already closed.
+ return GMPClosedErr;
+ }
+
+ mRecords.Remove(aRecordName);
+
+ if (!mShutdown) {
+ CALL_ON_GMP_THREAD(SendClose, aRecordName);
+ }
+
+ return GMPNoErr;
+}
+
+mozilla::ipc::IPCResult GMPStorageChild::RecvOpenComplete(
+ const nsCString& aRecordName, const GMPErr& aStatus) {
+ // We don't need a lock to read |mShutdown| since it is only changed in
+ // the GMP thread.
+ if (mShutdown) {
+ return IPC_OK();
+ }
+ RefPtr<GMPRecordImpl> record = GetRecord(aRecordName);
+ if (!record) {
+ // Not fatal.
+ return IPC_OK();
+ }
+ record->OpenComplete(aStatus);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPStorageChild::RecvReadComplete(
+ const nsCString& aRecordName, const GMPErr& aStatus,
+ nsTArray<uint8_t>&& aBytes) {
+ if (mShutdown) {
+ return IPC_OK();
+ }
+ RefPtr<GMPRecordImpl> record = GetRecord(aRecordName);
+ if (!record) {
+ // Not fatal.
+ return IPC_OK();
+ }
+ record->ReadComplete(aStatus, aBytes.Elements(), aBytes.Length());
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPStorageChild::RecvWriteComplete(
+ const nsCString& aRecordName, const GMPErr& aStatus) {
+ if (mShutdown) {
+ return IPC_OK();
+ }
+ RefPtr<GMPRecordImpl> record = GetRecord(aRecordName);
+ if (!record) {
+ // Not fatal.
+ return IPC_OK();
+ }
+ record->WriteComplete(aStatus);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPStorageChild::RecvShutdown() {
+ // Block any new storage requests, and thus any messages back to the
+ // parent. We don't delete any objects here, as that may invalidate
+ // GMPRecord pointers held by the GMP.
+ MonitorAutoLock lock(mMonitor);
+ mShutdown = true;
+ return IPC_OK();
+}
+
+} // namespace mozilla::gmp
+
+// avoid redefined macro in unified build
+#undef ON_GMP_THREAD
+#undef CALL_ON_GMP_THREAD
diff --git a/dom/media/gmp/GMPStorageChild.h b/dom/media/gmp/GMPStorageChild.h
new file mode 100644
index 0000000000..97c61a5007
--- /dev/null
+++ b/dom/media/gmp/GMPStorageChild.h
@@ -0,0 +1,94 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPStorageChild_h_
+#define GMPStorageChild_h_
+
+#include "mozilla/gmp/PGMPStorageChild.h"
+#include "gmp-storage.h"
+#include "nsTHashtable.h"
+#include "nsRefPtrHashtable.h"
+#include "gmp-platform.h"
+
+#include <queue>
+
+namespace mozilla::gmp {
+
+class GMPChild;
+class GMPStorageChild;
+
+class GMPRecordImpl : public GMPRecord {
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPRecordImpl)
+
+ GMPRecordImpl(GMPStorageChild* aOwner, const nsCString& aName,
+ GMPRecordClient* aClient);
+
+ // GMPRecord.
+ GMPErr Open() override;
+ GMPErr Read() override;
+ GMPErr Write(const uint8_t* aData, uint32_t aDataSize) override;
+ GMPErr Close() override;
+
+ const nsCString& Name() const { return mName; }
+
+ void OpenComplete(GMPErr aStatus);
+ void ReadComplete(GMPErr aStatus, const uint8_t* aBytes, uint32_t aLength);
+ void WriteComplete(GMPErr aStatus);
+
+ private:
+ ~GMPRecordImpl() = default;
+ const nsCString mName;
+ GMPRecordClient* const mClient;
+ GMPStorageChild* const mOwner;
+};
+
+class GMPStorageChild : public PGMPStorageChild {
+ friend class PGMPStorageChild;
+
+ public:
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPStorageChild)
+
+ explicit GMPStorageChild(GMPChild* aPlugin);
+
+ GMPErr CreateRecord(const nsCString& aRecordName, GMPRecord** aOutRecord,
+ GMPRecordClient* aClient);
+
+ GMPErr Open(GMPRecordImpl* aRecord);
+
+ GMPErr Read(GMPRecordImpl* aRecord);
+
+ GMPErr Write(GMPRecordImpl* aRecord, const uint8_t* aData,
+ uint32_t aDataSize);
+
+ GMPErr Close(const nsCString& aRecordName);
+
+ private:
+ bool HasRecord(const nsCString& aRecordName);
+ already_AddRefed<GMPRecordImpl> GetRecord(const nsCString& aRecordName);
+
+ protected:
+ ~GMPStorageChild() = default;
+
+ // PGMPStorageChild
+ mozilla::ipc::IPCResult RecvOpenComplete(const nsCString& aRecordName,
+ const GMPErr& aStatus);
+ mozilla::ipc::IPCResult RecvReadComplete(const nsCString& aRecordName,
+ const GMPErr& aStatus,
+ nsTArray<uint8_t>&& aBytes);
+ mozilla::ipc::IPCResult RecvWriteComplete(const nsCString& aRecordName,
+ const GMPErr& aStatus);
+ mozilla::ipc::IPCResult RecvShutdown();
+
+ private:
+ Monitor mMonitor MOZ_UNANNOTATED;
+ nsRefPtrHashtable<nsCStringHashKey, GMPRecordImpl> mRecords;
+ GMPChild* mPlugin;
+ bool mShutdown;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPStorageChild_h_
diff --git a/dom/media/gmp/GMPStorageParent.cpp b/dom/media/gmp/GMPStorageParent.cpp
new file mode 100644
index 0000000000..d153f5cace
--- /dev/null
+++ b/dom/media/gmp/GMPStorageParent.cpp
@@ -0,0 +1,194 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPStorageParent.h"
+#include "GMPParent.h"
+#include "gmp-storage.h"
+#include "mozilla/Unused.h"
+
+namespace mozilla {
+
+#ifdef LOG
+# undef LOG
+#endif
+
+extern LogModule* GetGMPLog();
+
+#define LOGD(msg) MOZ_LOG(GetGMPLog(), mozilla::LogLevel::Debug, msg)
+#define LOG(level, msg) MOZ_LOG(GetGMPLog(), (level), msg)
+
+namespace gmp {
+
+GMPStorageParent::GMPStorageParent(const nsACString& aNodeId,
+ GMPParent* aPlugin)
+ : mNodeId(aNodeId), mPlugin(aPlugin), mShutdown(true) {}
+
+nsresult GMPStorageParent::Init() {
+ LOGD(("GMPStorageParent[%p]::Init()", this));
+
+ if (NS_WARN_IF(mNodeId.IsEmpty())) {
+ return NS_ERROR_FAILURE;
+ }
+ RefPtr<GeckoMediaPluginServiceParent> mps(
+ GeckoMediaPluginServiceParent::GetSingleton());
+ if (NS_WARN_IF(!mps)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ bool persistent = false;
+ if (NS_WARN_IF(
+ NS_FAILED(mps->IsPersistentStorageAllowed(mNodeId, &persistent)))) {
+ return NS_ERROR_FAILURE;
+ }
+ if (persistent) {
+ mStorage = CreateGMPDiskStorage(mNodeId, mPlugin->GetPluginBaseName());
+ } else {
+ mStorage = mps->GetMemoryStorageFor(mNodeId);
+ }
+ if (!mStorage) {
+ return NS_ERROR_FAILURE;
+ }
+
+ mShutdown = false;
+ return NS_OK;
+}
+
+mozilla::ipc::IPCResult GMPStorageParent::RecvOpen(
+ const nsACString& aRecordName) {
+ LOGD(("GMPStorageParent[%p]::RecvOpen(record='%s')", this,
+ PromiseFlatCString(aRecordName).get()));
+
+ if (mShutdown) {
+ // Shutdown is an expected state, so we do not IPC_FAIL.
+ return IPC_OK();
+ }
+
+ if (mNodeId.EqualsLiteral("null")) {
+ // Refuse to open storage if the page is opened from local disk,
+ // or shared across origin.
+ LOGD(("GMPStorageParent[%p]::RecvOpen(record='%s') failed; null nodeId",
+ this, PromiseFlatCString(aRecordName).get()));
+ Unused << SendOpenComplete(aRecordName, GMPGenericErr);
+ return IPC_OK();
+ }
+
+ if (aRecordName.IsEmpty()) {
+ LOGD((
+ "GMPStorageParent[%p]::RecvOpen(record='%s') failed; record name empty",
+ this, PromiseFlatCString(aRecordName).get()));
+ Unused << SendOpenComplete(aRecordName, GMPGenericErr);
+ return IPC_OK();
+ }
+
+ if (mStorage->IsOpen(aRecordName)) {
+ LOGD(("GMPStorageParent[%p]::RecvOpen(record='%s') failed; record in use",
+ this, PromiseFlatCString(aRecordName).get()));
+ Unused << SendOpenComplete(aRecordName, GMPRecordInUse);
+ return IPC_OK();
+ }
+
+ auto err = mStorage->Open(aRecordName);
+ MOZ_ASSERT(GMP_FAILED(err) || mStorage->IsOpen(aRecordName));
+ LOGD(("GMPStorageParent[%p]::RecvOpen(record='%s') complete; rv=%d", this,
+ PromiseFlatCString(aRecordName).get(), err));
+ Unused << SendOpenComplete(aRecordName, err);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPStorageParent::RecvRead(
+ const nsACString& aRecordName) {
+ LOGD(("GMPStorageParent[%p]::RecvRead(record='%s')", this,
+ PromiseFlatCString(aRecordName).get()));
+
+ if (mShutdown) {
+ // Shutdown is an expected state, so we do not IPC_FAIL.
+ return IPC_OK();
+ }
+
+ nsTArray<uint8_t> data;
+ if (!mStorage->IsOpen(aRecordName)) {
+ LOGD(("GMPStorageParent[%p]::RecvRead(record='%s') failed; record not open",
+ this, PromiseFlatCString(aRecordName).get()));
+ Unused << SendReadComplete(aRecordName, GMPClosedErr, data);
+ } else {
+ GMPErr rv = mStorage->Read(aRecordName, data);
+ LOGD(
+ ("GMPStorageParent[%p]::RecvRead(record='%s') read %zu bytes "
+ "rv=%" PRIu32,
+ this, PromiseFlatCString(aRecordName).get(), data.Length(),
+ static_cast<uint32_t>(rv)));
+ Unused << SendReadComplete(aRecordName, rv, data);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPStorageParent::RecvWrite(
+ const nsACString& aRecordName, nsTArray<uint8_t>&& aBytes) {
+ LOGD(("GMPStorageParent[%p]::RecvWrite(record='%s') %zu bytes", this,
+ PromiseFlatCString(aRecordName).get(), aBytes.Length()));
+
+ if (mShutdown) {
+ // Shutdown is an expected state, so we do not IPC_FAIL.
+ return IPC_OK();
+ }
+
+ if (!mStorage->IsOpen(aRecordName)) {
+ LOGD(("GMPStorageParent[%p]::RecvWrite(record='%s') failed record not open",
+ this, PromiseFlatCString(aRecordName).get()));
+ Unused << SendWriteComplete(aRecordName, GMPClosedErr);
+ return IPC_OK();
+ }
+
+ if (aBytes.Length() > GMP_MAX_RECORD_SIZE) {
+ LOGD(("GMPStorageParent[%p]::RecvWrite(record='%s') failed record too big",
+ this, PromiseFlatCString(aRecordName).get()));
+ Unused << SendWriteComplete(aRecordName, GMPQuotaExceededErr);
+ return IPC_OK();
+ }
+
+ GMPErr rv = mStorage->Write(aRecordName, aBytes);
+ LOGD(("GMPStorageParent[%p]::RecvWrite(record='%s') write complete rv=%d",
+ this, PromiseFlatCString(aRecordName).get(), rv));
+
+ Unused << SendWriteComplete(aRecordName, rv);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPStorageParent::RecvClose(
+ const nsACString& aRecordName) {
+ LOGD(("GMPStorageParent[%p]::RecvClose(record='%s')", this,
+ PromiseFlatCString(aRecordName).get()));
+
+ if (mShutdown) {
+ return IPC_OK();
+ }
+
+ mStorage->Close(aRecordName);
+
+ return IPC_OK();
+}
+
+void GMPStorageParent::ActorDestroy(ActorDestroyReason aWhy) {
+ LOGD(("GMPStorageParent[%p]::ActorDestroy(reason=%d)", this, aWhy));
+ Shutdown();
+}
+
+void GMPStorageParent::Shutdown() {
+ LOGD(("GMPStorageParent[%p]::Shutdown()", this));
+
+ if (mShutdown) {
+ return;
+ }
+ mShutdown = true;
+ Unused << SendShutdown();
+
+ mStorage = nullptr;
+}
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/GMPStorageParent.h b/dom/media/gmp/GMPStorageParent.h
new file mode 100644
index 0000000000..b0cbba14c1
--- /dev/null
+++ b/dom/media/gmp/GMPStorageParent.h
@@ -0,0 +1,47 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPStorageParent_h_
+#define GMPStorageParent_h_
+
+#include "mozilla/gmp/PGMPStorageParent.h"
+#include "GMPStorage.h"
+
+namespace mozilla::gmp {
+
+class GMPParent;
+
+class GMPStorageParent : public PGMPStorageParent {
+ friend class PGMPStorageParent;
+
+ public:
+ NS_INLINE_DECL_REFCOUNTING(GMPStorageParent)
+ GMPStorageParent(const nsACString& aNodeId, GMPParent* aPlugin);
+
+ nsresult Init();
+ void Shutdown();
+
+ protected:
+ mozilla::ipc::IPCResult RecvOpen(const nsACString& aRecordName) override;
+ mozilla::ipc::IPCResult RecvRead(const nsACString& aRecordName) override;
+ mozilla::ipc::IPCResult RecvWrite(const nsACString& aRecordName,
+ nsTArray<uint8_t>&& aBytes) override;
+ mozilla::ipc::IPCResult RecvClose(const nsACString& aRecordName) override;
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+
+ private:
+ ~GMPStorageParent() = default;
+
+ RefPtr<GMPStorage> mStorage;
+
+ const nsCString mNodeId;
+ RefPtr<GMPParent> mPlugin;
+ // True after Shutdown(), or if Init() has not completed successfully.
+ bool mShutdown;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPStorageParent_h_
diff --git a/dom/media/gmp/GMPTimerChild.cpp b/dom/media/gmp/GMPTimerChild.cpp
new file mode 100644
index 0000000000..8858f5f87f
--- /dev/null
+++ b/dom/media/gmp/GMPTimerChild.cpp
@@ -0,0 +1,59 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPTimerChild.h"
+#include "GMPPlatform.h"
+#include "GMPChild.h"
+
+#define MAX_NUM_TIMERS 1000
+
+namespace mozilla::gmp {
+
+GMPTimerChild::GMPTimerChild(GMPChild* aPlugin)
+ : mTimerCount(1), mPlugin(aPlugin) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+}
+
+GMPTimerChild::~GMPTimerChild() {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+}
+
+GMPErr GMPTimerChild::SetTimer(GMPTask* aTask, int64_t aTimeoutMS) {
+ if (!aTask) {
+ NS_WARNING("Tried to set timer with null task!");
+ return GMPGenericErr;
+ }
+
+ if (mPlugin->GMPMessageLoop() != MessageLoop::current()) {
+ NS_WARNING("Tried to set GMP timer on non-main thread.");
+ return GMPGenericErr;
+ }
+
+ if (mTimers.Count() > MAX_NUM_TIMERS) {
+ return GMPQuotaExceededErr;
+ }
+ uint32_t timerId = mTimerCount;
+ mTimers.InsertOrUpdate(timerId, aTask);
+ mTimerCount++;
+
+ if (!SendSetTimer(timerId, aTimeoutMS)) {
+ return GMPGenericErr;
+ }
+ return GMPNoErr;
+}
+
+mozilla::ipc::IPCResult GMPTimerChild::RecvTimerExpired(
+ const uint32_t& aTimerId) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ GMPTask* task = mTimers.Get(aTimerId);
+ mTimers.Remove(aTimerId);
+ if (task) {
+ RunOnMainThread(task);
+ }
+ return IPC_OK();
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPTimerChild.h b/dom/media/gmp/GMPTimerChild.h
new file mode 100644
index 0000000000..f81f796e12
--- /dev/null
+++ b/dom/media/gmp/GMPTimerChild.h
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPTimerChild_h_
+#define GMPTimerChild_h_
+
+#include "mozilla/gmp/PGMPTimerChild.h"
+#include "mozilla/Monitor.h"
+#include "nsTHashMap.h"
+#include "nsHashKeys.h"
+#include "gmp-errors.h"
+#include "gmp-platform.h"
+
+namespace mozilla::gmp {
+
+class GMPChild;
+
+class GMPTimerChild : public PGMPTimerChild {
+ friend class PGMPTimerChild;
+
+ public:
+ NS_INLINE_DECL_REFCOUNTING(GMPTimerChild)
+
+ explicit GMPTimerChild(GMPChild* aPlugin);
+
+ GMPErr SetTimer(GMPTask* aTask, int64_t aTimeoutMS);
+
+ protected:
+ // GMPTimerChild
+ mozilla::ipc::IPCResult RecvTimerExpired(const uint32_t& aTimerId);
+
+ private:
+ ~GMPTimerChild();
+
+ nsTHashMap<nsUint32HashKey, GMPTask*> mTimers;
+ uint32_t mTimerCount;
+
+ GMPChild* mPlugin;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPTimerChild_h_
diff --git a/dom/media/gmp/GMPTimerParent.cpp b/dom/media/gmp/GMPTimerParent.cpp
new file mode 100644
index 0000000000..31b17ef214
--- /dev/null
+++ b/dom/media/gmp/GMPTimerParent.cpp
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPTimerParent.h"
+
+#include "GMPLog.h"
+#include "mozilla/Unused.h"
+#include "nsComponentManagerUtils.h"
+
+namespace mozilla {
+
+extern LogModule* GetGMPLog();
+
+#ifdef __CLASS__
+# undef __CLASS__
+#endif
+#define __CLASS__ "GMPTimerParent"
+
+namespace gmp {
+
+GMPTimerParent::GMPTimerParent(nsISerialEventTarget* aGMPEventTarget)
+ : mGMPEventTarget(aGMPEventTarget), mIsOpen(true) {}
+
+mozilla::ipc::IPCResult GMPTimerParent::RecvSetTimer(
+ const uint32_t& aTimerId, const uint32_t& aTimeoutMs) {
+ GMP_LOG_DEBUG("%s::%s: %p mIsOpen=%d", __CLASS__, __FUNCTION__, this,
+ mIsOpen);
+
+ MOZ_ASSERT(mGMPEventTarget->IsOnCurrentThread());
+
+ if (!mIsOpen) {
+ return IPC_OK();
+ }
+
+ nsresult rv;
+ UniquePtr<Context> ctx(new Context());
+
+ rv = NS_NewTimerWithFuncCallback(
+ getter_AddRefs(ctx->mTimer), &GMPTimerParent::GMPTimerExpired, ctx.get(),
+ aTimeoutMs, nsITimer::TYPE_ONE_SHOT, "gmp::GMPTimerParent::RecvSetTimer",
+ mGMPEventTarget);
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ ctx->mId = aTimerId;
+ ctx->mParent = this;
+
+ mTimers.Insert(ctx.release());
+
+ return IPC_OK();
+}
+
+void GMPTimerParent::Shutdown() {
+ GMP_LOG_DEBUG("%s::%s: %p mIsOpen=%d", __CLASS__, __FUNCTION__, this,
+ mIsOpen);
+
+ MOZ_ASSERT(mGMPEventTarget->IsOnCurrentThread());
+
+ for (Context* context : mTimers) {
+ context->mTimer->Cancel();
+ delete context;
+ }
+
+ mTimers.Clear();
+ mIsOpen = false;
+}
+
+void GMPTimerParent::ActorDestroy(ActorDestroyReason aWhy) {
+ GMP_LOG_DEBUG("%s::%s: %p mIsOpen=%d", __CLASS__, __FUNCTION__, this,
+ mIsOpen);
+
+ Shutdown();
+}
+
+/* static */
+void GMPTimerParent::GMPTimerExpired(nsITimer* aTimer, void* aClosure) {
+ MOZ_ASSERT(aClosure);
+ UniquePtr<Context> ctx(static_cast<Context*>(aClosure));
+ MOZ_ASSERT(ctx->mParent);
+ if (ctx->mParent) {
+ ctx->mParent->TimerExpired(ctx.get());
+ }
+}
+
+void GMPTimerParent::TimerExpired(Context* aContext) {
+ GMP_LOG_DEBUG("%s::%s: %p mIsOpen=%d", __CLASS__, __FUNCTION__, this,
+ mIsOpen);
+ MOZ_ASSERT(mGMPEventTarget->IsOnCurrentThread());
+
+ if (!mIsOpen) {
+ return;
+ }
+
+ uint32_t id = aContext->mId;
+ mTimers.Remove(aContext);
+ if (id) {
+ Unused << SendTimerExpired(id);
+ }
+}
+
+} // namespace gmp
+} // namespace mozilla
+
+#undef __CLASS__
diff --git a/dom/media/gmp/GMPTimerParent.h b/dom/media/gmp/GMPTimerParent.h
new file mode 100644
index 0000000000..dae1d9a1fb
--- /dev/null
+++ b/dom/media/gmp/GMPTimerParent.h
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPTimerParent_h_
+#define GMPTimerParent_h_
+
+#include "mozilla/gmp/PGMPTimerParent.h"
+#include "nsITimer.h"
+#include "nsCOMPtr.h"
+#include "nsTHashSet.h"
+#include "mozilla/Monitor.h"
+
+namespace mozilla::gmp {
+
+class GMPTimerParent : public PGMPTimerParent {
+ friend class PGMPTimerParent;
+
+ public:
+ NS_INLINE_DECL_REFCOUNTING(GMPTimerParent)
+ explicit GMPTimerParent(nsISerialEventTarget* aGMPEventTarget);
+
+ void Shutdown();
+
+ protected:
+ mozilla::ipc::IPCResult RecvSetTimer(const uint32_t& aTimerId,
+ const uint32_t& aTimeoutMs);
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+
+ private:
+ ~GMPTimerParent() = default;
+
+ static void GMPTimerExpired(nsITimer* aTimer, void* aClosure);
+
+ struct Context {
+ Context() : mId(0) { MOZ_COUNT_CTOR(Context); }
+ MOZ_COUNTED_DTOR(Context)
+ nsCOMPtr<nsITimer> mTimer;
+ RefPtr<GMPTimerParent>
+ mParent; // Note: live timers keep the GMPTimerParent alive.
+ uint32_t mId;
+ };
+
+ void TimerExpired(Context* aContext);
+
+ nsTHashSet<Context*> mTimers;
+
+ nsCOMPtr<nsISerialEventTarget> mGMPEventTarget;
+
+ bool mIsOpen;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPTimerParent_h_
diff --git a/dom/media/gmp/GMPTypes.ipdlh b/dom/media/gmp/GMPTypes.ipdlh
new file mode 100644
index 0000000000..6cb37b6068
--- /dev/null
+++ b/dom/media/gmp/GMPTypes.ipdlh
@@ -0,0 +1,116 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include "GMPMessageUtils.h";
+
+using cdm::EncryptionScheme from "GMPSanitizedExports.h";
+using GMPBufferType from "gmp-video-codec.h";
+
+namespace mozilla {
+namespace gmp {
+
+// GMP processes are associated with a specific node ID, so all GMP requests
+// which have the same node ID will use the same GMP process. Depending on the
+// use case, the node ID may be represented by a string (such as when used for
+// WebRTC) or by this structure, which is populated according to the origin
+// initiating the request. This structure will eventually be converted to a
+// string representing a node ID. For this structure, the process ensures the
+// strings are unique for the combination of origin, top level origin and GMP
+// name.
+struct NodeIdParts {
+ nsString mOrigin;
+ nsString mTopLevelOrigin;
+ nsString mGMPName;
+};
+
+// A NodeIdVariant should contain either
+// - A string representing an already computed node ID.
+// - A NodeIdParts representing a node ID that still needs to be computed by
+// processing those parts.
+// This union is used to simplify passing of node ID information. Some
+// GMP use cases can hard code their node ID, while others need to compute
+// the node ID later. This lets us avoid having overloads to handle
+// the two different paths.
+union NodeIdVariant {
+ nsCString;
+ NodeIdParts;
+};
+
+struct GMPVideoEncodedFrameData {
+ uint32_t mEncodedWidth;
+ uint32_t mEncodedHeight;
+ uint64_t mTimestamp; // microseconds
+ uint64_t mDuration; // microseconds
+ uint32_t mFrameType;
+ uint32_t mSize;
+ GMPBufferType mBufferType;
+ Shmem mBuffer;
+ bool mCompleteFrame;
+};
+
+struct GMPPlaneData {
+ int32_t mSize;
+ int32_t mStride;
+ Shmem mBuffer;
+};
+
+struct GMPVideoi420FrameData {
+ GMPPlaneData mYPlane;
+ GMPPlaneData mUPlane;
+ GMPPlaneData mVPlane;
+ int32_t mWidth;
+ int32_t mHeight;
+ uint64_t mTimestamp; // microseconds
+ uint64_t? mUpdatedTimestamp; // microseconds
+ uint64_t mDuration; // microseconds
+};
+
+struct CDMInputBuffer {
+ Shmem mData;
+ uint8_t[] mKeyId;
+ uint8_t[] mIV;
+ int64_t mTimestamp;
+ int64_t mDuration;
+ uint32_t[] mClearBytes;
+ uint32_t[] mCipherBytes;
+ uint8_t mCryptByteBlock;
+ uint8_t mSkipByteBlock;
+ EncryptionScheme mEncryptionScheme;
+};
+
+struct CDMVideoDecoderConfig {
+ uint32_t mCodec;
+ uint32_t mProfile;
+ uint32_t mFormat;
+ int32_t mImageWidth;
+ int32_t mImageHeight;
+ uint8_t[] mExtraData;
+ EncryptionScheme mEncryptionScheme;
+};
+
+struct CDMKeyInformation {
+ uint8_t[] mKeyId;
+ uint32_t mStatus;
+ uint32_t mSystemCode;
+};
+
+struct CDMVideoPlane {
+ uint32_t mPlaneOffset;
+ uint32_t mStride;
+};
+
+struct CDMVideoFrame {
+ uint32_t mFormat;
+ int32_t mImageWidth;
+ int32_t mImageHeight;
+ CDMVideoPlane mYPlane;
+ CDMVideoPlane mUPlane;
+ CDMVideoPlane mVPlane;
+ int64_t mTimestamp;
+ int64_t mDuration;
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/GMPUtils.cpp b/dom/media/gmp/GMPUtils.cpp
new file mode 100644
index 0000000000..1bc02d7027
--- /dev/null
+++ b/dom/media/gmp/GMPUtils.cpp
@@ -0,0 +1,228 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPUtils.h"
+
+#include "GMPService.h"
+#include "VideoLimits.h"
+#include "mozIGeckoMediaPluginService.h"
+#include "mozilla/Base64.h"
+#include "nsCOMPtr.h"
+#include "nsCRTGlue.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsIConsoleService.h"
+#include "nsIFile.h"
+#include "nsLiteralString.h"
+#include "prio.h"
+
+namespace mozilla {
+
+void SplitAt(const char* aDelims, const nsACString& aInput,
+ nsTArray<nsCString>& aOutTokens) {
+ nsAutoCString str(aInput);
+ char* end = str.BeginWriting();
+ const char* start = nullptr;
+ while (!!(start = NS_strtok(aDelims, &end))) {
+ aOutTokens.AppendElement(nsCString(start));
+ }
+}
+
+nsCString ToHexString(const uint8_t* aBytes, uint32_t aLength) {
+ static const char hex[] = {'0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+ nsCString str;
+ for (uint32_t i = 0; i < aLength; i++) {
+ char buf[3];
+ buf[0] = hex[(aBytes[i] & 0xf0) >> 4];
+ buf[1] = hex[aBytes[i] & 0x0f];
+ buf[2] = 0;
+ str.AppendASCII(buf);
+ }
+ return str;
+}
+
+nsCString ToHexString(const nsTArray<uint8_t>& aBytes) {
+ return ToHexString(aBytes.Elements(), aBytes.Length());
+}
+
+bool FileExists(nsIFile* aFile) {
+ bool exists = false;
+ return aFile && NS_SUCCEEDED(aFile->Exists(&exists)) && exists;
+}
+
+DirectoryEnumerator::DirectoryEnumerator(nsIFile* aPath, Mode aMode)
+ : mMode(aMode) {
+ aPath->GetDirectoryEntries(getter_AddRefs(mIter));
+}
+
+already_AddRefed<nsIFile> DirectoryEnumerator::Next() {
+ if (!mIter) {
+ return nullptr;
+ }
+ bool hasMore = false;
+ while (NS_SUCCEEDED(mIter->HasMoreElements(&hasMore)) && hasMore) {
+ nsCOMPtr<nsISupports> supports;
+ nsresult rv = mIter->GetNext(getter_AddRefs(supports));
+ if (NS_FAILED(rv)) {
+ continue;
+ }
+
+ nsCOMPtr<nsIFile> path(do_QueryInterface(supports, &rv));
+ if (NS_FAILED(rv)) {
+ continue;
+ }
+
+ if (mMode == DirsOnly) {
+ bool isDirectory = false;
+ rv = path->IsDirectory(&isDirectory);
+ if (NS_FAILED(rv) || !isDirectory) {
+ continue;
+ }
+ }
+ return path.forget();
+ }
+ return nullptr;
+}
+
+bool ReadIntoArray(nsIFile* aFile, nsTArray<uint8_t>& aOutDst,
+ size_t aMaxLength) {
+ if (!FileExists(aFile)) {
+ return false;
+ }
+
+ PRFileDesc* fd = nullptr;
+ nsresult rv = aFile->OpenNSPRFileDesc(PR_RDONLY, 0, &fd);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ int32_t length = PR_Seek(fd, 0, PR_SEEK_END);
+ PR_Seek(fd, 0, PR_SEEK_SET);
+
+ if (length < 0 || (size_t)length > aMaxLength) {
+ NS_WARNING("EME file is longer than maximum allowed length");
+ PR_Close(fd);
+ return false;
+ }
+ aOutDst.SetLength(length);
+ int32_t bytesRead = PR_Read(fd, aOutDst.Elements(), length);
+ PR_Close(fd);
+ return (bytesRead == length);
+}
+
+bool ReadIntoString(nsIFile* aFile, nsCString& aOutDst, size_t aMaxLength) {
+ nsTArray<uint8_t> buf;
+ bool rv = ReadIntoArray(aFile, buf, aMaxLength);
+ if (rv) {
+ buf.AppendElement(0); // Append null terminator, required by nsC*String.
+ aOutDst = nsDependentCString((const char*)buf.Elements(), buf.Length() - 1);
+ }
+ return rv;
+}
+
+bool GMPInfoFileParser::Init(nsIFile* aInfoFile) {
+ nsTArray<nsCString> lines;
+ static const size_t MAX_GMP_INFO_FILE_LENGTH = 5 * 1024;
+
+ nsAutoCString info;
+ if (!ReadIntoString(aInfoFile, info, MAX_GMP_INFO_FILE_LENGTH)) {
+ NS_WARNING("Failed to read info file in GMP process.");
+ return false;
+ }
+
+ // Note: we pass "\r\n" to SplitAt so that we'll split lines delimited
+ // by \n (Unix), \r\n (Windows) and \r (old MacOSX).
+ SplitAt("\r\n", info, lines);
+
+ for (nsCString line : lines) {
+ // Field name is the string up to but not including the first ':'
+ // character on the line.
+ int32_t colon = line.FindChar(':');
+ if (colon <= 0) {
+ // Not allowed to be the first character.
+ // Info field name must be at least one character.
+ continue;
+ }
+ nsAutoCString key(Substring(line, 0, colon));
+ ToLowerCase(key);
+ key.Trim(" ");
+
+ auto value = MakeUnique<nsCString>(Substring(line, colon + 1));
+ value->Trim(" ");
+ mValues.InsertOrUpdate(
+ key,
+ std::move(value)); // Hashtable assumes ownership of value.
+ }
+
+ return true;
+}
+
+bool GMPInfoFileParser::Contains(const nsCString& aKey) const {
+ nsCString key(aKey);
+ ToLowerCase(key);
+ return mValues.Contains(key);
+}
+
+nsCString GMPInfoFileParser::Get(const nsCString& aKey) const {
+ MOZ_ASSERT(Contains(aKey));
+ nsCString key(aKey);
+ ToLowerCase(key);
+ nsCString* p = nullptr;
+ if (mValues.Get(key, &p)) {
+ return nsCString(*p);
+ }
+ return ""_ns;
+}
+
+bool HaveGMPFor(const nsACString& aAPI, const nsTArray<nsCString>& aTags) {
+ nsCOMPtr<mozIGeckoMediaPluginService> mps =
+ do_GetService("@mozilla.org/gecko-media-plugin-service;1");
+ if (NS_WARN_IF(!mps)) {
+ return false;
+ }
+
+ bool hasPlugin = false;
+ if (NS_FAILED(mps->HasPluginForAPI(aAPI, aTags, &hasPlugin))) {
+ return false;
+ }
+ return hasPlugin;
+}
+
+void LogToConsole(const nsAString& aMsg) {
+ nsCOMPtr<nsIConsoleService> console(
+ do_GetService("@mozilla.org/consoleservice;1"));
+ if (!console) {
+ NS_WARNING("Failed to log message to console.");
+ return;
+ }
+ nsAutoString msg(aMsg);
+ console->LogStringMessage(msg.get());
+}
+
+already_AddRefed<nsISerialEventTarget> GetGMPThread() {
+ RefPtr<gmp::GeckoMediaPluginService> service =
+ gmp::GeckoMediaPluginService::GetGeckoMediaPluginService();
+ nsCOMPtr<nsISerialEventTarget> thread =
+ service ? service->GetGMPThread() : nullptr;
+ return thread.forget();
+}
+
+static size_t Align16(size_t aNumber) {
+ const size_t mask = 15; // Alignment - 1.
+ return (aNumber + mask) & ~mask;
+}
+
+size_t I420FrameBufferSizePadded(int32_t aWidth, int32_t aHeight) {
+ if (aWidth <= 0 || aHeight <= 0 || aWidth > MAX_VIDEO_WIDTH ||
+ aHeight > MAX_VIDEO_HEIGHT) {
+ return 0;
+ }
+
+ size_t ySize = Align16(aWidth) * Align16(aHeight);
+ return ySize + (ySize / 4) * 2;
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/GMPUtils.h b/dom/media/gmp/GMPUtils.h
new file mode 100644
index 0000000000..0ac097420c
--- /dev/null
+++ b/dom/media/gmp/GMPUtils.h
@@ -0,0 +1,83 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPUtils_h_
+#define GMPUtils_h_
+
+#include "mozilla/AbstractThread.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "nsCOMPtr.h"
+#include "nsClassHashtable.h"
+#include "nsStringFwd.h"
+#include "nsTArray.h"
+
+#define CHROMIUM_CDM_API_BACKWARD_COMPAT "chromium-cdm9-host4"
+#define CHROMIUM_CDM_API "chromium-cdm10-host4"
+
+class nsIFile;
+class nsIDirectoryEnumerator;
+
+namespace mozilla {
+
+template <typename T>
+struct DestroyPolicy {
+ void operator()(T* aGMPObject) const { aGMPObject->Destroy(); }
+};
+
+template <typename T>
+using GMPUniquePtr = mozilla::UniquePtr<T, DestroyPolicy<T>>;
+
+void SplitAt(const char* aDelims, const nsACString& aInput,
+ nsTArray<nsCString>& aOutTokens);
+
+nsCString ToHexString(const nsTArray<uint8_t>& aBytes);
+
+nsCString ToHexString(const uint8_t* aBytes, uint32_t aLength);
+
+bool FileExists(nsIFile* aFile);
+
+// Enumerate directory entries for a specified path.
+class DirectoryEnumerator {
+ public:
+ enum Mode {
+ DirsOnly, // Enumeration only includes directories.
+ FilesAndDirs // Enumeration includes directories and non-directory files.
+ };
+
+ DirectoryEnumerator(nsIFile* aPath, Mode aMode);
+
+ already_AddRefed<nsIFile> Next();
+
+ private:
+ Mode mMode;
+ nsCOMPtr<nsIDirectoryEnumerator> mIter;
+};
+
+class GMPInfoFileParser {
+ public:
+ bool Init(nsIFile* aFile);
+ bool Contains(const nsCString& aKey) const;
+ nsCString Get(const nsCString& aKey) const;
+
+ private:
+ nsClassHashtable<nsCStringHashKey, nsCString> mValues;
+};
+
+bool ReadIntoString(nsIFile* aFile, nsCString& aOutDst, size_t aMaxLength);
+
+bool HaveGMPFor(const nsACString& aAPI, const nsTArray<nsCString>& aTags);
+
+void LogToConsole(const nsAString& aMsg);
+
+already_AddRefed<nsISerialEventTarget> GetGMPThread();
+
+// Returns the number of bytes required to store an aWidth x aHeight image in
+// I420 format, padded so that the width and height are multiples of 16.
+size_t I420FrameBufferSizePadded(int32_t aWidth, int32_t aHeight);
+
+} // namespace mozilla
+
+#endif
diff --git a/dom/media/gmp/GMPVideoDecoderChild.cpp b/dom/media/gmp/GMPVideoDecoderChild.cpp
new file mode 100644
index 0000000000..0f605cca9b
--- /dev/null
+++ b/dom/media/gmp/GMPVideoDecoderChild.cpp
@@ -0,0 +1,210 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoDecoderChild.h"
+#include "GMPVideoi420FrameImpl.h"
+#include "GMPContentChild.h"
+#include <stdio.h>
+#include "mozilla/Unused.h"
+#include "GMPVideoEncodedFrameImpl.h"
+#include "runnable_utils.h"
+
+namespace mozilla::gmp {
+
+GMPVideoDecoderChild::GMPVideoDecoderChild(GMPContentChild* aPlugin)
+ : GMPSharedMemManager(aPlugin),
+ mPlugin(aPlugin),
+ mVideoDecoder(nullptr),
+ mVideoHost(this),
+ mNeedShmemIntrCount(0),
+ mPendingDecodeComplete(false) {
+ MOZ_ASSERT(mPlugin);
+}
+
+GMPVideoDecoderChild::~GMPVideoDecoderChild() {
+ MOZ_ASSERT(!mNeedShmemIntrCount);
+}
+
+void GMPVideoDecoderChild::Init(GMPVideoDecoder* aDecoder) {
+ MOZ_ASSERT(aDecoder,
+ "Cannot initialize video decoder child without a video decoder!");
+ mVideoDecoder = aDecoder;
+}
+
+GMPVideoHostImpl& GMPVideoDecoderChild::Host() { return mVideoHost; }
+
+void GMPVideoDecoderChild::Decoded(GMPVideoi420Frame* aDecodedFrame) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ if (!aDecodedFrame) {
+ MOZ_CRASH("Not given a decoded frame!");
+ }
+
+ auto df = static_cast<GMPVideoi420FrameImpl*>(aDecodedFrame);
+
+ GMPVideoi420FrameData frameData;
+ df->InitFrameData(frameData);
+ SendDecoded(frameData);
+
+ aDecodedFrame->Destroy();
+}
+
+void GMPVideoDecoderChild::ReceivedDecodedReferenceFrame(
+ const uint64_t aPictureId) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ SendReceivedDecodedReferenceFrame(aPictureId);
+}
+
+void GMPVideoDecoderChild::ReceivedDecodedFrame(const uint64_t aPictureId) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ SendReceivedDecodedFrame(aPictureId);
+}
+
+void GMPVideoDecoderChild::InputDataExhausted() {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ SendInputDataExhausted();
+}
+
+void GMPVideoDecoderChild::DrainComplete() {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ SendDrainComplete();
+}
+
+void GMPVideoDecoderChild::ResetComplete() {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ SendResetComplete();
+}
+
+void GMPVideoDecoderChild::Error(GMPErr aError) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ SendError(aError);
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderChild::RecvInitDecode(
+ const GMPVideoCodec& aCodecSettings, nsTArray<uint8_t>&& aCodecSpecific,
+ const int32_t& aCoreCount) {
+ if (!mVideoDecoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoDecoder->InitDecode(aCodecSettings, aCodecSpecific.Elements(),
+ aCodecSpecific.Length(), this, aCoreCount);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderChild::RecvDecode(
+ const GMPVideoEncodedFrameData& aInputFrame, const bool& aMissingFrames,
+ nsTArray<uint8_t>&& aCodecSpecificInfo, const int64_t& aRenderTimeMs) {
+ if (!mVideoDecoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ auto f = new GMPVideoEncodedFrameImpl(aInputFrame, &mVideoHost);
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoDecoder->Decode(f, aMissingFrames, aCodecSpecificInfo.Elements(),
+ aCodecSpecificInfo.Length(), aRenderTimeMs);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderChild::RecvChildShmemForPool(
+ Shmem&& aFrameBuffer) {
+ if (aFrameBuffer.IsWritable()) {
+ mVideoHost.SharedMemMgr()->MgrDeallocShmem(GMPSharedMem::kGMPFrameData,
+ aFrameBuffer);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderChild::RecvReset() {
+ if (!mVideoDecoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoDecoder->Reset();
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderChild::RecvDrain() {
+ if (!mVideoDecoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoDecoder->Drain();
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderChild::RecvDecodingComplete() {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ if (mNeedShmemIntrCount) {
+ // There's a GMP blocked in Alloc() waiting for the CallNeedShem() to
+ // return a frame they can use. Don't call the GMP's DecodingComplete()
+ // now and don't delete the GMPVideoDecoderChild, defer processing the
+ // DecodingComplete() until once the Alloc() finishes.
+ mPendingDecodeComplete = true;
+ return IPC_OK();
+ }
+ if (mVideoDecoder) {
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoDecoder->DecodingComplete();
+ mVideoDecoder = nullptr;
+ }
+
+ mVideoHost.DoneWithAPI();
+
+ mPlugin = nullptr;
+
+ Unused << Send__delete__(this);
+
+ return IPC_OK();
+}
+
+bool GMPVideoDecoderChild::Alloc(size_t aSize, Shmem* aMem) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ bool rv;
+#ifndef SHMEM_ALLOC_IN_CHILD
+ ++mNeedShmemIntrCount;
+ rv = SendNeedShmem(aSize, aMem);
+ --mNeedShmemIntrCount;
+ if (mPendingDecodeComplete && mNeedShmemIntrCount == 0) {
+ mPendingDecodeComplete = false;
+ mPlugin->GMPMessageLoop()->PostTask(
+ NewRunnableMethod("gmp::GMPVideoDecoderChild::RecvDecodingComplete",
+ this, &GMPVideoDecoderChild::RecvDecodingComplete));
+ }
+#else
+ rv = AllocShmem(aSize, aType, aMem);
+#endif
+ return rv;
+}
+
+void GMPVideoDecoderChild::Dealloc(Shmem&& aMem) {
+#ifndef SHMEM_ALLOC_IN_CHILD
+ SendParentShmemForPool(std::move(aMem));
+#else
+ DeallocShmem(aMem);
+#endif
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPVideoDecoderChild.h b/dom/media/gmp/GMPVideoDecoderChild.h
new file mode 100644
index 0000000000..3c74e5f02c
--- /dev/null
+++ b/dom/media/gmp/GMPVideoDecoderChild.h
@@ -0,0 +1,75 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoDecoderChild_h_
+#define GMPVideoDecoderChild_h_
+
+#include "nsString.h"
+#include "mozilla/gmp/PGMPVideoDecoderChild.h"
+#include "gmp-video-decode.h"
+#include "GMPSharedMemManager.h"
+#include "GMPVideoHost.h"
+#include "mozilla/gmp/GMPTypes.h"
+
+namespace mozilla::gmp {
+
+class GMPContentChild;
+
+class GMPVideoDecoderChild : public PGMPVideoDecoderChild,
+ public GMPVideoDecoderCallback,
+ public GMPSharedMemManager {
+ friend class PGMPVideoDecoderChild;
+
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPVideoDecoderChild.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPVideoDecoderChild, final);
+
+ explicit GMPVideoDecoderChild(GMPContentChild* aPlugin);
+
+ void Init(GMPVideoDecoder* aDecoder);
+ GMPVideoHostImpl& Host();
+
+ // GMPVideoDecoderCallback
+ void Decoded(GMPVideoi420Frame* decodedFrame) override;
+ void ReceivedDecodedReferenceFrame(const uint64_t pictureId) override;
+ void ReceivedDecodedFrame(const uint64_t pictureId) override;
+ void InputDataExhausted() override;
+ void DrainComplete() override;
+ void ResetComplete() override;
+ void Error(GMPErr aError) override;
+
+ // GMPSharedMemManager
+ bool Alloc(size_t aSize, Shmem* aMem) override;
+ void Dealloc(Shmem&& aMem) override;
+
+ private:
+ virtual ~GMPVideoDecoderChild();
+
+ // PGMPVideoDecoderChild
+ mozilla::ipc::IPCResult RecvInitDecode(const GMPVideoCodec& aCodecSettings,
+ nsTArray<uint8_t>&& aCodecSpecific,
+ const int32_t& aCoreCount);
+ mozilla::ipc::IPCResult RecvDecode(
+ const GMPVideoEncodedFrameData& aInputFrame, const bool& aMissingFrames,
+ nsTArray<uint8_t>&& aCodecSpecificInfo, const int64_t& aRenderTimeMs);
+ mozilla::ipc::IPCResult RecvChildShmemForPool(Shmem&& aFrameBuffer);
+ mozilla::ipc::IPCResult RecvReset();
+ mozilla::ipc::IPCResult RecvDrain();
+ mozilla::ipc::IPCResult RecvDecodingComplete();
+
+ GMPContentChild* mPlugin;
+ GMPVideoDecoder* mVideoDecoder;
+ GMPVideoHostImpl mVideoHost;
+
+ // Non-zero when a GMP is blocked spinning the IPC message loop while
+ // waiting on an NeedShmem to complete.
+ int mNeedShmemIntrCount;
+ bool mPendingDecodeComplete;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPVideoDecoderChild_h_
diff --git a/dom/media/gmp/GMPVideoDecoderParent.cpp b/dom/media/gmp/GMPVideoDecoderParent.cpp
new file mode 100644
index 0000000000..dfe7182c41
--- /dev/null
+++ b/dom/media/gmp/GMPVideoDecoderParent.cpp
@@ -0,0 +1,461 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoDecoderParent.h"
+
+#include "GMPContentParent.h"
+#include "GMPUtils.h"
+#include "GMPLog.h"
+#include "GMPMessageUtils.h"
+#include "GMPVideoEncodedFrameImpl.h"
+#include "GMPVideoi420FrameImpl.h"
+#include "mozilla/gmp/GMPTypes.h"
+#include "mozilla/Unused.h"
+#include "nsAutoRef.h"
+#include "nsPrintfCString.h"
+#include "nsThreadUtils.h"
+
+namespace mozilla::gmp {
+
+// States:
+// Initial: mIsOpen == false
+// on InitDecode success -> Open
+// on Shutdown -> Dead
+// Open: mIsOpen == true
+// on Close -> Dead
+// on ActorDestroy -> Dead
+// on Shutdown -> Dead
+// Dead: mIsOpen == false
+
+GMPVideoDecoderParent::GMPVideoDecoderParent(GMPContentParent* aPlugin)
+ : GMPSharedMemManager(aPlugin),
+ mIsOpen(false),
+ mShuttingDown(false),
+ mActorDestroyed(false),
+ mIsAwaitingResetComplete(false),
+ mIsAwaitingDrainComplete(false),
+ mPlugin(aPlugin),
+ mCallback(nullptr),
+ mVideoHost(this),
+ mPluginId(aPlugin->GetPluginId()),
+ mPluginType(aPlugin->GetPluginType()),
+ mFrameCount(0) {
+ MOZ_ASSERT(mPlugin);
+}
+
+GMPVideoDecoderParent::~GMPVideoDecoderParent() = default;
+
+GMPVideoHostImpl& GMPVideoDecoderParent::Host() { return mVideoHost; }
+
+// Note: may be called via Terminated()
+void GMPVideoDecoderParent::Close() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::Close()", this);
+ MOZ_ASSERT(!mPlugin || mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ // Ensure if we've received a Close while waiting for a ResetComplete
+ // or DrainComplete notification, we'll unblock the caller before processing
+ // the close. This seems unlikely to happen, but better to be careful.
+ UnblockResetAndDrain();
+
+ // Consumer is done with us; we can shut down. No more callbacks should
+ // be made to mCallback. Note: do this before Shutdown()!
+ mCallback = nullptr;
+ // Let Shutdown mark us as dead so it knows if we had been alive
+
+ // In case this is the last reference
+ RefPtr<GMPVideoDecoderParent> kungfudeathgrip(this);
+ Release();
+ Shutdown();
+}
+
+nsresult GMPVideoDecoderParent::InitDecode(
+ const GMPVideoCodec& aCodecSettings,
+ const nsTArray<uint8_t>& aCodecSpecific,
+ GMPVideoDecoderCallbackProxy* aCallback, int32_t aCoreCount) {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::InitDecode()", this);
+
+ if (mActorDestroyed) {
+ NS_WARNING("Trying to use a destroyed GMP video decoder!");
+ return NS_ERROR_FAILURE;
+ }
+ if (mIsOpen) {
+ NS_WARNING("Trying to re-init an in-use GMP video decoder!");
+ return NS_ERROR_FAILURE;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (!aCallback) {
+ return NS_ERROR_FAILURE;
+ }
+ mCallback = aCallback;
+
+ if (!SendInitDecode(aCodecSettings, aCodecSpecific, aCoreCount)) {
+ return NS_ERROR_FAILURE;
+ }
+ mIsOpen = true;
+
+ // Async IPC, we don't have access to a return value.
+ return NS_OK;
+}
+
+nsresult GMPVideoDecoderParent::Decode(
+ GMPUniquePtr<GMPVideoEncodedFrame> aInputFrame, bool aMissingFrames,
+ const nsTArray<uint8_t>& aCodecSpecificInfo, int64_t aRenderTimeMs) {
+ GMP_LOG_VERBOSE(
+ "GMPVideoDecoderParent[%p]::Decode() timestamp=%" PRId64 " keyframe=%d",
+ this, aInputFrame->TimeStamp(), aInputFrame->FrameType() == kGMPKeyFrame);
+
+ if (!mIsOpen) {
+ GMP_LOG_ERROR(
+ "GMPVideoDecoderParent[%p]::Decode() ERROR; dead GMPVideoDecoder",
+ this);
+ NS_WARNING("Trying to use an dead GMP video decoder");
+ return NS_ERROR_FAILURE;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ GMPUniquePtr<GMPVideoEncodedFrameImpl> inputFrameImpl(
+ static_cast<GMPVideoEncodedFrameImpl*>(aInputFrame.release()));
+
+ // Very rough kill-switch if the plugin stops processing. If it's merely
+ // hung and continues, we'll come back to life eventually.
+ // 3* is because we're using 3 buffers per frame for i420 data for now.
+ if ((NumInUse(GMPSharedMem::kGMPFrameData) >
+ 3 * GMPSharedMem::kGMPBufLimit) ||
+ (NumInUse(GMPSharedMem::kGMPEncodedData) > GMPSharedMem::kGMPBufLimit)) {
+ GMP_LOG_ERROR(
+ "GMPVideoDecoderParent[%p]::Decode() ERROR; shmem buffer limit hit "
+ "frame=%d encoded=%d",
+ this, NumInUse(GMPSharedMem::kGMPFrameData),
+ NumInUse(GMPSharedMem::kGMPEncodedData));
+ return NS_ERROR_FAILURE;
+ }
+
+ GMPVideoEncodedFrameData frameData;
+ inputFrameImpl->RelinquishFrameData(frameData);
+
+ if (!SendDecode(frameData, aMissingFrames, aCodecSpecificInfo,
+ aRenderTimeMs)) {
+ GMP_LOG_ERROR(
+ "GMPVideoDecoderParent[%p]::Decode() ERROR; SendDecode() failure.",
+ this);
+ return NS_ERROR_FAILURE;
+ }
+ mFrameCount++;
+
+ // Async IPC, we don't have access to a return value.
+ return NS_OK;
+}
+
+nsresult GMPVideoDecoderParent::Reset() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::Reset()", this);
+
+ if (!mIsOpen) {
+ NS_WARNING("Trying to use an dead GMP video decoder");
+ return NS_ERROR_FAILURE;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (!SendReset()) {
+ return NS_ERROR_FAILURE;
+ }
+
+ mIsAwaitingResetComplete = true;
+
+ RefPtr<GMPVideoDecoderParent> self(this);
+ nsCOMPtr<nsIRunnable> task = NS_NewRunnableFunction(
+ "gmp::GMPVideoDecoderParent::Reset", [self]() -> void {
+ GMP_LOG_DEBUG(
+ "GMPVideoDecoderParent[%p]::ResetCompleteTimeout() timed out "
+ "waiting for ResetComplete",
+ self.get());
+ self->mResetCompleteTimeout = nullptr;
+ LogToBrowserConsole(nsLiteralString(
+ u"GMPVideoDecoderParent timed out waiting for ResetComplete()"));
+ });
+ CancelResetCompleteTimeout();
+ nsCOMPtr<nsISerialEventTarget> target = mPlugin->GMPEventTarget();
+ mResetCompleteTimeout = SimpleTimer::Create(task, 5000, target);
+
+ // Async IPC, we don't have access to a return value.
+ return NS_OK;
+}
+
+void GMPVideoDecoderParent::CancelResetCompleteTimeout() {
+ if (mResetCompleteTimeout) {
+ mResetCompleteTimeout->Cancel();
+ mResetCompleteTimeout = nullptr;
+ }
+}
+
+nsresult GMPVideoDecoderParent::Drain() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::Drain() frameCount=%d", this,
+ mFrameCount);
+
+ if (!mIsOpen) {
+ NS_WARNING("Trying to use an dead GMP video decoder");
+ return NS_ERROR_FAILURE;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (!SendDrain()) {
+ return NS_ERROR_FAILURE;
+ }
+
+ mIsAwaitingDrainComplete = true;
+
+ // Async IPC, we don't have access to a return value.
+ return NS_OK;
+}
+
+nsCString GMPVideoDecoderParent::GetDisplayName() const {
+ if (NS_WARN_IF(!mIsOpen)) {
+ return ""_ns;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+ return mPlugin->GetDisplayName();
+}
+
+// Note: Consider keeping ActorDestroy sync'd up when making changes here.
+nsresult GMPVideoDecoderParent::Shutdown() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::Shutdown()", this);
+ MOZ_ASSERT(!mPlugin || mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (mShuttingDown) {
+ return NS_OK;
+ }
+ mShuttingDown = true;
+
+ // Ensure if we've received a shutdown while waiting for a ResetComplete
+ // or DrainComplete notification, we'll unblock the caller before processing
+ // the shutdown.
+ UnblockResetAndDrain();
+
+ // Notify client we're gone! Won't occur after Close()
+ if (mCallback) {
+ mCallback->Terminated();
+ mCallback = nullptr;
+ }
+
+ mIsOpen = false;
+ if (!mActorDestroyed) {
+ Unused << SendDecodingComplete();
+ }
+
+ return NS_OK;
+}
+
+// Note: Keep this sync'd up with Shutdown
+void GMPVideoDecoderParent::ActorDestroy(ActorDestroyReason aWhy) {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::ActorDestroy reason=%d", this,
+ aWhy);
+
+ mIsOpen = false;
+ mActorDestroyed = true;
+
+ // Ensure if we've received a destroy while waiting for a ResetComplete
+ // or DrainComplete notification, we'll unblock the caller before processing
+ // the error.
+ UnblockResetAndDrain();
+
+ if (mCallback) {
+ // May call Close() (and Shutdown()) immediately or with a delay
+ mCallback->Terminated();
+ mCallback = nullptr;
+ }
+ if (mPlugin) {
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mPlugin->VideoDecoderDestroyed(this);
+ mPlugin = nullptr;
+ }
+ mVideoHost.ActorDestroyed();
+ MaybeDisconnect(aWhy == AbnormalShutdown);
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvDecoded(
+ const GMPVideoi420FrameData& aDecodedFrame) {
+ --mFrameCount;
+ if (aDecodedFrame.mUpdatedTimestamp() &&
+ aDecodedFrame.mUpdatedTimestamp().value() != aDecodedFrame.mTimestamp()) {
+ GMP_LOG_VERBOSE(
+ "GMPVideoDecoderParent[%p]::RecvDecoded() timestamp=[%" PRId64
+ " -> %" PRId64 "] frameCount=%d",
+ this, aDecodedFrame.mTimestamp(),
+ aDecodedFrame.mUpdatedTimestamp().value(), mFrameCount);
+ } else {
+ GMP_LOG_VERBOSE(
+ "GMPVideoDecoderParent[%p]::RecvDecoded() timestamp=%" PRId64
+ " frameCount=%d",
+ this, aDecodedFrame.mTimestamp(), mFrameCount);
+ }
+
+ if (mCallback) {
+ if (GMPVideoi420FrameImpl::CheckFrameData(aDecodedFrame)) {
+ auto f = new GMPVideoi420FrameImpl(aDecodedFrame, &mVideoHost);
+
+ mCallback->Decoded(f);
+ } else {
+ GMP_LOG_ERROR(
+ "GMPVideoDecoderParent[%p]::RecvDecoded() "
+ "timestamp=%" PRId64 " decoded frame corrupt, ignoring",
+ this, aDecodedFrame.mTimestamp());
+ // TODO: Verify if we should take more serious the arrival of
+ // a corrupted frame, see bug 1750506.
+ }
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+GMPVideoDecoderParent::RecvReceivedDecodedReferenceFrame(
+ const uint64_t& aPictureId) {
+ if (mCallback) {
+ mCallback->ReceivedDecodedReferenceFrame(aPictureId);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvReceivedDecodedFrame(
+ const uint64_t& aPictureId) {
+ if (mCallback) {
+ mCallback->ReceivedDecodedFrame(aPictureId);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvInputDataExhausted() {
+ GMP_LOG_VERBOSE("GMPVideoDecoderParent[%p]::RecvInputDataExhausted()", this);
+
+ if (mCallback) {
+ mCallback->InputDataExhausted();
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvDrainComplete() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::RecvDrainComplete() frameCount=%d",
+ this, mFrameCount);
+ nsAutoString msg;
+ msg.AppendLiteral(
+ "GMPVideoDecoderParent::RecvDrainComplete() outstanding frames=");
+ msg.AppendInt(mFrameCount);
+ LogToBrowserConsole(msg);
+
+ if (mCallback && mIsAwaitingDrainComplete) {
+ mIsAwaitingDrainComplete = false;
+
+ mCallback->DrainComplete();
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvResetComplete() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::RecvResetComplete()", this);
+
+ CancelResetCompleteTimeout();
+
+ if (mCallback && mIsAwaitingResetComplete) {
+ mIsAwaitingResetComplete = false;
+ mFrameCount = 0;
+
+ mCallback->ResetComplete();
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvError(const GMPErr& aError) {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::RecvError(error=%d)", this, aError);
+
+ if (mCallback) {
+ // Ensure if we've received an error while waiting for a ResetComplete
+ // or DrainComplete notification, we'll unblock the caller before processing
+ // the error.
+ UnblockResetAndDrain();
+
+ mCallback->Error(aError);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvShutdown() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::RecvShutdown()", this);
+
+ Shutdown();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvParentShmemForPool(
+ Shmem&& aEncodedBuffer) {
+ if (aEncodedBuffer.IsWritable()) {
+ mVideoHost.SharedMemMgr()->MgrDeallocShmem(GMPSharedMem::kGMPEncodedData,
+ aEncodedBuffer);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::RecvNeedShmem(
+ const uint32_t& aFrameBufferSize, Shmem* aMem) {
+ ipc::Shmem mem;
+
+ if (!mVideoHost.SharedMemMgr()->MgrAllocShmem(GMPSharedMem::kGMPFrameData,
+ aFrameBufferSize, &mem)) {
+ GMP_LOG_ERROR("%s: Failed to get a shared mem buffer for Child! size %u",
+ __FUNCTION__, aFrameBufferSize);
+ return IPC_FAIL(this, "Failed to get a shared mem buffer for Child!");
+ }
+ *aMem = mem;
+ mem = ipc::Shmem();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoDecoderParent::Recv__delete__() {
+ GMP_LOG_DEBUG("GMPVideoDecoderParent[%p]::Recv__delete__()", this);
+
+ if (mPlugin) {
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mPlugin->VideoDecoderDestroyed(this);
+ mPlugin = nullptr;
+ }
+
+ return IPC_OK();
+}
+
+void GMPVideoDecoderParent::UnblockResetAndDrain() {
+ GMP_LOG_DEBUG(
+ "GMPVideoDecoderParent[%p]::UnblockResetAndDrain() "
+ "awaitingResetComplete=%d awaitingDrainComplete=%d",
+ this, mIsAwaitingResetComplete, mIsAwaitingDrainComplete);
+
+ if (!mCallback) {
+ MOZ_ASSERT(!mIsAwaitingResetComplete);
+ MOZ_ASSERT(!mIsAwaitingDrainComplete);
+ return;
+ }
+ if (mIsAwaitingResetComplete) {
+ mIsAwaitingResetComplete = false;
+ mCallback->ResetComplete();
+ }
+ if (mIsAwaitingDrainComplete) {
+ mIsAwaitingDrainComplete = false;
+ mCallback->DrainComplete();
+ }
+ CancelResetCompleteTimeout();
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPVideoDecoderParent.h b/dom/media/gmp/GMPVideoDecoderParent.h
new file mode 100644
index 0000000000..9265202a63
--- /dev/null
+++ b/dom/media/gmp/GMPVideoDecoderParent.h
@@ -0,0 +1,103 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoDecoderParent_h_
+#define GMPVideoDecoderParent_h_
+
+#include "mozilla/RefPtr.h"
+#include "gmp-video-decode.h"
+#include "mozilla/gmp/PGMPVideoDecoderParent.h"
+#include "GMPMessageUtils.h"
+#include "GMPSharedMemManager.h"
+#include "GMPUtils.h"
+#include "GMPVideoHost.h"
+#include "GMPVideoDecoderProxy.h"
+#include "VideoUtils.h"
+#include "GMPCrashHelperHolder.h"
+
+namespace mozilla::gmp {
+
+class GMPContentParent;
+
+class GMPVideoDecoderParent final : public PGMPVideoDecoderParent,
+ public GMPVideoDecoderProxy,
+ public GMPSharedMemManager,
+ public GMPCrashHelperHolder {
+ friend class PGMPVideoDecoderParent;
+
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPVideoDecoderParent.
+ NS_INLINE_DECL_REFCOUNTING(GMPVideoDecoderParent, final)
+
+ explicit GMPVideoDecoderParent(GMPContentParent* aPlugin);
+
+ GMPVideoHostImpl& Host();
+ nsresult Shutdown();
+
+ // GMPVideoDecoder
+ void Close() override;
+ nsresult InitDecode(const GMPVideoCodec& aCodecSettings,
+ const nsTArray<uint8_t>& aCodecSpecific,
+ GMPVideoDecoderCallbackProxy* aCallback,
+ int32_t aCoreCount) override;
+ nsresult Decode(GMPUniquePtr<GMPVideoEncodedFrame> aInputFrame,
+ bool aMissingFrames,
+ const nsTArray<uint8_t>& aCodecSpecificInfo,
+ int64_t aRenderTimeMs = -1) override;
+ nsresult Reset() override;
+ nsresult Drain() override;
+ uint32_t GetPluginId() const override { return mPluginId; }
+ GMPPluginType GetPluginType() const override { return mPluginType; }
+ nsCString GetDisplayName() const override;
+
+ // GMPSharedMemManager
+ bool Alloc(size_t aSize, Shmem* aMem) override {
+ return AllocShmem(aSize, aMem);
+ }
+ void Dealloc(Shmem&& aMem) override { DeallocShmem(aMem); }
+
+ private:
+ ~GMPVideoDecoderParent();
+
+ // PGMPVideoDecoderParent
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+ mozilla::ipc::IPCResult RecvDecoded(
+ const GMPVideoi420FrameData& aDecodedFrame) override;
+ mozilla::ipc::IPCResult RecvReceivedDecodedReferenceFrame(
+ const uint64_t& aPictureId) override;
+ mozilla::ipc::IPCResult RecvReceivedDecodedFrame(
+ const uint64_t& aPictureId) override;
+ mozilla::ipc::IPCResult RecvInputDataExhausted() override;
+ mozilla::ipc::IPCResult RecvDrainComplete() override;
+ mozilla::ipc::IPCResult RecvResetComplete() override;
+ mozilla::ipc::IPCResult RecvError(const GMPErr& aError) override;
+ mozilla::ipc::IPCResult RecvShutdown() override;
+ mozilla::ipc::IPCResult RecvParentShmemForPool(
+ Shmem&& aEncodedBuffer) override;
+ mozilla::ipc::IPCResult RecvNeedShmem(const uint32_t& aFrameBufferSize,
+ Shmem* aMem) override;
+ mozilla::ipc::IPCResult Recv__delete__() override;
+
+ void UnblockResetAndDrain();
+ void CancelResetCompleteTimeout();
+
+ bool mIsOpen;
+ bool mShuttingDown;
+ bool mActorDestroyed;
+ bool mIsAwaitingResetComplete;
+ bool mIsAwaitingDrainComplete;
+ RefPtr<GMPContentParent> mPlugin;
+ RefPtr<GMPVideoDecoderCallbackProxy> mCallback;
+ GMPVideoHostImpl mVideoHost;
+ const uint32_t mPluginId;
+ GMPPluginType mPluginType = GMPPluginType::Unknown;
+ int32_t mFrameCount;
+ RefPtr<SimpleTimer> mResetCompleteTimeout;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPVideoDecoderParent_h_
diff --git a/dom/media/gmp/GMPVideoDecoderProxy.h b/dom/media/gmp/GMPVideoDecoderProxy.h
new file mode 100644
index 0000000000..e12668755c
--- /dev/null
+++ b/dom/media/gmp/GMPVideoDecoderProxy.h
@@ -0,0 +1,57 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoDecoderProxy_h_
+#define GMPVideoDecoderProxy_h_
+
+#include "nsTArray.h"
+#include "gmp-video-decode.h"
+#include "gmp-video-frame-i420.h"
+#include "gmp-video-frame-encoded.h"
+
+#include "GMPCallbackBase.h"
+#include "GMPNativeTypes.h"
+#include "GMPUtils.h"
+
+class GMPVideoDecoderCallbackProxy : public GMPCallbackBase,
+ public GMPVideoDecoderCallback {
+ public:
+ virtual ~GMPVideoDecoderCallbackProxy() = default;
+};
+
+// A proxy to GMPVideoDecoder in the child process.
+// GMPVideoDecoderParent exposes this to users the GMP.
+// This enables Gecko to pass nsTArrays to the child GMP and avoid
+// an extra copy when doing so.
+
+// The consumer must call Close() when done with the codec, or when
+// Terminated() is called by the GMP plugin indicating an abnormal shutdown
+// of the underlying plugin. After calling Close(), the consumer must
+// not access this again.
+
+// This interface is not thread-safe and must only be used from GMPThread.
+class GMPVideoDecoderProxy {
+ public:
+ virtual nsresult InitDecode(const GMPVideoCodec& aCodecSettings,
+ const nsTArray<uint8_t>& aCodecSpecific,
+ GMPVideoDecoderCallbackProxy* aCallback,
+ int32_t aCoreCount) = 0;
+ virtual nsresult Decode(
+ mozilla::GMPUniquePtr<GMPVideoEncodedFrame> aInputFrame,
+ bool aMissingFrames, const nsTArray<uint8_t>& aCodecSpecificInfo,
+ int64_t aRenderTimeMs = -1) = 0;
+ virtual nsresult Reset() = 0;
+ virtual nsresult Drain() = 0;
+ virtual uint32_t GetPluginId() const = 0;
+ virtual GMPPluginType GetPluginType() const = 0;
+
+ // Call to tell GMP/plugin the consumer will no longer use this
+ // interface/codec.
+ virtual void Close() = 0;
+
+ virtual nsCString GetDisplayName() const = 0;
+};
+
+#endif
diff --git a/dom/media/gmp/GMPVideoEncodedFrameImpl.cpp b/dom/media/gmp/GMPVideoEncodedFrameImpl.cpp
new file mode 100644
index 0000000000..c0ed87df4d
--- /dev/null
+++ b/dom/media/gmp/GMPVideoEncodedFrameImpl.cpp
@@ -0,0 +1,226 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoEncodedFrameImpl.h"
+#include "GMPVideoHost.h"
+#include "mozilla/gmp/GMPTypes.h"
+#include "GMPSharedMemManager.h"
+
+namespace mozilla::gmp {
+
+GMPVideoEncodedFrameImpl::GMPVideoEncodedFrameImpl(GMPVideoHostImpl* aHost)
+ : mEncodedWidth(0),
+ mEncodedHeight(0),
+ mTimeStamp(0ll),
+ mDuration(0ll),
+ mFrameType(kGMPDeltaFrame),
+ mSize(0),
+ mCompleteFrame(false),
+ mHost(aHost),
+ mBufferType(GMP_BufferSingle) {
+ MOZ_ASSERT(aHost);
+ aHost->EncodedFrameCreated(this);
+}
+
+GMPVideoEncodedFrameImpl::GMPVideoEncodedFrameImpl(
+ const GMPVideoEncodedFrameData& aFrameData, GMPVideoHostImpl* aHost)
+ : mEncodedWidth(aFrameData.mEncodedWidth()),
+ mEncodedHeight(aFrameData.mEncodedHeight()),
+ mTimeStamp(aFrameData.mTimestamp()),
+ mDuration(aFrameData.mDuration()),
+ mFrameType(static_cast<GMPVideoFrameType>(aFrameData.mFrameType())),
+ mSize(aFrameData.mSize()),
+ mCompleteFrame(aFrameData.mCompleteFrame()),
+ mHost(aHost),
+ mBuffer(aFrameData.mBuffer()),
+ mBufferType(aFrameData.mBufferType()) {
+ MOZ_ASSERT(aHost);
+ aHost->EncodedFrameCreated(this);
+}
+
+GMPVideoEncodedFrameImpl::~GMPVideoEncodedFrameImpl() {
+ DestroyBuffer();
+ if (mHost) {
+ mHost->EncodedFrameDestroyed(this);
+ }
+}
+
+GMPVideoFrameFormat GMPVideoEncodedFrameImpl::GetFrameFormat() {
+ return kGMPEncodedVideoFrame;
+}
+
+void GMPVideoEncodedFrameImpl::DoneWithAPI() {
+ DestroyBuffer();
+
+ // Do this after destroying the buffer because destruction
+ // involves deallocation, which requires a host.
+ mHost = nullptr;
+}
+
+void GMPVideoEncodedFrameImpl::ActorDestroyed() {
+ // Simply clear out Shmem reference, do not attempt to
+ // properly free it. It has already been freed.
+ mBuffer = ipc::Shmem();
+ // No more host.
+ mHost = nullptr;
+}
+
+bool GMPVideoEncodedFrameImpl::RelinquishFrameData(
+ GMPVideoEncodedFrameData& aFrameData) {
+ aFrameData.mEncodedWidth() = mEncodedWidth;
+ aFrameData.mEncodedHeight() = mEncodedHeight;
+ aFrameData.mTimestamp() = mTimeStamp;
+ aFrameData.mDuration() = mDuration;
+ aFrameData.mFrameType() = mFrameType;
+ aFrameData.mSize() = mSize;
+ aFrameData.mCompleteFrame() = mCompleteFrame;
+ aFrameData.mBuffer() = mBuffer;
+ aFrameData.mBufferType() = mBufferType;
+
+ // This method is called right before Shmem is sent to another process.
+ // We need to effectively zero out our member copy so that we don't
+ // try to delete Shmem we don't own later.
+ mBuffer = ipc::Shmem();
+
+ return true;
+}
+
+void GMPVideoEncodedFrameImpl::DestroyBuffer() {
+ if (mHost && mBuffer.IsWritable()) {
+ mHost->SharedMemMgr()->MgrDeallocShmem(GMPSharedMem::kGMPEncodedData,
+ mBuffer);
+ }
+ mBuffer = ipc::Shmem();
+}
+
+GMPErr GMPVideoEncodedFrameImpl::CreateEmptyFrame(uint32_t aSize) {
+ if (aSize == 0) {
+ DestroyBuffer();
+ } else if (aSize > AllocatedSize()) {
+ DestroyBuffer();
+ if (!mHost->SharedMemMgr()->MgrAllocShmem(GMPSharedMem::kGMPEncodedData,
+ aSize, &mBuffer) ||
+ !Buffer()) {
+ return GMPAllocErr;
+ }
+ }
+ mSize = aSize;
+
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoEncodedFrameImpl::CopyFrame(const GMPVideoEncodedFrame& aFrame) {
+ auto& f = static_cast<const GMPVideoEncodedFrameImpl&>(aFrame);
+
+ if (f.mSize != 0) {
+ GMPErr err = CreateEmptyFrame(f.mSize);
+ if (err != GMPNoErr) {
+ return err;
+ }
+ memcpy(Buffer(), f.Buffer(), f.mSize);
+ }
+ mEncodedWidth = f.mEncodedWidth;
+ mEncodedHeight = f.mEncodedHeight;
+ mTimeStamp = f.mTimeStamp;
+ mDuration = f.mDuration;
+ mFrameType = f.mFrameType;
+ mSize = f.mSize; // already set...
+ mCompleteFrame = f.mCompleteFrame;
+ mBufferType = f.mBufferType;
+ // Don't copy host, that should have been set properly on object creation via
+ // host.
+
+ return GMPNoErr;
+}
+
+void GMPVideoEncodedFrameImpl::SetEncodedWidth(uint32_t aEncodedWidth) {
+ mEncodedWidth = aEncodedWidth;
+}
+
+uint32_t GMPVideoEncodedFrameImpl::EncodedWidth() { return mEncodedWidth; }
+
+void GMPVideoEncodedFrameImpl::SetEncodedHeight(uint32_t aEncodedHeight) {
+ mEncodedHeight = aEncodedHeight;
+}
+
+uint32_t GMPVideoEncodedFrameImpl::EncodedHeight() { return mEncodedHeight; }
+
+void GMPVideoEncodedFrameImpl::SetTimeStamp(uint64_t aTimeStamp) {
+ mTimeStamp = aTimeStamp;
+}
+
+uint64_t GMPVideoEncodedFrameImpl::TimeStamp() { return mTimeStamp; }
+
+void GMPVideoEncodedFrameImpl::SetDuration(uint64_t aDuration) {
+ mDuration = aDuration;
+}
+
+uint64_t GMPVideoEncodedFrameImpl::Duration() const { return mDuration; }
+
+void GMPVideoEncodedFrameImpl::SetFrameType(GMPVideoFrameType aFrameType) {
+ mFrameType = aFrameType;
+}
+
+GMPVideoFrameType GMPVideoEncodedFrameImpl::FrameType() { return mFrameType; }
+
+void GMPVideoEncodedFrameImpl::SetAllocatedSize(uint32_t aNewSize) {
+ if (aNewSize <= AllocatedSize()) {
+ return;
+ }
+
+ if (!mHost) {
+ return;
+ }
+
+ ipc::Shmem new_mem;
+ if (!mHost->SharedMemMgr()->MgrAllocShmem(GMPSharedMem::kGMPEncodedData,
+ aNewSize, &new_mem) ||
+ !new_mem.get<uint8_t>()) {
+ return;
+ }
+
+ if (mBuffer.IsReadable()) {
+ memcpy(new_mem.get<uint8_t>(), Buffer(), mSize);
+ }
+
+ DestroyBuffer();
+
+ mBuffer = new_mem;
+}
+
+uint32_t GMPVideoEncodedFrameImpl::AllocatedSize() {
+ if (mBuffer.IsWritable()) {
+ return mBuffer.Size<uint8_t>();
+ }
+ return 0;
+}
+
+void GMPVideoEncodedFrameImpl::SetSize(uint32_t aSize) { mSize = aSize; }
+
+uint32_t GMPVideoEncodedFrameImpl::Size() { return mSize; }
+
+void GMPVideoEncodedFrameImpl::SetCompleteFrame(bool aCompleteFrame) {
+ mCompleteFrame = aCompleteFrame;
+}
+
+bool GMPVideoEncodedFrameImpl::CompleteFrame() { return mCompleteFrame; }
+
+const uint8_t* GMPVideoEncodedFrameImpl::Buffer() const {
+ return mBuffer.get<uint8_t>();
+}
+
+uint8_t* GMPVideoEncodedFrameImpl::Buffer() { return mBuffer.get<uint8_t>(); }
+
+void GMPVideoEncodedFrameImpl::Destroy() { delete this; }
+
+GMPBufferType GMPVideoEncodedFrameImpl::BufferType() const {
+ return mBufferType;
+}
+
+void GMPVideoEncodedFrameImpl::SetBufferType(GMPBufferType aBufferType) {
+ mBufferType = aBufferType;
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPVideoEncodedFrameImpl.h b/dom/media/gmp/GMPVideoEncodedFrameImpl.h
new file mode 100644
index 0000000000..fbb5f92146
--- /dev/null
+++ b/dom/media/gmp/GMPVideoEncodedFrameImpl.h
@@ -0,0 +1,116 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2014, Mozilla Corporation
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials provided
+ * with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMPVideoEncodedFrameImpl_h_
+#define GMPVideoEncodedFrameImpl_h_
+
+#include "gmp-errors.h"
+#include "gmp-video-frame.h"
+#include "gmp-video-frame-encoded.h"
+#include "mozilla/ipc/Shmem.h"
+
+namespace mozilla {
+class CryptoSample;
+
+namespace gmp {
+
+class GMPVideoHostImpl;
+class GMPVideoEncodedFrameData;
+
+class GMPVideoEncodedFrameImpl : public GMPVideoEncodedFrame {
+ friend struct IPC::ParamTraits<mozilla::gmp::GMPVideoEncodedFrameImpl>;
+
+ public:
+ explicit GMPVideoEncodedFrameImpl(GMPVideoHostImpl* aHost);
+ GMPVideoEncodedFrameImpl(const GMPVideoEncodedFrameData& aFrameData,
+ GMPVideoHostImpl* aHost);
+ virtual ~GMPVideoEncodedFrameImpl();
+
+ // This is called during a normal destroy sequence, which is
+ // when a consumer is finished or during XPCOM shutdown.
+ void DoneWithAPI();
+ // Does not attempt to release Shmem, as the Shmem has already been released.
+ void ActorDestroyed();
+
+ bool RelinquishFrameData(GMPVideoEncodedFrameData& aFrameData);
+
+ // GMPVideoFrame
+ GMPVideoFrameFormat GetFrameFormat() override;
+ void Destroy() override;
+
+ // GMPVideoEncodedFrame
+ GMPErr CreateEmptyFrame(uint32_t aSize) override;
+ GMPErr CopyFrame(const GMPVideoEncodedFrame& aFrame) override;
+ void SetEncodedWidth(uint32_t aEncodedWidth) override;
+ uint32_t EncodedWidth() override;
+ void SetEncodedHeight(uint32_t aEncodedHeight) override;
+ uint32_t EncodedHeight() override;
+ // Microseconds
+ void SetTimeStamp(uint64_t aTimeStamp) override;
+ uint64_t TimeStamp() override;
+ // Set frame duration (microseconds)
+ // NOTE: next-frame's Timestamp() != this-frame's TimeStamp()+Duration()
+ // depending on rounding to avoid having to track roundoff errors
+ // and dropped/missing frames(!) (which may leave a large gap)
+ void SetDuration(uint64_t aDuration) override;
+ uint64_t Duration() const override;
+ void SetFrameType(GMPVideoFrameType aFrameType) override;
+ GMPVideoFrameType FrameType() override;
+ void SetAllocatedSize(uint32_t aNewSize) override;
+ uint32_t AllocatedSize() override;
+ void SetSize(uint32_t aSize) override;
+ uint32_t Size() override;
+ void SetCompleteFrame(bool aCompleteFrame) override;
+ bool CompleteFrame() override;
+ const uint8_t* Buffer() const override;
+ uint8_t* Buffer() override;
+ GMPBufferType BufferType() const override;
+ void SetBufferType(GMPBufferType aBufferType) override;
+
+ private:
+ void DestroyBuffer();
+
+ uint32_t mEncodedWidth;
+ uint32_t mEncodedHeight;
+ uint64_t mTimeStamp;
+ uint64_t mDuration;
+ GMPVideoFrameType mFrameType;
+ uint32_t mSize;
+ bool mCompleteFrame;
+ GMPVideoHostImpl* mHost;
+ ipc::Shmem mBuffer;
+ GMPBufferType mBufferType;
+};
+
+} // namespace gmp
+
+} // namespace mozilla
+
+#endif // GMPVideoEncodedFrameImpl_h_
diff --git a/dom/media/gmp/GMPVideoEncoderChild.cpp b/dom/media/gmp/GMPVideoEncoderChild.cpp
new file mode 100644
index 0000000000..19a96b5efe
--- /dev/null
+++ b/dom/media/gmp/GMPVideoEncoderChild.cpp
@@ -0,0 +1,203 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoEncoderChild.h"
+#include "GMPContentChild.h"
+#include <stdio.h>
+#include "mozilla/Unused.h"
+#include "GMPVideoEncodedFrameImpl.h"
+#include "GMPVideoi420FrameImpl.h"
+#include "runnable_utils.h"
+
+namespace mozilla::gmp {
+
+GMPVideoEncoderChild::GMPVideoEncoderChild(GMPContentChild* aPlugin)
+ : GMPSharedMemManager(aPlugin),
+ mPlugin(aPlugin),
+ mVideoEncoder(nullptr),
+ mVideoHost(this),
+ mNeedShmemIntrCount(0),
+ mPendingEncodeComplete(false) {
+ MOZ_ASSERT(mPlugin);
+}
+
+GMPVideoEncoderChild::~GMPVideoEncoderChild() {
+ MOZ_ASSERT(!mNeedShmemIntrCount);
+}
+
+void GMPVideoEncoderChild::Init(GMPVideoEncoder* aEncoder) {
+ MOZ_ASSERT(aEncoder,
+ "Cannot initialize video encoder child without a video encoder!");
+ mVideoEncoder = aEncoder;
+}
+
+GMPVideoHostImpl& GMPVideoEncoderChild::Host() { return mVideoHost; }
+
+void GMPVideoEncoderChild::Encoded(GMPVideoEncodedFrame* aEncodedFrame,
+ const uint8_t* aCodecSpecificInfo,
+ uint32_t aCodecSpecificInfoLength) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ auto ef = static_cast<GMPVideoEncodedFrameImpl*>(aEncodedFrame);
+
+ GMPVideoEncodedFrameData frameData;
+ ef->RelinquishFrameData(frameData);
+
+ nsTArray<uint8_t> codecSpecific;
+ codecSpecific.AppendElements(aCodecSpecificInfo, aCodecSpecificInfoLength);
+ SendEncoded(frameData, codecSpecific);
+
+ aEncodedFrame->Destroy();
+}
+
+void GMPVideoEncoderChild::Error(GMPErr aError) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ SendError(aError);
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderChild::RecvInitEncode(
+ const GMPVideoCodec& aCodecSettings, nsTArray<uint8_t>&& aCodecSpecific,
+ const int32_t& aNumberOfCores, const uint32_t& aMaxPayloadSize) {
+ if (!mVideoEncoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoEncoder->InitEncode(aCodecSettings, aCodecSpecific.Elements(),
+ aCodecSpecific.Length(), this, aNumberOfCores,
+ aMaxPayloadSize);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderChild::RecvEncode(
+ const GMPVideoi420FrameData& aInputFrame,
+ nsTArray<uint8_t>&& aCodecSpecificInfo,
+ nsTArray<GMPVideoFrameType>&& aFrameTypes) {
+ if (!mVideoEncoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ auto f = new GMPVideoi420FrameImpl(aInputFrame, &mVideoHost);
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoEncoder->Encode(f, aCodecSpecificInfo.Elements(),
+ aCodecSpecificInfo.Length(), aFrameTypes.Elements(),
+ aFrameTypes.Length());
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderChild::RecvChildShmemForPool(
+ Shmem&& aEncodedBuffer) {
+ if (aEncodedBuffer.IsWritable()) {
+ mVideoHost.SharedMemMgr()->MgrDeallocShmem(GMPSharedMem::kGMPEncodedData,
+ aEncodedBuffer);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderChild::RecvSetChannelParameters(
+ const uint32_t& aPacketLoss, const uint32_t& aRTT) {
+ if (!mVideoEncoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoEncoder->SetChannelParameters(aPacketLoss, aRTT);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderChild::RecvSetRates(
+ const uint32_t& aNewBitRate, const uint32_t& aFrameRate) {
+ if (!mVideoEncoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoEncoder->SetRates(aNewBitRate, aFrameRate);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderChild::RecvSetPeriodicKeyFrames(
+ const bool& aEnable) {
+ if (!mVideoEncoder) {
+ return IPC_FAIL(this, "!mVideoDecoder");
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoEncoder->SetPeriodicKeyFrames(aEnable);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderChild::RecvEncodingComplete() {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ if (mNeedShmemIntrCount) {
+ // There's a GMP blocked in Alloc() waiting for the CallNeedShem() to
+ // return a frame they can use. Don't call the GMP's EncodingComplete()
+ // now and don't delete the GMPVideoEncoderChild, defer processing the
+ // EncodingComplete() until once the Alloc() finishes.
+ mPendingEncodeComplete = true;
+ return IPC_OK();
+ }
+
+ if (!mVideoEncoder) {
+ // There is not much to clean up anymore.
+ Unused << Send__delete__(this);
+ return IPC_OK();
+ }
+
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mVideoEncoder->EncodingComplete();
+
+ mVideoHost.DoneWithAPI();
+
+ mPlugin = nullptr;
+
+ Unused << Send__delete__(this);
+
+ return IPC_OK();
+}
+
+bool GMPVideoEncoderChild::Alloc(size_t aSize, Shmem* aMem) {
+ MOZ_ASSERT(mPlugin->GMPMessageLoop() == MessageLoop::current());
+
+ bool rv;
+#ifndef SHMEM_ALLOC_IN_CHILD
+ ++mNeedShmemIntrCount;
+ rv = SendNeedShmem(aSize, aMem);
+ --mNeedShmemIntrCount;
+ if (mPendingEncodeComplete && mNeedShmemIntrCount == 0) {
+ mPendingEncodeComplete = false;
+ mPlugin->GMPMessageLoop()->PostTask(
+ NewRunnableMethod("gmp::GMPVideoEncoderChild::RecvEncodingComplete",
+ this, &GMPVideoEncoderChild::RecvEncodingComplete));
+ }
+#else
+ rv = AllocShmem(aSize, aMem);
+#endif
+ return rv;
+}
+
+void GMPVideoEncoderChild::Dealloc(Shmem&& aMem) {
+#ifndef SHMEM_ALLOC_IN_CHILD
+ SendParentShmemForPool(std::move(aMem));
+#else
+ DeallocShmem(aMem);
+#endif
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPVideoEncoderChild.h b/dom/media/gmp/GMPVideoEncoderChild.h
new file mode 100644
index 0000000000..dd3c0fdf37
--- /dev/null
+++ b/dom/media/gmp/GMPVideoEncoderChild.h
@@ -0,0 +1,75 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoEncoderChild_h_
+#define GMPVideoEncoderChild_h_
+
+#include "nsString.h"
+#include "mozilla/gmp/PGMPVideoEncoderChild.h"
+#include "gmp-video-encode.h"
+#include "GMPSharedMemManager.h"
+#include "GMPVideoHost.h"
+
+namespace mozilla::gmp {
+
+class GMPContentChild;
+
+class GMPVideoEncoderChild : public PGMPVideoEncoderChild,
+ public GMPVideoEncoderCallback,
+ public GMPSharedMemManager {
+ friend class PGMPVideoEncoderChild;
+
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPVideoEncoderChild.
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(GMPVideoEncoderChild, final);
+
+ explicit GMPVideoEncoderChild(GMPContentChild* aPlugin);
+
+ void Init(GMPVideoEncoder* aEncoder);
+ GMPVideoHostImpl& Host();
+
+ // GMPVideoEncoderCallback
+ void Encoded(GMPVideoEncodedFrame* aEncodedFrame,
+ const uint8_t* aCodecSpecificInfo,
+ uint32_t aCodecSpecificInfoLength) override;
+ void Error(GMPErr aError) override;
+
+ // GMPSharedMemManager
+ bool Alloc(size_t aSize, Shmem* aMem) override;
+ void Dealloc(Shmem&& aMem) override;
+
+ private:
+ virtual ~GMPVideoEncoderChild();
+
+ // PGMPVideoEncoderChild
+ mozilla::ipc::IPCResult RecvInitEncode(const GMPVideoCodec& aCodecSettings,
+ nsTArray<uint8_t>&& aCodecSpecific,
+ const int32_t& aNumberOfCores,
+ const uint32_t& aMaxPayloadSize);
+ mozilla::ipc::IPCResult RecvEncode(const GMPVideoi420FrameData& aInputFrame,
+ nsTArray<uint8_t>&& aCodecSpecificInfo,
+ nsTArray<GMPVideoFrameType>&& aFrameTypes);
+ mozilla::ipc::IPCResult RecvChildShmemForPool(Shmem&& aEncodedBuffer);
+ mozilla::ipc::IPCResult RecvSetChannelParameters(const uint32_t& aPacketLoss,
+ const uint32_t& aRTT);
+ mozilla::ipc::IPCResult RecvSetRates(const uint32_t& aNewBitRate,
+ const uint32_t& aFrameRate);
+ mozilla::ipc::IPCResult RecvSetPeriodicKeyFrames(const bool& aEnable);
+ mozilla::ipc::IPCResult RecvEncodingComplete();
+
+ GMPContentChild* mPlugin;
+ GMPVideoEncoder* mVideoEncoder;
+ GMPVideoHostImpl mVideoHost;
+
+ // Non-zero when a GMP is blocked spinning the IPC message loop while
+ // waiting on an NeedShmem to complete.
+ int mNeedShmemIntrCount;
+ bool mPendingEncodeComplete;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPVideoEncoderChild_h_
diff --git a/dom/media/gmp/GMPVideoEncoderParent.cpp b/dom/media/gmp/GMPVideoEncoderParent.cpp
new file mode 100644
index 0000000000..21c86ff9ab
--- /dev/null
+++ b/dom/media/gmp/GMPVideoEncoderParent.cpp
@@ -0,0 +1,307 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoEncoderParent.h"
+
+#include "GMPContentParent.h"
+#include "GMPCrashHelper.h"
+#include "GMPLog.h"
+#include "GMPMessageUtils.h"
+#include "GMPVideoEncodedFrameImpl.h"
+#include "GMPVideoi420FrameImpl.h"
+#include "mozilla/gmp/GMPTypes.h"
+#include "mozilla/Unused.h"
+#include "nsAutoRef.h"
+#include "nsThread.h"
+#include "nsThreadUtils.h"
+#include "runnable_utils.h"
+
+namespace mozilla::gmp {
+
+#ifdef __CLASS__
+# undef __CLASS__
+#endif
+#define __CLASS__ "GMPVideoEncoderParent"
+
+// States:
+// Initial: mIsOpen == false
+// on InitDecode success -> Open
+// on Shutdown -> Dead
+// Open: mIsOpen == true
+// on Close -> Dead
+// on ActorDestroy -> Dead
+// on Shutdown -> Dead
+// Dead: mIsOpen == false
+
+GMPVideoEncoderParent::GMPVideoEncoderParent(GMPContentParent* aPlugin)
+ : GMPSharedMemManager(aPlugin),
+ mIsOpen(false),
+ mShuttingDown(false),
+ mActorDestroyed(false),
+ mPlugin(aPlugin),
+ mCallback(nullptr),
+ mVideoHost(this),
+ mPluginId(aPlugin->GetPluginId()) {
+ MOZ_ASSERT(mPlugin);
+}
+
+GMPVideoHostImpl& GMPVideoEncoderParent::Host() { return mVideoHost; }
+
+// Note: may be called via Terminated()
+void GMPVideoEncoderParent::Close() {
+ GMP_LOG_DEBUG("%s::%s: %p", __CLASS__, __FUNCTION__, this);
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+ // Consumer is done with us; we can shut down. No more callbacks should
+ // be made to mCallback. Note: do this before Shutdown()!
+ mCallback = nullptr;
+
+ // Let Shutdown mark us as dead so it knows if we had been alive
+
+ // In case this is the last reference
+ RefPtr<GMPVideoEncoderParent> kungfudeathgrip(this);
+ Release();
+ Shutdown();
+}
+
+GMPErr GMPVideoEncoderParent::InitEncode(
+ const GMPVideoCodec& aCodecSettings,
+ const nsTArray<uint8_t>& aCodecSpecific,
+ GMPVideoEncoderCallbackProxy* aCallback, int32_t aNumberOfCores,
+ uint32_t aMaxPayloadSize) {
+ GMP_LOG_DEBUG("%s::%s: %p", __CLASS__, __FUNCTION__, this);
+ if (mIsOpen) {
+ NS_WARNING("Trying to re-init an in-use GMP video encoder!");
+ return GMPGenericErr;
+ ;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+ MOZ_ASSERT(!mCallback);
+
+ if (!aCallback) {
+ return GMPGenericErr;
+ }
+ mCallback = aCallback;
+
+ if (!SendInitEncode(aCodecSettings, aCodecSpecific, aNumberOfCores,
+ aMaxPayloadSize)) {
+ return GMPGenericErr;
+ }
+ mIsOpen = true;
+
+ // Async IPC, we don't have access to a return value.
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoEncoderParent::Encode(
+ GMPUniquePtr<GMPVideoi420Frame> aInputFrame,
+ const nsTArray<uint8_t>& aCodecSpecificInfo,
+ const nsTArray<GMPVideoFrameType>& aFrameTypes) {
+ if (!mIsOpen) {
+ NS_WARNING("Trying to use an dead GMP video encoder");
+ return GMPGenericErr;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ GMPUniquePtr<GMPVideoi420FrameImpl> inputFrameImpl(
+ static_cast<GMPVideoi420FrameImpl*>(aInputFrame.release()));
+
+ // Very rough kill-switch if the plugin stops processing. If it's merely
+ // hung and continues, we'll come back to life eventually.
+ // 3* is because we're using 3 buffers per frame for i420 data for now.
+ if ((NumInUse(GMPSharedMem::kGMPFrameData) >
+ 3 * GMPSharedMem::kGMPBufLimit) ||
+ (NumInUse(GMPSharedMem::kGMPEncodedData) > GMPSharedMem::kGMPBufLimit)) {
+ GMP_LOG_ERROR(
+ "%s::%s: Out of mem buffers. Frame Buffers:%lu Max:%lu, Encoded "
+ "Buffers: %lu Max: %lu",
+ __CLASS__, __FUNCTION__,
+ static_cast<unsigned long>(NumInUse(GMPSharedMem::kGMPFrameData)),
+ static_cast<unsigned long>(3 * GMPSharedMem::kGMPBufLimit),
+ static_cast<unsigned long>(NumInUse(GMPSharedMem::kGMPEncodedData)),
+ static_cast<unsigned long>(GMPSharedMem::kGMPBufLimit));
+ return GMPGenericErr;
+ }
+
+ GMPVideoi420FrameData frameData;
+ inputFrameImpl->InitFrameData(frameData);
+
+ if (!SendEncode(frameData, aCodecSpecificInfo, aFrameTypes)) {
+ GMP_LOG_ERROR("%s::%s: failed to send encode", __CLASS__, __FUNCTION__);
+ return GMPGenericErr;
+ }
+
+ // Async IPC, we don't have access to a return value.
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoEncoderParent::SetChannelParameters(uint32_t aPacketLoss,
+ uint32_t aRTT) {
+ if (!mIsOpen) {
+ NS_WARNING("Trying to use an invalid GMP video encoder!");
+ return GMPGenericErr;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (!SendSetChannelParameters(aPacketLoss, aRTT)) {
+ return GMPGenericErr;
+ }
+
+ // Async IPC, we don't have access to a return value.
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoEncoderParent::SetRates(uint32_t aNewBitRate,
+ uint32_t aFrameRate) {
+ if (!mIsOpen) {
+ NS_WARNING("Trying to use an dead GMP video decoder");
+ return GMPGenericErr;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (!SendSetRates(aNewBitRate, aFrameRate)) {
+ return GMPGenericErr;
+ }
+
+ // Async IPC, we don't have access to a return value.
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoEncoderParent::SetPeriodicKeyFrames(bool aEnable) {
+ if (!mIsOpen) {
+ NS_WARNING("Trying to use an invalid GMP video encoder!");
+ return GMPGenericErr;
+ }
+
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (!SendSetPeriodicKeyFrames(aEnable)) {
+ return GMPGenericErr;
+ }
+
+ // Async IPC, we don't have access to a return value.
+ return GMPNoErr;
+}
+
+// Note: Consider keeping ActorDestroy sync'd up when making changes here.
+void GMPVideoEncoderParent::Shutdown() {
+ GMP_LOG_DEBUG("%s::%s: %p", __CLASS__, __FUNCTION__, this);
+ MOZ_ASSERT(mPlugin->GMPEventTarget()->IsOnCurrentThread());
+
+ if (mShuttingDown) {
+ return;
+ }
+ mShuttingDown = true;
+
+ // Notify client we're gone! Won't occur after Close()
+ if (mCallback) {
+ mCallback->Terminated();
+ mCallback = nullptr;
+ }
+
+ mIsOpen = false;
+ if (!mActorDestroyed) {
+ Unused << SendEncodingComplete();
+ }
+}
+
+// Note: Keep this sync'd up with Shutdown
+void GMPVideoEncoderParent::ActorDestroy(ActorDestroyReason aWhy) {
+ GMP_LOG_DEBUG("%s::%s: %p (%d)", __CLASS__, __FUNCTION__, this, (int)aWhy);
+ mIsOpen = false;
+ mActorDestroyed = true;
+ if (mCallback) {
+ // May call Close() (and Shutdown()) immediately or with a delay
+ mCallback->Terminated();
+ mCallback = nullptr;
+ }
+ if (mPlugin) {
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mPlugin->VideoEncoderDestroyed(this);
+ mPlugin = nullptr;
+ }
+ mVideoHost.ActorDestroyed(); // same as DoneWithAPI
+ MaybeDisconnect(aWhy == AbnormalShutdown);
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderParent::RecvEncoded(
+ const GMPVideoEncodedFrameData& aEncodedFrame,
+ nsTArray<uint8_t>&& aCodecSpecificInfo) {
+ if (mCallback) {
+ auto f = new GMPVideoEncodedFrameImpl(aEncodedFrame, &mVideoHost);
+ mCallback->Encoded(f, aCodecSpecificInfo);
+ f->Destroy();
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderParent::RecvError(const GMPErr& aError) {
+ if (mCallback) {
+ mCallback->Error(aError);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderParent::RecvShutdown() {
+ Shutdown();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderParent::RecvParentShmemForPool(
+ Shmem&& aFrameBuffer) {
+ if (aFrameBuffer.IsWritable()) {
+ // This test may be paranoia now that we don't shut down the VideoHost
+ // in ::Shutdown, but doesn't hurt
+ if (mVideoHost.SharedMemMgr()) {
+ mVideoHost.SharedMemMgr()->MgrDeallocShmem(GMPSharedMem::kGMPFrameData,
+ aFrameBuffer);
+ } else {
+ GMP_LOG_DEBUG(
+ "%s::%s: %p Called in shutdown, ignoring and freeing directly",
+ __CLASS__, __FUNCTION__, this);
+ DeallocShmem(aFrameBuffer);
+ }
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderParent::RecvNeedShmem(
+ const uint32_t& aEncodedBufferSize, Shmem* aMem) {
+ ipc::Shmem mem;
+
+ // This test may be paranoia now that we don't shut down the VideoHost
+ // in ::Shutdown, but doesn't hurt
+ if (!mVideoHost.SharedMemMgr() ||
+ !mVideoHost.SharedMemMgr()->MgrAllocShmem(GMPSharedMem::kGMPEncodedData,
+ aEncodedBufferSize, &mem)) {
+ GMP_LOG_ERROR(
+ "%s::%s: Failed to get a shared mem buffer for Child! size %u",
+ __CLASS__, __FUNCTION__, aEncodedBufferSize);
+ return IPC_FAIL(this, "Failed to get a shared mem buffer for Child!");
+ }
+ *aMem = mem;
+ mem = ipc::Shmem();
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult GMPVideoEncoderParent::Recv__delete__() {
+ if (mPlugin) {
+ // Ignore any return code. It is OK for this to fail without killing the
+ // process.
+ mPlugin->VideoEncoderDestroyed(this);
+ mPlugin = nullptr;
+ }
+
+ return IPC_OK();
+}
+
+} // namespace mozilla::gmp
+
+#undef __CLASS__
diff --git a/dom/media/gmp/GMPVideoEncoderParent.h b/dom/media/gmp/GMPVideoEncoderParent.h
new file mode 100644
index 0000000000..c5c81194ec
--- /dev/null
+++ b/dom/media/gmp/GMPVideoEncoderParent.h
@@ -0,0 +1,85 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoEncoderParent_h_
+#define GMPVideoEncoderParent_h_
+
+#include "mozilla/RefPtr.h"
+#include "gmp-video-encode.h"
+#include "mozilla/gmp/PGMPVideoEncoderParent.h"
+#include "GMPMessageUtils.h"
+#include "GMPSharedMemManager.h"
+#include "GMPUtils.h"
+#include "GMPVideoHost.h"
+#include "GMPVideoEncoderProxy.h"
+#include "GMPCrashHelperHolder.h"
+
+namespace mozilla::gmp {
+
+class GMPContentParent;
+
+class GMPVideoEncoderParent : public GMPVideoEncoderProxy,
+ public PGMPVideoEncoderParent,
+ public GMPSharedMemManager,
+ public GMPCrashHelperHolder {
+ friend class PGMPVideoEncoderParent;
+
+ public:
+ // Mark AddRef and Release as `final`, as they overload pure virtual
+ // implementations in PGMPVideoEncoderParent.
+ NS_INLINE_DECL_REFCOUNTING(GMPVideoEncoderParent, final)
+
+ explicit GMPVideoEncoderParent(GMPContentParent* aPlugin);
+
+ GMPVideoHostImpl& Host();
+ void Shutdown();
+
+ // GMPVideoEncoderProxy
+ void Close() override;
+ GMPErr InitEncode(const GMPVideoCodec& aCodecSettings,
+ const nsTArray<uint8_t>& aCodecSpecific,
+ GMPVideoEncoderCallbackProxy* aCallback,
+ int32_t aNumberOfCores, uint32_t aMaxPayloadSize) override;
+ GMPErr Encode(GMPUniquePtr<GMPVideoi420Frame> aInputFrame,
+ const nsTArray<uint8_t>& aCodecSpecificInfo,
+ const nsTArray<GMPVideoFrameType>& aFrameTypes) override;
+ GMPErr SetChannelParameters(uint32_t aPacketLoss, uint32_t aRTT) override;
+ GMPErr SetRates(uint32_t aNewBitRate, uint32_t aFrameRate) override;
+ GMPErr SetPeriodicKeyFrames(bool aEnable) override;
+ uint32_t GetPluginId() const override { return mPluginId; }
+
+ // GMPSharedMemManager
+ bool Alloc(size_t aSize, Shmem* aMem) override {
+ return AllocShmem(aSize, aMem);
+ }
+ void Dealloc(Shmem&& aMem) override { DeallocShmem(aMem); }
+
+ private:
+ virtual ~GMPVideoEncoderParent() = default;
+
+ // PGMPVideoEncoderParent
+ void ActorDestroy(ActorDestroyReason aWhy) override;
+ mozilla::ipc::IPCResult RecvEncoded(
+ const GMPVideoEncodedFrameData& aEncodedFrame,
+ nsTArray<uint8_t>&& aCodecSpecificInfo) override;
+ mozilla::ipc::IPCResult RecvError(const GMPErr& aError) override;
+ mozilla::ipc::IPCResult RecvShutdown() override;
+ mozilla::ipc::IPCResult RecvParentShmemForPool(Shmem&& aFrameBuffer) override;
+ mozilla::ipc::IPCResult RecvNeedShmem(const uint32_t& aEncodedBufferSize,
+ Shmem* aMem) override;
+ mozilla::ipc::IPCResult Recv__delete__() override;
+
+ bool mIsOpen;
+ bool mShuttingDown;
+ bool mActorDestroyed;
+ RefPtr<GMPContentParent> mPlugin;
+ RefPtr<GMPVideoEncoderCallbackProxy> mCallback;
+ GMPVideoHostImpl mVideoHost;
+ const uint32_t mPluginId;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPVideoEncoderParent_h_
diff --git a/dom/media/gmp/GMPVideoEncoderProxy.h b/dom/media/gmp/GMPVideoEncoderProxy.h
new file mode 100644
index 0000000000..ad638ebb3a
--- /dev/null
+++ b/dom/media/gmp/GMPVideoEncoderProxy.h
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoEncoderProxy_h_
+#define GMPVideoEncoderProxy_h_
+
+#include "nsTArray.h"
+#include "gmp-video-encode.h"
+#include "gmp-video-frame-i420.h"
+#include "gmp-video-frame-encoded.h"
+
+#include "GMPCallbackBase.h"
+#include "GMPUtils.h"
+
+class GMPVideoEncoderCallbackProxy : public GMPCallbackBase {
+ public:
+ virtual ~GMPVideoEncoderCallbackProxy() = default;
+ virtual void Encoded(GMPVideoEncodedFrame* aEncodedFrame,
+ const nsTArray<uint8_t>& aCodecSpecificInfo) = 0;
+ virtual void Error(GMPErr aError) = 0;
+};
+
+// A proxy to GMPVideoEncoder in the child process.
+// GMPVideoEncoderParent exposes this to users the GMP.
+// This enables Gecko to pass nsTArrays to the child GMP and avoid
+// an extra copy when doing so.
+
+// The consumer must call Close() when done with the codec, or when
+// Terminated() is called by the GMP plugin indicating an abnormal shutdown
+// of the underlying plugin. After calling Close(), the consumer must
+// not access this again.
+
+// This interface is not thread-safe and must only be used from GMPThread.
+class GMPVideoEncoderProxy {
+ public:
+ virtual GMPErr InitEncode(const GMPVideoCodec& aCodecSettings,
+ const nsTArray<uint8_t>& aCodecSpecific,
+ GMPVideoEncoderCallbackProxy* aCallback,
+ int32_t aNumberOfCores,
+ uint32_t aMaxPayloadSize) = 0;
+ virtual GMPErr Encode(mozilla::GMPUniquePtr<GMPVideoi420Frame> aInputFrame,
+ const nsTArray<uint8_t>& aCodecSpecificInfo,
+ const nsTArray<GMPVideoFrameType>& aFrameTypes) = 0;
+ virtual GMPErr SetChannelParameters(uint32_t aPacketLoss, uint32_t aRTT) = 0;
+ virtual GMPErr SetRates(uint32_t aNewBitRate, uint32_t aFrameRate) = 0;
+ virtual GMPErr SetPeriodicKeyFrames(bool aEnable) = 0;
+ virtual uint32_t GetPluginId() const = 0;
+
+ // Call to tell GMP/plugin the consumer will no longer use this
+ // interface/codec.
+ virtual void Close() = 0;
+};
+
+#endif // GMPVideoEncoderProxy_h_
diff --git a/dom/media/gmp/GMPVideoHost.cpp b/dom/media/gmp/GMPVideoHost.cpp
new file mode 100644
index 0000000000..7ed6c5abc2
--- /dev/null
+++ b/dom/media/gmp/GMPVideoHost.cpp
@@ -0,0 +1,94 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoHost.h"
+#include "mozilla/Assertions.h"
+#include "GMPVideoi420FrameImpl.h"
+#include "GMPVideoEncodedFrameImpl.h"
+
+namespace mozilla::gmp {
+
+GMPVideoHostImpl::GMPVideoHostImpl(GMPSharedMemManager* aSharedMemMgr)
+ : mSharedMemMgr(aSharedMemMgr) {}
+
+GMPVideoHostImpl::~GMPVideoHostImpl() = default;
+
+GMPErr GMPVideoHostImpl::CreateFrame(GMPVideoFrameFormat aFormat,
+ GMPVideoFrame** aFrame) {
+ if (!mSharedMemMgr) {
+ return GMPGenericErr;
+ }
+
+ if (!aFrame) {
+ return GMPGenericErr;
+ }
+ *aFrame = nullptr;
+
+ switch (aFormat) {
+ case kGMPI420VideoFrame:
+ *aFrame = new GMPVideoi420FrameImpl(this);
+ return GMPNoErr;
+ case kGMPEncodedVideoFrame:
+ *aFrame = new GMPVideoEncodedFrameImpl(this);
+ return GMPNoErr;
+ default:
+ MOZ_ASSERT_UNREACHABLE("Unknown frame format!");
+ }
+
+ return GMPGenericErr;
+}
+
+GMPErr GMPVideoHostImpl::CreatePlane(GMPPlane** aPlane) {
+ if (!mSharedMemMgr) {
+ return GMPGenericErr;
+ }
+
+ if (!aPlane) {
+ return GMPGenericErr;
+ }
+ *aPlane = nullptr;
+
+ auto p = new GMPPlaneImpl(this);
+
+ *aPlane = p;
+
+ return GMPNoErr;
+}
+
+GMPSharedMemManager* GMPVideoHostImpl::SharedMemMgr() { return mSharedMemMgr; }
+
+// XXX This should merge with ActorDestroyed
+void GMPVideoHostImpl::DoneWithAPI() { ActorDestroyed(); }
+
+void GMPVideoHostImpl::ActorDestroyed() {
+ for (uint32_t i = mPlanes.Length(); i > 0; i--) {
+ mPlanes[i - 1]->DoneWithAPI();
+ mPlanes.RemoveElementAt(i - 1);
+ }
+ for (uint32_t i = mEncodedFrames.Length(); i > 0; i--) {
+ mEncodedFrames[i - 1]->DoneWithAPI();
+ mEncodedFrames.RemoveElementAt(i - 1);
+ }
+ mSharedMemMgr = nullptr;
+}
+
+void GMPVideoHostImpl::PlaneCreated(GMPPlaneImpl* aPlane) {
+ mPlanes.AppendElement(aPlane);
+}
+
+void GMPVideoHostImpl::PlaneDestroyed(GMPPlaneImpl* aPlane) {
+ MOZ_ALWAYS_TRUE(mPlanes.RemoveElement(aPlane));
+}
+
+void GMPVideoHostImpl::EncodedFrameCreated(
+ GMPVideoEncodedFrameImpl* aEncodedFrame) {
+ mEncodedFrames.AppendElement(aEncodedFrame);
+}
+
+void GMPVideoHostImpl::EncodedFrameDestroyed(GMPVideoEncodedFrameImpl* aFrame) {
+ MOZ_ALWAYS_TRUE(mEncodedFrames.RemoveElement(aFrame));
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPVideoHost.h b/dom/media/gmp/GMPVideoHost.h
new file mode 100644
index 0000000000..8b75ff28fe
--- /dev/null
+++ b/dom/media/gmp/GMPVideoHost.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoHost_h_
+#define GMPVideoHost_h_
+
+#include "gmp-video-host.h"
+#include "gmp-video-plane.h"
+#include "gmp-video-frame.h"
+#include "nsTArray.h"
+
+namespace mozilla::gmp {
+
+class GMPSharedMemManager;
+class GMPPlaneImpl;
+class GMPVideoEncodedFrameImpl;
+
+class GMPVideoHostImpl : public GMPVideoHost {
+ public:
+ explicit GMPVideoHostImpl(GMPSharedMemManager* aSharedMemMgr);
+ virtual ~GMPVideoHostImpl();
+
+ // Used for shared memory allocation and deallocation.
+ GMPSharedMemManager* SharedMemMgr();
+ void DoneWithAPI();
+ void ActorDestroyed();
+ void PlaneCreated(GMPPlaneImpl* aPlane);
+ void PlaneDestroyed(GMPPlaneImpl* aPlane);
+ void EncodedFrameCreated(GMPVideoEncodedFrameImpl* aEncodedFrame);
+ void EncodedFrameDestroyed(GMPVideoEncodedFrameImpl* aFrame);
+
+ // GMPVideoHost
+ GMPErr CreateFrame(GMPVideoFrameFormat aFormat,
+ GMPVideoFrame** aFrame) override;
+ GMPErr CreatePlane(GMPPlane** aPlane) override;
+
+ private:
+ // All shared memory allocations have to be made by an IPDL actor.
+ // This is a reference to the owning actor. If this reference is
+ // null then the actor has died and all allocations must fail.
+ GMPSharedMemManager* mSharedMemMgr;
+
+ // We track all of these things because they need to handle further
+ // allocations through us and we need to notify them when they
+ // can't use us any more.
+ nsTArray<GMPPlaneImpl*> mPlanes;
+ nsTArray<GMPVideoEncodedFrameImpl*> mEncodedFrames;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPVideoHost_h_
diff --git a/dom/media/gmp/GMPVideoPlaneImpl.cpp b/dom/media/gmp/GMPVideoPlaneImpl.cpp
new file mode 100644
index 0000000000..6c24b5b4a6
--- /dev/null
+++ b/dom/media/gmp/GMPVideoPlaneImpl.cpp
@@ -0,0 +1,179 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoPlaneImpl.h"
+#include "mozilla/gmp/GMPTypes.h"
+#include "GMPVideoHost.h"
+#include "GMPSharedMemManager.h"
+
+namespace mozilla::gmp {
+
+GMPPlaneImpl::GMPPlaneImpl(GMPVideoHostImpl* aHost)
+ : mSize(0), mStride(0), mHost(aHost) {
+ MOZ_ASSERT(mHost);
+ mHost->PlaneCreated(this);
+}
+
+GMPPlaneImpl::GMPPlaneImpl(const GMPPlaneData& aPlaneData,
+ GMPVideoHostImpl* aHost)
+ : mBuffer(aPlaneData.mBuffer()),
+ mSize(aPlaneData.mSize()),
+ mStride(aPlaneData.mStride()),
+ mHost(aHost) {
+ MOZ_ASSERT(mHost);
+ mHost->PlaneCreated(this);
+}
+
+GMPPlaneImpl::~GMPPlaneImpl() {
+ DestroyBuffer();
+ if (mHost) {
+ mHost->PlaneDestroyed(this);
+ }
+}
+
+void GMPPlaneImpl::DoneWithAPI() {
+ DestroyBuffer();
+
+ // Do this after destroying the buffer because destruction
+ // involves deallocation, which requires a host.
+ mHost = nullptr;
+}
+
+void GMPPlaneImpl::ActorDestroyed() {
+ // Simply clear out Shmem reference, do not attempt to
+ // properly free it. It has already been freed.
+ mBuffer = ipc::Shmem();
+ // No more host.
+ mHost = nullptr;
+}
+
+bool GMPPlaneImpl::InitPlaneData(GMPPlaneData& aPlaneData) {
+ aPlaneData.mBuffer() = mBuffer;
+ aPlaneData.mSize() = mSize;
+ aPlaneData.mStride() = mStride;
+
+ // This method is called right before Shmem is sent to another process.
+ // We need to effectively zero out our member copy so that we don't
+ // try to delete memory we don't own later.
+ mBuffer = ipc::Shmem();
+
+ return true;
+}
+
+GMPErr GMPPlaneImpl::MaybeResize(int32_t aNewSize) {
+ if (aNewSize <= AllocatedSize()) {
+ return GMPNoErr;
+ }
+
+ if (!mHost) {
+ return GMPGenericErr;
+ }
+
+ ipc::Shmem new_mem;
+ if (!mHost->SharedMemMgr()->MgrAllocShmem(GMPSharedMem::kGMPFrameData,
+ aNewSize, &new_mem) ||
+ !new_mem.get<uint8_t>()) {
+ return GMPAllocErr;
+ }
+
+ if (mBuffer.IsReadable()) {
+ memcpy(new_mem.get<uint8_t>(), Buffer(), mSize);
+ }
+
+ DestroyBuffer();
+
+ mBuffer = new_mem;
+
+ return GMPNoErr;
+}
+
+void GMPPlaneImpl::DestroyBuffer() {
+ if (mHost && mBuffer.IsWritable()) {
+ mHost->SharedMemMgr()->MgrDeallocShmem(GMPSharedMem::kGMPFrameData,
+ mBuffer);
+ }
+ mBuffer = ipc::Shmem();
+}
+
+GMPErr GMPPlaneImpl::CreateEmptyPlane(int32_t aAllocatedSize, int32_t aStride,
+ int32_t aPlaneSize) {
+ if (aAllocatedSize < 1 || aStride < 1 || aPlaneSize < 1) {
+ return GMPGenericErr;
+ }
+
+ GMPErr err = MaybeResize(aAllocatedSize);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ mSize = aPlaneSize;
+ mStride = aStride;
+
+ return GMPNoErr;
+}
+
+GMPErr GMPPlaneImpl::Copy(const GMPPlane& aPlane) {
+ auto& planeimpl = static_cast<const GMPPlaneImpl&>(aPlane);
+
+ GMPErr err = MaybeResize(planeimpl.mSize);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ if (planeimpl.Buffer() && planeimpl.mSize > 0) {
+ memcpy(Buffer(), planeimpl.Buffer(), mSize);
+ }
+
+ mSize = planeimpl.mSize;
+ mStride = planeimpl.mStride;
+
+ return GMPNoErr;
+}
+
+GMPErr GMPPlaneImpl::Copy(int32_t aSize, int32_t aStride,
+ const uint8_t* aBuffer) {
+ GMPErr err = MaybeResize(aSize);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ if (aBuffer && aSize > 0) {
+ memcpy(Buffer(), aBuffer, aSize);
+ }
+
+ mSize = aSize;
+ mStride = aStride;
+
+ return GMPNoErr;
+}
+
+void GMPPlaneImpl::Swap(GMPPlane& aPlane) {
+ auto& planeimpl = static_cast<GMPPlaneImpl&>(aPlane);
+
+ std::swap(mStride, planeimpl.mStride);
+ std::swap(mSize, planeimpl.mSize);
+ std::swap(mBuffer, planeimpl.mBuffer);
+}
+
+int32_t GMPPlaneImpl::AllocatedSize() const {
+ if (mBuffer.IsWritable()) {
+ return mBuffer.Size<uint8_t>();
+ }
+ return 0;
+}
+
+void GMPPlaneImpl::ResetSize() { mSize = 0; }
+
+bool GMPPlaneImpl::IsZeroSize() const { return (mSize == 0); }
+
+int32_t GMPPlaneImpl::Stride() const { return mStride; }
+
+const uint8_t* GMPPlaneImpl::Buffer() const { return mBuffer.get<uint8_t>(); }
+
+uint8_t* GMPPlaneImpl::Buffer() { return mBuffer.get<uint8_t>(); }
+
+void GMPPlaneImpl::Destroy() { delete this; }
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPVideoPlaneImpl.h b/dom/media/gmp/GMPVideoPlaneImpl.h
new file mode 100644
index 0000000000..d0c1de1cd3
--- /dev/null
+++ b/dom/media/gmp/GMPVideoPlaneImpl.h
@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoPlaneImpl_h_
+#define GMPVideoPlaneImpl_h_
+
+#include "gmp-video-plane.h"
+#include "mozilla/ipc/Shmem.h"
+
+namespace mozilla::gmp {
+
+class GMPVideoHostImpl;
+class GMPPlaneData;
+
+class GMPPlaneImpl : public GMPPlane {
+ friend struct IPC::ParamTraits<mozilla::gmp::GMPPlaneImpl>;
+
+ public:
+ explicit GMPPlaneImpl(GMPVideoHostImpl* aHost);
+ GMPPlaneImpl(const GMPPlaneData& aPlaneData, GMPVideoHostImpl* aHost);
+ virtual ~GMPPlaneImpl();
+
+ // This is called during a normal destroy sequence, which is
+ // when a consumer is finished or during XPCOM shutdown.
+ void DoneWithAPI();
+ // This is called when something has gone wrong - specicifically,
+ // a child process has crashed. Does not attempt to release Shmem,
+ // as the Shmem has already been released.
+ void ActorDestroyed();
+
+ bool InitPlaneData(GMPPlaneData& aPlaneData);
+
+ // GMPPlane
+ GMPErr CreateEmptyPlane(int32_t aAllocatedSize, int32_t aStride,
+ int32_t aPlaneSize) override;
+ GMPErr Copy(const GMPPlane& aPlane) override;
+ GMPErr Copy(int32_t aSize, int32_t aStride, const uint8_t* aBuffer) override;
+ void Swap(GMPPlane& aPlane) override;
+ int32_t AllocatedSize() const override;
+ void ResetSize() override;
+ bool IsZeroSize() const override;
+ int32_t Stride() const override;
+ const uint8_t* Buffer() const override;
+ uint8_t* Buffer() override;
+ void Destroy() override;
+
+ private:
+ GMPErr MaybeResize(int32_t aNewSize);
+ void DestroyBuffer();
+
+ ipc::Shmem mBuffer;
+ int32_t mSize;
+ int32_t mStride;
+ GMPVideoHostImpl* mHost;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPVideoPlaneImpl_h_
diff --git a/dom/media/gmp/GMPVideoi420FrameImpl.cpp b/dom/media/gmp/GMPVideoi420FrameImpl.cpp
new file mode 100644
index 0000000000..1ca3e8123f
--- /dev/null
+++ b/dom/media/gmp/GMPVideoi420FrameImpl.cpp
@@ -0,0 +1,328 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "GMPVideoi420FrameImpl.h"
+#include "mozilla/gmp/GMPTypes.h"
+#include "mozilla/CheckedInt.h"
+
+namespace mozilla::gmp {
+
+GMPVideoi420FrameImpl::GMPVideoi420FrameImpl(GMPVideoHostImpl* aHost)
+ : mYPlane(aHost),
+ mUPlane(aHost),
+ mVPlane(aHost),
+ mWidth(0),
+ mHeight(0),
+ mTimestamp(0ll),
+ mDuration(0ll) {
+ MOZ_ASSERT(aHost);
+}
+
+GMPVideoi420FrameImpl::GMPVideoi420FrameImpl(
+ const GMPVideoi420FrameData& aFrameData, GMPVideoHostImpl* aHost)
+ : mYPlane(aFrameData.mYPlane(), aHost),
+ mUPlane(aFrameData.mUPlane(), aHost),
+ mVPlane(aFrameData.mVPlane(), aHost),
+ mWidth(aFrameData.mWidth()),
+ mHeight(aFrameData.mHeight()),
+ mTimestamp(aFrameData.mTimestamp()),
+ mUpdatedTimestamp(aFrameData.mUpdatedTimestamp()),
+ mDuration(aFrameData.mDuration()) {
+ MOZ_ASSERT(aHost);
+}
+
+GMPVideoi420FrameImpl::~GMPVideoi420FrameImpl() = default;
+
+bool GMPVideoi420FrameImpl::InitFrameData(GMPVideoi420FrameData& aFrameData) {
+ mYPlane.InitPlaneData(aFrameData.mYPlane());
+ mUPlane.InitPlaneData(aFrameData.mUPlane());
+ mVPlane.InitPlaneData(aFrameData.mVPlane());
+ aFrameData.mWidth() = mWidth;
+ aFrameData.mHeight() = mHeight;
+ aFrameData.mTimestamp() = mTimestamp;
+ aFrameData.mUpdatedTimestamp() = mUpdatedTimestamp;
+ aFrameData.mDuration() = mDuration;
+ return true;
+}
+
+GMPVideoFrameFormat GMPVideoi420FrameImpl::GetFrameFormat() {
+ return kGMPI420VideoFrame;
+}
+
+void GMPVideoi420FrameImpl::Destroy() { delete this; }
+
+/* static */
+bool GMPVideoi420FrameImpl::CheckFrameData(
+ const GMPVideoi420FrameData& aFrameData) {
+ // We may be passed the "wrong" shmem (one smaller than the actual size).
+ // This implies a bug or serious error on the child size. Ignore this frame
+ // if so. Note: Size() greater than expected is also an error, but with no
+ // negative consequences
+ int32_t half_width = (aFrameData.mWidth() + 1) / 2;
+ if ((aFrameData.mYPlane().mStride() <= 0) ||
+ (aFrameData.mYPlane().mSize() <= 0) ||
+ (aFrameData.mUPlane().mStride() <= 0) ||
+ (aFrameData.mUPlane().mSize() <= 0) ||
+ (aFrameData.mVPlane().mStride() <= 0) ||
+ (aFrameData.mVPlane().mSize() <= 0) ||
+ (aFrameData.mYPlane().mSize() >
+ (int32_t)aFrameData.mYPlane().mBuffer().Size<uint8_t>()) ||
+ (aFrameData.mUPlane().mSize() >
+ (int32_t)aFrameData.mUPlane().mBuffer().Size<uint8_t>()) ||
+ (aFrameData.mVPlane().mSize() >
+ (int32_t)aFrameData.mVPlane().mBuffer().Size<uint8_t>()) ||
+ (aFrameData.mYPlane().mStride() < aFrameData.mWidth()) ||
+ (aFrameData.mUPlane().mStride() < half_width) ||
+ (aFrameData.mVPlane().mStride() < half_width) ||
+ (aFrameData.mYPlane().mSize() <
+ aFrameData.mYPlane().mStride() * aFrameData.mHeight()) ||
+ (aFrameData.mUPlane().mSize() <
+ aFrameData.mUPlane().mStride() * ((aFrameData.mHeight() + 1) / 2)) ||
+ (aFrameData.mVPlane().mSize() <
+ aFrameData.mVPlane().mStride() * ((aFrameData.mHeight() + 1) / 2))) {
+ return false;
+ }
+ return true;
+}
+
+bool GMPVideoi420FrameImpl::CheckDimensions(int32_t aWidth, int32_t aHeight,
+ int32_t aStride_y,
+ int32_t aStride_u,
+ int32_t aStride_v) {
+ int32_t half_width = (aWidth + 1) / 2;
+ if (aWidth < 1 || aHeight < 1 || aStride_y < aWidth ||
+ aStride_u < half_width || aStride_v < half_width ||
+ !(CheckedInt<int32_t>(aHeight) * aStride_y +
+ ((CheckedInt<int32_t>(aHeight) + 1) / 2) *
+ (CheckedInt<int32_t>(aStride_u) + aStride_v))
+ .isValid()) {
+ return false;
+ }
+ return true;
+}
+
+const GMPPlaneImpl* GMPVideoi420FrameImpl::GetPlane(GMPPlaneType aType) const {
+ switch (aType) {
+ case kGMPYPlane:
+ return &mYPlane;
+ case kGMPUPlane:
+ return &mUPlane;
+ case kGMPVPlane:
+ return &mVPlane;
+ default:
+ MOZ_CRASH("Unknown plane type!");
+ }
+ return nullptr;
+}
+
+GMPPlaneImpl* GMPVideoi420FrameImpl::GetPlane(GMPPlaneType aType) {
+ switch (aType) {
+ case kGMPYPlane:
+ return &mYPlane;
+ case kGMPUPlane:
+ return &mUPlane;
+ case kGMPVPlane:
+ return &mVPlane;
+ default:
+ MOZ_CRASH("Unknown plane type!");
+ }
+ return nullptr;
+}
+
+GMPErr GMPVideoi420FrameImpl::CreateEmptyFrame(int32_t aWidth, int32_t aHeight,
+ int32_t aStride_y,
+ int32_t aStride_u,
+ int32_t aStride_v) {
+ if (!CheckDimensions(aWidth, aHeight, aStride_y, aStride_u, aStride_v)) {
+ return GMPGenericErr;
+ }
+
+ int32_t size_y = aStride_y * aHeight;
+ int32_t half_height = (aHeight + 1) / 2;
+ int32_t size_u = aStride_u * half_height;
+ int32_t size_v = aStride_v * half_height;
+
+ GMPErr err = mYPlane.CreateEmptyPlane(size_y, aStride_y, size_y);
+ if (err != GMPNoErr) {
+ return err;
+ }
+ err = mUPlane.CreateEmptyPlane(size_u, aStride_u, size_u);
+ if (err != GMPNoErr) {
+ return err;
+ }
+ err = mVPlane.CreateEmptyPlane(size_v, aStride_v, size_v);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ mWidth = aWidth;
+ mHeight = aHeight;
+ mTimestamp = 0ll;
+ mUpdatedTimestamp.reset();
+ mDuration = 0ll;
+
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoi420FrameImpl::CreateFrame(
+ int32_t aSize_y, const uint8_t* aBuffer_y, int32_t aSize_u,
+ const uint8_t* aBuffer_u, int32_t aSize_v, const uint8_t* aBuffer_v,
+ int32_t aWidth, int32_t aHeight, int32_t aStride_y, int32_t aStride_u,
+ int32_t aStride_v) {
+ MOZ_ASSERT(aBuffer_y);
+ MOZ_ASSERT(aBuffer_u);
+ MOZ_ASSERT(aBuffer_v);
+
+ if (aSize_y < 1 || aSize_u < 1 || aSize_v < 1) {
+ return GMPGenericErr;
+ }
+
+ if (!CheckDimensions(aWidth, aHeight, aStride_y, aStride_u, aStride_v)) {
+ return GMPGenericErr;
+ }
+
+ GMPErr err = mYPlane.Copy(aSize_y, aStride_y, aBuffer_y);
+ if (err != GMPNoErr) {
+ return err;
+ }
+ err = mUPlane.Copy(aSize_u, aStride_u, aBuffer_u);
+ if (err != GMPNoErr) {
+ return err;
+ }
+ err = mVPlane.Copy(aSize_v, aStride_v, aBuffer_v);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ mWidth = aWidth;
+ mHeight = aHeight;
+
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoi420FrameImpl::CopyFrame(const GMPVideoi420Frame& aFrame) {
+ auto& f = static_cast<const GMPVideoi420FrameImpl&>(aFrame);
+
+ GMPErr err = mYPlane.Copy(f.mYPlane);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ err = mUPlane.Copy(f.mUPlane);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ err = mVPlane.Copy(f.mVPlane);
+ if (err != GMPNoErr) {
+ return err;
+ }
+
+ mWidth = f.mWidth;
+ mHeight = f.mHeight;
+ mTimestamp = f.mTimestamp;
+ mUpdatedTimestamp = f.mUpdatedTimestamp;
+ mDuration = f.mDuration;
+
+ return GMPNoErr;
+}
+
+void GMPVideoi420FrameImpl::SwapFrame(GMPVideoi420Frame* aFrame) {
+ auto f = static_cast<GMPVideoi420FrameImpl*>(aFrame);
+ mYPlane.Swap(f->mYPlane);
+ mUPlane.Swap(f->mUPlane);
+ mVPlane.Swap(f->mVPlane);
+ std::swap(mWidth, f->mWidth);
+ std::swap(mHeight, f->mHeight);
+ std::swap(mTimestamp, f->mTimestamp);
+ std::swap(mUpdatedTimestamp, f->mUpdatedTimestamp);
+ std::swap(mDuration, f->mDuration);
+}
+
+uint8_t* GMPVideoi420FrameImpl::Buffer(GMPPlaneType aType) {
+ GMPPlane* p = GetPlane(aType);
+ if (p) {
+ return p->Buffer();
+ }
+ return nullptr;
+}
+
+const uint8_t* GMPVideoi420FrameImpl::Buffer(GMPPlaneType aType) const {
+ const GMPPlane* p = GetPlane(aType);
+ if (p) {
+ return p->Buffer();
+ }
+ return nullptr;
+}
+
+int32_t GMPVideoi420FrameImpl::AllocatedSize(GMPPlaneType aType) const {
+ const GMPPlane* p = GetPlane(aType);
+ if (p) {
+ return p->AllocatedSize();
+ }
+ return -1;
+}
+
+int32_t GMPVideoi420FrameImpl::Stride(GMPPlaneType aType) const {
+ const GMPPlane* p = GetPlane(aType);
+ if (p) {
+ return p->Stride();
+ }
+ return -1;
+}
+
+GMPErr GMPVideoi420FrameImpl::SetWidth(int32_t aWidth) {
+ if (!CheckDimensions(aWidth, mHeight, mYPlane.Stride(), mUPlane.Stride(),
+ mVPlane.Stride())) {
+ return GMPGenericErr;
+ }
+ mWidth = aWidth;
+ return GMPNoErr;
+}
+
+GMPErr GMPVideoi420FrameImpl::SetHeight(int32_t aHeight) {
+ if (!CheckDimensions(mWidth, aHeight, mYPlane.Stride(), mUPlane.Stride(),
+ mVPlane.Stride())) {
+ return GMPGenericErr;
+ }
+ mHeight = aHeight;
+ return GMPNoErr;
+}
+
+int32_t GMPVideoi420FrameImpl::Width() const { return mWidth; }
+
+int32_t GMPVideoi420FrameImpl::Height() const { return mHeight; }
+
+void GMPVideoi420FrameImpl::SetTimestamp(uint64_t aTimestamp) {
+ mTimestamp = aTimestamp;
+}
+
+uint64_t GMPVideoi420FrameImpl::Timestamp() const { return mTimestamp; }
+
+void GMPVideoi420FrameImpl::SetUpdatedTimestamp(uint64_t aTimestamp) {
+ mUpdatedTimestamp = Some(aTimestamp);
+}
+
+uint64_t GMPVideoi420FrameImpl::UpdatedTimestamp() const {
+ return mUpdatedTimestamp ? *mUpdatedTimestamp : mTimestamp;
+}
+
+void GMPVideoi420FrameImpl::SetDuration(uint64_t aDuration) {
+ mDuration = aDuration;
+}
+
+uint64_t GMPVideoi420FrameImpl::Duration() const { return mDuration; }
+
+bool GMPVideoi420FrameImpl::IsZeroSize() const {
+ return (mYPlane.IsZeroSize() && mUPlane.IsZeroSize() && mVPlane.IsZeroSize());
+}
+
+void GMPVideoi420FrameImpl::ResetSize() {
+ mYPlane.ResetSize();
+ mUPlane.ResetSize();
+ mVPlane.ResetSize();
+}
+
+} // namespace mozilla::gmp
diff --git a/dom/media/gmp/GMPVideoi420FrameImpl.h b/dom/media/gmp/GMPVideoi420FrameImpl.h
new file mode 100644
index 0000000000..53377beb8d
--- /dev/null
+++ b/dom/media/gmp/GMPVideoi420FrameImpl.h
@@ -0,0 +1,80 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef GMPVideoi420FrameImpl_h_
+#define GMPVideoi420FrameImpl_h_
+
+#include "gmp-video-frame-i420.h"
+#include "mozilla/ipc/Shmem.h"
+#include "GMPVideoPlaneImpl.h"
+#include "mozilla/Maybe.h"
+
+namespace mozilla::gmp {
+
+class GMPVideoi420FrameData;
+
+class GMPVideoi420FrameImpl : public GMPVideoi420Frame {
+ friend struct IPC::ParamTraits<mozilla::gmp::GMPVideoi420FrameImpl>;
+
+ public:
+ explicit GMPVideoi420FrameImpl(GMPVideoHostImpl* aHost);
+ GMPVideoi420FrameImpl(const GMPVideoi420FrameData& aFrameData,
+ GMPVideoHostImpl* aHost);
+ virtual ~GMPVideoi420FrameImpl();
+
+ static bool CheckFrameData(const GMPVideoi420FrameData& aFrameData);
+
+ bool InitFrameData(GMPVideoi420FrameData& aFrameData);
+ const GMPPlaneImpl* GetPlane(GMPPlaneType aType) const;
+ GMPPlaneImpl* GetPlane(GMPPlaneType aType);
+
+ // GMPVideoFrame
+ GMPVideoFrameFormat GetFrameFormat() override;
+ void Destroy() override;
+
+ // GMPVideoi420Frame
+ GMPErr CreateEmptyFrame(int32_t aWidth, int32_t aHeight, int32_t aStride_y,
+ int32_t aStride_u, int32_t aStride_v) override;
+ GMPErr CreateFrame(int32_t aSize_y, const uint8_t* aBuffer_y, int32_t aSize_u,
+ const uint8_t* aBuffer_u, int32_t aSize_v,
+ const uint8_t* aBuffer_v, int32_t aWidth, int32_t aHeight,
+ int32_t aStride_y, int32_t aStride_u,
+ int32_t aStride_v) override;
+ GMPErr CopyFrame(const GMPVideoi420Frame& aFrame) override;
+ void SwapFrame(GMPVideoi420Frame* aFrame) override;
+ uint8_t* Buffer(GMPPlaneType aType) override;
+ const uint8_t* Buffer(GMPPlaneType aType) const override;
+ int32_t AllocatedSize(GMPPlaneType aType) const override;
+ int32_t Stride(GMPPlaneType aType) const override;
+ GMPErr SetWidth(int32_t aWidth) override;
+ GMPErr SetHeight(int32_t aHeight) override;
+ int32_t Width() const override;
+ int32_t Height() const override;
+ void SetTimestamp(uint64_t aTimestamp) override;
+ uint64_t Timestamp() const override;
+ void SetUpdatedTimestamp(uint64_t aTimestamp) override;
+ uint64_t UpdatedTimestamp() const override;
+ void SetDuration(uint64_t aDuration) override;
+ uint64_t Duration() const override;
+ bool IsZeroSize() const override;
+ void ResetSize() override;
+
+ private:
+ bool CheckDimensions(int32_t aWidth, int32_t aHeight, int32_t aStride_y,
+ int32_t aStride_u, int32_t aStride_v);
+
+ GMPPlaneImpl mYPlane;
+ GMPPlaneImpl mUPlane;
+ GMPPlaneImpl mVPlane;
+ int32_t mWidth;
+ int32_t mHeight;
+ uint64_t mTimestamp;
+ Maybe<uint64_t> mUpdatedTimestamp;
+ uint64_t mDuration;
+};
+
+} // namespace mozilla::gmp
+
+#endif // GMPVideoi420FrameImpl_h_
diff --git a/dom/media/gmp/PChromiumCDM.ipdl b/dom/media/gmp/PChromiumCDM.ipdl
new file mode 100644
index 0000000000..2355839c17
--- /dev/null
+++ b/dom/media/gmp/PChromiumCDM.ipdl
@@ -0,0 +1,129 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PGMPContent;
+include GMPTypes;
+
+include "GMPMessageUtils.h";
+include "ChromiumCDMParent.h";
+
+using cdm::HdcpVersion from "GMPSanitizedExports.h";
+
+namespace mozilla {
+namespace gmp {
+
+[ChildImpl=virtual, ParentImpl="ChromiumCDMParent"]
+async protocol PChromiumCDM
+{
+ manager PGMPContent;
+child:
+
+ // cdm::ContentDecryptionModule_10
+ async Init(bool aAllowDistinctiveIdentifier,
+ bool aAllowPersistentState) returns (bool aSuccess);
+
+ async GetStatusForPolicy(uint32_t aPromiseId,
+ HdcpVersion aMinHdcpVersion);
+
+ async SetServerCertificate(uint32_t aPromiseId,
+ uint8_t[] aServerCert);
+
+ async CreateSessionAndGenerateRequest(uint32_t aPromiseId,
+ uint32_t aSessionType,
+ uint32_t aInitDataType,
+ uint8_t[] aInitData);
+
+ async LoadSession(uint32_t aPromiseId,
+ uint32_t aSessionType,
+ nsCString aSessionId);
+
+ async UpdateSession(uint32_t aPromiseId,
+ nsCString aSessionId,
+ uint8_t[] aResponse);
+
+ async CloseSession(uint32_t aPromiseId,
+ nsCString aSessionId);
+
+ async RemoveSession(uint32_t aPromiseId,
+ nsCString aSessionId);
+
+ // This is called after the parent has verified the protection status and
+ // round tripped the call back to the child.
+ async CompleteQueryOutputProtectionStatus(bool aSuccess,
+ uint32_t aLinkMask,
+ uint32_t aProtectionMask);
+
+ async Decrypt(uint32_t aId, CDMInputBuffer aBuffer);
+
+ async InitializeVideoDecoder(CDMVideoDecoderConfig aConfig);
+
+ async DeinitializeVideoDecoder();
+
+ async ResetVideoDecoder();
+
+ async DecryptAndDecodeFrame(CDMInputBuffer aBuffer);
+
+ async Drain();
+
+ async Destroy();
+
+ async GiveBuffer(Shmem aShmem);
+
+ async PurgeShmems();
+
+
+parent:
+ async __delete__();
+
+ // cdm::Host_10
+ async OnResolvePromiseWithKeyStatus(uint32_t aPromiseId, uint32_t aKeyStatus);
+
+ async OnResolveNewSessionPromise(uint32_t aPromiseId, nsCString aSessionId);
+
+ async OnResolvePromise(uint32_t aPromiseId);
+
+ async OnRejectPromise(uint32_t aPromiseId,
+ uint32_t aException,
+ uint32_t aSystemCode,
+ nsCString aErrorMessage);
+
+ async OnSessionMessage(nsCString aSessionId,
+ uint32_t aMessageType,
+ uint8_t[] aMessage);
+
+ async OnSessionKeysChange(nsCString aSessionId,
+ CDMKeyInformation[] aKeysInfo);
+
+ async OnExpirationChange(nsCString aSessionId,
+ double aSecondsSinceEpoch);
+
+ async OnSessionClosed(nsCString aSessionId);
+
+ async OnQueryOutputProtectionStatus();
+
+ async ResolveLoadSessionPromise(uint32_t aPromiseId, bool aSuccessful);
+
+ // Return values of cdm::ContentDecryptionModule_10::Decrypt
+ async Decrypted(uint32_t aId, uint32_t aStatus, Shmem aDecryptedData);
+ async DecryptFailed(uint32_t aId, uint32_t aStatus);
+
+ async OnDecoderInitDone(uint32_t aStatus);
+
+ // Return values of cdm::ContentDecryptionModule_10::DecryptAndDecodeFrame
+ async DecodedShmem(CDMVideoFrame aFrame, Shmem aData);
+ async DecodedData(CDMVideoFrame aFrame, uint8_t[] aData);
+ async DecodeFailed(uint32_t aStatus);
+
+ async ResetVideoDecoderComplete();
+
+ async DrainComplete();
+
+ async Shutdown();
+
+ async IncreaseShmemPoolSize();
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/PGMP.ipdl b/dom/media/gmp/PGMP.ipdl
new file mode 100644
index 0000000000..69db40a06a
--- /dev/null
+++ b/dom/media/gmp/PGMP.ipdl
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include PrefsTypes;
+include protocol PGMPContent;
+include protocol PGMPTimer;
+include protocol PGMPStorage;
+include protocol PProfiler;
+
+#if defined(XP_WIN)
+[MoveOnly] using mozilla::UntrustedModulesData from "mozilla/UntrustedModulesData.h";
+[MoveOnly] using mozilla::ModulePaths from "mozilla/UntrustedModulesData.h";
+[MoveOnly] using mozilla::ModulesMapResult from "mozilla/UntrustedModulesData.h";
+#endif
+
+include "mozilla/ipc/ByteBufUtils.h";
+include "GMPParent.h";
+include "GMPChild.h";
+
+using mozilla::dom::NativeThreadId from "mozilla/dom/NativeThreadId.h";
+
+namespace mozilla {
+namespace gmp {
+
+[NeedsOtherPid, NestedUpTo=inside_sync, ChildImpl="GMPChild", ParentImpl="GMPParent", ChildProc=GMPlugin]
+sync protocol PGMP
+{
+ manages PGMPTimer;
+ manages PGMPStorage;
+
+parent:
+ async InitCrashReporter(NativeThreadId threadId);
+ async PGMPTimer();
+ async PGMPStorage();
+
+ async PGMPContentChildDestroyed();
+
+ // Sent from time-to-time to limit the amount of telemetry vulnerable to loss
+ // Buffer contains bincoded Rust structs.
+ // https://firefox-source-docs.mozilla.org/toolkit/components/glean/dev/ipc.html
+ async FOGData(ByteBuf buf);
+
+#if defined(XP_WIN)
+ async GetModulesTrust(ModulePaths aModPaths, bool aRunAtNormalPriority)
+ returns (ModulesMapResult? modMapResult);
+#endif // defined(XP_WIN)
+
+child:
+ async CrashPluginNow();
+ [Nested=inside_sync] sync StartPlugin(nsString adapter);
+ async ProvideStorageId(nsCString storageId);
+ async PreloadLibs(nsCString libs);
+ async CloseActive();
+ async InitGMPContentChild(Endpoint<PGMPContentChild> endpoint);
+ async InitProfiler(Endpoint<PProfilerChild> endpoint);
+ async PreferenceUpdate(Pref pref);
+
+ // Tells the GMP process to flush any pending telemetry.
+ // Used in tests and ping assembly. Buffer contains bincoded Rust structs.
+ // https://firefox-source-docs.mozilla.org/toolkit/components/glean/dev/ipc.html
+ async FlushFOGData() returns (ByteBuf buf);
+
+#if defined(XP_WIN)
+ async InitDllServices(bool canRecordReleaseTelemetry,
+ bool aIsReadyForBackgroundProcessing);
+
+ async GetUntrustedModulesData() returns (UntrustedModulesData? data);
+
+ /**
+ * This method is used to notify a child process to start
+ * processing module loading events in UntrustedModulesProcessor.
+ * This should be called when the parent process has gone idle.
+ */
+ async UnblockUntrustedModulesThread();
+#endif // defined(XP_WIN)
+
+ // Test-only method.
+ // Asks the GMP process to trigger test-only instrumentation.
+ // The unused returned value is to have a promise we can await.
+ async TestTriggerMetrics() returns (bool unused);
+
+ // Attempt a graceful shutdown and collect a profile if available.
+ async Shutdown() returns (nsCString profile);
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/PGMPContent.ipdl b/dom/media/gmp/PGMPContent.ipdl
new file mode 100644
index 0000000000..20b59932ce
--- /dev/null
+++ b/dom/media/gmp/PGMPContent.ipdl
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PGMPVideoDecoder;
+include protocol PGMPVideoEncoder;
+include protocol PChromiumCDM;
+
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+include protocol PSandboxTesting;
+#endif
+
+include "GMPContentChild.h";
+
+namespace mozilla {
+namespace gmp {
+
+[NeedsOtherPid, ChildImpl="GMPContentChild", ParentImpl=virtual, ParentProc=anydom, ChildProc=GMPlugin]
+sync protocol PGMPContent
+{
+ manages PGMPVideoDecoder;
+ manages PGMPVideoEncoder;
+ manages PChromiumCDM;
+
+child:
+ async PGMPVideoDecoder();
+ async PGMPVideoEncoder();
+ async PChromiumCDM(nsCString aKeySystem);
+
+#if defined(MOZ_SANDBOX) && defined(MOZ_DEBUG) && defined(ENABLE_TESTS)
+ async InitSandboxTesting(Endpoint<PSandboxTestingChild> aEndpoint);
+#endif
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/PGMPService.ipdl b/dom/media/gmp/PGMPService.ipdl
new file mode 100644
index 0000000000..fff3a4dba1
--- /dev/null
+++ b/dom/media/gmp/PGMPService.ipdl
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PGMPContent;
+include GMPTypes;
+
+using base::ProcessId from "base/process.h";
+using GMPPluginType from "GMPNativeTypes.h";
+
+namespace mozilla {
+namespace gmp {
+
+struct GMPLaunchResult {
+ uint32_t pluginId;
+ GMPPluginType pluginType;
+ ProcessId pid;
+ nsCString displayName;
+ Endpoint<PGMPContentParent> endpoint;
+ nsresult result;
+ nsCString errorDescription;
+};
+
+[NeedsOtherPid, ChildImpl=virtual, ParentImpl=virtual, ChildProc=Content]
+async protocol PGMPService
+{
+parent:
+ async LaunchGMP(NodeIdVariant nodeIdVariant,
+ nsCString api,
+ nsCString[] tags,
+ ProcessId[] alreadyBridgedTo)
+ returns (GMPLaunchResult aResult);
+
+ async GetGMPNodeId(nsString origin, nsString topLevelOrigin, nsString gmpName)
+ returns (nsCString id);
+child:
+ async BeginShutdown();
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/PGMPStorage.ipdl b/dom/media/gmp/PGMPStorage.ipdl
new file mode 100644
index 0000000000..6efe7fbb23
--- /dev/null
+++ b/dom/media/gmp/PGMPStorage.ipdl
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PGMP;
+include GMPTypes;
+
+include "GMPStorageChild.h";
+
+using GMPErr from "gmp-errors.h";
+
+namespace mozilla {
+namespace gmp {
+
+[ManualDealloc, ChildImpl="GMPStorageChild", ParentImpl=virtual]
+async protocol PGMPStorage
+{
+ manager PGMP;
+
+child:
+ async OpenComplete(nsCString aRecordName, GMPErr aStatus);
+ async ReadComplete(nsCString aRecordName, GMPErr aStatus, uint8_t[] aBytes);
+ async WriteComplete(nsCString aRecordName, GMPErr aStatus);
+ async Shutdown();
+
+parent:
+ async Open(nsCString aRecordName);
+ async Read(nsCString aRecordName);
+ async Write(nsCString aRecordName, uint8_t[] aBytes);
+ async Close(nsCString aRecordName);
+ async __delete__();
+
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/PGMPTimer.ipdl b/dom/media/gmp/PGMPTimer.ipdl
new file mode 100644
index 0000000000..c6c8170b43
--- /dev/null
+++ b/dom/media/gmp/PGMPTimer.ipdl
@@ -0,0 +1,26 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PGMP;
+
+include "GMPTimerParent.h";
+include "GMPTimerChild.h";
+
+namespace mozilla {
+namespace gmp {
+
+[ManualDealloc, ChildImpl="GMPTimerChild", ParentImpl="GMPTimerParent"]
+async protocol PGMPTimer
+{
+ manager PGMP;
+child:
+ async TimerExpired(uint32_t aTimerId);
+parent:
+ async SetTimer(uint32_t aTimerId, uint32_t aTimeoutMs);
+ async __delete__();
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/PGMPVideoDecoder.ipdl b/dom/media/gmp/PGMPVideoDecoder.ipdl
new file mode 100644
index 0000000000..e0c7a21a64
--- /dev/null
+++ b/dom/media/gmp/PGMPVideoDecoder.ipdl
@@ -0,0 +1,50 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PGMPContent;
+include GMPTypes;
+
+using GMPVideoCodec from "gmp-video-codec.h";
+using GMPErr from "gmp-errors.h";
+
+include "GMPMessageUtils.h";
+include "GMPVideoDecoderChild.h";
+
+namespace mozilla {
+namespace gmp {
+
+[ChildImpl="GMPVideoDecoderChild", ParentImpl=virtual]
+sync protocol PGMPVideoDecoder
+{
+ manager PGMPContent;
+child:
+ async InitDecode(GMPVideoCodec aCodecSettings,
+ uint8_t[] aCodecSpecific,
+ int32_t aCoreCount);
+ async Decode(GMPVideoEncodedFrameData aInputFrame,
+ bool aMissingFrames,
+ uint8_t[] aCodecSpecificInfo,
+ int64_t aRenderTimeMs);
+ async Reset();
+ async Drain();
+ async DecodingComplete();
+ async ChildShmemForPool(Shmem aFrameBuffer);
+
+parent:
+ async __delete__();
+ async Decoded(GMPVideoi420FrameData aDecodedFrame);
+ async ReceivedDecodedReferenceFrame(uint64_t aPictureId);
+ async ReceivedDecodedFrame(uint64_t aPictureId);
+ async InputDataExhausted();
+ async DrainComplete();
+ async ResetComplete();
+ async Error(GMPErr aErr);
+ async Shutdown();
+ async ParentShmemForPool(Shmem aEncodedBuffer);
+ sync NeedShmem(uint32_t aFrameBufferSize) returns (Shmem aMem);
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/PGMPVideoEncoder.ipdl b/dom/media/gmp/PGMPVideoEncoder.ipdl
new file mode 100644
index 0000000000..afd4f7ce9a
--- /dev/null
+++ b/dom/media/gmp/PGMPVideoEncoder.ipdl
@@ -0,0 +1,48 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PGMPContent;
+include GMPTypes;
+
+using GMPVideoCodec from "gmp-video-codec.h";
+using GMPVideoFrameType from "gmp-video-frame-encoded.h";
+using GMPErr from "gmp-errors.h";
+
+include "GMPMessageUtils.h";
+include "GMPVideoEncoderChild.h";
+
+namespace mozilla {
+namespace gmp {
+
+[ChildImpl="GMPVideoEncoderChild", ParentImpl=virtual]
+sync protocol PGMPVideoEncoder
+{
+ manager PGMPContent;
+child:
+ async InitEncode(GMPVideoCodec aCodecSettings,
+ uint8_t[] aCodecSpecific,
+ int32_t aNumberOfCores,
+ uint32_t aMaxPayloadSize);
+ async Encode(GMPVideoi420FrameData aInputFrame,
+ uint8_t[] aCodecSpecificInfo,
+ GMPVideoFrameType[] aFrameTypes);
+ async SetChannelParameters(uint32_t aPacketLoss, uint32_t aRTT);
+ async SetRates(uint32_t aNewBitRate, uint32_t aFrameRate);
+ async SetPeriodicKeyFrames(bool aEnable);
+ async EncodingComplete();
+ async ChildShmemForPool(Shmem aEncodedBuffer);
+
+parent:
+ async __delete__();
+ async Encoded(GMPVideoEncodedFrameData aEncodedFrame,
+ uint8_t[] aCodecSpecificInfo);
+ async Error(GMPErr aErr);
+ async Shutdown();
+ async ParentShmemForPool(Shmem aFrameBuffer);
+ sync NeedShmem(uint32_t aEncodedBufferSize) returns (Shmem aMem);
+};
+
+} // namespace gmp
+} // namespace mozilla
diff --git a/dom/media/gmp/README.txt b/dom/media/gmp/README.txt
new file mode 100644
index 0000000000..189cf3b302
--- /dev/null
+++ b/dom/media/gmp/README.txt
@@ -0,0 +1 @@
+This directory contains code supporting Gecko Media Plugins (GMPs). The GMP API is not the same thing as the Media Plugin API (MPAPI).
diff --git a/dom/media/gmp/gmp-api/gmp-entrypoints.h b/dom/media/gmp/gmp-api/gmp-entrypoints.h
new file mode 100644
index 0000000000..fd2457e9be
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-entrypoints.h
@@ -0,0 +1,73 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_ENTRYPOINTS_h_
+#define GMP_ENTRYPOINTS_h_
+
+#include "gmp-errors.h"
+#include "gmp-platform.h"
+
+/* C functions exposed by Gecko Media Plugin shared library. */
+
+// GMPInit
+// - Called once after plugin library is loaded, before GMPGetAPI or GMPShutdown
+// are called.
+// - Called on main thread.
+// - 'aPlatformAPI' is a structure containing platform-provided APIs. It is
+// valid until
+// 'GMPShutdown' is called. Owned and must be deleted by plugin.
+typedef GMPErr (*GMPInitFunc)(const GMPPlatformAPI* aPlatformAPI);
+
+// GMPGetAPI
+// - Called when host wants to use an API.
+// - Called on main thread.
+// - 'aAPIName' is a string indicating the API being requested. This should
+// match one of the GMP_API_* macros. Subsequent iterations of the GMP_APIs
+// may change the value of the GMP_API_* macros when ABI changes occur. So
+// make sure you compare aAPIName against the corresponding GMP_API_* macro!
+// - 'aHostAPI' is the host API which is specific to the API being requested
+// from the plugin. It is valid so long as the API object requested from the
+// plugin is valid. It is owned by the host, plugin should not attempt to
+// delete. May be null.
+// - 'aPluginAPI' is for returning the requested API. Destruction of the
+// requsted
+// API object is defined by the API.
+typedef GMPErr (*GMPGetAPIFunc)(const char* aAPIName, void* aHostAPI,
+ void** aPluginAPI);
+
+// GMPShutdown
+// - Called once before exiting process (unloading library).
+// - Called on main thread.
+typedef void (*GMPShutdownFunc)(void);
+
+#endif // GMP_ENTRYPOINTS_h_
diff --git a/dom/media/gmp/gmp-api/gmp-errors.h b/dom/media/gmp/gmp-api/gmp-errors.h
new file mode 100644
index 0000000000..a95db1f7a5
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-errors.h
@@ -0,0 +1,59 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_ERRORS_h_
+#define GMP_ERRORS_h_
+
+typedef enum {
+ GMPNoErr = 0,
+ GMPGenericErr = 1,
+ GMPClosedErr = 2,
+ GMPAllocErr = 3,
+ GMPNotImplementedErr = 4,
+ GMPRecordInUse = 5,
+ GMPQuotaExceededErr = 6,
+ GMPDecodeErr = 7,
+ GMPEncodeErr = 8,
+ GMPNoKeyErr = 9,
+ GMPCryptoErr = 10,
+ GMPEndOfEnumeration = 11,
+ GMPInvalidArgErr = 12,
+ GMPAbortedErr = 13,
+ GMPRecordCorrupted = 14,
+ GMPLastErr // Placeholder, must be last. This enum's values must remain
+ // consecutive!
+} GMPErr;
+
+#define GMP_SUCCEEDED(x) ((x) == GMPNoErr)
+#define GMP_FAILED(x) ((x) != GMPNoErr)
+
+#endif // GMP_ERRORS_h_
diff --git a/dom/media/gmp/gmp-api/gmp-platform.h b/dom/media/gmp/gmp-api/gmp-platform.h
new file mode 100644
index 0000000000..530abcbbfe
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-platform.h
@@ -0,0 +1,102 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_PLATFORM_h_
+#define GMP_PLATFORM_h_
+
+#include "gmp-errors.h"
+#include "gmp-storage.h"
+#include <stdint.h>
+
+/* Platform helper API. */
+
+class GMPTask {
+ public:
+ virtual void Destroy() = 0; // Deletes object.
+ virtual ~GMPTask() = default;
+ virtual void Run() = 0;
+};
+
+class GMPThread {
+ public:
+ virtual ~GMPThread() = default;
+ virtual void Post(GMPTask* aTask) = 0;
+ virtual void Join() = 0; // Deletes object after join completes.
+};
+
+// A re-entrant monitor; can be locked from the same thread multiple times.
+// Must be unlocked the same number of times it's locked.
+class GMPMutex {
+ public:
+ virtual ~GMPMutex() = default;
+ virtual void Acquire() = 0;
+ virtual void Release() = 0;
+ virtual void Destroy() = 0; // Deletes object.
+};
+
+// Time is defined as the number of milliseconds since the
+// Epoch (00:00:00 UTC, January 1, 1970).
+typedef int64_t GMPTimestamp;
+
+typedef GMPErr (*GMPCreateThreadPtr)(GMPThread** aThread);
+typedef GMPErr (*GMPRunOnMainThreadPtr)(GMPTask* aTask);
+typedef GMPErr (*GMPSyncRunOnMainThreadPtr)(GMPTask* aTask);
+typedef GMPErr (*GMPCreateMutexPtr)(GMPMutex** aMutex);
+
+// Call on main thread only.
+typedef GMPErr (*GMPCreateRecordPtr)(const char* aRecordName,
+ uint32_t aRecordNameSize,
+ GMPRecord** aOutRecord,
+ GMPRecordClient* aClient);
+
+// Call on main thread only.
+typedef GMPErr (*GMPSetTimerOnMainThreadPtr)(GMPTask* aTask,
+ int64_t aTimeoutMS);
+typedef GMPErr (*GMPGetCurrentTimePtr)(GMPTimestamp* aOutTime);
+
+struct GMPPlatformAPI {
+ // Increment the version when things change. Can only add to the struct,
+ // do not change what already exists. Pointers to functions may be NULL
+ // when passed to plugins, but beware backwards compat implications of
+ // doing that.
+ uint16_t version; // Currently version 0
+
+ GMPCreateThreadPtr createthread;
+ GMPRunOnMainThreadPtr runonmainthread;
+ GMPSyncRunOnMainThreadPtr syncrunonmainthread;
+ GMPCreateMutexPtr createmutex;
+ GMPCreateRecordPtr createrecord;
+ GMPSetTimerOnMainThreadPtr settimer;
+ GMPGetCurrentTimePtr getcurrenttime;
+};
+
+#endif // GMP_PLATFORM_h_
diff --git a/dom/media/gmp/gmp-api/gmp-storage.h b/dom/media/gmp/gmp-api/gmp-storage.h
new file mode 100644
index 0000000000..af53256d43
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-storage.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2013, Mozilla Foundation and contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef GMP_STORAGE_h_
+#define GMP_STORAGE_h_
+
+#include "gmp-errors.h"
+#include <stdint.h>
+
+// Maximum size of a record, in bytes; 10 megabytes.
+#define GMP_MAX_RECORD_SIZE (10 * 1024 * 1024)
+
+// Maximum length of a record name in bytes.
+#define GMP_MAX_RECORD_NAME_SIZE 2000
+
+// Provides basic per-origin storage for CDMs. GMPRecord instances can be
+// retrieved by calling GMPPlatformAPI->openstorage. Multiple GMPRecords
+// with different names can be open at once, but a single record can only
+// be opened by one client at a time. This interface is asynchronous, with
+// results being returned via callbacks to the GMPRecordClient pointer
+// provided to the GMPPlatformAPI->openstorage call, on the main thread.
+//
+// Lifecycle: Once opened, the GMPRecord object remains allocated until
+// GMPRecord::Close() is called. If any GMPRecord function, either
+// synchronously or asynchronously through a GMPRecordClient callback,
+// returns an error, the GMP is responsible for calling Close() on the
+// GMPRecord to delete the GMPRecord object's memory. If your GMP does not
+// call Close(), the GMPRecord's memory will leak.
+class GMPRecord {
+ public:
+ // Opens the record. Calls OpenComplete() once the record is open.
+ // Note: Only work when GMP is loading content from a webserver.
+ // Does not work for web pages on loaded from disk.
+ // Note: OpenComplete() is only called if this returns GMPNoErr.
+ virtual GMPErr Open() = 0;
+
+ // Reads the entire contents of the record, and calls
+ // GMPRecordClient::ReadComplete() once the operation is complete.
+ // Note: ReadComplete() is only called if this returns GMPNoErr.
+ virtual GMPErr Read() = 0;
+
+ // Writes aDataSize bytes of aData into the record, overwriting the
+ // contents of the record, truncating it to aDataSize length.
+ // Overwriting with 0 bytes "deletes" the record.
+ // Note: WriteComplete is only called if this returns GMPNoErr.
+ virtual GMPErr Write(const uint8_t* aData, uint32_t aDataSize) = 0;
+
+ // Closes a record, deletes the GMPRecord object. The GMPRecord object
+ // must not be used after this is called, request a new one with
+ // GMPPlatformAPI->openstorage to re-open this record. Cancels all
+ // callbacks.
+ virtual GMPErr Close() = 0;
+
+ virtual ~GMPRecord() = default;
+};
+
+// Callback object that receives the results of GMPRecord calls. Callbacks
+// run asynchronously to the GMPRecord call, on the main thread.
+class GMPRecordClient {
+ public:
+ // Response to a GMPRecord::Open() call with the open |status|.
+ // aStatus values:
+ // - GMPNoErr - Record opened successfully. Record may be empty.
+ // - GMPRecordInUse - This record is in use by another client.
+ // - GMPGenericErr - Unspecified error.
+ // If aStatus is not GMPNoErr, the GMPRecord is unusable, and you must
+ // call Close() on the GMPRecord to dispose of it.
+ virtual void OpenComplete(GMPErr aStatus) = 0;
+
+ // Response to a GMPRecord::Read() call, where aData is the record contents,
+ // of length aDataSize.
+ // aData is only valid for the duration of the call to ReadComplete.
+ // Copy it if you want to hang onto it!
+ // aStatus values:
+ // - GMPNoErr - Record contents read successfully, aDataSize 0 means record
+ // is empty.
+ // - GMPRecordInUse - There are other operations or clients in use on
+ // this record.
+ // - GMPGenericErr - Unspecified error.
+ // If aStatus is not GMPNoErr, the GMPRecord is unusable, and you must
+ // call Close() on the GMPRecord to dispose of it.
+ virtual void ReadComplete(GMPErr aStatus, const uint8_t* aData,
+ uint32_t aDataSize) = 0;
+
+ // Response to a GMPRecord::Write() call.
+ // - GMPNoErr - File contents written successfully.
+ // - GMPRecordInUse - There are other operations or clients in use on
+ // this record.
+ // - GMPGenericErr - Unspecified error.
+ // If aStatus is not GMPNoErr, the GMPRecord is unusable, and you must
+ // call Close() on the GMPRecord to dispose of it.
+ virtual void WriteComplete(GMPErr aStatus) = 0;
+
+ virtual ~GMPRecordClient() = default;
+};
+
+#endif // GMP_STORAGE_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-codec.h b/dom/media/gmp/gmp-api/gmp-video-codec.h
new file mode 100644
index 0000000000..1fb4930a8b
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-codec.h
@@ -0,0 +1,302 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_CODEC_h_
+#define GMP_VIDEO_CODEC_h_
+
+#include <stdint.h>
+#include <stddef.h>
+
+enum { kGMPPayloadNameSize = 32 };
+enum { kGMPMaxSimulcastStreams = 4 };
+
+enum GMPVideoCodecComplexity {
+ kGMPComplexityNormal = 0,
+ kGMPComplexityHigh = 1,
+ kGMPComplexityHigher = 2,
+ kGMPComplexityMax = 3,
+ kGMPComplexityInvalid // Should always be last
+};
+
+enum GMPVP8ResilienceMode {
+ kResilienceOff, // The stream produced by the encoder requires a
+ // recovery frame (typically a key frame) to be
+ // decodable after a packet loss.
+ kResilientStream, // A stream produced by the encoder is resilient to
+ // packet losses, but packets within a frame subsequent
+ // to a loss can't be decoded.
+ kResilientFrames, // Same as kResilientStream but with added resilience
+ // within a frame.
+ kResilienceInvalid // Should always be last.
+};
+
+// VP8 specific
+struct GMPVideoCodecVP8 {
+ bool mPictureLossIndicationOn;
+ bool mFeedbackModeOn;
+ GMPVideoCodecComplexity mComplexity;
+ GMPVP8ResilienceMode mResilience;
+ uint32_t mNumberOfTemporalLayers;
+ bool mDenoisingOn;
+ bool mErrorConcealmentOn;
+ bool mAutomaticResizeOn;
+};
+
+// H264 specific
+
+// Needs to match a binary spec for this structure.
+// Note: the mSPS at the end of this structure is variable length.
+struct GMPVideoCodecH264AVCC {
+ uint8_t mVersion; // == 0x01
+ uint8_t mProfile; // these 3 are profile_level_id
+ uint8_t mConstraints;
+ uint8_t mLevel;
+ uint8_t mLengthSizeMinusOne; // lower 2 bits (== GMPBufferType-1). Top 6
+ // reserved (1's)
+
+ // SPS/PPS will not generally be present for interactive use unless SDP
+ // parameter-sets are used.
+ uint8_t mNumSPS; // lower 5 bits; top 5 reserved (1's)
+
+ /*** uint8_t mSPS[]; (Not defined due to compiler warnings and
+ * warnings-as-errors ...) **/
+ // Following mNumSPS is a variable number of bytes, which is the SPS and PPS.
+ // Each SPS == 16 bit size, ("N"), then "N" bytes,
+ // then uint8_t mNumPPS, then each PPS == 16 bit size ("N"), then "N" bytes.
+};
+
+// Codec specific data for H.264 decoding/encoding.
+// Cast the "aCodecSpecific" parameter of GMPVideoDecoder::InitDecode() and
+// GMPVideoEncoder::InitEncode() to this structure.
+struct GMPVideoCodecH264 {
+ uint8_t mPacketizationMode; // 0 or 1
+ struct GMPVideoCodecH264AVCC
+ mAVCC; // holds a variable-sized struct GMPVideoCodecH264AVCC mAVCC;
+};
+
+enum GMPVideoCodecType {
+ kGMPVideoCodecVP8,
+
+ // Encoded frames are in AVCC format; NAL length field of 4 bytes, followed
+ // by frame data. May be multiple NALUs per sample. Codec specific extra data
+ // is the AVCC extra data (in AVCC format).
+ kGMPVideoCodecH264,
+ kGMPVideoCodecVP9,
+ kGMPVideoCodecInvalid // Should always be last.
+};
+
+// Simulcast is when the same stream is encoded multiple times with different
+// settings such as resolution.
+struct GMPSimulcastStream {
+ uint32_t mWidth;
+ uint32_t mHeight;
+ uint32_t mNumberOfTemporalLayers;
+ uint32_t mMaxBitrate; // kilobits/sec.
+ uint32_t mTargetBitrate; // kilobits/sec.
+ uint32_t mMinBitrate; // kilobits/sec.
+ uint32_t mQPMax; // minimum quality
+};
+
+enum GMPVideoCodecMode {
+ kGMPRealtimeVideo,
+ kGMPScreensharing,
+ kGMPStreamingVideo,
+ kGMPNonRealtimeVideo,
+ kGMPCodecModeInvalid // Should always be last.
+};
+
+enum GMPLogLevel {
+ kGMPLogDefault,
+ kGMPLogQuiet,
+ kGMPLogError,
+ kGMPLogWarning,
+ kGMPLogInfo,
+ kGMPLogDebug,
+ kGMPLogDetail,
+ kGMPLogInvalid // Should always be last.
+};
+
+enum GMPProfile {
+ kGMPH264ProfileUnknown,
+ kGMPH264ProfileBaseline,
+ kGMPH264ProfileMain,
+ kGMPH264ProfileExtended,
+ kGMPH264ProfileHigh,
+ kGMPH264ProfileHigh10,
+ kGMPH264ProfileHigh422,
+ kGMPH264ProfileHigh444,
+ kGMPH264ProfileCavlc444,
+ kGMPH264ProfileScalableBaseline,
+ kGMPH264ProfileScalableHigh
+};
+
+enum GMPLevel {
+ kGMPH264LevelUnknown,
+ kGMPH264Level1_0,
+ kGMPH264Level1_B,
+ kGMPH264Level1_1,
+ kGMPH264Level1_2,
+ kGMPH264Level1_3,
+ kGMPH264Level2_0,
+ kGMPH264Level2_1,
+ kGMPH264Level2_2,
+ kGMPH264Level3_0,
+ kGMPH264Level3_1,
+ kGMPH264Level3_2,
+ kGMPH264Level4_0,
+ kGMPH264Level4_1,
+ kGMPH264Level4_2,
+ kGMPH264Level5_0,
+ kGMPH264Level5_1,
+ kGMPH264Level5_2
+};
+
+enum GMPRateControlMode {
+ kGMPRateControlUnknown,
+ kGMPRateControlBitrate,
+ kGMPRateControlQuality,
+ kGMPRateControlBufferBased,
+ kGMPRateControlTimestamp,
+ kGMPRateControlBitratePostskip,
+ kGMPRateControlOff
+};
+
+enum GMPSliceMode {
+ kGMPSliceUnknown,
+ kGMPSliceSingle,
+ kGMPSliceFixedSlcNum,
+ kGMPSliceRaster,
+ kGMPSliceSizeLimited
+};
+
+enum GMPApiVersion {
+ kGMPVersion32 =
+ 1, // leveraging that V32 had mCodecType first, and only supported H264
+ kGMPVersion33 = 33,
+
+ // Adds GMPVideoi420Frame::SetUpdatedTimestamp/UpdatedTimestamp
+ kGMPVersion34 = 34,
+
+ // Adds new options for encoding
+ kGMPVersion35 = 35,
+};
+
+struct GMPVideoCodec {
+ uint32_t mGMPApiVersion;
+
+ GMPVideoCodecType mCodecType;
+ char mPLName[kGMPPayloadNameSize]; // Must be NULL-terminated!
+ uint32_t mPLType;
+
+ uint32_t mWidth;
+ uint32_t mHeight;
+
+ uint32_t mStartBitrate; // kilobits/sec.
+ uint32_t mMaxBitrate; // kilobits/sec.
+ uint32_t mMinBitrate; // kilobits/sec.
+ uint32_t mMaxFramerate;
+
+ bool mFrameDroppingOn;
+ int32_t mKeyFrameInterval;
+
+ uint32_t mQPMax;
+ uint32_t mNumberOfSimulcastStreams;
+ GMPSimulcastStream mSimulcastStream[kGMPMaxSimulcastStreams];
+
+ GMPVideoCodecMode mMode;
+
+ // Since GMP version 34
+ bool mUseThreadedDecode;
+ GMPLogLevel mLogLevel;
+
+ // Since GMP version 35
+ GMPLevel mLevel;
+ GMPProfile mProfile;
+ GMPRateControlMode mRateControlMode;
+ GMPSliceMode mSliceMode;
+ bool mUseThreadedEncode;
+};
+
+// Either single encoded unit, or multiple units separated by 8/16/24/32
+// bit lengths, all with the same timestamp. Note there is no final 0-length
+// entry; one should check the overall end-of-buffer against where the next
+// length would be.
+enum GMPBufferType {
+ GMP_BufferSingle = 0,
+ GMP_BufferLength8,
+ GMP_BufferLength16,
+ GMP_BufferLength24,
+ GMP_BufferLength32,
+ GMP_BufferInvalid,
+};
+
+struct GMPCodecSpecificInfoGeneric {
+ uint8_t mSimulcastIdx;
+};
+
+struct GMPCodecSpecificInfoH264 {
+ uint8_t mSimulcastIdx;
+};
+
+// Note: if any pointers are added to this struct, it must be fitted
+// with a copy-constructor. See below.
+struct GMPCodecSpecificInfoVP8 {
+ bool mHasReceivedSLI;
+ uint8_t mPictureIdSLI;
+ bool mHasReceivedRPSI;
+ uint64_t mPictureIdRPSI;
+ int16_t mPictureId; // negative value to skip pictureId
+ bool mNonReference;
+ uint8_t mSimulcastIdx;
+ uint8_t mTemporalIdx;
+ bool mLayerSync;
+ int32_t mTL0PicIdx; // negative value to skip tl0PicIdx
+ int8_t mKeyIdx; // negative value to skip keyIdx
+};
+
+union GMPCodecSpecificInfoUnion {
+ GMPCodecSpecificInfoGeneric mGeneric;
+ GMPCodecSpecificInfoVP8 mVP8;
+ GMPCodecSpecificInfoH264 mH264;
+};
+
+// Note: if any pointers are added to this struct or its sub-structs, it
+// must be fitted with a copy-constructor. This is because it is copied
+// in the copy-constructor of VCMEncodedFrame.
+struct GMPCodecSpecificInfo {
+ GMPVideoCodecType mCodecType;
+ GMPBufferType mBufferType;
+ GMPCodecSpecificInfoUnion mCodecSpecific;
+};
+
+#endif // GMP_VIDEO_CODEC_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-decode.h b/dom/media/gmp/gmp-api/gmp-video-decode.h
new file mode 100644
index 0000000000..561e841d39
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-decode.h
@@ -0,0 +1,125 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_DECODE_h_
+#define GMP_VIDEO_DECODE_h_
+
+#include "gmp-errors.h"
+#include "gmp-video-frame-i420.h"
+#include "gmp-video-frame-encoded.h"
+#include "gmp-video-codec.h"
+#include <stdint.h>
+
+// ALL METHODS MUST BE CALLED ON THE MAIN THREAD
+class GMPVideoDecoderCallback {
+ public:
+ virtual ~GMPVideoDecoderCallback() {}
+
+ virtual void Decoded(GMPVideoi420Frame* aDecodedFrame) = 0;
+
+ virtual void ReceivedDecodedReferenceFrame(const uint64_t aPictureId) = 0;
+
+ virtual void ReceivedDecodedFrame(const uint64_t aPictureId) = 0;
+
+ virtual void InputDataExhausted() = 0;
+
+ virtual void DrainComplete() = 0;
+
+ virtual void ResetComplete() = 0;
+
+ // Called when the decoder encounters a catestrophic error and cannot
+ // continue. Gecko will not send any more input for decoding.
+ virtual void Error(GMPErr aError) = 0;
+};
+
+#define GMP_API_VIDEO_DECODER "decode-video"
+
+// Video decoding for a single stream. A GMP may be asked to create multiple
+// decoders concurrently.
+//
+// API name macro: GMP_API_VIDEO_DECODER
+// Host API: GMPVideoHost
+//
+// ALL METHODS MUST BE CALLED ON THE MAIN THREAD
+class GMPVideoDecoder {
+ public:
+ virtual ~GMPVideoDecoder() {}
+
+ // - aCodecSettings: Details of decoder to create.
+ // - aCodecSpecific: codec specific data, cast to a GMPVideoCodecXXX struct
+ // to get codec specific config data.
+ // - aCodecSpecificLength: number of bytes in aCodecSpecific.
+ // - aCallback: Subclass should retain reference to it until DecodingComplete
+ // is called. Do not attempt to delete it, host retains
+ // ownership.
+ // aCoreCount: number of CPU cores.
+ virtual void InitDecode(const GMPVideoCodec& aCodecSettings,
+ const uint8_t* aCodecSpecific,
+ uint32_t aCodecSpecificLength,
+ GMPVideoDecoderCallback* aCallback,
+ int32_t aCoreCount) = 0;
+
+ // Decode encoded frame (as a part of a video stream). The decoded frame
+ // will be returned to the user through the decode complete callback.
+ //
+ // - aInputFrame: Frame to decode. Call Destroy() on frame when it's decoded.
+ // - aMissingFrames: True if one or more frames have been lost since the
+ // previous decode call.
+ // - aCodecSpecificInfo : codec specific data, pointer to a
+ // GMPCodecSpecificInfo structure appropriate for
+ // this codec type.
+ // - aCodecSpecificInfoLength : number of bytes in aCodecSpecificInfo
+ // - renderTimeMs : System time to render in milliseconds. Only used by
+ // decoders with internal rendering.
+ virtual void Decode(GMPVideoEncodedFrame* aInputFrame, bool aMissingFrames,
+ const uint8_t* aCodecSpecificInfo,
+ uint32_t aCodecSpecificInfoLength,
+ int64_t aRenderTimeMs = -1) = 0;
+
+ // Reset decoder state and prepare for a new call to Decode(...).
+ // Flushes the decoder pipeline.
+ // The decoder should enqueue a task to run ResetComplete() on the main
+ // thread once the reset has finished.
+ virtual void Reset() = 0;
+
+ // Output decoded frames for any data in the pipeline, regardless of ordering.
+ // All remaining decoded frames should be immediately returned via callback.
+ // The decoder should enqueue a task to run DrainComplete() on the main
+ // thread once the reset has finished.
+ virtual void Drain() = 0;
+
+ // May free decoder memory.
+ virtual void DecodingComplete() = 0;
+};
+
+#endif // GMP_VIDEO_DECODE_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-encode.h b/dom/media/gmp/gmp-api/gmp-video-encode.h
new file mode 100644
index 0000000000..850d34abd1
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-encode.h
@@ -0,0 +1,133 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_ENCODE_h_
+#define GMP_VIDEO_ENCODE_h_
+
+#include <vector>
+#include <stdint.h>
+
+#include "gmp-errors.h"
+#include "gmp-video-frame-i420.h"
+#include "gmp-video-frame-encoded.h"
+#include "gmp-video-codec.h"
+
+// ALL METHODS MUST BE CALLED ON THE MAIN THREAD
+class GMPVideoEncoderCallback {
+ public:
+ virtual ~GMPVideoEncoderCallback() {}
+
+ virtual void Encoded(GMPVideoEncodedFrame* aEncodedFrame,
+ const uint8_t* aCodecSpecificInfo,
+ uint32_t aCodecSpecificInfoLength) = 0;
+
+ // Called when the encoder encounters a catestrophic error and cannot
+ // continue. Gecko will not send any more input for encoding.
+ virtual void Error(GMPErr aError) = 0;
+};
+
+#define GMP_API_VIDEO_ENCODER "encode-video"
+
+// Video encoding for a single stream. A GMP may be asked to create multiple
+// encoders concurrently.
+//
+// API name macro: GMP_API_VIDEO_ENCODER
+// Host API: GMPVideoHost
+//
+// ALL METHODS MUST BE CALLED ON THE MAIN THREAD
+class GMPVideoEncoder {
+ public:
+ virtual ~GMPVideoEncoder() {}
+
+ // Initialize the encoder with the information from the VideoCodec.
+ //
+ // Input:
+ // - codecSettings : Codec settings
+ // - aCodecSpecific : codec specific data, pointer to a
+ // GMPCodecSpecific structure appropriate for
+ // this codec type.
+ // - aCodecSpecificLength : number of bytes in aCodecSpecific
+ // - aCallback: Subclass should retain reference to it until EncodingComplete
+ // is called. Do not attempt to delete it, host retains
+ // ownership.
+ // - aNnumberOfCores : Number of cores available for the encoder
+ // - aMaxPayloadSize : The maximum size each payload is allowed
+ // to have. Usually MTU - overhead.
+ virtual void InitEncode(const GMPVideoCodec& aCodecSettings,
+ const uint8_t* aCodecSpecific,
+ uint32_t aCodecSpecificLength,
+ GMPVideoEncoderCallback* aCallback,
+ int32_t aNumberOfCores, uint32_t aMaxPayloadSize) = 0;
+
+ // Encode an I420 frame (as a part of a video stream). The encoded frame
+ // will be returned to the user through the encode complete callback.
+ //
+ // Input:
+ // - aInputFrame : Frame to be encoded
+ // - aCodecSpecificInfo : codec specific data, pointer to a
+ // GMPCodecSpecificInfo structure appropriate for
+ // this codec type.
+ // - aCodecSpecificInfoLength : number of bytes in aCodecSpecific
+ // - aFrameTypes : The frame type to encode
+ // - aFrameTypesLength : The number of elements in aFrameTypes array.
+ virtual void Encode(GMPVideoi420Frame* aInputFrame,
+ const uint8_t* aCodecSpecificInfo,
+ uint32_t aCodecSpecificInfoLength,
+ const GMPVideoFrameType* aFrameTypes,
+ uint32_t aFrameTypesLength) = 0;
+
+ // Inform the encoder about the packet loss and round trip time on the
+ // network used to decide the best pattern and signaling.
+ //
+ // - packetLoss : Fraction lost (loss rate in percent =
+ // 100 * packetLoss / 255)
+ // - rtt : Round-trip time in milliseconds
+ virtual void SetChannelParameters(uint32_t aPacketLoss, uint32_t aRTT) = 0;
+
+ // Inform the encoder about the new target bit rate.
+ //
+ // - newBitRate : New target bit rate
+ // - frameRate : The target frame rate
+ virtual void SetRates(uint32_t aNewBitRate, uint32_t aFrameRate) = 0;
+
+ // Use this function to enable or disable periodic key frames. Can be useful
+ // for codecs which have other ways of stopping error propagation.
+ //
+ // - enable : Enable or disable periodic key frames
+ virtual void SetPeriodicKeyFrames(bool aEnable) = 0;
+
+ // May free Encoder memory.
+ virtual void EncodingComplete() = 0;
+};
+
+#endif // GMP_VIDEO_ENCODE_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-frame-encoded.h b/dom/media/gmp/gmp-api/gmp-video-frame-encoded.h
new file mode 100644
index 0000000000..42683aa129
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-frame-encoded.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_FRAME_ENCODED_h_
+#define GMP_VIDEO_FRAME_ENCODED_h_
+
+#include <stdint.h>
+#include "gmp-video-frame.h"
+#include "gmp-video-codec.h"
+
+enum GMPVideoFrameType {
+ kGMPKeyFrame = 0,
+ kGMPDeltaFrame = 1,
+ kGMPGoldenFrame = 2,
+ kGMPAltRefFrame = 3,
+ kGMPSkipFrame = 4,
+ kGMPVideoFrameInvalid = 5 // Must always be last.
+};
+
+// The implementation backing this interface uses shared memory for the
+// buffer(s). This means it can only be used by the "owning" process.
+// At first the process which created the object owns it. When the object
+// is passed to an interface the creator loses ownership and must Destroy()
+// the object. Further attempts to use it may fail due to not being able to
+// access the underlying buffer(s).
+//
+// Methods that create or destroy shared memory must be called on the main
+// thread. They are marked below.
+class GMPVideoEncodedFrame : public GMPVideoFrame {
+ public:
+ // MAIN THREAD ONLY
+ virtual GMPErr CreateEmptyFrame(uint32_t aSize) = 0;
+ // MAIN THREAD ONLY
+ virtual GMPErr CopyFrame(const GMPVideoEncodedFrame& aVideoFrame) = 0;
+ virtual void SetEncodedWidth(uint32_t aEncodedWidth) = 0;
+ virtual uint32_t EncodedWidth() = 0;
+ virtual void SetEncodedHeight(uint32_t aEncodedHeight) = 0;
+ virtual uint32_t EncodedHeight() = 0;
+ // Microseconds
+ virtual void SetTimeStamp(uint64_t aTimeStamp) = 0;
+ virtual uint64_t TimeStamp() = 0;
+ // Set frame duration (microseconds)
+ // NOTE: next-frame's Timestamp() != this-frame's TimeStamp()+Duration()
+ // depending on rounding to avoid having to track roundoff errors
+ // and dropped/missing frames(!) (which may leave a large gap)
+ virtual void SetDuration(uint64_t aDuration) = 0;
+ virtual uint64_t Duration() const = 0;
+ virtual void SetFrameType(GMPVideoFrameType aFrameType) = 0;
+ virtual GMPVideoFrameType FrameType() = 0;
+ virtual void SetAllocatedSize(uint32_t aNewSize) = 0;
+ virtual uint32_t AllocatedSize() = 0;
+ virtual void SetSize(uint32_t aSize) = 0;
+ virtual uint32_t Size() = 0;
+ virtual void SetCompleteFrame(bool aCompleteFrame) = 0;
+ virtual bool CompleteFrame() = 0;
+ virtual const uint8_t* Buffer() const = 0;
+ virtual uint8_t* Buffer() = 0;
+ virtual GMPBufferType BufferType() const = 0;
+ virtual void SetBufferType(GMPBufferType aBufferType) = 0;
+};
+
+#endif // GMP_VIDEO_FRAME_ENCODED_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-frame-i420.h b/dom/media/gmp/gmp-api/gmp-video-frame-i420.h
new file mode 100644
index 0000000000..bf64b90903
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-frame-i420.h
@@ -0,0 +1,142 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_FRAME_I420_h_
+#define GMP_VIDEO_FRAME_I420_h_
+
+#include "gmp-errors.h"
+#include "gmp-video-frame.h"
+#include "gmp-video-plane.h"
+
+#include <stdint.h>
+
+enum GMPPlaneType {
+ kGMPYPlane = 0,
+ kGMPUPlane = 1,
+ kGMPVPlane = 2,
+ kGMPNumOfPlanes = 3
+};
+
+// The implementation backing this interface uses shared memory for the
+// buffer(s). This means it can only be used by the "owning" process.
+// At first the process which created the object owns it. When the object
+// is passed to an interface the creator loses ownership and must Destroy()
+// the object. Further attempts to use it may fail due to not being able to
+// access the underlying buffer(s).
+//
+// Methods that create or destroy shared memory must be called on the main
+// thread. They are marked below.
+class GMPVideoi420Frame : public GMPVideoFrame {
+ public:
+ // MAIN THREAD ONLY
+ // CreateEmptyFrame: Sets frame dimensions and allocates buffers based
+ // on set dimensions - height and plane stride.
+ // If required size is bigger than the allocated one, new buffers of adequate
+ // size will be allocated.
+ virtual GMPErr CreateEmptyFrame(int32_t aWidth, int32_t aHeight,
+ int32_t aStride_y, int32_t aStride_u,
+ int32_t aStride_v) = 0;
+
+ // MAIN THREAD ONLY
+ // CreateFrame: Sets the frame's members and buffers. If required size is
+ // bigger than allocated one, new buffers of adequate size will be allocated.
+ virtual GMPErr CreateFrame(int32_t aSize_y, const uint8_t* aBuffer_y,
+ int32_t aSize_u, const uint8_t* aBuffer_u,
+ int32_t aSize_v, const uint8_t* aBuffer_v,
+ int32_t aWidth, int32_t aHeight, int32_t aStride_y,
+ int32_t aStride_u, int32_t aStride_v) = 0;
+
+ // MAIN THREAD ONLY
+ // Copy frame: If required size is bigger than allocated one, new buffers of
+ // adequate size will be allocated.
+ virtual GMPErr CopyFrame(const GMPVideoi420Frame& aVideoFrame) = 0;
+
+ // Swap Frame.
+ virtual void SwapFrame(GMPVideoi420Frame* aVideoFrame) = 0;
+
+ // Get pointer to buffer per plane.
+ virtual uint8_t* Buffer(GMPPlaneType aType) = 0;
+
+ // Overloading with const.
+ virtual const uint8_t* Buffer(GMPPlaneType aType) const = 0;
+
+ // Get allocated size per plane.
+ virtual int32_t AllocatedSize(GMPPlaneType aType) const = 0;
+
+ // Get allocated stride per plane.
+ virtual int32_t Stride(GMPPlaneType aType) const = 0;
+
+ // Set frame width.
+ virtual GMPErr SetWidth(int32_t aWidth) = 0;
+
+ // Set frame height.
+ virtual GMPErr SetHeight(int32_t aHeight) = 0;
+
+ // Get frame width.
+ virtual int32_t Width() const = 0;
+
+ // Get frame height.
+ virtual int32_t Height() const = 0;
+
+ // Set frame timestamp (microseconds)
+ virtual void SetTimestamp(uint64_t aTimestamp) = 0;
+
+ // Get frame timestamp (microseconds)
+ virtual uint64_t Timestamp() const = 0;
+
+ // Set frame duration (microseconds)
+ // NOTE: next-frame's Timestamp() != this-frame's TimeStamp()+Duration()
+ // depending on rounding to avoid having to track roundoff errors
+ // and dropped/missing frames(!) (which may leave a large gap)
+ virtual void SetDuration(uint64_t aDuration) = 0;
+
+ // Get frame duration (microseconds)
+ virtual uint64_t Duration() const = 0;
+
+ // Return true if underlying plane buffers are of zero size, false if not.
+ virtual bool IsZeroSize() const = 0;
+
+ // Reset underlying plane buffers sizes to 0. This function doesn't clear
+ // memory.
+ virtual void ResetSize() = 0;
+
+ // -- These methods have been added in kGMPVersion34 --
+
+ // Set an updated frame timestamp (microseconds) from decoder
+ virtual void SetUpdatedTimestamp(uint64_t aTimestamp) = 0;
+
+ // Get an updated frame timestamp (microseconds) from decoder
+ virtual uint64_t UpdatedTimestamp() const = 0;
+};
+
+#endif // GMP_VIDEO_FRAME_I420_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-frame.h b/dom/media/gmp/gmp-api/gmp-video-frame.h
new file mode 100644
index 0000000000..8f202e1196
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-frame.h
@@ -0,0 +1,48 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_FRAME_h_
+#define GMP_VIDEO_FRAME_h_
+
+#include "gmp-video-plane.h"
+
+enum GMPVideoFrameFormat { kGMPEncodedVideoFrame = 0, kGMPI420VideoFrame = 1 };
+
+class GMPVideoFrame {
+ public:
+ virtual GMPVideoFrameFormat GetFrameFormat() = 0;
+ // MAIN THREAD ONLY IF OWNING PROCESS
+ virtual void Destroy() = 0;
+};
+
+#endif // GMP_VIDEO_FRAME_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-host.h b/dom/media/gmp/gmp-api/gmp-video-host.h
new file mode 100644
index 0000000000..e1a6c742aa
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-host.h
@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_HOST_h_
+#define GMP_VIDEO_HOST_h_
+
+#include "gmp-errors.h"
+#include "gmp-video-frame-i420.h"
+#include "gmp-video-frame-encoded.h"
+#include "gmp-video-codec.h"
+
+// This interface must be called on the main thread only.
+class GMPVideoHost {
+ public:
+ // Construct various video API objects. Host does not retain reference,
+ // caller is owner and responsible for deleting.
+ // MAIN THREAD ONLY
+ virtual GMPErr CreateFrame(GMPVideoFrameFormat aFormat,
+ GMPVideoFrame** aFrame) = 0;
+ virtual GMPErr CreatePlane(GMPPlane** aPlane) = 0;
+};
+
+#endif // GMP_VIDEO_HOST_h_
diff --git a/dom/media/gmp/gmp-api/gmp-video-plane.h b/dom/media/gmp/gmp-api/gmp-video-plane.h
new file mode 100644
index 0000000000..58ca1041ca
--- /dev/null
+++ b/dom/media/gmp/gmp-api/gmp-video-plane.h
@@ -0,0 +1,94 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* Copyright (c) 2011, The WebRTC project authors. All rights reserved.
+ * Copyright (c) 2014, Mozilla
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ ** Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ ** Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ ** Neither the name of Google nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef GMP_VIDEO_PLANE_h_
+#define GMP_VIDEO_PLANE_h_
+
+#include "gmp-errors.h"
+#include <stdint.h>
+
+// The implementation backing this interface uses shared memory for the
+// buffer(s). This means it can only be used by the "owning" process.
+// At first the process which created the object owns it. When the object
+// is passed to an interface the creator loses ownership and must Destroy()
+// the object. Further attempts to use it may fail due to not being able to
+// access the underlying buffer(s).
+//
+// Methods that create or destroy shared memory must be called on the main
+// thread. They are marked below.
+class GMPPlane {
+ public:
+ // MAIN THREAD ONLY
+ // CreateEmptyPlane - set allocated size, actual plane size and stride:
+ // If current size is smaller than current size, then a buffer of sufficient
+ // size will be allocated.
+ virtual GMPErr CreateEmptyPlane(int32_t aAllocatedSize, int32_t aStride,
+ int32_t aPlaneSize) = 0;
+
+ // MAIN THREAD ONLY
+ // Copy the entire plane data.
+ virtual GMPErr Copy(const GMPPlane& aPlane) = 0;
+
+ // MAIN THREAD ONLY
+ // Copy buffer: If current size is smaller
+ // than current size, then a buffer of sufficient size will be allocated.
+ virtual GMPErr Copy(int32_t aSize, int32_t aStride,
+ const uint8_t* aBuffer) = 0;
+
+ // Swap plane data.
+ virtual void Swap(GMPPlane& aPlane) = 0;
+
+ // Get allocated size.
+ virtual int32_t AllocatedSize() const = 0;
+
+ // Set actual size.
+ virtual void ResetSize() = 0;
+
+ // Return true is plane size is zero, false if not.
+ virtual bool IsZeroSize() const = 0;
+
+ // Get stride value.
+ virtual int32_t Stride() const = 0;
+
+ // Return data pointer.
+ virtual const uint8_t* Buffer() const = 0;
+
+ // Overloading with non-const.
+ virtual uint8_t* Buffer() = 0;
+
+ // MAIN THREAD ONLY IF OWNING PROCESS
+ // Call this when done with the object. This may delete it.
+ virtual void Destroy() = 0;
+};
+
+#endif // GMP_VIDEO_PLANE_h_
diff --git a/dom/media/gmp/moz.build b/dom/media/gmp/moz.build
new file mode 100644
index 0000000000..a2b1be5ed8
--- /dev/null
+++ b/dom/media/gmp/moz.build
@@ -0,0 +1,149 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+XPIDL_MODULE = "content_geckomediaplugins"
+
+XPIDL_SOURCES += [
+ "mozIGeckoMediaPluginChromeService.idl",
+ "mozIGeckoMediaPluginService.idl",
+]
+
+EXPORTS += [
+ "ChromiumCDMCallback.h",
+ "ChromiumCDMParent.h",
+ "ChromiumCDMProxy.h",
+ "DecryptJob.h",
+ "gmp-api/gmp-entrypoints.h",
+ "gmp-api/gmp-errors.h",
+ "gmp-api/gmp-platform.h",
+ "gmp-api/gmp-storage.h",
+ "gmp-api/gmp-video-codec.h",
+ "gmp-api/gmp-video-decode.h",
+ "gmp-api/gmp-video-encode.h",
+ "gmp-api/gmp-video-frame-encoded.h",
+ "gmp-api/gmp-video-frame-i420.h",
+ "gmp-api/gmp-video-frame.h",
+ "gmp-api/gmp-video-host.h",
+ "gmp-api/gmp-video-plane.h",
+ "GMPCallbackBase.h",
+ "GMPChild.h",
+ "GMPContentChild.h",
+ "GMPContentParent.h",
+ "GMPCrashHelper.h",
+ "GMPCrashHelperHolder.h",
+ "GMPLoader.h",
+ "GMPMessageUtils.h",
+ "GMPNativeTypes.h",
+ "GMPParent.h",
+ "GMPPlatform.h",
+ "GMPProcessChild.h",
+ "GMPProcessParent.h",
+ "GMPSanitizedExports.h",
+ "GMPService.h",
+ "GMPServiceChild.h",
+ "GMPServiceParent.h",
+ "GMPSharedMemManager.h",
+ "GMPStorage.h",
+ "GMPStorageChild.h",
+ "GMPStorageParent.h",
+ "GMPTimerChild.h",
+ "GMPTimerParent.h",
+ "GMPUtils.h",
+ "GMPVideoDecoderChild.h",
+ "GMPVideoDecoderParent.h",
+ "GMPVideoDecoderProxy.h",
+ "GMPVideoEncodedFrameImpl.h",
+ "GMPVideoEncoderChild.h",
+ "GMPVideoEncoderParent.h",
+ "GMPVideoEncoderProxy.h",
+ "GMPVideoHost.h",
+ "GMPVideoi420FrameImpl.h",
+ "GMPVideoPlaneImpl.h",
+ "widevine-adapter/content_decryption_module.h",
+ "widevine-adapter/content_decryption_module_export.h",
+ "widevine-adapter/content_decryption_module_ext.h",
+ "widevine-adapter/content_decryption_module_proxy.h",
+]
+
+UNIFIED_SOURCES += [
+ "CDMStorageIdProvider.cpp",
+ "ChromiumCDMAdapter.cpp",
+ "ChromiumCDMCallbackProxy.cpp",
+ "ChromiumCDMChild.cpp",
+ "ChromiumCDMParent.cpp",
+ "ChromiumCDMProxy.cpp",
+ "DecryptJob.cpp",
+ "GMPChild.cpp",
+ "GMPContentChild.cpp",
+ "GMPContentParent.cpp",
+ "GMPCrashHelperHolder.cpp",
+ "GMPDiskStorage.cpp",
+ "GMPLoader.cpp",
+ "GMPMemoryStorage.cpp",
+ "GMPParent.cpp",
+ "GMPPlatform.cpp",
+ "GMPProcessChild.cpp",
+ "GMPProcessParent.cpp",
+ "GMPService.cpp",
+ "GMPServiceChild.cpp",
+ "GMPServiceParent.cpp",
+ "GMPSharedMemManager.cpp",
+ "GMPStorageChild.cpp",
+ "GMPStorageParent.cpp",
+ "GMPTimerChild.cpp",
+ "GMPTimerParent.cpp",
+ "GMPUtils.cpp",
+ "GMPVideoDecoderChild.cpp",
+ "GMPVideoDecoderParent.cpp",
+ "GMPVideoEncodedFrameImpl.cpp",
+ "GMPVideoEncoderChild.cpp",
+ "GMPVideoEncoderParent.cpp",
+ "GMPVideoHost.cpp",
+ "GMPVideoi420FrameImpl.cpp",
+ "GMPVideoPlaneImpl.cpp",
+]
+
+DIRS += [
+ "rlz",
+ "widevine-adapter",
+]
+
+IPDL_SOURCES += [
+ "GMPTypes.ipdlh",
+ "PChromiumCDM.ipdl",
+ "PGMPService.ipdl",
+ "PGMPStorage.ipdl",
+ "PGMPTimer.ipdl",
+ "PGMPVideoDecoder.ipdl",
+ "PGMPVideoEncoder.ipdl",
+]
+
+PREPROCESSED_IPDL_SOURCES += [
+ "PGMP.ipdl",
+ "PGMPContent.ipdl",
+]
+
+if CONFIG["OS_TARGET"] in ["WINNT", "Darwin"]:
+ DEFINES["SUPPORT_STORAGE_ID"] = 1
+
+include("/ipc/chromium/chromium-config.mozbuild")
+
+if CONFIG["MOZ_SANDBOX"]:
+ # For sandbox includes and the include dependencies those have
+ LOCAL_INCLUDES += [
+ "/security/sandbox/chromium",
+ "/security/sandbox/chromium-shim",
+ ]
+
+
+FINAL_LIBRARY = "xul"
+# dom/media/webrtc/transport so we work with --disable-webrtc
+LOCAL_INCLUDES += [
+ "/dom/media/webrtc/transport",
+ "/xpcom/base",
+ "/xpcom/build",
+ "/xpcom/threads",
+]
diff --git a/dom/media/gmp/mozIGeckoMediaPluginChromeService.idl b/dom/media/gmp/mozIGeckoMediaPluginChromeService.idl
new file mode 100644
index 0000000000..51dc545092
--- /dev/null
+++ b/dom/media/gmp/mozIGeckoMediaPluginChromeService.idl
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIFile.idl"
+
+[scriptable, uuid(32d35d21-181f-4630-8caa-a431e2ebad72)]
+interface mozIGeckoMediaPluginChromeService : nsISupports
+{
+ /**
+ * Add a directory to scan for gecko media plugins.
+ * @note Main-thread API.
+ */
+ void addPluginDirectory(in AString directory);
+
+ /**
+ * Remove a directory for gecko media plugins.
+ * @note Main-thread API.
+ */
+ void removePluginDirectory(in AString directory);
+
+ /**
+ * Remove a directory for gecko media plugins and delete it from disk.
+ * If |defer| is true, wait until the plugin is unused before removing.
+ * @note Main-thread API.
+ */
+ void removeAndDeletePluginDirectory(in AString directory,
+ [optional] in bool defer);
+
+ /**
+ * Clears storage data associated with the site and the originAttributes
+ * pattern in JSON format.
+ */
+ void forgetThisSite(in AString site,
+ in AString aPattern);
+
+ /**
+ * Clears storage data associated with the base domain
+ * This means cleaning any storage that is associated
+ * either by origin or top level origin with the base domain
+ */
+ void forgetThisBaseDomain(in AString baseDomain);
+
+ /**
+ * Returns true if the given node id is allowed to store things
+ * persistently on disk. Private Browsing and local content are not
+ * allowed to store persistent data.
+ */
+ bool isPersistentStorageAllowed(in ACString nodeId);
+
+ /**
+ * Returns the directory to use as the base for storing data about GMPs.
+ */
+ nsIFile getStorageDir();
+
+};
diff --git a/dom/media/gmp/mozIGeckoMediaPluginService.idl b/dom/media/gmp/mozIGeckoMediaPluginService.idl
new file mode 100644
index 0000000000..000cfef2f5
--- /dev/null
+++ b/dom/media/gmp/mozIGeckoMediaPluginService.idl
@@ -0,0 +1,131 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIThread.idl"
+
+interface nsIFile;
+
+%{C++
+#include "mozilla/UniquePtr.h"
+#include "nsTArray.h"
+#include "nsString.h"
+class GMPDecryptorProxy;
+class GMPVideoDecoderProxy;
+class GMPVideoEncoderProxy;
+class GMPVideoHost;
+
+namespace mozilla {
+class GMPCrashHelper;
+}
+
+template<class T>
+class GMPGetterCallback
+{
+public:
+ GMPGetterCallback() { MOZ_COUNT_CTOR(GMPGetterCallback<T>); }
+ virtual ~GMPGetterCallback() { MOZ_COUNT_DTOR(GMPGetterCallback<T>); }
+ virtual void Done(T*) = 0;
+};
+template<class T>
+class GMPVideoGetterCallback
+{
+public:
+ GMPVideoGetterCallback() { MOZ_COUNT_CTOR(GMPVideoGetterCallback<T>); }
+ virtual ~GMPVideoGetterCallback() { MOZ_COUNT_DTOR(GMPVideoGetterCallback<T>); }
+ virtual void Done(T*, GMPVideoHost*) = 0;
+};
+typedef GMPGetterCallback<GMPDecryptorProxy> GetGMPDecryptorCallback;
+typedef GMPVideoGetterCallback<GMPVideoDecoderProxy> GetGMPVideoDecoderCallback;
+typedef GMPVideoGetterCallback<GMPVideoEncoderProxy> GetGMPVideoEncoderCallback;
+class GetNodeIdCallback
+{
+public:
+ MOZ_COUNTED_DEFAULT_CTOR(GetNodeIdCallback)
+ MOZ_COUNTED_DTOR_VIRTUAL(GetNodeIdCallback)
+ virtual void Done(nsresult aResult, const nsACString& aNodeId) = 0;
+};
+%}
+
+[ptr] native TagArray(nsTArray<nsCString>);
+[ref] native ConstTagArrayRef(const nsTArray<nsCString>);
+native GetGMPDecryptorCallback(mozilla::UniquePtr<GetGMPDecryptorCallback>&&);
+native GetGMPVideoDecoderCallback(mozilla::UniquePtr<GetGMPVideoDecoderCallback>&&);
+native GetGMPVideoEncoderCallback(mozilla::UniquePtr<GetGMPVideoEncoderCallback>&&);
+native GetNodeIdCallback(mozilla::UniquePtr<GetNodeIdCallback>&&);
+native GMPCrashHelperPtr(mozilla::GMPCrashHelper*);
+
+[scriptable, uuid(44d362ae-937a-4803-bee6-f2512a0149d1)]
+interface mozIGeckoMediaPluginService : nsISupports
+{
+
+ /**
+ * The GMP thread. Callable from any thread.
+ */
+ readonly attribute nsIThread thread;
+
+ /**
+ * Run through windows registered registered for pluginId, sending
+ * 'PluginCrashed' chrome-only event
+ */
+ void RunPluginCrashCallbacks(in unsigned long pluginId, in ACString pluginName);
+
+ /**
+ * Get a plugin that supports the specified tags.
+ * Callable on any thread
+ */
+ [noscript]
+ boolean hasPluginForAPI(in ACString api, in ConstTagArrayRef tags);
+
+ /**
+ * Get the plugin directory for a plugin that supports the specified tags.
+ * Callable on any thread
+ */
+ [noscript]
+ nsIFile findPluginDirectoryForAPI(in ACString api, in ConstTagArrayRef tags);
+
+ /**
+ * Get a video decoder that supports the specified tags.
+ * The array of tags should at least contain a codec tag, and optionally
+ * other tags such as for EME keysystem.
+ * Callable only on GMP thread.
+ * This is an asynchronous operation, the Done method of the callback object
+ * will be called on the GMP thread with the result (which might be null in
+ * the case of failure). This method always takes ownership of the callback
+ * object, but if this method returns an error then the Done method of the
+ * callback object will not be called at all.
+ */
+ [noscript]
+ void getGMPVideoDecoder(in GMPCrashHelperPtr helper,
+ in TagArray tags,
+ [optional] in ACString nodeId,
+ in GetGMPVideoDecoderCallback callback);
+
+ /**
+ * Get a video encoder that supports the specified tags.
+ * The array of tags should at least contain a codec tag, and optionally
+ * other tags.
+ * Callable only on GMP thread.
+ * This is an asynchronous operation, the Done method of the callback object
+ * will be called on the GMP thread with the result (which might be null in
+ * the case of failure). This method always takes ownership of the callback
+ * object, but if this method returns an error then the Done method of the
+ * callback object will not be called at all.
+ */
+ [noscript]
+ void getGMPVideoEncoder(in GMPCrashHelperPtr helper,
+ in TagArray tags,
+ [optional] in ACString nodeId,
+ in GetGMPVideoEncoderCallback callback);
+
+ /**
+ * Gets the NodeId for a (origin, urlbarOrigin) pair.
+ */
+ [noscript]
+ void getNodeId(in AString origin,
+ in AString topLevelOrigin,
+ in AString gmpName,
+ in GetNodeIdCallback callback);
+};
diff --git a/dom/media/gmp/rlz/OWNERS b/dom/media/gmp/rlz/OWNERS
new file mode 100644
index 0000000000..66f24ebb37
--- /dev/null
+++ b/dom/media/gmp/rlz/OWNERS
@@ -0,0 +1,4 @@
+rogerta@chromium.org
+thakis@chromium.org
+
+# COMPONENT: Internals>Core
diff --git a/dom/media/gmp/rlz/README.mozilla b/dom/media/gmp/rlz/README.mozilla
new file mode 100644
index 0000000000..4408737a5e
--- /dev/null
+++ b/dom/media/gmp/rlz/README.mozilla
@@ -0,0 +1,4 @@
+Code taken from rlz project in Chromium repository: https://chromium.googlesource.com/chromium/src.git/+/6f3478dfd7d29b9872871718bd08493ed0c8bc8e
+
+Note: base/ contains wrappers/dummies to provide implementations of the
+Chromium APIs that this code relies upon.
diff --git a/dom/media/gmp/rlz/lib/assert.h b/dom/media/gmp/rlz/lib/assert.h
new file mode 100644
index 0000000000..c64dd7ff82
--- /dev/null
+++ b/dom/media/gmp/rlz/lib/assert.h
@@ -0,0 +1,14 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef FAKE_ASSERT_H_
+#define FAKE_ASSERT_H_
+
+#include <assert.h>
+
+#define ASSERT_STRING(x) { assert(false); }
+#define VERIFY(x) { assert(x); };
+
+#endif
diff --git a/dom/media/gmp/rlz/lib/crc8.cc b/dom/media/gmp/rlz/lib/crc8.cc
new file mode 100644
index 0000000000..fe02eabf1b
--- /dev/null
+++ b/dom/media/gmp/rlz/lib/crc8.cc
@@ -0,0 +1,90 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "rlz/lib/crc8.h"
+
+namespace {
+
+// The CRC lookup table used for ATM HES (Polynomial = 0x07).
+// These are 256 unique 8-bit values.
+const unsigned char kCrcTable[256] = {
+ 0x00, 0x07, 0x0E, 0x09, 0x1C, 0x1B, 0x12, 0x15,
+ 0x38, 0x3F, 0x36, 0x31, 0x24, 0x23, 0x2A, 0x2D,
+ 0x70, 0x77, 0x7E, 0x79, 0x6C, 0x6B, 0x62, 0x65,
+ 0x48, 0x4F, 0x46, 0x41, 0x54, 0x53, 0x5A, 0x5D,
+ 0xE0, 0xE7, 0xEE, 0xE9, 0xFC, 0xFB, 0xF2, 0xF5,
+ 0xD8, 0xDF, 0xD6, 0xD1, 0xC4, 0xC3, 0xCA, 0xCD,
+ 0x90, 0x97, 0x9E, 0x99, 0x8C, 0x8B, 0x82, 0x85,
+ 0xA8, 0xAF, 0xA6, 0xA1, 0xB4, 0xB3, 0xBA, 0xBD,
+ 0xC7, 0xC0, 0xC9, 0xCE, 0xDB, 0xDC, 0xD5, 0xD2,
+ 0xFF, 0xF8, 0xF1, 0xF6, 0xE3, 0xE4, 0xED, 0xEA,
+ 0xB7, 0xB0, 0xB9, 0xBE, 0xAB, 0xAC, 0xA5, 0xA2,
+ 0x8F, 0x88, 0x81, 0x86, 0x93, 0x94, 0x9D, 0x9A,
+ 0x27, 0x20, 0x29, 0x2E, 0x3B, 0x3C, 0x35, 0x32,
+ 0x1F, 0x18, 0x11, 0x16, 0x03, 0x04, 0x0D, 0x0A,
+ 0x57, 0x50, 0x59, 0x5E, 0x4B, 0x4C, 0x45, 0x42,
+ 0x6F, 0x68, 0x61, 0x66, 0x73, 0x74, 0x7D, 0x7A,
+ 0x89, 0x8E, 0x87, 0x80, 0x95, 0x92, 0x9B, 0x9C,
+ 0xB1, 0xB6, 0xBF, 0xB8, 0xAD, 0xAA, 0xA3, 0xA4,
+ 0xF9, 0xFE, 0xF7, 0xF0, 0xE5, 0xE2, 0xEB, 0xEC,
+ 0xC1, 0xC6, 0xCF, 0xC8, 0xDD, 0xDA, 0xD3, 0xD4,
+ 0x69, 0x6E, 0x67, 0x60, 0x75, 0x72, 0x7B, 0x7C,
+ 0x51, 0x56, 0x5F, 0x58, 0x4D, 0x4A, 0x43, 0x44,
+ 0x19, 0x1E, 0x17, 0x10, 0x05, 0x02, 0x0B, 0x0C,
+ 0x21, 0x26, 0x2F, 0x28, 0x3D, 0x3A, 0x33, 0x34,
+ 0x4E, 0x49, 0x40, 0x47, 0x52, 0x55, 0x5C, 0x5B,
+ 0x76, 0x71, 0x78, 0x7F, 0x6A, 0x6D, 0x64, 0x63,
+ 0x3E, 0x39, 0x30, 0x37, 0x22, 0x25, 0x2C, 0x2B,
+ 0x06, 0x01, 0x08, 0x0F, 0x1A, 0x1D, 0x14, 0x13,
+ 0xAE, 0xA9, 0xA0, 0xA7, 0xB2, 0xB5, 0xBC, 0xBB,
+ 0x96, 0x91, 0x98, 0x9F, 0x8A, 0x8D, 0x84, 0x83,
+ 0xDE, 0xD9, 0xD0, 0xD7, 0xC2, 0xC5, 0xCC, 0xCB,
+ 0xE6, 0xE1, 0xE8, 0xEF, 0xFA, 0xFD, 0xF4, 0xF3
+};
+
+} // namespace anonymous
+
+
+namespace rlz_lib {
+
+bool Crc8::Generate(const unsigned char *data, int length,
+ unsigned char* check_sum) {
+ if (!check_sum)
+ return false;
+
+ *check_sum = 0;
+ if (!data)
+ return false;
+
+ // The inital and final constants are as used in the ATM HEC.
+ static const unsigned char kInitial = 0x00;
+ static const unsigned char kFinal = 0x55;
+ unsigned char crc = kInitial;
+ for (int i = 0; i < length; ++i) {
+ crc = kCrcTable[(data[i] ^ crc) & 0xFFU];
+ }
+
+ *check_sum = crc ^ kFinal;
+ return true;
+}
+
+bool Crc8::Verify(const unsigned char* data, int length,
+ unsigned char check_sum, bool* matches) {
+ if (!matches)
+ return false;
+
+ *matches = false;
+ if (!data)
+ return false;
+
+ unsigned char calculated_crc;
+ if (!Generate(data, length, &calculated_crc))
+ return false;
+
+ *matches = check_sum == calculated_crc;
+
+ return true;
+}
+
+} // namespace rlz_lib
diff --git a/dom/media/gmp/rlz/lib/crc8.h b/dom/media/gmp/rlz/lib/crc8.h
new file mode 100644
index 0000000000..6c3c84859b
--- /dev/null
+++ b/dom/media/gmp/rlz/lib/crc8.h
@@ -0,0 +1,24 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Crc8 utility functions.
+
+#ifndef RLZ_LIB_CRC8_H_
+#define RLZ_LIB_CRC8_H_
+
+namespace rlz_lib {
+// CRC-8 methods:
+class Crc8 {
+ public:
+ static bool Generate(const unsigned char* data,
+ int length,
+ unsigned char* check_sum);
+ static bool Verify(const unsigned char* data,
+ int length,
+ unsigned char checksum,
+ bool * matches);
+};
+}; // namespace rlz_lib
+
+#endif // RLZ_LIB_CRC8_H_
diff --git a/dom/media/gmp/rlz/lib/machine_id.cc b/dom/media/gmp/rlz/lib/machine_id.cc
new file mode 100644
index 0000000000..dd41e52001
--- /dev/null
+++ b/dom/media/gmp/rlz/lib/machine_id.cc
@@ -0,0 +1,93 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "rlz/lib/machine_id.h"
+
+#include <stddef.h>
+
+#include "rlz/lib/assert.h"
+#include "rlz/lib/crc8.h"
+#include "rlz/lib/string_utils.h"
+
+// Note: The original machine_id.cc code depends on Chromium's sha1 implementation.
+// Using Mozilla's implmentation as replacement to reduce the dependency of
+// some external files.
+#include "mozilla/SHA1.h"
+
+namespace rlz_lib {
+
+bool GetMachineId(std::string* machine_id) {
+ if (!machine_id)
+ return false;
+
+ static std::string calculated_id;
+ static bool calculated = false;
+ if (calculated) {
+ *machine_id = calculated_id;
+ return true;
+ }
+
+ std::vector<uint8_t> sid_bytes;
+ int volume_id;
+ if (!GetRawMachineId(&sid_bytes, &volume_id))
+ return false;
+
+ if (!testing::GetMachineIdImpl(sid_bytes, volume_id, machine_id))
+ return false;
+
+ calculated = true;
+ calculated_id = *machine_id;
+ return true;
+}
+
+namespace testing {
+
+bool GetMachineIdImpl(const std::vector<uint8_t>& sid_bytes,
+ int volume_id,
+ std::string* machine_id) {
+ machine_id->clear();
+
+ // The ID should be the SID hash + the Hard Drive SNo. + checksum byte.
+ static const int kSizeWithoutChecksum = mozilla::SHA1Sum::kHashSize + sizeof(int);
+ std::vector<unsigned char> id_binary(kSizeWithoutChecksum + 1, 0);
+
+ if (!sid_bytes.empty()) {
+ // In order to be compatible with the old version of RLZ, the hash of the
+ // SID must be done with all the original bytes from the unicode string.
+ // However, the chromebase SHA1 hash function takes only an std::string as
+ // input, so the unicode string needs to be converted to std::string
+ // "as is".
+ size_t byte_count = sid_bytes.size() * sizeof(std::vector<uint8_t>::value_type);
+ const char* buffer = reinterpret_cast<const char*>(sid_bytes.data());
+
+ // Note that digest can have embedded nulls.
+ mozilla::SHA1Sum SHA1;
+ mozilla::SHA1Sum::Hash hash;
+ SHA1.update(buffer, byte_count);
+ SHA1.finish(hash);
+ std::string digest(reinterpret_cast<char*>(hash), mozilla::SHA1Sum::kHashSize);
+ VERIFY(digest.size() == mozilla::SHA1Sum::kHashSize);
+ std::copy(digest.begin(), digest.end(), id_binary.begin());
+ }
+
+ // Convert from int to binary (makes big-endian).
+ for (size_t i = 0; i < sizeof(int); i++) {
+ int shift_bits = 8 * (sizeof(int) - i - 1);
+ id_binary[mozilla::SHA1Sum::kHashSize + i] = static_cast<unsigned char>(
+ (volume_id >> shift_bits) & 0xFF);
+ }
+
+ // Append the checksum byte.
+ if (!sid_bytes.empty() || (0 != volume_id))
+ rlz_lib::Crc8::Generate(id_binary.data(),
+ kSizeWithoutChecksum,
+ &id_binary[kSizeWithoutChecksum]);
+
+ return rlz_lib::BytesToString(
+ id_binary.data(), kSizeWithoutChecksum + 1, machine_id);
+}
+
+} // namespace testing
+
+} // namespace rlz_lib
diff --git a/dom/media/gmp/rlz/lib/machine_id.h b/dom/media/gmp/rlz/lib/machine_id.h
new file mode 100644
index 0000000000..5fa343efa3
--- /dev/null
+++ b/dom/media/gmp/rlz/lib/machine_id.h
@@ -0,0 +1,33 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef RLZ_LIB_MACHINE_ID_H_
+#define RLZ_LIB_MACHINE_ID_H_
+
+#include <string>
+#include <vector>
+
+namespace rlz_lib {
+
+// Gets the unique ID for the machine used for RLZ tracking purposes. On
+// Windows, this ID is derived from the Windows machine SID, and is the string
+// representation of a 20 byte hash + 4 bytes volum id + a 1 byte checksum.
+// Included in financial pings with events, unless explicitly forbidden by the
+// calling application.
+bool GetMachineId(std::string* machine_id);
+
+// Retrieves a raw machine identifier string and a machine-specific
+// 4 byte value. GetMachineId() will SHA1 |data|, append |more_data|, compute
+// the Crc8 of that, and return a hex-encoded string of that data.
+bool GetRawMachineId(std::vector<uint8_t>* data, int* more_data);
+
+namespace testing {
+bool GetMachineIdImpl(const std::vector<uint8_t>& sid_bytes,
+ int volume_id,
+ std::string* machine_id);
+} // namespace testing
+
+} // namespace rlz_lib
+
+#endif // RLZ_LIB_MACHINE_ID_H_
diff --git a/dom/media/gmp/rlz/lib/string_utils.cc b/dom/media/gmp/rlz/lib/string_utils.cc
new file mode 100644
index 0000000000..6da7323823
--- /dev/null
+++ b/dom/media/gmp/rlz/lib/string_utils.cc
@@ -0,0 +1,34 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// String manipulation functions used in the RLZ library.
+
+#include "rlz/lib/string_utils.h"
+
+namespace rlz_lib {
+
+bool BytesToString(const unsigned char* data,
+ int data_len,
+ std::string* string) {
+ if (!string)
+ return false;
+
+ string->clear();
+ if (data_len < 1 || !data)
+ return false;
+
+ static const char kHex[] = "0123456789ABCDEF";
+
+ // Fix the buffer size to begin with to avoid repeated re-allocation.
+ string->resize(data_len * 2);
+ int index = data_len;
+ while (index--) {
+ string->at(2 * index) = kHex[data[index] >> 4]; // high digit
+ string->at(2 * index + 1) = kHex[data[index] & 0x0F]; // low digit
+ }
+
+ return true;
+}
+
+} // namespace rlz_lib
diff --git a/dom/media/gmp/rlz/lib/string_utils.h b/dom/media/gmp/rlz/lib/string_utils.h
new file mode 100644
index 0000000000..500133ade1
--- /dev/null
+++ b/dom/media/gmp/rlz/lib/string_utils.h
@@ -0,0 +1,20 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// String manipulation functions used in the RLZ library.
+
+#ifndef RLZ_LIB_STRING_UTILS_H_
+#define RLZ_LIB_STRING_UTILS_H_
+
+#include <string>
+
+namespace rlz_lib {
+
+bool BytesToString(const unsigned char* data,
+ int data_len,
+ std::string* string);
+
+}; // namespace
+
+#endif // RLZ_LIB_STRING_UTILS_H_
diff --git a/dom/media/gmp/rlz/mac/lib/machine_id_mac.cc b/dom/media/gmp/rlz/mac/lib/machine_id_mac.cc
new file mode 100644
index 0000000000..8c0bae22e8
--- /dev/null
+++ b/dom/media/gmp/rlz/mac/lib/machine_id_mac.cc
@@ -0,0 +1,322 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <IOKit/IOKitLib.h>
+#include <IOKit/network/IOEthernetController.h>
+#include <IOKit/network/IOEthernetInterface.h>
+#include <IOKit/network/IONetworkInterface.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <vector>
+#include <string>
+// Note: The original machine_id_mac.cc code is in namespace rlz_lib below.
+// It depends on some external files, which would bring in a log of Chromium
+// code if imported as well.
+// Instead only the necessary code has been extracted from the relevant files,
+// and further combined and reduced to limit the maintenance burden.
+
+// [Extracted from base/logging.h]
+#define DCHECK assert
+
+namespace base {
+
+// [Extracted from base/mac/scoped_typeref.h and base/mac/scoped_cftyperef.h]
+template<typename T>
+class ScopedCFTypeRef {
+ public:
+ typedef T element_type;
+
+ explicit ScopedCFTypeRef(T object)
+ : object_(object) {
+ }
+
+ ScopedCFTypeRef(const ScopedCFTypeRef<T>& that) = delete;
+ ScopedCFTypeRef(ScopedCFTypeRef<T>&& that) = delete;
+
+ ~ScopedCFTypeRef() {
+ if (object_)
+ CFRelease(object_);
+ }
+
+ ScopedCFTypeRef& operator=(const ScopedCFTypeRef<T>& that) = delete;
+ ScopedCFTypeRef& operator=(ScopedCFTypeRef<T>&& that) = delete;
+
+ operator T() const {
+ return object_;
+ }
+
+ // ScopedCFTypeRef<>::release() is like scoped_ptr<>::release. It is NOT
+ // a wrapper for CFRelease().
+ T release() {
+ T temp = object_;
+ object_ = NULL;
+ return temp;
+ }
+
+ private:
+ T object_;
+};
+
+namespace mac {
+
+// [Extracted from base/mac/scoped_ioobject.h]
+// Just like ScopedCFTypeRef but for io_object_t and subclasses.
+template<typename IOT>
+class ScopedIOObject {
+ public:
+ typedef IOT element_type;
+
+ explicit ScopedIOObject(IOT object = IO_OBJECT_NULL)
+ : object_(object) {
+ }
+
+ ~ScopedIOObject() {
+ if (object_)
+ IOObjectRelease(object_);
+ }
+
+ ScopedIOObject(const ScopedIOObject&) = delete;
+ void operator=(const ScopedIOObject&) = delete;
+
+ void reset(IOT object = IO_OBJECT_NULL) {
+ if (object_)
+ IOObjectRelease(object_);
+ object_ = object;
+ }
+
+ operator IOT() const {
+ return object_;
+ }
+
+ private:
+ IOT object_;
+};
+
+// [Extracted from base/mac/foundation_util.h]
+template<typename T>
+T CFCast(const CFTypeRef& cf_val);
+
+template<>
+CFDataRef
+CFCast<CFDataRef>(const CFTypeRef& cf_val) {
+ if (cf_val == NULL) {
+ return NULL;
+ }
+ if (CFGetTypeID(cf_val) == CFDataGetTypeID()) {
+ return (CFDataRef)(cf_val);
+ }
+ return NULL;
+}
+
+template<>
+CFStringRef
+CFCast<CFStringRef>(const CFTypeRef& cf_val) {
+ if (cf_val == NULL) {
+ return NULL;
+ }
+ if (CFGetTypeID(cf_val) == CFStringGetTypeID()) {
+ return (CFStringRef)(cf_val);
+ }
+ return NULL;
+}
+
+} // namespace mac
+
+// [Extracted from base/strings/sys_string_conversions_mac.mm]
+static const CFStringEncoding kNarrowStringEncoding = kCFStringEncodingUTF8;
+
+template<typename StringType>
+static StringType CFStringToSTLStringWithEncodingT(CFStringRef cfstring,
+ CFStringEncoding encoding) {
+ CFIndex length = CFStringGetLength(cfstring);
+ if (length == 0)
+ return StringType();
+
+ CFRange whole_string = CFRangeMake(0, length);
+ CFIndex out_size;
+ CFIndex converted = CFStringGetBytes(cfstring,
+ whole_string,
+ encoding,
+ 0, // lossByte
+ false, // isExternalRepresentation
+ NULL, // buffer
+ 0, // maxBufLen
+ &out_size);
+ if (converted == 0 || out_size == 0)
+ return StringType();
+
+ // out_size is the number of UInt8-sized units needed in the destination.
+ // A buffer allocated as UInt8 units might not be properly aligned to
+ // contain elements of StringType::value_type. Use a container for the
+ // proper value_type, and convert out_size by figuring the number of
+ // value_type elements per UInt8. Leave room for a NUL terminator.
+ typename StringType::size_type elements =
+ out_size * sizeof(UInt8) / sizeof(typename StringType::value_type) + 1;
+
+ std::vector<typename StringType::value_type> out_buffer(elements);
+ converted = CFStringGetBytes(cfstring,
+ whole_string,
+ encoding,
+ 0, // lossByte
+ false, // isExternalRepresentation
+ reinterpret_cast<UInt8*>(&out_buffer[0]),
+ out_size,
+ NULL); // usedBufLen
+ if (converted == 0)
+ return StringType();
+
+ out_buffer[elements - 1] = '\0';
+ return StringType(&out_buffer[0], elements - 1);
+}
+
+std::string SysCFStringRefToUTF8(CFStringRef ref)
+{
+ return CFStringToSTLStringWithEncodingT<std::string>(ref,
+ kNarrowStringEncoding);
+}
+
+} // namespace base
+
+namespace rlz_lib {
+
+namespace {
+
+// See http://developer.apple.com/library/mac/#technotes/tn1103/_index.html
+
+// The caller is responsible for freeing |matching_services|.
+bool FindEthernetInterfaces(io_iterator_t* matching_services) {
+ base::ScopedCFTypeRef<CFMutableDictionaryRef> matching_dict(
+ IOServiceMatching(kIOEthernetInterfaceClass));
+ if (!matching_dict)
+ return false;
+
+ base::ScopedCFTypeRef<CFMutableDictionaryRef> primary_interface(
+ CFDictionaryCreateMutable(kCFAllocatorDefault,
+ 0,
+ &kCFTypeDictionaryKeyCallBacks,
+ &kCFTypeDictionaryValueCallBacks));
+ if (!primary_interface)
+ return false;
+
+ CFDictionarySetValue(
+ primary_interface, CFSTR(kIOPrimaryInterface), kCFBooleanTrue);
+ CFDictionarySetValue(
+ matching_dict, CFSTR(kIOPropertyMatchKey), primary_interface);
+
+ kern_return_t kern_result = IOServiceGetMatchingServices(
+ kIOMasterPortDefault, matching_dict.release(), matching_services);
+
+ return kern_result == KERN_SUCCESS;
+}
+
+bool GetMACAddressFromIterator(io_iterator_t primary_interface_iterator,
+ uint8_t* buffer, size_t buffer_size) {
+ if (buffer_size < kIOEthernetAddressSize)
+ return false;
+
+ bool success = false;
+
+ bzero(buffer, buffer_size);
+ base::mac::ScopedIOObject<io_object_t> primary_interface;
+ for (primary_interface.reset(IOIteratorNext(primary_interface_iterator));
+ primary_interface;
+ primary_interface.reset(IOIteratorNext(primary_interface_iterator))) {
+ io_object_t primary_interface_parent;
+ kern_return_t kern_result = IORegistryEntryGetParentEntry(
+ primary_interface, kIOServicePlane, &primary_interface_parent);
+ base::mac::ScopedIOObject<io_object_t> primary_interface_parent_deleter(
+ primary_interface_parent);
+ success = kern_result == KERN_SUCCESS;
+
+ if (!success)
+ continue;
+
+ base::ScopedCFTypeRef<CFTypeRef> mac_data(
+ IORegistryEntryCreateCFProperty(primary_interface_parent,
+ CFSTR(kIOMACAddress),
+ kCFAllocatorDefault,
+ 0));
+ CFDataRef mac_data_data = base::mac::CFCast<CFDataRef>(mac_data);
+ if (mac_data_data) {
+ CFDataGetBytes(
+ mac_data_data, CFRangeMake(0, kIOEthernetAddressSize), buffer);
+ }
+ }
+
+ return success;
+}
+
+bool GetMacAddress(unsigned char* buffer, size_t size) {
+ io_iterator_t primary_interface_iterator;
+ if (!FindEthernetInterfaces(&primary_interface_iterator))
+ return false;
+ bool result = GetMACAddressFromIterator(
+ primary_interface_iterator, buffer, size);
+ IOObjectRelease(primary_interface_iterator);
+ return result;
+}
+
+CFStringRef CopySerialNumber() {
+ base::mac::ScopedIOObject<io_service_t> expert_device(
+ IOServiceGetMatchingService(kIOMasterPortDefault,
+ IOServiceMatching("IOPlatformExpertDevice")));
+ if (!expert_device)
+ return NULL;
+
+ base::ScopedCFTypeRef<CFTypeRef> serial_number(
+ IORegistryEntryCreateCFProperty(expert_device,
+ CFSTR(kIOPlatformSerialNumberKey),
+ kCFAllocatorDefault,
+ 0));
+ CFStringRef serial_number_cfstring =
+ base::mac::CFCast<CFStringRef>(serial_number.release());
+ if (!serial_number_cfstring)
+ return NULL;
+
+ return serial_number_cfstring;
+}
+
+} // namespace
+
+bool GetRawMachineId(std::vector<uint8_t>* data, int* more_data) {
+ uint8_t mac_address[kIOEthernetAddressSize];
+
+ std::string id;
+ if (GetMacAddress(mac_address, sizeof(mac_address))) {
+ id += "mac:";
+ static const char hex[] =
+ { '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
+ for (int i = 0; i < kIOEthernetAddressSize; ++i) {
+ uint8_t byte = mac_address[i];
+ id += hex[byte >> 4];
+ id += hex[byte & 0xF];
+ }
+ }
+
+ // A MAC address is enough to uniquely identify a machine, but it's only 6
+ // bytes, 3 of which are manufacturer-determined. To make brute-forcing the
+ // SHA1 of this harder, also append the system's serial number.
+ CFStringRef serial = CopySerialNumber();
+ if (serial) {
+ if (!id.empty()) {
+ id += ' ';
+ }
+ id += "serial:";
+ id += base::SysCFStringRefToUTF8(serial);
+ CFRelease(serial);
+ }
+
+ // Get the contents of the string 'id' as a bunch of bytes.
+ data->assign(&id[0], &id[id.size()]);
+
+ // On windows, this is set to the volume id. Since it's not scrambled before
+ // being sent, just set it to 1.
+ *more_data = 1;
+ return true;
+}
+
+} // namespace rlz_lib
diff --git a/dom/media/gmp/rlz/moz.build b/dom/media/gmp/rlz/moz.build
new file mode 100644
index 0000000000..8e2d9ea5d1
--- /dev/null
+++ b/dom/media/gmp/rlz/moz.build
@@ -0,0 +1,34 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Note: build rlz in its own moz.build, so it doesn't pickup any of
+# Chromium IPC's headers used in the moz.build of the parent file.
+
+FINAL_LIBRARY = 'xul'
+
+if CONFIG['OS_TARGET'] in ['WINNT', 'Darwin']:
+ UNIFIED_SOURCES += [
+ 'lib/crc8.cc',
+ 'lib/machine_id.cc',
+ 'lib/string_utils.cc',
+ ]
+
+if CONFIG['OS_TARGET'] == 'WINNT':
+ UNIFIED_SOURCES += [
+ 'win/lib/machine_id_win.cc',
+ ]
+
+if CONFIG['OS_TARGET'] == 'Darwin':
+ UNIFIED_SOURCES += [
+ 'mac/lib/machine_id_mac.cc',
+ ]
+ OS_LIBS += [
+ '-framework IOKit',
+ ]
+
+LOCAL_INCLUDES += [
+ '..',
+]
diff --git a/dom/media/gmp/rlz/win/lib/machine_id_win.cc b/dom/media/gmp/rlz/win/lib/machine_id_win.cc
new file mode 100644
index 0000000000..85f1d6cf54
--- /dev/null
+++ b/dom/media/gmp/rlz/win/lib/machine_id_win.cc
@@ -0,0 +1,136 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <windows.h>
+#include <sddl.h> // For ConvertSidToStringSidW.
+
+#include <memory>
+#include <string>
+#include <vector>
+
+#include "mozilla/ArrayUtils.h"
+
+#include "rlz/lib/assert.h"
+
+namespace rlz_lib {
+
+namespace {
+
+bool GetSystemVolumeSerialNumber(int* number) {
+ if (!number)
+ return false;
+
+ *number = 0;
+
+ // Find the system root path (e.g: C:\).
+ wchar_t system_path[MAX_PATH + 1];
+ if (!GetSystemDirectoryW(system_path, MAX_PATH))
+ return false;
+
+ wchar_t* first_slash = wcspbrk(system_path, L"\\/");
+ if (first_slash != NULL)
+ *(first_slash + 1) = 0;
+
+ DWORD number_local = 0;
+ if (!GetVolumeInformationW(system_path, NULL, 0, &number_local, NULL, NULL,
+ NULL, 0))
+ return false;
+
+ *number = (int)number_local;
+ return true;
+}
+
+bool GetComputerSid(const wchar_t* account_name, SID* sid, DWORD sid_size) {
+ static const DWORD kStartDomainLength = 128; // reasonable to start with
+
+ std::unique_ptr<wchar_t[]> domain_buffer(new wchar_t[kStartDomainLength]);
+ DWORD domain_size = kStartDomainLength;
+ DWORD sid_dword_size = sid_size;
+ SID_NAME_USE sid_name_use;
+
+ BOOL success = ::LookupAccountNameW(NULL, account_name, sid,
+ &sid_dword_size, domain_buffer.get(),
+ &domain_size, &sid_name_use);
+ if (!success && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
+ // We could have gotten the insufficient buffer error because
+ // one or both of sid and szDomain was too small. Check for that
+ // here.
+ if (sid_dword_size > sid_size)
+ return false;
+
+ if (domain_size > kStartDomainLength)
+ domain_buffer.reset(new wchar_t[domain_size]);
+
+ success = ::LookupAccountNameW(NULL, account_name, sid, &sid_dword_size,
+ domain_buffer.get(), &domain_size,
+ &sid_name_use);
+ }
+
+ return success != FALSE;
+}
+
+std::vector<uint8_t> ConvertSidToBytes(SID* sid) {
+ std::wstring sid_string;
+#if _WIN32_WINNT >= 0x500
+ wchar_t* sid_buffer = NULL;
+ if (ConvertSidToStringSidW(sid, &sid_buffer)) {
+ sid_string = sid_buffer;
+ LocalFree(sid_buffer);
+ }
+#else
+ SID_IDENTIFIER_AUTHORITY* sia = ::GetSidIdentifierAuthority(sid);
+
+ if(sia->Value[0] || sia->Value[1]) {
+ base::SStringPrintf(
+ &sid_string, L"S-%d-0x%02hx%02hx%02hx%02hx%02hx%02hx",
+ SID_REVISION, (USHORT)sia->Value[0], (USHORT)sia->Value[1],
+ (USHORT)sia->Value[2], (USHORT)sia->Value[3], (USHORT)sia->Value[4],
+ (USHORT)sia->Value[5]);
+ } else {
+ ULONG authority = 0;
+ for (int i = 2; i < 6; ++i) {
+ authority <<= 8;
+ authority |= sia->Value[i];
+ }
+ base::SStringPrintf(&sid_string, L"S-%d-%lu", SID_REVISION, authority);
+ }
+
+ int sub_auth_count = *::GetSidSubAuthorityCount(sid);
+ for(int i = 0; i < sub_auth_count; ++i)
+ base::StringAppendF(&sid_string, L"-%lu", *::GetSidSubAuthority(sid, i));
+#endif
+
+ // Get the contents of the string as a bunch of bytes.
+ return std::vector<uint8_t>(
+ reinterpret_cast<uint8_t*>(&sid_string[0]),
+ reinterpret_cast<uint8_t*>(&sid_string[sid_string.size()]));
+}
+
+} // namespace
+
+bool GetRawMachineId(std::vector<uint8_t>* sid_bytes, int* volume_id) {
+ // Calculate the Windows SID.
+
+ wchar_t computer_name[MAX_COMPUTERNAME_LENGTH + 1] = {0};
+ DWORD size = mozilla::ArrayLength(computer_name);
+
+ if (GetComputerNameW(computer_name, &size)) {
+ char sid_buffer[SECURITY_MAX_SID_SIZE];
+ SID* sid = reinterpret_cast<SID*>(sid_buffer);
+ if (GetComputerSid(computer_name, sid, SECURITY_MAX_SID_SIZE)) {
+ *sid_bytes = ConvertSidToBytes(sid);
+ }
+ }
+
+ // Get the system drive volume serial number.
+ *volume_id = 0;
+ if (!GetSystemVolumeSerialNumber(volume_id)) {
+ ASSERT_STRING("GetMachineId: Failed to retrieve volume serial number");
+ *volume_id = 0;
+ }
+
+ return true;
+}
+
+} // namespace rlz_lib
diff --git a/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp b/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp
new file mode 100644
index 0000000000..913f6ba288
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineFileIO.cpp
@@ -0,0 +1,100 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WidevineFileIO.h"
+#include "GMPLog.h"
+#include "WidevineUtils.h"
+
+#include "gmp-api/gmp-platform.h"
+
+// Declared in ChromiumCDMAdapter.cpp.
+extern const GMPPlatformAPI* sPlatform;
+
+namespace mozilla {
+
+void WidevineFileIO::Open(const char* aFilename, uint32_t aFilenameLength) {
+ mName = std::string(aFilename, aFilename + aFilenameLength);
+ GMPRecord* record = nullptr;
+ GMPErr err = sPlatform->createrecord(aFilename, aFilenameLength, &record,
+ static_cast<GMPRecordClient*>(this));
+ if (GMP_FAILED(err)) {
+ GMP_LOG_DEBUG("WidevineFileIO::Open() '%s' GMPCreateRecord failed",
+ mName.c_str());
+ mClient->OnOpenComplete(cdm::FileIOClient::Status::kError);
+ return;
+ }
+ if (GMP_FAILED(record->Open())) {
+ GMP_LOG_DEBUG("WidevineFileIO::Open() '%s' record open failed",
+ mName.c_str());
+ mClient->OnOpenComplete(cdm::FileIOClient::Status::kError);
+ return;
+ }
+
+ GMP_LOG_DEBUG("WidevineFileIO::Open() '%s'", mName.c_str());
+ mRecord = record;
+}
+
+void WidevineFileIO::Read() {
+ if (!mRecord) {
+ GMP_LOG_DEBUG("WidevineFileIO::Read() '%s' used uninitialized!",
+ mName.c_str());
+ mClient->OnReadComplete(cdm::FileIOClient::Status::kError, nullptr, 0);
+ return;
+ }
+ GMP_LOG_DEBUG("WidevineFileIO::Read() '%s'", mName.c_str());
+ mRecord->Read();
+}
+
+void WidevineFileIO::Write(const uint8_t* aData, uint32_t aDataSize) {
+ if (!mRecord) {
+ GMP_LOG_DEBUG("WidevineFileIO::Write() '%s' used uninitialized!",
+ mName.c_str());
+ mClient->OnWriteComplete(cdm::FileIOClient::Status::kError);
+ return;
+ }
+ mRecord->Write(aData, aDataSize);
+}
+
+void WidevineFileIO::Close() {
+ GMP_LOG_DEBUG("WidevineFileIO::Close() '%s'", mName.c_str());
+ if (mRecord) {
+ mRecord->Close();
+ mRecord = nullptr;
+ }
+ delete this;
+}
+
+static cdm::FileIOClient::Status GMPToWidevineFileStatus(GMPErr aStatus) {
+ switch (aStatus) {
+ case GMPRecordInUse:
+ return cdm::FileIOClient::Status::kInUse;
+ case GMPNoErr:
+ return cdm::FileIOClient::Status::kSuccess;
+ default:
+ return cdm::FileIOClient::Status::kError;
+ }
+}
+
+void WidevineFileIO::OpenComplete(GMPErr aStatus) {
+ GMP_LOG_DEBUG("WidevineFileIO::OpenComplete() '%s' status=%d", mName.c_str(),
+ aStatus);
+ mClient->OnOpenComplete(GMPToWidevineFileStatus(aStatus));
+}
+
+void WidevineFileIO::ReadComplete(GMPErr aStatus, const uint8_t* aData,
+ uint32_t aDataSize) {
+ GMP_LOG_DEBUG("WidevineFileIO::OnReadComplete() '%s' status=%d",
+ mName.c_str(), aStatus);
+ mClient->OnReadComplete(GMPToWidevineFileStatus(aStatus), aData, aDataSize);
+}
+
+void WidevineFileIO::WriteComplete(GMPErr aStatus) {
+ GMP_LOG_DEBUG("WidevineFileIO::WriteComplete() '%s' status=%d", mName.c_str(),
+ aStatus);
+ mClient->OnWriteComplete(GMPToWidevineFileStatus(aStatus));
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/widevine-adapter/WidevineFileIO.h b/dom/media/gmp/widevine-adapter/WidevineFileIO.h
new file mode 100644
index 0000000000..8c36f032be
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineFileIO.h
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WidevineFileIO_h_
+#define WidevineFileIO_h_
+
+#include <stddef.h>
+#include "content_decryption_module.h"
+#include "gmp-api/gmp-storage.h"
+#include <string>
+
+namespace mozilla {
+
+class WidevineFileIO : public cdm::FileIO, public GMPRecordClient {
+ public:
+ explicit WidevineFileIO(cdm::FileIOClient* aClient)
+ : mClient(aClient), mRecord(nullptr) {}
+
+ // cdm::FileIO
+ void Open(const char* aFilename, uint32_t aFilenameLength) override;
+ void Read() override;
+ void Write(const uint8_t* aData, uint32_t aDataSize) override;
+ void Close() override;
+
+ // GMPRecordClient
+ void OpenComplete(GMPErr aStatus) override;
+ void ReadComplete(GMPErr aStatus, const uint8_t* aData,
+ uint32_t aDataSize) override;
+ void WriteComplete(GMPErr aStatus) override;
+
+ private:
+ cdm::FileIOClient* mClient;
+ GMPRecord* mRecord;
+ std::string mName;
+};
+
+} // namespace mozilla
+
+#endif // WidevineFileIO_h_
diff --git a/dom/media/gmp/widevine-adapter/WidevineUtils.cpp b/dom/media/gmp/widevine-adapter/WidevineUtils.cpp
new file mode 100644
index 0000000000..d0551406b2
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineUtils.cpp
@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WidevineUtils.h"
+#include "GMPLog.h"
+#include "gmp-api/gmp-errors.h"
+#include <stdarg.h>
+#include <stdio.h>
+#include <inttypes.h>
+
+namespace mozilla {
+
+WidevineBuffer::WidevineBuffer(size_t aSize) {
+ GMP_LOG_DEBUG("WidevineBuffer(size=%zu) created", aSize);
+ mBuffer.SetLength(aSize);
+}
+
+WidevineBuffer::~WidevineBuffer() {
+ GMP_LOG_DEBUG("WidevineBuffer(size=%" PRIu32 ") destroyed", Size());
+}
+
+void WidevineBuffer::Destroy() { delete this; }
+
+uint32_t WidevineBuffer::Capacity() const { return mBuffer.Length(); }
+
+uint8_t* WidevineBuffer::Data() { return mBuffer.Elements(); }
+
+void WidevineBuffer::SetSize(uint32_t aSize) { mBuffer.SetLength(aSize); }
+
+uint32_t WidevineBuffer::Size() const { return mBuffer.Length(); }
+
+nsTArray<uint8_t> WidevineBuffer::ExtractBuffer() {
+ nsTArray<uint8_t> out = std::move(mBuffer);
+ return out;
+}
+
+WidevineDecryptedBlock::WidevineDecryptedBlock()
+ : mBuffer(nullptr), mTimestamp(0) {}
+
+WidevineDecryptedBlock::~WidevineDecryptedBlock() {
+ if (mBuffer) {
+ mBuffer->Destroy();
+ mBuffer = nullptr;
+ }
+}
+
+void WidevineDecryptedBlock::SetDecryptedBuffer(cdm::Buffer* aBuffer) {
+ mBuffer = aBuffer;
+}
+
+cdm::Buffer* WidevineDecryptedBlock::DecryptedBuffer() { return mBuffer; }
+
+void WidevineDecryptedBlock::SetTimestamp(int64_t aTimestamp) {
+ mTimestamp = aTimestamp;
+}
+
+int64_t WidevineDecryptedBlock::Timestamp() const { return mTimestamp; }
+
+} // namespace mozilla
diff --git a/dom/media/gmp/widevine-adapter/WidevineUtils.h b/dom/media/gmp/widevine-adapter/WidevineUtils.h
new file mode 100644
index 0000000000..1502621451
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineUtils.h
@@ -0,0 +1,84 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WidevineUtils_h_
+#define WidevineUtils_h_
+
+#include "stddef.h"
+#include "content_decryption_module.h"
+#include "nsISupportsImpl.h"
+#include "nsTArray.h"
+#include "mozilla/Logging.h"
+
+namespace mozilla {
+
+#define ENSURE_TRUE(condition, rv) \
+ { \
+ if (!(condition)) { \
+ GMP_LOG_DEBUG("ENSURE_TRUE FAILED %s:%d", __FILE__, __LINE__); \
+ return rv; \
+ } \
+ }
+
+#define ENSURE_GMP_SUCCESS(err, rv) \
+ { \
+ if (GMP_FAILED(err)) { \
+ GMP_LOG_DEBUG("ENSURE_GMP_SUCCESS FAILED %s:%d", __FILE__, __LINE__); \
+ return rv; \
+ } \
+ }
+
+namespace gmp {
+class CDMShmemBuffer;
+}
+class WidevineBuffer;
+
+// Base class for our cdm::Buffer implementations, so we can tell at runtime
+// whether the buffer is a Shmem or non-Shmem buffer.
+class CDMBuffer : public cdm::Buffer {
+ public:
+ virtual WidevineBuffer* AsArrayBuffer() { return nullptr; }
+ virtual gmp::CDMShmemBuffer* AsShmemBuffer() { return nullptr; }
+};
+
+class WidevineBuffer : public CDMBuffer {
+ public:
+ explicit WidevineBuffer(size_t aSize);
+ ~WidevineBuffer() override;
+ void Destroy() override;
+ uint32_t Capacity() const override;
+ uint8_t* Data() override;
+ void SetSize(uint32_t aSize) override;
+ uint32_t Size() const override;
+
+ // Moves contents of buffer out into temporary.
+ // Note: This empties the buffer.
+ nsTArray<uint8_t> ExtractBuffer();
+
+ WidevineBuffer* AsArrayBuffer() override { return this; }
+
+ private:
+ nsTArray<uint8_t> mBuffer;
+ WidevineBuffer(const WidevineBuffer&);
+ void operator=(const WidevineBuffer&);
+};
+
+class WidevineDecryptedBlock : public cdm::DecryptedBlock {
+ public:
+ WidevineDecryptedBlock();
+ ~WidevineDecryptedBlock() override;
+ void SetDecryptedBuffer(cdm::Buffer* aBuffer) override;
+ cdm::Buffer* DecryptedBuffer() override;
+ void SetTimestamp(int64_t aTimestamp) override;
+ int64_t Timestamp() const override;
+
+ private:
+ cdm::Buffer* mBuffer;
+ int64_t mTimestamp;
+};
+
+} // namespace mozilla
+
+#endif // WidevineUtils_h_
diff --git a/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp
new file mode 100644
index 0000000000..3f136c4ac8
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.cpp
@@ -0,0 +1,142 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WidevineVideoFrame.h"
+#include "GMPLog.h"
+#include "WidevineUtils.h"
+#include "mozilla/CheckedInt.h"
+#include "mozilla/IntegerPrintfMacros.h"
+
+namespace mozilla {
+
+WidevineVideoFrame::WidevineVideoFrame()
+ : mFormat(cdm::VideoFormat::kUnknownVideoFormat),
+ mSize{0, 0},
+ mBuffer(nullptr),
+ mTimestamp(0) {
+ MOZ_ASSERT(mSize.height == 0 && mSize.width == 0, "Size should be zeroed");
+ GMP_LOG_DEBUG("WidevineVideoFrame::WidevineVideoFrame() this=%p", this);
+ memset(mPlaneOffsets, 0, sizeof(mPlaneOffsets));
+ memset(mPlaneStrides, 0, sizeof(mPlaneStrides));
+}
+
+WidevineVideoFrame::WidevineVideoFrame(WidevineVideoFrame&& aOther)
+ : mFormat(aOther.mFormat),
+ mSize(aOther.mSize),
+ mBuffer(aOther.mBuffer),
+ mTimestamp(aOther.mTimestamp) {
+ GMP_LOG_DEBUG(
+ "WidevineVideoFrame::WidevineVideoFrame(WidevineVideoFrame&&) "
+ "this=%p, other=%p",
+ this, &aOther);
+ memcpy(mPlaneOffsets, aOther.mPlaneOffsets, sizeof(mPlaneOffsets));
+ memcpy(mPlaneStrides, aOther.mPlaneStrides, sizeof(mPlaneStrides));
+ aOther.mBuffer = nullptr;
+}
+
+WidevineVideoFrame::~WidevineVideoFrame() {
+ if (mBuffer) {
+ mBuffer->Destroy();
+ mBuffer = nullptr;
+ }
+}
+
+void WidevineVideoFrame::SetFormat(cdm::VideoFormat aFormat) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetFormat(%d) this=%p", aFormat, this);
+ mFormat = aFormat;
+}
+
+cdm::VideoFormat WidevineVideoFrame::Format() const { return mFormat; }
+
+void WidevineVideoFrame::SetSize(cdm::Size aSize) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetSize(%d,%d) this=%p", aSize.width,
+ aSize.height, this);
+ mSize.width = aSize.width;
+ mSize.height = aSize.height;
+}
+
+cdm::Size WidevineVideoFrame::Size() const { return mSize; }
+
+void WidevineVideoFrame::SetFrameBuffer(cdm::Buffer* aFrameBuffer) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetFrameBuffer(%p) this=%p", aFrameBuffer,
+ this);
+ MOZ_ASSERT(!mBuffer);
+ mBuffer = aFrameBuffer;
+}
+
+cdm::Buffer* WidevineVideoFrame::FrameBuffer() { return mBuffer; }
+
+void WidevineVideoFrame::SetPlaneOffset(cdm::VideoPlane aPlane,
+ uint32_t aOffset) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetPlaneOffset(%d, %" PRIu32 ") this=%p",
+ aPlane, aOffset, this);
+ mPlaneOffsets[aPlane] = aOffset;
+}
+
+uint32_t WidevineVideoFrame::PlaneOffset(cdm::VideoPlane aPlane) {
+ return mPlaneOffsets[aPlane];
+}
+
+void WidevineVideoFrame::SetStride(cdm::VideoPlane aPlane, uint32_t aStride) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetStride(%d, %" PRIu32 ") this=%p",
+ aPlane, aStride, this);
+ mPlaneStrides[aPlane] = aStride;
+}
+
+uint32_t WidevineVideoFrame::Stride(cdm::VideoPlane aPlane) {
+ return mPlaneStrides[aPlane];
+}
+
+void WidevineVideoFrame::SetTimestamp(int64_t timestamp) {
+ GMP_LOG_DEBUG("WidevineVideoFrame::SetTimestamp(%" PRId64 ") this=%p",
+ timestamp, this);
+ mTimestamp = timestamp;
+}
+
+int64_t WidevineVideoFrame::Timestamp() const { return mTimestamp; }
+
+bool WidevineVideoFrame::InitToBlack(int32_t aWidth, int32_t aHeight,
+ int64_t aTimeStamp) {
+ if (NS_WARN_IF(aWidth < 0 || aHeight < 0)) {
+ MOZ_ASSERT_UNREACHABLE("Frame dimensions should be positive");
+ return false;
+ }
+
+ const uint32_t halfWidth = (uint32_t(aWidth) + 1) / 2;
+ CheckedInt<size_t> ySizeChk = aWidth;
+ ySizeChk *= aHeight;
+ CheckedInt<size_t> uSizeChk = halfWidth;
+ uSizeChk *= (uint32_t(aHeight) + 1) / 2;
+ CheckedInt<size_t> yuSizeChk = ySizeChk + uSizeChk;
+ if (NS_WARN_IF(!yuSizeChk.isValid())) {
+ return false;
+ }
+
+ WidevineBuffer* buffer = new WidevineBuffer(yuSizeChk.value());
+ const size_t ySize = ySizeChk.value();
+ const size_t uSize = uSizeChk.value();
+ // Black in YCbCr is (0,128,128).
+ memset(buffer->Data(), 0, ySize);
+ memset(buffer->Data() + ySize, 128, uSize);
+ if (mBuffer) {
+ mBuffer->Destroy();
+ mBuffer = nullptr;
+ }
+ SetFormat(cdm::VideoFormat::kI420);
+ SetSize(cdm::Size{aWidth, aHeight});
+ SetFrameBuffer(buffer);
+ SetPlaneOffset(cdm::VideoPlane::kYPlane, 0);
+ SetStride(cdm::VideoPlane::kYPlane, aWidth);
+ // Note: U and V planes are stored at the same place in order to
+ // save memory since their contents are the same.
+ SetPlaneOffset(cdm::VideoPlane::kUPlane, ySize);
+ SetStride(cdm::VideoPlane::kUPlane, halfWidth);
+ SetPlaneOffset(cdm::VideoPlane::kVPlane, ySize);
+ SetStride(cdm::VideoPlane::kVPlane, halfWidth);
+ SetTimestamp(aTimeStamp);
+ return true;
+}
+
+} // namespace mozilla
diff --git a/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h
new file mode 100644
index 0000000000..0ae65ac1e5
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/WidevineVideoFrame.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WidevineVideoFrame_h_
+#define WidevineVideoFrame_h_
+
+#include "stddef.h"
+#include "content_decryption_module.h"
+#include "mozilla/Attributes.h"
+#include <vector>
+
+namespace mozilla {
+
+class WidevineVideoFrame : public cdm::VideoFrame {
+ public:
+ WidevineVideoFrame();
+ WidevineVideoFrame(WidevineVideoFrame&& other);
+ ~WidevineVideoFrame();
+
+ void SetFormat(cdm::VideoFormat aFormat) override;
+ cdm::VideoFormat Format() const override;
+
+ void SetSize(cdm::Size aSize) override;
+ cdm::Size Size() const override;
+
+ void SetFrameBuffer(cdm::Buffer* aFrameBuffer) override;
+ cdm::Buffer* FrameBuffer() override;
+
+ void SetPlaneOffset(cdm::VideoPlane aPlane, uint32_t aOffset) override;
+ uint32_t PlaneOffset(cdm::VideoPlane aPlane) override;
+
+ void SetStride(cdm::VideoPlane aPlane, uint32_t aStride) override;
+ uint32_t Stride(cdm::VideoPlane aPlane) override;
+
+ void SetTimestamp(int64_t aTimestamp) override;
+ int64_t Timestamp() const override;
+
+ [[nodiscard]] bool InitToBlack(int32_t aWidth, int32_t aHeight,
+ int64_t aTimeStamp);
+
+ protected:
+ cdm::VideoFormat mFormat;
+ cdm::Size mSize;
+ cdm::Buffer* mBuffer;
+ uint32_t mPlaneOffsets[cdm::VideoPlane::kMaxPlanes];
+ uint32_t mPlaneStrides[cdm::VideoPlane::kMaxPlanes];
+ int64_t mTimestamp;
+};
+
+} // namespace mozilla
+
+#endif
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module.h b/dom/media/gmp/widevine-adapter/content_decryption_module.h
new file mode 100644
index 0000000000..68fee35195
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module.h
@@ -0,0 +1,1359 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_H_
+
+#include <type_traits>
+
+#include "content_decryption_module_export.h"
+#include "content_decryption_module_proxy.h"
+
+#if defined(_MSC_VER)
+typedef unsigned char uint8_t;
+typedef unsigned int uint32_t;
+typedef int int32_t;
+typedef __int64 int64_t;
+#else
+# include <stdint.h>
+#endif
+
+// The version number must be rolled when the exported functions are updated!
+// If the CDM and the adapter use different versions of these functions, the
+// adapter will fail to load or crash!
+#define CDM_MODULE_VERSION 4
+
+// Build the versioned entrypoint name.
+// The extra macros are necessary to expand version to an actual value.
+#define INITIALIZE_CDM_MODULE \
+ BUILD_ENTRYPOINT(InitializeCdmModule, CDM_MODULE_VERSION)
+#define BUILD_ENTRYPOINT(name, version) \
+ BUILD_ENTRYPOINT_NO_EXPANSION(name, version)
+#define BUILD_ENTRYPOINT_NO_EXPANSION(name, version) name##_##version
+
+// Macro to check that |type| does the following:
+// 1. is a standard layout.
+// 2. is trivial.
+// 3. sizeof(type) matches the expected size in bytes. As some types contain
+// pointers, the size is specified for both 32 and 64 bit.
+#define CHECK_TYPE(type, size_32, size_64) \
+ static_assert(std::is_standard_layout<type>(), \
+ #type " not standard_layout"); \
+ static_assert(std::is_trivial<type>(), #type " not trivial"); \
+ static_assert((sizeof(void*) == 4 && sizeof(type) == size_32) || \
+ (sizeof(void*) == 8 && sizeof(type) == size_64), \
+ #type " size mismatch")
+
+extern "C" {
+
+CDM_API void INITIALIZE_CDM_MODULE();
+
+CDM_API void DeinitializeCdmModule();
+
+// Returns a pointer to the requested CDM Host interface upon success.
+// Returns NULL if the requested CDM Host interface is not supported.
+// The caller should cast the returned pointer to the type matching
+// |host_interface_version|.
+typedef void* (*GetCdmHostFunc)(int host_interface_version, void* user_data);
+
+// Returns a pointer to the requested CDM upon success.
+// Returns NULL if an error occurs or the requested |cdm_interface_version| or
+// |key_system| is not supported or another error occurs.
+// The caller should cast the returned pointer to the type matching
+// |cdm_interface_version|.
+// Caller retains ownership of arguments and must call Destroy() on the returned
+// object.
+CDM_API void* CreateCdmInstance(int cdm_interface_version,
+ const char* key_system,
+ uint32_t key_system_size,
+ GetCdmHostFunc get_cdm_host_func,
+ void* user_data);
+
+CDM_API const char* GetCdmVersion();
+
+} // extern "C"
+
+namespace cdm {
+
+enum Status : uint32_t {
+ kSuccess = 0,
+ kNeedMoreData, // Decoder needs more data to produce a decoded frame/sample.
+ kNoKey, // The required decryption key is not available.
+ kInitializationError, // Initialization error.
+ kDecryptError, // Decryption failed.
+ kDecodeError, // Error decoding audio or video.
+ kDeferredInitialization // Decoder is not ready for initialization.
+};
+CHECK_TYPE(Status, 4, 4);
+
+// Exceptions used by the CDM to reject promises.
+// https://w3c.github.io/encrypted-media/#exceptions
+enum Exception : uint32_t {
+ kExceptionTypeError,
+ kExceptionNotSupportedError,
+ kExceptionInvalidStateError,
+ kExceptionQuotaExceededError
+};
+CHECK_TYPE(Exception, 4, 4);
+
+// The encryption scheme. The definitions are from ISO/IEC 23001-7:2016.
+enum class EncryptionScheme : uint32_t {
+ kUnencrypted = 0,
+ kCenc, // 'cenc' subsample encryption using AES-CTR mode.
+ kCbcs // 'cbcs' pattern encryption using AES-CBC mode.
+};
+CHECK_TYPE(EncryptionScheme, 4, 4);
+
+// The pattern used for pattern encryption. Note that ISO/IEC 23001-7:2016
+// defines each block to be 16-bytes.
+struct Pattern {
+ uint32_t crypt_byte_block; // Count of the encrypted blocks.
+ uint32_t skip_byte_block; // Count of the unencrypted blocks.
+};
+CHECK_TYPE(Pattern, 8, 8);
+
+enum class ColorRange : uint8_t {
+ kInvalid,
+ kLimited, // 709 color range with RGB values ranging from 16 to 235.
+ kFull, // Full RGB color range with RGB values from 0 to 255.
+ kDerived // Range is defined by |transfer_id| and |matrix_id|.
+};
+CHECK_TYPE(ColorRange, 1, 1);
+
+// Described in ISO 23001-8:2016, section 7. All the IDs are in the range
+// [0, 255] so 8-bit integer is sufficient. An unspecified ColorSpace should be
+// {2, 2, 2, ColorRange::kInvalid}, where value 2 means "Unspecified" for all
+// the IDs, as defined by the spec.
+struct ColorSpace {
+ uint8_t primary_id; // 7.1 colour primaries, table 2
+ uint8_t transfer_id; // 7.2 transfer characteristics, table 3
+ uint8_t matrix_id; // 7.3 matrix coefficients, table 4
+ ColorRange range;
+};
+CHECK_TYPE(ColorSpace, 4, 4);
+
+// Time is defined as the number of seconds since the Epoch
+// (00:00:00 UTC, January 1, 1970), not including any added leap second.
+// Also see Time definition in spec: https://w3c.github.io/encrypted-media/#time
+// Note that Time is defined in millisecond accuracy in the spec but in second
+// accuracy here.
+typedef double Time;
+
+// An input buffer can be split into several continuous subsamples.
+// A SubsampleEntry specifies the number of clear and cipher bytes in each
+// subsample. For example, the following buffer has three subsamples:
+//
+// |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->|
+// | clear1 | cipher1 | clear2 | cipher2 | clear3 | cipher3 |
+//
+// For decryption, all of the cipher bytes in a buffer should be concatenated
+// (in the subsample order) into a single logical stream. The clear bytes should
+// not be considered as part of decryption.
+//
+// Stream to decrypt: | cipher1 | cipher2 | cipher3 |
+// Decrypted stream: | decrypted1| decrypted2 | decrypted3 |
+//
+// After decryption, the decrypted bytes should be copied over the position
+// of the corresponding cipher bytes in the original buffer to form the output
+// buffer. Following the above example, the decrypted buffer should be:
+//
+// |<----- subsample1 ----->|<----- subsample2 ----->|<----- subsample3 ----->|
+// | clear1 | decrypted1| clear2 | decrypted2 | clear3 | decrypted3 |
+//
+struct SubsampleEntry {
+ uint32_t clear_bytes;
+ uint32_t cipher_bytes;
+};
+CHECK_TYPE(SubsampleEntry, 8, 8);
+
+// Represents an input buffer to be decrypted (and possibly decoded). It does
+// not own any pointers in this struct. If |encryption_scheme| = kUnencrypted,
+// the data is unencrypted.
+// Note that this struct is organized so that sizeof(InputBuffer_2)
+// equals the sum of sizeof() all members in both 32-bit and 64-bit compiles.
+// Padding has been added to keep the fields aligned.
+struct InputBuffer_2 {
+ const uint8_t* data; // Pointer to the beginning of the input data.
+ uint32_t data_size; // Size (in bytes) of |data|.
+
+ EncryptionScheme encryption_scheme;
+
+ const uint8_t* key_id; // Key ID to identify the decryption key.
+ uint32_t key_id_size; // Size (in bytes) of |key_id|.
+ uint32_t : 32; // Padding.
+
+ const uint8_t* iv; // Initialization vector.
+ uint32_t iv_size; // Size (in bytes) of |iv|.
+ uint32_t : 32; // Padding.
+
+ const struct SubsampleEntry* subsamples;
+ uint32_t num_subsamples; // Number of subsamples in |subsamples|.
+ uint32_t : 32; // Padding.
+
+ // |pattern| is required if |encryption_scheme| specifies pattern encryption.
+ Pattern pattern;
+
+ int64_t timestamp; // Presentation timestamp in microseconds.
+};
+CHECK_TYPE(InputBuffer_2, 64, 80);
+
+enum AudioCodec : uint32_t { kUnknownAudioCodec = 0, kCodecVorbis, kCodecAac };
+CHECK_TYPE(AudioCodec, 4, 4);
+
+struct AudioDecoderConfig_2 {
+ AudioCodec codec;
+ int32_t channel_count;
+ int32_t bits_per_channel;
+ int32_t samples_per_second;
+
+ // Optional byte data required to initialize audio decoders, such as the
+ // vorbis setup header.
+ uint8_t* extra_data;
+ uint32_t extra_data_size;
+
+ // Encryption scheme.
+ EncryptionScheme encryption_scheme;
+};
+CHECK_TYPE(AudioDecoderConfig_2, 28, 32);
+
+// Supported sample formats for AudioFrames.
+enum AudioFormat : uint32_t {
+ kUnknownAudioFormat = 0, // Unknown format value. Used for error reporting.
+ kAudioFormatU8, // Interleaved unsigned 8-bit w/ bias of 128.
+ kAudioFormatS16, // Interleaved signed 16-bit.
+ kAudioFormatS32, // Interleaved signed 32-bit.
+ kAudioFormatF32, // Interleaved float 32-bit.
+ kAudioFormatPlanarS16, // Signed 16-bit planar.
+ kAudioFormatPlanarF32, // Float 32-bit planar.
+};
+CHECK_TYPE(AudioFormat, 4, 4);
+
+// Surface formats based on FOURCC labels, see: http://www.fourcc.org/yuv.php
+// Values are chosen to be consistent with Chromium's VideoPixelFormat values.
+enum VideoFormat : uint32_t {
+ kUnknownVideoFormat = 0, // Unknown format value. Used for error reporting.
+ kYv12 = 1, // 12bpp YVU planar 1x1 Y, 2x2 VU samples.
+ kI420 = 2, // 12bpp YUV planar 1x1 Y, 2x2 UV samples.
+
+ // In the following formats, each sample uses 16-bit in storage, while the
+ // sample value is stored in the least significant N bits where N is
+ // specified by the number after "P". For example, for YUV420P9, each Y, U,
+ // and V sample is stored in the least significant 9 bits in a 2-byte block.
+ kYUV420P9 = 16,
+ kYUV420P10 = 17,
+ kYUV422P9 = 18,
+ kYUV422P10 = 19,
+ kYUV444P9 = 20,
+ kYUV444P10 = 21,
+ kYUV420P12 = 22,
+ kYUV422P12 = 23,
+ kYUV444P12 = 24,
+};
+CHECK_TYPE(VideoFormat, 4, 4);
+
+struct Size {
+ int32_t width;
+ int32_t height;
+};
+CHECK_TYPE(Size, 8, 8);
+
+enum VideoCodec : uint32_t {
+ kUnknownVideoCodec = 0,
+ kCodecVp8,
+ kCodecH264,
+ kCodecVp9,
+ kCodecAv1
+};
+CHECK_TYPE(VideoCodec, 4, 4);
+
+enum VideoCodecProfile : uint32_t {
+ kUnknownVideoCodecProfile = 0,
+ kProfileNotNeeded,
+ kH264ProfileBaseline,
+ kH264ProfileMain,
+ kH264ProfileExtended,
+ kH264ProfileHigh,
+ kH264ProfileHigh10,
+ kH264ProfileHigh422,
+ kH264ProfileHigh444Predictive,
+ kVP9Profile0,
+ kVP9Profile1,
+ kVP9Profile2,
+ kVP9Profile3,
+ kAv1ProfileMain,
+ kAv1ProfileHigh,
+ kAv1ProfilePro
+};
+CHECK_TYPE(VideoCodecProfile, 4, 4);
+
+// Deprecated: New CDM implementations should use VideoDecoderConfig_3.
+// Note that this struct is organized so that sizeof(VideoDecoderConfig_2)
+// equals the sum of sizeof() all members in both 32-bit and 64-bit compiles.
+// Padding has been added to keep the fields aligned.
+struct VideoDecoderConfig_2 {
+ VideoCodec codec;
+ VideoCodecProfile profile;
+ VideoFormat format;
+ uint32_t : 32; // Padding.
+
+ // Width and height of video frame immediately post-decode. Not all pixels
+ // in this region are valid.
+ Size coded_size;
+
+ // Optional byte data required to initialize video decoders, such as H.264
+ // AAVC data.
+ uint8_t* extra_data;
+ uint32_t extra_data_size;
+
+ // Encryption scheme.
+ EncryptionScheme encryption_scheme;
+};
+CHECK_TYPE(VideoDecoderConfig_2, 36, 40);
+
+struct VideoDecoderConfig_3 {
+ VideoCodec codec;
+ VideoCodecProfile profile;
+ VideoFormat format;
+ ColorSpace color_space;
+
+ // Width and height of video frame immediately post-decode. Not all pixels
+ // in this region are valid.
+ Size coded_size;
+
+ // Optional byte data required to initialize video decoders, such as H.264
+ // AAVC data.
+ uint8_t* extra_data;
+ uint32_t extra_data_size;
+
+ EncryptionScheme encryption_scheme;
+};
+CHECK_TYPE(VideoDecoderConfig_3, 36, 40);
+
+enum StreamType : uint32_t { kStreamTypeAudio = 0, kStreamTypeVideo = 1 };
+CHECK_TYPE(StreamType, 4, 4);
+
+// Structure provided to ContentDecryptionModule::OnPlatformChallengeResponse()
+// after a platform challenge was initiated via Host::SendPlatformChallenge().
+// All values will be NULL / zero in the event of a challenge failure.
+struct PlatformChallengeResponse {
+ // |challenge| provided during Host::SendPlatformChallenge() combined with
+ // nonce data and signed with the platform's private key.
+ const uint8_t* signed_data;
+ uint32_t signed_data_length;
+
+ // RSASSA-PKCS1-v1_5-SHA256 signature of the |signed_data| block.
+ const uint8_t* signed_data_signature;
+ uint32_t signed_data_signature_length;
+
+ // X.509 device specific certificate for the |service_id| requested.
+ const uint8_t* platform_key_certificate;
+ uint32_t platform_key_certificate_length;
+};
+CHECK_TYPE(PlatformChallengeResponse, 24, 48);
+
+// The current status of the associated key. The valid types are defined in the
+// spec: https://w3c.github.io/encrypted-media/#dom-mediakeystatus
+enum KeyStatus : uint32_t {
+ kUsable = 0,
+ kInternalError = 1,
+ kExpired = 2,
+ kOutputRestricted = 3,
+ kOutputDownscaled = 4,
+ kStatusPending = 5,
+ kReleased = 6
+};
+CHECK_TYPE(KeyStatus, 4, 4);
+
+// Used when passing arrays of key information. Does not own the referenced
+// data. |system_code| is an additional error code for unusable keys and
+// should be 0 when |status| == kUsable.
+struct KeyInformation {
+ const uint8_t* key_id;
+ uint32_t key_id_size;
+ KeyStatus status;
+ uint32_t system_code;
+};
+CHECK_TYPE(KeyInformation, 16, 24);
+
+// Supported output protection methods for use with EnableOutputProtection() and
+// returned by OnQueryOutputProtectionStatus().
+enum OutputProtectionMethods : uint32_t {
+ kProtectionNone = 0,
+ kProtectionHDCP = 1 << 0
+};
+CHECK_TYPE(OutputProtectionMethods, 4, 4);
+
+// Connected output link types returned by OnQueryOutputProtectionStatus().
+enum OutputLinkTypes : uint32_t {
+ kLinkTypeNone = 0,
+ kLinkTypeUnknown = 1 << 0,
+ kLinkTypeInternal = 1 << 1,
+ kLinkTypeVGA = 1 << 2,
+ kLinkTypeHDMI = 1 << 3,
+ kLinkTypeDVI = 1 << 4,
+ kLinkTypeDisplayPort = 1 << 5,
+ kLinkTypeNetwork = 1 << 6
+};
+CHECK_TYPE(OutputLinkTypes, 4, 4);
+
+// Result of the QueryOutputProtectionStatus() call.
+enum QueryResult : uint32_t { kQuerySucceeded = 0, kQueryFailed };
+CHECK_TYPE(QueryResult, 4, 4);
+
+// The Initialization Data Type. The valid types are defined in the spec:
+// https://w3c.github.io/encrypted-media/format-registry/initdata/index.html#registry
+enum InitDataType : uint32_t { kCenc = 0, kKeyIds = 1, kWebM = 2 };
+CHECK_TYPE(InitDataType, 4, 4);
+
+// The type of session to create. The valid types are defined in the spec:
+// https://w3c.github.io/encrypted-media/#dom-mediakeysessiontype
+enum SessionType : uint32_t {
+ kTemporary = 0,
+ kPersistentLicense = 1,
+ kPersistentUsageRecord = 2
+};
+CHECK_TYPE(SessionType, 4, 4);
+
+// The type of the message event. The valid types are defined in the spec:
+// https://w3c.github.io/encrypted-media/#dom-mediakeymessagetype
+enum MessageType : uint32_t {
+ kLicenseRequest = 0,
+ kLicenseRenewal = 1,
+ kLicenseRelease = 2,
+ kIndividualizationRequest = 3
+};
+CHECK_TYPE(MessageType, 4, 4);
+
+enum HdcpVersion : uint32_t {
+ kHdcpVersionNone,
+ kHdcpVersion1_0,
+ kHdcpVersion1_1,
+ kHdcpVersion1_2,
+ kHdcpVersion1_3,
+ kHdcpVersion1_4,
+ kHdcpVersion2_0,
+ kHdcpVersion2_1,
+ kHdcpVersion2_2,
+ kHdcpVersion2_3
+};
+CHECK_TYPE(HdcpVersion, 4, 4);
+
+struct Policy {
+ HdcpVersion min_hdcp_version;
+};
+CHECK_TYPE(Policy, 4, 4);
+
+// Represents a buffer created by Allocator implementations.
+class CDM_CLASS_API Buffer {
+ public:
+ // Destroys the buffer in the same context as it was created.
+ virtual void Destroy() = 0;
+
+ virtual uint32_t Capacity() const = 0;
+ virtual uint8_t* Data() = 0;
+ virtual void SetSize(uint32_t size) = 0;
+ virtual uint32_t Size() const = 0;
+
+ protected:
+ Buffer() {}
+ virtual ~Buffer() {}
+
+ private:
+ Buffer(const Buffer&);
+ void operator=(const Buffer&);
+};
+
+// Represents a decrypted block that has not been decoded.
+class CDM_CLASS_API DecryptedBlock {
+ public:
+ virtual void SetDecryptedBuffer(Buffer* buffer) = 0;
+ virtual Buffer* DecryptedBuffer() = 0;
+
+ // TODO(tomfinegan): Figure out if timestamp is really needed. If it is not,
+ // we can just pass Buffer pointers around.
+ virtual void SetTimestamp(int64_t timestamp) = 0;
+ virtual int64_t Timestamp() const = 0;
+
+ protected:
+ DecryptedBlock() {}
+ virtual ~DecryptedBlock() {}
+};
+
+enum VideoPlane : uint32_t {
+ kYPlane = 0,
+ kUPlane = 1,
+ kVPlane = 2,
+ kMaxPlanes = 3,
+};
+CHECK_TYPE(VideoPlane, 4, 4);
+
+class CDM_CLASS_API VideoFrame {
+ public:
+ virtual void SetFormat(VideoFormat format) = 0;
+ virtual VideoFormat Format() const = 0;
+
+ virtual void SetSize(cdm::Size size) = 0;
+ virtual cdm::Size Size() const = 0;
+
+ virtual void SetFrameBuffer(Buffer* frame_buffer) = 0;
+ virtual Buffer* FrameBuffer() = 0;
+
+ virtual void SetPlaneOffset(VideoPlane plane, uint32_t offset) = 0;
+ virtual uint32_t PlaneOffset(VideoPlane plane) = 0;
+
+ virtual void SetStride(VideoPlane plane, uint32_t stride) = 0;
+ virtual uint32_t Stride(VideoPlane plane) = 0;
+
+ // Sets and gets the presentation timestamp which is in microseconds.
+ virtual void SetTimestamp(int64_t timestamp) = 0;
+ virtual int64_t Timestamp() const = 0;
+
+ protected:
+ VideoFrame() {}
+ virtual ~VideoFrame() {}
+};
+
+// Represents a decoded video frame. The CDM should call the interface methods
+// to set the frame attributes. See DecryptAndDecodeFrame().
+class CDM_CLASS_API VideoFrame_2 {
+ public:
+ virtual void SetFormat(VideoFormat format) = 0;
+ virtual void SetSize(cdm::Size size) = 0;
+ virtual void SetFrameBuffer(Buffer* frame_buffer) = 0;
+ virtual void SetPlaneOffset(VideoPlane plane, uint32_t offset) = 0;
+ virtual void SetStride(VideoPlane plane, uint32_t stride) = 0;
+ // Sets the presentation timestamp which is in microseconds.
+ virtual void SetTimestamp(int64_t timestamp) = 0;
+ virtual void SetColorSpace(ColorSpace color_space) = 0;
+
+ protected:
+ VideoFrame_2() {}
+ virtual ~VideoFrame_2() {}
+};
+
+// Represents decrypted and decoded audio frames. AudioFrames can contain
+// multiple audio output buffers, which are serialized into this format:
+//
+// |<------------------- serialized audio buffer ------------------->|
+// | int64_t timestamp | int64_t length | length bytes of audio data |
+//
+// For example, with three audio output buffers, the AudioFrames will look
+// like this:
+//
+// |<----------------- AudioFrames ------------------>|
+// | audio buffer 0 | audio buffer 1 | audio buffer 2 |
+class CDM_CLASS_API AudioFrames {
+ public:
+ virtual void SetFrameBuffer(Buffer* buffer) = 0;
+ virtual Buffer* FrameBuffer() = 0;
+
+ // The CDM must call this method, providing a valid format, when providing
+ // frame buffers. Planar data should be stored end to end; e.g.,
+ // |ch1 sample1||ch1 sample2|....|ch1 sample_last||ch2 sample1|...
+ virtual void SetFormat(AudioFormat format) = 0;
+ virtual AudioFormat Format() const = 0;
+
+ protected:
+ AudioFrames() {}
+ virtual ~AudioFrames() {}
+};
+
+// FileIO interface provides a way for the CDM to store data in a file in
+// persistent storage. This interface aims only at providing basic read/write
+// capabilities and should not be used as a full fledged file IO API.
+// Each CDM and origin (e.g. HTTPS, "foo.example.com", 443) combination has
+// its own persistent storage. All instances of a given CDM associated with a
+// given origin share the same persistent storage.
+// Note to implementors of this interface:
+// Per-origin storage and the ability for users to clear it are important.
+// See http://www.w3.org/TR/encrypted-media/#privacy-storedinfo.
+class CDM_CLASS_API FileIO {
+ public:
+ // Opens the file with |file_name| for read and write.
+ // FileIOClient::OnOpenComplete() will be called after the opening
+ // operation finishes.
+ // - When the file is opened by a CDM instance, it will be classified as "in
+ // use". In this case other CDM instances in the same domain may receive
+ // kInUse status when trying to open it.
+ // - |file_name| must only contain letters (A-Za-z), digits(0-9), or "._-".
+ // It must not start with an underscore ('_'), and must be at least 1
+ // character and no more than 256 characters long.
+ virtual void Open(const char* file_name, uint32_t file_name_size) = 0;
+
+ // Reads the contents of the file. FileIOClient::OnReadComplete() will be
+ // called with the read status. Read() should not be called if a previous
+ // Read() or Write() call is still pending; otherwise OnReadComplete() will
+ // be called with kInUse.
+ virtual void Read() = 0;
+
+ // Writes |data_size| bytes of |data| into the file.
+ // FileIOClient::OnWriteComplete() will be called with the write status.
+ // All existing contents in the file will be overwritten. Calling Write() with
+ // NULL |data| will clear all contents in the file. Write() should not be
+ // called if a previous Write() or Read() call is still pending; otherwise
+ // OnWriteComplete() will be called with kInUse.
+ virtual void Write(const uint8_t* data, uint32_t data_size) = 0;
+
+ // Closes the file if opened, destroys this FileIO object and releases any
+ // resources allocated. The CDM must call this method when it finished using
+ // this object. A FileIO object must not be used after Close() is called.
+ virtual void Close() = 0;
+
+ protected:
+ FileIO() {}
+ virtual ~FileIO() {}
+};
+
+// Responses to FileIO calls. All responses will be called asynchronously.
+// When kError is returned, the FileIO object could be in an error state. All
+// following calls (other than Close()) could return kError. The CDM should
+// still call Close() to destroy the FileIO object.
+class CDM_CLASS_API FileIOClient {
+ public:
+ enum class Status : uint32_t { kSuccess = 0, kInUse, kError };
+
+ // Response to a FileIO::Open() call with the open |status|.
+ virtual void OnOpenComplete(Status status) = 0;
+
+ // Response to a FileIO::Read() call to provide |data_size| bytes of |data|
+ // read from the file.
+ // - kSuccess indicates that all contents of the file has been successfully
+ // read. In this case, 0 |data_size| means that the file is empty.
+ // - kInUse indicates that there are other read/write operations pending.
+ // - kError indicates read failure, e.g. the storage is not open or cannot be
+ // fully read.
+ virtual void OnReadComplete(Status status, const uint8_t* data,
+ uint32_t data_size) = 0;
+
+ // Response to a FileIO::Write() call.
+ // - kSuccess indicates that all the data has been written into the file
+ // successfully.
+ // - kInUse indicates that there are other read/write operations pending.
+ // - kError indicates write failure, e.g. the storage is not open or cannot be
+ // fully written. Upon write failure, the contents of the file should be
+ // regarded as corrupt and should not used.
+ virtual void OnWriteComplete(Status status) = 0;
+
+ protected:
+ FileIOClient() {}
+ virtual ~FileIOClient() {}
+};
+
+class CDM_CLASS_API Host_10;
+class CDM_CLASS_API Host_11;
+
+// ContentDecryptionModule interface that all CDMs need to implement.
+// The interface is versioned for backward compatibility.
+// Note: ContentDecryptionModule implementations must use the allocator
+// provided in CreateCdmInstance() to allocate any Buffer that needs to
+// be passed back to the caller. Implementations must call Buffer::Destroy()
+// when a Buffer is created that will never be returned to the caller.
+class CDM_CLASS_API ContentDecryptionModule_10 {
+ public:
+ static const int kVersion = 10;
+ static const bool kIsStable = true;
+ typedef Host_10 Host;
+
+ // Initializes the CDM instance, providing information about permitted
+ // functionalities. The CDM must respond by calling Host::OnInitialized()
+ // with whether the initialization succeeded. No other calls will be made by
+ // the host before Host::OnInitialized() returns.
+ // If |allow_distinctive_identifier| is false, messages from the CDM,
+ // such as message events, must not contain a Distinctive Identifier,
+ // even in an encrypted form.
+ // If |allow_persistent_state| is false, the CDM must not attempt to
+ // persist state. Calls to CreateFileIO() will fail.
+ // If |use_hw_secure_codecs| is true, the CDM must ensure the decryption key
+ // and video buffers (compressed and uncompressed) are securely protected by
+ // hardware.
+ virtual void Initialize(bool allow_distinctive_identifier,
+ bool allow_persistent_state,
+ bool use_hw_secure_codecs) = 0;
+
+ // Gets the key status if the CDM has a hypothetical key with the |policy|.
+ // The CDM must respond by calling either Host::OnResolveKeyStatusPromise()
+ // with the result key status or Host::OnRejectPromise() if an unexpected
+ // error happened or this method is not supported.
+ virtual void GetStatusForPolicy(uint32_t promise_id,
+ const Policy& policy) = 0;
+
+ // SetServerCertificate(), CreateSessionAndGenerateRequest(), LoadSession(),
+ // UpdateSession(), CloseSession(), and RemoveSession() all accept a
+ // |promise_id|, which must be passed to the completion Host method
+ // (e.g. Host::OnResolveNewSessionPromise()).
+
+ // Provides a server certificate to be used to encrypt messages to the
+ // license server. The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise().
+ // If the CDM does not support server certificates, the promise should be
+ // rejected with kExceptionNotSupportedError. If |server_certificate_data|
+ // is empty, reject with kExceptionTypeError. Any other error should be
+ // rejected with kExceptionInvalidStateError or kExceptionQuotaExceededError.
+ // TODO(crbug.com/796417): Add support for the promise to return true or
+ // false, rather than using kExceptionNotSupportedError to mean false.
+ virtual void SetServerCertificate(uint32_t promise_id,
+ const uint8_t* server_certificate_data,
+ uint32_t server_certificate_data_size) = 0;
+
+ // Creates a session given |session_type|, |init_data_type|, and |init_data|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise().
+ virtual void CreateSessionAndGenerateRequest(uint32_t promise_id,
+ SessionType session_type,
+ InitDataType init_data_type,
+ const uint8_t* init_data,
+ uint32_t init_data_size) = 0;
+
+ // Loads the session of type |session_type| specified by |session_id|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise(). If the session is not found, call
+ // Host::OnResolveNewSessionPromise() with session_id = NULL.
+ virtual void LoadSession(uint32_t promise_id, SessionType session_type,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Updates the session with |response|. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise().
+ virtual void UpdateSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size, const uint8_t* response,
+ uint32_t response_size) = 0;
+
+ // Requests that the CDM close the session. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise() when the request
+ // has been processed. This may be before the session is closed. Once the
+ // session is closed, Host::OnSessionClosed() must also be called.
+ virtual void CloseSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Removes any stored session data associated with this session. Will only be
+ // called for persistent sessions. The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise() when the request has
+ // been processed.
+ virtual void RemoveSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Performs scheduled operation with |context| when the timer fires.
+ virtual void TimerExpired(void* context) = 0;
+
+ // Decrypts the |encrypted_buffer|.
+ //
+ // Returns kSuccess if decryption succeeded, in which case the callee
+ // should have filled the |decrypted_buffer| and passed the ownership of
+ // |data| in |decrypted_buffer| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kDecryptError if any other error happened.
+ // If the return value is not kSuccess, |decrypted_buffer| should be ignored
+ // by the caller.
+ virtual Status Decrypt(const InputBuffer_2& encrypted_buffer,
+ DecryptedBlock* decrypted_buffer) = 0;
+
+ // Initializes the CDM audio decoder with |audio_decoder_config|. This
+ // function must be called before DecryptAndDecodeSamples() is called.
+ //
+ // Returns kSuccess if the |audio_decoder_config| is supported and the CDM
+ // audio decoder is successfully initialized.
+ // Returns kInitializationError if |audio_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeAudioDecoder(
+ const AudioDecoderConfig_2& audio_decoder_config) = 0;
+
+ // Initializes the CDM video decoder with |video_decoder_config|. This
+ // function must be called before DecryptAndDecodeFrame() is called.
+ //
+ // Returns kSuccess if the |video_decoder_config| is supported and the CDM
+ // video decoder is successfully initialized.
+ // Returns kInitializationError if |video_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeVideoDecoder(
+ const VideoDecoderConfig_2& video_decoder_config) = 0;
+
+ // De-initializes the CDM decoder and sets it to an uninitialized state. The
+ // caller can initialize the decoder again after this call to re-initialize
+ // it. This can be used to reconfigure the decoder if the configuration
+ // changes.
+ virtual void DeinitializeDecoder(StreamType decoder_type) = 0;
+
+ // Resets the CDM decoder to an initialized clean state. All internal buffers
+ // MUST be flushed.
+ virtual void ResetDecoder(StreamType decoder_type) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a
+ // |video_frame|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until
+ // kNeedMoreData is returned.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled the |video_frame| and passed the ownership of
+ // |frame_buffer| in |video_frame| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // a decoded frame (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |video_frame| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeFrame(const InputBuffer_2& encrypted_buffer,
+ VideoFrame* video_frame) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into
+ // |audio_frames|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
+ // |audio_frames| is produced.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled |audio_frames| and passed the ownership of
+ // |data| in |audio_frames| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // audio samples (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |audio_frames| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeSamples(const InputBuffer_2& encrypted_buffer,
+ AudioFrames* audio_frames) = 0;
+
+ // Called by the host after a platform challenge was initiated via
+ // Host::SendPlatformChallenge().
+ virtual void OnPlatformChallengeResponse(
+ const PlatformChallengeResponse& response) = 0;
+
+ // Called by the host after a call to Host::QueryOutputProtectionStatus(). The
+ // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask|
+ // is a bit mask of OutputProtectionMethods. If |result| is kQueryFailed,
+ // then |link_mask| and |output_protection_mask| are undefined and should
+ // be ignored.
+ virtual void OnQueryOutputProtectionStatus(
+ QueryResult result, uint32_t link_mask,
+ uint32_t output_protection_mask) = 0;
+
+ // Called by the host after a call to Host::RequestStorageId(). If the
+ // version of the storage ID requested is available, |storage_id| and
+ // |storage_id_size| are set appropriately. |version| will be the same as
+ // what was requested, unless 0 (latest) was requested, in which case
+ // |version| will be the actual version number for the |storage_id| returned.
+ // If the requested version is not available, null/zero will be provided as
+ // |storage_id| and |storage_id_size|, respectively, and |version| should be
+ // ignored.
+ virtual void OnStorageId(uint32_t version, const uint8_t* storage_id,
+ uint32_t storage_id_size) = 0;
+
+ // Destroys the object in the same context as it was created.
+ virtual void Destroy() = 0;
+
+ protected:
+ ContentDecryptionModule_10() {}
+ virtual ~ContentDecryptionModule_10() {}
+};
+
+// ----- Note: CDM interface(s) below still in development and not stable! -----
+
+// ContentDecryptionModule interface that all CDMs need to implement.
+// The interface is versioned for backward compatibility.
+// Note: ContentDecryptionModule implementations must use the allocator
+// provided in CreateCdmInstance() to allocate any Buffer that needs to
+// be passed back to the caller. Implementations must call Buffer::Destroy()
+// when a Buffer is created that will never be returned to the caller.
+class CDM_CLASS_API ContentDecryptionModule_11 {
+ public:
+ static const int kVersion = 11;
+ static const bool kIsStable = false;
+ typedef Host_11 Host;
+
+ // Initializes the CDM instance, providing information about permitted
+ // functionalities. The CDM must respond by calling Host::OnInitialized()
+ // with whether the initialization succeeded. No other calls will be made by
+ // the host before Host::OnInitialized() returns.
+ // If |allow_distinctive_identifier| is false, messages from the CDM,
+ // such as message events, must not contain a Distinctive Identifier,
+ // even in an encrypted form.
+ // If |allow_persistent_state| is false, the CDM must not attempt to
+ // persist state. Calls to CreateFileIO() will fail.
+ // If |use_hw_secure_codecs| is true, the CDM must ensure the decryption key
+ // and video buffers (compressed and uncompressed) are securely protected by
+ // hardware.
+ virtual void Initialize(bool allow_distinctive_identifier,
+ bool allow_persistent_state,
+ bool use_hw_secure_codecs) = 0;
+
+ // Gets the key status if the CDM has a hypothetical key with the |policy|.
+ // The CDM must respond by calling either Host::OnResolveKeyStatusPromise()
+ // with the result key status or Host::OnRejectPromise() if an unexpected
+ // error happened or this method is not supported.
+ virtual void GetStatusForPolicy(uint32_t promise_id,
+ const Policy& policy) = 0;
+
+ // SetServerCertificate(), CreateSessionAndGenerateRequest(), LoadSession(),
+ // UpdateSession(), CloseSession(), and RemoveSession() all accept a
+ // |promise_id|, which must be passed to the completion Host method
+ // (e.g. Host::OnResolveNewSessionPromise()).
+
+ // Provides a server certificate to be used to encrypt messages to the
+ // license server. The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise().
+ // If the CDM does not support server certificates, the promise should be
+ // rejected with kExceptionNotSupportedError. If |server_certificate_data|
+ // is empty, reject with kExceptionTypeError. Any other error should be
+ // rejected with kExceptionInvalidStateError or kExceptionQuotaExceededError.
+ // TODO(crbug.com/796417): Add support for the promise to return true or
+ // false, rather than using kExceptionNotSupportedError to mean false.
+ virtual void SetServerCertificate(uint32_t promise_id,
+ const uint8_t* server_certificate_data,
+ uint32_t server_certificate_data_size) = 0;
+
+ // Creates a session given |session_type|, |init_data_type|, and |init_data|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise().
+ virtual void CreateSessionAndGenerateRequest(uint32_t promise_id,
+ SessionType session_type,
+ InitDataType init_data_type,
+ const uint8_t* init_data,
+ uint32_t init_data_size) = 0;
+
+ // Loads the session of type |session_type| specified by |session_id|.
+ // The CDM must respond by calling either Host::OnResolveNewSessionPromise()
+ // or Host::OnRejectPromise(). If the session is not found, call
+ // Host::OnResolveNewSessionPromise() with session_id = NULL.
+ virtual void LoadSession(uint32_t promise_id, SessionType session_type,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Updates the session with |response|. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise().
+ virtual void UpdateSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size, const uint8_t* response,
+ uint32_t response_size) = 0;
+
+ // Requests that the CDM close the session. The CDM must respond by calling
+ // either Host::OnResolvePromise() or Host::OnRejectPromise() when the request
+ // has been processed. This may be before the session is closed. Once the
+ // session is closed, Host::OnSessionClosed() must also be called.
+ virtual void CloseSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Removes any stored session data associated with this session. Removes all
+ // license(s) and key(s) associated with the session, whether they are in
+ // memory, persistent store, or both. For persistent session types, other
+ // session data (e.g. record of license destruction) will be cleared as
+ // defined for each session type once a release message acknowledgment is
+ // processed by UpdateSession(). The CDM must respond by calling either
+ // Host::OnResolvePromise() or Host::OnRejectPromise() when the request has
+ // been processed.
+ virtual void RemoveSession(uint32_t promise_id, const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Performs scheduled operation with |context| when the timer fires.
+ virtual void TimerExpired(void* context) = 0;
+
+ // Decrypts the |encrypted_buffer|.
+ //
+ // Returns kSuccess if decryption succeeded, in which case the callee
+ // should have filled the |decrypted_buffer| and passed the ownership of
+ // |data| in |decrypted_buffer| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kDecryptError if any other error happened.
+ // If the return value is not kSuccess, |decrypted_buffer| should be ignored
+ // by the caller.
+ virtual Status Decrypt(const InputBuffer_2& encrypted_buffer,
+ DecryptedBlock* decrypted_buffer) = 0;
+
+ // Initializes the CDM audio decoder with |audio_decoder_config|. This
+ // function must be called before DecryptAndDecodeSamples() is called.
+ //
+ // Returns kSuccess if the |audio_decoder_config| is supported and the CDM
+ // audio decoder is successfully initialized.
+ // Returns kInitializationError if |audio_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeAudioDecoder(
+ const AudioDecoderConfig_2& audio_decoder_config) = 0;
+
+ // Initializes the CDM video decoder with |video_decoder_config|. This
+ // function must be called before DecryptAndDecodeFrame() is called.
+ //
+ // Returns kSuccess if the |video_decoder_config| is supported and the CDM
+ // video decoder is successfully initialized.
+ // Returns kInitializationError if |video_decoder_config| is not supported.
+ // The CDM may still be able to do Decrypt().
+ // Returns kDeferredInitialization if the CDM is not ready to initialize the
+ // decoder at this time. Must call Host::OnDeferredInitializationDone() once
+ // initialization is complete.
+ virtual Status InitializeVideoDecoder(
+ const VideoDecoderConfig_3& video_decoder_config) = 0;
+
+ // De-initializes the CDM decoder and sets it to an uninitialized state. The
+ // caller can initialize the decoder again after this call to re-initialize
+ // it. This can be used to reconfigure the decoder if the configuration
+ // changes.
+ virtual void DeinitializeDecoder(StreamType decoder_type) = 0;
+
+ // Resets the CDM decoder to an initialized clean state. All internal buffers
+ // MUST be flushed.
+ virtual void ResetDecoder(StreamType decoder_type) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into a
+ // |video_frame|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until
+ // kNeedMoreData is returned.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled the |video_frame| and passed the ownership of
+ // |frame_buffer| in |video_frame| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // a decoded frame (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |video_frame| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeFrame(const InputBuffer_2& encrypted_buffer,
+ VideoFrame_2* video_frame) = 0;
+
+ // Decrypts the |encrypted_buffer| and decodes the decrypted buffer into
+ // |audio_frames|. Upon end-of-stream, the caller should call this function
+ // repeatedly with empty |encrypted_buffer| (|data| == NULL) until only empty
+ // |audio_frames| is produced.
+ //
+ // Returns kSuccess if decryption and decoding both succeeded, in which case
+ // the callee will have filled |audio_frames| and passed the ownership of
+ // |data| in |audio_frames| to the caller.
+ // Returns kNoKey if the CDM did not have the necessary decryption key
+ // to decrypt.
+ // Returns kNeedMoreData if more data was needed by the decoder to generate
+ // audio samples (e.g. during initialization and end-of-stream).
+ // Returns kDecryptError if any decryption error happened.
+ // Returns kDecodeError if any decoding error happened.
+ // If the return value is not kSuccess, |audio_frames| should be ignored by
+ // the caller.
+ virtual Status DecryptAndDecodeSamples(const InputBuffer_2& encrypted_buffer,
+ AudioFrames* audio_frames) = 0;
+
+ // Called by the host after a platform challenge was initiated via
+ // Host::SendPlatformChallenge().
+ virtual void OnPlatformChallengeResponse(
+ const PlatformChallengeResponse& response) = 0;
+
+ // Called by the host after a call to Host::QueryOutputProtectionStatus(). The
+ // |link_mask| is a bit mask of OutputLinkTypes and |output_protection_mask|
+ // is a bit mask of OutputProtectionMethods. If |result| is kQueryFailed,
+ // then |link_mask| and |output_protection_mask| are undefined and should
+ // be ignored.
+ virtual void OnQueryOutputProtectionStatus(
+ QueryResult result, uint32_t link_mask,
+ uint32_t output_protection_mask) = 0;
+
+ // Called by the host after a call to Host::RequestStorageId(). If the
+ // version of the storage ID requested is available, |storage_id| and
+ // |storage_id_size| are set appropriately. |version| will be the same as
+ // what was requested, unless 0 (latest) was requested, in which case
+ // |version| will be the actual version number for the |storage_id| returned.
+ // If the requested version is not available, null/zero will be provided as
+ // |storage_id| and |storage_id_size|, respectively, and |version| should be
+ // ignored.
+ virtual void OnStorageId(uint32_t version, const uint8_t* storage_id,
+ uint32_t storage_id_size) = 0;
+
+ // Destroys the object in the same context as it was created.
+ virtual void Destroy() = 0;
+
+ protected:
+ ContentDecryptionModule_11() {}
+ virtual ~ContentDecryptionModule_11() {}
+};
+
+class CDM_CLASS_API Host_10 {
+ public:
+ static const int kVersion = 10;
+
+ // Returns a Buffer* containing non-zero members upon success, or NULL on
+ // failure. The caller owns the Buffer* after this call. The buffer is not
+ // guaranteed to be zero initialized. The capacity of the allocated Buffer
+ // is guaranteed to be not less than |capacity|.
+ virtual Buffer* Allocate(uint32_t capacity) = 0;
+
+ // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms|
+ // from now with |context|.
+ virtual void SetTimer(int64_t delay_ms, void* context) = 0;
+
+ // Returns the current wall time.
+ virtual Time GetCurrentWallTime() = 0;
+
+ // Called by the CDM with the result after the CDM instance was initialized.
+ virtual void OnInitialized(bool success) = 0;
+
+ // Called by the CDM when a key status is available in response to
+ // GetStatusForPolicy().
+ virtual void OnResolveKeyStatusPromise(uint32_t promise_id,
+ KeyStatus key_status) = 0;
+
+ // Called by the CDM when a session is created or loaded and the value for the
+ // MediaKeySession's sessionId attribute is available (|session_id|).
+ // This must be called before OnSessionMessage() or
+ // OnSessionKeysChange() is called for the same session. |session_id_size|
+ // should not include null termination.
+ // When called in response to LoadSession(), the |session_id| must be the
+ // same as the |session_id| passed in LoadSession(), or NULL if the
+ // session could not be loaded.
+ virtual void OnResolveNewSessionPromise(uint32_t promise_id,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Called by the CDM when a session is updated or released.
+ virtual void OnResolvePromise(uint32_t promise_id) = 0;
+
+ // Called by the CDM when an error occurs as a result of one of the
+ // ContentDecryptionModule calls that accept a |promise_id|.
+ // |exception| must be specified. |error_message| and |system_code|
+ // are optional. |error_message_size| should not include null termination.
+ virtual void OnRejectPromise(uint32_t promise_id, Exception exception,
+ uint32_t system_code, const char* error_message,
+ uint32_t error_message_size) = 0;
+
+ // Called by the CDM when it has a message for session |session_id|.
+ // Size parameters should not include null termination.
+ virtual void OnSessionMessage(const char* session_id,
+ uint32_t session_id_size,
+ MessageType message_type, const char* message,
+ uint32_t message_size) = 0;
+
+ // Called by the CDM when there has been a change in keys or their status for
+ // session |session_id|. |has_additional_usable_key| should be set if a
+ // key is newly usable (e.g. new key available, previously expired key has
+ // been renewed, etc.) and the browser should attempt to resume playback.
+ // |keys_info| is the list of key IDs for this session along with their
+ // current status. |keys_info_count| is the number of entries in |keys_info|.
+ // Size parameter for |session_id| should not include null termination.
+ virtual void OnSessionKeysChange(const char* session_id,
+ uint32_t session_id_size,
+ bool has_additional_usable_key,
+ const KeyInformation* keys_info,
+ uint32_t keys_info_count) = 0;
+
+ // Called by the CDM when there has been a change in the expiration time for
+ // session |session_id|. This can happen as the result of an Update() call
+ // or some other event. If this happens as a result of a call to Update(),
+ // it must be called before resolving the Update() promise. |new_expiry_time|
+ // represents the time after which the key(s) in the session will no longer
+ // be usable for decryption. It can be 0 if no such time exists or if the
+ // license explicitly never expires. Size parameter should not include null
+ // termination.
+ virtual void OnExpirationChange(const char* session_id,
+ uint32_t session_id_size,
+ Time new_expiry_time) = 0;
+
+ // Called by the CDM when session |session_id| is closed. Size
+ // parameter should not include null termination.
+ virtual void OnSessionClosed(const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // The following are optional methods that may not be implemented on all
+ // platforms.
+
+ // Sends a platform challenge for the given |service_id|. |challenge| is at
+ // most 256 bits of data to be signed. Once the challenge has been completed,
+ // the host will call ContentDecryptionModule::OnPlatformChallengeResponse()
+ // with the signed challenge response and platform certificate. Size
+ // parameters should not include null termination.
+ virtual void SendPlatformChallenge(const char* service_id,
+ uint32_t service_id_size,
+ const char* challenge,
+ uint32_t challenge_size) = 0;
+
+ // Attempts to enable output protection (e.g. HDCP) on the display link. The
+ // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No
+ // status callback is issued, the CDM must call QueryOutputProtectionStatus()
+ // periodically to ensure the desired protections are applied.
+ virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0;
+
+ // Requests the current output protection status. Once the host has the status
+ // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus().
+ virtual void QueryOutputProtectionStatus() = 0;
+
+ // Must be called by the CDM if it returned kDeferredInitialization during
+ // InitializeAudioDecoder() or InitializeVideoDecoder().
+ virtual void OnDeferredInitializationDone(StreamType stream_type,
+ Status decoder_status) = 0;
+
+ // Creates a FileIO object from the host to do file IO operation. Returns NULL
+ // if a FileIO object cannot be obtained. Once a valid FileIO object is
+ // returned, |client| must be valid until FileIO::Close() is called. The
+ // CDM can call this method multiple times to operate on different files.
+ virtual FileIO* CreateFileIO(FileIOClient* client) = 0;
+
+ // Requests a specific version of the storage ID. A storage ID is a stable,
+ // device specific ID used by the CDM to securely store persistent data. The
+ // ID will be returned by the host via ContentDecryptionModule::OnStorageId().
+ // If |version| is 0, the latest version will be returned. All |version|s
+ // that are greater than or equal to 0x80000000 are reserved for the CDM and
+ // should not be supported or returned by the host. The CDM must not expose
+ // the ID outside the client device, even in encrypted form.
+ virtual void RequestStorageId(uint32_t version) = 0;
+
+ protected:
+ Host_10() {}
+ virtual ~Host_10() {}
+};
+
+class CDM_CLASS_API Host_11 {
+ public:
+ static const int kVersion = 11;
+
+ // Returns a Buffer* containing non-zero members upon success, or NULL on
+ // failure. The caller owns the Buffer* after this call. The buffer is not
+ // guaranteed to be zero initialized. The capacity of the allocated Buffer
+ // is guaranteed to be not less than |capacity|.
+ virtual Buffer* Allocate(uint32_t capacity) = 0;
+
+ // Requests the host to call ContentDecryptionModule::TimerFired() |delay_ms|
+ // from now with |context|.
+ virtual void SetTimer(int64_t delay_ms, void* context) = 0;
+
+ // Returns the current wall time.
+ virtual Time GetCurrentWallTime() = 0;
+
+ // Called by the CDM with the result after the CDM instance was initialized.
+ virtual void OnInitialized(bool success) = 0;
+
+ // Called by the CDM when a key status is available in response to
+ // GetStatusForPolicy().
+ virtual void OnResolveKeyStatusPromise(uint32_t promise_id,
+ KeyStatus key_status) = 0;
+
+ // Called by the CDM when a session is created or loaded and the value for the
+ // MediaKeySession's sessionId attribute is available (|session_id|).
+ // This must be called before OnSessionMessage() or
+ // OnSessionKeysChange() is called for the same session. |session_id_size|
+ // should not include null termination.
+ // When called in response to LoadSession(), the |session_id| must be the
+ // same as the |session_id| passed in LoadSession(), or NULL if the
+ // session could not be loaded.
+ virtual void OnResolveNewSessionPromise(uint32_t promise_id,
+ const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // Called by the CDM when a session is updated or released.
+ virtual void OnResolvePromise(uint32_t promise_id) = 0;
+
+ // Called by the CDM when an error occurs as a result of one of the
+ // ContentDecryptionModule calls that accept a |promise_id|.
+ // |exception| must be specified. |error_message| and |system_code|
+ // are optional. |error_message_size| should not include null termination.
+ virtual void OnRejectPromise(uint32_t promise_id, Exception exception,
+ uint32_t system_code, const char* error_message,
+ uint32_t error_message_size) = 0;
+
+ // Called by the CDM when it has a message for session |session_id|.
+ // Size parameters should not include null termination.
+ virtual void OnSessionMessage(const char* session_id,
+ uint32_t session_id_size,
+ MessageType message_type, const char* message,
+ uint32_t message_size) = 0;
+
+ // Called by the CDM when there has been a change in keys or their status for
+ // session |session_id|. |has_additional_usable_key| should be set if a
+ // key is newly usable (e.g. new key available, previously expired key has
+ // been renewed, etc.) and the browser should attempt to resume playback.
+ // |keys_info| is the list of key IDs for this session along with their
+ // current status. |keys_info_count| is the number of entries in |keys_info|.
+ // Size parameter for |session_id| should not include null termination.
+ virtual void OnSessionKeysChange(const char* session_id,
+ uint32_t session_id_size,
+ bool has_additional_usable_key,
+ const KeyInformation* keys_info,
+ uint32_t keys_info_count) = 0;
+
+ // Called by the CDM when there has been a change in the expiration time for
+ // session |session_id|. This can happen as the result of an Update() call
+ // or some other event. If this happens as a result of a call to Update(),
+ // it must be called before resolving the Update() promise. |new_expiry_time|
+ // represents the time after which the key(s) in the session will no longer
+ // be usable for decryption. It can be 0 if no such time exists or if the
+ // license explicitly never expires. Size parameter should not include null
+ // termination.
+ virtual void OnExpirationChange(const char* session_id,
+ uint32_t session_id_size,
+ Time new_expiry_time) = 0;
+
+ // Called by the CDM when session |session_id| is closed. Size
+ // parameter should not include null termination.
+ virtual void OnSessionClosed(const char* session_id,
+ uint32_t session_id_size) = 0;
+
+ // The following are optional methods that may not be implemented on all
+ // platforms.
+
+ // Sends a platform challenge for the given |service_id|. |challenge| is at
+ // most 256 bits of data to be signed. Once the challenge has been completed,
+ // the host will call ContentDecryptionModule::OnPlatformChallengeResponse()
+ // with the signed challenge response and platform certificate. Size
+ // parameters should not include null termination.
+ virtual void SendPlatformChallenge(const char* service_id,
+ uint32_t service_id_size,
+ const char* challenge,
+ uint32_t challenge_size) = 0;
+
+ // Attempts to enable output protection (e.g. HDCP) on the display link. The
+ // |desired_protection_mask| is a bit mask of OutputProtectionMethods. No
+ // status callback is issued, the CDM must call QueryOutputProtectionStatus()
+ // periodically to ensure the desired protections are applied.
+ virtual void EnableOutputProtection(uint32_t desired_protection_mask) = 0;
+
+ // Requests the current output protection status. Once the host has the status
+ // it will call ContentDecryptionModule::OnQueryOutputProtectionStatus().
+ virtual void QueryOutputProtectionStatus() = 0;
+
+ // Must be called by the CDM if it returned kDeferredInitialization during
+ // InitializeAudioDecoder() or InitializeVideoDecoder().
+ virtual void OnDeferredInitializationDone(StreamType stream_type,
+ Status decoder_status) = 0;
+
+ // Creates a FileIO object from the host to do file IO operation. Returns NULL
+ // if a FileIO object cannot be obtained. Once a valid FileIO object is
+ // returned, |client| must be valid until FileIO::Close() is called. The
+ // CDM can call this method multiple times to operate on different files.
+ virtual FileIO* CreateFileIO(FileIOClient* client) = 0;
+
+ // Requests a CdmProxy that proxies part of CDM functionalities to a different
+ // entity, e.g. a hardware CDM module. A CDM instance can have at most one
+ // CdmProxy throughout its lifetime, which must be requested and initialized
+ // during CDM instance initialization time, i.e. in or after CDM::Initialize()
+ // and before OnInitialized() is called, to ensure proper connection of the
+ // CdmProxy and the media player (e.g. hardware decoder). The CdmProxy is
+ // owned by the host and is guaranteed to be valid throughout the CDM
+ // instance's lifetime. The CDM must ensure that the |client| remain valid
+ // before the CDM instance is destroyed. Returns null if CdmProxy is not
+ // supported, called before CDM::Initialize(), RequestCdmProxy() is called
+ // more than once, or called after the CDM instance has been initialized.
+ virtual CdmProxy* RequestCdmProxy(CdmProxyClient* client) = 0;
+
+ // Requests a specific version of the storage ID. A storage ID is a stable,
+ // device specific ID used by the CDM to securely store persistent data. The
+ // ID will be returned by the host via ContentDecryptionModule::OnStorageId().
+ // If |version| is 0, the latest version will be returned. All |version|s
+ // that are greater than or equal to 0x80000000 are reserved for the CDM and
+ // should not be supported or returned by the host. The CDM must not expose
+ // the ID outside the client device, even in encrypted form.
+ virtual void RequestStorageId(uint32_t version) = 0;
+
+ protected:
+ Host_11() {}
+ virtual ~Host_11() {}
+};
+
+} // namespace cdm
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_H_
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_export.h b/dom/media/gmp/widevine-adapter/content_decryption_module_export.h
new file mode 100644
index 0000000000..932708deba
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module_export.h
@@ -0,0 +1,38 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_
+
+// Define CDM_API so that functionality implemented by the CDM module
+// can be exported to consumers.
+#if defined(_WIN32)
+
+#if defined(CDM_IMPLEMENTATION)
+#define CDM_API __declspec(dllexport)
+#else
+#define CDM_API __declspec(dllimport)
+#endif // defined(CDM_IMPLEMENTATION)
+
+#else // defined(_WIN32)
+#define CDM_API __attribute__((visibility("default")))
+#endif // defined(_WIN32)
+
+// Define CDM_CLASS_API to export class types. We have to add visibility
+// attributes to make sure virtual tables in CDM consumer and CDM implementation
+// are the same. Generally, it was always a good idea, as there're no guarantees
+// about that for the internal symbols, but it has only become a practical issue
+// after introduction of LTO devirtualization. See more details on
+// https://crbug.com/609564#c35
+#if defined(_WIN32)
+#if defined(__clang__)
+#define CDM_CLASS_API [[clang::lto_visibility_public]]
+#else
+#define CDM_CLASS_API
+#endif
+#else // defined(_WIN32)
+#define CDM_CLASS_API __attribute__((visibility("default")))
+#endif // defined(_WIN32)
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_EXPORT_H_
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h b/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h
new file mode 100644
index 0000000000..5df8344e60
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module_ext.h
@@ -0,0 +1,64 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_EXT_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_EXT_H_
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "content_decryption_module_export.h"
+
+#if defined(_MSC_VER)
+typedef unsigned int uint32_t;
+#else
+#include <stdint.h>
+#endif
+
+namespace cdm {
+
+#if defined(_WIN32)
+typedef wchar_t FilePathCharType;
+typedef HANDLE PlatformFile;
+const PlatformFile kInvalidPlatformFile = INVALID_HANDLE_VALUE;
+#else
+typedef char FilePathCharType;
+typedef int PlatformFile;
+const PlatformFile kInvalidPlatformFile = -1;
+#endif // defined(_WIN32)
+
+struct HostFile {
+ HostFile(const FilePathCharType* file_path,
+ PlatformFile file,
+ PlatformFile sig_file)
+ : file_path(file_path), file(file), sig_file(sig_file) {}
+
+ // File that is part of the host of the CDM.
+ const FilePathCharType* file_path = nullptr;
+ PlatformFile file = kInvalidPlatformFile;
+
+ // Signature file for |file|.
+ PlatformFile sig_file = kInvalidPlatformFile;
+};
+
+} // namespace cdm
+
+extern "C" {
+
+// Functions in this file are dynamically retrieved by their versioned function
+// names. Increment the version number for any backward incompatible API
+// changes.
+
+// Verifies CDM host. All files in |host_files| are opened in read-only mode.
+//
+// Returns false and closes all files if there is an immediate failure.
+// Otherwise returns true as soon as possible and processes the files
+// asynchronously. All files MUST be closed by the CDM after this one-time
+// processing is finished.
+CDM_API bool VerifyCdmHost_0(const cdm::HostFile* host_files,
+ uint32_t num_files);
+}
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_EXT_H_
diff --git a/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h b/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h
new file mode 100644
index 0000000000..d3edff8b37
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/content_decryption_module_proxy.h
@@ -0,0 +1,121 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_
+#define CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_
+
+#include "content_decryption_module_export.h"
+
+#if defined(_MSC_VER)
+typedef unsigned char uint8_t;
+typedef unsigned int uint32_t;
+typedef unsigned __int64 uint64_t;
+#else
+# include <stdint.h>
+#endif
+
+namespace cdm {
+
+class CDM_CLASS_API CdmProxyClient;
+
+// A proxy class for the CDM.
+// In general, the interpretation of the CdmProxy and CdmProxyClient method
+// parameters are protocol dependent. For enum parameters, values outside the
+// enum range may not work.
+class CDM_CLASS_API CdmProxy {
+ public:
+ enum Function : uint32_t {
+ // For Intel Negotiate Crypto SessionKey Exchange (CSME) path to call
+ // ID3D11VideoContext::NegotiateCryptoSessionKeyExchange.
+ kIntelNegotiateCryptoSessionKeyExchange = 1,
+ // There will be more values in the future e.g. for D3D11 RSA method.
+ };
+
+ enum KeyType : uint32_t {
+ kDecryptOnly = 0,
+ kDecryptAndDecode = 1,
+ };
+
+ // Initializes the proxy. The results will be returned in
+ // CdmProxyClient::OnInitialized().
+ virtual void Initialize() = 0;
+
+ // Processes and updates the state of the proxy.
+ // |output_data_size| is required by some protocol to set up the output data.
+ // The operation may fail if the |output_data_size| is wrong. The results will
+ // be returned in CdmProxyClient::OnProcessed().
+ virtual void Process(Function function, uint32_t crypto_session_id,
+ const uint8_t* input_data, uint32_t input_data_size,
+ uint32_t output_data_size) = 0;
+
+ // Creates a crypto session for handling media.
+ // If extra data has to be passed to further setup the media crypto session,
+ // pass the data as |input_data|. The results will be returned in
+ // CdmProxyClient::OnMediaCryptoSessionCreated().
+ virtual void CreateMediaCryptoSession(const uint8_t* input_data,
+ uint32_t input_data_size) = 0;
+
+ // Sets a key for the session identified by |crypto_session_id|.
+ virtual void SetKey(uint32_t crypto_session_id, const uint8_t* key_id,
+ uint32_t key_id_size, KeyType key_type,
+ const uint8_t* key_blob, uint32_t key_blob_size) = 0;
+
+ // Removes a key for the session identified by |crypto_session_id|.
+ virtual void RemoveKey(uint32_t crypto_session_id, const uint8_t* key_id,
+ uint32_t key_id_size) = 0;
+
+ protected:
+ CdmProxy() {}
+ virtual ~CdmProxy() {}
+};
+
+// Responses to CdmProxy calls. All responses will be called asynchronously.
+class CDM_CLASS_API CdmProxyClient {
+ public:
+ enum Status : uint32_t {
+ kOk,
+ kFail,
+ };
+
+ enum Protocol : uint32_t {
+ kNone = 0, // No protocol supported. Can be used in failure cases.
+ kIntel, // Method using Intel CSME.
+ // There will be more values in the future e.g. kD3D11RsaHardware,
+ // kD3D11RsaSoftware to use the D3D11 RSA method.
+ };
+
+ // Callback for Initialize(). If the proxy created a crypto session, then the
+ // ID for the crypto session is |crypto_session_id|.
+ virtual void OnInitialized(Status status, Protocol protocol,
+ uint32_t crypto_session_id) = 0;
+
+ // Callback for Process(). |output_data| is the output of processing.
+ virtual void OnProcessed(Status status, const uint8_t* output_data,
+ uint32_t output_data_size) = 0;
+
+ // Callback for CreateMediaCryptoSession(). On success:
+ // - |crypto_session_id| is the ID for the created crypto session.
+ // - |output_data| is extra value, if any.
+ // Otherwise, |crypto_session_id| and |output_data| should be ignored.
+ virtual void OnMediaCryptoSessionCreated(Status status,
+ uint32_t crypto_session_id,
+ uint64_t output_data) = 0;
+
+ // Callback for SetKey().
+ virtual void OnKeySet(Status status) = 0;
+
+ // Callback for RemoveKey().
+ virtual void OnKeyRemoved(Status status) = 0;
+
+ // Called when there is a hardware reset and all the hardware context is lost.
+ virtual void NotifyHardwareReset() = 0;
+
+ protected:
+ CdmProxyClient() {}
+ virtual ~CdmProxyClient() {}
+};
+
+} // namespace cdm
+
+#endif // CDM_CONTENT_DECRYPTION_MODULE_PROXY_H_
diff --git a/dom/media/gmp/widevine-adapter/moz.build b/dom/media/gmp/widevine-adapter/moz.build
new file mode 100644
index 0000000000..b1b7582407
--- /dev/null
+++ b/dom/media/gmp/widevine-adapter/moz.build
@@ -0,0 +1,21 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SOURCES += [
+ "WidevineFileIO.cpp",
+ "WidevineUtils.cpp",
+ "WidevineVideoFrame.cpp",
+]
+
+EXPORTS += ["WidevineFileIO.h", "WidevineUtils.h", "WidevineVideoFrame.h"]
+
+FINAL_LIBRARY = "xul"
+
+LOCAL_INCLUDES += [
+ "/dom/media/gmp",
+]
+
+include("/ipc/chromium/chromium-config.mozbuild")