summaryrefslogtreecommitdiffstats
path: root/dom/ipc/ContentParent.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'dom/ipc/ContentParent.cpp')
-rw-r--r--dom/ipc/ContentParent.cpp8184
1 files changed, 8184 insertions, 0 deletions
diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp
new file mode 100644
index 0000000000..13206216f3
--- /dev/null
+++ b/dom/ipc/ContentParent.cpp
@@ -0,0 +1,8184 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef MOZ_WIDGET_ANDROID
+# include "AndroidDecoderModule.h"
+#endif
+
+#include "mozilla/AppShutdown.h"
+#include "mozilla/DebugOnly.h"
+
+#include "base/basictypes.h"
+#include "base/shared_memory.h"
+
+#include "ContentParent.h"
+#include "mozilla/ipc/ProcessUtils.h"
+#include "mozilla/CmdLineAndEnvUtils.h"
+#include "BrowserParent.h"
+
+#include "chrome/common/process_watcher.h"
+#include "mozilla/Result.h"
+#include "mozilla/XREAppData.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIBrowserDOMWindow.h"
+
+#include "GMPServiceParent.h"
+#include "HandlerServiceParent.h"
+#include "IHistory.h"
+#include <map>
+#include <utility>
+
+#include "ContentProcessManager.h"
+#include "GeckoProfiler.h"
+#include "Geolocation.h"
+#include "GfxInfoBase.h"
+#include "MMPrinter.h"
+#include "PreallocatedProcessManager.h"
+#include "ProcessPriorityManager.h"
+#include "ProfilerParent.h"
+#include "SandboxHal.h"
+#include "SourceSurfaceRawData.h"
+#include "mozilla/ipc/URIUtils.h"
+#include "gfxPlatform.h"
+#include "gfxPlatformFontList.h"
+#include "nsDNSService2.h"
+#include "nsPIDNSService.h"
+#include "mozilla/AntiTrackingUtils.h"
+#include "mozilla/AppShutdown.h"
+#include "mozilla/AutoRestore.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/BenchmarkStorageParent.h"
+#include "mozilla/Casting.h"
+#include "mozilla/ClearOnShutdown.h"
+#include "mozilla/ClipboardReadRequestParent.h"
+#include "mozilla/ClipboardWriteRequestParent.h"
+#include "mozilla/ContentBlockingUserInteraction.h"
+#include "mozilla/FOGIPC.h"
+#include "mozilla/GlobalStyleSheetCache.h"
+#include "mozilla/GeckoArgs.h"
+#include "mozilla/HangDetails.h"
+#include "mozilla/LookAndFeel.h"
+#include "mozilla/Maybe.h"
+#include "mozilla/NullPrincipal.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/PresShell.h"
+#include "mozilla/ProcessHangMonitor.h"
+#include "mozilla/ProcessHangMonitorIPC.h"
+#include "mozilla/ProfilerLabels.h"
+#include "mozilla/ProfilerMarkers.h"
+#include "mozilla/RecursiveMutex.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/ScriptPreloader.h"
+#include "mozilla/Components.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/StaticPrefs_dom.h"
+#include "mozilla/StaticPrefs_fission.h"
+#include "mozilla/StaticPrefs_media.h"
+#include "mozilla/StaticPrefs_network.h"
+#include "mozilla/StaticPrefs_widget.h"
+#include "mozilla/StorageAccessAPIHelper.h"
+#include "mozilla/StyleSheet.h"
+#include "mozilla/StyleSheetInlines.h"
+#include "mozilla/TaskController.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/TelemetryIPC.h"
+#include "mozilla/ThreadSafety.h"
+#include "mozilla/Unused.h"
+#include "mozilla/WebBrowserPersistDocumentParent.h"
+#include "mozilla/devtools/HeapSnapshotTempFileHelperParent.h"
+#include "mozilla/dom/BlobURLProtocolHandler.h"
+#include "mozilla/dom/BrowserHost.h"
+#include "mozilla/dom/BrowsingContext.h"
+#include "mozilla/dom/BrowsingContextGroup.h"
+#include "mozilla/dom/CancelContentJSOptionsBinding.h"
+#include "mozilla/dom/CanonicalBrowsingContext.h"
+#include "mozilla/dom/ClientManager.h"
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/dom/DataTransfer.h"
+#include "mozilla/dom/Document.h"
+#include "mozilla/dom/Element.h"
+#include "mozilla/dom/ExternalHelperAppParent.h"
+#include "mozilla/dom/File.h"
+#include "mozilla/dom/FileSystemSecurity.h"
+#include "mozilla/dom/GeolocationBinding.h"
+#include "mozilla/dom/GeolocationPositionError.h"
+#include "mozilla/dom/GetFilesHelper.h"
+#include "mozilla/dom/IPCBlobUtils.h"
+#include "mozilla/dom/JSActorService.h"
+#include "mozilla/dom/JSProcessActorBinding.h"
+#include "mozilla/dom/LocalStorageCommon.h"
+#include "mozilla/dom/MediaController.h"
+#include "mozilla/dom/MemoryReportRequest.h"
+#include "mozilla/dom/MediaStatusManager.h"
+#include "mozilla/dom/Notification.h"
+#include "mozilla/dom/PContentPermissionRequestParent.h"
+#include "mozilla/dom/PCycleCollectWithLogsParent.h"
+#include "mozilla/dom/ParentProcessMessageManager.h"
+#include "mozilla/dom/Permissions.h"
+#include "mozilla/dom/ProcessMessageManager.h"
+#include "mozilla/dom/PushNotifier.h"
+#include "mozilla/dom/ServiceWorkerManager.h"
+#include "mozilla/dom/ServiceWorkerRegistrar.h"
+#include "mozilla/dom/ServiceWorkerUtils.h"
+#include "mozilla/dom/SessionHistoryEntry.h"
+#include "mozilla/dom/SessionStorageManager.h"
+#include "mozilla/dom/StorageIPC.h"
+#include "mozilla/dom/UserActivation.h"
+#include "mozilla/dom/URLClassifierParent.h"
+#include "mozilla/dom/WindowGlobalParent.h"
+#include "mozilla/dom/ipc/SharedMap.h"
+#include "mozilla/dom/ipc/StructuredCloneData.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
+#include "mozilla/dom/power/PowerManagerService.h"
+#include "mozilla/dom/quota/QuotaManagerService.h"
+#include "mozilla/extensions/ExtensionsParent.h"
+#include "mozilla/extensions/StreamFilterParent.h"
+#include "mozilla/gfx/GPUProcessManager.h"
+#include "mozilla/gfx/gfxVars.h"
+#include "mozilla/glean/GleanPings.h"
+#include "mozilla/hal_sandbox/PHalParent.h"
+#include "mozilla/intl/L10nRegistry.h"
+#include "mozilla/intl/LocaleService.h"
+#include "mozilla/ipc/BackgroundChild.h"
+#include "mozilla/ipc/BackgroundParent.h"
+#include "mozilla/ipc/ByteBuf.h"
+#include "mozilla/ipc/CrashReporterHost.h"
+#include "mozilla/ipc/Endpoint.h"
+#include "mozilla/ipc/FileDescriptorUtils.h"
+#include "mozilla/ipc/IPCStreamUtils.h"
+#include "mozilla/ipc/TestShellParent.h"
+#include "mozilla/layers/CompositorThread.h"
+#include "mozilla/layers/ImageBridgeParent.h"
+#include "mozilla/layers/LayerTreeOwnerTracker.h"
+#include "mozilla/layers/PAPZParent.h"
+#include "mozilla/loader/ScriptCacheActors.h"
+#include "mozilla/media/MediaParent.h"
+#include "mozilla/mozSpellChecker.h"
+#include "mozilla/net/CookieServiceParent.h"
+#include "mozilla/net/NeckoMessageUtils.h"
+#include "mozilla/net/NeckoParent.h"
+#include "mozilla/net/PCookieServiceParent.h"
+#include "mozilla/net/CookieKey.h"
+#include "mozilla/net/TRRService.h"
+#include "mozilla/TelemetryComms.h"
+#include "mozilla/TelemetryEventEnums.h"
+#include "mozilla/RemoteLazyInputStreamParent.h"
+#include "mozilla/widget/RemoteLookAndFeel.h"
+#include "mozilla/widget/ScreenManager.h"
+#include "mozilla/widget/TextRecognition.h"
+#include "nsAnonymousTemporaryFile.h"
+#include "nsAppRunner.h"
+#include "nsCExternalHandlerService.h"
+#include "nsCOMPtr.h"
+#include "nsChromeRegistryChrome.h"
+#include "nsConsoleMessage.h"
+#include "nsConsoleService.h"
+#include "nsContentPermissionHelper.h"
+#include "nsContentUtils.h"
+#include "nsCRT.h"
+#include "nsDebugImpl.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsDocShell.h"
+#include "nsEmbedCID.h"
+#include "nsFocusManager.h"
+#include "nsFrameLoader.h"
+#include "nsFrameMessageManager.h"
+#include "nsGlobalWindowOuter.h"
+#include "nsHashPropertyBag.h"
+#include "nsHyphenationManager.h"
+#include "nsIAlertsService.h"
+#include "nsIAppShell.h"
+#include "nsIAppWindow.h"
+#include "nsIAsyncInputStream.h"
+#include "nsIBidiKeyboard.h"
+#include "nsICaptivePortalService.h"
+#include "nsICertOverrideService.h"
+#include "nsIClipboard.h"
+#include "nsIContentAnalysis.h"
+#include "nsIContentProcess.h"
+#include "nsIContentSecurityPolicy.h"
+#include "nsICookie.h"
+#include "nsICrashService.h"
+#include "nsICycleCollectorListener.h"
+#include "nsIDocShell.h"
+#include "nsIDocShellTreeOwner.h"
+#include "nsIDragService.h"
+#include "nsIExternalProtocolService.h"
+#include "nsIGfxInfo.h"
+#include "nsIUserIdleService.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsILocalStorageManager.h"
+#include "nsIMemoryInfoDumper.h"
+#include "nsIMemoryReporter.h"
+#include "nsIMozBrowserFrame.h"
+#include "nsINetworkLinkService.h"
+#include "nsIObserverService.h"
+#include "nsIParentChannel.h"
+#include "nsIScriptError.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIServiceWorkerManager.h"
+#include "nsISiteSecurityService.h"
+#include "nsIStringBundle.h"
+#include "nsITimer.h"
+#include "nsIURL.h"
+#include "nsIWebBrowserChrome.h"
+#include "nsIX509Cert.h"
+#include "nsIXULRuntime.h"
+#include "nsICookieNotification.h"
+#if defined(MOZ_WIDGET_GTK) || defined(XP_WIN)
+# include "nsIconChannel.h"
+#endif
+#include "nsMemoryInfoDumper.h"
+#include "nsMemoryReporterManager.h"
+#include "nsOpenURIInFrameParams.h"
+#include "nsPIWindowWatcher.h"
+#include "nsQueryObject.h"
+#include "nsReadableUtils.h"
+#include "nsSHistory.h"
+#include "nsScriptError.h"
+#include "nsServiceManagerUtils.h"
+#include "nsStreamUtils.h"
+#include "nsStyleSheetService.h"
+#include "nsThread.h"
+#include "nsThreadUtils.h"
+#include "nsWidgetsCID.h"
+#include "nsWindowWatcher.h"
+#include "prenv.h"
+#include "prio.h"
+#include "private/pprio.h"
+#include "xpcpublic.h"
+#include "nsOpenWindowInfo.h"
+#include "nsFrameLoaderOwner.h"
+
+#ifdef MOZ_WEBRTC
+# include "jsapi/WebrtcGlobalParent.h"
+#endif
+
+#if defined(XP_MACOSX)
+# include "nsMacUtilsImpl.h"
+# include "mozilla/AvailableMemoryWatcher.h"
+#endif
+
+#if defined(ANDROID) || defined(LINUX)
+# include "nsSystemInfo.h"
+#endif
+
+#if defined(XP_LINUX)
+# include "mozilla/Hal.h"
+#endif
+
+#ifdef ANDROID
+# include "gfxAndroidPlatform.h"
+#endif
+
+#include "mozilla/PermissionManager.h"
+
+#ifdef MOZ_WIDGET_ANDROID
+# include "AndroidBridge.h"
+# include "mozilla/java/GeckoProcessManagerWrappers.h"
+# include "mozilla/java/GeckoProcessTypeWrappers.h"
+#endif
+
+#ifdef MOZ_WIDGET_GTK
+# include <gdk/gdk.h>
+# include "mozilla/WidgetUtilsGtk.h"
+#endif
+
+#include "mozilla/RemoteSpellCheckEngineParent.h"
+
+#include "Crypto.h"
+
+#ifdef MOZ_WEBSPEECH
+# include "mozilla/dom/SpeechSynthesisParent.h"
+#endif
+
+#if defined(MOZ_SANDBOX)
+# include "mozilla/SandboxSettings.h"
+# if defined(XP_LINUX)
+# include "mozilla/SandboxInfo.h"
+# include "mozilla/SandboxBroker.h"
+# include "mozilla/SandboxBrokerPolicyFactory.h"
+# endif
+# if defined(XP_MACOSX)
+# include "mozilla/Sandbox.h"
+# endif
+#endif
+
+#ifdef XP_WIN
+# include "mozilla/widget/AudioSession.h"
+# include "mozilla/WinDllServices.h"
+#endif
+
+#ifdef MOZ_CODE_COVERAGE
+# include "mozilla/CodeCoverageHandler.h"
+#endif
+
+#ifdef FUZZING_SNAPSHOT
+# include "mozilla/fuzzing/IPCFuzzController.h"
+#endif
+
+// For VP9Benchmark::sBenchmarkFpsPref
+#include "Benchmark.h"
+
+#include "mozilla/RemoteDecodeUtils.h"
+#include "nsIToolkitProfileService.h"
+#include "nsIToolkitProfile.h"
+
+static NS_DEFINE_CID(kCClipboardCID, NS_CLIPBOARD_CID);
+
+using base::KillProcess;
+
+using namespace CrashReporter;
+using namespace mozilla::dom::power;
+using namespace mozilla::media;
+using namespace mozilla::embedding;
+using namespace mozilla::gfx;
+using namespace mozilla::gmp;
+using namespace mozilla::hal;
+using namespace mozilla::ipc;
+using namespace mozilla::intl;
+using namespace mozilla::layers;
+using namespace mozilla::layout;
+using namespace mozilla::net;
+using namespace mozilla::psm;
+using namespace mozilla::widget;
+using namespace mozilla::Telemetry;
+using mozilla::loader::PScriptCacheParent;
+using mozilla::Telemetry::ProcessID;
+
+extern mozilla::LazyLogModule gFocusLog;
+
+#define LOGFOCUS(args) MOZ_LOG(gFocusLog, mozilla::LogLevel::Debug, args)
+
+extern mozilla::LazyLogModule sPDMLog;
+#define LOGPDM(...) MOZ_LOG(sPDMLog, mozilla::LogLevel::Debug, (__VA_ARGS__))
+
+namespace mozilla {
+namespace CubebUtils {
+extern FileDescriptor CreateAudioIPCConnection();
+}
+
+namespace dom {
+
+LazyLogModule gProcessLog("Process");
+
+static std::map<RemoteDecodeIn, media::MediaCodecsSupported> sCodecsSupported;
+
+/* static */
+uint32_t ContentParent::sMaxContentProcesses = 0;
+
+/* static */
+LogModule* ContentParent::GetLog() { return gProcessLog; }
+
+/* static */
+uint32_t ContentParent::sPageLoadEventCounter = 0;
+
+#define NS_IPC_IOSERVICE_SET_OFFLINE_TOPIC "ipc:network:set-offline"
+#define NS_IPC_IOSERVICE_SET_CONNECTIVITY_TOPIC "ipc:network:set-connectivity"
+
+// IPC receiver for remote GC/CC logging.
+class CycleCollectWithLogsParent final : public PCycleCollectWithLogsParent {
+ public:
+ MOZ_COUNTED_DTOR(CycleCollectWithLogsParent)
+
+ static bool AllocAndSendConstructor(ContentParent* aManager,
+ bool aDumpAllTraces,
+ nsICycleCollectorLogSink* aSink,
+ nsIDumpGCAndCCLogsCallback* aCallback) {
+ CycleCollectWithLogsParent* actor;
+ FILE* gcLog;
+ FILE* ccLog;
+ nsresult rv;
+
+ actor = new CycleCollectWithLogsParent(aSink, aCallback);
+ rv = actor->mSink->Open(&gcLog, &ccLog);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ delete actor;
+ return false;
+ }
+
+ return aManager->SendPCycleCollectWithLogsConstructor(
+ actor, aDumpAllTraces, FILEToFileDescriptor(gcLog),
+ FILEToFileDescriptor(ccLog));
+ }
+
+ private:
+ virtual mozilla::ipc::IPCResult RecvCloseGCLog() override {
+ Unused << mSink->CloseGCLog();
+ return IPC_OK();
+ }
+
+ virtual mozilla::ipc::IPCResult RecvCloseCCLog() override {
+ Unused << mSink->CloseCCLog();
+ return IPC_OK();
+ }
+
+ virtual mozilla::ipc::IPCResult Recv__delete__() override {
+ // Report completion to mCallback only on successful
+ // completion of the protocol.
+ nsCOMPtr<nsIFile> gcLog, ccLog;
+ mSink->GetGcLog(getter_AddRefs(gcLog));
+ mSink->GetCcLog(getter_AddRefs(ccLog));
+ Unused << mCallback->OnDump(gcLog, ccLog, /* parent = */ false);
+ return IPC_OK();
+ }
+
+ virtual void ActorDestroy(ActorDestroyReason aReason) override {
+ // If the actor is unexpectedly destroyed, we deliberately
+ // don't call Close[GC]CLog on the sink, because the logs may
+ // be incomplete. See also the nsCycleCollectorLogSinkToFile
+ // implementaiton of those methods, and its destructor.
+ }
+
+ CycleCollectWithLogsParent(nsICycleCollectorLogSink* aSink,
+ nsIDumpGCAndCCLogsCallback* aCallback)
+ : mSink(aSink), mCallback(aCallback) {
+ MOZ_COUNT_CTOR(CycleCollectWithLogsParent);
+ }
+
+ nsCOMPtr<nsICycleCollectorLogSink> mSink;
+ nsCOMPtr<nsIDumpGCAndCCLogsCallback> mCallback;
+};
+
+// A memory reporter for ContentParent objects themselves.
+class ContentParentsMemoryReporter final : public nsIMemoryReporter {
+ ~ContentParentsMemoryReporter() = default;
+
+ public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSIMEMORYREPORTER
+};
+
+NS_IMPL_ISUPPORTS(ContentParentsMemoryReporter, nsIMemoryReporter)
+
+NS_IMETHODIMP
+ContentParentsMemoryReporter::CollectReports(
+ nsIHandleReportCallback* aHandleReport, nsISupports* aData,
+ bool aAnonymize) {
+ AutoTArray<ContentParent*, 16> cps;
+ ContentParent::GetAllEvenIfDead(cps);
+
+ for (uint32_t i = 0; i < cps.Length(); i++) {
+ ContentParent* cp = cps[i];
+ MessageChannel* channel = cp->GetIPCChannel();
+
+ nsString friendlyName;
+ cp->FriendlyName(friendlyName, aAnonymize);
+
+ cp->AddRef();
+ nsrefcnt refcnt = cp->Release();
+
+ const char* channelStr = "no channel";
+ uint32_t numQueuedMessages = 0;
+ if (channel) {
+ if (channel->IsClosed()) {
+ channelStr = "closed channel";
+ } else {
+ channelStr = "open channel";
+ }
+ numQueuedMessages =
+ 0; // XXX was channel->Unsound_NumQueuedMessages(); Bug 1754876
+ }
+
+ nsPrintfCString path(
+ "queued-ipc-messages/content-parent"
+ "(%s, pid=%d, %s, 0x%p, refcnt=%" PRIuPTR ")",
+ NS_ConvertUTF16toUTF8(friendlyName).get(), cp->Pid(), channelStr,
+ static_cast<nsIObserver*>(cp), refcnt);
+
+ constexpr auto desc =
+ "The number of unset IPC messages held in this ContentParent's "
+ "channel. A large value here might indicate that we're leaking "
+ "messages. Similarly, a ContentParent object for a process that's no "
+ "longer running could indicate that we're leaking ContentParents."_ns;
+
+ aHandleReport->Callback(/* process */ ""_ns, path, KIND_OTHER, UNITS_COUNT,
+ numQueuedMessages, desc, aData);
+ }
+
+ return NS_OK;
+}
+
+// A hashtable (by type) of processes/ContentParents. This includes
+// processes that are in the Preallocator cache (which would be type
+// 'prealloc'), and recycled processes ('web' and in the future
+// eTLD+1-locked) processes).
+nsClassHashtable<nsCStringHashKey, nsTArray<ContentParent*>>*
+ ContentParent::sBrowserContentParents;
+
+namespace {
+
+uint64_t ComputeLoadedOriginHash(nsIPrincipal* aPrincipal) {
+ uint32_t originNoSuffix =
+ BasePrincipal::Cast(aPrincipal)->GetOriginNoSuffixHash();
+ uint32_t originSuffix =
+ BasePrincipal::Cast(aPrincipal)->GetOriginSuffixHash();
+
+ return ((uint64_t)originNoSuffix) << 32 | originSuffix;
+}
+
+class ScriptableCPInfo final : public nsIContentProcessInfo {
+ public:
+ explicit ScriptableCPInfo(ContentParent* aParent) : mContentParent(aParent) {
+ MOZ_ASSERT(mContentParent);
+ }
+
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSICONTENTPROCESSINFO
+
+ void ProcessDied() { mContentParent = nullptr; }
+
+ private:
+ ~ScriptableCPInfo() { MOZ_ASSERT(!mContentParent, "must call ProcessDied"); }
+
+ ContentParent* mContentParent;
+};
+
+NS_IMPL_ISUPPORTS(ScriptableCPInfo, nsIContentProcessInfo)
+
+NS_IMETHODIMP
+ScriptableCPInfo::GetIsAlive(bool* aIsAlive) {
+ *aIsAlive = mContentParent != nullptr;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+ScriptableCPInfo::GetProcessId(int32_t* aPID) {
+ if (!mContentParent) {
+ *aPID = -1;
+ return NS_ERROR_NOT_INITIALIZED;
+ }
+
+ *aPID = mContentParent->Pid();
+ if (*aPID == -1) {
+ return NS_ERROR_FAILURE;
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+ScriptableCPInfo::GetTabCount(int32_t* aTabCount) {
+ if (!mContentParent) {
+ return NS_ERROR_NOT_INITIALIZED;
+ }
+
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+ *aTabCount = cpm->GetBrowserParentCountByProcessId(mContentParent->ChildID());
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+ScriptableCPInfo::GetMessageManager(nsISupports** aMessenger) {
+ *aMessenger = nullptr;
+ if (!mContentParent) {
+ return NS_ERROR_NOT_INITIALIZED;
+ }
+
+ RefPtr<ProcessMessageManager> manager = mContentParent->GetMessageManager();
+ manager.forget(aMessenger);
+ return NS_OK;
+}
+
+ProcessID GetTelemetryProcessID(const nsACString& remoteType) {
+ // OOP WebExtensions run in a content process.
+ // For Telemetry though we want to break out collected data from the
+ // WebExtensions process into a separate bucket, to make sure we can analyze
+ // it separately and avoid skewing normal content process metrics.
+ return remoteType == EXTENSION_REMOTE_TYPE ? ProcessID::Extension
+ : ProcessID::Content;
+}
+
+} // anonymous namespace
+
+StaticAutoPtr<LinkedList<ContentParent>> ContentParent::sContentParents;
+StaticRefPtr<ContentParent> ContentParent::sRecycledE10SProcess;
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+StaticAutoPtr<SandboxBrokerPolicyFactory>
+ ContentParent::sSandboxBrokerPolicyFactory;
+#endif
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+StaticAutoPtr<std::vector<std::string>> ContentParent::sMacSandboxParams;
+#endif
+
+// Set to true when the first content process gets created.
+static bool sCreatedFirstContentProcess = false;
+
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+// True when we're running the process selection code, and do not expect to
+// enter code paths where processes may die.
+static bool sInProcessSelector = false;
+#endif
+
+// The first content child has ID 1, so the chrome process can have ID 0.
+static uint64_t gContentChildID = 1;
+
+static const char* sObserverTopics[] = {
+ NS_IPC_IOSERVICE_SET_OFFLINE_TOPIC,
+ NS_IPC_IOSERVICE_SET_CONNECTIVITY_TOPIC,
+ NS_IPC_CAPTIVE_PORTAL_SET_STATE,
+ "application-background",
+ "application-foreground",
+ "memory-pressure",
+ "child-gc-request",
+ "child-cc-request",
+ "child-mmu-request",
+ "child-ghost-request",
+ "last-pb-context-exited",
+ "file-watcher-update",
+#ifdef ACCESSIBILITY
+ "a11y-init-or-shutdown",
+#endif
+ "cacheservice:empty-cache",
+ "intl:app-locales-changed",
+ "intl:requested-locales-changed",
+ "cookie-changed",
+ "private-cookie-changed",
+ NS_NETWORK_LINK_TYPE_TOPIC,
+ NS_NETWORK_TRR_MODE_CHANGED_TOPIC,
+ "network:socket-process-crashed",
+ DEFAULT_TIMEZONE_CHANGED_OBSERVER_TOPIC,
+};
+
+// PreallocateProcess is called by the PreallocatedProcessManager.
+// ContentParent then takes this process back within GetNewOrUsedBrowserProcess.
+/*static*/ already_AddRefed<ContentParent>
+ContentParent::MakePreallocProcess() {
+ RefPtr<ContentParent> process = new ContentParent(PREALLOC_REMOTE_TYPE);
+ return process.forget();
+}
+
+/*static*/
+void ContentParent::StartUp() {
+ // FIXME Bug 1023701 - Stop using ContentParent static methods in
+ // child process
+ if (!XRE_IsParentProcess()) {
+ return;
+ }
+
+ // From this point on, NS_WARNING, NS_ASSERTION, etc. should print out the
+ // PID along with the warning.
+ nsDebugImpl::SetMultiprocessMode("Parent");
+
+ // Note: This reporter measures all ContentParents.
+ RegisterStrongMemoryReporter(new ContentParentsMemoryReporter());
+
+ BackgroundChild::Startup();
+ ClientManager::Startup();
+
+ Preferences::RegisterCallbackAndCall(&OnFissionBlocklistPrefChange,
+ kFissionEnforceBlockList);
+ Preferences::RegisterCallbackAndCall(&OnFissionBlocklistPrefChange,
+ kFissionOmitBlockListValues);
+
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+ sSandboxBrokerPolicyFactory = new SandboxBrokerPolicyFactory();
+#endif
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ sMacSandboxParams = new std::vector<std::string>();
+#endif
+}
+
+/*static*/
+void ContentParent::ShutDown() {
+ // For the most, we rely on normal process shutdown and
+ // ClearOnShutdown() to clean up our state.
+
+#if defined(XP_LINUX) && defined(MOZ_SANDBOX)
+ sSandboxBrokerPolicyFactory = nullptr;
+#endif
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ sMacSandboxParams = nullptr;
+#endif
+}
+
+/*static*/
+uint32_t ContentParent::GetPoolSize(const nsACString& aContentProcessType) {
+ if (!sBrowserContentParents) {
+ return 0;
+ }
+
+ nsTArray<ContentParent*>* parents =
+ sBrowserContentParents->Get(aContentProcessType);
+
+ return parents ? parents->Length() : 0;
+}
+
+/*static*/ nsTArray<ContentParent*>& ContentParent::GetOrCreatePool(
+ const nsACString& aContentProcessType) {
+ if (!sBrowserContentParents) {
+ sBrowserContentParents =
+ new nsClassHashtable<nsCStringHashKey, nsTArray<ContentParent*>>;
+ }
+
+ return *sBrowserContentParents->GetOrInsertNew(aContentProcessType);
+}
+
+const nsDependentCSubstring RemoteTypePrefix(
+ const nsACString& aContentProcessType) {
+ // The suffix after a `=` in a remoteType is dynamic, and used to control the
+ // process pool to use.
+ int32_t equalIdx = aContentProcessType.FindChar(L'=');
+ if (equalIdx == kNotFound) {
+ equalIdx = aContentProcessType.Length();
+ }
+ return StringHead(aContentProcessType, equalIdx);
+}
+
+bool IsWebRemoteType(const nsACString& aContentProcessType) {
+ // Note: matches webIsolated, web, and webCOOP+COEP types.
+ return StringBeginsWith(aContentProcessType, DEFAULT_REMOTE_TYPE);
+}
+
+bool IsWebCoopCoepRemoteType(const nsACString& aContentProcessType) {
+ return StringBeginsWith(aContentProcessType,
+ WITH_COOP_COEP_REMOTE_TYPE_PREFIX);
+}
+
+bool IsExtensionRemoteType(const nsACString& aContentProcessType) {
+ return aContentProcessType == EXTENSION_REMOTE_TYPE;
+}
+
+/*static*/
+uint32_t ContentParent::GetMaxProcessCount(
+ const nsACString& aContentProcessType) {
+ // Max process count is based only on the prefix.
+ const nsDependentCSubstring processTypePrefix =
+ RemoteTypePrefix(aContentProcessType);
+
+ // Check for the default remote type of "web", as it uses different prefs.
+ if (processTypePrefix == DEFAULT_REMOTE_TYPE) {
+ return GetMaxWebProcessCount();
+ }
+
+ // Read the pref controling this remote type. `dom.ipc.processCount` is not
+ // used as a fallback, as it is intended to control the number of "web"
+ // content processes, checked in `mozilla::GetMaxWebProcessCount()`.
+ nsAutoCString processCountPref("dom.ipc.processCount.");
+ processCountPref.Append(processTypePrefix);
+
+ int32_t maxContentParents = Preferences::GetInt(processCountPref.get(), 1);
+ if (maxContentParents < 1) {
+ maxContentParents = 1;
+ }
+
+ return static_cast<uint32_t>(maxContentParents);
+}
+
+/*static*/
+bool ContentParent::IsMaxProcessCountReached(
+ const nsACString& aContentProcessType) {
+ return GetPoolSize(aContentProcessType) >=
+ GetMaxProcessCount(aContentProcessType);
+}
+
+// Really more ReleaseUnneededProcesses()
+/*static*/
+void ContentParent::ReleaseCachedProcesses() {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("ReleaseCachedProcesses:"));
+ if (!sBrowserContentParents) {
+ return;
+ }
+
+#ifdef DEBUG
+ for (const auto& cps : *sBrowserContentParents) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("%s: %zu processes", PromiseFlatCString(cps.GetKey()).get(),
+ cps.GetData()->Length()));
+ }
+#endif
+
+ // First let's collect all processes and keep a grip.
+ AutoTArray<RefPtr<ContentParent>, 32> fixArray;
+ for (const auto& contentParents : sBrowserContentParents->Values()) {
+ for (auto* cp : *contentParents) {
+ fixArray.AppendElement(cp);
+ }
+ }
+
+ for (const auto& cp : fixArray) {
+ // Ensure the process cannot be claimed between check and MarkAsDead.
+ RecursiveMutexAutoLock lock(cp->ThreadsafeHandleMutex());
+
+ if (cp->ManagedPBrowserParent().Count() == 0 && !cp->HasActiveWorker() &&
+ cp->mRemoteType == DEFAULT_REMOTE_TYPE) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ (" Shutdown %p (%s)", cp.get(), cp->mRemoteType.get()));
+
+ PreallocatedProcessManager::Erase(cp);
+ // Make sure we don't select this process for new tabs or workers.
+ cp->MarkAsDead();
+ // Start a soft shutdown.
+ cp->ShutDownProcess(SEND_SHUTDOWN_MESSAGE);
+ // Make sure that this process is no longer accessible from JS by its
+ // message manager.
+ cp->ShutDownMessageManager();
+ } else {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ (" Skipping %p (%s), count %d, HasActiveWorker %d", cp.get(),
+ cp->mRemoteType.get(), cp->ManagedPBrowserParent().Count(),
+ cp->HasActiveWorker()));
+ }
+ }
+}
+
+/*static*/
+already_AddRefed<ContentParent> ContentParent::MinTabSelect(
+ const nsTArray<ContentParent*>& aContentParents,
+ int32_t aMaxContentParents) {
+ uint32_t maxSelectable =
+ std::min(static_cast<uint32_t>(aContentParents.Length()),
+ static_cast<uint32_t>(aMaxContentParents));
+ uint32_t min = INT_MAX;
+ RefPtr<ContentParent> candidate;
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+
+ for (uint32_t i = 0; i < maxSelectable; i++) {
+ ContentParent* p = aContentParents[i];
+ MOZ_DIAGNOSTIC_ASSERT(!p->IsDead());
+
+ // Ignore processes that were slated for removal but not yet removed from
+ // the pool (see also GetUsedBrowserProcess and BlockShutdown).
+ if (!p->IsShuttingDown()) {
+ uint32_t tabCount = cpm->GetBrowserParentCountByProcessId(p->ChildID());
+ if (tabCount < min) {
+ candidate = p;
+ min = tabCount;
+ }
+ }
+ }
+
+ // If all current processes have at least one tab and we have not yet reached
+ // the maximum, use a new process.
+ if (min > 0 &&
+ aContentParents.Length() < static_cast<uint32_t>(aMaxContentParents)) {
+ return nullptr;
+ }
+
+ // Otherwise we return candidate.
+ return candidate.forget();
+}
+
+/* static */
+already_AddRefed<nsIPrincipal>
+ContentParent::CreateRemoteTypeIsolationPrincipal(
+ const nsACString& aRemoteType) {
+ if ((RemoteTypePrefix(aRemoteType) != FISSION_WEB_REMOTE_TYPE) &&
+ !StringBeginsWith(aRemoteType, WITH_COOP_COEP_REMOTE_TYPE_PREFIX)) {
+ return nullptr;
+ }
+
+ int32_t offset = aRemoteType.FindChar('=') + 1;
+ MOZ_ASSERT(offset > 1, "can not extract origin from that remote type");
+ nsAutoCString origin(
+ Substring(aRemoteType, offset, aRemoteType.Length() - offset));
+
+ nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+ nsCOMPtr<nsIPrincipal> principal;
+ ssm->CreateContentPrincipalFromOrigin(origin, getter_AddRefs(principal));
+ return principal.forget();
+}
+
+/*static*/
+already_AddRefed<ContentParent> ContentParent::GetUsedBrowserProcess(
+ const nsACString& aRemoteType, nsTArray<ContentParent*>& aContentParents,
+ uint32_t aMaxContentParents, bool aPreferUsed, ProcessPriority aPriority) {
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ AutoRestore ar(sInProcessSelector);
+ sInProcessSelector = true;
+#endif
+
+ uint32_t numberOfParents = aContentParents.Length();
+ nsTArray<RefPtr<nsIContentProcessInfo>> infos(numberOfParents);
+ for (auto* cp : aContentParents) {
+ infos.AppendElement(cp->mScriptableHelper);
+ }
+
+ if (aPreferUsed && numberOfParents) {
+ // If we prefer re-using existing content processes, we don't want to create
+ // a new process, and instead re-use an existing one, so pretend the process
+ // limit is at the current number of processes.
+ aMaxContentParents = numberOfParents;
+ }
+
+ nsCOMPtr<nsIContentProcessProvider> cpp =
+ do_GetService("@mozilla.org/ipc/processselector;1");
+ int32_t index;
+ if (cpp && NS_SUCCEEDED(cpp->ProvideProcess(aRemoteType, infos,
+ aMaxContentParents, &index))) {
+ // If the provider returned an existing ContentParent, use that one.
+ if (0 <= index && static_cast<uint32_t>(index) <= aMaxContentParents) {
+ RefPtr<ContentParent> retval = aContentParents[index];
+ // Ignore processes that were slated for removal but not yet removed from
+ // the pool.
+ if (!retval->IsShuttingDown()) {
+ if (profiler_thread_is_being_profiled_for_markers()) {
+ nsPrintfCString marker("Reused process %u",
+ (unsigned int)retval->ChildID());
+ PROFILER_MARKER_TEXT("Process", DOM, {}, marker);
+ }
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("GetUsedProcess: Reused process %p (%u) for %s", retval.get(),
+ (unsigned int)retval->ChildID(),
+ PromiseFlatCString(aRemoteType).get()));
+ retval->AssertAlive();
+ retval->StopRecyclingE10SOnly(true);
+ return retval.forget();
+ }
+ }
+ } else {
+ // If there was a problem with the JS chooser, fall back to a random
+ // selection.
+ NS_WARNING("nsIContentProcessProvider failed to return a process");
+ RefPtr<ContentParent> random;
+ if ((random = MinTabSelect(aContentParents, aMaxContentParents))) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("GetUsedProcess: Reused random process %p (%d) for %s",
+ random.get(), (unsigned int)random->ChildID(),
+ PromiseFlatCString(aRemoteType).get()));
+ random->AssertAlive();
+ random->StopRecyclingE10SOnly(true);
+ return random.forget();
+ }
+ }
+
+ // If we are loading into the "web" remote type, are choosing to launch a new
+ // tab, and have a recycled E10S process, we should launch into that process.
+ if (aRemoteType == DEFAULT_REMOTE_TYPE && sRecycledE10SProcess) {
+ RefPtr<ContentParent> recycled = sRecycledE10SProcess;
+ MOZ_DIAGNOSTIC_ASSERT(recycled->GetRemoteType() == DEFAULT_REMOTE_TYPE);
+ recycled->AssertAlive();
+ recycled->StopRecyclingE10SOnly(true);
+ if (profiler_thread_is_being_profiled_for_markers()) {
+ nsPrintfCString marker("Recycled process %u (%p)",
+ (unsigned int)recycled->ChildID(), recycled.get());
+ PROFILER_MARKER_TEXT("Process", DOM, {}, marker);
+ }
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("Recycled process %p", recycled.get()));
+
+ return recycled.forget();
+ }
+
+ // Try to take a preallocated process except for certain remote types.
+ // Note: this process may not have finished launching yet
+ RefPtr<ContentParent> preallocated;
+ if (aRemoteType != FILE_REMOTE_TYPE &&
+ aRemoteType != PRIVILEGEDABOUT_REMOTE_TYPE &&
+ aRemoteType != EXTENSION_REMOTE_TYPE && // Bug 1638119
+ (preallocated = PreallocatedProcessManager::Take(aRemoteType))) {
+ MOZ_DIAGNOSTIC_ASSERT(preallocated->GetRemoteType() ==
+ PREALLOC_REMOTE_TYPE);
+ MOZ_DIAGNOSTIC_ASSERT(sRecycledE10SProcess != preallocated);
+ preallocated->AssertAlive();
+
+ if (profiler_thread_is_being_profiled_for_markers()) {
+ nsPrintfCString marker(
+ "Assigned preallocated process %u%s",
+ (unsigned int)preallocated->ChildID(),
+ preallocated->IsLaunching() ? " (still launching)" : "");
+ PROFILER_MARKER_TEXT("Process", DOM, {}, marker);
+ }
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("Adopted preallocated process %p for type %s%s",
+ preallocated.get(), PromiseFlatCString(aRemoteType).get(),
+ preallocated->IsLaunching() ? " (still launching)" : ""));
+
+ // This ensures that the preallocator won't shut down the process once
+ // it finishes starting
+ preallocated->mRemoteType.Assign(aRemoteType);
+ {
+ RecursiveMutexAutoLock lock(preallocated->mThreadsafeHandle->mMutex);
+ preallocated->mThreadsafeHandle->mRemoteType = preallocated->mRemoteType;
+ }
+ preallocated->mRemoteTypeIsolationPrincipal =
+ CreateRemoteTypeIsolationPrincipal(aRemoteType);
+ preallocated->mActivateTS = TimeStamp::Now();
+ preallocated->AddToPool(aContentParents);
+
+ // rare, but will happen
+ if (!preallocated->IsLaunching()) {
+ // Specialize this process for the appropriate remote type, and activate
+ // it.
+
+ Unused << preallocated->SendRemoteType(preallocated->mRemoteType,
+ preallocated->mProfile);
+
+ nsCOMPtr<nsIObserverService> obs =
+ mozilla::services::GetObserverService();
+ if (obs) {
+ nsAutoString cpId;
+ cpId.AppendInt(static_cast<uint64_t>(preallocated->ChildID()));
+ obs->NotifyObservers(static_cast<nsIObserver*>(preallocated),
+ "process-type-set", cpId.get());
+ preallocated->AssertAlive();
+ }
+ }
+ return preallocated.forget();
+ }
+
+ return nullptr;
+}
+
+/*static*/
+already_AddRefed<ContentParent>
+ContentParent::GetNewOrUsedLaunchingBrowserProcess(
+ const nsACString& aRemoteType, BrowsingContextGroup* aGroup,
+ ProcessPriority aPriority, bool aPreferUsed) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("GetNewOrUsedProcess for type %s",
+ PromiseFlatCString(aRemoteType).get()));
+
+ // Fallback check (we really want our callers to avoid this).
+ if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+ MOZ_DIAGNOSTIC_ASSERT(
+ false, "Late attempt to GetNewOrUsedLaunchingBrowserProcess!");
+ return nullptr;
+ }
+
+ // If we have an existing host process attached to this BrowsingContextGroup,
+ // always return it, as we can never have multiple host processes within a
+ // single BrowsingContextGroup.
+ RefPtr<ContentParent> contentParent;
+ if (aGroup) {
+ contentParent = aGroup->GetHostProcess(aRemoteType);
+ Unused << NS_WARN_IF(contentParent && contentParent->IsShuttingDown());
+ if (contentParent && !contentParent->IsShuttingDown()) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("GetNewOrUsedProcess: Existing host process %p (launching %d)",
+ contentParent.get(), contentParent->IsLaunching()));
+ contentParent->AssertAlive();
+ contentParent->StopRecyclingE10SOnly(true);
+ return contentParent.forget();
+ }
+ }
+
+ nsTArray<ContentParent*>& contentParents = GetOrCreatePool(aRemoteType);
+ uint32_t maxContentParents = GetMaxProcessCount(aRemoteType);
+
+ // Let's try and reuse an existing process.
+ contentParent = GetUsedBrowserProcess(
+ aRemoteType, contentParents, maxContentParents, aPreferUsed, aPriority);
+
+ if (!contentParent) {
+ // No reusable process. Let's create and launch one.
+ // The life cycle will be set to `LifecycleState::LAUNCHING`.
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("Launching new process immediately for type %s",
+ PromiseFlatCString(aRemoteType).get()));
+
+ contentParent = new ContentParent(aRemoteType);
+ if (NS_WARN_IF(!contentParent->BeginSubprocessLaunch(aPriority))) {
+ // Launch aborted because of shutdown. Bailout.
+ contentParent->LaunchSubprocessReject();
+ return nullptr;
+ }
+ // Until the new process is ready let's not allow to start up any
+ // preallocated processes. The blocker will be removed once we receive
+ // the first idle message.
+ contentParent->mIsAPreallocBlocker = true;
+ PreallocatedProcessManager::AddBlocker(aRemoteType, contentParent);
+
+ // Store this process for future reuse.
+ contentParent->AddToPool(contentParents);
+
+ MOZ_LOG(
+ ContentParent::GetLog(), LogLevel::Debug,
+ ("GetNewOrUsedProcess: new immediate process %p", contentParent.get()));
+ }
+ // else we have an existing or preallocated process (which may be
+ // still launching)
+
+ contentParent->AssertAlive();
+ contentParent->StopRecyclingE10SOnly(true);
+ if (aGroup) {
+ aGroup->EnsureHostProcess(contentParent);
+ }
+ return contentParent.forget();
+}
+
+/*static*/
+RefPtr<ContentParent::LaunchPromise>
+ContentParent::GetNewOrUsedBrowserProcessAsync(const nsACString& aRemoteType,
+ BrowsingContextGroup* aGroup,
+ ProcessPriority aPriority,
+ bool aPreferUsed) {
+ // Obtain a `ContentParent` launched asynchronously.
+ RefPtr<ContentParent> contentParent = GetNewOrUsedLaunchingBrowserProcess(
+ aRemoteType, aGroup, aPriority, aPreferUsed);
+ if (!contentParent) {
+ // In case of launch error, stop here.
+ return LaunchPromise::CreateAndReject(NS_ERROR_ILLEGAL_DURING_SHUTDOWN,
+ __func__);
+ }
+ return contentParent->WaitForLaunchAsync(aPriority);
+}
+
+/*static*/
+already_AddRefed<ContentParent> ContentParent::GetNewOrUsedBrowserProcess(
+ const nsACString& aRemoteType, BrowsingContextGroup* aGroup,
+ ProcessPriority aPriority, bool aPreferUsed) {
+ RefPtr<ContentParent> contentParent = GetNewOrUsedLaunchingBrowserProcess(
+ aRemoteType, aGroup, aPriority, aPreferUsed);
+ if (!contentParent || !contentParent->WaitForLaunchSync(aPriority)) {
+ // In case of launch error, stop here.
+ return nullptr;
+ }
+ return contentParent.forget();
+}
+
+RefPtr<ContentParent::LaunchPromise> ContentParent::WaitForLaunchAsync(
+ ProcessPriority aPriority) {
+ MOZ_DIAGNOSTIC_ASSERT(!IsDead());
+ if (!IsLaunching()) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("WaitForLaunchAsync: launched"));
+ return LaunchPromise::CreateAndResolve(this, __func__);
+ }
+
+ // We've started an async content process launch.
+ Telemetry::Accumulate(Telemetry::CONTENT_PROCESS_LAUNCH_IS_SYNC, 0);
+
+ // We have located a process that hasn't finished initializing, then attempt
+ // to finish initializing. Both `LaunchSubprocessResolve` and
+ // `LaunchSubprocessReject` are safe to call multiple times if we race with
+ // other `WaitForLaunchAsync` callbacks.
+ return mSubprocess->WhenProcessHandleReady()->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [self = RefPtr{this}, aPriority]() {
+ if (self->LaunchSubprocessResolve(/* aIsSync = */ false, aPriority)) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("WaitForLaunchAsync: async, now launched"));
+ self->mActivateTS = TimeStamp::Now();
+ return LaunchPromise::CreateAndResolve(self, __func__);
+ }
+
+ self->LaunchSubprocessReject();
+ return LaunchPromise::CreateAndReject(NS_ERROR_INVALID_ARG, __func__);
+ },
+ [self = RefPtr{this}]() {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("WaitForLaunchAsync: async, rejected"));
+ self->LaunchSubprocessReject();
+ return LaunchPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ });
+}
+
+bool ContentParent::WaitForLaunchSync(ProcessPriority aPriority) {
+ MOZ_DIAGNOSTIC_ASSERT(!IsDead());
+ if (!IsLaunching()) {
+ return true;
+ }
+
+ // We've started a sync content process launch.
+ Telemetry::Accumulate(Telemetry::CONTENT_PROCESS_LAUNCH_IS_SYNC, 1);
+
+ // We're a process which hasn't finished initializing. We may be racing
+ // against whoever launched it (and whoever else is already racing). Since
+ // we're sync, we win the race and finish the initialization.
+ bool launchSuccess = mSubprocess->WaitForProcessHandle();
+ if (launchSuccess &&
+ LaunchSubprocessResolve(/* aIsSync = */ true, aPriority)) {
+ mActivateTS = TimeStamp::Now();
+ return true;
+ }
+ // In case of failure.
+ LaunchSubprocessReject();
+ return false;
+}
+
+static nsIDocShell* GetOpenerDocShellHelper(Element* aFrameElement) {
+ // Propagate the private-browsing status of the element's parent
+ // docshell to the remote docshell, via the chrome flags.
+ MOZ_ASSERT(aFrameElement);
+ nsPIDOMWindowOuter* win = aFrameElement->OwnerDoc()->GetWindow();
+ if (!win) {
+ NS_WARNING("Remote frame has no window");
+ return nullptr;
+ }
+ nsIDocShell* docShell = win->GetDocShell();
+ if (!docShell) {
+ NS_WARNING("Remote frame has no docshell");
+ return nullptr;
+ }
+
+ return docShell;
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCreateGMPService() {
+ Endpoint<PGMPServiceParent> parent;
+ Endpoint<PGMPServiceChild> child;
+
+ if (mGMPCreated) {
+ return IPC_FAIL(this, "GMP Service already created");
+ }
+
+ nsresult rv;
+ rv = PGMPService::CreateEndpoints(base::GetCurrentProcId(), OtherPid(),
+ &parent, &child);
+ if (NS_FAILED(rv)) {
+ return IPC_FAIL(this, "CreateEndpoints failed");
+ }
+
+ if (!GMPServiceParent::Create(std::move(parent))) {
+ return IPC_FAIL(this, "GMPServiceParent::Create failed");
+ }
+
+ if (!SendInitGMPService(std::move(child))) {
+ return IPC_FAIL(this, "SendInitGMPService failed");
+ }
+
+ mGMPCreated = true;
+
+ return IPC_OK();
+}
+
+Atomic<bool, mozilla::Relaxed> sContentParentTelemetryEventEnabled(false);
+
+/*static*/
+void ContentParent::LogAndAssertFailedPrincipalValidationInfo(
+ nsIPrincipal* aPrincipal, const char* aMethod) {
+ // nsContentSecurityManager may also enable this same event, but that's okay
+ if (!sContentParentTelemetryEventEnabled.exchange(true)) {
+ sContentParentTelemetryEventEnabled = true;
+ Telemetry::SetEventRecordingEnabled("security"_ns, true);
+ }
+
+ // Send Telemetry
+ nsAutoCString principalScheme, principalType, spec;
+ CopyableTArray<EventExtraEntry> extra(2);
+
+ if (!aPrincipal) {
+ principalType.AssignLiteral("NullPtr");
+ } else if (aPrincipal->IsSystemPrincipal()) {
+ principalType.AssignLiteral("SystemPrincipal");
+ } else if (aPrincipal->GetIsExpandedPrincipal()) {
+ principalType.AssignLiteral("ExpandedPrincipal");
+ } else if (aPrincipal->GetIsContentPrincipal()) {
+ principalType.AssignLiteral("ContentPrincipal");
+ aPrincipal->GetSpec(spec);
+ aPrincipal->GetScheme(principalScheme);
+
+ extra.AppendElement(EventExtraEntry{"scheme"_ns, principalScheme});
+ } else {
+ principalType.AssignLiteral("Unknown");
+ }
+
+ extra.AppendElement(EventExtraEntry{"principalType"_ns, principalType});
+
+ // Do not send telemetry when chrome-debugging is enabled
+ bool isChromeDebuggingEnabled =
+ Preferences::GetBool("devtools.chrome.enabled", false);
+ if (!isChromeDebuggingEnabled) {
+ Telemetry::EventID eventType =
+ Telemetry::EventID::Security_Fissionprincipals_Contentparent;
+ Telemetry::RecordEvent(eventType, mozilla::Some(aMethod),
+ mozilla::Some(extra));
+ }
+
+ // And log it
+ MOZ_LOG(
+ ContentParent::GetLog(), LogLevel::Error,
+ (" Receiving unexpected Principal (%s) within %s",
+ aPrincipal && aPrincipal->GetIsContentPrincipal() ? spec.get()
+ : principalType.get(),
+ aMethod));
+
+#ifdef DEBUG
+ // Not only log but also ensure we do not receive an unexpected
+ // principal when running in debug mode.
+ MOZ_ASSERT(false, "Receiving unexpected Principal");
+#endif
+}
+
+bool ContentParent::ValidatePrincipal(
+ nsIPrincipal* aPrincipal,
+ const EnumSet<ValidatePrincipalOptions>& aOptions) {
+ // If the pref says we should not validate, then there is nothing to do
+ if (!StaticPrefs::dom_security_enforceIPCBasedPrincipalVetting()) {
+ return true;
+ }
+
+ // If there is no principal, then there is nothing to validate!
+ if (!aPrincipal) {
+ return aOptions.contains(ValidatePrincipalOptions::AllowNullPtr);
+ }
+
+ // We currently do not track relationships between specific null principals
+ // and content processes, so we can not validate much here - just allow all
+ // null principals we see because they are generally safe anyway!
+ if (aPrincipal->GetIsNullPrincipal()) {
+ return true;
+ }
+
+ // Only allow the system principal if the passed in options flags
+ // request permitting the system principal.
+ if (aPrincipal->IsSystemPrincipal()) {
+ return aOptions.contains(ValidatePrincipalOptions::AllowSystem);
+ }
+
+ // XXXckerschb: we should eliminate the resource carve-out here and always
+ // validate the Principal, see Bug 1686200: Investigate Principal for pdf.js
+ if (aPrincipal->SchemeIs("resource")) {
+ return true;
+ }
+
+ // Validate each inner principal individually, allowing us to catch expanded
+ // principals containing the system principal, etc.
+ if (aPrincipal->GetIsExpandedPrincipal()) {
+ if (!aOptions.contains(ValidatePrincipalOptions::AllowExpanded)) {
+ return false;
+ }
+ // FIXME: There are more constraints on expanded principals in-practice,
+ // such as the structure of extension expanded principals. This may need
+ // to be investigated more in the future.
+ nsCOMPtr<nsIExpandedPrincipal> expandedPrincipal =
+ do_QueryInterface(aPrincipal);
+ const auto& allowList = expandedPrincipal->AllowList();
+ for (const auto& innerPrincipal : allowList) {
+ if (!ValidatePrincipal(innerPrincipal, aOptions)) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ // A URI with a file:// scheme can never load in a non-file content process
+ // due to sandboxing.
+ if (aPrincipal->SchemeIs("file")) {
+ // If we don't support a separate 'file' process, then we can return here.
+ if (!StaticPrefs::browser_tabs_remote_separateFileUriProcess()) {
+ return true;
+ }
+ return mRemoteType == FILE_REMOTE_TYPE;
+ }
+
+ if (aPrincipal->SchemeIs("about")) {
+ uint32_t flags = 0;
+ if (NS_FAILED(aPrincipal->GetAboutModuleFlags(&flags))) {
+ return false;
+ }
+
+ // Block principals for about: URIs which can't load in this process.
+ if (!(flags & (nsIAboutModule::URI_CAN_LOAD_IN_CHILD |
+ nsIAboutModule::URI_MUST_LOAD_IN_CHILD))) {
+ return false;
+ }
+ if (flags & nsIAboutModule::URI_MUST_LOAD_IN_EXTENSION_PROCESS) {
+ return mRemoteType == EXTENSION_REMOTE_TYPE;
+ }
+ return true;
+ }
+
+ if (!mRemoteTypeIsolationPrincipal ||
+ RemoteTypePrefix(mRemoteType) != FISSION_WEB_REMOTE_TYPE) {
+ return true;
+ }
+
+ // Web content can contain extension content frames, so a content process may
+ // send us an extension's principal.
+ auto* addonPolicy = BasePrincipal::Cast(aPrincipal)->AddonPolicy();
+ if (addonPolicy) {
+ return true;
+ }
+
+ // Ensure that the expected site-origin matches the one specified by our
+ // mRemoteTypeIsolationPrincipal.
+ nsAutoCString siteOriginNoSuffix;
+ if (NS_FAILED(aPrincipal->GetSiteOriginNoSuffix(siteOriginNoSuffix))) {
+ return false;
+ }
+ nsAutoCString remoteTypeSiteOriginNoSuffix;
+ if (NS_FAILED(mRemoteTypeIsolationPrincipal->GetSiteOriginNoSuffix(
+ remoteTypeSiteOriginNoSuffix))) {
+ return false;
+ }
+
+ return remoteTypeSiteOriginNoSuffix.Equals(siteOriginNoSuffix);
+}
+
+/*static*/
+already_AddRefed<RemoteBrowser> ContentParent::CreateBrowser(
+ const TabContext& aContext, Element* aFrameElement,
+ const nsACString& aRemoteType, BrowsingContext* aBrowsingContext,
+ ContentParent* aOpenerContentParent) {
+ AUTO_PROFILER_LABEL("ContentParent::CreateBrowser", OTHER);
+
+ MOZ_DIAGNOSTIC_ASSERT(
+ !aBrowsingContext->Canonical()->GetBrowserParent(),
+ "BrowsingContext must not have BrowserParent, or have previous "
+ "BrowserParent cleared");
+
+ // Don't bother creating new content browsers after entering shutdown. This
+ // could lead to starting a new content process, which may significantly delay
+ // shutdown, and the content is unlikely to be displayed.
+ if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+ NS_WARNING("Ignoring remote browser creation request during shutdown");
+ return nullptr;
+ }
+
+ nsAutoCString remoteType(aRemoteType);
+ if (remoteType.IsEmpty()) {
+ remoteType = DEFAULT_REMOTE_TYPE;
+ }
+
+ TabId tabId(nsContentUtils::GenerateTabId());
+
+ nsIDocShell* docShell = GetOpenerDocShellHelper(aFrameElement);
+ TabId openerTabId;
+ if (docShell) {
+ openerTabId = BrowserParent::GetTabIdFrom(docShell);
+ }
+
+ RefPtr<ContentParent> constructorSender;
+ MOZ_RELEASE_ASSERT(XRE_IsParentProcess(),
+ "Cannot allocate BrowserParent in content process");
+ if (aOpenerContentParent && !aOpenerContentParent->IsShuttingDown()) {
+ constructorSender = aOpenerContentParent;
+ } else {
+ constructorSender = GetNewOrUsedBrowserProcess(
+ remoteType, aBrowsingContext->Group(), PROCESS_PRIORITY_FOREGROUND);
+ if (!constructorSender) {
+ return nullptr;
+ }
+ }
+
+ aBrowsingContext->SetEmbedderElement(aFrameElement);
+
+ // Ensure that the process which we're using to launch is set as the host
+ // process for this BrowsingContextGroup.
+ aBrowsingContext->Group()->EnsureHostProcess(constructorSender);
+
+ nsCOMPtr<nsIDocShellTreeOwner> treeOwner;
+ docShell->GetTreeOwner(getter_AddRefs(treeOwner));
+ if (!treeOwner) {
+ return nullptr;
+ }
+
+ nsCOMPtr<nsIWebBrowserChrome> wbc = do_GetInterface(treeOwner);
+ if (!wbc) {
+ return nullptr;
+ }
+ uint32_t chromeFlags = 0;
+ wbc->GetChromeFlags(&chromeFlags);
+
+ nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
+ if (loadContext && loadContext->UsePrivateBrowsing()) {
+ chromeFlags |= nsIWebBrowserChrome::CHROME_PRIVATE_WINDOW;
+ }
+ if (loadContext && loadContext->UseRemoteTabs()) {
+ chromeFlags |= nsIWebBrowserChrome::CHROME_REMOTE_WINDOW;
+ }
+ if (loadContext && loadContext->UseRemoteSubframes()) {
+ chromeFlags |= nsIWebBrowserChrome::CHROME_FISSION_WINDOW;
+ }
+
+ if (tabId == 0) {
+ return nullptr;
+ }
+
+ aBrowsingContext->Canonical()->SetOwnerProcessId(
+ constructorSender->ChildID());
+
+ RefPtr<BrowserParent> browserParent =
+ new BrowserParent(constructorSender, tabId, aContext,
+ aBrowsingContext->Canonical(), chromeFlags);
+
+ // Open a remote endpoint for our PBrowser actor.
+ ManagedEndpoint<PBrowserChild> childEp =
+ constructorSender->OpenPBrowserEndpoint(browserParent);
+ if (NS_WARN_IF(!childEp.IsValid())) {
+ return nullptr;
+ }
+
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+ if (NS_WARN_IF(!cpm)) {
+ return nullptr;
+ }
+ cpm->RegisterRemoteFrame(browserParent);
+
+ nsCOMPtr<nsIPrincipal> initialPrincipal =
+ NullPrincipal::Create(aBrowsingContext->OriginAttributesRef());
+ WindowGlobalInit windowInit = WindowGlobalActor::AboutBlankInitializer(
+ aBrowsingContext, initialPrincipal);
+
+ RefPtr<WindowGlobalParent> windowParent =
+ WindowGlobalParent::CreateDisconnected(windowInit);
+ if (NS_WARN_IF(!windowParent)) {
+ return nullptr;
+ }
+
+ // Open a remote endpoint for the initial PWindowGlobal actor.
+ ManagedEndpoint<PWindowGlobalChild> windowEp =
+ browserParent->OpenPWindowGlobalEndpoint(windowParent);
+ if (NS_WARN_IF(!windowEp.IsValid())) {
+ return nullptr;
+ }
+
+ // Tell the content process to set up its PBrowserChild.
+ bool ok = constructorSender->SendConstructBrowser(
+ std::move(childEp), std::move(windowEp), tabId,
+ aContext.AsIPCTabContext(), windowInit, chromeFlags,
+ constructorSender->ChildID(), constructorSender->IsForBrowser(),
+ /* aIsTopLevel */ true);
+ if (NS_WARN_IF(!ok)) {
+ return nullptr;
+ }
+
+ // Ensure that we're marked as the current BrowserParent on our
+ // CanonicalBrowsingContext.
+ aBrowsingContext->Canonical()->SetCurrentBrowserParent(browserParent);
+
+ windowParent->Init();
+
+ RefPtr<BrowserHost> browserHost = new BrowserHost(browserParent);
+ browserParent->SetOwnerElement(aFrameElement);
+ return browserHost.forget();
+}
+
+void ContentParent::GetAll(nsTArray<ContentParent*>& aArray) {
+ aArray.Clear();
+
+ for (auto* cp : AllProcesses(eLive)) {
+ aArray.AppendElement(cp);
+ }
+}
+
+void ContentParent::GetAllEvenIfDead(nsTArray<ContentParent*>& aArray) {
+ aArray.Clear();
+
+ for (auto* cp : AllProcesses(eAll)) {
+ aArray.AppendElement(cp);
+ }
+}
+
+void ContentParent::BroadcastStringBundle(
+ const StringBundleDescriptor& aBundle) {
+ AutoTArray<StringBundleDescriptor, 1> array;
+ array.AppendElement(aBundle);
+
+ for (auto* cp : AllProcesses(eLive)) {
+ Unused << cp->SendRegisterStringBundles(array);
+ }
+}
+
+void ContentParent::BroadcastFontListChanged() {
+ for (auto* cp : AllProcesses(eLive)) {
+ Unused << cp->SendFontListChanged();
+ }
+}
+
+void ContentParent::BroadcastShmBlockAdded(uint32_t aGeneration,
+ uint32_t aIndex) {
+ auto* pfl = gfxPlatformFontList::PlatformFontList();
+ for (auto* cp : AllProcesses(eLive)) {
+ base::SharedMemoryHandle handle =
+ pfl->ShareShmBlockToProcess(aIndex, cp->Pid());
+ if (handle == base::SharedMemory::NULLHandle()) {
+ // If something went wrong here, we just skip it; the child will need to
+ // request the block as needed, at some performance cost.
+ continue;
+ }
+ Unused << cp->SendFontListShmBlockAdded(aGeneration, aIndex,
+ std::move(handle));
+ }
+}
+
+void ContentParent::BroadcastThemeUpdate(widget::ThemeChangeKind aKind) {
+ const FullLookAndFeel& lnf = *RemoteLookAndFeel::ExtractData();
+ for (auto* cp : AllProcesses(eLive)) {
+ Unused << cp->SendThemeChanged(lnf, aKind);
+ }
+}
+
+/*static */
+void ContentParent::BroadcastMediaCodecsSupportedUpdate(
+ RemoteDecodeIn aLocation, const media::MediaCodecsSupported& aSupported) {
+ // Merge incoming codec support with existing support list
+ media::MCSInfo::AddSupport(aSupported);
+ auto support = media::MCSInfo::GetSupport();
+
+ // Update processes
+ sCodecsSupported[aLocation] = support;
+ for (auto* cp : AllProcesses(eAll)) {
+ Unused << cp->SendUpdateMediaCodecsSupported(aLocation, support);
+ }
+
+ // Generate + save support string for display in about:support
+ nsCString supportString;
+ media::MCSInfo::GetMediaCodecsSupportedString(supportString, support);
+ gfx::gfxVars::SetCodecSupportInfo(supportString);
+
+ // Print the support info only from the given location for debug purpose.
+ supportString.Truncate();
+ media::MCSInfo::GetMediaCodecsSupportedString(supportString, aSupported);
+ supportString.ReplaceSubstring("\n"_ns, ", "_ns);
+ LOGPDM("Broadcast support from '%s', support=%s",
+ RemoteDecodeInToStr(aLocation), supportString.get());
+}
+
+const nsACString& ContentParent::GetRemoteType() const { return mRemoteType; }
+
+static StaticRefPtr<nsIAsyncShutdownClient> sXPCOMShutdownClient;
+static StaticRefPtr<nsIAsyncShutdownClient> sProfileBeforeChangeClient;
+static StaticRefPtr<nsIAsyncShutdownClient> sQuitApplicationGrantedClient;
+
+void ContentParent::Init() {
+ MOZ_ASSERT(sXPCOMShutdownClient);
+
+ nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
+ if (obs) {
+ size_t length = ArrayLength(sObserverTopics);
+ for (size_t i = 0; i < length; ++i) {
+ obs->AddObserver(this, sObserverTopics[i], false);
+ }
+ }
+
+ if (obs) {
+ nsAutoString cpId;
+ cpId.AppendInt(static_cast<uint64_t>(this->ChildID()));
+ obs->NotifyObservers(static_cast<nsIObserver*>(this), "ipc:content-created",
+ cpId.get());
+ }
+
+#ifdef ACCESSIBILITY
+ // If accessibility is running in chrome process then start it in content
+ // process.
+ if (GetAccService()) {
+ Unused << SendActivateA11y();
+ }
+#endif // #ifdef ACCESSIBILITY
+
+ Unused << SendInitProfiler(ProfilerParent::CreateForProcess(OtherPid()));
+
+ RefPtr<GeckoMediaPluginServiceParent> gmps(
+ GeckoMediaPluginServiceParent::GetSingleton());
+ if (gmps) {
+ gmps->UpdateContentProcessGMPCapabilities(this);
+ }
+
+ // Flush any pref updates that happened during launch and weren't
+ // included in the blobs set up in BeginSubprocessLaunch.
+ for (const Pref& pref : mQueuedPrefs) {
+ Unused << NS_WARN_IF(!SendPreferenceUpdate(pref));
+ }
+ mQueuedPrefs.Clear();
+
+ Unused << SendInitNextGenLocalStorageEnabled(NextGenLocalStorageEnabled());
+}
+
+// Note that for E10S we can get a false here that will be overruled by
+// TryToRecycleE10SOnly as late as MaybeBeginShutdown. We cannot really
+// foresee its result here.
+bool ContentParent::CheckTabDestroyWillKeepAlive(
+ uint32_t aExpectedBrowserCount) {
+ return ManagedPBrowserParent().Count() != aExpectedBrowserCount ||
+ ShouldKeepProcessAlive();
+}
+
+RecursiveMutex& ContentParent::ThreadsafeHandleMutex() {
+ return mThreadsafeHandle->mMutex;
+}
+
+void ContentParent::NotifyTabWillDestroy() {
+ if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)
+#if !defined(MOZ_WIDGET_ANDROID)
+ /* on Android we keep processes alive more agressively, see
+ NotifyTabDestroying where we omit MaybeBeginShutdown */
+ || (/* we cannot trust CheckTabDestroyWillKeepAlive in E10S mode */
+ mozilla::FissionAutostart() &&
+ !CheckTabDestroyWillKeepAlive(mNumDestroyingTabs + 1))
+#endif
+ ) {
+ // Once we notify the impending shutdown, the content process will stop
+ // to process content JS on interrupt (among other things), so we need to
+ // be sure that the process will not be re-used after this point.
+ // The inverse is harmless, that is if we decide later to shut it down
+ // but did not notify here, it will be just notified later (but in rare
+ // cases too late to avoid a hang).
+ NotifyImpendingShutdown();
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ mNotifiedImpendingShutdownOnTabWillDestroy = true;
+#endif
+ }
+}
+
+void ContentParent::MaybeBeginShutDown(uint32_t aExpectedBrowserCount,
+ bool aSendShutDown) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("MaybeBeginShutdown %p, %u vs %u", this,
+ ManagedPBrowserParent().Count(), aExpectedBrowserCount));
+ MOZ_ASSERT(NS_IsMainThread());
+
+ // We need to lock our mutex here to ensure the state does not change
+ // between the check and the MarkAsDead.
+ // Note that if we come through BrowserParent::Destroy our mutex is
+ // already locked.
+ // TODO: We want to get rid of the ThreadsafeHandle, see bug 1683595.
+ RecursiveMutexAutoLock lock(mThreadsafeHandle->mMutex);
+
+ // Both CheckTabDestroyWillKeepAlive and TryToRecycleE10SOnly will return
+ // false if IsInOrBeyond(AppShutdownConfirmed), so if the parent shuts
+ // down we will always shutdown the child.
+ if (CheckTabDestroyWillKeepAlive(aExpectedBrowserCount) ||
+ TryToRecycleE10SOnly()) {
+ return;
+ }
+
+ MOZ_LOG(
+ ContentParent::GetLog(), LogLevel::Debug,
+ ("Beginning ContentParent Shutdown %p (%s)", this, mRemoteType.get()));
+
+ // We're dying now, prevent anything from re-using this process.
+ MarkAsDead();
+ SignalImpendingShutdownToContentJS();
+
+ if (aSendShutDown) {
+ AsyncSendShutDownMessage();
+ } else {
+ // aSendShutDown is false only when we get called from
+ // NotifyTabDestroying where we expect a subsequent call from
+ // NotifyTabDestroyed triggered by a Browser actor destroy
+ // roundtrip through the content process that might never arrive.
+ StartSendShutdownTimer();
+ }
+}
+
+void ContentParent::AsyncSendShutDownMessage() {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("AsyncSendShutDownMessage %p", this));
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(sRecycledE10SProcess != this);
+
+ // In the case of normal shutdown, send a shutdown message to child to
+ // allow it to perform shutdown tasks.
+ GetCurrentSerialEventTarget()->Dispatch(NewRunnableMethod<ShutDownMethod>(
+ "dom::ContentParent::ShutDownProcess", this,
+ &ContentParent::ShutDownProcess, SEND_SHUTDOWN_MESSAGE));
+}
+
+void MaybeLogBlockShutdownDiagnostics(ContentParent* aSelf, const char* aMsg,
+ const char* aFile, int32_t aLine) {
+#if defined(MOZ_DIAGNOSTIC_ASSERT_ENABLED)
+ if (aSelf->IsBlockingShutdown()) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Info,
+ ("ContentParent: id=%p pid=%d - %s at %s(%d)", aSelf, aSelf->Pid(),
+ aMsg, aFile, aLine));
+ }
+#else
+ Unused << aSelf;
+ Unused << aMsg;
+ Unused << aFile;
+ Unused << aLine;
+#endif
+}
+
+bool ContentParent::ShutDownProcess(ShutDownMethod aMethod) {
+ bool result = false;
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("ShutDownProcess: %p", this));
+ // NB: must MarkAsDead() here so that this isn't accidentally
+ // returned from Get*() while in the midst of shutdown.
+ MarkAsDead();
+
+ // Shutting down by sending a shutdown message works differently than the
+ // other methods. We first call Shutdown() in the child. After the child is
+ // ready, it calls FinishShutdown() on us. Then we close the channel.
+ if (aMethod == SEND_SHUTDOWN_MESSAGE) {
+ if (!mShutdownPending) {
+ if (CanSend()) {
+ // Stop sending input events with input priority when shutting down.
+ SetInputPriorityEventEnabled(false);
+ // If we did not earlier, let's signal the shutdown to JS now.
+ SignalImpendingShutdownToContentJS();
+ // Send a high priority announcement first. If this fails, SendShutdown
+ // will also fail.
+ Unused << SendShutdownConfirmedHP();
+ // Send the definite message with normal priority.
+ if (SendShutdown()) {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "ShutDownProcess: Sent shutdown message.", __FILE__,
+ __LINE__);
+ mShutdownPending = true;
+ // We start the kill timer only after we asked our process to
+ // shutdown.
+ StartForceKillTimer();
+ result = true;
+ } else {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "ShutDownProcess: !!! Send shutdown message failed! !!!",
+ __FILE__, __LINE__);
+ }
+ } else {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "ShutDownProcess: !!! !CanSend !!!", __FILE__, __LINE__);
+ }
+ } else {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "ShutDownProcess: Shutdown already pending.", __FILE__,
+ __LINE__);
+
+ result = true;
+ }
+ // If call was not successful, the channel must have been broken
+ // somehow, and we will clean up the error in ActorDestroy.
+ return result;
+ }
+
+ using mozilla::dom::quota::QuotaManagerService;
+
+ if (QuotaManagerService* qms = QuotaManagerService::GetOrCreate()) {
+ qms->AbortOperationsForProcess(mChildID);
+ }
+
+ if (aMethod == CLOSE_CHANNEL) {
+ if (!mCalledClose) {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "ShutDownProcess: Closing channel.", __FILE__, __LINE__);
+ // Close() can only be called once: It kicks off the destruction sequence.
+ mCalledClose = true;
+ Close();
+ }
+ result = true;
+ }
+
+ // A ContentParent object might not get freed until after XPCOM shutdown has
+ // shut down the cycle collector. But by then it's too late to release any
+ // CC'ed objects, so we need to null them out here, while we still can. See
+ // bug 899761.
+ ShutDownMessageManager();
+ return result;
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyShutdownSuccess() {
+ if (!mShutdownPending) {
+ return IPC_FAIL(this, "RecvNotifyShutdownSuccess without mShutdownPending");
+ }
+
+ mIsNotifiedShutdownSuccess = true;
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvFinishShutdown() {
+ if (!mShutdownPending) {
+ return IPC_FAIL(this, "RecvFinishShutdown without mShutdownPending");
+ }
+
+ // At this point, we already called ShutDownProcess once with
+ // SEND_SHUTDOWN_MESSAGE. To actually close the channel, we call
+ // ShutDownProcess again with CLOSE_CHANNEL.
+ if (mCalledClose) {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "RecvFinishShutdown: Channel already closed.", __FILE__,
+ __LINE__);
+ }
+
+ ShutDownProcess(CLOSE_CHANNEL);
+ return IPC_OK();
+}
+
+void ContentParent::ShutDownMessageManager() {
+ if (!mMessageManager) {
+ return;
+ }
+
+ mMessageManager->ReceiveMessage(mMessageManager, nullptr,
+ CHILD_PROCESS_SHUTDOWN_MESSAGE, false,
+ nullptr, nullptr, IgnoreErrors());
+
+ mMessageManager->SetOsPid(-1);
+ mMessageManager->Disconnect();
+ mMessageManager = nullptr;
+}
+
+void ContentParent::AddToPool(nsTArray<ContentParent*>& aPool) {
+ MOZ_DIAGNOSTIC_ASSERT(!mIsInPool);
+ AssertAlive();
+ MOZ_DIAGNOSTIC_ASSERT(!mCalledKillHard);
+ aPool.AppendElement(this);
+ mIsInPool = true;
+}
+
+void ContentParent::RemoveFromPool(nsTArray<ContentParent*>& aPool) {
+ MOZ_DIAGNOSTIC_ASSERT(mIsInPool);
+ aPool.RemoveElement(this);
+ mIsInPool = false;
+}
+
+void ContentParent::AssertNotInPool() {
+ MOZ_RELEASE_ASSERT(!mIsInPool);
+
+ MOZ_RELEASE_ASSERT(sRecycledE10SProcess != this);
+ MOZ_RELEASE_ASSERT(!sBrowserContentParents ||
+ !sBrowserContentParents->Contains(mRemoteType) ||
+ !sBrowserContentParents->Get(mRemoteType)->Contains(this));
+
+ for (const auto& group : mGroups) {
+ MOZ_RELEASE_ASSERT(group->GetHostProcess(mRemoteType) != this,
+ "still a host process for one of our groups?");
+ }
+}
+
+void ContentParent::AssertAlive() {
+ MOZ_DIAGNOSTIC_ASSERT(!mNotifiedImpendingShutdownOnTabWillDestroy);
+ MOZ_DIAGNOSTIC_ASSERT(!mIsSignaledImpendingShutdown);
+ MOZ_DIAGNOSTIC_ASSERT(!IsDead());
+}
+
+void ContentParent::RemoveFromList() {
+ if (!mIsInPool) {
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ AssertNotInPool();
+#endif
+ return;
+ }
+
+ // Ensure that this BrowsingContextGroup is no longer used to host new
+ // documents from any associated BrowsingContextGroups. It may become a host
+ // again in the future, if it is restored to the pool.
+ for (const auto& group : mGroups) {
+ group->RemoveHostProcess(this);
+ }
+
+ StopRecyclingE10SOnly(/* aForeground */ false);
+
+ if (sBrowserContentParents) {
+ if (auto entry = sBrowserContentParents->Lookup(mRemoteType)) {
+ const auto& contentParents = entry.Data();
+ RemoveFromPool(*contentParents);
+ if (contentParents->IsEmpty()) {
+ entry.Remove();
+ }
+ }
+ if (sBrowserContentParents->IsEmpty()) {
+ delete sBrowserContentParents;
+ sBrowserContentParents = nullptr;
+ }
+ }
+}
+
+void ContentParent::MarkAsDead() {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("Marking ContentProcess %p as dead", this));
+ MOZ_DIAGNOSTIC_ASSERT(!sInProcessSelector);
+ RemoveFromList();
+
+ // Flag shutdown has started for us to our threadsafe handle.
+ {
+ // Depending on how we get here, the lock might or might not be set.
+ RecursiveMutexAutoLock lock(mThreadsafeHandle->mMutex);
+
+ mThreadsafeHandle->mShutdownStarted = true;
+ }
+
+ // Prevent this process from being re-used.
+ PreallocatedProcessManager::Erase(this);
+ StopRecyclingE10SOnly(false);
+
+#if defined(MOZ_WIDGET_ANDROID) && !defined(MOZ_PROFILE_GENERATE)
+ if (IsAlive()) {
+ // We're intentionally killing the content process at this point to ensure
+ // that we never have a "dead" content process sitting around and occupying
+ // an Android Service.
+ //
+ // The exception is in MOZ_PROFILE_GENERATE builds where we must allow the
+ // process to shutdown cleanly so that profile data can be dumped. This is
+ // okay as we will not reach our process limit during the profile run.
+ nsCOMPtr<nsIEventTarget> launcherThread(GetIPCLauncher());
+ MOZ_ASSERT(launcherThread);
+
+ auto procType = java::GeckoProcessType::CONTENT();
+ auto selector =
+ java::GeckoProcessManager::Selector::New(procType, OtherPid());
+
+ launcherThread->Dispatch(NS_NewRunnableFunction(
+ "ContentParent::MarkAsDead",
+ [selector =
+ java::GeckoProcessManager::Selector::GlobalRef(selector)]() {
+ java::GeckoProcessManager::ShutdownProcess(selector);
+ }));
+ }
+#endif
+
+ if (mScriptableHelper) {
+ static_cast<ScriptableCPInfo*>(mScriptableHelper.get())->ProcessDied();
+ mScriptableHelper = nullptr;
+ }
+
+ mLifecycleState = LifecycleState::DEAD;
+}
+
+void ContentParent::OnChannelError() {
+ RefPtr<ContentParent> kungFuDeathGrip(this);
+ PContentParent::OnChannelError();
+}
+
+void ContentParent::ProcessingError(Result aCode, const char* aReason) {
+ if (MsgDropped == aCode) {
+ return;
+ }
+ // Other errors are big deals.
+#ifndef FUZZING
+ KillHard(aReason);
+#endif
+ if (CanSend()) {
+ GetIPCChannel()->InduceConnectionError();
+ }
+}
+
+void ContentParent::ActorDestroy(ActorDestroyReason why) {
+#ifdef FUZZING_SNAPSHOT
+ MOZ_FUZZING_IPC_DROP_PEER("ContentParent::ActorDestroy");
+#endif
+
+ if (mSendShutdownTimer) {
+ mSendShutdownTimer->Cancel();
+ mSendShutdownTimer = nullptr;
+ }
+ if (mForceKillTimer) {
+ mForceKillTimer->Cancel();
+ mForceKillTimer = nullptr;
+ }
+
+ // Signal shutdown completion regardless of error state, so we can
+ // finish waiting in the xpcom-shutdown/profile-before-change observer.
+ RemoveShutdownBlockers();
+
+ if (mHangMonitorActor) {
+ ProcessHangMonitor::RemoveProcess(mHangMonitorActor);
+ mHangMonitorActor = nullptr;
+ }
+
+ RefPtr<FileSystemSecurity> fss = FileSystemSecurity::Get();
+ if (fss) {
+ fss->Forget(ChildID());
+ }
+
+ if (why == NormalShutdown && !mCalledClose) {
+ // If we shut down normally but haven't called Close, assume somebody
+ // else called Close on us. In that case, we still need to call
+ // ShutDownProcess below to perform other necessary clean up.
+ mCalledClose = true;
+ }
+
+ // Make sure we always clean up.
+ ShutDownProcess(CLOSE_CHANNEL);
+
+ nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
+ if (obs) {
+ size_t length = ArrayLength(sObserverTopics);
+ for (size_t i = 0; i < length; ++i) {
+ obs->RemoveObserver(static_cast<nsIObserver*>(this), sObserverTopics[i]);
+ }
+ }
+
+ // remove the global remote preferences observers
+ Preferences::RemoveObserver(this, "");
+ gfxVars::RemoveReceiver(this);
+
+ if (GPUProcessManager* gpu = GPUProcessManager::Get()) {
+ // Note: the manager could have shutdown already.
+ gpu->RemoveListener(this);
+ }
+
+ RecvRemoveGeolocationListener();
+
+ // Destroy our JSProcessActors, and reject any pending queries.
+ JSActorDidDestroy();
+
+ if (obs) {
+ RefPtr<nsHashPropertyBag> props = new nsHashPropertyBag();
+
+ props->SetPropertyAsUint64(u"childID"_ns, mChildID);
+
+ if (AbnormalShutdown == why) {
+ Telemetry::Accumulate(Telemetry::SUBPROCESS_ABNORMAL_ABORT, "content"_ns,
+ 1);
+
+ props->SetPropertyAsBool(u"abnormal"_ns, true);
+
+ nsAutoString dumpID;
+ // There's a window in which child processes can crash
+ // after IPC is established, but before a crash reporter
+ // is created.
+ if (mCrashReporter) {
+ // if mCreatedPairedMinidumps is true, we've already generated
+ // parent/child dumps for desktop crashes.
+ if (!mCreatedPairedMinidumps) {
+#if defined(XP_MACOSX)
+ RefPtr<nsAvailableMemoryWatcherBase> memWatcher;
+ memWatcher = nsAvailableMemoryWatcherBase::GetSingleton();
+ memWatcher->AddChildAnnotations(mCrashReporter);
+#endif
+
+ mCrashReporter->GenerateCrashReport(OtherPid());
+ }
+
+ if (mCrashReporter->HasMinidump()) {
+ dumpID = mCrashReporter->MinidumpID();
+ }
+ } else {
+ HandleOrphanedMinidump(&dumpID);
+ }
+
+ if (!dumpID.IsEmpty()) {
+ props->SetPropertyAsAString(u"dumpID"_ns, dumpID);
+ }
+ }
+ nsAutoString cpId;
+ cpId.AppendInt(static_cast<uint64_t>(this->ChildID()));
+ obs->NotifyObservers((nsIPropertyBag2*)props, "ipc:content-shutdown",
+ cpId.get());
+ }
+
+ // Remove any and all idle listeners.
+ if (mIdleListeners.Length() > 0) {
+ nsCOMPtr<nsIUserIdleService> idleService =
+ do_GetService("@mozilla.org/widget/useridleservice;1");
+ if (idleService) {
+ RefPtr<ParentIdleListener> listener;
+ for (const auto& lentry : mIdleListeners) {
+ listener = static_cast<ParentIdleListener*>(lentry.get());
+ idleService->RemoveIdleObserver(listener, listener->mTime);
+ }
+ }
+ mIdleListeners.Clear();
+ }
+
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("destroying Subprocess in ActorDestroy: ContentParent %p "
+ "mSubprocess %p handle %" PRIuPTR,
+ this, mSubprocess,
+ mSubprocess ? (uintptr_t)mSubprocess->GetChildProcessHandle() : -1));
+ // FIXME (bug 1520997): does this really need an additional dispatch?
+ if (GetCurrentSerialEventTarget()) {
+ GetCurrentSerialEventTarget()->Dispatch(NS_NewRunnableFunction(
+ "DelayedDeleteSubprocessRunnable", [subprocess = mSubprocess] {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("destroyed Subprocess in ActorDestroy: Subprocess %p handle "
+ "%" PRIuPTR,
+ subprocess,
+ subprocess ? (uintptr_t)subprocess->GetChildProcessHandle()
+ : -1));
+ subprocess->Destroy();
+ }));
+ }
+ mSubprocess = nullptr;
+
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+ if (cpm) {
+ cpm->RemoveContentProcess(this->ChildID());
+ }
+
+ if (mDriverCrashGuard) {
+ mDriverCrashGuard->NotifyCrashed();
+ }
+
+ // Unregister all the BlobURLs registered by the ContentChild.
+ for (uint32_t i = 0; i < mBlobURLs.Length(); ++i) {
+ BlobURLProtocolHandler::RemoveDataEntry(mBlobURLs[i]);
+ }
+
+ mBlobURLs.Clear();
+
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ AssertNotInPool();
+#endif
+
+ // As this process is going away, ensure that every BrowsingContext hosted by
+ // it has been detached, and every BrowsingContextGroup has been fully
+ // unsubscribed.
+ BrowsingContext::DiscardFromContentParent(this);
+
+ const nsTHashSet<RefPtr<BrowsingContextGroup>> groups = std::move(mGroups);
+ for (const auto& group : groups) {
+ group->Unsubscribe(this);
+ }
+ MOZ_DIAGNOSTIC_ASSERT(mGroups.IsEmpty());
+
+ mPendingLoadStates.Clear();
+}
+
+bool ContentParent::TryToRecycleE10SOnly() {
+ // Only try to recycle "web" content processes, as other remote types are
+ // generally more unique, and cannot be effectively re-used. This is disabled
+ // with Fission, as "web" content processes are no longer frequently used.
+ //
+ // Disabling the process pre-allocator will also disable process recycling,
+ // allowing for more consistent process counts under testing.
+ if (mRemoteType != DEFAULT_REMOTE_TYPE || mozilla::FissionAutostart() ||
+ !PreallocatedProcessManager::Enabled()) {
+ return false;
+ }
+
+ // This life time check should be replaced by a memory health check (memory
+ // usage + fragmentation).
+
+ // Note that this is specifically to help with edge cases that rapidly
+ // create-and-destroy processes
+ const double kMaxLifeSpan = 5;
+ MOZ_LOG(
+ ContentParent::GetLog(), LogLevel::Debug,
+ ("TryToRecycle ContentProcess %p (%u) with lifespan %f seconds", this,
+ (unsigned int)ChildID(), (TimeStamp::Now() - mActivateTS).ToSeconds()));
+
+ if (mCalledKillHard || !IsAlive() ||
+ (TimeStamp::Now() - mActivateTS).ToSeconds() > kMaxLifeSpan) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("TryToRecycle did not recycle %p", this));
+
+ // It's possible that the process was already cached, and we're being called
+ // from a different path, and we're now past kMaxLifeSpan (or some other).
+ // Ensure that if we're going to kill this process we don't recycle it.
+ StopRecyclingE10SOnly(/* aForeground */ false);
+ return false;
+ }
+
+ if (!sRecycledE10SProcess) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("TryToRecycle began recycling %p", this));
+ sRecycledE10SProcess = this;
+
+ ProcessPriorityManager::SetProcessPriority(this,
+ PROCESS_PRIORITY_BACKGROUND);
+ return true;
+ }
+
+ if (sRecycledE10SProcess == this) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("TryToRecycle continue recycling %p", this));
+ return true;
+ }
+
+ // Some other process is already being recycled, just shut this one down.
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("TryToRecycle did not recycle %p (already recycling %p)", this,
+ sRecycledE10SProcess.get()));
+ return false;
+}
+
+void ContentParent::StopRecyclingE10SOnly(bool aForeground) {
+ if (sRecycledE10SProcess != this) {
+ return;
+ }
+
+ sRecycledE10SProcess = nullptr;
+ if (aForeground) {
+ ProcessPriorityManager::SetProcessPriority(this,
+ PROCESS_PRIORITY_FOREGROUND);
+ }
+}
+
+bool ContentParent::HasActiveWorker() {
+ // If we have active workers, we need to stay alive.
+ {
+ // Most of the times we'll get here with the mutex acquired, but still.
+ RecursiveMutexAutoLock lock(mThreadsafeHandle->mMutex);
+ if (mThreadsafeHandle->mRemoteWorkerActorCount) {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool ContentParent::ShouldKeepProcessAlive() {
+ if (HasActiveWorker()) {
+ return true;
+ }
+
+ if (mNumKeepaliveCalls > 0) {
+ return true;
+ }
+
+ if (IsLaunching()) {
+ return true;
+ }
+
+ // If we have already been marked as dead, don't prevent shutdown.
+ if (IsDead()) {
+ return false;
+ }
+
+ // If everything is going down, there is no need to keep us alive, neither.
+ if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+ return false;
+ }
+
+ if (!sBrowserContentParents) {
+ return false;
+ }
+
+ auto contentParents = sBrowserContentParents->Get(mRemoteType);
+ if (!contentParents) {
+ return false;
+ }
+
+ // We might want to keep some content processes alive for performance reasons.
+ // e.g. test runs and privileged content process for some about: pages.
+ // We don't want to alter behavior if the pref is not set, so default to 0.
+ int32_t processesToKeepAlive = 0;
+
+ nsAutoCString keepAlivePref("dom.ipc.keepProcessesAlive.");
+
+ if (StringBeginsWith(mRemoteType, FISSION_WEB_REMOTE_TYPE) &&
+ xpc::IsInAutomation()) {
+ keepAlivePref.Append(FISSION_WEB_REMOTE_TYPE);
+ keepAlivePref.AppendLiteral(".perOrigin");
+ } else {
+ keepAlivePref.Append(mRemoteType);
+ }
+ if (NS_FAILED(
+ Preferences::GetInt(keepAlivePref.get(), &processesToKeepAlive))) {
+ return false;
+ }
+
+ int32_t numberOfAliveProcesses = contentParents->Length();
+
+ return numberOfAliveProcesses <= processesToKeepAlive;
+}
+
+void ContentParent::NotifyTabDestroying() {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("NotifyTabDestroying %p:", this));
+ // There can be more than one PBrowser for a given app process
+ // because of popup windows. PBrowsers can also destroy
+ // concurrently. When all the PBrowsers are destroying, kick off
+ // another task to ensure the child process *really* shuts down,
+ // even if the PBrowsers themselves never finish destroying.
+ ++mNumDestroyingTabs;
+
+ /**
+ * We intentionally skip this code on Android:
+ * 1. Android has a fixed upper bound on the number of content processes, so
+ * we prefer to re-use them whenever possible (as opposed to letting an
+ * old process wind down while we launch a new one).
+ * 2. GeckoView always hard-kills content processes (and if it does not,
+ * Android itself will), so we don't concern ourselves with the ForceKill
+ * timer either.
+ */
+#if !defined(MOZ_WIDGET_ANDROID)
+ MaybeBeginShutDown(/* aExpectedBrowserCount */ mNumDestroyingTabs,
+ /* aSendShutDown */ false);
+#endif // !defined(MOZ_WIDGET_ANDROID)
+}
+
+void ContentParent::AddKeepAlive() {
+ AssertAlive();
+ // Something wants to keep this content process alive.
+ ++mNumKeepaliveCalls;
+}
+
+void ContentParent::RemoveKeepAlive() {
+ MOZ_DIAGNOSTIC_ASSERT(mNumKeepaliveCalls > 0);
+ --mNumKeepaliveCalls;
+
+ MaybeBeginShutDown();
+}
+
+void ContentParent::StartSendShutdownTimer() {
+ if (mSendShutdownTimer || !CanSend()) {
+ return;
+ }
+
+ uint32_t timeoutSecs = StaticPrefs::dom_ipc_tabs_shutdownTimeoutSecs();
+ if (timeoutSecs > 0) {
+ NS_NewTimerWithFuncCallback(getter_AddRefs(mSendShutdownTimer),
+ ContentParent::SendShutdownTimerCallback, this,
+ timeoutSecs * 1000, nsITimer::TYPE_ONE_SHOT,
+ "dom::ContentParent::StartSendShutdownTimer");
+ MOZ_ASSERT(mSendShutdownTimer);
+ }
+}
+
+void ContentParent::StartForceKillTimer() {
+ if (mForceKillTimer || !CanSend()) {
+ return;
+ }
+
+ uint32_t timeoutSecs = StaticPrefs::dom_ipc_tabs_shutdownTimeoutSecs();
+ if (timeoutSecs > 0) {
+ NS_NewTimerWithFuncCallback(getter_AddRefs(mForceKillTimer),
+ ContentParent::ForceKillTimerCallback, this,
+ timeoutSecs * 1000, nsITimer::TYPE_ONE_SHOT,
+ "dom::ContentParent::StartForceKillTimer");
+ MOZ_ASSERT(mForceKillTimer);
+ }
+}
+
+void ContentParent::NotifyTabDestroyed(const TabId& aTabId,
+ bool aNotifiedDestroying) {
+ if (aNotifiedDestroying) {
+ --mNumDestroyingTabs;
+ }
+
+ nsTArray<PContentPermissionRequestParent*> parentArray =
+ nsContentPermissionUtils::GetContentPermissionRequestParentById(aTabId);
+
+ // Need to close undeleted ContentPermissionRequestParents before tab is
+ // closed.
+ for (auto& permissionRequestParent : parentArray) {
+ Unused << PContentPermissionRequestParent::Send__delete__(
+ permissionRequestParent);
+ }
+
+ // There can be more than one PBrowser for a given app process
+ // because of popup windows. When the last one closes, shut
+ // us down.
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("NotifyTabDestroyed %p", this));
+
+ MaybeBeginShutDown(/* aExpectedBrowserCount */ 1);
+}
+
+TestShellParent* ContentParent::CreateTestShell() {
+ RefPtr<TestShellParent> actor = new TestShellParent();
+ if (!SendPTestShellConstructor(actor)) {
+ return nullptr;
+ }
+ return actor;
+}
+
+bool ContentParent::DestroyTestShell(TestShellParent* aTestShell) {
+ return PTestShellParent::Send__delete__(aTestShell);
+}
+
+TestShellParent* ContentParent::GetTestShellSingleton() {
+ PTestShellParent* p = LoneManagedOrNullAsserts(ManagedPTestShellParent());
+ return static_cast<TestShellParent*>(p);
+}
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+// Append the sandbox command line parameters that are not static. i.e.,
+// parameters that can be different for different child processes.
+void ContentParent::AppendDynamicSandboxParams(
+ std::vector<std::string>& aArgs) {
+ // For file content processes
+ if (GetRemoteType() == FILE_REMOTE_TYPE) {
+ MacSandboxInfo::AppendFileAccessParam(aArgs, true);
+ }
+}
+
+// Generate the static sandbox command line parameters and store
+// them in the provided params vector to be used each time a new
+// content process is launched.
+static void CacheSandboxParams(std::vector<std::string>& aCachedParams) {
+ // This must only be called once and we should
+ // be starting with an empty list of parameters.
+ MOZ_ASSERT(aCachedParams.empty());
+
+ MacSandboxInfo info;
+ info.type = MacSandboxType_Content;
+ info.level = GetEffectiveContentSandboxLevel();
+
+ // Sandbox logging
+ if (Preferences::GetBool("security.sandbox.logging.enabled") ||
+ PR_GetEnv("MOZ_SANDBOX_LOGGING")) {
+ info.shouldLog = true;
+ }
+
+ // Audio access
+ if (!StaticPrefs::media_cubeb_sandbox()) {
+ info.hasAudio = true;
+ }
+
+ // Window server access. If the disconnect-windowserver pref is not
+ // "true" or out-of-process WebGL is not enabled, allow window server
+ // access in the sandbox policy.
+ if (!Preferences::GetBool(
+ "security.sandbox.content.mac.disconnect-windowserver") ||
+ !Preferences::GetBool("webgl.out-of-process")) {
+ info.hasWindowServer = true;
+ }
+
+ // .app path (normalized)
+ nsAutoCString appPath;
+ if (!nsMacUtilsImpl::GetAppPath(appPath)) {
+ MOZ_CRASH("Failed to get app dir paths");
+ }
+ info.appPath = appPath.get();
+
+ // TESTING_READ_PATH1
+ nsAutoCString testingReadPath1;
+ Preferences::GetCString("security.sandbox.content.mac.testing_read_path1",
+ testingReadPath1);
+ if (!testingReadPath1.IsEmpty()) {
+ info.testingReadPath1 = testingReadPath1.get();
+ }
+
+ // TESTING_READ_PATH2
+ nsAutoCString testingReadPath2;
+ Preferences::GetCString("security.sandbox.content.mac.testing_read_path2",
+ testingReadPath2);
+ if (!testingReadPath2.IsEmpty()) {
+ info.testingReadPath2 = testingReadPath2.get();
+ }
+
+ // TESTING_READ_PATH3, TESTING_READ_PATH4. In non-packaged builds,
+ // these are used to whitelist the repo dir and object dir respectively.
+ nsresult rv;
+ if (!mozilla::IsPackagedBuild()) {
+ // Repo dir
+ nsCOMPtr<nsIFile> repoDir;
+ rv = nsMacUtilsImpl::GetRepoDir(getter_AddRefs(repoDir));
+ if (NS_FAILED(rv)) {
+ MOZ_CRASH("Failed to get path to repo dir");
+ }
+ nsCString repoDirPath;
+ Unused << repoDir->GetNativePath(repoDirPath);
+ info.testingReadPath3 = repoDirPath.get();
+
+ // Object dir
+ nsCOMPtr<nsIFile> objDir;
+ rv = nsMacUtilsImpl::GetObjDir(getter_AddRefs(objDir));
+ if (NS_FAILED(rv)) {
+ MOZ_CRASH("Failed to get path to build object dir");
+ }
+ nsCString objDirPath;
+ Unused << objDir->GetNativePath(objDirPath);
+ info.testingReadPath4 = objDirPath.get();
+ }
+
+ // DEBUG_WRITE_DIR
+# ifdef DEBUG
+ // For bloat/leak logging or when a content process dies intentionally
+ // (|NoteIntentionalCrash|) for tests, it wants to log that it did this.
+ // Allow writing to this location.
+ nsAutoCString bloatLogDirPath;
+ if (NS_SUCCEEDED(nsMacUtilsImpl::GetBloatLogDir(bloatLogDirPath))) {
+ info.debugWriteDir = bloatLogDirPath.get();
+ }
+# endif // DEBUG
+
+ info.AppendAsParams(aCachedParams);
+}
+
+// Append sandboxing command line parameters.
+void ContentParent::AppendSandboxParams(std::vector<std::string>& aArgs) {
+ MOZ_ASSERT(sMacSandboxParams != nullptr);
+
+ // An empty sMacSandboxParams indicates this is the
+ // first invocation and we don't have cached params yet.
+ if (sMacSandboxParams->empty()) {
+ CacheSandboxParams(*sMacSandboxParams);
+ MOZ_ASSERT(!sMacSandboxParams->empty());
+ }
+
+ // Append cached arguments.
+ aArgs.insert(aArgs.end(), sMacSandboxParams->begin(),
+ sMacSandboxParams->end());
+
+ // Append remaining arguments.
+ AppendDynamicSandboxParams(aArgs);
+}
+#endif // XP_MACOSX && MOZ_SANDBOX
+
+bool ContentParent::BeginSubprocessLaunch(ProcessPriority aPriority) {
+ AUTO_PROFILER_LABEL("ContentParent::LaunchSubprocess", OTHER);
+
+ // Ensure we will not rush through our shutdown phases while launching.
+ // LaunchSubprocessReject will remove them in case of failure,
+ // otherwise ActorDestroy will take care.
+ AddShutdownBlockers();
+
+ if (!ContentProcessManager::GetSingleton()) {
+ MOZ_ASSERT(false, "Unable to acquire ContentProcessManager singleton!");
+ return false;
+ }
+
+ std::vector<std::string> extraArgs;
+ geckoargs::sChildID.Put(mChildID, extraArgs);
+ geckoargs::sIsForBrowser.Put(IsForBrowser(), extraArgs);
+ geckoargs::sNotForBrowser.Put(!IsForBrowser(), extraArgs);
+
+ // Prefs information is passed via anonymous shared memory to avoid bloating
+ // the command line.
+
+ // Instantiate the pref serializer. It will be cleaned up in
+ // `LaunchSubprocessReject`/`LaunchSubprocessResolve`.
+ mPrefSerializer = MakeUnique<mozilla::ipc::SharedPreferenceSerializer>();
+ if (!mPrefSerializer->SerializeToSharedMemory(GeckoProcessType_Content,
+ GetRemoteType())) {
+ NS_WARNING("SharedPreferenceSerializer::SerializeToSharedMemory failed");
+ MarkAsDead();
+ return false;
+ }
+ mPrefSerializer->AddSharedPrefCmdLineArgs(*mSubprocess, extraArgs);
+
+ // The JS engine does some computation during the initialization which can be
+ // shared across processes. We add command line arguments to pass a file
+ // handle and its content length, to minimize the startup time of content
+ // processes.
+ ::mozilla::ipc::ExportSharedJSInit(*mSubprocess, extraArgs);
+
+ // Register ContentParent as an observer for changes to any pref
+ // whose prefix matches the empty string, i.e. all of them. The
+ // observation starts here in order to capture pref updates that
+ // happen during async launch.
+ Preferences::AddStrongObserver(this, "");
+
+ if (gSafeMode) {
+ geckoargs::sSafeMode.Put(extraArgs);
+ }
+
+#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
+ if (IsContentSandboxEnabled()) {
+ AppendSandboxParams(extraArgs);
+ mSubprocess->DisableOSActivityMode();
+ }
+#endif
+
+ nsCString parentBuildID(mozilla::PlatformBuildID());
+ geckoargs::sParentBuildID.Put(parentBuildID.get(), extraArgs);
+
+#ifdef MOZ_WIDGET_GTK
+ // This is X11-only pending a solution for WebGL in Wayland mode.
+ if (StaticPrefs::dom_ipc_avoid_gtk() &&
+ StaticPrefs::widget_non_native_theme_enabled() &&
+ widget::GdkIsX11Display()) {
+ mSubprocess->SetEnv("MOZ_HEADLESS", "1");
+ }
+#endif
+
+ mLaunchYieldTS = TimeStamp::Now();
+ return mSubprocess->AsyncLaunch(std::move(extraArgs));
+}
+
+void ContentParent::LaunchSubprocessReject() {
+ NS_WARNING("failed to launch child in the parent");
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("failed to launch child in the parent"));
+ // Now that communication with the child is complete, we can cleanup
+ // the preference serializer.
+ mPrefSerializer = nullptr;
+ if (mIsAPreallocBlocker) {
+ PreallocatedProcessManager::RemoveBlocker(mRemoteType, this);
+ mIsAPreallocBlocker = false;
+ }
+ MarkAsDead();
+ RemoveShutdownBlockers();
+}
+
+bool ContentParent::LaunchSubprocessResolve(bool aIsSync,
+ ProcessPriority aPriority) {
+ AUTO_PROFILER_LABEL("ContentParent::LaunchSubprocess::resolve", OTHER);
+
+ if (mLaunchResolved) {
+ // We've already been called, return.
+ MOZ_ASSERT(sCreatedFirstContentProcess);
+ MOZ_ASSERT(!mPrefSerializer);
+ MOZ_ASSERT(mLifecycleState != LifecycleState::LAUNCHING);
+ return mLaunchResolvedOk;
+ }
+ mLaunchResolved = true;
+
+ // Now that communication with the child is complete, we can cleanup
+ // the preference serializer.
+ mPrefSerializer = nullptr;
+
+ const auto launchResumeTS = TimeStamp::Now();
+ if (profiler_thread_is_being_profiled_for_markers()) {
+ nsPrintfCString marker("Process start%s for %u",
+ mIsAPreallocBlocker ? " (immediate)" : "",
+ (unsigned int)ChildID());
+ PROFILER_MARKER_TEXT(
+ mIsAPreallocBlocker ? ProfilerString8View("Process Immediate Launch")
+ : ProfilerString8View("Process Launch"),
+ DOM, MarkerTiming::Interval(mLaunchTS, launchResumeTS), marker);
+ }
+
+ if (!sCreatedFirstContentProcess) {
+ nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
+ obs->NotifyObservers(nullptr, "ipc:first-content-process-created", nullptr);
+ sCreatedFirstContentProcess = true;
+ }
+
+ mSubprocess->TakeInitialEndpoint().Bind(this);
+
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+ if (!cpm) {
+ NS_WARNING("immediately shutting-down caused by our shutdown");
+ ShutDownProcess(SEND_SHUTDOWN_MESSAGE);
+ return false;
+ }
+ cpm->AddContentProcess(this);
+
+#ifdef MOZ_CODE_COVERAGE
+ Unused << SendShareCodeCoverageMutex(
+ CodeCoverageHandler::Get()->GetMutexHandle());
+#endif
+
+ // We must be in the LAUNCHING state still. If we've somehow already been
+ // marked as DEAD, fail the process launch, and immediately begin tearing down
+ // the content process.
+ if (IsDead()) {
+ NS_WARNING("immediately shutting-down already-dead process");
+ ShutDownProcess(SEND_SHUTDOWN_MESSAGE);
+ return false;
+ }
+ MOZ_ASSERT(mLifecycleState == LifecycleState::LAUNCHING);
+ mLifecycleState = LifecycleState::ALIVE;
+
+ if (!InitInternal(aPriority)) {
+ NS_WARNING("failed to initialize child in the parent");
+ // We've already called Open() by this point, so we need to close the
+ // channel to avoid leaking the process.
+ ShutDownProcess(SEND_SHUTDOWN_MESSAGE);
+ return false;
+ }
+
+ mHangMonitorActor = ProcessHangMonitor::AddProcess(this);
+
+ // Set a reply timeout for CPOWs.
+ SetReplyTimeoutMs(StaticPrefs::dom_ipc_cpow_timeout());
+
+ nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
+ if (obs) {
+ nsAutoString cpId;
+ cpId.AppendInt(static_cast<uint64_t>(this->ChildID()));
+ obs->NotifyObservers(static_cast<nsIObserver*>(this),
+ "ipc:content-initializing", cpId.get());
+ }
+
+ Init();
+
+ mLifecycleState = LifecycleState::INITIALIZED;
+
+ if (aIsSync) {
+ Telemetry::AccumulateTimeDelta(Telemetry::CONTENT_PROCESS_SYNC_LAUNCH_MS,
+ mLaunchTS);
+ } else {
+ Telemetry::AccumulateTimeDelta(Telemetry::CONTENT_PROCESS_LAUNCH_TOTAL_MS,
+ mLaunchTS);
+
+ Telemetry::Accumulate(
+ Telemetry::CONTENT_PROCESS_LAUNCH_MAINTHREAD_MS,
+ static_cast<uint32_t>(
+ ((mLaunchYieldTS - mLaunchTS) + (TimeStamp::Now() - launchResumeTS))
+ .ToMilliseconds()));
+ }
+
+ mLaunchResolvedOk = true;
+ return true;
+}
+
+bool ContentParent::LaunchSubprocessSync(
+ hal::ProcessPriority aInitialPriority) {
+ // We've started a sync content process launch.
+ Telemetry::Accumulate(Telemetry::CONTENT_PROCESS_LAUNCH_IS_SYNC, 1);
+
+ if (BeginSubprocessLaunch(aInitialPriority)) {
+ const bool ok = mSubprocess->WaitForProcessHandle();
+ if (ok && LaunchSubprocessResolve(/* aIsSync = */ true, aInitialPriority)) {
+ return true;
+ }
+ }
+ LaunchSubprocessReject();
+ return false;
+}
+
+RefPtr<ContentParent::LaunchPromise> ContentParent::LaunchSubprocessAsync(
+ hal::ProcessPriority aInitialPriority) {
+ // We've started an async content process launch.
+ Telemetry::Accumulate(Telemetry::CONTENT_PROCESS_LAUNCH_IS_SYNC, 0);
+
+ if (!BeginSubprocessLaunch(aInitialPriority)) {
+ // Launch aborted because of shutdown. Bailout.
+ LaunchSubprocessReject();
+ return LaunchPromise::CreateAndReject(NS_ERROR_ILLEGAL_DURING_SHUTDOWN,
+ __func__);
+ }
+
+ // Otherwise, wait until the process is ready.
+ RefPtr<ProcessHandlePromise> ready = mSubprocess->WhenProcessHandleReady();
+ RefPtr<ContentParent> self = this;
+ mLaunchYieldTS = TimeStamp::Now();
+
+ return ready->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [self, aInitialPriority](
+ const ProcessHandlePromise::ResolveOrRejectValue& aValue) {
+ if (aValue.IsResolve() &&
+ self->LaunchSubprocessResolve(/* aIsSync = */ false,
+ aInitialPriority)) {
+ return LaunchPromise::CreateAndResolve(self, __func__);
+ }
+ self->LaunchSubprocessReject();
+ return LaunchPromise::CreateAndReject(NS_ERROR_FAILURE, __func__);
+ });
+}
+
+ContentParent::ContentParent(const nsACString& aRemoteType)
+ : mSubprocess(nullptr),
+ mLaunchTS(TimeStamp::Now()),
+ mLaunchYieldTS(mLaunchTS),
+ mActivateTS(mLaunchTS),
+ mIsAPreallocBlocker(false),
+ mRemoteType(aRemoteType),
+ mChildID(gContentChildID++),
+ mGeolocationWatchID(-1),
+ mThreadsafeHandle(
+ new ThreadsafeContentParentHandle(this, mChildID, mRemoteType)),
+ mNumDestroyingTabs(0),
+ mNumKeepaliveCalls(0),
+ mLifecycleState(LifecycleState::LAUNCHING),
+ mIsForBrowser(!mRemoteType.IsEmpty()),
+ mCalledClose(false),
+ mCalledKillHard(false),
+ mCreatedPairedMinidumps(false),
+ mShutdownPending(false),
+ mLaunchResolved(false),
+ mLaunchResolvedOk(false),
+ mIsRemoteInputEventQueueEnabled(false),
+ mIsInputPriorityEventEnabled(false),
+ mIsInPool(false),
+ mGMPCreated(false),
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ mBlockShutdownCalled(false),
+#endif
+ mHangMonitorActor(nullptr) {
+ mRemoteTypeIsolationPrincipal =
+ CreateRemoteTypeIsolationPrincipal(aRemoteType);
+
+ // Insert ourselves into the global linked list of ContentParent objects.
+ if (!sContentParents) {
+ sContentParents = new LinkedList<ContentParent>();
+ }
+ sContentParents->insertBack(this);
+
+ mMessageManager = nsFrameMessageManager::NewProcessMessageManager(true);
+
+#if defined(XP_WIN)
+ // Request Windows message deferral behavior on our side of the PContent
+ // channel. Generally only applies to the situation where we get caught in
+ // a deadlock with the plugin process when sending CPOWs.
+ GetIPCChannel()->SetChannelFlags(
+ MessageChannel::REQUIRE_DEFERRED_MESSAGE_PROTECTION);
+#endif
+
+ NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
+ bool isFile = mRemoteType == FILE_REMOTE_TYPE;
+ mSubprocess = new GeckoChildProcessHost(GeckoProcessType_Content, isFile);
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("CreateSubprocess: ContentParent %p mSubprocess %p handle %" PRIuPTR,
+ this, mSubprocess,
+ mSubprocess ? (uintptr_t)mSubprocess->GetChildProcessHandle() : -1));
+
+ // This is safe to do in the constructor, as it doesn't take a strong
+ // reference.
+ mScriptableHelper = new ScriptableCPInfo(this);
+}
+
+ContentParent::~ContentParent() {
+ if (mSendShutdownTimer) {
+ mSendShutdownTimer->Cancel();
+ }
+ if (mForceKillTimer) {
+ mForceKillTimer->Cancel();
+ }
+
+ AssertIsOnMainThread();
+
+ // Clear the weak reference from the threadsafe handle back to this actor.
+ mThreadsafeHandle->mWeakActor = nullptr;
+
+ if (mIsAPreallocBlocker) {
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("Removing blocker on ContentProcess destruction"));
+ PreallocatedProcessManager::RemoveBlocker(mRemoteType, this);
+ mIsAPreallocBlocker = false;
+ }
+
+ // We should be removed from all these lists in ActorDestroy.
+ AssertNotInPool();
+
+ // Normally mSubprocess is destroyed in ActorDestroy, but that won't
+ // happen if the process wasn't launched or if it failed to launch.
+ if (mSubprocess) {
+ MOZ_LOG(
+ ContentParent::GetLog(), LogLevel::Verbose,
+ ("DestroySubprocess: ContentParent %p mSubprocess %p handle %" PRIuPTR,
+ this, mSubprocess,
+ mSubprocess ? (uintptr_t)mSubprocess->GetChildProcessHandle() : -1));
+ mSubprocess->Destroy();
+ }
+
+ // Make sure to clear the connection from `mScriptableHelper` if it hasn't
+ // been cleared yet.
+ if (mScriptableHelper) {
+ static_cast<ScriptableCPInfo*>(mScriptableHelper.get())->ProcessDied();
+ mScriptableHelper = nullptr;
+ }
+}
+
+bool ContentParent::InitInternal(ProcessPriority aInitialPriority) {
+ // We can't access the locale service after shutdown has started. Since we
+ // can't init the process without it, and since we're going to be canceling
+ // whatever load attempt that initiated this process creation anyway, just
+ // bail out now if shutdown has already started.
+ if (PastShutdownPhase(ShutdownPhase::XPCOMShutdown)) {
+ return false;
+ }
+
+ XPCOMInitData xpcomInit;
+
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Debug,
+ ("ContentParent::InitInternal: %p", (void*)this));
+ nsCOMPtr<nsIIOService> io(do_GetIOService());
+ MOZ_ASSERT(io, "No IO service?");
+ DebugOnly<nsresult> rv = io->GetOffline(&xpcomInit.isOffline());
+ MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed getting offline?");
+
+ rv = io->GetConnectivity(&xpcomInit.isConnected());
+ MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed getting connectivity?");
+
+ xpcomInit.captivePortalState() = nsICaptivePortalService::UNKNOWN;
+ nsCOMPtr<nsICaptivePortalService> cps =
+ do_GetService(NS_CAPTIVEPORTAL_CONTRACTID);
+ if (cps) {
+ cps->GetState(&xpcomInit.captivePortalState());
+ }
+
+ if (StaticPrefs::fission_processProfileName()) {
+ nsCOMPtr<nsIToolkitProfileService> profileSvc =
+ do_GetService(NS_PROFILESERVICE_CONTRACTID);
+ if (profileSvc) {
+ nsCOMPtr<nsIToolkitProfile> currentProfile;
+ nsresult rv =
+ profileSvc->GetCurrentProfile(getter_AddRefs(currentProfile));
+ if (NS_SUCCEEDED(rv) && currentProfile) {
+ currentProfile->GetName(mProfile);
+ }
+ }
+ }
+
+ nsIBidiKeyboard* bidi = nsContentUtils::GetBidiKeyboard();
+
+ xpcomInit.isLangRTL() = false;
+ xpcomInit.haveBidiKeyboards() = false;
+ if (bidi) {
+ bidi->IsLangRTL(&xpcomInit.isLangRTL());
+ bidi->GetHaveBidiKeyboards(&xpcomInit.haveBidiKeyboards());
+ }
+
+ RefPtr<mozSpellChecker> spellChecker(mozSpellChecker::Create());
+ MOZ_ASSERT(spellChecker, "No spell checker?");
+
+ spellChecker->GetDictionaryList(&xpcomInit.dictionaries());
+
+ LocaleService::GetInstance()->GetAppLocalesAsBCP47(xpcomInit.appLocales());
+ LocaleService::GetInstance()->GetRequestedLocales(
+ xpcomInit.requestedLocales());
+
+ L10nRegistry::GetParentProcessFileSourceDescriptors(
+ xpcomInit.l10nFileSources());
+
+ nsCOMPtr<nsIClipboard> clipboard(
+ do_GetService("@mozilla.org/widget/clipboard;1"));
+ MOZ_ASSERT(clipboard, "No clipboard?");
+ MOZ_ASSERT(
+ clipboard->IsClipboardTypeSupported(nsIClipboard::kGlobalClipboard),
+ "We should always support the global clipboard.");
+
+ xpcomInit.clipboardCaps().supportsSelectionClipboard() =
+ clipboard->IsClipboardTypeSupported(nsIClipboard::kSelectionClipboard);
+
+ xpcomInit.clipboardCaps().supportsFindClipboard() =
+ clipboard->IsClipboardTypeSupported(nsIClipboard::kFindClipboard);
+
+ xpcomInit.clipboardCaps().supportsSelectionCache() =
+ clipboard->IsClipboardTypeSupported(nsIClipboard::kSelectionCache);
+
+ // Let's copy the domain policy from the parent to the child (if it's active).
+ StructuredCloneData initialData;
+ nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+ if (ssm) {
+ ssm->CloneDomainPolicy(&xpcomInit.domainPolicy());
+
+ if (ParentProcessMessageManager* mm =
+ nsFrameMessageManager::sParentProcessManager) {
+ AutoJSAPI jsapi;
+ if (NS_WARN_IF(!jsapi.Init(xpc::PrivilegedJunkScope()))) {
+ MOZ_CRASH();
+ }
+ JS::Rooted<JS::Value> init(jsapi.cx());
+ // We'll crash on failure, so use a IgnoredErrorResult (which also
+ // auto-suppresses exceptions).
+ IgnoredErrorResult rv;
+ mm->GetInitialProcessData(jsapi.cx(), &init, rv);
+ if (NS_WARN_IF(rv.Failed())) {
+ MOZ_CRASH();
+ }
+
+ initialData.Write(jsapi.cx(), init, rv);
+ if (NS_WARN_IF(rv.Failed())) {
+ MOZ_CRASH();
+ }
+ }
+ }
+ // This is only implemented (returns a non-empty list) by MacOSX and Linux
+ // at present.
+ SystemFontList fontList;
+ gfxPlatform::GetPlatform()->ReadSystemFontList(&fontList);
+
+ const FullLookAndFeel& lnf = *RemoteLookAndFeel::ExtractData();
+
+ // If the shared fontlist is in use, collect its shmem block handles to pass
+ // to the child.
+ nsTArray<SharedMemoryHandle> sharedFontListBlocks;
+ gfxPlatformFontList::PlatformFontList()->ShareFontListToProcess(
+ &sharedFontListBlocks, OtherPid());
+
+ // Content processes have no permission to access profile directory, so we
+ // send the file URL instead.
+ auto* sheetCache = GlobalStyleSheetCache::Singleton();
+ if (StyleSheet* ucs = sheetCache->GetUserContentSheet()) {
+ xpcomInit.userContentSheetURL() = ucs->GetSheetURI();
+ } else {
+ xpcomInit.userContentSheetURL() = nullptr;
+ }
+
+ // 1. Build ContentDeviceData first, as it may affect some gfxVars.
+ gfxPlatform::GetPlatform()->BuildContentDeviceData(
+ &xpcomInit.contentDeviceData());
+ // 2. Gather non-default gfxVars.
+ xpcomInit.gfxNonDefaultVarUpdates() = gfxVars::FetchNonDefaultVars();
+ // 3. Start listening for gfxVars updates, to notify content process later on.
+ gfxVars::AddReceiver(this);
+
+ nsCOMPtr<nsIGfxInfo> gfxInfo = components::GfxInfo::Service();
+ if (gfxInfo) {
+ GfxInfoBase* gfxInfoRaw = static_cast<GfxInfoBase*>(gfxInfo.get());
+ xpcomInit.gfxFeatureStatus() = gfxInfoRaw->GetAllFeatures();
+ }
+
+ // Send the dynamic scalar definitions to the new process.
+ TelemetryIPC::GetDynamicScalarDefinitions(xpcomInit.dynamicScalarDefs());
+
+ for (auto const& [location, supported] : sCodecsSupported) {
+ Unused << SendUpdateMediaCodecsSupported(location, supported);
+ }
+
+#ifdef MOZ_WIDGET_ANDROID
+ if (!(StaticPrefs::media_utility_process_enabled() &&
+ StaticPrefs::media_utility_android_media_codec_enabled())) {
+ Unused << SendDecoderSupportedMimeTypes(
+ AndroidDecoderModule::GetSupportedMimeTypesPrefixed());
+ }
+#endif
+
+ // Must send screen info before send initialData
+ ScreenManager& screenManager = ScreenManager::GetSingleton();
+ screenManager.CopyScreensToRemote(this);
+
+ // Send the UA sheet shared memory buffer and the address it is mapped at.
+ Maybe<SharedMemoryHandle> sharedUASheetHandle;
+ uintptr_t sharedUASheetAddress = sheetCache->GetSharedMemoryAddress();
+
+ if (SharedMemoryHandle handle = sheetCache->CloneHandle()) {
+ sharedUASheetHandle.emplace(std::move(handle));
+ } else {
+ sharedUASheetAddress = 0;
+ }
+
+ bool isReadyForBackgroundProcessing = false;
+#if defined(XP_WIN)
+ RefPtr<DllServices> dllSvc(DllServices::Get());
+ isReadyForBackgroundProcessing = dllSvc->IsReadyForBackgroundProcessing();
+#endif
+
+ xpcomInit.perfStatsMask() = PerfStats::GetCollectionMask();
+
+ nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
+ dns->GetTrrDomain(xpcomInit.trrDomain());
+
+ nsIDNSService::ResolverMode mode;
+ dns->GetCurrentTrrMode(&mode);
+ xpcomInit.trrMode() = mode;
+ xpcomInit.trrModeFromPref() =
+ static_cast<nsIDNSService::ResolverMode>(StaticPrefs::network_trr_mode());
+
+ Unused << SendSetXPCOMProcessAttributes(
+ xpcomInit, initialData, lnf, fontList, std::move(sharedUASheetHandle),
+ sharedUASheetAddress, std::move(sharedFontListBlocks),
+ isReadyForBackgroundProcessing);
+
+ ipc::WritableSharedMap* sharedData =
+ nsFrameMessageManager::sParentProcessManager->SharedData();
+ sharedData->Flush();
+ sharedData->SendTo(this);
+
+ nsCOMPtr<nsIChromeRegistry> registrySvc = nsChromeRegistry::GetService();
+ nsChromeRegistryChrome* chromeRegistry =
+ static_cast<nsChromeRegistryChrome*>(registrySvc.get());
+ chromeRegistry->SendRegisteredChrome(this);
+
+ nsCOMPtr<nsIStringBundleService> stringBundleService =
+ components::StringBundle::Service();
+ stringBundleService->SendContentBundles(this);
+
+ if (gAppData) {
+ nsCString version(gAppData->version);
+ nsCString buildID(gAppData->buildID);
+ nsCString name(gAppData->name);
+ nsCString UAName(gAppData->UAName);
+ nsCString ID(gAppData->ID);
+ nsCString vendor(gAppData->vendor);
+ nsCString sourceURL(gAppData->sourceURL);
+ nsCString updateURL(gAppData->updateURL);
+
+ // Sending all information to content process.
+ Unused << SendAppInfo(version, buildID, name, UAName, ID, vendor, sourceURL,
+ updateURL);
+ }
+
+ // Send the child its remote type. On Mac, this needs to be sent prior
+ // to the message we send to enable the Sandbox (SendStartProcessSandbox)
+ // because different remote types require different sandbox privileges.
+
+ Unused << SendRemoteType(mRemoteType, mProfile);
+
+ ScriptPreloader::InitContentChild(*this);
+
+ // Initialize the message manager (and load delayed scripts) now that we
+ // have established communications with the child.
+ mMessageManager->InitWithCallback(this);
+ mMessageManager->SetOsPid(Pid());
+
+ // Set the subprocess's priority. We do this early on because we're likely
+ // /lowering/ the process's CPU and memory priority, which it has inherited
+ // from this process.
+ //
+ // This call can cause us to send IPC messages to the child process, so it
+ // must come after the Open() call above.
+ ProcessPriorityManager::SetProcessPriority(this, aInitialPriority);
+
+ // NB: internally, this will send an IPC message to the child
+ // process to get it to create the CompositorBridgeChild. This
+ // message goes through the regular IPC queue for this
+ // channel, so delivery will happen-before any other messages
+ // we send. The CompositorBridgeChild must be created before any
+ // PBrowsers are created, because they rely on the Compositor
+ // already being around. (Creation is async, so can't happen
+ // on demand.)
+ GPUProcessManager* gpm = GPUProcessManager::Get();
+
+ Endpoint<PCompositorManagerChild> compositor;
+ Endpoint<PImageBridgeChild> imageBridge;
+ Endpoint<PVRManagerChild> vrBridge;
+ Endpoint<PRemoteDecoderManagerChild> videoManager;
+ AutoTArray<uint32_t, 3> namespaces;
+
+ if (!gpm->CreateContentBridges(OtherPid(), &compositor, &imageBridge,
+ &vrBridge, &videoManager, mChildID,
+ &namespaces)) {
+ // This can fail if we've already started shutting down the compositor
+ // thread. See Bug 1562763 comment 8.
+ MOZ_ASSERT(AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdown));
+ return false;
+ }
+
+ Unused << SendInitRendering(std::move(compositor), std::move(imageBridge),
+ std::move(vrBridge), std::move(videoManager),
+ namespaces);
+
+ gpm->AddListener(this);
+
+ nsStyleSheetService* sheetService = nsStyleSheetService::GetInstance();
+ if (sheetService) {
+ // This looks like a lot of work, but in a normal browser session we just
+ // send two loads.
+ //
+ // The URIs of the Gecko and Servo sheets should be the same, so it
+ // shouldn't matter which we look at.
+
+ for (StyleSheet* sheet : *sheetService->AgentStyleSheets()) {
+ Unused << SendLoadAndRegisterSheet(sheet->GetSheetURI(),
+ nsIStyleSheetService::AGENT_SHEET);
+ }
+
+ for (StyleSheet* sheet : *sheetService->UserStyleSheets()) {
+ Unused << SendLoadAndRegisterSheet(sheet->GetSheetURI(),
+ nsIStyleSheetService::USER_SHEET);
+ }
+
+ for (StyleSheet* sheet : *sheetService->AuthorStyleSheets()) {
+ Unused << SendLoadAndRegisterSheet(sheet->GetSheetURI(),
+ nsIStyleSheetService::AUTHOR_SHEET);
+ }
+ }
+
+#ifdef MOZ_SANDBOX
+ bool shouldSandbox = true;
+ Maybe<FileDescriptor> brokerFd;
+ // XXX: Checking the pref here makes it possible to enable/disable sandboxing
+ // during an active session. Currently the pref is only used for testing
+ // purpose. If the decision is made to permanently rely on the pref, this
+ // should be changed so that it is required to restart firefox for the change
+ // of value to take effect. Always send SetProcessSandbox message on macOS.
+# if !defined(XP_MACOSX)
+ shouldSandbox = IsContentSandboxEnabled();
+# endif
+
+# ifdef XP_LINUX
+ if (shouldSandbox) {
+ MOZ_ASSERT(!mSandboxBroker);
+ bool isFileProcess = mRemoteType == FILE_REMOTE_TYPE;
+ UniquePtr<SandboxBroker::Policy> policy =
+ sSandboxBrokerPolicyFactory->GetContentPolicy(Pid(), isFileProcess);
+ if (policy) {
+ brokerFd = Some(FileDescriptor());
+ mSandboxBroker =
+ SandboxBroker::Create(std::move(policy), Pid(), brokerFd.ref());
+ if (!mSandboxBroker) {
+ KillHard("SandboxBroker::Create failed");
+ return false;
+ }
+ MOZ_ASSERT(brokerFd.ref().IsValid());
+ }
+ }
+# endif
+ if (shouldSandbox && !SendSetProcessSandbox(brokerFd)) {
+ KillHard("SandboxInitFailed");
+ }
+#endif
+
+ // Ensure that the default set of permissions are avaliable in the content
+ // process before we try to load any URIs in it.
+ //
+ // NOTE: All default permissions has to be transmitted to the child process
+ // before the blob urls in the for loop below (See Bug 1738713 comment 12).
+ EnsurePermissionsByKey(""_ns, ""_ns);
+
+ {
+ nsTArray<BlobURLRegistrationData> registrations;
+ BlobURLProtocolHandler::ForEachBlobURL([&](BlobImpl* aBlobImpl,
+ nsIPrincipal* aPrincipal,
+ const nsCString& aPartitionKey,
+ const nsACString& aURI,
+ bool aRevoked) {
+ // We send all moz-extension Blob URL's to all content processes
+ // because content scripts mean that a moz-extension can live in any
+ // process. Same thing for system principal Blob URLs. Content Blob
+ // URL's are sent for content principals on-demand by
+ // AboutToLoadHttpFtpDocumentForChild and RemoteWorkerManager.
+ if (!BlobURLProtocolHandler::IsBlobURLBroadcastPrincipal(aPrincipal)) {
+ return true;
+ }
+
+ IPCBlob ipcBlob;
+ nsresult rv = IPCBlobUtils::Serialize(aBlobImpl, ipcBlob);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ registrations.AppendElement(
+ BlobURLRegistrationData(nsCString(aURI), ipcBlob, aPrincipal,
+ nsCString(aPartitionKey), aRevoked));
+
+ rv = TransmitPermissionsForPrincipal(aPrincipal);
+ Unused << NS_WARN_IF(NS_FAILED(rv));
+ return true;
+ });
+
+ if (!registrations.IsEmpty()) {
+ Unused << SendInitBlobURLs(registrations);
+ }
+ }
+
+ // Send down { Parent, Window }ActorOptions at startup to content process.
+ RefPtr<JSActorService> actorSvc = JSActorService::GetSingleton();
+ if (actorSvc) {
+ nsTArray<JSProcessActorInfo> contentInfos;
+ actorSvc->GetJSProcessActorInfos(contentInfos);
+
+ nsTArray<JSWindowActorInfo> windowInfos;
+ actorSvc->GetJSWindowActorInfos(windowInfos);
+
+ Unused << SendInitJSActorInfos(contentInfos, windowInfos);
+ }
+
+ // Begin subscribing to any BrowsingContextGroups which were hosted by this
+ // process before it finished launching.
+ for (const auto& group : mGroups) {
+ group->Subscribe(this);
+ }
+
+ MaybeEnableRemoteInputEventQueue();
+
+ return true;
+}
+
+bool ContentParent::IsAlive() const {
+ return mLifecycleState == LifecycleState::ALIVE ||
+ mLifecycleState == LifecycleState::INITIALIZED;
+}
+
+bool ContentParent::IsInitialized() const {
+ return mLifecycleState == LifecycleState::INITIALIZED;
+}
+
+int32_t ContentParent::Pid() const {
+ if (!mSubprocess) {
+ return -1;
+ }
+ auto pid = mSubprocess->GetChildProcessId();
+ if (pid == 0) {
+ return -1;
+ }
+ return ReleaseAssertedCast<int32_t>(pid);
+}
+
+void ContentParent::OnCompositorUnexpectedShutdown() {
+ GPUProcessManager* gpm = GPUProcessManager::Get();
+
+ Endpoint<PCompositorManagerChild> compositor;
+ Endpoint<PImageBridgeChild> imageBridge;
+ Endpoint<PVRManagerChild> vrBridge;
+ Endpoint<PRemoteDecoderManagerChild> videoManager;
+ AutoTArray<uint32_t, 3> namespaces;
+
+ if (!gpm->CreateContentBridges(OtherPid(), &compositor, &imageBridge,
+ &vrBridge, &videoManager, mChildID,
+ &namespaces)) {
+ MOZ_ASSERT(AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdown));
+ return;
+ }
+
+ Unused << SendReinitRendering(std::move(compositor), std::move(imageBridge),
+ std::move(vrBridge), std::move(videoManager),
+ namespaces);
+}
+
+void ContentParent::OnCompositorDeviceReset() {
+ Unused << SendReinitRenderingForDeviceReset();
+}
+
+void ContentParent::MaybeEnableRemoteInputEventQueue() {
+ MOZ_ASSERT(!mIsRemoteInputEventQueueEnabled);
+ if (!IsInputEventQueueSupported()) {
+ return;
+ }
+ mIsRemoteInputEventQueueEnabled = true;
+ Unused << SendSetInputEventQueueEnabled();
+ SetInputPriorityEventEnabled(true);
+}
+
+void ContentParent::SetInputPriorityEventEnabled(bool aEnabled) {
+ if (!IsInputEventQueueSupported() || !mIsRemoteInputEventQueueEnabled ||
+ mIsInputPriorityEventEnabled == aEnabled) {
+ return;
+ }
+ mIsInputPriorityEventEnabled = aEnabled;
+ // Send IPC messages to flush the pending events in the input event queue and
+ // the normal event queue. See PContent.ipdl for more details.
+ Unused << SendSuspendInputEventQueue();
+ Unused << SendFlushInputEventQueue();
+ Unused << SendResumeInputEventQueue();
+}
+
+/*static*/
+bool ContentParent::IsInputEventQueueSupported() {
+ static bool sSupported = false;
+ static bool sInitialized = false;
+ if (!sInitialized) {
+ MOZ_ASSERT(Preferences::IsServiceAvailable());
+ sSupported = Preferences::GetBool("input_event_queue.supported", false);
+ sInitialized = true;
+ }
+ return sSupported;
+}
+
+void ContentParent::OnVarChanged(const GfxVarUpdate& aVar) {
+ if (!CanSend()) {
+ return;
+ }
+ Unused << SendVarUpdate(aVar);
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetClipboard(
+ const IPCTransferable& aTransferable, const int32_t& aWhichClipboard) {
+ // aRequestingPrincipal is allowed to be nullptr here.
+
+ if (!ValidatePrincipal(aTransferable.requestingPrincipal(),
+ {ValidatePrincipalOptions::AllowNullPtr,
+ ValidatePrincipalOptions::AllowExpanded,
+ ValidatePrincipalOptions::AllowSystem})) {
+ LogAndAssertFailedPrincipalValidationInfo(
+ aTransferable.requestingPrincipal(), __func__);
+ }
+
+ nsresult rv;
+ nsCOMPtr<nsIClipboard> clipboard(do_GetService(kCClipboardCID, &rv));
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ nsCOMPtr<nsITransferable> trans =
+ do_CreateInstance("@mozilla.org/widget/transferable;1", &rv);
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+ trans->Init(nullptr);
+
+ rv = nsContentUtils::IPCTransferableToTransferable(
+ aTransferable, true /* aAddDataFlavor */, trans,
+ true /* aFilterUnknownFlavors */);
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ clipboard->SetData(trans, nullptr, aWhichClipboard);
+ return IPC_OK();
+}
+
+namespace {
+
+static Result<nsCOMPtr<nsITransferable>, nsresult> CreateTransferable(
+ const nsTArray<nsCString>& aTypes) {
+ nsresult rv;
+ nsCOMPtr<nsITransferable> trans =
+ do_CreateInstance("@mozilla.org/widget/transferable;1", &rv);
+ if (NS_FAILED(rv)) {
+ return Err(rv);
+ }
+
+ MOZ_TRY(trans->Init(nullptr));
+ // The private flag is only used to prevent the data from being cached to the
+ // disk. The flag is not exported to the IPCDataTransfer object.
+ // The flag is set because we are not sure whether the clipboard data is used
+ // in a private browsing context. The transferable is only used in this scope,
+ // so the cache would not reduce memory consumption anyway.
+ trans->SetIsPrivateData(true);
+ // Fill out flavors for transferable
+ for (uint32_t t = 0; t < aTypes.Length(); t++) {
+ MOZ_TRY(trans->AddDataFlavor(aTypes[t].get()));
+ }
+
+ return std::move(trans);
+}
+
+} // anonymous namespace
+
+mozilla::ipc::IPCResult ContentParent::RecvGetClipboard(
+ nsTArray<nsCString>&& aTypes, const int32_t& aWhichClipboard,
+ const MaybeDiscarded<WindowContext>& aRequestingWindowContext,
+ IPCTransferableData* aTransferableData) {
+ nsresult rv;
+ // We expect content processes to always pass a non-null window so Content
+ // Analysis can analyze it. (if Content Analysis is active)
+ // There may be some cases when a window is closing, etc., in
+ // which case returning no clipboard content should not be a problem.
+ if (aRequestingWindowContext.IsDiscarded()) {
+ NS_WARNING(
+ "discarded window passed to RecvGetClipboard(); returning no clipboard "
+ "content");
+ return IPC_OK();
+ }
+ if (aRequestingWindowContext.IsNull()) {
+ return IPC_FAIL(this, "passed null window to RecvGetClipboard()");
+ }
+ RefPtr<WindowGlobalParent> window = aRequestingWindowContext.get_canonical();
+ // Retrieve clipboard
+ nsCOMPtr<nsIClipboard> clipboard(do_GetService(kCClipboardCID, &rv));
+ if (NS_FAILED(rv)) {
+ return IPC_OK();
+ }
+
+ // Create transferable
+ auto result = CreateTransferable(aTypes);
+ if (result.isErr()) {
+ return IPC_OK();
+ }
+
+ // Get data from clipboard
+ nsCOMPtr<nsITransferable> trans = result.unwrap();
+ clipboard->GetData(trans, aWhichClipboard, window);
+
+ nsContentUtils::TransferableToIPCTransferableData(
+ trans, aTransferableData, true /* aInSyncMessage */, this);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvEmptyClipboard(
+ const int32_t& aWhichClipboard) {
+ nsresult rv;
+ nsCOMPtr<nsIClipboard> clipboard(do_GetService(kCClipboardCID, &rv));
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ clipboard->EmptyClipboard(aWhichClipboard);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvClipboardHasType(
+ nsTArray<nsCString>&& aTypes, const int32_t& aWhichClipboard,
+ bool* aHasType) {
+ nsresult rv;
+ nsCOMPtr<nsIClipboard> clipboard(do_GetService(kCClipboardCID, &rv));
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ clipboard->HasDataMatchingFlavors(aTypes, aWhichClipboard, aHasType);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvGetExternalClipboardFormats(
+ const int32_t& aWhichClipboard, const bool& aPlainTextOnly,
+ nsTArray<nsCString>* aTypes) {
+ MOZ_ASSERT(aTypes);
+ DataTransfer::GetExternalClipboardFormats(aWhichClipboard, aPlainTextOnly,
+ aTypes);
+ return IPC_OK();
+}
+
+namespace {
+
+class ClipboardGetCallback final : public nsIAsyncClipboardGetCallback {
+ public:
+ ClipboardGetCallback(ContentParent* aContentParent,
+ ContentParent::GetClipboardAsyncResolver&& aResolver)
+ : mContentParent(aContentParent), mResolver(std::move(aResolver)) {}
+
+ // This object will never be held by a cycle-collected object, so it doesn't
+ // need to be cycle-collected despite holding alive cycle-collected objects.
+ NS_DECL_ISUPPORTS
+
+ // nsIAsyncClipboardGetCallback
+ NS_IMETHOD OnSuccess(
+ nsIAsyncGetClipboardData* aAsyncGetClipboardData) override {
+ nsTArray<nsCString> flavors;
+ nsresult rv = aAsyncGetClipboardData->GetFlavorList(flavors);
+ if (NS_FAILED(rv)) {
+ return OnError(rv);
+ }
+
+ auto requestParent = MakeNotNull<RefPtr<ClipboardReadRequestParent>>(
+ mContentParent, aAsyncGetClipboardData);
+ if (!mContentParent->SendPClipboardReadRequestConstructor(
+ requestParent, std::move(flavors))) {
+ return OnError(NS_ERROR_FAILURE);
+ }
+
+ mResolver(PClipboardReadRequestOrError(requestParent));
+ return NS_OK;
+ }
+
+ NS_IMETHOD OnError(nsresult aResult) override {
+ mResolver(aResult);
+ return NS_OK;
+ }
+
+ protected:
+ ~ClipboardGetCallback() = default;
+
+ RefPtr<ContentParent> mContentParent;
+ ContentParent::GetClipboardAsyncResolver mResolver;
+};
+
+NS_IMPL_ISUPPORTS(ClipboardGetCallback, nsIAsyncClipboardGetCallback)
+
+} // namespace
+
+mozilla::ipc::IPCResult ContentParent::RecvGetClipboardAsync(
+ nsTArray<nsCString>&& aTypes, const int32_t& aWhichClipboard,
+ const MaybeDiscarded<WindowContext>& aRequestingWindowContext,
+ mozilla::NotNull<nsIPrincipal*> aRequestingPrincipal,
+ GetClipboardAsyncResolver&& aResolver) {
+ if (!ValidatePrincipal(aRequestingPrincipal,
+ {ValidatePrincipalOptions::AllowSystem,
+ ValidatePrincipalOptions::AllowExpanded})) {
+ LogAndAssertFailedPrincipalValidationInfo(aRequestingPrincipal, __func__);
+ }
+
+ // If the requesting context has been discarded, cancel the paste.
+ if (aRequestingWindowContext.IsDiscarded()) {
+ aResolver(NS_ERROR_NOT_AVAILABLE);
+ return IPC_OK();
+ }
+
+ RefPtr<WindowGlobalParent> requestingWindow =
+ aRequestingWindowContext.get_canonical();
+ if (requestingWindow && requestingWindow->GetContentParent() != this) {
+ return IPC_FAIL(
+ this, "attempt to paste into WindowContext loaded in another process");
+ }
+
+ nsresult rv;
+ // Retrieve clipboard
+ nsCOMPtr<nsIClipboard> clipboard(do_GetService(kCClipboardCID, &rv));
+ if (NS_FAILED(rv)) {
+ aResolver(rv);
+ return IPC_OK();
+ }
+
+ auto callback = MakeRefPtr<ClipboardGetCallback>(this, std::move(aResolver));
+ rv = clipboard->AsyncGetData(aTypes, aWhichClipboard, requestingWindow,
+ aRequestingPrincipal, callback);
+ if (NS_FAILED(rv)) {
+ callback->OnError(rv);
+ return IPC_OK();
+ }
+
+ return IPC_OK();
+}
+
+already_AddRefed<PClipboardWriteRequestParent>
+ContentParent::AllocPClipboardWriteRequestParent(
+ const int32_t& aClipboardType) {
+ RefPtr<ClipboardWriteRequestParent> request =
+ MakeAndAddRef<ClipboardWriteRequestParent>(this);
+ request->Init(aClipboardType);
+ return request.forget();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvGetIconForExtension(
+ const nsACString& aFileExt, const uint32_t& aIconSize,
+ nsTArray<uint8_t>* bits) {
+#ifdef MOZ_WIDGET_ANDROID
+ NS_ASSERTION(AndroidBridge::Bridge() != nullptr,
+ "AndroidBridge is not available");
+ if (AndroidBridge::Bridge() == nullptr) {
+ // Do not fail - just no icon will be shown
+ return IPC_OK();
+ }
+
+ bits->AppendElements(aIconSize * aIconSize * 4);
+
+ AndroidBridge::Bridge()->GetIconForExtension(aFileExt, aIconSize,
+ bits->Elements());
+#endif
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvFirstIdle() {
+ // When the ContentChild goes idle, it sends us a FirstIdle message
+ // which we use as a good time to signal the PreallocatedProcessManager
+ // that it can start allocating processes from now on.
+ if (mIsAPreallocBlocker) {
+ MOZ_LOG(
+ ContentParent::GetLog(), LogLevel::Verbose,
+ ("RecvFirstIdle %p: Removing Blocker for %s", this, mRemoteType.get()));
+ PreallocatedProcessManager::RemoveBlocker(mRemoteType, this);
+ mIsAPreallocBlocker = false;
+ }
+ return IPC_OK();
+}
+
+already_AddRefed<nsDocShellLoadState> ContentParent::TakePendingLoadStateForId(
+ uint64_t aLoadIdentifier) {
+ return mPendingLoadStates.Extract(aLoadIdentifier).valueOr(nullptr).forget();
+}
+
+void ContentParent::StorePendingLoadState(nsDocShellLoadState* aLoadState) {
+ MOZ_DIAGNOSTIC_ASSERT(
+ !mPendingLoadStates.Contains(aLoadState->GetLoadIdentifier()),
+ "The same nsDocShellLoadState was sent to the same content process "
+ "twice? This will mess with cross-process tracking of loads");
+ mPendingLoadStates.InsertOrUpdate(aLoadState->GetLoadIdentifier(),
+ aLoadState);
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCleanupPendingLoadState(
+ uint64_t aLoadIdentifier) {
+ mPendingLoadStates.Remove(aLoadIdentifier);
+ return IPC_OK();
+}
+
+// We want ContentParent to show up in CC logs for debugging purposes, but we
+// don't actually cycle collect it.
+NS_IMPL_CYCLE_COLLECTION_0(ContentParent)
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(ContentParent)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(ContentParent)
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(ContentParent)
+ NS_INTERFACE_MAP_ENTRY_CONCRETE(ContentParent)
+ NS_INTERFACE_MAP_ENTRY(nsIDOMProcessParent)
+ NS_INTERFACE_MAP_ENTRY(nsIObserver)
+ NS_INTERFACE_MAP_ENTRY(nsIDOMGeoPositionCallback)
+ NS_INTERFACE_MAP_ENTRY(nsIDOMGeoPositionErrorCallback)
+ NS_INTERFACE_MAP_ENTRY(nsIAsyncShutdownBlocker)
+ NS_INTERFACE_MAP_ENTRY(nsIInterfaceRequestor)
+ NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIDOMProcessParent)
+NS_INTERFACE_MAP_END
+
+class RequestContentJSInterruptRunnable final : public Runnable {
+ public:
+ explicit RequestContentJSInterruptRunnable(PProcessHangMonitorParent* aActor)
+ : Runnable("dom::RequestContentJSInterruptRunnable"),
+ mHangMonitorActor(aActor) {}
+
+ NS_IMETHOD Run() override {
+ MOZ_ASSERT(mHangMonitorActor);
+ Unused << mHangMonitorActor->SendRequestContentJSInterrupt();
+
+ return NS_OK;
+ }
+
+ private:
+ // The end-of-life of ContentParent::mHangMonitorActor is bound to
+ // ContentParent::ActorDestroy and then HangMonitorParent::Shutdown
+ // dispatches a shutdown runnable to this queue and waits for it to be
+ // executed. So the runnable needs not to care about keeping it alive,
+ // as it is surely dispatched earlier than the
+ // HangMonitorParent::ShutdownOnThread.
+ RefPtr<PProcessHangMonitorParent> mHangMonitorActor;
+};
+
+void ContentParent::SignalImpendingShutdownToContentJS() {
+ if (!mIsSignaledImpendingShutdown &&
+ !AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdown)) {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "BlockShutdown: NotifyImpendingShutdown.", __FILE__, __LINE__);
+ NotifyImpendingShutdown();
+ mIsSignaledImpendingShutdown = true;
+ if (mHangMonitorActor &&
+ StaticPrefs::dom_abort_script_on_child_shutdown()) {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "BlockShutdown: RequestContentJSInterrupt.", __FILE__,
+ __LINE__);
+ RefPtr<RequestContentJSInterruptRunnable> r =
+ new RequestContentJSInterruptRunnable(mHangMonitorActor);
+ ProcessHangMonitor::Get()->Dispatch(r.forget());
+ }
+ }
+}
+
+// Async shutdown blocker
+NS_IMETHODIMP
+ContentParent::BlockShutdown(nsIAsyncShutdownClient* aClient) {
+ if (!AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdown)) {
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ mBlockShutdownCalled = true;
+#endif
+ // Our real shutdown has not yet started. Just notify the impending
+ // shutdown and eventually cancel content JS.
+ SignalImpendingShutdownToContentJS();
+ // This will make our process unusable for normal content, so we need to
+ // ensure we won't get re-used by GetUsedBrowserProcess as we have not yet
+ // done MarkAsDead.
+ PreallocatedProcessManager::Erase(this);
+ StopRecyclingE10SOnly(false);
+
+ if (sQuitApplicationGrantedClient) {
+ Unused << sQuitApplicationGrantedClient->RemoveBlocker(this);
+ }
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ mBlockShutdownCalled = false;
+#endif
+ return NS_OK;
+ }
+
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ // We register two final shutdown blockers and both would call us, but if
+ // things go well we will unregister both as (delayed) reaction to the first
+ // call we get and thus never receive a second call. Thus we believe that we
+ // will get called only once except for quit-application-granted, which is
+ // handled above.
+ MOZ_ASSERT(!mBlockShutdownCalled);
+ mBlockShutdownCalled = true;
+#endif
+
+ if (CanSend()) {
+ MaybeLogBlockShutdownDiagnostics(this, "BlockShutdown: CanSend.", __FILE__,
+ __LINE__);
+
+ // Make sure that our process will get scheduled.
+ ProcessPriorityManager::SetProcessPriority(this,
+ PROCESS_PRIORITY_FOREGROUND);
+ // The normal shutdown sequence is to send a shutdown message
+ // to the child and then just wait for ActorDestroy which will
+ // cleanup everything and remove our blockers.
+ if (!ShutDownProcess(SEND_SHUTDOWN_MESSAGE)) {
+ KillHard("Failed to send Shutdown message. Destroying the process...");
+ return NS_OK;
+ }
+ } else if (IsLaunching()) {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "BlockShutdown: !CanSend && IsLaunching.", __FILE__, __LINE__);
+
+ // If we get here while we are launching, we must wait for the child to
+ // be able to react on our commands. Mark this process as dead. This
+ // will make bail out LaunchSubprocessResolve and kick off the normal
+ // shutdown sequence.
+ MarkAsDead();
+ } else {
+ MOZ_ASSERT(IsDead());
+ if (!IsDead()) {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "BlockShutdown: !!! !CanSend && !IsLaunching && !IsDead !!!",
+ __FILE__, __LINE__);
+ } else {
+ MaybeLogBlockShutdownDiagnostics(
+ this, "BlockShutdown: !CanSend && !IsLaunching && IsDead.", __FILE__,
+ __LINE__);
+ }
+ // Nothing left we can do. We must assume that we race with an ongoing
+ // process shutdown, such that we can expect our shutdown blockers to be
+ // removed normally.
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentParent::GetName(nsAString& aName) {
+ aName.AssignLiteral("ContentParent:");
+ aName.AppendPrintf(" id=%p", this);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentParent::GetState(nsIPropertyBag** aResult) {
+ auto props = MakeRefPtr<nsHashPropertyBag>();
+ props->SetPropertyAsACString(u"remoteTypePrefix"_ns,
+ RemoteTypePrefix(mRemoteType));
+ *aResult = props.forget().downcast<nsIWritablePropertyBag>().take();
+ return NS_OK;
+}
+
+static void InitShutdownClients() {
+ if (!sXPCOMShutdownClient) {
+ nsresult rv;
+ nsCOMPtr<nsIAsyncShutdownService> svc = services::GetAsyncShutdownService();
+ if (!svc) {
+ return;
+ }
+
+ nsCOMPtr<nsIAsyncShutdownClient> client;
+ // TODO: It seems as if getPhase from AsyncShutdown.sys.mjs does not check
+ // if we are beyond our phase already. See bug 1762840.
+ if (!AppShutdown::IsInOrBeyond(ShutdownPhase::XPCOMWillShutdown)) {
+ rv = svc->GetXpcomWillShutdown(getter_AddRefs(client));
+ if (NS_SUCCEEDED(rv)) {
+ sXPCOMShutdownClient = client.forget();
+ ClearOnShutdown(&sXPCOMShutdownClient);
+ }
+ }
+ if (!AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdown)) {
+ rv = svc->GetProfileBeforeChange(getter_AddRefs(client));
+ if (NS_SUCCEEDED(rv)) {
+ sProfileBeforeChangeClient = client.forget();
+ ClearOnShutdown(&sProfileBeforeChangeClient);
+ }
+ }
+ // TODO: ShutdownPhase::AppShutdownConfirmed is not mapping to
+ // QuitApplicationGranted, see bug 1762840 comment 4.
+ if (!AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+ rv = svc->GetQuitApplicationGranted(getter_AddRefs(client));
+ if (NS_SUCCEEDED(rv)) {
+ sQuitApplicationGrantedClient = client.forget();
+ ClearOnShutdown(&sQuitApplicationGrantedClient);
+ }
+ }
+ }
+}
+
+void ContentParent::AddShutdownBlockers() {
+ InitShutdownClients();
+ MOZ_ASSERT(sXPCOMShutdownClient);
+ MOZ_ASSERT(sProfileBeforeChangeClient);
+
+ if (sXPCOMShutdownClient) {
+ sXPCOMShutdownClient->AddBlocker(
+ this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__), __LINE__, u""_ns);
+ }
+ if (sProfileBeforeChangeClient) {
+ sProfileBeforeChangeClient->AddBlocker(
+ this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__), __LINE__, u""_ns);
+ }
+ if (sQuitApplicationGrantedClient) {
+ sQuitApplicationGrantedClient->AddBlocker(
+ this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__), __LINE__, u""_ns);
+ }
+}
+
+void ContentParent::RemoveShutdownBlockers() {
+ MOZ_ASSERT(sXPCOMShutdownClient);
+ MOZ_ASSERT(sProfileBeforeChangeClient);
+
+ MaybeLogBlockShutdownDiagnostics(this, "RemoveShutdownBlockers", __FILE__,
+ __LINE__);
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ mBlockShutdownCalled = false;
+#endif
+
+ if (sXPCOMShutdownClient) {
+ Unused << sXPCOMShutdownClient->RemoveBlocker(this);
+ }
+ if (sProfileBeforeChangeClient) {
+ Unused << sProfileBeforeChangeClient->RemoveBlocker(this);
+ }
+ if (sQuitApplicationGrantedClient) {
+ Unused << sQuitApplicationGrantedClient->RemoveBlocker(this);
+ }
+}
+
+NS_IMETHODIMP
+ContentParent::Observe(nsISupports* aSubject, const char* aTopic,
+ const char16_t* aData) {
+ if (IsDead() || !mSubprocess) {
+ return NS_OK;
+ }
+
+ if (!strcmp(aTopic, "nsPref:changed")) {
+ // We know prefs are ASCII here.
+ NS_LossyConvertUTF16toASCII strData(aData);
+
+ Pref pref(strData, /* isLocked */ false,
+ /* isSanitized */ false, Nothing(), Nothing());
+
+ Preferences::GetPreference(&pref, GeckoProcessType_Content,
+ GetRemoteType());
+
+ // This check is a bit of a hack. We want to avoid sending excessive
+ // preference updates to subprocesses for performance reasons, but we
+ // currently don't have a great mechanism for doing so. (See Bug 1819714)
+ // We're going to hijack the sanitization mechanism to accomplish our goal
+ // but it imposes the following complications:
+ // 1) It doesn't avoid sending anything to other (non-web-content)
+ // subprocesses so we're not getting any perf gains there
+ // 2) It confuses the subprocesses w.r.t. sanitization. The point of
+ // sending a preference update of a sanitized preference is so that
+ // content process knows when it's asked to resolve a sanitized
+ // preference, and it can send telemetry and/or crash. With this
+ // change, a sanitized pref that is created during the browser session
+ // will not be sent to the content process, and therefore the content
+ // process won't know it should telemetry/crash on access - it'll just
+ // silently fail to resolve it. After browser restart, the sanitized
+ // pref will be populated into the content process via the shared pref
+ // map and _then_ if it is accessed, the content process will crash.
+ // We're seeing good telemetry/crash rates right now, so we're okay with
+ // this limitation.
+ if (pref.isSanitized()) {
+ return NS_OK;
+ }
+
+ if (IsInitialized()) {
+ MOZ_ASSERT(mQueuedPrefs.IsEmpty());
+ if (!SendPreferenceUpdate(pref)) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ } else {
+ MOZ_ASSERT(!IsDead());
+ mQueuedPrefs.AppendElement(pref);
+ }
+
+ return NS_OK;
+ }
+
+ if (!IsAlive()) {
+ return NS_OK;
+ }
+
+ // listening for memory pressure event
+ if (!strcmp(aTopic, "memory-pressure")) {
+ Unused << SendFlushMemory(nsDependentString(aData));
+ } else if (!strcmp(aTopic, "application-background")) {
+ Unused << SendApplicationBackground();
+ } else if (!strcmp(aTopic, "application-foreground")) {
+ Unused << SendApplicationForeground();
+ } else if (!strcmp(aTopic, NS_IPC_IOSERVICE_SET_OFFLINE_TOPIC)) {
+ NS_ConvertUTF16toUTF8 dataStr(aData);
+ const char* offline = dataStr.get();
+ if (!SendSetOffline(!strcmp(offline, "true"))) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ } else if (!strcmp(aTopic, NS_IPC_IOSERVICE_SET_CONNECTIVITY_TOPIC)) {
+ if (!SendSetConnectivity(u"true"_ns.Equals(aData))) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ } else if (!strcmp(aTopic, NS_IPC_CAPTIVE_PORTAL_SET_STATE)) {
+ nsCOMPtr<nsICaptivePortalService> cps = do_QueryInterface(aSubject);
+ MOZ_ASSERT(cps, "Should QI to a captive portal service");
+ if (!cps) {
+ return NS_ERROR_FAILURE;
+ }
+ int32_t state;
+ cps->GetState(&state);
+ if (!SendSetCaptivePortalState(state)) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ }
+ // listening for alert notifications
+ else if (!strcmp(aTopic, "alertfinished") ||
+ !strcmp(aTopic, "alertclickcallback") ||
+ !strcmp(aTopic, "alertshow") ||
+ !strcmp(aTopic, "alertdisablecallback") ||
+ !strcmp(aTopic, "alertsettingscallback")) {
+ if (!SendNotifyAlertsObserver(nsDependentCString(aTopic),
+ nsDependentString(aData)))
+ return NS_ERROR_NOT_AVAILABLE;
+ } else if (!strcmp(aTopic, "child-gc-request")) {
+ Unused << SendGarbageCollect();
+ } else if (!strcmp(aTopic, "child-cc-request")) {
+ Unused << SendCycleCollect();
+ } else if (!strcmp(aTopic, "child-mmu-request")) {
+ Unused << SendMinimizeMemoryUsage();
+ } else if (!strcmp(aTopic, "child-ghost-request")) {
+ Unused << SendUnlinkGhosts();
+ } else if (!strcmp(aTopic, "last-pb-context-exited")) {
+ Unused << SendLastPrivateDocShellDestroyed();
+ }
+#ifdef ACCESSIBILITY
+ else if (aData && !strcmp(aTopic, "a11y-init-or-shutdown")) {
+ if (*aData == '1') {
+ // Make sure accessibility is running in content process when
+ // accessibility gets initiated in chrome process.
+ Unused << SendActivateA11y();
+ } else {
+ // If possible, shut down accessibility in content process when
+ // accessibility gets shutdown in chrome process.
+ Unused << SendShutdownA11y();
+ }
+ }
+#endif
+ else if (!strcmp(aTopic, "cacheservice:empty-cache")) {
+ Unused << SendNotifyEmptyHTTPCache();
+ } else if (!strcmp(aTopic, "intl:app-locales-changed")) {
+ nsTArray<nsCString> appLocales;
+ LocaleService::GetInstance()->GetAppLocalesAsBCP47(appLocales);
+ Unused << SendUpdateAppLocales(appLocales);
+ } else if (!strcmp(aTopic, "intl:requested-locales-changed")) {
+ nsTArray<nsCString> requestedLocales;
+ LocaleService::GetInstance()->GetRequestedLocales(requestedLocales);
+ Unused << SendUpdateRequestedLocales(requestedLocales);
+ } else if (!strcmp(aTopic, "cookie-changed") ||
+ !strcmp(aTopic, "private-cookie-changed")) {
+ MOZ_ASSERT(aSubject, "cookie changed notification must have subject.");
+ nsCOMPtr<nsICookieNotification> notification = do_QueryInterface(aSubject);
+ MOZ_ASSERT(notification,
+ "cookie changed notification must have nsICookieNotification.");
+ nsICookieNotification::Action action = notification->GetAction();
+
+ PNeckoParent* neckoParent = LoneManagedOrNullAsserts(ManagedPNeckoParent());
+ if (!neckoParent) {
+ return NS_OK;
+ }
+ PCookieServiceParent* csParent =
+ LoneManagedOrNullAsserts(neckoParent->ManagedPCookieServiceParent());
+ if (!csParent) {
+ return NS_OK;
+ }
+ auto* cs = static_cast<CookieServiceParent*>(csParent);
+ if (action == nsICookieNotification::COOKIES_BATCH_DELETED) {
+ nsCOMPtr<nsIArray> cookieList;
+ DebugOnly<nsresult> rv =
+ notification->GetBatchDeletedCookies(getter_AddRefs(cookieList));
+ NS_ASSERTION(NS_SUCCEEDED(rv) && cookieList, "couldn't get cookie list");
+ cs->RemoveBatchDeletedCookies(cookieList);
+ return NS_OK;
+ }
+
+ if (action == nsICookieNotification::ALL_COOKIES_CLEARED) {
+ cs->RemoveAll();
+ return NS_OK;
+ }
+
+ // Do not push these cookie updates to the same process they originated
+ // from.
+ if (cs->ProcessingCookie()) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsICookie> xpcCookie;
+ DebugOnly<nsresult> rv = notification->GetCookie(getter_AddRefs(xpcCookie));
+ NS_ASSERTION(NS_SUCCEEDED(rv) && xpcCookie, "couldn't get cookie");
+
+ // only broadcast the cookie change to content processes that need it
+ const Cookie& cookie = xpcCookie->AsCookie();
+
+ // do not send cookie if content process does not have similar cookie
+ if (!cs->ContentProcessHasCookie(cookie)) {
+ return NS_OK;
+ }
+
+ if (action == nsICookieNotification::COOKIE_DELETED) {
+ cs->RemoveCookie(cookie);
+ } else if (action == nsICookieNotification::COOKIE_ADDED ||
+ action == nsICookieNotification::COOKIE_CHANGED) {
+ cs->AddCookie(cookie);
+ }
+ } else if (!strcmp(aTopic, NS_NETWORK_LINK_TYPE_TOPIC)) {
+ UpdateNetworkLinkType();
+ } else if (!strcmp(aTopic, "network:socket-process-crashed")) {
+ Unused << SendSocketProcessCrashed();
+ } else if (!strcmp(aTopic, DEFAULT_TIMEZONE_CHANGED_OBSERVER_TOPIC)) {
+ Unused << SendSystemTimezoneChanged();
+ } else if (!strcmp(aTopic, NS_NETWORK_TRR_MODE_CHANGED_TOPIC)) {
+ nsCOMPtr<nsIDNSService> dns = do_GetService(NS_DNSSERVICE_CONTRACTID);
+ nsIDNSService::ResolverMode mode;
+ dns->GetCurrentTrrMode(&mode);
+ Unused << SendSetTRRMode(mode, static_cast<nsIDNSService::ResolverMode>(
+ StaticPrefs::network_trr_mode()));
+ }
+
+ return NS_OK;
+}
+
+void ContentParent::UpdateNetworkLinkType() {
+ nsresult rv;
+ nsCOMPtr<nsINetworkLinkService> nls =
+ do_GetService(NS_NETWORK_LINK_SERVICE_CONTRACTID, &rv);
+ if (NS_FAILED(rv)) {
+ return;
+ }
+
+ uint32_t linkType = nsINetworkLinkService::LINK_TYPE_UNKNOWN;
+ rv = nls->GetLinkType(&linkType);
+ if (NS_FAILED(rv)) {
+ return;
+ }
+
+ Unused << SendNetworkLinkTypeChange(linkType);
+}
+
+NS_IMETHODIMP
+ContentParent::GetInterface(const nsIID& aIID, void** aResult) {
+ NS_ENSURE_ARG_POINTER(aResult);
+
+ if (aIID.Equals(NS_GET_IID(nsIMessageSender))) {
+ nsCOMPtr<nsIMessageSender> mm = GetMessageManager();
+ mm.forget(aResult);
+ return NS_OK;
+ }
+
+ return NS_NOINTERFACE;
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvInitBackground(
+ Endpoint<PBackgroundStarterParent>&& aEndpoint) {
+ if (!BackgroundParent::AllocStarter(this, std::move(aEndpoint))) {
+ NS_WARNING("BackgroundParent::Alloc failed");
+ }
+
+ return IPC_OK();
+}
+
+bool ContentParent::CanOpenBrowser(const IPCTabContext& aContext) {
+ // (PopupIPCTabContext lets the child process prove that it has access to
+ // the app it's trying to open.)
+ // On e10s we also allow UnsafeTabContext to allow service workers to open
+ // windows. This is enforced in MaybeInvalidTabContext.
+ if (aContext.type() != IPCTabContext::TPopupIPCTabContext) {
+ MOZ_CRASH_UNLESS_FUZZING(
+ "Unexpected IPCTabContext type. Aborting AllocPBrowserParent.");
+ return false;
+ }
+
+ if (aContext.type() == IPCTabContext::TPopupIPCTabContext) {
+ const PopupIPCTabContext& popupContext = aContext.get_PopupIPCTabContext();
+
+ auto opener = BrowserParent::GetFrom(popupContext.opener().AsParent());
+ if (!opener) {
+ MOZ_CRASH_UNLESS_FUZZING(
+ "Got null opener from child; aborting AllocPBrowserParent.");
+ return false;
+ }
+ }
+
+ MaybeInvalidTabContext tc(aContext);
+ if (!tc.IsValid()) {
+ NS_ERROR(nsPrintfCString("Child passed us an invalid TabContext. (%s) "
+ "Aborting AllocPBrowserParent.",
+ tc.GetInvalidReason())
+ .get());
+ return false;
+ }
+
+ return true;
+}
+
+static bool CloneIsLegal(ContentParent* aCp, CanonicalBrowsingContext& aSource,
+ CanonicalBrowsingContext& aTarget) {
+ // Source and target must be in the same BCG
+ if (NS_WARN_IF(aSource.Group() != aTarget.Group())) {
+ return false;
+ }
+ // The source and target must be in different toplevel <browser>s
+ if (NS_WARN_IF(aSource.Top() == aTarget.Top())) {
+ return false;
+ }
+
+ // Neither source nor target must be toplevel.
+ if (NS_WARN_IF(aSource.IsTop()) || NS_WARN_IF(aTarget.IsTop())) {
+ return false;
+ }
+
+ // Both should be embedded by the same process.
+ auto* sourceEmbedder = aSource.GetParentWindowContext();
+ if (NS_WARN_IF(!sourceEmbedder) ||
+ NS_WARN_IF(sourceEmbedder->GetContentParent() != aCp)) {
+ return false;
+ }
+
+ auto* targetEmbedder = aTarget.GetParentWindowContext();
+ if (NS_WARN_IF(!targetEmbedder) ||
+ NS_WARN_IF(targetEmbedder->GetContentParent() != aCp)) {
+ return false;
+ }
+
+ // All seems sane.
+ return true;
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCloneDocumentTreeInto(
+ const MaybeDiscarded<BrowsingContext>& aSource,
+ const MaybeDiscarded<BrowsingContext>& aTarget, PrintData&& aPrintData) {
+ if (aSource.IsNullOrDiscarded() || aTarget.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ if (AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed)) {
+ // All existing processes have potentially been slated for removal already,
+ // such that any subsequent call to GetNewOrUsedLaunchingBrowserProcess
+ // (normally supposed to find an existing process here) will try to create
+ // a new process (but fail) that nobody would ever really use. Let's avoid
+ // this together with the expensive CloneDocumentTreeInto operation.
+ return IPC_OK();
+ }
+
+ auto* source = aSource.get_canonical();
+ auto* target = aTarget.get_canonical();
+
+ if (!CloneIsLegal(this, *source, *target)) {
+ return IPC_FAIL(this, "Illegal subframe clone");
+ }
+
+ ContentParent* cp = source->GetContentParent();
+ if (NS_WARN_IF(!cp)) {
+ return IPC_OK();
+ }
+
+ if (NS_WARN_IF(cp->GetRemoteType() == GetRemoteType())) {
+ // Wanted to switch to a target browsing context that's already local again.
+ // See bug 1676996 for how this can happen.
+ //
+ // Dropping the switch on the floor seems fine for this case, though we
+ // could also try to clone the local document.
+ //
+ // If the remote type matches & it's in the same group (which was confirmed
+ // by CloneIsLegal), it must be the exact same process.
+ MOZ_DIAGNOSTIC_ASSERT(cp == this);
+ return IPC_OK();
+ }
+
+ target->CloneDocumentTreeInto(source, cp->GetRemoteType(),
+ std::move(aPrintData));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvUpdateRemotePrintSettings(
+ const MaybeDiscarded<BrowsingContext>& aTarget, PrintData&& aPrintData) {
+ if (aTarget.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ auto* target = aTarget.get_canonical();
+ auto* bp = target->GetBrowserParent();
+ if (NS_WARN_IF(!bp)) {
+ return IPC_OK();
+ }
+
+ Unused << bp->SendUpdateRemotePrintSettings(std::move(aPrintData));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvConstructPopupBrowser(
+ ManagedEndpoint<PBrowserParent>&& aBrowserEp,
+ ManagedEndpoint<PWindowGlobalParent>&& aWindowEp, const TabId& aTabId,
+ const IPCTabContext& aContext, const WindowGlobalInit& aInitialWindowInit,
+ const uint32_t& aChromeFlags) {
+ MOZ_ASSERT(XRE_IsParentProcess());
+
+ if (!CanOpenBrowser(aContext)) {
+ return IPC_FAIL(this, "CanOpenBrowser Failed");
+ }
+
+ RefPtr<CanonicalBrowsingContext> browsingContext =
+ CanonicalBrowsingContext::Get(
+ aInitialWindowInit.context().mBrowsingContextId);
+ if (!browsingContext || browsingContext->IsDiscarded()) {
+ return IPC_FAIL(this, "Null or discarded initial BrowsingContext");
+ }
+ if (!aInitialWindowInit.principal()) {
+ return IPC_FAIL(this, "Cannot create without valid initial principal");
+ }
+
+ if (!ValidatePrincipal(aInitialWindowInit.principal())) {
+ LogAndAssertFailedPrincipalValidationInfo(aInitialWindowInit.principal(),
+ __func__);
+ }
+
+ if (browsingContext->GetBrowserParent()) {
+ return IPC_FAIL(this, "BrowsingContext already has a BrowserParent");
+ }
+
+ uint32_t chromeFlags = aChromeFlags;
+ TabId openerTabId(0);
+ ContentParentId openerCpId(0);
+ if (aContext.type() == IPCTabContext::TPopupIPCTabContext) {
+ // CanOpenBrowser has ensured that the IPCTabContext is of
+ // type PopupIPCTabContext, and that the opener BrowserParent is
+ // reachable.
+ const PopupIPCTabContext& popupContext = aContext.get_PopupIPCTabContext();
+ auto opener = BrowserParent::GetFrom(popupContext.opener().AsParent());
+ openerTabId = opener->GetTabId();
+ openerCpId = opener->Manager()->ChildID();
+
+ // We must ensure that the private browsing and remoteness flags
+ // match those of the opener.
+ nsCOMPtr<nsILoadContext> loadContext = opener->GetLoadContext();
+ if (!loadContext) {
+ return IPC_FAIL(this, "Missing Opener LoadContext");
+ }
+ if (loadContext->UsePrivateBrowsing()) {
+ chromeFlags |= nsIWebBrowserChrome::CHROME_PRIVATE_WINDOW;
+ }
+ if (loadContext->UseRemoteSubframes()) {
+ chromeFlags |= nsIWebBrowserChrome::CHROME_FISSION_WINDOW;
+ }
+ }
+
+ // And because we're allocating a remote browser, of course the
+ // window is remote.
+ chromeFlags |= nsIWebBrowserChrome::CHROME_REMOTE_WINDOW;
+
+ if (NS_WARN_IF(!browsingContext->IsOwnedByProcess(ChildID()))) {
+ return IPC_FAIL(this, "BrowsingContext Owned by Incorrect Process!");
+ }
+
+ MaybeInvalidTabContext tc(aContext);
+ MOZ_ASSERT(tc.IsValid());
+
+ RefPtr<WindowGlobalParent> initialWindow =
+ WindowGlobalParent::CreateDisconnected(aInitialWindowInit);
+ if (!initialWindow) {
+ return IPC_FAIL(this, "Failed to create WindowGlobalParent");
+ }
+
+ auto parent = MakeRefPtr<BrowserParent>(this, aTabId, tc.GetTabContext(),
+ browsingContext, chromeFlags);
+
+ // Bind the created BrowserParent to IPC to actually link the actor.
+ if (NS_WARN_IF(!BindPBrowserEndpoint(std::move(aBrowserEp), parent))) {
+ return IPC_FAIL(this, "BindPBrowserEndpoint failed");
+ }
+
+ // XXX: Why are we checking these requirements? It seems we should register
+ // the created frame unconditionally?
+ if (openerTabId > 0) {
+ // The creation of PBrowser was triggered from content process through
+ // window.open().
+ // We need to register remote frame with the child generated tab id.
+ auto* cpm = ContentProcessManager::GetSingleton();
+ if (!cpm || !cpm->RegisterRemoteFrame(parent)) {
+ return IPC_FAIL(this, "RegisterRemoteFrame Failed");
+ }
+ }
+
+ if (NS_WARN_IF(!parent->BindPWindowGlobalEndpoint(std::move(aWindowEp),
+ initialWindow))) {
+ return IPC_FAIL(this, "BindPWindowGlobalEndpoint failed");
+ }
+
+ browsingContext->SetCurrentBrowserParent(parent);
+
+ initialWindow->Init();
+
+ // When enabling input event prioritization, input events may preempt other
+ // normal priority IPC messages. To prevent the input events preempt
+ // PBrowserConstructor, we use an IPC 'RemoteIsReadyToHandleInputEvents' to
+ // notify parent that BrowserChild is created. In this case, PBrowser is
+ // initiated from content so that we can set BrowserParent as ready to handle
+ // input
+ parent->SetReadyToHandleInputEvents();
+ return IPC_OK();
+}
+
+mozilla::PRemoteSpellcheckEngineParent*
+ContentParent::AllocPRemoteSpellcheckEngineParent() {
+ mozilla::RemoteSpellcheckEngineParent* parent =
+ new mozilla::RemoteSpellcheckEngineParent();
+ return parent;
+}
+
+bool ContentParent::DeallocPRemoteSpellcheckEngineParent(
+ PRemoteSpellcheckEngineParent* parent) {
+ delete parent;
+ return true;
+}
+
+/* static */
+void ContentParent::SendShutdownTimerCallback(nsITimer* aTimer,
+ void* aClosure) {
+ auto* self = static_cast<ContentParent*>(aClosure);
+ self->AsyncSendShutDownMessage();
+}
+
+/* static */
+void ContentParent::ForceKillTimerCallback(nsITimer* aTimer, void* aClosure) {
+ // We don't want to time out the content process during XPCShell tests. This
+ // is the easiest way to ensure that.
+ if (PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR")) {
+ return;
+ }
+
+ auto* self = static_cast<ContentParent*>(aClosure);
+ self->KillHard("ShutDownKill");
+}
+
+void ContentParent::GeneratePairedMinidump(const char* aReason) {
+ // We're about to kill the child process associated with this content.
+ // Something has gone wrong to get us here, so we generate a minidump
+ // of the parent and child for submission to the crash server unless we're
+ // already shutting down.
+ if (mCrashReporter &&
+ !AppShutdown::IsInOrBeyond(ShutdownPhase::AppShutdownConfirmed) &&
+ StaticPrefs::dom_ipc_tabs_createKillHardCrashReports_AtStartup()) {
+ // GeneratePairedMinidump creates two minidumps for us - the main
+ // one is for the content process we're about to kill, and the other
+ // one is for the main browser process. That second one is the extra
+ // minidump tagging along, so we have to tell the crash reporter that
+ // it exists and is being appended.
+ nsAutoCString additionalDumps("browser");
+ mCrashReporter->AddAnnotation(
+ CrashReporter::Annotation::additional_minidumps, additionalDumps);
+ nsDependentCString reason(aReason);
+ mCrashReporter->AddAnnotation(CrashReporter::Annotation::ipc_channel_error,
+ reason);
+
+ // Generate the report and insert into the queue for submittal.
+ if (mCrashReporter->GenerateMinidumpAndPair(this, "browser"_ns)) {
+ mCrashReporter->FinalizeCrashReport();
+ mCreatedPairedMinidumps = true;
+ }
+ }
+}
+
+void ContentParent::HandleOrphanedMinidump(nsString* aDumpId) {
+ if (CrashReporter::FinalizeOrphanedMinidump(
+ OtherPid(), GeckoProcessType_Content, aDumpId)) {
+ CrashReporterHost::RecordCrash(GeckoProcessType_Content,
+ nsICrashService::CRASH_TYPE_CRASH, *aDumpId);
+ } else {
+ NS_WARNING(nsPrintfCString("content process pid = %" PRIPID
+ " crashed without leaving a minidump behind",
+ OtherPid())
+ .get());
+ }
+}
+
+// WARNING: aReason appears in telemetry, so any new value passed in requires
+// data review.
+void ContentParent::KillHard(const char* aReason) {
+ AUTO_PROFILER_LABEL("ContentParent::KillHard", OTHER);
+
+ // On Windows, calling KillHard multiple times causes problems - the
+ // process handle becomes invalid on the first call, causing a second call
+ // to crash our process - more details in bug 890840.
+ if (mCalledKillHard) {
+ return;
+ }
+ mCalledKillHard = true;
+ if (mSendShutdownTimer) {
+ mSendShutdownTimer->Cancel();
+ mSendShutdownTimer = nullptr;
+ }
+ if (mForceKillTimer) {
+ mForceKillTimer->Cancel();
+ mForceKillTimer = nullptr;
+ }
+
+ RemoveShutdownBlockers();
+ nsCString reason = nsDependentCString(aReason);
+
+ // If we find mIsNotifiedShutdownSuccess there is no reason to blame this
+ // content process, most probably our parent process is just slow in
+ // processing its own main thread queue.
+ if (!mIsNotifiedShutdownSuccess) {
+ GeneratePairedMinidump(aReason);
+ } else {
+ reason = nsDependentCString("KillHard after IsNotifiedShutdownSuccess.");
+ }
+ Telemetry::Accumulate(Telemetry::SUBPROCESS_KILL_HARD, reason, 1);
+
+ ProcessHandle otherProcessHandle;
+ if (!base::OpenProcessHandle(OtherPid(), &otherProcessHandle)) {
+ NS_ERROR("Failed to open child process when attempting kill.");
+ if (CanSend()) {
+ GetIPCChannel()->InduceConnectionError();
+ }
+ return;
+ }
+
+ if (!KillProcess(otherProcessHandle, base::PROCESS_END_KILLED_BY_USER)) {
+ if (mCrashReporter) {
+ mCrashReporter->DeleteCrashReport();
+ }
+ NS_WARNING("failed to kill subprocess!");
+ }
+
+ if (mSubprocess) {
+ MOZ_LOG(
+ ContentParent::GetLog(), LogLevel::Verbose,
+ ("KillHard Subprocess(%s): ContentParent %p mSubprocess %p handle "
+ "%" PRIuPTR,
+ aReason, this, mSubprocess,
+ mSubprocess ? (uintptr_t)mSubprocess->GetChildProcessHandle() : -1));
+ mSubprocess->SetAlreadyDead();
+ }
+
+ // After we've killed the remote process, also ensure we induce a connection
+ // error in the IPC channel to immediately stop all IPC communication on this
+ // channel.
+ if (CanSend()) {
+ GetIPCChannel()->InduceConnectionError();
+ }
+
+ // EnsureProcessTerminated has responsibilty for closing otherProcessHandle.
+ XRE_GetIOMessageLoop()->PostTask(
+ NewRunnableFunction("EnsureProcessTerminatedRunnable",
+ &ProcessWatcher::EnsureProcessTerminated,
+ otherProcessHandle, /*force=*/true));
+}
+
+void ContentParent::FriendlyName(nsAString& aName, bool aAnonymize) {
+ aName.Truncate();
+ if (mIsForBrowser) {
+ aName.AssignLiteral("Browser");
+ } else if (aAnonymize) {
+ aName.AssignLiteral("<anonymized-name>");
+ } else {
+ aName.AssignLiteral("???");
+ }
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvInitCrashReporter(
+ const NativeThreadId& aThreadId) {
+ mCrashReporter =
+ MakeUnique<CrashReporterHost>(GeckoProcessType_Content, aThreadId);
+
+ return IPC_OK();
+}
+
+hal_sandbox::PHalParent* ContentParent::AllocPHalParent() {
+ return hal_sandbox::CreateHalParent();
+}
+
+bool ContentParent::DeallocPHalParent(hal_sandbox::PHalParent* aHal) {
+ delete aHal;
+ return true;
+}
+
+devtools::PHeapSnapshotTempFileHelperParent*
+ContentParent::AllocPHeapSnapshotTempFileHelperParent() {
+ return devtools::HeapSnapshotTempFileHelperParent::Create();
+}
+
+bool ContentParent::DeallocPHeapSnapshotTempFileHelperParent(
+ devtools::PHeapSnapshotTempFileHelperParent* aHeapSnapshotHelper) {
+ delete aHeapSnapshotHelper;
+ return true;
+}
+
+bool ContentParent::SendRequestMemoryReport(
+ const uint32_t& aGeneration, const bool& aAnonymize,
+ const bool& aMinimizeMemoryUsage, const Maybe<FileDescriptor>& aDMDFile) {
+ // This automatically cancels the previous request.
+ mMemoryReportRequest = MakeUnique<MemoryReportRequestHost>(aGeneration);
+ // If we run the callback in response to a reply, then by definition |this|
+ // is still alive, so the ref pointer is redundant, but it seems easier
+ // to hold a strong reference than to worry about that.
+ RefPtr<ContentParent> self(this);
+ PContentParent::SendRequestMemoryReport(
+ aGeneration, aAnonymize, aMinimizeMemoryUsage, aDMDFile,
+ [&, self](const uint32_t& aGeneration2) {
+ if (self->mMemoryReportRequest) {
+ self->mMemoryReportRequest->Finish(aGeneration2);
+ self->mMemoryReportRequest = nullptr;
+ }
+ },
+ [&, self](mozilla::ipc::ResponseRejectReason) {
+ self->mMemoryReportRequest = nullptr;
+ });
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAddMemoryReport(
+ const MemoryReport& aReport) {
+ if (mMemoryReportRequest) {
+ mMemoryReportRequest->RecvReport(aReport);
+ }
+ return IPC_OK();
+}
+
+PCycleCollectWithLogsParent* ContentParent::AllocPCycleCollectWithLogsParent(
+ const bool& aDumpAllTraces, const FileDescriptor& aGCLog,
+ const FileDescriptor& aCCLog) {
+ MOZ_CRASH("Don't call this; use ContentParent::CycleCollectWithLogs");
+}
+
+bool ContentParent::DeallocPCycleCollectWithLogsParent(
+ PCycleCollectWithLogsParent* aActor) {
+ delete aActor;
+ return true;
+}
+
+bool ContentParent::CycleCollectWithLogs(
+ bool aDumpAllTraces, nsICycleCollectorLogSink* aSink,
+ nsIDumpGCAndCCLogsCallback* aCallback) {
+ return CycleCollectWithLogsParent::AllocAndSendConstructor(
+ this, aDumpAllTraces, aSink, aCallback);
+}
+
+PScriptCacheParent* ContentParent::AllocPScriptCacheParent(
+ const FileDescOrError& cacheFile, const bool& wantCacheData) {
+ return new loader::ScriptCacheParent(wantCacheData);
+}
+
+bool ContentParent::DeallocPScriptCacheParent(PScriptCacheParent* cache) {
+ delete static_cast<loader::ScriptCacheParent*>(cache);
+ return true;
+}
+
+already_AddRefed<PNeckoParent> ContentParent::AllocPNeckoParent() {
+ RefPtr<NeckoParent> actor = new NeckoParent();
+ return actor.forget();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvInitStreamFilter(
+ const uint64_t& aChannelId, const nsAString& aAddonId,
+ InitStreamFilterResolver&& aResolver) {
+ extensions::StreamFilterParent::Create(this, aChannelId, aAddonId)
+ ->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [aResolver](mozilla::ipc::Endpoint<PStreamFilterChild>&& aEndpoint) {
+ aResolver(std::move(aEndpoint));
+ },
+ [aResolver](bool aDummy) {
+ aResolver(mozilla::ipc::Endpoint<PStreamFilterChild>());
+ });
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAddSecurityState(
+ const MaybeDiscarded<WindowContext>& aContext, uint32_t aStateFlags) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ aContext.get()->AddSecurityState(aStateFlags);
+ return IPC_OK();
+}
+
+already_AddRefed<PExternalHelperAppParent>
+ContentParent::AllocPExternalHelperAppParent(
+ nsIURI* uri, const mozilla::net::LoadInfoArgs& aLoadInfoArgs,
+ const nsACString& aMimeContentType, const nsACString& aContentDisposition,
+ const uint32_t& aContentDispositionHint,
+ const nsAString& aContentDispositionFilename, const bool& aForceSave,
+ const int64_t& aContentLength, const bool& aWasFileChannel,
+ nsIURI* aReferrer, const MaybeDiscarded<BrowsingContext>& aContext,
+ const bool& aShouldCloseWindow) {
+ RefPtr<ExternalHelperAppParent> parent = new ExternalHelperAppParent(
+ uri, aContentLength, aWasFileChannel, aContentDisposition,
+ aContentDispositionHint, aContentDispositionFilename);
+ return parent.forget();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvPExternalHelperAppConstructor(
+ PExternalHelperAppParent* actor, nsIURI* uri,
+ const LoadInfoArgs& loadInfoArgs, const nsACString& aMimeContentType,
+ const nsACString& aContentDisposition,
+ const uint32_t& aContentDispositionHint,
+ const nsAString& aContentDispositionFilename, const bool& aForceSave,
+ const int64_t& aContentLength, const bool& aWasFileChannel,
+ nsIURI* aReferrer, const MaybeDiscarded<BrowsingContext>& aContext,
+ const bool& aShouldCloseWindow) {
+ BrowsingContext* context = aContext.IsDiscarded() ? nullptr : aContext.get();
+ if (!static_cast<ExternalHelperAppParent*>(actor)->Init(
+ loadInfoArgs, aMimeContentType, aForceSave, aReferrer, context,
+ aShouldCloseWindow)) {
+ return IPC_FAIL(this, "Init failed.");
+ }
+ return IPC_OK();
+}
+
+already_AddRefed<PHandlerServiceParent>
+ContentParent::AllocPHandlerServiceParent() {
+ RefPtr<HandlerServiceParent> actor = new HandlerServiceParent();
+ return actor.forget();
+}
+
+media::PMediaParent* ContentParent::AllocPMediaParent() {
+ return media::AllocPMediaParent();
+}
+
+bool ContentParent::DeallocPMediaParent(media::PMediaParent* aActor) {
+ return media::DeallocPMediaParent(aActor);
+}
+
+PBenchmarkStorageParent* ContentParent::AllocPBenchmarkStorageParent() {
+ return new BenchmarkStorageParent;
+}
+
+bool ContentParent::DeallocPBenchmarkStorageParent(
+ PBenchmarkStorageParent* aActor) {
+ delete aActor;
+ return true;
+}
+
+#ifdef MOZ_WEBSPEECH
+already_AddRefed<PSpeechSynthesisParent>
+ContentParent::AllocPSpeechSynthesisParent() {
+ if (!StaticPrefs::media_webspeech_synth_enabled()) {
+ return nullptr;
+ }
+ RefPtr<SpeechSynthesisParent> actor = new SpeechSynthesisParent();
+ return actor.forget();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvPSpeechSynthesisConstructor(
+ PSpeechSynthesisParent* aActor) {
+ if (!static_cast<SpeechSynthesisParent*>(aActor)->SendInit()) {
+ return IPC_FAIL(this, "SpeechSynthesisParent::SendInit failed.");
+ }
+ return IPC_OK();
+}
+#endif
+
+mozilla::ipc::IPCResult ContentParent::RecvStartVisitedQueries(
+ const nsTArray<RefPtr<nsIURI>>& aUris) {
+ nsCOMPtr<IHistory> history = components::History::Service();
+ if (!history) {
+ return IPC_OK();
+ }
+ for (const auto& uri : aUris) {
+ if (NS_WARN_IF(!uri)) {
+ continue;
+ }
+ history->ScheduleVisitedQuery(uri, this);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetURITitle(nsIURI* uri,
+ const nsAString& title) {
+ if (!uri) {
+ return IPC_FAIL(this, "uri must not be null.");
+ }
+ nsCOMPtr<IHistory> history = components::History::Service();
+ if (history) {
+ history->SetURITitle(uri, title);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvIsSecureURI(
+ nsIURI* aURI, const OriginAttributes& aOriginAttributes,
+ bool* aIsSecureURI) {
+ nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
+ if (!sss) {
+ return IPC_FAIL(this, "Failed to get nsISiteSecurityService.");
+ }
+ if (!aURI) {
+ return IPC_FAIL(this, "aURI must not be null.");
+ }
+ nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, aIsSecureURI);
+ if (NS_FAILED(rv)) {
+ return IPC_FAIL(this, "IsSecureURI failed.");
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAccumulateMixedContentHSTS(
+ nsIURI* aURI, const bool& aActive,
+ const OriginAttributes& aOriginAttributes) {
+ if (!aURI) {
+ return IPC_FAIL(this, "aURI must not be null.");
+ }
+ nsMixedContentBlocker::AccumulateMixedContentHSTS(aURI, aActive,
+ aOriginAttributes);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvLoadURIExternal(
+ nsIURI* uri, nsIPrincipal* aTriggeringPrincipal,
+ nsIPrincipal* aRedirectPrincipal,
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ bool aWasExternallyTriggered, bool aHasValidUserGestureActivation) {
+ if (aContext.IsDiscarded()) {
+ return IPC_OK();
+ }
+
+ nsCOMPtr<nsIExternalProtocolService> extProtService(
+ do_GetService(NS_EXTERNALPROTOCOLSERVICE_CONTRACTID));
+ if (!extProtService) {
+ return IPC_OK();
+ }
+
+ if (!uri) {
+ return IPC_FAIL(this, "uri must not be null.");
+ }
+
+ BrowsingContext* bc = aContext.get();
+ extProtService->LoadURI(uri, aTriggeringPrincipal, aRedirectPrincipal, bc,
+ aWasExternallyTriggered,
+ aHasValidUserGestureActivation);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvExtProtocolChannelConnectParent(
+ const uint64_t& registrarId) {
+ nsresult rv;
+
+ // First get the real channel created before redirect on the parent.
+ nsCOMPtr<nsIChannel> channel;
+ rv = NS_LinkRedirectChannels(registrarId, nullptr, getter_AddRefs(channel));
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ nsCOMPtr<nsIParentChannel> parent = do_QueryInterface(channel, &rv);
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ // The channel itself is its own (faked) parent, link it.
+ rv = NS_LinkRedirectChannels(registrarId, parent, getter_AddRefs(channel));
+ NS_ENSURE_SUCCESS(rv, IPC_OK());
+
+ // Signal the parent channel that it's a redirect-to parent. This will
+ // make AsyncOpen on it do nothing (what we want).
+ // Yes, this is a bit of a hack, but I don't think it's necessary to invent
+ // a new interface just to set this flag on the channel.
+ parent->SetParentListener(nullptr);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvShowAlert(
+ nsIAlertNotification* aAlert) {
+ if (!aAlert) {
+ return IPC_FAIL(this, "aAlert must not be null.");
+ }
+ nsCOMPtr<nsIAlertsService> sysAlerts(components::Alerts::Service());
+ if (sysAlerts) {
+ sysAlerts->ShowAlert(aAlert, this);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCloseAlert(const nsAString& aName,
+ bool aContextClosed) {
+ nsCOMPtr<nsIAlertsService> sysAlerts(components::Alerts::Service());
+ if (sysAlerts) {
+ sysAlerts->CloseAlert(aName, aContextClosed);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvDisableNotifications(
+ nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ Unused << Notification::RemovePermission(aPrincipal);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvOpenNotificationSettings(
+ nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ Unused << Notification::OpenSettings(aPrincipal);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotificationEvent(
+ const nsAString& aType, const NotificationEventData& aData) {
+ nsCOMPtr<nsIServiceWorkerManager> swm =
+ mozilla::components::ServiceWorkerManager::Service();
+ if (NS_WARN_IF(!swm)) {
+ // Probably shouldn't happen, but no need to crash the child process.
+ return IPC_OK();
+ }
+
+ if (aType.EqualsLiteral("click")) {
+ nsresult rv = swm->SendNotificationClickEvent(
+ aData.originSuffix(), aData.scope(), aData.ID(), aData.title(),
+ aData.dir(), aData.lang(), aData.body(), aData.tag(), aData.icon(),
+ aData.data(), aData.behavior());
+ Unused << NS_WARN_IF(NS_FAILED(rv));
+ } else {
+ MOZ_ASSERT(aType.EqualsLiteral("close"));
+ nsresult rv = swm->SendNotificationCloseEvent(
+ aData.originSuffix(), aData.scope(), aData.ID(), aData.title(),
+ aData.dir(), aData.lang(), aData.body(), aData.tag(), aData.icon(),
+ aData.data(), aData.behavior());
+ Unused << NS_WARN_IF(NS_FAILED(rv));
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSyncMessage(
+ const nsAString& aMsg, const ClonedMessageData& aData,
+ nsTArray<StructuredCloneData>* aRetvals) {
+ AUTO_PROFILER_LABEL_DYNAMIC_LOSSY_NSSTRING("ContentParent::RecvSyncMessage",
+ OTHER, aMsg);
+ MMPrinter::Print("ContentParent::RecvSyncMessage", aMsg, aData);
+
+ RefPtr<nsFrameMessageManager> ppm = mMessageManager;
+ if (ppm) {
+ ipc::StructuredCloneData data;
+ ipc::UnpackClonedMessageData(aData, data);
+
+ ppm->ReceiveMessage(ppm, nullptr, aMsg, true, &data, aRetvals,
+ IgnoreErrors());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAsyncMessage(
+ const nsAString& aMsg, const ClonedMessageData& aData) {
+ AUTO_PROFILER_LABEL_DYNAMIC_LOSSY_NSSTRING("ContentParent::RecvAsyncMessage",
+ OTHER, aMsg);
+ MMPrinter::Print("ContentParent::RecvAsyncMessage", aMsg, aData);
+
+ RefPtr<nsFrameMessageManager> ppm = mMessageManager;
+ if (ppm) {
+ ipc::StructuredCloneData data;
+ ipc::UnpackClonedMessageData(aData, data);
+
+ ppm->ReceiveMessage(ppm, nullptr, aMsg, false, &data, nullptr,
+ IgnoreErrors());
+ }
+ return IPC_OK();
+}
+
+MOZ_CAN_RUN_SCRIPT
+static int32_t AddGeolocationListener(
+ nsIDOMGeoPositionCallback* watcher,
+ nsIDOMGeoPositionErrorCallback* errorCallBack, bool highAccuracy) {
+ RefPtr<Geolocation> geo = Geolocation::NonWindowSingleton();
+
+ UniquePtr<PositionOptions> options = MakeUnique<PositionOptions>();
+ options->mTimeout = 0;
+ options->mMaximumAge = 0;
+ options->mEnableHighAccuracy = highAccuracy;
+ return geo->WatchPosition(watcher, errorCallBack, std::move(options));
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAddGeolocationListener(
+ const bool& aHighAccuracy) {
+ // To ensure no geolocation updates are skipped, we always force the
+ // creation of a new listener.
+ RecvRemoveGeolocationListener();
+ mGeolocationWatchID = AddGeolocationListener(this, this, aHighAccuracy);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRemoveGeolocationListener() {
+ if (mGeolocationWatchID != -1) {
+ RefPtr<Geolocation> geo = Geolocation::NonWindowSingleton();
+ if (geo) {
+ geo->ClearWatch(mGeolocationWatchID);
+ }
+ mGeolocationWatchID = -1;
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetGeolocationHigherAccuracy(
+ const bool& aEnable) {
+ // This should never be called without a listener already present,
+ // so this check allows us to forgo securing privileges.
+ if (mGeolocationWatchID != -1) {
+ RecvRemoveGeolocationListener();
+ mGeolocationWatchID = AddGeolocationListener(this, this, aEnable);
+ }
+ return IPC_OK();
+}
+
+NS_IMETHODIMP
+ContentParent::HandleEvent(nsIDOMGeoPosition* postion) {
+ Unused << SendGeolocationUpdate(postion);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentParent::HandleEvent(GeolocationPositionError* positionError) {
+ Unused << SendGeolocationError(positionError->Code());
+ return NS_OK;
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvConsoleMessage(
+ const nsAString& aMessage) {
+ nsresult rv;
+ nsCOMPtr<nsIConsoleService> consoleService =
+ do_GetService(NS_CONSOLESERVICE_CONTRACTID, &rv);
+ if (NS_SUCCEEDED(rv)) {
+ RefPtr<nsConsoleMessage> msg(new nsConsoleMessage(aMessage));
+ msg->SetIsForwardedFromContentProcess(true);
+ consoleService->LogMessageWithMode(msg, nsIConsoleService::SuppressLog);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvReportFrameTimingData(
+ const LoadInfoArgs& loadInfoArgs, const nsAString& entryName,
+ const nsAString& initiatorType, UniquePtr<PerformanceTimingData>&& aData) {
+ if (!aData) {
+ return IPC_FAIL(this, "aData should not be null");
+ }
+
+ RefPtr<WindowGlobalParent> parent =
+ WindowGlobalParent::GetByInnerWindowId(loadInfoArgs.innerWindowID());
+ if (!parent || !parent->GetContentParent()) {
+ return IPC_OK();
+ }
+
+ MOZ_ASSERT(parent->GetContentParent() != this,
+ "No need to bounce around if in the same process");
+
+ Unused << parent->GetContentParent()->SendReportFrameTimingData(
+ loadInfoArgs, entryName, initiatorType, std::move(aData));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvScriptError(
+ const nsAString& aMessage, const nsAString& aSourceName,
+ const nsAString& aSourceLine, const uint32_t& aLineNumber,
+ const uint32_t& aColNumber, const uint32_t& aFlags,
+ const nsACString& aCategory, const bool& aFromPrivateWindow,
+ const uint64_t& aInnerWindowId, const bool& aFromChromeContext) {
+ return RecvScriptErrorInternal(aMessage, aSourceName, aSourceLine,
+ aLineNumber, aColNumber, aFlags, aCategory,
+ aFromPrivateWindow, aFromChromeContext);
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvScriptErrorWithStack(
+ const nsAString& aMessage, const nsAString& aSourceName,
+ const nsAString& aSourceLine, const uint32_t& aLineNumber,
+ const uint32_t& aColNumber, const uint32_t& aFlags,
+ const nsACString& aCategory, const bool& aFromPrivateWindow,
+ const bool& aFromChromeContext, const ClonedMessageData& aFrame) {
+ return RecvScriptErrorInternal(
+ aMessage, aSourceName, aSourceLine, aLineNumber, aColNumber, aFlags,
+ aCategory, aFromPrivateWindow, aFromChromeContext, &aFrame);
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvScriptErrorInternal(
+ const nsAString& aMessage, const nsAString& aSourceName,
+ const nsAString& aSourceLine, const uint32_t& aLineNumber,
+ const uint32_t& aColNumber, const uint32_t& aFlags,
+ const nsACString& aCategory, const bool& aFromPrivateWindow,
+ const bool& aFromChromeContext, const ClonedMessageData* aStack) {
+ nsresult rv;
+ nsCOMPtr<nsIConsoleService> consoleService =
+ do_GetService(NS_CONSOLESERVICE_CONTRACTID, &rv);
+ if (NS_FAILED(rv)) {
+ return IPC_OK();
+ }
+
+ nsCOMPtr<nsIScriptError> msg;
+
+ if (aStack) {
+ StructuredCloneData data;
+ UnpackClonedMessageData(*aStack, data);
+
+ AutoJSAPI jsapi;
+ if (NS_WARN_IF(!jsapi.Init(xpc::PrivilegedJunkScope()))) {
+ MOZ_CRASH();
+ }
+ JSContext* cx = jsapi.cx();
+
+ JS::Rooted<JS::Value> stack(cx);
+ ErrorResult rv;
+ data.Read(cx, &stack, rv);
+ if (rv.Failed() || !stack.isObject()) {
+ rv.SuppressException();
+ return IPC_OK();
+ }
+
+ JS::Rooted<JSObject*> stackObj(cx, &stack.toObject());
+ if (!JS::IsUnwrappedSavedFrame(stackObj)) {
+ return IPC_FAIL(this, "Unexpected object");
+ }
+
+ JS::Rooted<JSObject*> stackGlobal(cx, JS::GetNonCCWObjectGlobal(stackObj));
+ msg = new nsScriptErrorWithStack(JS::NothingHandleValue, stackObj,
+ stackGlobal);
+ } else {
+ msg = new nsScriptError();
+ }
+
+ rv = msg->Init(aMessage, aSourceName, aSourceLine, aLineNumber, aColNumber,
+ aFlags, aCategory, aFromPrivateWindow, aFromChromeContext);
+ if (NS_FAILED(rv)) return IPC_OK();
+
+ msg->SetIsForwardedFromContentProcess(true);
+
+ consoleService->LogMessageWithMode(msg, nsIConsoleService::SuppressLog);
+ return IPC_OK();
+}
+
+bool ContentParent::DoLoadMessageManagerScript(const nsAString& aURL,
+ bool aRunInGlobalScope) {
+ MOZ_ASSERT(!aRunInGlobalScope);
+ return SendLoadProcessScript(aURL);
+}
+
+nsresult ContentParent::DoSendAsyncMessage(const nsAString& aMessage,
+ StructuredCloneData& aHelper) {
+ ClonedMessageData data;
+ if (!BuildClonedMessageData(aHelper, data)) {
+ return NS_ERROR_DOM_DATA_CLONE_ERR;
+ }
+ if (!SendAsyncMessage(aMessage, data)) {
+ return NS_ERROR_UNEXPECTED;
+ }
+ return NS_OK;
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCopyFavicon(
+ nsIURI* aOldURI, nsIURI* aNewURI, const bool& aInPrivateBrowsing) {
+ if (!aOldURI) {
+ return IPC_FAIL(this, "aOldURI should not be null");
+ }
+ if (!aNewURI) {
+ return IPC_FAIL(this, "aNewURI should not be null");
+ }
+
+ nsDocShell::CopyFavicon(aOldURI, aNewURI, aInPrivateBrowsing);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvFindImageText(
+ IPCImage&& aImage, nsTArray<nsCString>&& aLanguages,
+ FindImageTextResolver&& aResolver) {
+ if (!TextRecognition::IsSupported() ||
+ !Preferences::GetBool("dom.text-recognition.enabled")) {
+ return IPC_FAIL(this, "Text recognition not available.");
+ }
+
+ RefPtr<DataSourceSurface> surf =
+ nsContentUtils::IPCImageToSurface(std::move(aImage));
+ if (!surf) {
+ aResolver(TextRecognitionResultOrError("Failed to read image"_ns));
+ return IPC_OK();
+ }
+ TextRecognition::FindText(*surf, aLanguages)
+ ->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [resolver = std::move(aResolver)](
+ TextRecognition::NativePromise::ResolveOrRejectValue&& aValue) {
+ if (aValue.IsResolve()) {
+ resolver(TextRecognitionResultOrError(aValue.ResolveValue()));
+ } else {
+ resolver(TextRecognitionResultOrError(aValue.RejectValue()));
+ }
+ });
+ return IPC_OK();
+}
+
+bool ContentParent::ShouldContinueFromReplyTimeout() {
+ RefPtr<ProcessHangMonitor> monitor = ProcessHangMonitor::Get();
+ return !monitor || !monitor->ShouldTimeOutCPOWs();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAddIdleObserver(
+ const uint64_t& aObserver, const uint32_t& aIdleTimeInS) {
+ nsresult rv;
+ nsCOMPtr<nsIUserIdleService> idleService =
+ do_GetService("@mozilla.org/widget/useridleservice;1", &rv);
+ NS_ENSURE_SUCCESS(rv, IPC_FAIL(this, "Failed to get UserIdleService."));
+
+ RefPtr<ParentIdleListener> listener =
+ new ParentIdleListener(this, aObserver, aIdleTimeInS);
+ rv = idleService->AddIdleObserver(listener, aIdleTimeInS);
+ NS_ENSURE_SUCCESS(rv, IPC_FAIL(this, "AddIdleObserver failed."));
+ mIdleListeners.AppendElement(listener);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRemoveIdleObserver(
+ const uint64_t& aObserver, const uint32_t& aIdleTimeInS) {
+ RefPtr<ParentIdleListener> listener;
+ for (int32_t i = mIdleListeners.Length() - 1; i >= 0; --i) {
+ listener = static_cast<ParentIdleListener*>(mIdleListeners[i].get());
+ if (listener->mObserver == aObserver && listener->mTime == aIdleTimeInS) {
+ nsresult rv;
+ nsCOMPtr<nsIUserIdleService> idleService =
+ do_GetService("@mozilla.org/widget/useridleservice;1", &rv);
+ NS_ENSURE_SUCCESS(rv, IPC_FAIL(this, "Failed to get UserIdleService."));
+ idleService->RemoveIdleObserver(listener, aIdleTimeInS);
+ mIdleListeners.RemoveElementAt(i);
+ break;
+ }
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvBackUpXResources(
+ const FileDescriptor& aXSocketFd) {
+#ifndef MOZ_X11
+ MOZ_CRASH("This message only makes sense on X11 platforms");
+#else
+ MOZ_ASSERT(!mChildXSocketFdDup, "Already backed up X resources??");
+ if (aXSocketFd.IsValid()) {
+ mChildXSocketFdDup = aXSocketFd.ClonePlatformHandle();
+ }
+#endif
+ return IPC_OK();
+}
+
+class AnonymousTemporaryFileRequestor final : public Runnable {
+ public:
+ AnonymousTemporaryFileRequestor(ContentParent* aCP, const uint64_t& aID)
+ : Runnable("dom::AnonymousTemporaryFileRequestor"),
+ mCP(aCP),
+ mID(aID),
+ mRv(NS_OK),
+ mPRFD(nullptr) {}
+
+ NS_IMETHOD Run() override {
+ if (NS_IsMainThread()) {
+ FileDescOrError result;
+ if (NS_WARN_IF(NS_FAILED(mRv))) {
+ // Returning false will kill the child process; instead
+ // propagate the error and let the child handle it.
+ result = mRv;
+ } else {
+ result = FileDescriptor(FileDescriptor::PlatformHandleType(
+ PR_FileDesc2NativeHandle(mPRFD)));
+ // The FileDescriptor object owns a duplicate of the file handle; we
+ // must close the original (and clean up the NSPR descriptor).
+ PR_Close(mPRFD);
+ }
+ Unused << mCP->SendProvideAnonymousTemporaryFile(mID, result);
+ // It's important to release this reference while wr're on the main
+ // thread!
+ mCP = nullptr;
+ } else {
+ mRv = NS_OpenAnonymousTemporaryFile(&mPRFD);
+ NS_DispatchToMainThread(this);
+ }
+ return NS_OK;
+ }
+
+ private:
+ RefPtr<ContentParent> mCP;
+ uint64_t mID;
+ nsresult mRv;
+ PRFileDesc* mPRFD;
+};
+
+mozilla::ipc::IPCResult ContentParent::RecvRequestAnonymousTemporaryFile(
+ const uint64_t& aID) {
+ // Make sure to send a callback to the child if we bail out early.
+ nsresult rv = NS_OK;
+ RefPtr<ContentParent> self(this);
+ auto autoNotifyChildOnError = MakeScopeExit([&, self]() {
+ if (NS_FAILED(rv)) {
+ FileDescOrError result(rv);
+ Unused << self->SendProvideAnonymousTemporaryFile(aID, result);
+ }
+ });
+
+ // We use a helper runnable to open the anonymous temporary file on the IO
+ // thread. The same runnable will call us back on the main thread when the
+ // file has been opened.
+ nsCOMPtr<nsIEventTarget> target =
+ do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID, &rv);
+ if (!target) {
+ return IPC_OK();
+ }
+
+ rv = target->Dispatch(new AnonymousTemporaryFileRequestor(this, aID),
+ NS_DISPATCH_NORMAL);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return IPC_OK();
+ }
+
+ rv = NS_OK;
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCreateAudioIPCConnection(
+ CreateAudioIPCConnectionResolver&& aResolver) {
+ FileDescriptor fd = CubebUtils::CreateAudioIPCConnection();
+ FileDescOrError result;
+ if (fd.IsValid()) {
+ result = fd;
+ } else {
+ result = NS_ERROR_FAILURE;
+ }
+ aResolver(std::move(result));
+ return IPC_OK();
+}
+
+already_AddRefed<extensions::PExtensionsParent>
+ContentParent::AllocPExtensionsParent() {
+ return MakeAndAddRef<extensions::ExtensionsParent>();
+}
+
+void ContentParent::NotifyUpdatedDictionaries() {
+ RefPtr<mozSpellChecker> spellChecker(mozSpellChecker::Create());
+ MOZ_ASSERT(spellChecker, "No spell checker?");
+
+ nsTArray<nsCString> dictionaries;
+ spellChecker->GetDictionaryList(&dictionaries);
+
+ for (auto* cp : AllProcesses(eLive)) {
+ Unused << cp->SendUpdateDictionaryList(dictionaries);
+ }
+}
+
+void ContentParent::NotifyUpdatedFonts(bool aFullRebuild) {
+ if (gfxPlatformFontList::PlatformFontList()->SharedFontList()) {
+ for (auto* cp : AllProcesses(eLive)) {
+ Unused << cp->SendRebuildFontList(aFullRebuild);
+ }
+ return;
+ }
+
+ SystemFontList fontList;
+ gfxPlatform::GetPlatform()->ReadSystemFontList(&fontList);
+
+ for (auto* cp : AllProcesses(eLive)) {
+ Unused << cp->SendUpdateFontList(fontList);
+ }
+}
+
+#ifdef MOZ_WEBRTC
+PWebrtcGlobalParent* ContentParent::AllocPWebrtcGlobalParent() {
+ return WebrtcGlobalParent::Alloc();
+}
+
+bool ContentParent::DeallocPWebrtcGlobalParent(PWebrtcGlobalParent* aActor) {
+ WebrtcGlobalParent::Dealloc(static_cast<WebrtcGlobalParent*>(aActor));
+ return true;
+}
+#endif
+
+void ContentParent::GetIPCTransferableData(
+ nsIDragSession* aSession, BrowserParent* aParent,
+ nsTArray<IPCTransferableData>& aIPCTransferables) {
+ RefPtr<DataTransfer> transfer = aSession->GetDataTransfer();
+ if (!transfer) {
+ // Pass eDrop to get DataTransfer with external
+ // drag formats cached.
+ transfer = new DataTransfer(nullptr, eDrop, true, -1);
+ aSession->SetDataTransfer(transfer);
+ }
+ // Note, even though this fills the DataTransfer object with
+ // external data, the data is usually transfered over IPC lazily when
+ // needed.
+ transfer->FillAllExternalData();
+ nsCOMPtr<nsILoadContext> lc = aParent ? aParent->GetLoadContext() : nullptr;
+ nsCOMPtr<nsIArray> transferables = transfer->GetTransferables(lc);
+ nsContentUtils::TransferablesToIPCTransferableDatas(
+ transferables, aIPCTransferables, false, this);
+}
+
+void ContentParent::MaybeInvokeDragSession(BrowserParent* aParent,
+ EventMessage aMessage) {
+ // dnd uses IPCBlob to transfer data to the content process and the IPC
+ // message is sent as normal priority. When sending input events with input
+ // priority, the message may be preempted by the later dnd events. To make
+ // sure the input events and the blob message are processed in time order
+ // on the content process, we temporarily send the input events with normal
+ // priority when there is an active dnd session.
+ SetInputPriorityEventEnabled(false);
+
+ nsCOMPtr<nsIDragService> dragService =
+ do_GetService("@mozilla.org/widget/dragservice;1");
+ if (!dragService) {
+ return;
+ }
+
+ if (dragService->MaybeAddChildProcess(this)) {
+ nsCOMPtr<nsIDragSession> session;
+ dragService->GetCurrentSession(getter_AddRefs(session));
+ if (session) {
+ // We need to send transferable data to child process.
+ nsTArray<IPCTransferableData> ipcTransferables;
+ GetIPCTransferableData(session, aParent, ipcTransferables);
+ uint32_t action;
+ session->GetDragAction(&action);
+
+ RefPtr<WindowContext> sourceWC;
+ session->GetSourceWindowContext(getter_AddRefs(sourceWC));
+ RefPtr<WindowContext> sourceTopWC;
+ session->GetSourceTopWindowContext(getter_AddRefs(sourceTopWC));
+ mozilla::Unused << SendInvokeDragSession(
+ sourceWC, sourceTopWC, std::move(ipcTransferables), action);
+ }
+ return;
+ }
+
+ if (dragService->MustUpdateDataTransfer(aMessage)) {
+ nsCOMPtr<nsIDragSession> session;
+ dragService->GetCurrentSession(getter_AddRefs(session));
+ if (session) {
+ // We need to send transferable data to child process.
+ nsTArray<IPCTransferableData> ipcTransferables;
+ GetIPCTransferableData(session, aParent, ipcTransferables);
+ mozilla::Unused << SendUpdateDragSession(std::move(ipcTransferables),
+ aMessage);
+ }
+ }
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvUpdateDropEffect(
+ const uint32_t& aDragAction, const uint32_t& aDropEffect) {
+ nsCOMPtr<nsIDragSession> dragSession = nsContentUtils::GetDragSession();
+ if (dragSession) {
+ dragSession->SetDragAction(aDragAction);
+ RefPtr<DataTransfer> dt = dragSession->GetDataTransfer();
+ if (dt) {
+ dt->SetDropEffectInt(aDropEffect);
+ }
+ dragSession->UpdateDragEffect();
+ }
+ return IPC_OK();
+}
+
+PContentPermissionRequestParent*
+ContentParent::AllocPContentPermissionRequestParent(
+ const nsTArray<PermissionRequest>& aRequests, nsIPrincipal* aPrincipal,
+ nsIPrincipal* aTopLevelPrincipal, const bool& aIsHandlingUserInput,
+ const bool& aMaybeUnsafePermissionDelegate, const TabId& aTabId) {
+ RefPtr<BrowserParent> tp;
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+ if (cpm) {
+ tp =
+ cpm->GetTopLevelBrowserParentByProcessAndTabId(this->ChildID(), aTabId);
+ }
+ if (!tp) {
+ return nullptr;
+ }
+
+ nsIPrincipal* topPrincipal = aTopLevelPrincipal;
+ if (!topPrincipal) {
+ nsCOMPtr<nsIPrincipal> principal = tp->GetContentPrincipal();
+ topPrincipal = principal;
+ }
+ return nsContentPermissionUtils::CreateContentPermissionRequestParent(
+ aRequests, tp->GetOwnerElement(), aPrincipal, topPrincipal,
+ aIsHandlingUserInput, aMaybeUnsafePermissionDelegate, aTabId);
+}
+
+bool ContentParent::DeallocPContentPermissionRequestParent(
+ PContentPermissionRequestParent* actor) {
+ nsContentPermissionUtils::NotifyRemoveContentPermissionRequestParent(actor);
+ delete actor;
+ return true;
+}
+
+already_AddRefed<PWebBrowserPersistDocumentParent>
+ContentParent::AllocPWebBrowserPersistDocumentParent(
+ PBrowserParent* aBrowser, const MaybeDiscarded<BrowsingContext>& aContext) {
+ return MakeAndAddRef<WebBrowserPersistDocumentParent>();
+}
+
+mozilla::ipc::IPCResult ContentParent::CommonCreateWindow(
+ PBrowserParent* aThisTab, BrowsingContext& aParent, bool aSetOpener,
+ const uint32_t& aChromeFlags, const bool& aCalledFromJS,
+ const bool& aForPrinting, const bool& aForWindowDotPrint,
+ nsIURI* aURIToLoad, const nsACString& aFeatures,
+ const UserActivation::Modifiers& aModifiers,
+ BrowserParent* aNextRemoteBrowser, const nsAString& aName,
+ nsresult& aResult, nsCOMPtr<nsIRemoteTab>& aNewRemoteTab,
+ bool* aWindowIsNew, int32_t& aOpenLocation,
+ nsIPrincipal* aTriggeringPrincipal, nsIReferrerInfo* aReferrerInfo,
+ bool aLoadURI, nsIContentSecurityPolicy* aCsp,
+ const OriginAttributes& aOriginAttributes) {
+ // The content process should never be in charge of computing whether or
+ // not a window should be private - the parent will do that.
+ const uint32_t badFlags = nsIWebBrowserChrome::CHROME_PRIVATE_WINDOW |
+ nsIWebBrowserChrome::CHROME_NON_PRIVATE_WINDOW |
+ nsIWebBrowserChrome::CHROME_PRIVATE_LIFETIME;
+ if (!!(aChromeFlags & badFlags)) {
+ return IPC_FAIL(this, "Forbidden aChromeFlags passed");
+ }
+
+ RefPtr<nsOpenWindowInfo> openInfo = new nsOpenWindowInfo();
+ openInfo->mForceNoOpener = !aSetOpener;
+ openInfo->mParent = &aParent;
+ openInfo->mIsRemote = true;
+ openInfo->mIsForPrinting = aForPrinting;
+ openInfo->mIsForWindowDotPrint = aForWindowDotPrint;
+ openInfo->mNextRemoteBrowser = aNextRemoteBrowser;
+ openInfo->mOriginAttributes = aOriginAttributes;
+
+ MOZ_ASSERT_IF(aForWindowDotPrint, aForPrinting);
+
+ RefPtr<BrowserParent> topParent = BrowserParent::GetFrom(aThisTab);
+ while (topParent && topParent->GetBrowserBridgeParent()) {
+ topParent = topParent->GetBrowserBridgeParent()->Manager();
+ }
+ RefPtr<BrowserHost> thisBrowserHost =
+ topParent ? topParent->GetBrowserHost() : nullptr;
+ MOZ_ASSERT_IF(topParent, thisBrowserHost);
+ RefPtr<BrowsingContext> topBC =
+ topParent ? topParent->GetBrowsingContext() : nullptr;
+ MOZ_ASSERT_IF(topParent, topBC);
+
+ // The content process should have set its remote and fission flags correctly.
+ if (topBC) {
+ if ((!!(aChromeFlags & nsIWebBrowserChrome::CHROME_REMOTE_WINDOW) !=
+ topBC->UseRemoteTabs()) ||
+ (!!(aChromeFlags & nsIWebBrowserChrome::CHROME_FISSION_WINDOW) !=
+ topBC->UseRemoteSubframes())) {
+ return IPC_FAIL(this, "Unexpected aChromeFlags passed");
+ }
+
+ if (!aOriginAttributes.EqualsIgnoringFPD(topBC->OriginAttributesRef())) {
+ return IPC_FAIL(this, "Passed-in OriginAttributes does not match opener");
+ }
+ }
+
+ nsCOMPtr<nsIContent> frame;
+ if (topParent) {
+ frame = topParent->GetOwnerElement();
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> outerWin;
+ if (frame) {
+ outerWin = frame->OwnerDoc()->GetWindow();
+
+ // If our chrome window is in the process of closing, don't try to open a
+ // new tab in it.
+ if (outerWin && outerWin->Closed()) {
+ outerWin = nullptr;
+ }
+ }
+
+ nsCOMPtr<nsIBrowserDOMWindow> browserDOMWin;
+ if (topParent) {
+ browserDOMWin = topParent->GetBrowserDOMWindow();
+ }
+
+ // If we haven't found a chrome window to open in, just use the most recently
+ // opened one.
+ if (!outerWin) {
+ outerWin = nsContentUtils::GetMostRecentNonPBWindow();
+ if (NS_WARN_IF(!outerWin)) {
+ aResult = NS_ERROR_FAILURE;
+ return IPC_OK();
+ }
+
+ if (nsGlobalWindowOuter::Cast(outerWin)->IsChromeWindow()) {
+ browserDOMWin =
+ nsGlobalWindowOuter::Cast(outerWin)->GetBrowserDOMWindow();
+ }
+ }
+
+ aOpenLocation = nsWindowWatcher::GetWindowOpenLocation(
+ outerWin, aChromeFlags, aModifiers, aCalledFromJS, aForPrinting);
+
+ MOZ_ASSERT(aOpenLocation == nsIBrowserDOMWindow::OPEN_NEWTAB ||
+ aOpenLocation == nsIBrowserDOMWindow::OPEN_NEWTAB_BACKGROUND ||
+ aOpenLocation == nsIBrowserDOMWindow::OPEN_NEWWINDOW ||
+ aOpenLocation == nsIBrowserDOMWindow::OPEN_PRINT_BROWSER);
+
+ if (NS_WARN_IF(!browserDOMWin)) {
+ // Opening in the same window or headless requires an nsIBrowserDOMWindow.
+ aOpenLocation = nsIBrowserDOMWindow::OPEN_NEWWINDOW;
+ }
+
+ if (aOpenLocation == nsIBrowserDOMWindow::OPEN_NEWTAB ||
+ aOpenLocation == nsIBrowserDOMWindow::OPEN_NEWTAB_BACKGROUND ||
+ aOpenLocation == nsIBrowserDOMWindow::OPEN_PRINT_BROWSER) {
+ RefPtr<Element> openerElement = do_QueryObject(frame);
+
+ nsCOMPtr<nsIOpenURIInFrameParams> params =
+ new nsOpenURIInFrameParams(openInfo, openerElement);
+ params->SetReferrerInfo(aReferrerInfo);
+ MOZ_ASSERT(aTriggeringPrincipal, "need a valid triggeringPrincipal");
+ params->SetTriggeringPrincipal(aTriggeringPrincipal);
+ params->SetCsp(aCsp);
+
+ RefPtr<Element> el;
+
+ if (aLoadURI) {
+ aResult = browserDOMWin->OpenURIInFrame(aURIToLoad, params, aOpenLocation,
+ nsIBrowserDOMWindow::OPEN_NEW,
+ aName, getter_AddRefs(el));
+ } else {
+ aResult = browserDOMWin->CreateContentWindowInFrame(
+ aURIToLoad, params, aOpenLocation, nsIBrowserDOMWindow::OPEN_NEW,
+ aName, getter_AddRefs(el));
+ }
+ RefPtr<nsFrameLoaderOwner> frameLoaderOwner = do_QueryObject(el);
+ if (NS_SUCCEEDED(aResult) && frameLoaderOwner) {
+ RefPtr<nsFrameLoader> frameLoader = frameLoaderOwner->GetFrameLoader();
+ if (frameLoader) {
+ aNewRemoteTab = frameLoader->GetRemoteTab();
+ // At this point, it's possible the inserted frameloader hasn't gone
+ // through layout yet. To ensure that the dimensions that we send down
+ // when telling the frameloader to display will be correct (instead of
+ // falling back to a 10x10 default), we force layout if necessary to get
+ // the most up-to-date dimensions. See bug 1358712 for details.
+ frameLoader->ForceLayoutIfNecessary();
+ }
+ } else if (NS_SUCCEEDED(aResult) && !frameLoaderOwner) {
+ // Fall through to the normal window opening code path when there is no
+ // window which we can open a new tab in.
+ aOpenLocation = nsIBrowserDOMWindow::OPEN_NEWWINDOW;
+ } else {
+ *aWindowIsNew = false;
+ }
+
+ // If we didn't retarget our window open into a new window, we should return
+ // now.
+ if (aOpenLocation != nsIBrowserDOMWindow::OPEN_NEWWINDOW) {
+ return IPC_OK();
+ }
+ }
+
+ nsCOMPtr<nsPIWindowWatcher> pwwatch =
+ do_GetService(NS_WINDOWWATCHER_CONTRACTID, &aResult);
+ if (NS_WARN_IF(NS_FAILED(aResult))) {
+ return IPC_OK();
+ }
+
+ WindowFeatures features;
+ features.Tokenize(aFeatures);
+
+ aResult = pwwatch->OpenWindowWithRemoteTab(
+ thisBrowserHost, features, aModifiers, aCalledFromJS, aParent.FullZoom(),
+ openInfo, getter_AddRefs(aNewRemoteTab));
+ if (NS_WARN_IF(NS_FAILED(aResult))) {
+ return IPC_OK();
+ }
+
+ MOZ_ASSERT(aNewRemoteTab);
+ RefPtr<BrowserHost> newBrowserHost = BrowserHost::GetFrom(aNewRemoteTab);
+ RefPtr<BrowserParent> newBrowserParent = newBrowserHost->GetActor();
+
+ // At this point, it's possible the inserted frameloader hasn't gone through
+ // layout yet. To ensure that the dimensions that we send down when telling
+ // the frameloader to display will be correct (instead of falling back to a
+ // 10x10 default), we force layout if necessary to get the most up-to-date
+ // dimensions. See bug 1358712 for details.
+ nsCOMPtr<Element> frameElement = newBrowserHost->GetOwnerElement();
+ MOZ_ASSERT(frameElement);
+ if (nsWindowWatcher::HaveSpecifiedSize(features)) {
+ // We want to flush the layout anyway because of the resize to the specified
+ // size. (Bug 1793605).
+ RefPtr<Document> chromeDoc = frameElement->OwnerDoc();
+ MOZ_ASSERT(chromeDoc);
+ chromeDoc->FlushPendingNotifications(FlushType::Layout);
+ } else {
+ RefPtr<nsFrameLoaderOwner> frameLoaderOwner = do_QueryObject(frameElement);
+ MOZ_ASSERT(frameLoaderOwner);
+ RefPtr<nsFrameLoader> frameLoader = frameLoaderOwner->GetFrameLoader();
+ MOZ_ASSERT(frameLoader);
+ frameLoader->ForceLayoutIfNecessary();
+ }
+
+ // If we were passed a name for the window which would override the default,
+ // we should send it down to the new tab.
+ if (nsContentUtils::IsOverridingWindowName(aName)) {
+ MOZ_ALWAYS_SUCCEEDS(newBrowserHost->GetBrowsingContext()->SetName(aName));
+ }
+
+ MOZ_ASSERT(newBrowserHost->GetBrowsingContext()->OriginAttributesRef() ==
+ aOriginAttributes);
+
+ if (aURIToLoad && aLoadURI) {
+ nsCOMPtr<mozIDOMWindowProxy> openerWindow;
+ if (aSetOpener && topParent) {
+ openerWindow = topParent->GetParentWindowOuter();
+ }
+ nsCOMPtr<nsIBrowserDOMWindow> newBrowserDOMWin =
+ newBrowserParent->GetBrowserDOMWindow();
+ if (NS_WARN_IF(!newBrowserDOMWin)) {
+ aResult = NS_ERROR_ABORT;
+ return IPC_OK();
+ }
+ RefPtr<BrowsingContext> bc;
+ aResult = newBrowserDOMWin->OpenURI(
+ aURIToLoad, openInfo, nsIBrowserDOMWindow::OPEN_CURRENTWINDOW,
+ nsIBrowserDOMWindow::OPEN_NEW, aTriggeringPrincipal, aCsp,
+ getter_AddRefs(bc));
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCreateWindow(
+ PBrowserParent* aThisTab, const MaybeDiscarded<BrowsingContext>& aParent,
+ PBrowserParent* aNewTab, const uint32_t& aChromeFlags,
+ const bool& aCalledFromJS, const bool& aForPrinting,
+ const bool& aForPrintPreview, nsIURI* aURIToLoad,
+ const nsACString& aFeatures, const UserActivation::Modifiers& aModifiers,
+ nsIPrincipal* aTriggeringPrincipal, nsIContentSecurityPolicy* aCsp,
+ nsIReferrerInfo* aReferrerInfo, const OriginAttributes& aOriginAttributes,
+ CreateWindowResolver&& aResolve) {
+ if (!aTriggeringPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aTriggeringPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aTriggeringPrincipal, __func__);
+ }
+
+ nsresult rv = NS_OK;
+ CreatedWindowInfo cwi;
+
+ // We always expect to open a new window here. If we don't, it's an error.
+ cwi.windowOpened() = true;
+ cwi.maxTouchPoints() = 0;
+
+ // Make sure to resolve the resolver when this function exits, even if we
+ // failed to generate a valid response.
+ auto resolveOnExit = MakeScopeExit([&] {
+ // Copy over the nsresult, and then resolve.
+ cwi.rv() = rv;
+ aResolve(cwi);
+ });
+
+ RefPtr<BrowserParent> thisTab = BrowserParent::GetFrom(aThisTab);
+ RefPtr<BrowserParent> newTab = BrowserParent::GetFrom(aNewTab);
+ MOZ_ASSERT(newTab);
+
+ auto destroyNewTabOnError = MakeScopeExit([&] {
+ // We always expect to open a new window here. If we don't, it's an error.
+ if (!cwi.windowOpened() || NS_FAILED(rv)) {
+ if (newTab) {
+ newTab->Destroy();
+ }
+ }
+ });
+
+ // Don't continue to try to create a new window if we've been fully discarded.
+ RefPtr<BrowsingContext> parent = aParent.GetMaybeDiscarded();
+ if (NS_WARN_IF(!parent)) {
+ rv = NS_ERROR_FAILURE;
+ return IPC_OK();
+ }
+
+ // Validate that our new BrowsingContext looks as we would expect it.
+ RefPtr<BrowsingContext> newBC = newTab->GetBrowsingContext();
+ if (!newBC) {
+ return IPC_FAIL(this, "Missing BrowsingContext for new tab");
+ }
+
+ uint64_t newBCOpenerId = newBC->GetOpenerId();
+ if (newBCOpenerId != 0 && parent->Id() != newBCOpenerId) {
+ return IPC_FAIL(this, "Invalid opener BrowsingContext for new tab");
+ }
+ if (newBC->GetParent() != nullptr) {
+ return IPC_FAIL(this,
+ "Unexpected non-toplevel BrowsingContext for new tab");
+ }
+ if (!!(aChromeFlags & nsIWebBrowserChrome::CHROME_REMOTE_WINDOW) !=
+ newBC->UseRemoteTabs() ||
+ !!(aChromeFlags & nsIWebBrowserChrome::CHROME_FISSION_WINDOW) !=
+ newBC->UseRemoteSubframes()) {
+ return IPC_FAIL(this, "Unexpected aChromeFlags passed");
+ }
+ if (!aOriginAttributes.EqualsIgnoringFPD(newBC->OriginAttributesRef())) {
+ return IPC_FAIL(this, "Opened tab has mismatched OriginAttributes");
+ }
+
+ if (thisTab && BrowserParent::GetFrom(thisTab)->GetBrowsingContext()) {
+ BrowsingContext* thisTabBC = thisTab->GetBrowsingContext();
+ if (thisTabBC->UseRemoteTabs() != newBC->UseRemoteTabs() ||
+ thisTabBC->UseRemoteSubframes() != newBC->UseRemoteSubframes() ||
+ thisTabBC->UsePrivateBrowsing() != newBC->UsePrivateBrowsing()) {
+ return IPC_FAIL(this, "New BrowsingContext has mismatched LoadContext");
+ }
+ }
+ BrowserParent::AutoUseNewTab aunt(newTab);
+
+ nsCOMPtr<nsIRemoteTab> newRemoteTab;
+ int32_t openLocation = nsIBrowserDOMWindow::OPEN_NEWWINDOW;
+ mozilla::ipc::IPCResult ipcResult = CommonCreateWindow(
+ aThisTab, *parent, newBCOpenerId != 0, aChromeFlags, aCalledFromJS,
+ aForPrinting, aForPrintPreview, aURIToLoad, aFeatures, aModifiers, newTab,
+ VoidString(), rv, newRemoteTab, &cwi.windowOpened(), openLocation,
+ aTriggeringPrincipal, aReferrerInfo, /* aLoadUri = */ false, aCsp,
+ aOriginAttributes);
+ if (!ipcResult) {
+ return ipcResult;
+ }
+
+ if (NS_WARN_IF(NS_FAILED(rv)) || !newRemoteTab) {
+ return IPC_OK();
+ }
+
+ MOZ_ASSERT(BrowserHost::GetFrom(newRemoteTab.get()) ==
+ newTab->GetBrowserHost());
+
+ // This used to happen in the child - there may now be a better place to
+ // do this work.
+ MOZ_ALWAYS_SUCCEEDS(newBC->SetHasSiblings(
+ openLocation == nsIBrowserDOMWindow::OPEN_NEWTAB ||
+ openLocation == nsIBrowserDOMWindow::OPEN_NEWTAB_BACKGROUND));
+
+ newTab->SwapFrameScriptsFrom(cwi.frameScripts());
+ newTab->MaybeShowFrame();
+
+ nsCOMPtr<nsIWidget> widget = newTab->GetWidget();
+ if (widget) {
+ cwi.dimensions() = newTab->GetDimensionInfo();
+ }
+
+ cwi.maxTouchPoints() = newTab->GetMaxTouchPoints();
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCreateWindowInDifferentProcess(
+ PBrowserParent* aThisTab, const MaybeDiscarded<BrowsingContext>& aParent,
+ const uint32_t& aChromeFlags, const bool& aCalledFromJS, nsIURI* aURIToLoad,
+ const nsACString& aFeatures, const UserActivation::Modifiers& aModifiers,
+ const nsAString& aName, nsIPrincipal* aTriggeringPrincipal,
+ nsIContentSecurityPolicy* aCsp, nsIReferrerInfo* aReferrerInfo,
+ const OriginAttributes& aOriginAttributes) {
+ MOZ_DIAGNOSTIC_ASSERT(!nsContentUtils::IsSpecialName(aName));
+
+ // Don't continue to try to create a new window if we've been fully discarded.
+ RefPtr<BrowsingContext> parent = aParent.GetMaybeDiscarded();
+ if (NS_WARN_IF(!parent)) {
+ return IPC_OK();
+ }
+
+ nsCOMPtr<nsIRemoteTab> newRemoteTab;
+ bool windowIsNew;
+ int32_t openLocation = nsIBrowserDOMWindow::OPEN_NEWWINDOW;
+
+ // If we have enough data, check the schemes of the loader and loadee
+ // to make sure they make sense.
+ if (aURIToLoad && aURIToLoad->SchemeIs("file") &&
+ GetRemoteType() != FILE_REMOTE_TYPE &&
+ Preferences::GetBool("browser.tabs.remote.enforceRemoteTypeRestrictions",
+ false)) {
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+# ifdef DEBUG
+ nsAutoCString uriToLoadStr;
+ nsAutoCString triggeringUriStr;
+ aURIToLoad->GetAsciiSpec(uriToLoadStr);
+ aTriggeringPrincipal->GetAsciiSpec(triggeringUriStr);
+
+ NS_WARNING(nsPrintfCString(
+ "RecvCreateWindowInDifferentProcess blocked loading file "
+ "scheme from non-file remotetype: %s tried to load %s",
+ triggeringUriStr.get(), uriToLoadStr.get())
+ .get());
+# endif
+ MOZ_CRASH(
+ "RecvCreateWindowInDifferentProcess blocked loading improper scheme");
+#endif
+ return IPC_OK();
+ }
+
+ nsresult rv;
+ mozilla::ipc::IPCResult ipcResult = CommonCreateWindow(
+ aThisTab, *parent, /* aSetOpener = */ false, aChromeFlags, aCalledFromJS,
+ /* aForPrinting = */ false,
+ /* aForPrintPreview = */ false, aURIToLoad, aFeatures, aModifiers,
+ /* aNextRemoteBrowser = */ nullptr, aName, rv, newRemoteTab, &windowIsNew,
+ openLocation, aTriggeringPrincipal, aReferrerInfo,
+ /* aLoadUri = */ true, aCsp, aOriginAttributes);
+ if (!ipcResult) {
+ return ipcResult;
+ }
+
+ if (NS_FAILED(rv)) {
+ NS_WARNING("Call to CommonCreateWindow failed.");
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvShutdownProfile(
+ const nsACString& aProfile) {
+ profiler_received_exit_profile(aProfile);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvShutdownPerfStats(
+ const nsACString& aPerfStats) {
+ PerfStats::StorePerfStats(this, aPerfStats);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvGetFontListShmBlock(
+ const uint32_t& aGeneration, const uint32_t& aIndex,
+ base::SharedMemoryHandle* aOut) {
+ auto* fontList = gfxPlatformFontList::PlatformFontList();
+ MOZ_RELEASE_ASSERT(fontList, "gfxPlatformFontList not initialized?");
+ fontList->ShareFontListShmBlockToProcess(aGeneration, aIndex, Pid(), aOut);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvInitializeFamily(
+ const uint32_t& aGeneration, const uint32_t& aFamilyIndex,
+ const bool& aLoadCmaps) {
+ auto* fontList = gfxPlatformFontList::PlatformFontList();
+ MOZ_RELEASE_ASSERT(fontList, "gfxPlatformFontList not initialized?");
+ fontList->InitializeFamily(aGeneration, aFamilyIndex, aLoadCmaps);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetCharacterMap(
+ const uint32_t& aGeneration, const uint32_t& aFamilyIndex,
+ const bool& aAlias, const uint32_t& aFaceIndex,
+ const gfxSparseBitSet& aMap) {
+ auto* fontList = gfxPlatformFontList::PlatformFontList();
+ MOZ_RELEASE_ASSERT(fontList, "gfxPlatformFontList not initialized?");
+ fontList->SetCharacterMap(aGeneration, aFamilyIndex, aAlias, aFaceIndex,
+ aMap);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvInitOtherFamilyNames(
+ const uint32_t& aGeneration, const bool& aDefer, bool* aLoaded) {
+ auto* fontList = gfxPlatformFontList::PlatformFontList();
+ MOZ_RELEASE_ASSERT(fontList, "gfxPlatformFontList not initialized?");
+ *aLoaded = fontList->InitOtherFamilyNames(aGeneration, aDefer);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetupFamilyCharMap(
+ const uint32_t& aGeneration, const uint32_t& aIndex, const bool& aAlias) {
+ auto* fontList = gfxPlatformFontList::PlatformFontList();
+ MOZ_RELEASE_ASSERT(fontList, "gfxPlatformFontList not initialized?");
+ fontList->SetupFamilyCharMap(aGeneration, aIndex, aAlias);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvStartCmapLoading(
+ const uint32_t& aGeneration, const uint32_t& aStartIndex) {
+ auto* fontList = gfxPlatformFontList::PlatformFontList();
+ MOZ_RELEASE_ASSERT(fontList, "gfxPlatformFontList not initialized?");
+ fontList->StartCmapLoading(aGeneration, aStartIndex);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvGetHyphDict(
+ nsIURI* aURI, base::SharedMemoryHandle* aOutHandle, uint32_t* aOutSize) {
+ if (!aURI) {
+ return IPC_FAIL(this, "aURI must not be null.");
+ }
+ nsHyphenationManager::Instance()->ShareHyphDictToProcess(
+ aURI, Pid(), aOutHandle, aOutSize);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvGraphicsError(
+ const nsACString& aError) {
+ if (gfx::LogForwarder* lf = gfx::Factory::GetLogForwarder()) {
+ std::stringstream message;
+ message << "CP+" << aError;
+ lf->UpdateStringsVector(message.str());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvBeginDriverCrashGuard(
+ const uint32_t& aGuardType, bool* aOutCrashed) {
+ // Only one driver crash guard should be active at a time, per-process.
+ MOZ_ASSERT(!mDriverCrashGuard);
+
+ UniquePtr<gfx::DriverCrashGuard> guard;
+ switch (gfx::CrashGuardType(aGuardType)) {
+ case gfx::CrashGuardType::D3D11Layers:
+ guard = MakeUnique<gfx::D3D11LayersCrashGuard>(this);
+ break;
+ case gfx::CrashGuardType::GLContext:
+ guard = MakeUnique<gfx::GLContextCrashGuard>(this);
+ break;
+ case gfx::CrashGuardType::WMFVPXVideo:
+ guard = MakeUnique<gfx::WMFVPXVideoCrashGuard>(this);
+ break;
+ default:
+ return IPC_FAIL(this, "unknown crash guard type");
+ }
+
+ if (guard->Crashed()) {
+ *aOutCrashed = true;
+ return IPC_OK();
+ }
+
+ *aOutCrashed = false;
+ mDriverCrashGuard = std::move(guard);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvEndDriverCrashGuard(
+ const uint32_t& aGuardType) {
+ mDriverCrashGuard = nullptr;
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyBenchmarkResult(
+ const nsAString& aCodecName, const uint32_t& aDecodeFPS)
+
+{
+ if (aCodecName.EqualsLiteral("VP9")) {
+ Preferences::SetUint(VP9Benchmark::sBenchmarkFpsPref, aDecodeFPS);
+ Preferences::SetUint(VP9Benchmark::sBenchmarkFpsVersionCheck,
+ VP9Benchmark::sBenchmarkVersionID);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyPushObservers(
+ const nsACString& aScope, nsIPrincipal* aPrincipal,
+ const nsAString& aMessageId) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ PushMessageDispatcher dispatcher(aScope, aPrincipal, aMessageId, Nothing());
+ Unused << NS_WARN_IF(NS_FAILED(dispatcher.NotifyObserversAndWorkers()));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyPushObserversWithData(
+ const nsACString& aScope, nsIPrincipal* aPrincipal,
+ const nsAString& aMessageId, nsTArray<uint8_t>&& aData) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ PushMessageDispatcher dispatcher(aScope, aPrincipal, aMessageId,
+ Some(std::move(aData)));
+ Unused << NS_WARN_IF(NS_FAILED(dispatcher.NotifyObserversAndWorkers()));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvNotifyPushSubscriptionChangeObservers(
+ const nsACString& aScope, nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ PushSubscriptionChangeDispatcher dispatcher(aScope, aPrincipal);
+ Unused << NS_WARN_IF(NS_FAILED(dispatcher.NotifyObserversAndWorkers()));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvPushError(const nsACString& aScope,
+ nsIPrincipal* aPrincipal,
+ const nsAString& aMessage,
+ const uint32_t& aFlags) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ PushErrorDispatcher dispatcher(aScope, aPrincipal, aMessage, aFlags);
+ Unused << NS_WARN_IF(NS_FAILED(dispatcher.NotifyObserversAndWorkers()));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvNotifyPushSubscriptionModifiedObservers(
+ const nsACString& aScope, nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ PushSubscriptionModifiedDispatcher dispatcher(aScope, aPrincipal);
+ Unused << NS_WARN_IF(NS_FAILED(dispatcher.NotifyObservers()));
+ return IPC_OK();
+}
+
+/* static */
+void ContentParent::BroadcastBlobURLRegistration(const nsACString& aURI,
+ BlobImpl* aBlobImpl,
+ nsIPrincipal* aPrincipal,
+ const nsCString& aPartitionKey,
+ ContentParent* aIgnoreThisCP) {
+ uint64_t originHash = ComputeLoadedOriginHash(aPrincipal);
+
+ bool toBeSent =
+ BlobURLProtocolHandler::IsBlobURLBroadcastPrincipal(aPrincipal);
+
+ nsCString uri(aURI);
+
+ for (auto* cp : AllProcesses(eLive)) {
+ if (cp != aIgnoreThisCP) {
+ if (!toBeSent && !cp->mLoadedOriginHashes.Contains(originHash)) {
+ continue;
+ }
+
+ nsresult rv = cp->TransmitPermissionsForPrincipal(aPrincipal);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ break;
+ }
+
+ IPCBlob ipcBlob;
+ rv = IPCBlobUtils::Serialize(aBlobImpl, ipcBlob);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ break;
+ }
+
+ Unused << cp->SendBlobURLRegistration(uri, ipcBlob, aPrincipal,
+ aPartitionKey);
+ }
+ }
+}
+
+/* static */
+void ContentParent::BroadcastBlobURLUnregistration(
+ const nsACString& aURI, nsIPrincipal* aPrincipal,
+ ContentParent* aIgnoreThisCP) {
+ uint64_t originHash = ComputeLoadedOriginHash(aPrincipal);
+
+ bool toBeSent =
+ BlobURLProtocolHandler::IsBlobURLBroadcastPrincipal(aPrincipal);
+
+ nsCString uri(aURI);
+
+ for (auto* cp : AllProcesses(eLive)) {
+ if (cp != aIgnoreThisCP &&
+ (toBeSent || cp->mLoadedOriginHashes.Contains(originHash))) {
+ Unused << cp->SendBlobURLUnregistration(uri);
+ }
+ }
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvStoreAndBroadcastBlobURLRegistration(
+ const nsACString& aURI, const IPCBlob& aBlob, nsIPrincipal* aPrincipal,
+ const nsCString& aPartitionKey) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal, {ValidatePrincipalOptions::AllowSystem})) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ RefPtr<BlobImpl> blobImpl = IPCBlobUtils::Deserialize(aBlob);
+ if (NS_WARN_IF(!blobImpl)) {
+ return IPC_FAIL(this, "Blob deserialization failed.");
+ }
+
+ BlobURLProtocolHandler::AddDataEntry(aURI, aPrincipal, aPartitionKey,
+ blobImpl);
+ BroadcastBlobURLRegistration(aURI, blobImpl, aPrincipal, aPartitionKey, this);
+
+ // We want to store this blobURL, so we can unregister it if the child
+ // crashes.
+ mBlobURLs.AppendElement(aURI);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvUnstoreAndBroadcastBlobURLUnregistration(
+ const nsACString& aURI, nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal, {ValidatePrincipalOptions::AllowSystem})) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ BlobURLProtocolHandler::RemoveDataEntry(aURI, false /* Don't broadcast */);
+ BroadcastBlobURLUnregistration(aURI, aPrincipal, this);
+ mBlobURLs.RemoveElement(aURI);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvGetFilesRequest(
+ const nsID& aUUID, const nsAString& aDirectoryPath,
+ const bool& aRecursiveFlag) {
+ MOZ_ASSERT(!mGetFilesPendingRequests.GetWeak(aUUID));
+
+ if (!mozilla::Preferences::GetBool("dom.filesystem.pathcheck.disabled",
+ false)) {
+ RefPtr<FileSystemSecurity> fss = FileSystemSecurity::Get();
+ if (!fss) {
+ return IPC_FAIL(this, "Failed to get FileSystemSecurity.");
+ }
+
+ if (!fss->ContentProcessHasAccessTo(ChildID(), aDirectoryPath)) {
+ return IPC_FAIL(this, "ContentProcessHasAccessTo failed.");
+ }
+ }
+
+ ErrorResult rv;
+ RefPtr<GetFilesHelper> helper = GetFilesHelperParent::Create(
+ aUUID, aDirectoryPath, aRecursiveFlag, this, rv);
+
+ if (NS_WARN_IF(rv.Failed())) {
+ if (!SendGetFilesResponse(aUUID,
+ GetFilesResponseFailure(rv.StealNSResult()))) {
+ return IPC_FAIL(this, "SendGetFilesResponse failed.");
+ }
+ return IPC_OK();
+ }
+
+ mGetFilesPendingRequests.InsertOrUpdate(aUUID, std::move(helper));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvDeleteGetFilesRequest(
+ const nsID& aUUID) {
+ mGetFilesPendingRequests.Remove(aUUID);
+ return IPC_OK();
+}
+
+void ContentParent::SendGetFilesResponseAndForget(
+ const nsID& aUUID, const GetFilesResponseResult& aResult) {
+ if (mGetFilesPendingRequests.Remove(aUUID)) {
+ Unused << SendGetFilesResponse(aUUID, aResult);
+ }
+}
+
+void ContentParent::PaintTabWhileInterruptingJS(BrowserParent* aBrowserParent) {
+ if (!mHangMonitorActor) {
+ return;
+ }
+ ProcessHangMonitor::PaintWhileInterruptingJS(mHangMonitorActor,
+ aBrowserParent);
+}
+
+void ContentParent::UnloadLayersWhileInterruptingJS(
+ BrowserParent* aBrowserParent) {
+ if (!mHangMonitorActor) {
+ return;
+ }
+ ProcessHangMonitor::UnloadLayersWhileInterruptingJS(mHangMonitorActor,
+ aBrowserParent);
+}
+
+void ContentParent::CancelContentJSExecutionIfRunning(
+ BrowserParent* aBrowserParent, nsIRemoteTab::NavigationType aNavigationType,
+ const CancelContentJSOptions& aCancelContentJSOptions) {
+ if (!mHangMonitorActor) {
+ return;
+ }
+
+ ProcessHangMonitor::CancelContentJSExecutionIfRunning(
+ mHangMonitorActor, aBrowserParent, aNavigationType,
+ aCancelContentJSOptions);
+}
+
+void ContentParent::SetMainThreadQoSPriority(
+ nsIThread::QoSPriority aQoSPriority) {
+ if (!mHangMonitorActor) {
+ return;
+ }
+
+ ProcessHangMonitor::SetMainThreadQoSPriority(mHangMonitorActor, aQoSPriority);
+}
+
+void ContentParent::UpdateCookieStatus(nsIChannel* aChannel) {
+ PNeckoParent* neckoParent = LoneManagedOrNullAsserts(ManagedPNeckoParent());
+ PCookieServiceParent* csParent =
+ LoneManagedOrNullAsserts(neckoParent->ManagedPCookieServiceParent());
+ if (csParent) {
+ auto* cs = static_cast<CookieServiceParent*>(csParent);
+ cs->TrackCookieLoad(aChannel);
+ }
+}
+
+nsresult ContentParent::AboutToLoadHttpFtpDocumentForChild(
+ nsIChannel* aChannel, bool* aShouldWaitForPermissionCookieUpdate) {
+ MOZ_ASSERT(aChannel);
+
+ if (aShouldWaitForPermissionCookieUpdate) {
+ *aShouldWaitForPermissionCookieUpdate = false;
+ }
+
+ nsresult rv;
+ bool isDocument = aChannel->IsDocument();
+ if (!isDocument) {
+ // We may be looking at a nsIHttpChannel which has isMainDocumentChannel set
+ // (e.g. the internal http channel for a view-source: load.).
+ nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
+ if (httpChannel) {
+ rv = httpChannel->GetIsMainDocumentChannel(&isDocument);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ }
+ if (!isDocument) {
+ return NS_OK;
+ }
+
+ // Get the principal for the channel result, so that we can get the permission
+ // key for the document which will be created from this response.
+ nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+ if (NS_WARN_IF(!ssm)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIPrincipal> principal;
+ nsCOMPtr<nsIPrincipal> partitionedPrincipal;
+ rv = ssm->GetChannelResultPrincipals(aChannel, getter_AddRefs(principal),
+ getter_AddRefs(partitionedPrincipal));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Let the caller know we're going to send main thread IPC for updating
+ // permisssions/cookies.
+ if (aShouldWaitForPermissionCookieUpdate) {
+ *aShouldWaitForPermissionCookieUpdate = true;
+ }
+
+ TransmitBlobURLsForPrincipal(principal);
+
+ // Tranmit permissions for both regular and partitioned principal so that the
+ // content process can get permissions for the partitioned principal. For
+ // example, the desk-notification permission for a partitioned service worker.
+ rv = TransmitPermissionsForPrincipal(principal);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ rv = TransmitPermissionsForPrincipal(partitionedPrincipal);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsLoadFlags newLoadFlags;
+ aChannel->GetLoadFlags(&newLoadFlags);
+ if (newLoadFlags & nsIRequest::LOAD_DOCUMENT_NEEDS_COOKIE) {
+ UpdateCookieStatus(aChannel);
+ }
+
+ RefPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+ RefPtr<BrowsingContext> browsingContext;
+ rv = loadInfo->GetTargetBrowsingContext(getter_AddRefs(browsingContext));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (!NextGenLocalStorageEnabled()) {
+ return NS_OK;
+ }
+
+ if (principal->GetIsContentPrincipal()) {
+ nsCOMPtr<nsILocalStorageManager> lsm =
+ do_GetService("@mozilla.org/dom/localStorage-manager;1");
+ if (NS_WARN_IF(!lsm)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIPrincipal> storagePrincipal;
+ rv = ssm->GetChannelResultStoragePrincipal(
+ aChannel, getter_AddRefs(storagePrincipal));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ RefPtr<Promise> dummy;
+ rv = lsm->Preload(storagePrincipal, nullptr, getter_AddRefs(dummy));
+ if (NS_FAILED(rv)) {
+ NS_WARNING("Failed to preload local storage!");
+ }
+ }
+
+ return NS_OK;
+}
+
+nsresult ContentParent::TransmitPermissionsForPrincipal(
+ nsIPrincipal* aPrincipal) {
+ // Create the key, and send it down to the content process.
+ nsTArray<std::pair<nsCString, nsCString>> pairs =
+ PermissionManager::GetAllKeysForPrincipal(aPrincipal);
+ MOZ_ASSERT(pairs.Length() >= 1);
+ for (auto& pair : pairs) {
+ EnsurePermissionsByKey(pair.first, pair.second);
+ }
+
+ // We need to add the Site to the secondary keys of interest here.
+ // This allows site-scoped permission updates to propogate when the
+ // port is non-standard.
+ nsAutoCString siteKey;
+ nsresult rv =
+ PermissionManager::GetKeyForPrincipal(aPrincipal, false, true, siteKey);
+ if (NS_SUCCEEDED(rv) && !siteKey.IsEmpty()) {
+ mActiveSecondaryPermissionKeys.EnsureInserted(siteKey);
+ }
+
+ return NS_OK;
+}
+
+void ContentParent::TransmitBlobURLsForPrincipal(nsIPrincipal* aPrincipal) {
+ // If we're already broadcasting BlobURLs with this principal, we don't need
+ // to send them here.
+ if (BlobURLProtocolHandler::IsBlobURLBroadcastPrincipal(aPrincipal)) {
+ return;
+ }
+
+ // We shouldn't have any Blob URLs with expanded principals, so transmit URLs
+ // for each principal in the AllowList instead.
+ if (nsCOMPtr<nsIExpandedPrincipal> ep = do_QueryInterface(aPrincipal)) {
+ for (const auto& prin : ep->AllowList()) {
+ TransmitBlobURLsForPrincipal(prin);
+ }
+ return;
+ }
+
+ uint64_t originHash = ComputeLoadedOriginHash(aPrincipal);
+
+ if (!mLoadedOriginHashes.Contains(originHash)) {
+ mLoadedOriginHashes.AppendElement(originHash);
+
+ nsTArray<BlobURLRegistrationData> registrations;
+ BlobURLProtocolHandler::ForEachBlobURL(
+ [&](BlobImpl* aBlobImpl, nsIPrincipal* aBlobPrincipal,
+ const nsCString& aPartitionKey, const nsACString& aURI,
+ bool aRevoked) {
+ // This check uses `ComputeLoadedOriginHash` to compare, rather than
+ // doing the more accurate `Equals` check, as it needs to match the
+ // behaviour of the logic to broadcast new registrations.
+ if (originHash != ComputeLoadedOriginHash(aBlobPrincipal)) {
+ return true;
+ }
+
+ IPCBlob ipcBlob;
+ nsresult rv = IPCBlobUtils::Serialize(aBlobImpl, ipcBlob);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ registrations.AppendElement(
+ BlobURLRegistrationData(nsCString(aURI), ipcBlob, aPrincipal,
+ nsCString(aPartitionKey), aRevoked));
+
+ rv = TransmitPermissionsForPrincipal(aBlobPrincipal);
+ Unused << NS_WARN_IF(NS_FAILED(rv));
+ return true;
+ });
+
+ if (!registrations.IsEmpty()) {
+ Unused << SendInitBlobURLs(registrations);
+ }
+ }
+}
+
+void ContentParent::TransmitBlobDataIfBlobURL(nsIURI* aURI) {
+ MOZ_ASSERT(aURI);
+
+ nsCOMPtr<nsIPrincipal> principal;
+ if (BlobURLProtocolHandler::GetBlobURLPrincipal(aURI,
+ getter_AddRefs(principal))) {
+ TransmitBlobURLsForPrincipal(principal);
+ }
+}
+
+void ContentParent::EnsurePermissionsByKey(const nsACString& aKey,
+ const nsACString& aOrigin) {
+ // NOTE: Make sure to initialize the permission manager before updating the
+ // mActivePermissionKeys list. If the permission manager is being initialized
+ // by this call to GetPermissionManager, and we've added the key to
+ // mActivePermissionKeys, then the permission manager will send down a
+ // SendAddPermission before receiving the SendSetPermissionsWithKey message.
+ RefPtr<PermissionManager> permManager = PermissionManager::GetInstance();
+ if (!permManager) {
+ return;
+ }
+
+ if (!mActivePermissionKeys.EnsureInserted(aKey)) {
+ return;
+ }
+
+ nsTArray<IPC::Permission> perms;
+ if (permManager->GetPermissionsFromOriginOrKey(aOrigin, aKey, perms)) {
+ Unused << SendSetPermissionsWithKey(aKey, perms);
+ }
+}
+
+bool ContentParent::NeedsPermissionsUpdate(
+ const nsACString& aPermissionKey) const {
+ return mActivePermissionKeys.Contains(aPermissionKey);
+}
+
+bool ContentParent::NeedsSecondaryKeyPermissionsUpdate(
+ const nsACString& aPermissionKey) const {
+ return mActiveSecondaryPermissionKeys.Contains(aPermissionKey);
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAccumulateChildHistograms(
+ nsTArray<HistogramAccumulation>&& aAccumulations) {
+ TelemetryIPC::AccumulateChildHistograms(GetTelemetryProcessID(mRemoteType),
+ aAccumulations);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAccumulateChildKeyedHistograms(
+ nsTArray<KeyedHistogramAccumulation>&& aAccumulations) {
+ TelemetryIPC::AccumulateChildKeyedHistograms(
+ GetTelemetryProcessID(mRemoteType), aAccumulations);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvUpdateChildScalars(
+ nsTArray<ScalarAction>&& aScalarActions) {
+ TelemetryIPC::UpdateChildScalars(GetTelemetryProcessID(mRemoteType),
+ aScalarActions);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvUpdateChildKeyedScalars(
+ nsTArray<KeyedScalarAction>&& aScalarActions) {
+ TelemetryIPC::UpdateChildKeyedScalars(GetTelemetryProcessID(mRemoteType),
+ aScalarActions);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRecordChildEvents(
+ nsTArray<mozilla::Telemetry::ChildEventData>&& aEvents) {
+ TelemetryIPC::RecordChildEvents(GetTelemetryProcessID(mRemoteType), aEvents);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRecordDiscardedData(
+ const mozilla::Telemetry::DiscardedData& aDiscardedData) {
+ TelemetryIPC::RecordDiscardedData(GetTelemetryProcessID(mRemoteType),
+ aDiscardedData);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRecordPageLoadEvent(
+ const mozilla::glean::perf::PageLoadExtra& aPageLoadEventExtra) {
+ mozilla::glean::perf::page_load.Record(mozilla::Some(aPageLoadEventExtra));
+
+ // Send the PageLoadPing after every 30 page loads, or on startup.
+ if (++sPageLoadEventCounter >= 30) {
+ NS_SUCCEEDED(NS_DispatchToMainThreadQueue(
+ NS_NewRunnableFunction(
+ "PageLoadPingIdleTask",
+ [] { mozilla::glean_pings::Pageload.Submit("threshold"_ns); }),
+ EventQueuePriority::Idle));
+ sPageLoadEventCounter = 0;
+ }
+
+ return IPC_OK();
+}
+
+//////////////////////////////////////////////////////////////////
+// PURLClassifierParent
+
+PURLClassifierParent* ContentParent::AllocPURLClassifierParent(
+ nsIPrincipal* aPrincipal, bool* aSuccess) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ *aSuccess = true;
+ RefPtr<URLClassifierParent> actor = new URLClassifierParent();
+ return actor.forget().take();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvPURLClassifierConstructor(
+ PURLClassifierParent* aActor, nsIPrincipal* aPrincipal, bool* aSuccess) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(aActor);
+ *aSuccess = false;
+
+ auto* actor = static_cast<URLClassifierParent*>(aActor);
+ nsCOMPtr<nsIPrincipal> principal(aPrincipal);
+ if (!principal) {
+ actor->ClassificationFailed();
+ return IPC_OK();
+ }
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ return actor->StartClassify(principal, aSuccess);
+}
+
+bool ContentParent::DeallocPURLClassifierParent(PURLClassifierParent* aActor) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(aActor);
+
+ RefPtr<URLClassifierParent> actor =
+ dont_AddRef(static_cast<URLClassifierParent*>(aActor));
+ return true;
+}
+
+//////////////////////////////////////////////////////////////////
+// PURLClassifierLocalParent
+
+PURLClassifierLocalParent* ContentParent::AllocPURLClassifierLocalParent(
+ nsIURI* aURI, const nsTArray<IPCURLClassifierFeature>& aFeatures) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ RefPtr<URLClassifierLocalParent> actor = new URLClassifierLocalParent();
+ return actor.forget().take();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvPURLClassifierLocalConstructor(
+ PURLClassifierLocalParent* aActor, nsIURI* aURI,
+ nsTArray<IPCURLClassifierFeature>&& aFeatures) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(aActor);
+
+ nsTArray<IPCURLClassifierFeature> features = std::move(aFeatures);
+
+ if (!aURI) {
+ return IPC_FAIL(this, "aURI should not be null");
+ }
+
+ auto* actor = static_cast<URLClassifierLocalParent*>(aActor);
+ return actor->StartClassify(aURI, features);
+}
+
+bool ContentParent::DeallocPURLClassifierLocalParent(
+ PURLClassifierLocalParent* aActor) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(aActor);
+
+ RefPtr<URLClassifierLocalParent> actor =
+ dont_AddRef(static_cast<URLClassifierLocalParent*>(aActor));
+ return true;
+}
+
+PSessionStorageObserverParent*
+ContentParent::AllocPSessionStorageObserverParent() {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return mozilla::dom::AllocPSessionStorageObserverParent();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvPSessionStorageObserverConstructor(
+ PSessionStorageObserverParent* aActor) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(aActor);
+
+ if (!mozilla::dom::RecvPSessionStorageObserverConstructor(aActor)) {
+ return IPC_FAIL(this, "RecvPSessionStorageObserverConstructor failed.");
+ }
+ return IPC_OK();
+}
+
+bool ContentParent::DeallocPSessionStorageObserverParent(
+ PSessionStorageObserverParent* aActor) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(aActor);
+
+ return mozilla::dom::DeallocPSessionStorageObserverParent(aActor);
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvBHRThreadHang(
+ const HangDetails& aDetails) {
+ nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
+ if (obs) {
+ // Copy the HangDetails recieved over the network into a nsIHangDetails, and
+ // then fire our own observer notification.
+ // XXX: We should be able to avoid this potentially expensive copy here by
+ // moving our deserialized argument.
+ nsCOMPtr<nsIHangDetails> hangDetails =
+ new nsHangDetails(HangDetails(aDetails), PersistedToDisk::No);
+ obs->NotifyObservers(hangDetails, "bhr-thread-hang", nullptr);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAddCertException(
+ nsIX509Cert* aCert, const nsACString& aHostName, int32_t aPort,
+ const OriginAttributes& aOriginAttributes, bool aIsTemporary,
+ AddCertExceptionResolver&& aResolver) {
+ nsCOMPtr<nsICertOverrideService> overrideService =
+ do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+ if (!overrideService) {
+ aResolver(NS_ERROR_FAILURE);
+ return IPC_OK();
+ }
+ nsresult rv = overrideService->RememberValidityOverride(
+ aHostName, aPort, aOriginAttributes, aCert, aIsTemporary);
+ aResolver(rv);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvAutomaticStorageAccessPermissionCanBeGranted(
+ nsIPrincipal* aPrincipal,
+ AutomaticStorageAccessPermissionCanBeGrantedResolver&& aResolver) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ aResolver(Document::AutomaticStorageAccessPermissionCanBeGranted(aPrincipal));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvStorageAccessPermissionGrantedForOrigin(
+ uint64_t aTopLevelWindowId,
+ const MaybeDiscarded<BrowsingContext>& aParentContext,
+ nsIPrincipal* aTrackingPrincipal, const nsACString& aTrackingOrigin,
+ const int& aAllowMode,
+ const Maybe<ContentBlockingNotifier::StorageAccessPermissionGrantedReason>&
+ aReason,
+ const bool& aFrameOnly,
+ StorageAccessPermissionGrantedForOriginResolver&& aResolver) {
+ if (aParentContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ if (!aTrackingPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ // We only report here if we cannot report the console directly in the content
+ // process. In that case, the `aReason` would be given a value. Otherwise, it
+ // will be nothing.
+ if (aReason) {
+ ContentBlockingNotifier::ReportUnblockingToConsole(
+ aParentContext.get_canonical(), NS_ConvertUTF8toUTF16(aTrackingOrigin),
+ aReason.value());
+ }
+
+ StorageAccessAPIHelper::SaveAccessForOriginOnParentProcess(
+ aTopLevelWindowId, aParentContext.get_canonical(), aTrackingPrincipal,
+ aAllowMode, aFrameOnly)
+ ->Then(GetCurrentSerialEventTarget(), __func__,
+ [aResolver = std::move(aResolver)](
+ StorageAccessAPIHelper::ParentAccessGrantPromise::
+ ResolveOrRejectValue&& aValue) {
+ bool success =
+ aValue.IsResolve() && NS_SUCCEEDED(aValue.ResolveValue());
+ aResolver(success);
+ });
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCompleteAllowAccessFor(
+ const MaybeDiscarded<BrowsingContext>& aParentContext,
+ uint64_t aTopLevelWindowId, nsIPrincipal* aTrackingPrincipal,
+ const nsACString& aTrackingOrigin, uint32_t aCookieBehavior,
+ const ContentBlockingNotifier::StorageAccessPermissionGrantedReason&
+ aReason,
+ CompleteAllowAccessForResolver&& aResolver) {
+ if (aParentContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ StorageAccessAPIHelper::CompleteAllowAccessForOnParentProcess(
+ aParentContext.get_canonical(), aTopLevelWindowId, aTrackingPrincipal,
+ aTrackingOrigin, aCookieBehavior, aReason, nullptr)
+ ->Then(GetCurrentSerialEventTarget(), __func__,
+ [aResolver = std::move(aResolver)](
+ StorageAccessAPIHelper::StorageAccessPermissionGrantPromise::
+ ResolveOrRejectValue&& aValue) {
+ Maybe<StorageAccessPromptChoices> choice;
+ if (aValue.IsResolve()) {
+ choice.emplace(static_cast<StorageAccessPromptChoices>(
+ aValue.ResolveValue()));
+ }
+ aResolver(choice);
+ });
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetAllowStorageAccessRequestFlag(
+ nsIPrincipal* aEmbeddedPrincipal, nsIURI* aEmbeddingOrigin,
+ SetAllowStorageAccessRequestFlagResolver&& aResolver) {
+ MOZ_ASSERT(aEmbeddedPrincipal);
+ MOZ_ASSERT(aEmbeddingOrigin);
+
+ if (!aEmbeddedPrincipal || !aEmbeddingOrigin) {
+ aResolver(false);
+ return IPC_OK();
+ }
+
+ // Get the permission manager and build the key.
+ RefPtr<PermissionManager> permManager = PermissionManager::GetInstance();
+ if (!permManager) {
+ aResolver(false);
+ return IPC_OK();
+ }
+ nsCOMPtr<nsIURI> embeddedURI = aEmbeddedPrincipal->GetURI();
+ nsCString permissionKey;
+ bool success = AntiTrackingUtils::CreateStorageRequestPermissionKey(
+ embeddedURI, permissionKey);
+ if (!success) {
+ aResolver(false);
+ return IPC_OK();
+ }
+
+ // Set the permission to ALLOW for a prefence specified amount of seconds.
+ // Time units are inconsistent, be careful
+ int64_t when = (PR_Now() / PR_USEC_PER_MSEC) +
+ StaticPrefs::dom_storage_access_forward_declared_lifetime() *
+ PR_MSEC_PER_SEC;
+ nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateContentPrincipal(
+ aEmbeddingOrigin, aEmbeddedPrincipal->OriginAttributesRef());
+ nsresult rv = permManager->AddFromPrincipal(
+ principal, permissionKey, nsIPermissionManager::ALLOW_ACTION,
+ nsIPermissionManager::EXPIRE_TIME, when);
+ if (NS_FAILED(rv)) {
+ aResolver(false);
+ return IPC_OK();
+ }
+
+ // Resolve with success if we set the permission.
+ aResolver(true);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvTestAllowStorageAccessRequestFlag(
+ nsIPrincipal* aEmbeddingPrincipal, nsIURI* aEmbeddedOrigin,
+ TestAllowStorageAccessRequestFlagResolver&& aResolver) {
+ MOZ_ASSERT(aEmbeddingPrincipal);
+ MOZ_ASSERT(aEmbeddedOrigin);
+
+ // Get the permission manager and build the key.
+ RefPtr<PermissionManager> permManager = PermissionManager::GetInstance();
+ if (!permManager) {
+ aResolver(false);
+ return IPC_OK();
+ }
+ nsCString requestPermissionKey;
+ bool success = AntiTrackingUtils::CreateStorageRequestPermissionKey(
+ aEmbeddedOrigin, requestPermissionKey);
+ if (!success) {
+ aResolver(false);
+ return IPC_OK();
+ }
+
+ // Get the permission and resolve false if it is not set to ALLOW.
+ uint32_t access = nsIPermissionManager::UNKNOWN_ACTION;
+ nsresult rv = permManager->TestPermissionFromPrincipal(
+ aEmbeddingPrincipal, requestPermissionKey, &access);
+ if (NS_FAILED(rv)) {
+ aResolver(false);
+ return IPC_OK();
+ }
+ if (access != nsIPermissionManager::ALLOW_ACTION) {
+ aResolver(false);
+ return IPC_OK();
+ }
+
+ // Remove the permission, failing if the permission manager fails
+ rv = permManager->RemoveFromPrincipal(aEmbeddingPrincipal,
+ requestPermissionKey);
+ if (NS_FAILED(rv)) {
+ aResolver(false);
+ return IPC_OK();
+ }
+
+ // At this point, signal to our caller that the permission was set
+ aResolver(true);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvStoreUserInteractionAsPermission(
+ nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ if (!ValidatePrincipal(aPrincipal)) {
+ LogAndAssertFailedPrincipalValidationInfo(aPrincipal, __func__);
+ }
+ ContentBlockingUserInteraction::Observe(aPrincipal);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvTestCookiePermissionDecided(
+ const MaybeDiscarded<BrowsingContext>& aContext, nsIPrincipal* aPrincipal,
+ const TestCookiePermissionDecidedResolver&& aResolver) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ if (!aPrincipal) {
+ return IPC_FAIL(this, "No principal");
+ }
+
+ RefPtr<WindowGlobalParent> wgp =
+ aContext.get_canonical()->GetCurrentWindowGlobal();
+ nsCOMPtr<nsICookieJarSettings> cjs = wgp->CookieJarSettings();
+
+ Maybe<bool> result =
+ StorageAccessAPIHelper::CheckCookiesPermittedDecidesStorageAccessAPI(
+ cjs, aPrincipal);
+ aResolver(result);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvTestStorageAccessPermission(
+ nsIPrincipal* aEmbeddingPrincipal, const nsCString& aEmbeddedOrigin,
+ const TestStorageAccessPermissionResolver&& aResolver) {
+ // Get the permission manager and build the key.
+ RefPtr<PermissionManager> permManager = PermissionManager::GetInstance();
+ if (!permManager) {
+ aResolver(Nothing());
+ return IPC_OK();
+ }
+ nsCString requestPermissionKey;
+ AntiTrackingUtils::CreateStoragePermissionKey(aEmbeddedOrigin,
+ requestPermissionKey);
+
+ // Test the permission
+ uint32_t access = nsIPermissionManager::UNKNOWN_ACTION;
+ nsresult rv = permManager->TestPermissionFromPrincipal(
+ aEmbeddingPrincipal, requestPermissionKey, &access);
+ if (NS_FAILED(rv)) {
+ aResolver(Nothing());
+ return IPC_OK();
+ }
+ if (access == nsIPermissionManager::ALLOW_ACTION) {
+ aResolver(Some(true));
+ } else if (access == nsIPermissionManager::DENY_ACTION) {
+ aResolver(Some(false));
+ } else {
+ aResolver(Nothing());
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyMediaPlaybackChanged(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ MediaPlaybackState aState) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController()) {
+ updater->NotifyMediaPlaybackChanged(aContext.ContextId(), aState);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyMediaAudibleChanged(
+ const MaybeDiscarded<BrowsingContext>& aContext, MediaAudibleState aState) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController()) {
+ updater->NotifyMediaAudibleChanged(aContext.ContextId(), aState);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyPictureInPictureModeChanged(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aEnabled) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (RefPtr<MediaController> controller =
+ aContext.get_canonical()->GetMediaController()) {
+ controller->SetIsInPictureInPictureMode(aContext.ContextId(), aEnabled);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAbortOtherOrientationPendingPromises(
+ const MaybeDiscarded<BrowsingContext>& aContext) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ context->Group()->EachOtherParent(this, [&](ContentParent* aParent) {
+ Unused << aParent->SendAbortOrientationPendingPromises(context);
+ });
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyMediaSessionUpdated(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aIsCreated) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController();
+ if (!updater) {
+ return IPC_OK();
+ }
+ if (aIsCreated) {
+ updater->NotifySessionCreated(aContext->Id());
+ } else {
+ updater->NotifySessionDestroyed(aContext->Id());
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyUpdateMediaMetadata(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const Maybe<MediaMetadataBase>& aMetadata) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController()) {
+ updater->UpdateMetadata(aContext.ContextId(), aMetadata);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvNotifyMediaSessionPlaybackStateChanged(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ MediaSessionPlaybackState aPlaybackState) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController()) {
+ updater->SetDeclaredPlaybackState(aContext.ContextId(), aPlaybackState);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvNotifyMediaSessionSupportedActionChanged(
+ const MaybeDiscarded<BrowsingContext>& aContext, MediaSessionAction aAction,
+ bool aEnabled) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController();
+ if (!updater) {
+ return IPC_OK();
+ }
+ if (aEnabled) {
+ updater->EnableAction(aContext.ContextId(), aAction);
+ } else {
+ updater->DisableAction(aContext.ContextId(), aAction);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyMediaFullScreenState(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aIsInFullScreen) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController()) {
+ updater->NotifyMediaFullScreenState(aContext.ContextId(), aIsInFullScreen);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyPositionStateChanged(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const PositionState& aState) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (RefPtr<IMediaInfoUpdater> updater =
+ aContext.get_canonical()->GetMediaController()) {
+ updater->UpdatePositionState(aContext.ContextId(), aState);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAddOrRemovePageAwakeRequest(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const bool& aShouldAddCount) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+ if (aShouldAddCount) {
+ aContext.get_canonical()->AddPageAwakeRequest();
+ } else {
+ aContext.get_canonical()->RemovePageAwakeRequest();
+ }
+ return IPC_OK();
+}
+
+#if defined(XP_WIN)
+mozilla::ipc::IPCResult ContentParent::RecvGetModulesTrust(
+ ModulePaths&& aModPaths, bool aRunAtNormalPriority,
+ GetModulesTrustResolver&& aResolver) {
+ RefPtr<DllServices> dllSvc(DllServices::Get());
+ dllSvc->GetModulesTrust(std::move(aModPaths), aRunAtNormalPriority)
+ ->Then(
+ GetMainThreadSerialEventTarget(), __func__,
+ [aResolver](ModulesMapResult&& aResult) {
+ aResolver(Some(ModulesMapResult(std::move(aResult))));
+ },
+ [aResolver](nsresult aRv) { aResolver(Nothing()); });
+ return IPC_OK();
+}
+#endif // defined(XP_WIN)
+
+mozilla::ipc::IPCResult ContentParent::RecvCreateBrowsingContext(
+ uint64_t aGroupId, BrowsingContext::IPCInitializer&& aInit) {
+ RefPtr<WindowGlobalParent> parent;
+ if (aInit.mParentId != 0) {
+ parent = WindowGlobalParent::GetByInnerWindowId(aInit.mParentId);
+ if (!parent) {
+ return IPC_FAIL(this, "Parent doesn't exist in parent process");
+ }
+ }
+
+ if (parent && parent->GetContentParent() != this) {
+ // We're trying attach a child BrowsingContext to a parent
+ // WindowContext in another process. This is illegal since the
+ // only thing that could create that child BrowsingContext is the parent
+ // window's process.
+ return IPC_FAIL(this,
+ "Must create BrowsingContext from the parent's process");
+ }
+
+ RefPtr<BrowsingContext> opener;
+ if (aInit.GetOpenerId() != 0) {
+ opener = BrowsingContext::Get(aInit.GetOpenerId());
+ if (!opener) {
+ return IPC_FAIL(this, "Opener doesn't exist in parent process");
+ }
+ }
+
+ RefPtr<BrowsingContext> child = BrowsingContext::Get(aInit.mId);
+ if (child) {
+ // This is highly suspicious. BrowsingContexts should only be created once,
+ // so finding one indicates that someone is doing something they shouldn't.
+ return IPC_FAIL(this, "A BrowsingContext with this ID already exists");
+ }
+
+ // Ensure that the passed-in BrowsingContextGroup is valid.
+ RefPtr<BrowsingContextGroup> group =
+ BrowsingContextGroup::GetOrCreate(aGroupId);
+ if (parent && parent->Group() != group) {
+ if (parent->Group()->Id() != aGroupId) {
+ return IPC_FAIL(this, "Parent has different group ID");
+ } else {
+ return IPC_FAIL(this, "Parent has different group object");
+ }
+ }
+ if (opener && opener->Group() != group) {
+ if (opener->Group()->Id() != aGroupId) {
+ return IPC_FAIL(this, "Opener has different group ID");
+ } else {
+ return IPC_FAIL(this, "Opener has different group object");
+ }
+ }
+ if (!parent && !opener && !group->Toplevels().IsEmpty()) {
+ return IPC_FAIL(this, "Unrelated context from child in stale group");
+ }
+
+ return BrowsingContext::CreateFromIPC(std::move(aInit), group, this);
+}
+
+bool ContentParent::CheckBrowsingContextEmbedder(CanonicalBrowsingContext* aBC,
+ const char* aOperation) const {
+ if (!aBC->IsEmbeddedInProcess(ChildID())) {
+ MOZ_LOG(BrowsingContext::GetLog(), LogLevel::Warning,
+ ("ParentIPC: Trying to %s out of process context 0x%08" PRIx64,
+ aOperation, aBC->Id()));
+ return false;
+ }
+ return true;
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvDiscardBrowsingContext(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aDoDiscard,
+ DiscardBrowsingContextResolver&& aResolve) {
+ if (CanonicalBrowsingContext* context =
+ CanonicalBrowsingContext::Cast(aContext.GetMaybeDiscarded())) {
+ if (aDoDiscard && !context->IsDiscarded()) {
+ if (!CheckBrowsingContextEmbedder(context, "discard")) {
+ return IPC_FAIL(this, "Illegal Discard attempt");
+ }
+
+ context->Detach(/* aFromIPC */ true);
+ }
+ context->AddFinalDiscardListener(aResolve);
+ return IPC_OK();
+ }
+
+ // Resolve the promise, as we've received and handled the message. This will
+ // allow the content process to fully-discard references to this BC.
+ aResolve(true);
+ return IPC_OK();
+}
+
+void ContentParent::UnregisterRemoveWorkerActor() {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ {
+ RecursiveMutexAutoLock lock(mThreadsafeHandle->mMutex);
+ if (--mThreadsafeHandle->mRemoteWorkerActorCount) {
+ return;
+ }
+ }
+
+ MOZ_LOG(ContentParent::GetLog(), LogLevel::Verbose,
+ ("UnregisterRemoveWorkerActor %p", this));
+ MaybeBeginShutDown();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvWindowClose(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aTrustedCaller) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ // FIXME Need to check that the sending process has access to the unit of
+ // related
+ // browsing contexts of bc.
+
+ if (ContentParent* cp = context->GetContentParent()) {
+ Unused << cp->SendWindowClose(context, aTrustedCaller);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvWindowFocus(
+ const MaybeDiscarded<BrowsingContext>& aContext, CallerType aCallerType,
+ uint64_t aActionId) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(("ContentParent::RecvWindowFocus actionid: %" PRIu64, aActionId));
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ if (ContentParent* cp = context->GetContentParent()) {
+ Unused << cp->SendWindowFocus(context, aCallerType, aActionId);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvWindowBlur(
+ const MaybeDiscarded<BrowsingContext>& aContext, CallerType aCallerType) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ if (ContentParent* cp = context->GetContentParent()) {
+ Unused << cp->SendWindowBlur(context, aCallerType);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRaiseWindow(
+ const MaybeDiscarded<BrowsingContext>& aContext, CallerType aCallerType,
+ uint64_t aActionId) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(("ContentParent::RecvRaiseWindow actionid: %" PRIu64, aActionId));
+
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ if (ContentParent* cp = context->GetContentParent()) {
+ Unused << cp->SendRaiseWindow(context, aCallerType, aActionId);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvAdjustWindowFocus(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aIsVisible,
+ uint64_t aActionId) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(
+ ("ContentParent::RecvAdjustWindowFocus isVisible %d actionid: %" PRIu64,
+ aIsVisible, aActionId));
+
+ nsTHashMap<nsPtrHashKey<ContentParent>, bool> processes(2);
+ processes.InsertOrUpdate(this, true);
+
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+ if (cpm) {
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+ while (context) {
+ BrowsingContext* parent = context->GetParent();
+ if (!parent) {
+ break;
+ }
+
+ CanonicalBrowsingContext* canonicalParent = parent->Canonical();
+ ContentParent* cp = cpm->GetContentProcessById(
+ ContentParentId(canonicalParent->OwnerProcessId()));
+ if (cp && !processes.Get(cp)) {
+ Unused << cp->SendAdjustWindowFocus(context, aIsVisible, aActionId);
+ processes.InsertOrUpdate(cp, true);
+ }
+ context = canonicalParent;
+ }
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvClearFocus(
+ const MaybeDiscarded<BrowsingContext>& aContext) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ if (ContentParent* cp = context->GetContentParent()) {
+ Unused << cp->SendClearFocus(context);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetFocusedBrowsingContext(
+ const MaybeDiscarded<BrowsingContext>& aContext, uint64_t aActionId) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(("ContentParent::RecvSetFocusedBrowsingContext actionid: %" PRIu64,
+ aActionId));
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (!fm) {
+ return IPC_OK();
+ }
+
+ if (!fm->SetFocusedBrowsingContextInChrome(context, aActionId)) {
+ LOGFOCUS((
+ "Ignoring out-of-sequence attempt [%p] to set focused browsing context "
+ "in parent.",
+ context));
+ Unused << SendReviseFocusedBrowsingContext(
+ aActionId, fm->GetFocusedBrowsingContextInChrome(),
+ fm->GetActionIdForFocusedBrowsingContextInChrome());
+ return IPC_OK();
+ }
+
+ BrowserParent::UpdateFocusFromBrowsingContext();
+
+ context->Group()->EachOtherParent(this, [&](ContentParent* aParent) {
+ Unused << aParent->SendSetFocusedBrowsingContext(context, aActionId);
+ });
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetActiveBrowsingContext(
+ const MaybeDiscarded<BrowsingContext>& aContext, uint64_t aActionId) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(("ContentParent::RecvSetActiveBrowsingContext actionid: %" PRIu64,
+ aActionId));
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (!fm) {
+ return IPC_OK();
+ }
+
+ if (!fm->SetActiveBrowsingContextInChrome(context, aActionId)) {
+ LOGFOCUS(
+ ("Ignoring out-of-sequence attempt [%p] to set active browsing context "
+ "in parent.",
+ context));
+ Unused << SendReviseActiveBrowsingContext(
+ aActionId, fm->GetActiveBrowsingContextInChrome(),
+ fm->GetActionIdForActiveBrowsingContextInChrome());
+ return IPC_OK();
+ }
+
+ context->Group()->EachOtherParent(this, [&](ContentParent* aParent) {
+ Unused << aParent->SendSetActiveBrowsingContext(context, aActionId);
+ });
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvUnsetActiveBrowsingContext(
+ const MaybeDiscarded<BrowsingContext>& aContext, uint64_t aActionId) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(("ContentParent::RecvUnsetActiveBrowsingContext actionid: %" PRIu64,
+ aActionId));
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (!fm) {
+ return IPC_OK();
+ }
+
+ if (!fm->SetActiveBrowsingContextInChrome(nullptr, aActionId)) {
+ LOGFOCUS(
+ ("Ignoring out-of-sequence attempt to unset active browsing context in "
+ "parent [%p].",
+ context));
+ Unused << SendReviseActiveBrowsingContext(
+ aActionId, fm->GetActiveBrowsingContextInChrome(),
+ fm->GetActionIdForActiveBrowsingContextInChrome());
+ return IPC_OK();
+ }
+
+ context->Group()->EachOtherParent(this, [&](ContentParent* aParent) {
+ Unused << aParent->SendUnsetActiveBrowsingContext(context, aActionId);
+ });
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetFocusedElement(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aNeedsFocus) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(("ContentParent::RecvSetFocusedElement"));
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ if (ContentParent* cp = context->GetContentParent()) {
+ Unused << cp->SendSetFocusedElement(context, aNeedsFocus);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvFinalizeFocusOuter(
+ const MaybeDiscarded<BrowsingContext>& aContext, bool aCanFocus,
+ CallerType aCallerType) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ LOGFOCUS(("ContentParent::RecvFinalizeFocusOuter"));
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+ ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
+ if (cpm) {
+ ContentParent* cp = cpm->GetContentProcessById(
+ ContentParentId(context->EmbedderProcessId()));
+ if (cp) {
+ Unused << cp->SendFinalizeFocusOuter(context, aCanFocus, aCallerType);
+ }
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvInsertNewFocusActionId(
+ uint64_t aActionId) {
+ LOGFOCUS(("ContentParent::RecvInsertNewFocusActionId actionid: %" PRIu64,
+ aActionId));
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (fm) {
+ fm->InsertNewFocusActionId(aActionId);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvBlurToParent(
+ const MaybeDiscarded<BrowsingContext>& aFocusedBrowsingContext,
+ const MaybeDiscarded<BrowsingContext>& aBrowsingContextToClear,
+ const MaybeDiscarded<BrowsingContext>& aAncestorBrowsingContextToFocus,
+ bool aIsLeavingDocument, bool aAdjustWidget,
+ bool aBrowsingContextToClearHandled,
+ bool aAncestorBrowsingContextToFocusHandled, uint64_t aActionId) {
+ if (aFocusedBrowsingContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+
+ LOGFOCUS(
+ ("ContentParent::RecvBlurToParent isLeavingDocument %d adjustWidget %d "
+ "browsingContextToClearHandled %d ancestorBrowsingContextToFocusHandled "
+ "%d actionid: %" PRIu64,
+ aIsLeavingDocument, aAdjustWidget, aBrowsingContextToClearHandled,
+ aAncestorBrowsingContextToFocusHandled, aActionId));
+
+ CanonicalBrowsingContext* focusedBrowsingContext =
+ aFocusedBrowsingContext.get_canonical();
+
+ // If aBrowsingContextToClear and aAncestorBrowsingContextToFocusHandled
+ // didn't get handled in the process that sent this IPC message and they
+ // aren't in the same process as aFocusedBrowsingContext, we need to split
+ // off their handling here and use SendSetFocusedElement to send them
+ // elsewhere than the blurring itself.
+
+ bool ancestorDifferent =
+ (!aAncestorBrowsingContextToFocusHandled &&
+ !aAncestorBrowsingContextToFocus.IsNullOrDiscarded() &&
+ (focusedBrowsingContext->OwnerProcessId() !=
+ aAncestorBrowsingContextToFocus.get_canonical()->OwnerProcessId()));
+ if (!aBrowsingContextToClearHandled &&
+ !aBrowsingContextToClear.IsNullOrDiscarded() &&
+ (focusedBrowsingContext->OwnerProcessId() !=
+ aBrowsingContextToClear.get_canonical()->OwnerProcessId())) {
+ MOZ_RELEASE_ASSERT(!ancestorDifferent,
+ "This combination is not supposed to happen.");
+ if (ContentParent* cp =
+ aBrowsingContextToClear.get_canonical()->GetContentParent()) {
+ Unused << cp->SendSetFocusedElement(aBrowsingContextToClear, false);
+ }
+ } else if (ancestorDifferent) {
+ if (ContentParent* cp = aAncestorBrowsingContextToFocus.get_canonical()
+ ->GetContentParent()) {
+ Unused << cp->SendSetFocusedElement(aAncestorBrowsingContextToFocus,
+ true);
+ }
+ }
+
+ if (ContentParent* cp = focusedBrowsingContext->GetContentParent()) {
+ Unused << cp->SendBlurToChild(aFocusedBrowsingContext,
+ aBrowsingContextToClear,
+ aAncestorBrowsingContextToFocus,
+ aIsLeavingDocument, aAdjustWidget, aActionId);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvMaybeExitFullscreen(
+ const MaybeDiscarded<BrowsingContext>& aContext) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ if (ContentParent* cp = context->GetContentParent()) {
+ Unused << cp->SendMaybeExitFullscreen(context);
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvWindowPostMessage(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const ClonedOrErrorMessageData& aMessage, const PostMessageData& aData) {
+ if (aContext.IsNullOrDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message to dead or detached context"));
+ return IPC_OK();
+ }
+ CanonicalBrowsingContext* context = aContext.get_canonical();
+
+ if (aData.source().IsDiscarded()) {
+ MOZ_LOG(
+ BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send a message from dead or detached context"));
+ return IPC_OK();
+ }
+
+ RefPtr<ContentParent> cp = context->GetContentParent();
+ if (!cp) {
+ MOZ_LOG(BrowsingContext::GetLog(), LogLevel::Debug,
+ ("ParentIPC: Trying to send PostMessage to dead content process"));
+ return IPC_OK();
+ }
+
+ ClonedOrErrorMessageData message;
+ StructuredCloneData messageFromChild;
+ if (aMessage.type() == ClonedOrErrorMessageData::TClonedMessageData) {
+ UnpackClonedMessageData(aMessage, messageFromChild);
+
+ ClonedMessageData clonedMessageData;
+ if (BuildClonedMessageData(messageFromChild, clonedMessageData)) {
+ message = std::move(clonedMessageData);
+ } else {
+ // FIXME Logging?
+ message = ErrorMessageData();
+ }
+ } else {
+ MOZ_ASSERT(aMessage.type() == ClonedOrErrorMessageData::TErrorMessageData);
+ message = ErrorMessageData();
+ }
+
+ Unused << cp->SendWindowPostMessage(context, message, aData);
+ return IPC_OK();
+}
+
+void ContentParent::AddBrowsingContextGroup(BrowsingContextGroup* aGroup) {
+ MOZ_DIAGNOSTIC_ASSERT(aGroup);
+ // Ensure that the group has been inserted, and if we're not launching
+ // anymore, also begin subscribing. Launching processes will be subscribed if
+ // they finish launching in `LaunchSubprocessResolve`.
+ if (mGroups.EnsureInserted(aGroup) && !IsLaunching()) {
+ aGroup->Subscribe(this);
+ }
+}
+
+void ContentParent::RemoveBrowsingContextGroup(BrowsingContextGroup* aGroup) {
+ MOZ_DIAGNOSTIC_ASSERT(aGroup);
+ // Remove the group from our list. This is called from the
+ // BrowsingContextGroup when unsubscribing, so we don't need to do it here.
+ if (mGroups.EnsureRemoved(aGroup) && CanSend()) {
+ // If we're removing the entry for the first time, tell the content process
+ // to clean up the group.
+ Unused << SendDestroyBrowsingContextGroup(aGroup->Id());
+ }
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCommitBrowsingContextTransaction(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ BrowsingContext::BaseTransaction&& aTransaction, uint64_t aEpoch) {
+ // Record the new BrowsingContextFieldEpoch associated with this transaction.
+ // This should be done unconditionally, so that we're always in-sync.
+ //
+ // The order the parent process receives transactions is considered the
+ // "canonical" ordering, so we don't need to worry about doing any
+ // epoch-related validation.
+ MOZ_ASSERT(aEpoch == mBrowsingContextFieldEpoch + 1,
+ "Child process skipped an epoch?");
+ mBrowsingContextFieldEpoch = aEpoch;
+
+ return aTransaction.CommitFromIPC(aContext, this);
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvBlobURLDataRequest(
+ const nsACString& aBlobURL, nsIPrincipal* aTriggeringPrincipal,
+ nsIPrincipal* aLoadingPrincipal, const OriginAttributes& aOriginAttributes,
+ uint64_t aInnerWindowId, const nsCString& aPartitionKey,
+ BlobURLDataRequestResolver&& aResolver) {
+ RefPtr<BlobImpl> blobImpl;
+
+ // Since revoked blobs are also retrieved, it is possible that the blob no
+ // longer exists (due to the 5 second timeout) when execution reaches here
+ if (!BlobURLProtocolHandler::GetDataEntry(
+ aBlobURL, getter_AddRefs(blobImpl), aLoadingPrincipal,
+ aTriggeringPrincipal, aOriginAttributes, aInnerWindowId,
+ aPartitionKey, true /* AlsoIfRevoked */)) {
+ aResolver(NS_ERROR_DOM_BAD_URI);
+ return IPC_OK();
+ }
+
+ IPCBlob ipcBlob;
+ nsresult rv = IPCBlobUtils::Serialize(blobImpl, ipcBlob);
+
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aResolver(rv);
+ return IPC_OK();
+ }
+
+ aResolver(ipcBlob);
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvReportServiceWorkerShutdownProgress(
+ uint32_t aShutdownStateId, ServiceWorkerShutdownState::Progress aProgress) {
+ RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
+ MOZ_RELEASE_ASSERT(swm, "ServiceWorkers should shutdown before SWM.");
+
+ swm->ReportServiceWorkerShutdownProgress(aShutdownStateId, aProgress);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvNotifyOnHistoryReload(
+ const MaybeDiscarded<BrowsingContext>& aContext, const bool& aForceReload,
+ NotifyOnHistoryReloadResolver&& aResolver) {
+ bool canReload = false;
+ Maybe<NotNull<RefPtr<nsDocShellLoadState>>> loadState;
+ Maybe<bool> reloadActiveEntry;
+ if (!aContext.IsNullOrDiscarded()) {
+ aContext.get_canonical()->NotifyOnHistoryReload(
+ aForceReload, canReload, loadState, reloadActiveEntry);
+ }
+ aResolver(
+ std::tuple<const bool&,
+ const Maybe<NotNull<RefPtr<nsDocShellLoadState>>>&,
+ const Maybe<bool>&>(canReload, loadState, reloadActiveEntry));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvHistoryCommit(
+ const MaybeDiscarded<BrowsingContext>& aContext, const uint64_t& aLoadID,
+ const nsID& aChangeID, const uint32_t& aLoadType, const bool& aPersist,
+ const bool& aCloneEntryChildren, const bool& aChannelExpired,
+ const uint32_t& aCacheKey) {
+ if (!aContext.IsDiscarded()) {
+ CanonicalBrowsingContext* canonical = aContext.get_canonical();
+ if (!canonical) {
+ return IPC_FAIL(
+ this, "Could not get canonical. aContext.get_canonical() fails.");
+ }
+ canonical->SessionHistoryCommit(aLoadID, aChangeID, aLoadType, aPersist,
+ aCloneEntryChildren, aChannelExpired,
+ aCacheKey);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvHistoryGo(
+ const MaybeDiscarded<BrowsingContext>& aContext, int32_t aOffset,
+ uint64_t aHistoryEpoch, bool aRequireUserInteraction, bool aUserActivation,
+ HistoryGoResolver&& aResolveRequestedIndex) {
+ if (!aContext.IsNullOrDiscarded()) {
+ RefPtr<CanonicalBrowsingContext> canonical = aContext.get_canonical();
+ aResolveRequestedIndex(
+ canonical->HistoryGo(aOffset, aHistoryEpoch, aRequireUserInteraction,
+ aUserActivation, Some(ChildID())));
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSynchronizeLayoutHistoryState(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ nsILayoutHistoryState* aState) {
+ if (aContext.IsNull()) {
+ return IPC_OK();
+ }
+
+ BrowsingContext* bc = aContext.GetMaybeDiscarded();
+ if (!bc) {
+ return IPC_OK();
+ }
+ SessionHistoryEntry* entry = bc->Canonical()->GetActiveSessionHistoryEntry();
+ if (entry) {
+ entry->SetLayoutHistoryState(aState);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSessionHistoryEntryTitle(
+ const MaybeDiscarded<BrowsingContext>& aContext, const nsAString& aTitle) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ SessionHistoryEntry* entry =
+ aContext.get_canonical()->GetActiveSessionHistoryEntry();
+ if (entry) {
+ entry->SetTitle(aTitle);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvSessionHistoryEntryScrollRestorationIsManual(
+ const MaybeDiscarded<BrowsingContext>& aContext, const bool& aIsManual) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ SessionHistoryEntry* entry =
+ aContext.get_canonical()->GetActiveSessionHistoryEntry();
+ if (entry) {
+ entry->SetScrollRestorationIsManual(aIsManual);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSessionHistoryEntryScrollPosition(
+ const MaybeDiscarded<BrowsingContext>& aContext, const int32_t& aX,
+ const int32_t& aY) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ SessionHistoryEntry* entry =
+ aContext.get_canonical()->GetActiveSessionHistoryEntry();
+ if (entry) {
+ entry->SetScrollPosition(aX, aY);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvSessionHistoryEntryStoreWindowNameInContiguousEntries(
+ const MaybeDiscarded<BrowsingContext>& aContext, const nsAString& aName) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ // Per https://html.spec.whatwg.org/#history-traversal 4.2.1, we need to set
+ // the name to all contiguous entries. This has to be called before
+ // CanonicalBrowsingContext::SessionHistoryCommit(), so the active entry is
+ // still the old entry that we want to set.
+
+ SessionHistoryEntry* entry =
+ aContext.get_canonical()->GetActiveSessionHistoryEntry();
+
+ if (entry) {
+ nsSHistory::WalkContiguousEntries(
+ entry, [&](nsISHEntry* aEntry) { aEntry->SetName(aName); });
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSessionHistoryEntryCacheKey(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const uint32_t& aCacheKey) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ SessionHistoryEntry* entry =
+ aContext.get_canonical()->GetActiveSessionHistoryEntry();
+ if (entry) {
+ entry->SetCacheKey(aCacheKey);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSessionHistoryEntryWireframe(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const Wireframe& aWireframe) {
+ if (aContext.IsNull()) {
+ return IPC_OK();
+ }
+
+ BrowsingContext* bc = aContext.GetMaybeDiscarded();
+ if (!bc) {
+ return IPC_OK();
+ }
+
+ SessionHistoryEntry* entry = bc->Canonical()->GetActiveSessionHistoryEntry();
+ if (entry) {
+ entry->SetWireframe(Some(aWireframe));
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvGetLoadingSessionHistoryInfoFromParent(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ GetLoadingSessionHistoryInfoFromParentResolver&& aResolver) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ Maybe<LoadingSessionHistoryInfo> info;
+ aContext.get_canonical()->GetLoadingSessionHistoryInfoFromParent(info);
+ aResolver(info);
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRemoveFromBFCache(
+ const MaybeDiscarded<BrowsingContext>& aContext) {
+ if (aContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ nsCOMPtr<nsFrameLoaderOwner> owner =
+ do_QueryInterface(aContext.get_canonical()->GetEmbedderElement());
+ if (!owner) {
+ return IPC_OK();
+ }
+
+ RefPtr<nsFrameLoader> frameLoader = owner->GetFrameLoader();
+ if (!frameLoader || !frameLoader->GetMaybePendingBrowsingContext()) {
+ return IPC_OK();
+ }
+
+ nsCOMPtr<nsISHistory> shistory = frameLoader->GetMaybePendingBrowsingContext()
+ ->Canonical()
+ ->GetSessionHistory();
+ if (!shistory) {
+ return IPC_OK();
+ }
+
+ uint32_t count = shistory->GetCount();
+ for (uint32_t i = 0; i < count; ++i) {
+ nsCOMPtr<nsISHEntry> entry;
+ shistory->GetEntryAtIndex(i, getter_AddRefs(entry));
+ nsCOMPtr<SessionHistoryEntry> she = do_QueryInterface(entry);
+ if (she) {
+ if (RefPtr<nsFrameLoader> frameLoader = she->GetFrameLoader()) {
+ if (frameLoader->GetMaybePendingBrowsingContext() == aContext.get()) {
+ she->SetFrameLoader(nullptr);
+ frameLoader->Destroy();
+ break;
+ }
+ }
+ }
+ }
+
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetActiveSessionHistoryEntry(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const Maybe<nsPoint>& aPreviousScrollPos, SessionHistoryInfo&& aInfo,
+ uint32_t aLoadType, uint32_t aUpdatedCacheKey, const nsID& aChangeID) {
+ if (!aContext.IsNullOrDiscarded()) {
+ aContext.get_canonical()->SetActiveSessionHistoryEntry(
+ aPreviousScrollPos, &aInfo, aLoadType, aUpdatedCacheKey, aChangeID);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvReplaceActiveSessionHistoryEntry(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ SessionHistoryInfo&& aInfo) {
+ if (!aContext.IsNullOrDiscarded()) {
+ aContext.get_canonical()->ReplaceActiveSessionHistoryEntry(&aInfo);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult
+ContentParent::RecvRemoveDynEntriesFromActiveSessionHistoryEntry(
+ const MaybeDiscarded<BrowsingContext>& aContext) {
+ if (!aContext.IsNullOrDiscarded()) {
+ aContext.get_canonical()->RemoveDynEntriesFromActiveSessionHistoryEntry();
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvRemoveFromSessionHistory(
+ const MaybeDiscarded<BrowsingContext>& aContext, const nsID& aChangeID) {
+ if (!aContext.IsNullOrDiscarded()) {
+ aContext.get_canonical()->RemoveFromSessionHistory(aChangeID);
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvHistoryReload(
+ const MaybeDiscarded<BrowsingContext>& aContext,
+ const uint32_t aReloadFlags) {
+ if (!aContext.IsNullOrDiscarded()) {
+ nsCOMPtr<nsISHistory> shistory =
+ aContext.get_canonical()->GetSessionHistory();
+ if (shistory) {
+ shistory->Reload(aReloadFlags);
+ }
+ }
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvCommitWindowContextTransaction(
+ const MaybeDiscarded<WindowContext>& aContext,
+ WindowContext::BaseTransaction&& aTransaction, uint64_t aEpoch) {
+ // Record the new BrowsingContextFieldEpoch associated with this transaction.
+ // This should be done unconditionally, so that we're always in-sync.
+ //
+ // The order the parent process receives transactions is considered the
+ // "canonical" ordering, so we don't need to worry about doing any
+ // epoch-related validation.
+ MOZ_ASSERT(aEpoch == mBrowsingContextFieldEpoch + 1,
+ "Child process skipped an epoch?");
+ mBrowsingContextFieldEpoch = aEpoch;
+
+ return aTransaction.CommitFromIPC(aContext, this);
+}
+
+NS_IMETHODIMP ContentParent::GetChildID(uint64_t* aOut) {
+ *aOut = this->ChildID();
+ return NS_OK;
+}
+
+NS_IMETHODIMP ContentParent::GetOsPid(int32_t* aOut) {
+ *aOut = Pid();
+ return NS_OK;
+}
+
+NS_IMETHODIMP ContentParent::GetRemoteType(nsACString& aRemoteType) {
+ aRemoteType = GetRemoteType();
+ return NS_OK;
+}
+
+IPCResult ContentParent::RecvRawMessage(
+ const JSActorMessageMeta& aMeta, const Maybe<ClonedMessageData>& aData,
+ const Maybe<ClonedMessageData>& aStack) {
+ Maybe<StructuredCloneData> data;
+ if (aData) {
+ data.emplace();
+ data->BorrowFromClonedMessageData(*aData);
+ }
+ Maybe<StructuredCloneData> stack;
+ if (aStack) {
+ stack.emplace();
+ stack->BorrowFromClonedMessageData(*aStack);
+ }
+ ReceiveRawMessage(aMeta, std::move(data), std::move(stack));
+ return IPC_OK();
+}
+
+NS_IMETHODIMP ContentParent::GetActor(const nsACString& aName, JSContext* aCx,
+ JSProcessActorParent** retval) {
+ ErrorResult error;
+ RefPtr<JSProcessActorParent> actor =
+ JSActorManager::GetActor(aCx, aName, error)
+ .downcast<JSProcessActorParent>();
+ if (error.MaybeSetPendingException(aCx)) {
+ return NS_ERROR_FAILURE;
+ }
+ actor.forget(retval);
+ return NS_OK;
+}
+
+NS_IMETHODIMP ContentParent::GetExistingActor(const nsACString& aName,
+ JSProcessActorParent** retval) {
+ RefPtr<JSProcessActorParent> actor =
+ JSActorManager::GetExistingActor(aName).downcast<JSProcessActorParent>();
+ actor.forget(retval);
+ return NS_OK;
+}
+
+already_AddRefed<JSActor> ContentParent::InitJSActor(
+ JS::Handle<JSObject*> aMaybeActor, const nsACString& aName,
+ ErrorResult& aRv) {
+ RefPtr<JSProcessActorParent> actor;
+ if (aMaybeActor.get()) {
+ aRv = UNWRAP_OBJECT(JSProcessActorParent, aMaybeActor.get(), actor);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+ } else {
+ actor = new JSProcessActorParent();
+ }
+
+ MOZ_RELEASE_ASSERT(!actor->Manager(),
+ "mManager was already initialized once!");
+ actor->Init(aName, this);
+ return actor.forget();
+}
+
+IPCResult ContentParent::RecvFOGData(ByteBuf&& buf) {
+ glean::FOGData(std::move(buf));
+ return IPC_OK();
+}
+
+mozilla::ipc::IPCResult ContentParent::RecvSetContainerFeaturePolicy(
+ const MaybeDiscardedBrowsingContext& aContainerContext,
+ FeaturePolicy* aContainerFeaturePolicy) {
+ if (aContainerContext.IsNullOrDiscarded()) {
+ return IPC_OK();
+ }
+
+ auto* context = aContainerContext.get_canonical();
+ context->SetContainerFeaturePolicy(aContainerFeaturePolicy);
+
+ return IPC_OK();
+}
+
+NS_IMETHODIMP ContentParent::GetCanSend(bool* aCanSend) {
+ *aCanSend = CanSend();
+ return NS_OK;
+}
+
+ContentParent* ContentParent::AsContentParent() { return this; }
+
+JSActorManager* ContentParent::AsJSActorManager() { return this; }
+
+IPCResult ContentParent::RecvGetSystemIcon(nsIURI* aURI,
+ GetSystemIconResolver&& aResolver) {
+ using ResolverArgs = std::tuple<const nsresult&, mozilla::Maybe<ByteBuf>&&>;
+
+ if (!aURI) {
+ Maybe<ByteBuf> bytebuf = Nothing();
+ aResolver(ResolverArgs(NS_ERROR_NULL_POINTER, std::move(bytebuf)));
+ return IPC_OK();
+ }
+
+#if defined(MOZ_WIDGET_GTK)
+ Maybe<ByteBuf> bytebuf = Some(ByteBuf{});
+ nsresult rv = nsIconChannel::GetIcon(aURI, bytebuf.ptr());
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ bytebuf = Nothing();
+ }
+ aResolver(ResolverArgs(rv, std::move(bytebuf)));
+ return IPC_OK();
+#elif defined(XP_WIN)
+ nsIconChannel::GetIconAsync(aURI)->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [aResolver](ByteBuf&& aByteBuf) {
+ Maybe<ByteBuf> bytebuf = Some(std::move(aByteBuf));
+ aResolver(ResolverArgs(NS_OK, std::move(bytebuf)));
+ },
+ [aResolver](nsresult aErr) {
+ Maybe<ByteBuf> bytebuf = Nothing();
+ aResolver(ResolverArgs(aErr, std::move(bytebuf)));
+ });
+ return IPC_OK();
+#else
+ MOZ_CRASH(
+ "This message is currently implemented only on GTK and Windows "
+ "platforms");
+#endif
+}
+
+#ifdef FUZZING_SNAPSHOT
+IPCResult ContentParent::RecvSignalFuzzingReady() {
+ // No action needed here, we already observe this message directly
+ // on the channel and act accordingly.
+ return IPC_OK();
+}
+#endif
+
+nsCString ThreadsafeContentParentHandle::GetRemoteType() {
+ RecursiveMutexAutoLock lock(mMutex);
+ return mRemoteType;
+}
+
+bool ThreadsafeContentParentHandle::MaybeRegisterRemoteWorkerActor(
+ MoveOnlyFunction<bool(uint32_t, bool)> aCallback) {
+ RecursiveMutexAutoLock lock(mMutex);
+ if (aCallback(mRemoteWorkerActorCount, mShutdownStarted)) {
+ // TODO: I'd wish we could assert here that our ContentParent is alive.
+ ++mRemoteWorkerActorCount;
+ return true;
+ }
+ return false;
+}
+
+} // namespace dom
+} // namespace mozilla
+
+NS_IMPL_ISUPPORTS(ParentIdleListener, nsIObserver)
+
+NS_IMETHODIMP
+ParentIdleListener::Observe(nsISupports*, const char* aTopic,
+ const char16_t* aData) {
+ mozilla::Unused << mParent->SendNotifyIdleObserver(
+ mObserver, nsDependentCString(aTopic), nsDependentString(aData));
+ return NS_OK;
+}
+
+#undef LOGPDM