It appears to be hard to fix some sources of >128 MiB messages (e.g. IndexedDB),
so revert back to a 256MiB limit for the short term.
MozReview-Commit-ID: Jg2tJnqWOtd
Disabled on Mac (content processes need to use plugin-container.app for
UI reasons) and on Linux unless --disable-sandboxing (build issues).
Based on work by George Wright <george@mozilla.com>.
--HG--
extra : amend_source : 43986e25743de21e3ddfb7893e3ed550fe6eef76
This also fixes a bug where we weren't setting parts of the policy correctly for levels 3 to 9.
MozReview-Commit-ID: IXsg2nGOqoa
--HG--
extra : rebase_source : 65c76a581dcd498c7d7d5b01e4f4e140acdb244f
Also fix a handle leak in mozilla::ipc::AnnotateProcessInformation().
MozReview-Commit-ID: DuepDytfoD2
--HG--
extra : rebase_source : 0b0dd05a3728e64962a774a2dcc35dc7646aa4dc
I want the EME device binding/nodeId code to be callable from gtests, as well
as in plugin-container. I need this because I want to add a gtest that ensures
that we don't regress the EME/GMP device binding code. I want to call the GMP
device binding code in the gtest and in the GMP process, and compare the
result.
So we need to make it possible to link the device binding code into the gtests
as well as plugin-container. So move all code that device binding calls into
librlz, to make it easier to link against all the code required.
Note: the device binding code needs to be statically linked into
plugin-container so that it's covered by the Adobe CDM's voucher tool.
MozReview-Commit-ID: AvBAe1dh49Z
--HG--
rename : ipc/app/sha256.c => dom/media/gmp/rlz/sha256.c
rename : ipc/app/sha256.h => dom/media/gmp/rlz/sha256.h
extra : rebase_source : f60f1e68649fa90cbe1f2fe09f5f69948444b1df
To enable string sharing, we're going to have helpful functions that
take a small, distinguishable, sharable string and construct a more
complete error message out of that. To do that easily with checkedRead,
we need to be able to pass custom parameters into the error function.
Actor reading from IPC message is codegen'd with a lot of repeated code.
We can improve that by moving the core actor reading code out of
subclasses into IProtocolmanager. While we still need to codegen a bit
of code to cast the read actor to the proper type, the code overall is
smaller. The lone downside is that if we do encounter an error reading
the actor id out of the message, the precision of our crash messages is
reduced somewhat: we no longer have the protocol name doing the reading,
nor do we get crash report annotations, since we can't tell whether
we're in the parent or child process.
IProtocolManager is templated over some listener type. In our IPDL
code, that type is always IProtocol, which is a subclass of
MessageListener. It's also important to note that IProtocol uses
protected inheritance from MessageListener; the generated code takes
advantage of this inheritance structure when it reads actors:
// ChannelListener is typedef'd to MessageListener
// Lookup here is IProtocolManager::Lookup
ChannelListener* listener = Lookup(id);
Lookup returns a pointer to the type over which IProtocolManager is
templated. As mentioned above, that type is always IProtocol. But
thanks to the containing class inheriting from *both* IProtocolManager
and IProtocol, the returned pointer can be silently upcasted to
MessageListener thanks to C++ visibility rules.
It's not clear that this restricted inheritance structure is actually
benefitting anybody, or that the inheritance hierarchy of protocol
classes is the best way to do things. This particular implementation
detail is getting in the way for the next improvement, so let's make the
protected inheritance public instead.
checkedRead is set up to single-quote whatever message is passed in.
This scheme works great for all existing messages, but it makes some
callsites a little surprising ("where's the matching quote?") and
doesn't work well with message changes to be made in future patches.
Let's move the quoting out to client code.
