Back out bug 786631

2024-11-28 15:23:51 +00:00 · 2013-01-17 12:49:56 -08:00 · 2013-01-17 12:49:56 -08:00 · d6f21e8891
commit d6f21e8891
parent 75253fec80
8 changed files with 16 additions and 55 deletions
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@ -22,7 +22,6 @@
 #include "mozilla/dom/StorageChild.h"
 #include "mozilla/Hal.h"
 #include "mozilla/hal_sandbox/PHalChild.h"
-#include "mozilla/ipc/GeckoChildProcessHost.h"
 #include "mozilla/ipc/TestShellChild.h"
 #include "mozilla/ipc/XPCShellEnvironment.h"
 #include "mozilla/jsipc/PContextWrapperChild.h"
@ -505,17 +504,6 @@ ContentChild::AllocPImageBridge(mozilla::ipc::Transport* aTransport,
    return ImageBridgeChild::StartUpInChildProcess(aTransport, aOtherProcess);
 }

-bool
-ContentChild::RecvSetProcessPrivileges(const ChildPrivileges& aPrivs)
-{
-  ChildPrivileges privs = (aPrivs == PRIVILEGES_DEFAULT) ?
-                          GeckoChildProcessHost::DefaultChildPrivileges() :
-                          aPrivs;
-  // If this fails, we die.
-  SetCurrentProcessPrivileges(privs);
-  return true;
-}
-
 static CancelableTask* sFirstIdleTask;

 static void FirstIdle(void)
--- a/dom/ipc/ContentChild.h
+++ b/dom/ipc/ContentChild.h
@ -80,8 +80,6 @@ public:
    AllocPImageBridge(mozilla::ipc::Transport* aTransport,
                      base::ProcessId aOtherProcess) MOZ_OVERRIDE;

-    virtual bool RecvSetProcessPrivileges(const ChildPrivileges& aPrivs);
-
    virtual PBrowserChild* AllocPBrowser(const IPCTabContext &aContext,
                                         const uint32_t &chromeFlags);
    virtual bool DeallocPBrowser(PBrowserChild*);
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -222,9 +222,7 @@ ContentParent::PreallocateAppProcess()
    sPreallocatedAppProcess =
        new ContentParent(MAGIC_PREALLOCATED_APP_MANIFEST_URL,
                          /*isBrowserElement=*/false,
-                          // Final privileges are set when we
-                          // transform into our app.
-                          base::PRIVILEGES_INHERIT);
+                          base::PRIVILEGES_DEFAULT);
    sPreallocatedAppProcess->Init();
 }

@ -442,14 +440,20 @@ ContentParent::CreateBrowserOrApp(const TabContext& aContext)
    nsRefPtr<ContentParent> p = gAppContentParents->Get(manifestURL);
    if (!p) {
        ChildPrivileges privs = PrivilegesForApp(ownApp);
-        p = MaybeTakePreallocatedAppProcess();
-        if (p) {
-            p->TransformPreallocatedIntoApp(manifestURL, privs);            
-        } else {
-            NS_WARNING("Unable to use pre-allocated app process");
+        if (privs != base::PRIVILEGES_DEFAULT) {
            p = new ContentParent(manifestURL, /* isBrowserElement = */ false,
                                  privs);
            p->Init();
+        } else {
+            p = MaybeTakePreallocatedAppProcess();
+            if (p) {
+                p->SetManifestFromPreallocated(manifestURL);
+            } else {
+                NS_WARNING("Unable to use pre-allocated app process");
+                p = new ContentParent(manifestURL, /* isBrowserElement = */ false,
+                                      base::PRIVILEGES_DEFAULT);
+                p->Init();
+            }
        }
        gAppContentParents->Put(manifestURL, p);
    }
@ -532,15 +536,12 @@ ContentParent::Init()
 }

 void
-ContentParent::TransformPreallocatedIntoApp(const nsAString& aAppManifestURL,
-                                            ChildPrivileges aPrivs)
+ContentParent::SetManifestFromPreallocated(const nsAString& aAppManifestURL)
 {
    MOZ_ASSERT(mAppManifestURL == MAGIC_PREALLOCATED_APP_MANIFEST_URL);
    // Clients should think of mAppManifestURL as const ... we're
    // bending the rules here just for the preallocation hack.
    const_cast<nsString&>(mAppManifestURL) = aAppManifestURL;
-    // If this fails, the child process died.
-    unused << SendSetProcessPrivileges(aPrivs);
 }

 void
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@ -178,8 +178,7 @@ private:

    // Transform a pre-allocated app process into a "real" app
    // process, for the specified manifest URL.
-    void TransformPreallocatedIntoApp(const nsAString& aAppManifestURL,
-                                      ChildPrivileges aPrivs);
+    void SetManifestFromPreallocated(const nsAString& aAppManifestURL);

    /**
     * Mark this ContentParent as dead for the purposes of Get*().
--- a/dom/ipc/PContent.ipdl
+++ b/dom/ipc/PContent.ipdl
@ -35,7 +35,6 @@ using PrefTuple;
 using ChromePackage;
 using ResourceMapping;
 using OverrideMapping;
-using base::ChildPrivileges;
 using IPC::Permission;
 using IPC::Principal;
 using mozilla::null_t;
@ -244,13 +243,6 @@ both:
    async PBlob(BlobConstructorParams params);

 child:
-    /**
-     * Update OS process privileges to |privs|.  Can usually only be
-     * performed zero or one times.  The child will abnormally exit if
-     * the privilege update fails.
-     */
-    async SetProcessPrivileges(ChildPrivileges privs);
-
    PMemoryReportRequest();

    /**
--- a/ipc/glue/GeckoChildProcessHost.cpp
+++ b/ipc/glue/GeckoChildProcessHost.cpp
@ -74,14 +74,6 @@ struct RunnableMethodTraits<GeckoChildProcessHost>
    static void ReleaseCallee(GeckoChildProcessHost* obj) { }
 };

-/*static*/
-base::ChildPrivileges
-GeckoChildProcessHost::DefaultChildPrivileges()
-{
-  return (kLowRightsSubprocesses ?
-          base::PRIVILEGES_UNPRIVILEGED : base::PRIVILEGES_INHERIT);
-}
-
 GeckoChildProcessHost::GeckoChildProcessHost(GeckoProcessType aProcessType,
                                             ChildPrivileges aPrivileges)
  : ChildProcessHost(RENDER_PROCESS), // FIXME/cjones: we should own this enum
@ -498,7 +490,8 @@ GeckoChildProcessHost::PerformAsyncLaunchInternal(std::vector<std::string>& aExt
  base::environment_map newEnvVars;
  ChildPrivileges privs = mPrivileges;
  if (privs == base::PRIVILEGES_DEFAULT) {
-    privs = DefaultChildPrivileges();
+    privs = kLowRightsSubprocesses ?
+            base::PRIVILEGES_UNPRIVILEGED : base::PRIVILEGES_INHERIT;
  }
  // XPCOM may not be initialized in some subprocesses.  We don't want
  // to initialize XPCOM just for the directory service, especially
--- a/ipc/glue/GeckoChildProcessHost.h
+++ b/ipc/glue/GeckoChildProcessHost.h
@ -29,8 +29,6 @@ public:
  typedef base::ChildPrivileges ChildPrivileges;
  typedef base::ProcessHandle ProcessHandle;

-  static ChildPrivileges DefaultChildPrivileges();
-
  GeckoChildProcessHost(GeckoProcessType aProcessType,
                        ChildPrivileges aPrivileges=base::PRIVILEGES_DEFAULT);

--- a/ipc/glue/IPCMessageUtils.h
+++ b/ipc/glue/IPCMessageUtils.h
@ -7,7 +7,6 @@
 #ifndef __IPC_GLUE_IPCMESSAGEUTILS_H__
 #define __IPC_GLUE_IPCMESSAGEUTILS_H__

-#include "base/process_util.h"
 #include "chrome/common/ipc_message_utils.h"

 #include "mozilla/TimeStamp.h"
@ -148,13 +147,6 @@ struct EnumSerializer {
  }
 };

-template <>
-struct ParamTraits<base::ChildPrivileges>
-  : public EnumSerializer<base::ChildPrivileges,
-                          base::PRIVILEGES_DEFAULT,
-                          base::PRIVILEGES_LAST>
-{ };
-
 template<>
 struct ParamTraits<int8_t>
 {