Adds a PipeWire based camera support that was recently merged into
WebRTC. This should be an experimental feature for now and therefore it
is kept behind a config option.
Differential Revision: https://phabricator.services.mozilla.com/D176625
Adds a PipeWire based camera support that was recently merged into
WebRTC. This should be an experimental feature for now and therefore it
is kept behind a config option.
Differential Revision: https://phabricator.services.mozilla.com/D176625
This should avoid potential fuzzing-only issues which would be caused by
the actor being torn down synchronously after a FatalError or KillHard.
Instead, the state is set to error synchronously, blocking all further
message sending/receiving, and the notification is made async, similar
to how it is handled for normal channel errors.
Differential Revision: https://phabricator.services.mozilla.com/D180254
It is, in fact, pulled instead of security/sandbox/chromium's when
building the sandbox, because the ipc code is used virtually everywhere.
We're better off with one less copy of the file, especially in such
ubiquitous code.
Incidentally, the sandbox code also needed ipc's for its use of
EnvironmentMap.h, which now doesn't require it.
Differential Revision: https://phabricator.services.mozilla.com/D180055
Use a new executable for the GMP process named "<App Name> Media Plugin Helper" so that the content processes (using the plugin-container executable) and the GMP process can be signed with different entitlements allowing for the use of more secure entitlements.
In order for the new executable to load the Widevine plugin, a change is needed in the codesigning infrastructure repo to generate the .sig file for the new executable.
To get the security benefits of using a new executable for GMP, additional changes are needed in the codesigning infrastructure repo to enable signing plugin-container and the new executable with a reduced set of entitlements.
The executable is a copy of plugin-container renamed as "<App Name> Media Plugin Helper" so it appears with a user friendly name in Activity Monitor. For example, "Firefox Media Plugin Helper". (The GMP process runs with limited privileges preventing it from setting its own "nice" process name.)
Pref off the change until the .sig file change lands and media playback has been validated on production builds.
Differential Revision: https://phabricator.services.mozilla.com/D175796
This patch changes KillHard() such that the IPC channel is immediately
shut down with an error after a KillHard() is performed. This is done by
fixing the previously-broken CLOSE_CHANNEL_WITH_ERROR support in
ShutDownProcess, and calling that method after KillHard().
This ensures that after the process has been killed, no further messages
will be delivered and processed, even if they were sent before the
process was killed.
In addition, the assertions and KillHard calls which are disabled for
fuzzing were changed to also shut down the channel, making fuzzing IPC
errors cause the connection to be terminated like it is in production
for these actors.
This change does not impact actors which ignore processing errors.
Differential Revision: https://phabricator.services.mozilla.com/D178383
This refactoring cleans up some dead code, and makes some semantic
changes to how the MessageChannel lifecycle is handled.
These changes ensure that messages which were sent by a peer before the
GOODBYE message will be delivered, without allowing messages sent after
the GOODBYE message (e.g. by a misbehaving process) to be delivered.
The lifecycle and shutdown states were simplified, and moved to be
entirely in MessageChannel, rather than split between MessageChannel and
MessageLink.
The dead-code ChannelTimeout error state was removed, along with the
corresponding CloseWithTimeout method.
The CloseWithError method was updated to behave more consistently with
the normal Close method, synchronously triggering a connection error,
and closing the MessageLink. This method is currently unused, but will
useful in the future for handling processing errors.
Differential Revision: https://phabricator.services.mozilla.com/D178382
