Backed out changeset 2d4b8d90cbd7 (bug 1400344) for Spider monkey failrues. CLOSED TREE

--HG--
rename : ipc/mscom/ApartmentRegion.h => ipc/mscom/COMApartmentRegion.h
rename : ipc/mscom/ProcessRuntime.cpp => ipc/mscom/MainThreadRuntime.cpp
rename : ipc/mscom/ProcessRuntime.h => ipc/mscom/MainThreadRuntime.h

accessible/windows/msaa/LazyInstantiator.cpp

@@ -11,7 +11,7 @@
 #include "mozilla/a11y/Compatibility.h"
 #include "mozilla/a11y/Platform.h"
 #include "mozilla/Assertions.h"
-#include "mozilla/mscom/ProcessRuntime.h"
+#include "mozilla/mscom/MainThreadRuntime.h"
 #include "mozilla/mscom/Registration.h"
 #include "mozilla/UniquePtr.h"
 #include "nsAccessibilityService.h"
@@ -313,7 +313,7 @@ LazyInstantiator::MaybeResolveRoot() {
   }
 
   if (GetAccService() ||
-      ShouldInstantiate(mscom::ProcessRuntime::GetClientThreadId())) {
+      ShouldInstantiate(mscom::MainThreadRuntime::GetClientThreadId())) {
     mWeakRootAccWrap = ResolveRootAccWrap();
     if (!mWeakRootAccWrap) {
       return E_POINTER;

browser/app/winlauncher/LaunchUnelevated.cpp

@@ -9,7 +9,7 @@
 #include "mozilla/Assertions.h"
 #include "mozilla/CmdLineAndEnvUtils.h"
 #include "mozilla/LauncherResult.h"
-#include "mozilla/mscom/ApartmentRegion.h"
+#include "mozilla/mscom/COMApartmentRegion.h"
 #include "mozilla/RefPtr.h"
 #include "nsWindowsHelpers.h"
 

dom/ipc/ContentProcess.h

@@ -12,7 +12,7 @@
 #include "ContentChild.h"
 
 #if defined(XP_WIN)
-#  include "mozilla/mscom/ProcessRuntime.h"
+#  include "mozilla/mscom/MainThreadRuntime.h"
 #endif
 
 namespace mozilla {
@@ -39,7 +39,7 @@ class ContentProcess : public mozilla::ipc::ProcessChild {
 
 #if defined(XP_WIN)
   // This object initializes and configures COM.
-  mozilla::mscom::ProcessRuntime mCOMRuntime;
+  mozilla::mscom::MainThreadRuntime mCOMRuntime;
 #endif
 
   DISALLOW_EVIL_CONSTRUCTORS(ContentProcess);

dom/media/ipc/RDDProcessImpl.h

@@ -8,7 +8,7 @@
 #include "mozilla/ipc/ProcessChild.h"
 
 #if defined(XP_WIN)
-#  include "mozilla/mscom/ProcessRuntime.h"
+#  include "mozilla/mscom/MainThreadRuntime.h"
 #endif
 
 #include "RDDParent.h"

dom/plugins/ipc/PluginProcessChild.h

@@ -11,7 +11,7 @@
 #include "mozilla/plugins/PluginModuleChild.h"
 
 #if defined(XP_WIN)
-#  include "mozilla/mscom/ProcessRuntime.h"
+#  include "mozilla/mscom/MainThreadRuntime.h"
 #endif
 
 namespace mozilla {
@@ -40,7 +40,7 @@ class PluginProcessChild : public mozilla::ipc::ProcessChild {
 #if defined(XP_WIN)
   /* Drag-and-drop depends on the host initializing COM.
    * This object initializes and configures COM. */
-  mozilla::mscom::ProcessRuntime mCOMRuntime;
+  mozilla::mscom::MainThreadRuntime mCOMRuntime;
 #endif
   PluginModuleChild mPlugin;
 

gfx/ipc/GPUProcessImpl.h

@@ -10,7 +10,7 @@
 #include "GPUParent.h"
 
 #if defined(XP_WIN)
-#  include "mozilla/mscom/ProcessRuntime.h"
+#  include "mozilla/mscom/MainThreadRuntime.h"
 #endif
 
 namespace mozilla {
@@ -33,7 +33,7 @@ class GPUProcessImpl final : public ipc::ProcessChild {
 
 #if defined(XP_WIN)
   // This object initializes and configures COM.
-  mozilla::mscom::ProcessRuntime mCOMRuntime;
+  mozilla::mscom::MainThreadRuntime mCOMRuntime;
 #endif
 };
 

ipc/mscom/ApartmentRegion.h

@@ -1,94 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_mscom_ApartmentRegion_h
-#define mozilla_mscom_ApartmentRegion_h
-
-#include "mozilla/Assertions.h"
-#include "mozilla/Attributes.h"
-
-#include <objbase.h>
-
-namespace mozilla {
-namespace mscom {
-
-class MOZ_NON_TEMPORARY_CLASS ApartmentRegion {
- public:
-  /**
-   * This constructor is to be used when we want to instantiate the object but
-   * we do not yet know which type of apartment we want. Call Init() to
-   * complete initialization.
-   */
-  ApartmentRegion() : mInitResult(CO_E_NOTINITIALIZED) {}
-
-  explicit ApartmentRegion(COINIT aAptType)
-      : mInitResult(::CoInitializeEx(nullptr, aAptType)) {
-    // If this fires then we're probably mixing apartments on the same thread
-    MOZ_ASSERT(IsValid());
-  }
-
-  ~ApartmentRegion() {
-    if (IsValid()) {
-      ::CoUninitialize();
-    }
-  }
-
-  explicit operator bool() const { return IsValid(); }
-
-  bool IsValidOutermost() const { return mInitResult == S_OK; }
-
-  bool IsValid() const { return SUCCEEDED(mInitResult); }
-
-  bool Init(COINIT aAptType) {
-    MOZ_ASSERT(mInitResult == CO_E_NOTINITIALIZED);
-    mInitResult = ::CoInitializeEx(nullptr, aAptType);
-    MOZ_ASSERT(IsValid());
-    return IsValid();
-  }
-
-  HRESULT
-  GetHResult() const { return mInitResult; }
-
- private:
-  ApartmentRegion(const ApartmentRegion&) = delete;
-  ApartmentRegion& operator=(const ApartmentRegion&) = delete;
-  ApartmentRegion(ApartmentRegion&&) = delete;
-  ApartmentRegion& operator=(ApartmentRegion&&) = delete;
-
-  HRESULT mInitResult;
-};
-
-template <COINIT T>
-class MOZ_NON_TEMPORARY_CLASS ApartmentRegionT {
- public:
-  ApartmentRegionT() : mAptRgn(T) {}
-
-  ~ApartmentRegionT() = default;
-
-  explicit operator bool() const { return mAptRgn.IsValid(); }
-
-  bool IsValidOutermost() const { return mAptRgn.IsValidOutermost(); }
-
-  bool IsValid() const { return mAptRgn.IsValid(); }
-
-  HRESULT GetHResult() const { return mAptRgn.GetHResult(); }
-
- private:
-  ApartmentRegionT(const ApartmentRegionT&) = delete;
-  ApartmentRegionT& operator=(const ApartmentRegionT&) = delete;
-  ApartmentRegionT(ApartmentRegionT&&) = delete;
-  ApartmentRegionT& operator=(ApartmentRegionT&&) = delete;
-
-  ApartmentRegion mAptRgn;
-};
-
-typedef ApartmentRegionT<COINIT_APARTMENTTHREADED> STARegion;
-typedef ApartmentRegionT<COINIT_MULTITHREADED> MTARegion;
-
-}  // namespace mscom
-}  // namespace mozilla
-
-#endif  // mozilla_mscom_ApartmentRegion_h

ipc/mscom/COMApartmentRegion.h

@@ -0,0 +1,53 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_mscom_COMApartmentRegion_h
+#define mozilla_mscom_COMApartmentRegion_h
+
+#include "mozilla/Assertions.h"
+#include "mozilla/Attributes.h"
+
+#include <objbase.h>
+
+namespace mozilla {
+namespace mscom {
+
+template <COINIT T>
+class MOZ_NON_TEMPORARY_CLASS COMApartmentRegion {
+ public:
+  COMApartmentRegion() : mInitResult(::CoInitializeEx(nullptr, T)) {
+    // If this fires then we're probably mixing apartments on the same thread
+    MOZ_ASSERT(IsValid());
+  }
+
+  ~COMApartmentRegion() {
+    if (IsValid()) {
+      ::CoUninitialize();
+    }
+  }
+
+  bool IsValidOutermost() const { return mInitResult == S_OK; }
+
+  bool IsValid() const { return SUCCEEDED(mInitResult); }
+
+  HRESULT GetHResult() const { return mInitResult; }
+
+ private:
+  COMApartmentRegion(const COMApartmentRegion&) = delete;
+  COMApartmentRegion& operator=(const COMApartmentRegion&) = delete;
+  COMApartmentRegion(COMApartmentRegion&&) = delete;
+  COMApartmentRegion& operator=(COMApartmentRegion&&) = delete;
+
+  HRESULT mInitResult;
+};
+
+typedef COMApartmentRegion<COINIT_APARTMENTTHREADED> STARegion;
+typedef COMApartmentRegion<COINIT_MULTITHREADED> MTARegion;
+
+}  // namespace mscom
+}  // namespace mozilla
+
+#endif  // mozilla_mscom_COMApartmentRegion_h

ipc/mscom/EnsureMTA.h

@@ -11,6 +11,7 @@
 #include "mozilla/Attributes.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/Unused.h"
+#include "mozilla/mscom/COMApartmentRegion.h"
 #include "mozilla/mscom/Utils.h"
 #include "nsCOMPtr.h"
 #include "nsIThread.h"

ipc/mscom/MainThreadClientInfo.cpp

@@ -0,0 +1,133 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "MainThreadClientInfo.h"
+
+#include "MainThreadUtils.h"
+#include "mozilla/Assertions.h"
+
+#include <objbase.h>
+
+namespace mozilla {
+namespace mscom {
+
+/* static */
+HRESULT
+MainThreadClientInfo::Create(MainThreadClientInfo** aOutObj) {
+  MOZ_ASSERT(aOutObj && NS_IsMainThread());
+  *aOutObj = nullptr;
+
+  RefPtr<MainThreadClientInfo> obj(new MainThreadClientInfo());
+
+  RefPtr<IMessageFilter> prevFilter;
+  HRESULT hr = ::CoRegisterMessageFilter(obj.get(), getter_AddRefs(prevFilter));
+  if (FAILED(hr)) {
+    return hr;
+  }
+
+  obj->mPrevFilter = prevFilter.forget();
+
+  obj.forget(aOutObj);
+  return S_OK;
+}
+
+DWORD
+MainThreadClientInfo::GetLastRemoteCallThreadId() const {
+  MOZ_ASSERT(NS_IsMainThread());
+  return mLastRemoteCallTid;
+}
+
+HRESULT
+MainThreadClientInfo::QueryInterface(REFIID aIid, void** aOutInterface) {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  if (!aOutInterface) {
+    return E_INVALIDARG;
+  }
+
+  if (aIid == IID_IUnknown || aIid == IID_IMessageFilter) {
+    RefPtr<IMessageFilter> filter(this);
+    filter.forget(aOutInterface);
+    return S_OK;
+  }
+
+  return E_NOINTERFACE;
+}
+
+ULONG
+MainThreadClientInfo::AddRef() {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  return ++mRefCnt;
+}
+
+ULONG
+MainThreadClientInfo::Release() {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  ULONG newCount = --mRefCnt;
+  if (!newCount) {
+    delete this;
+  }
+  return newCount;
+}
+
+DWORD
+MainThreadClientInfo::HandleInComingCall(DWORD aCallType, HTASK aCallerTid,
+                                         DWORD aTickCount,
+                                         LPINTERFACEINFO aInterfaceInfo) {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  // aCallerTid is an HTASK for historical reasons but is actually just a
+  // regular DWORD Thread ID.
+  mLastRemoteCallTid =
+      static_cast<DWORD>(reinterpret_cast<uintptr_t>(aCallerTid));
+
+  if (!mPrevFilter) {
+    return SERVERCALL_ISHANDLED;
+  }
+
+  return mPrevFilter->HandleInComingCall(aCallType, aCallerTid, aTickCount,
+                                         aInterfaceInfo);
+}
+
+DWORD
+MainThreadClientInfo::RetryRejectedCall(HTASK aCalleeTid, DWORD aTickCount,
+                                        DWORD aRejectType) {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  if (!mPrevFilter) {
+    return 0;
+  }
+
+  return mPrevFilter->RetryRejectedCall(aCalleeTid, aTickCount, aRejectType);
+}
+
+DWORD
+MainThreadClientInfo::MessagePending(HTASK aCalleeTid, DWORD aTickCount,
+                                     DWORD aPendingType) {
+  MOZ_ASSERT(NS_IsMainThread());
+
+  if (!mPrevFilter) {
+    return PENDINGMSG_WAITNOPROCESS;
+  }
+
+  return mPrevFilter->MessagePending(aCalleeTid, aTickCount, aPendingType);
+}
+
+MainThreadClientInfo::MainThreadClientInfo()
+    : mRefCnt(0), mLastRemoteCallTid(0) {
+  MOZ_ASSERT(NS_IsMainThread());
+}
+
+void MainThreadClientInfo::Detach() {
+  MOZ_ASSERT(NS_IsMainThread());
+  ::CoRegisterMessageFilter(mPrevFilter, nullptr);
+  mPrevFilter = nullptr;
+}
+
+}  // namespace mscom
+}  // namespace mozilla

ipc/mscom/MainThreadClientInfo.h

@@ -0,0 +1,52 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_mscom_MainThreadClientInfo
+#define mozilla_mscom_MainThreadClientInfo
+
+#include "mozilla/RefPtr.h"
+#include "nsString.h"
+
+#include <objidl.h>
+
+namespace mozilla {
+namespace mscom {
+
+class MainThreadClientInfo final : public IMessageFilter {
+ public:
+  static HRESULT Create(MainThreadClientInfo** aOutObj);
+
+  DWORD GetLastRemoteCallThreadId() const;
+  void Detach();
+
+  STDMETHODIMP QueryInterface(REFIID aIid, void** aOutInterface) override;
+  STDMETHODIMP_(ULONG) AddRef() override;
+  STDMETHODIMP_(ULONG) Release() override;
+
+  STDMETHODIMP_(DWORD)
+  HandleInComingCall(DWORD aCallType, HTASK aCallerTid, DWORD aTickCount,
+                     LPINTERFACEINFO aInterfaceInfo) override;
+  STDMETHODIMP_(DWORD)
+  RetryRejectedCall(HTASK aCalleeTid, DWORD aTickCount,
+                    DWORD aRejectType) override;
+  STDMETHODIMP_(DWORD)
+  MessagePending(HTASK aCalleeTid, DWORD aTickCount,
+                 DWORD aPendingType) override;
+
+ private:
+  MainThreadClientInfo();
+  ~MainThreadClientInfo() = default;
+
+ private:
+  ULONG mRefCnt;
+  RefPtr<IMessageFilter> mPrevFilter;
+  DWORD mLastRemoteCallTid;
+};
+
+}  // namespace mscom
+}  // namespace mozilla
+
+#endif  // mozilla_mscom_MainThreadClientInfo

ipc/mscom/MainThreadRuntime.cpp

@@ -4,25 +4,21 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include "mozilla/mscom/ProcessRuntime.h"
+#include "mozilla/mscom/MainThreadRuntime.h"
 
-#if defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
+#if defined(ACCESSIBILITY)
 #  include "mozilla/a11y/Compatibility.h"
-#endif  // defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
+#endif
+#include "mozilla/ArrayUtils.h"
 #include "mozilla/Assertions.h"
-#include "mozilla/DynamicallyLinkedFunctionPtr.h"
-#include "mozilla/mscom/ProcessRuntimeShared.h"
 #include "mozilla/RefPtr.h"
 #include "mozilla/UniquePtr.h"
-#include "mozilla/Unused.h"
-#include "mozilla/Vector.h"
 #include "mozilla/WindowsVersion.h"
+#if defined(ACCESSIBILITY)
+#  include "nsExceptionHandler.h"
+#endif  // defined(ACCESSIBILITY)
 #include "nsWindowsHelpers.h"
-
-#if defined(MOZILLA_INTERNAL_API)
-#  include "mozilla/mscom/EnsureMTA.h"
-#  include "nsThreadManager.h"
-#endif  // defined(MOZILLA_INTERNAL_API)
+#include "nsXULAppAPI.h"
 
 #include <accctrl.h>
 #include <aclapi.h>
@@ -32,65 +28,27 @@
 // This API from oleaut32.dll is not declared in Windows SDK headers
 extern "C" void __cdecl SetOaNoCache(void);
 
-#if (_WIN32_WINNT < 0x0602)
-BOOL WINAPI GetProcessMitigationPolicy(
-    HANDLE hProcess, PROCESS_MITIGATION_POLICY MitigationPolicy, PVOID lpBuffer,
-    SIZE_T dwLength);
-#endif  // (_WIN32_WINNT < 0x0602)
-
 namespace mozilla {
 namespace mscom {
 
-ProcessRuntime::ProcessRuntime(GeckoProcessType aProcessType)
-    : mInitResult(CO_E_NOTINITIALIZED),
-      mIsParentProcess(aProcessType == GeckoProcessType_Default)
-#if defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
+MainThreadRuntime* MainThreadRuntime::sInstance = nullptr;
+
+MainThreadRuntime::MainThreadRuntime()
+    : mInitResult(E_UNEXPECTED)
+#if defined(ACCESSIBILITY)
       ,
       mActCtxRgn(a11y::Compatibility::GetActCtxResourceId())
-#endif  // defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
+#endif  // defined(ACCESSIBILITY)
 {
-#if defined(MOZILLA_INTERNAL_API)
-  // If our process is running under Win32k lockdown, we cannot initialize
-  // COM with single-threaded apartments. This is because STAs create a hidden
-  // window, which implicitly requires user32 and Win32k, which are blocked.
-  // Instead we start a multi-threaded apartment and conduct our process-wide
-  // COM initialization on that MTA background thread.
-  if (IsWin32kLockedDown()) {
-    // It is possible that we're running so early that we might need to start
-    // the thread manager ourselves.
-    nsresult rv = nsThreadManager::get().Init();
-    MOZ_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv));
-    if (NS_FAILED(rv)) {
-      return;
-    }
-
-    EnsureMTA([this]() -> void { InitInsideApartment(); });
-    return;
-  }
-#endif  // defined(MOZILLA_INTERNAL_API)
-
-  // Otherwise we initialize a single-threaded apartment on the current thread.
-  mAptRegion.Init(COINIT_APARTMENTTHREADED);
-
   // We must be the outermost COM initialization on this thread. The COM runtime
   // cannot be configured once we start manipulating objects
-  MOZ_ASSERT(mAptRegion.IsValidOutermost());
-  if (!mAptRegion.IsValidOutermost()) {
-    mInitResult = mAptRegion.GetHResult();
+  MOZ_ASSERT(mStaRegion.IsValidOutermost());
+  if (NS_WARN_IF(!mStaRegion.IsValidOutermost())) {
     return;
   }
 
-  InitInsideApartment();
-}
-
-void ProcessRuntime::InitInsideApartment() {
-  ProcessInitLock lock;
-  if (lock.IsInitialized()) {
-    // COM has already been initialized by a previous ProcessRuntime instance
-    return;
-  }
-
-  // We are required to initialize security prior to configuring global options.
+  // We are required to initialize security in order to configure global
+  // options.
   mInitResult = InitializeSecurity();
   MOZ_ASSERT(SUCCEEDED(mInitResult));
   if (FAILED(mInitResult)) {
@@ -118,25 +76,58 @@ void ProcessRuntime::InitInsideApartment() {
     return;
   }
 
-  lock.SetInitialized();
+  if (XRE_IsParentProcess()) {
+    MainThreadClientInfo::Create(getter_AddRefs(mClientInfo));
+  }
+
+  MOZ_ASSERT(!sInstance);
+  sInstance = this;
+}
+
+MainThreadRuntime::~MainThreadRuntime() {
+  if (mClientInfo) {
+    mClientInfo->Detach();
+  }
+
+  MOZ_ASSERT(sInstance == this);
+  if (sInstance == this) {
+    sInstance = nullptr;
+  }
 }
 
 /* static */
 DWORD
-ProcessRuntime::GetClientThreadId() {
-  DWORD callerTid;
-  HRESULT hr = ::CoGetCallerTID(&callerTid);
-  // Don't return callerTid unless the call succeeded and returned S_FALSE,
-  // indicating that the caller originates from a different process.
-  if (hr != S_FALSE) {
+MainThreadRuntime::GetClientThreadId() {
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(XRE_IsParentProcess(), "Unsupported outside of parent process");
+  if (!XRE_IsParentProcess()) {
     return 0;
   }
 
-  return callerTid;
+  // Don't check for a calling executable if the caller is in-process.
+  // We verify this by asking COM for a call context. If none exists, then
+  // we must be a local call.
+  RefPtr<IServerSecurity> serverSecurity;
+  if (FAILED(::CoGetCallContext(IID_IServerSecurity,
+                                getter_AddRefs(serverSecurity)))) {
+    return 0;
+  }
+
+  MOZ_ASSERT(sInstance);
+  if (!sInstance) {
+    return 0;
+  }
+
+  MOZ_ASSERT(sInstance->mClientInfo);
+  if (!sInstance->mClientInfo) {
+    return 0;
+  }
+
+  return sInstance->mClientInfo->GetLastRemoteCallThreadId();
 }
 
 HRESULT
-ProcessRuntime::InitializeSecurity() {
+MainThreadRuntime::InitializeSecurity() {
   HANDLE rawToken = nullptr;
   BOOL ok = ::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &rawToken);
   if (!ok) {
@@ -195,7 +186,7 @@ ProcessRuntime::InitializeSecurity() {
 
   BYTE appContainersSid[SECURITY_MAX_SID_SIZE];
   DWORD appContainersSidSize = sizeof(appContainersSid);
-  if (mIsParentProcess && IsWin8OrLater()) {
+  if (XRE_IsParentProcess() && IsWin8OrLater()) {
     if (!::CreateWellKnownSid(WinBuiltinAnyPackageSid, nullptr,
                               appContainersSid, &appContainersSidSize)) {
       return HRESULT_FROM_WIN32(::GetLastError());
@@ -204,43 +195,38 @@ ProcessRuntime::InitializeSecurity() {
 
   // Grant access to SYSTEM, Administrators, the user, and when running as the
   // browser process on Windows 8+, all app containers.
-  const size_t kMaxInlineEntries = 4;
-  mozilla::Vector<EXPLICIT_ACCESS_W, kMaxInlineEntries> entries;
+  EXPLICIT_ACCESS entries[] = {
+      {COM_RIGHTS_EXECUTE,
+       GRANT_ACCESS,
+       NO_INHERITANCE,
+       {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER,
+        reinterpret_cast<LPWSTR>(systemSid)}},
+      {COM_RIGHTS_EXECUTE,
+       GRANT_ACCESS,
+       NO_INHERITANCE,
+       {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID,
+        TRUSTEE_IS_WELL_KNOWN_GROUP, reinterpret_cast<LPWSTR>(adminSid)}},
+      {COM_RIGHTS_EXECUTE,
+       GRANT_ACCESS,
+       NO_INHERITANCE,
+       {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER,
+        reinterpret_cast<LPWSTR>(tokenUser.User.Sid)}},
+      // appContainersSid must be the last entry in this array!
+      {COM_RIGHTS_EXECUTE,
+       GRANT_ACCESS,
+       NO_INHERITANCE,
+       {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID,
+        TRUSTEE_IS_WELL_KNOWN_GROUP,
+        reinterpret_cast<LPWSTR>(appContainersSid)}}};
 
-  Unused << entries.append(EXPLICIT_ACCESS_W{
-      COM_RIGHTS_EXECUTE,
-      GRANT_ACCESS,
-      NO_INHERITANCE,
-      {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER,
-       reinterpret_cast<LPWSTR>(systemSid)}});
-
-  Unused << entries.append(EXPLICIT_ACCESS_W{
-      COM_RIGHTS_EXECUTE,
-      GRANT_ACCESS,
-      NO_INHERITANCE,
-      {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID,
-       TRUSTEE_IS_WELL_KNOWN_GROUP, reinterpret_cast<LPWSTR>(adminSid)}});
-
-  Unused << entries.append(EXPLICIT_ACCESS_W{
-      COM_RIGHTS_EXECUTE,
-      GRANT_ACCESS,
-      NO_INHERITANCE,
-      {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID, TRUSTEE_IS_USER,
-       reinterpret_cast<LPWSTR>(tokenUser.User.Sid)}});
-
-  if (mIsParentProcess && IsWin8OrLater()) {
-    Unused << entries.append(
-        EXPLICIT_ACCESS_W{COM_RIGHTS_EXECUTE,
-                          GRANT_ACCESS,
-                          NO_INHERITANCE,
-                          {nullptr, NO_MULTIPLE_TRUSTEE, TRUSTEE_IS_SID,
-                           TRUSTEE_IS_WELL_KNOWN_GROUP,
-                           reinterpret_cast<LPWSTR>(appContainersSid)}});
+  ULONG numEntries = ArrayLength(entries);
+  if (!XRE_IsParentProcess() || !IsWin8OrLater()) {
+    // Exclude appContainersSid on Windows 7 and non-parent processes.
+    --numEntries;
   }
 
   PACL rawDacl = nullptr;
-  win32Error =
-      ::SetEntriesInAclW(entries.length(), entries.begin(), nullptr, &rawDacl);
+  win32Error = ::SetEntriesInAcl(numEntries, entries, nullptr, &rawDacl);
   if (win32Error != ERROR_SUCCESS) {
     return HRESULT_FROM_WIN32(win32Error);
   }
@@ -265,26 +251,5 @@ ProcessRuntime::InitializeSecurity() {
       RPC_C_IMP_LEVEL_IDENTIFY, nullptr, EOAC_NONE, nullptr);
 }
 
-#if defined(MOZILLA_INTERNAL_API)
-
-/* static */ bool
-ProcessRuntime::IsWin32kLockedDown() {
-  static const DynamicallyLinkedFunctionPtr<decltype(&::GetProcessMitigationPolicy)>
-    pGetProcessMitigationPolicy(L"kernel32.dll", "GetProcessMitigationPolicy");
-  if (!pGetProcessMitigationPolicy) {
-    return false;
-  }
-
-  PROCESS_MITIGATION_SYSTEM_CALL_DISABLE_POLICY polInfo;
-  if (!pGetProcessMitigationPolicy(::GetCurrentProcess(),
-      ProcessSystemCallDisablePolicy, &polInfo, sizeof(polInfo))) {
-    return false;
-  }
-
-  return polInfo.DisallowWin32kSystemCalls;
-}
-
-#endif  // defined(MOZILLA_INTERNAL_API)
-
 }  // namespace mscom
 }  // namespace mozilla

ipc/mscom/MainThreadRuntime.h

@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_mscom_MainThreadRuntime_h
+#define mozilla_mscom_MainThreadRuntime_h
+
+#include "mozilla/Attributes.h"
+#if defined(ACCESSIBILITY)
+#  include "mozilla/mscom/ActivationContext.h"
+#endif  // defined(ACCESSIBILITY)
+#include "mozilla/mscom/COMApartmentRegion.h"
+#include "mozilla/mscom/MainThreadClientInfo.h"
+#include "mozilla/RefPtr.h"
+
+namespace mozilla {
+namespace mscom {
+
+class MOZ_NON_TEMPORARY_CLASS MainThreadRuntime {
+ public:
+  MainThreadRuntime();
+  ~MainThreadRuntime();
+
+  explicit operator bool() const {
+    return mStaRegion.IsValidOutermost() && SUCCEEDED(mInitResult);
+  }
+
+  MainThreadRuntime(MainThreadRuntime&) = delete;
+  MainThreadRuntime(MainThreadRuntime&&) = delete;
+  MainThreadRuntime& operator=(MainThreadRuntime&) = delete;
+  MainThreadRuntime& operator=(MainThreadRuntime&&) = delete;
+
+  /**
+   * @return 0 if call is in-process or resolving the calling thread failed,
+   *         otherwise contains the thread id of the calling thread.
+   */
+  static DWORD GetClientThreadId();
+
+ private:
+  HRESULT InitializeSecurity();
+
+  HRESULT mInitResult;
+#if defined(ACCESSIBILITY)
+  ActivationContextRegion mActCtxRgn;
+#endif  // defined(ACCESSIBILITY)
+  STARegion mStaRegion;
+
+  RefPtr<MainThreadClientInfo> mClientInfo;
+
+  static MainThreadRuntime* sInstance;
+};
+
+}  // namespace mscom
+}  // namespace mozilla
+
+#endif  // mozilla_mscom_MainThreadRuntime_h

ipc/mscom/ProcessRuntime.h

@@ -1,61 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_mscom_ProcessRuntime_h
-#define mozilla_mscom_ProcessRuntime_h
-
-#include "mozilla/Attributes.h"
-#if defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
-#  include "mozilla/mscom/ActivationContext.h"
-#endif  // defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
-#include "mozilla/mscom/ApartmentRegion.h"
-#include "nsXULAppAPI.h"
-
-namespace mozilla {
-namespace mscom {
-
-class MOZ_NON_TEMPORARY_CLASS ProcessRuntime final {
- public:
-#if defined(MOZILLA_INTERNAL_API)
-  ProcessRuntime() : ProcessRuntime(XRE_GetProcessType()) {}
-#endif  // defined(MOZILLA_INTERNAL_API)
-
-  explicit ProcessRuntime(GeckoProcessType aProcessType);
-  ~ProcessRuntime() = default;
-
-  explicit operator bool() const { return SUCCEEDED(mInitResult); }
-
-  ProcessRuntime(ProcessRuntime&) = delete;
-  ProcessRuntime(ProcessRuntime&&) = delete;
-  ProcessRuntime& operator=(ProcessRuntime&) = delete;
-  ProcessRuntime& operator=(ProcessRuntime&&) = delete;
-
-  /**
-   * @return 0 if call is in-process or resolving the calling thread failed,
-   *         otherwise contains the thread id of the calling thread.
-   */
-  static DWORD GetClientThreadId();
-
- private:
-  void InitInsideApartment();
-  HRESULT InitializeSecurity();
-
-#if defined(MOZILLA_INTERNAL_API)
-  static bool IsWin32kLockedDown();
-#endif  // defined(MOZILLA_INTERNAL_API)
-
-  HRESULT mInitResult;
-  bool mIsParentProcess;
-#if defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
-  ActivationContextRegion mActCtxRgn;
-#endif  // defined(ACCESSIBILITY) && defined(MOZILLA_INTERNAL_API)
-  ApartmentRegion mAptRegion;
-};
-
-}  // namespace mscom
-}  // namespace mozilla
-
-#endif  // mozilla_mscom_ProcessRuntime_h

ipc/mscom/Ptr.h

@@ -16,8 +16,6 @@
 #include "nsThreadUtils.h"
 #include "nsXULAppAPI.h"
 
-#include <objidl.h>
-
 /**
  * The glue code in mozilla::mscom often needs to pass around interface pointers
  * belonging to a different apartment from the current one. We must not touch

ipc/mscom/moz.build

@@ -7,22 +7,19 @@
 EXPORTS.mozilla.mscom += [
     'Aggregation.h',
     'AgileReference.h',
-    'ApartmentRegion.h',
     'AsyncInvoker.h',
+    'COMApartmentRegion.h',
     'COMPtrHolder.h',
     'EnsureMTA.h',
+    'MainThreadClientInfo.h',
+    'MainThreadRuntime.h',
     'Objref.h',
     'PassthruProxy.h',
-    'ProcessRuntime.h',
     'ProxyStream.h',
     'Ptr.h',
     'Utils.h',
 ]
 
-DIRS += [
-    'mozglue',
-]
-
 SOURCES += [
     'VTableBuilder.c',
 ]
@@ -30,9 +27,10 @@ SOURCES += [
 UNIFIED_SOURCES += [
     'AgileReference.cpp',
     'EnsureMTA.cpp',
+    'MainThreadClientInfo.cpp',
+    'MainThreadRuntime.cpp',
     'Objref.cpp',
     'PassthruProxy.cpp',
-    'ProcessRuntime.cpp',
     'ProxyStream.cpp',
     'RegistrationAnnotator.cpp',
     'Utils.cpp',

ipc/mscom/mozglue/ProcessRuntimeShared.cpp

@@ -1,33 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "mozilla/mscom/ProcessRuntimeShared.h"
-#include "MozglueUtils.h"
-
-// We allow multiple ProcessRuntime instances to exist simultaneously (even
-// on separate threads), but only one should be doing the process-wide
-// initialization. These variables provide that mutual exclusion.
-static mozilla::glue::Win32SRWLock gLock;
-static bool gIsProcessInitialized = false;
-
-namespace mozilla {
-namespace mscom {
-namespace detail {
-
-MFBT_API bool&
-BeginProcessRuntimeInit() {
-  gLock.LockExclusive();
-  return gIsProcessInitialized;
-}
-
-MFBT_API void
-EndProcessRuntimeInit() {
-  gLock.UnlockExclusive();
-}
-
-}  //  namespace detail
-}  // namespace mscom
-}  // namespace mozilla

ipc/mscom/mozglue/ProcessRuntimeShared.h

@@ -1,54 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_mscom_ProcessRuntimeShared_h
-#define mozilla_mscom_ProcessRuntimeShared_h
-
-#include "mozilla/Assertions.h"
-#include "mozilla/Attributes.h"
-#include "mozilla/Types.h"
-
-namespace mozilla {
-namespace mscom {
-namespace detail {
-
-MFBT_API bool& BeginProcessRuntimeInit();
-MFBT_API void EndProcessRuntimeInit();
-
-}  // namespace detail
-
-class MOZ_RAII ProcessInitLock final {
- public:
-  ProcessInitLock()
-    : mIsProcessInitialized(detail::BeginProcessRuntimeInit()) {
-  }
-
-  ~ProcessInitLock() {
-    detail::EndProcessRuntimeInit();
-  }
-
-  bool IsInitialized() const {
-    return mIsProcessInitialized;
-  }
-
-  void SetInitialized() {
-    MOZ_ASSERT(!mIsProcessInitialized);
-    mIsProcessInitialized = true;
-  }
-
-  ProcessInitLock(const ProcessInitLock&) = delete;
-  ProcessInitLock(ProcessInitLock&&) = delete;
-  ProcessInitLock operator=(const ProcessInitLock&) = delete;
-  ProcessInitLock operator=(ProcessInitLock&&) = delete;
-
- private:
-  bool& mIsProcessInitialized;
-};
-
-}  // namespace mscom
-}  // namespace mozilla
-
-#endif  // mozilla_mscom_ProcessRuntimeShared_h

ipc/mscom/mozglue/moz.build

@@ -1,21 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-Library('mscom-mozglue')
-
-EXPORTS.mozilla.mscom += [
-    'ProcessRuntimeShared.h',
-]
-
-LOCAL_INCLUDES += [
-    '/mozglue/build',
-]
-
-DEFINES['IMPL_MFBT'] = True
-
-UNIFIED_SOURCES += [
-    'ProcessRuntimeShared.cpp',
-]

mozglue/build/moz.build

@@ -36,9 +36,6 @@ if CONFIG['OS_TARGET'] == 'WINNT':
         'user32.dll',
     ]
     RCINCLUDE = 'mozglue.rc'
-    USE_LIBS += [
-        'mscom-mozglue',
-    ]
 
     if CONFIG['MOZ_PGO'] and CONFIG['CC_TYPE'] == 'clang-cl':
         SOURCES += ['cygprofile.cpp']

toolkit/xre/nsAppRunner.cpp

@@ -110,7 +110,7 @@
 #  include "cairo/cairo-features.h"
 #  include "mozilla/WindowsDllBlocklist.h"
 #  include "mozilla/WinHeaderOnlyUtils.h"
-#  include "mozilla/mscom/ProcessRuntime.h"
+#  include "mozilla/mscom/MainThreadRuntime.h"
 #  include "mozilla/widget/AudioSession.h"
 
 #  if defined(MOZ_LAUNCHER_PROCESS)
@@ -4803,7 +4803,7 @@ int XREMain::XRE_main(int argc, char* argv[], const BootstrapConfig& aConfig) {
   // trivial COM is run in the application. Since these settings may affect
   // stability, we should instantiate COM ASAP so that we can ensure that these
   // global settings are configured before anything can interfere.
-  mozilla::mscom::ProcessRuntime msCOMRuntime;
+  mozilla::mscom::MainThreadRuntime msCOMRuntime;
 #endif
 
   // init

widget/windows/JumpListBuilder.cpp

@@ -23,7 +23,7 @@
 #include "mozilla/ScopeExit.h"
 #include "mozilla/Unused.h"
 #include "mozilla/dom/Promise.h"
-#include "mozilla/mscom/ApartmentRegion.h"
+#include "mozilla/mscom/COMApartmentRegion.h"
 #include "mozilla/mscom/EnsureMTA.h"
 
 #include <shellapi.h>