blob: bf16a96380cd9902f5fb96d3fa2995bbe26edaf9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: sw=2 ts=4 et :
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef GMPProcessParent_h
#define GMPProcessParent_h 1
#include "mozilla/Attributes.h"
#include "base/basictypes.h"
#include "base/file_path.h"
#include "base/thread.h"
#include "mozilla/ipc/GeckoChildProcessHost.h"
#include "nsIFile.h"
class nsIRunnable;
namespace mozilla::gmp {
class GMPProcessParent final : public mozilla::ipc::GeckoChildProcessHost {
public:
explicit GMPProcessParent(const std::string& aGMPPath);
// Synchronously launch the plugin process. If the process fails to launch
// after timeoutMs, this method will return false.
bool Launch(int32_t aTimeoutMs);
void Delete(nsCOMPtr<nsIRunnable> aCallback = nullptr);
bool CanShutdown() override { return true; }
const std::string& GetPluginFilePath() { return mGMPPath; }
bool UseXPCOM() const { return mUseXpcom; }
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
// Init static members on the main thread
static void InitStaticMainThread();
// Read prefs and environment variables to determine
// when and if to start the Mac sandbox for the child
// process. Starting the sandbox at launch is the new
// preferred method. Code to support starting the sandbox
// later at plugin start time should be removed once
// starting at launch is stable and shipping.
bool IsMacSandboxLaunchEnabled() override;
// For process sandboxing purposes, set whether or not this
// instance of the GMP process requires access to the macOS
// window server. At present, Widevine requires window server
// access, but OpenH264 decoding does not.
void SetRequiresWindowServer(bool aRequiresWindowServer);
// Return the sandbox type to be used with this process type.
static MacSandboxType GetMacSandboxType() { return MacSandboxType_GMP; };
#endif
using mozilla::ipc::GeckoChildProcessHost::GetChildProcessHandle;
private:
~GMPProcessParent();
void DoDelete();
std::string mGMPPath;
nsCOMPtr<nsIRunnable> mDeletedCallback;
// Whether or not XPCOM is enabled in the GMP process.
bool mUseXpcom;
#if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
// Indicates whether we'll start the Mac GMP sandbox during
// process launch (earlyinit) which is the new preferred method
// or later in the process lifetime.
static bool sLaunchWithMacSandbox;
// Whether or not Mac sandbox violation logging is enabled.
static bool sMacSandboxGMPLogging;
// Override so we can set GMP-specific sandbox parameters
bool FillMacSandboxInfo(MacSandboxInfo& aInfo) override;
// Controls whether or not the sandbox will be configured with
// window service access.
bool mRequiresWindowServer;
# if defined(DEBUG)
// Used to assert InitStaticMainThread() is called before the constructor.
static bool sIsMainThreadInitDone;
# endif
#endif
// For normalizing paths to be compatible with sandboxing.
// We use normalized paths to generate the sandbox ruleset. Once
// the sandbox has been started, resolving symlinks that point to
// allowed directories could require reading paths not allowed by
// the sandbox, so we should only attempt to load plugin libraries
// using normalized paths.
static nsresult NormalizePath(const char* aPath, PathString& aNormalizedPath);
DISALLOW_COPY_AND_ASSIGN(GMPProcessParent);
};
} // namespace mozilla::gmp
#endif // ifndef GMPProcessParent_h
|