Fairly straightforward, just a blanket removal. Haven't heard
anything on dev-platform or fx-data-dev regarding this removal,
so I think it's likely safe to remove on Nightly, and we can
revert if anyone makes a fuss.
As part of removing the HangMonitor, I renamed a few things and
reorganized the namespaces to not depend on a HangMonitor
namespace. Hopefully this doesn't produce too much noise in the
diff, it just seemed appropriate to move everything around
rather than keep dangling vestiges of the old system.
MozReview-Commit-ID: 8C8NFnOP5GU
--HG--
extra : rebase_source : a8840bd26f4b01b756ffa72345ababb625048550
This permits opening the DLL from the plugin sandbox under the USER_LIMITED sandbox setting (plugin sandbox level 3).
--HG--
extra : rebase_source : cf3719f7b418b3fcbb5244d06203836fd32e3900
extra : histedit_source : 9bacced088b9965cee10c871f3934980e0361dcc
The camera is blocked by the sandbox hardening in part 1. This intercepts and remotes the call to CreateMutexW that causes the camera to fail.
--HG--
extra : rebase_source : 9b1be5c95fda29ce7fe70287b7bb3e66d9562ebe
extra : histedit_source : 5b4d3c17eebb905c1f694489acb7b564ee98c875
Previously, all FunctionBrokers used the same global set of type marshalers to handle IPC. The marshaling behavior is endpoint-dependent so it is done with the EndpointHandler. This patch makes the EndpointHandler used by a specific RPC function into a template parameter to the function's FunctionBroker. It also divides up the current special type handling into two cases -- FileDlgEndpointHandler for plugin file dialog brokering, and SslEndpointHandler for SSL communication brokering.
--HG--
extra : rebase_source : 37e34564bd9dbb0ad8594d4803e7478ca0824b72
extra : histedit_source : 0b54e7b297495a93564090f2671ce76b5e926085
Instead of contending with the idiosyncracies of the platform implementations of condition variables, which have been leading to strange crashes, we hold this mutex as a ref-counted object and avoid complex object lifetime reasoning.
This patch was reviewed in parts, however the intermediate states would not build:
Bug 1443954 - Part 3A: Strip pointers from the argument to WriteParam and WriteIPDLParam before selecting the ParamTraits impl, r=froydnj
Bug 1443954 - Part 3B: Move nsIAlertNotification serialization to the refcounted system, r=bz
Bug 1443954 - Part 3C: Move geolocation serialization to the refcounted system, r=bz
Bug 1443954 - Part 3D: Move nsIInputStream serialization to the refcounted system, r=baku
Bug 1443954 - Part 3E: Move BlobImpl serialization to the refcounted system, r=baku
Bug 1443954 - Part 3F: Correctly implement ParamTraits for actors after the ParamTraits changes, r=froydnj
HookProtectedMode requires its nsWindowsDllInterceptor to last as long as the functions need to be overridden. This uses a static object instead of a local one.
--HG--
extra : rebase_source : 7ba3f2fc1e19f89936b7f7fa490554e9cf9b885c
Replace the boolean pref "security.sandbox.mac.flash.enabled"
with "dom.ipc.plugins.sandbox-level.flash" to support sandbox
levels and be consistent with the Windows pref name.
Adds filesystem read access to the sandbox using sandbox extensions
granted by the file dialog machinery (level 1).
Add support for level 2 which blocks read access.
Allow the sandbox to be disabled with MOZ_DISABLE_NPAPI_SANDBOX.
MozReview-Commit-ID: 4rfobEoxQpF
--HG--
extra : rebase_source : 05dc54b46063967e959bc3fced21c61e5463de48
Replace the boolean pref "security.sandbox.mac.flash.enabled"
with "dom.ipc.plugins.sandbox-level.flash" to support sandbox
levels and be consistent with the Windows pref name.
Adds filesystem read access to the sandbox using sandbox extensions
granted by the file dialog machinery (level 1).
Add support for level 2 which blocks read access.
Allow the sandbox to be disabled with MOZ_DISABLE_NPAPI_SANDBOX.
MozReview-Commit-ID: 4rfobEoxQpF
--HG--
extra : rebase_source : 87f2f00867c4522ae3102abbc44fd05db63c7ec7
Removing #define XRE_DONT_PROTECT_DLL_LOAD from plugin-container.cpp and xpcshell.cpp allows the #included nsWindowsWMain.cpp to protect DLL loads much earlier in the plugin process startup.
MozReview-Commit-ID: HbgyfvljvFs
--HG--
extra : rebase_source : dccdabb2e5bee4472d5aef9400a58cb0e397c112
extra : histedit_source : da248fc6fbdf96f30979f3a0396aefcf4bfcd5d9
This code was added in bug 607832 to work around a Shockwave Player bug where it tries to load some DLLs from the current directory, but the current directory is not the one it expects. We no longer support the Shockwave Player plugin, so this workaround is no longer necessary and we can always call SetDllDirectory("") to remove the current directory from the DLL search path.
MozReview-Commit-ID: C4MjB1SkZE3
--HG--
extra : rebase_source : 6473ca88db6bee484c3c97669dca39daf31b438e
extra : histedit_source : f4abb901979b07f0aa346508773a8e65f47451cd
The Monitor's Wait call is subject to spurious waking and needed a condition guard (I just use a boolean) to detect if it should not have been awakened. Additionally, the ok value was being assigned after the Notify, despite it no longer being valid on this thread.
CleanupFromTimeout is (transitively) recursing in calls to Close(), as that now leads to shutting down the plugin broker thread and CleanupFromTimeout was being rerun since nsThread::Shutdown runs tasks..
The Monitor's condition variable could be notified before the calling thread had begun to Wait for it. This caused the Notify to be missed, leading to hangs. By grabbing the Monitor in PostToDispatchHelper, we know Wait has been called because, otherwise, the calling thread would still hold the Monitor.
Includes the build changes made by the earlier patches in this series. Also adds some #includes required by other files when these are added to the unified build.
The FunctionBroker is a special kind of FunctionHook that brokers the hooked function on another process. In the child process, it uses the FunctionBrokerChild to request that the FunctionBrokerParent run a function and return the response. It handles most cases of parameter, return value and error marshaling on its own. It also guarantees that requests are issued from the proper thread.
The FunctionBroker actors allow the NPAPI process (child) to run methods on the main process (parent). Both the parent and the child run dedicated threads for this task -- this is a top-level protocol.
IpdlTuple is an array of Variants that is accessed by type and that reports an error if there is a type error. This is used for safe and easy communication of IPDL objects, validated at run time since IPC data is untrusted.
We have not been initializing or shutting down XPCOM in the plugin process. We need the nsThreadManager for this bug but, more importantly, we need to properly shut down XPCOM in order to get things like handlers connected to the ShutdownPhases (e.g. ClearOnShutdown, used to free resources at process end).
This patch includes some work to make services that are uninitialized in the plugin process to handle Shutdown calls without failing.
The shutdown path has a way to free the sObjectMap before all plugin references to it have been executed. It does this by scheduling a DeferNPObjectReleaseRunnable, then shutting down the plugin with PluginInstanceChild::Destroy. This patch keeps the runnable from failing in that case.
PluginMessageUtils.h was bootlegging base/shared_memory.h via transport_dib.h
MozReview-Commit-ID: CPGxu2lpdj0
--HG--
extra : rebase_source : 796c747a4a125dddc2a0685f1e0d0152ac3ef74f