mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 23:35:34 +00:00
db0019c058
IPCBlobInputStream is a new type of nsIInputStream that is used only in content process when a Blob is sent from parent to child. This inputStream is for now, just cloneable. When the parent process sends a Blob to a content process, it has the Blob and its inputStream. With its inputStream it creates a IPCBlobInputStreamParent actor. This actor keeps the inputStream alive for following uses (not part of this patch). On the child side we will have, of course, a IPCBlobInputStreamChild actor. This actor is able to create a IPCBlobInputStream when CreateStream() is called. This means that 1 IPCBlobInputStreamChild can manage multiple IPCBlobInputStreams each time one of them is cloned. When the last one of this stream is released, the child actor sends a __delete__ request to the parent side; the parent will be deleted, and the original inputStream, on the parent side, will be released as well. IPCBlobInputStream is a special inputStream because each method, except for Available() fails. Basically, this inputStream cannot be used on the content process for nothing else than knowing the size of the original stream. In the following patches, I'll introduce an async way to use it.
386 lines
12 KiB
C++
386 lines
12 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsIContentParent.h"
|
|
|
|
#include "mozilla/Preferences.h"
|
|
#include "mozilla/dom/File.h"
|
|
#include "mozilla/dom/ContentParent.h"
|
|
#include "mozilla/dom/ContentBridgeParent.h"
|
|
#include "mozilla/dom/ContentProcessManager.h"
|
|
#include "mozilla/dom/PTabContext.h"
|
|
#include "mozilla/dom/PermissionMessageUtils.h"
|
|
#include "mozilla/dom/TabParent.h"
|
|
#include "mozilla/dom/ipc/BlobParent.h"
|
|
#include "mozilla/dom/ipc/IPCBlobInputStreamParent.h"
|
|
#include "mozilla/dom/ipc/MemoryStreamParent.h"
|
|
#include "mozilla/dom/ipc/StructuredCloneData.h"
|
|
#include "mozilla/jsipc/CrossProcessObjectWrappers.h"
|
|
#include "mozilla/ipc/FileDescriptorSetParent.h"
|
|
#include "mozilla/ipc/PFileDescriptorSetParent.h"
|
|
#include "mozilla/ipc/IPCStreamAlloc.h"
|
|
#include "mozilla/ipc/IPCStreamDestination.h"
|
|
#include "mozilla/ipc/IPCStreamSource.h"
|
|
#include "mozilla/Unused.h"
|
|
|
|
#include "nsFrameMessageManager.h"
|
|
#include "nsIWebBrowserChrome.h"
|
|
#include "nsPrintfCString.h"
|
|
#include "xpcpublic.h"
|
|
|
|
using namespace mozilla::jsipc;
|
|
|
|
// XXX need another bug to move this to a common header.
|
|
#ifdef DISABLE_ASSERTS_FOR_FUZZING
|
|
#define ASSERT_UNLESS_FUZZING(...) do { } while (0)
|
|
#else
|
|
#define ASSERT_UNLESS_FUZZING(...) MOZ_ASSERT(false, __VA_ARGS__)
|
|
#endif
|
|
|
|
namespace mozilla {
|
|
namespace dom {
|
|
|
|
nsIContentParent::nsIContentParent()
|
|
{
|
|
mMessageManager = nsFrameMessageManager::NewProcessMessageManager(true);
|
|
}
|
|
|
|
ContentParent*
|
|
nsIContentParent::AsContentParent()
|
|
{
|
|
MOZ_ASSERT(IsContentParent());
|
|
return static_cast<ContentParent*>(this);
|
|
}
|
|
|
|
ContentBridgeParent*
|
|
nsIContentParent::AsContentBridgeParent()
|
|
{
|
|
MOZ_ASSERT(IsContentBridgeParent());
|
|
return static_cast<ContentBridgeParent*>(this);
|
|
}
|
|
|
|
PJavaScriptParent*
|
|
nsIContentParent::AllocPJavaScriptParent()
|
|
{
|
|
return NewJavaScriptParent();
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPJavaScriptParent(PJavaScriptParent* aParent)
|
|
{
|
|
ReleaseJavaScriptParent(aParent);
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::CanOpenBrowser(const IPCTabContext& aContext)
|
|
{
|
|
// (PopupIPCTabContext lets the child process prove that it has access to
|
|
// the app it's trying to open.)
|
|
// On e10s we also allow UnsafeTabContext to allow service workers to open
|
|
// windows. This is enforced in MaybeInvalidTabContext.
|
|
if (aContext.type() != IPCTabContext::TPopupIPCTabContext &&
|
|
aContext.type() != IPCTabContext::TUnsafeIPCTabContext) {
|
|
ASSERT_UNLESS_FUZZING("Unexpected IPCTabContext type. Aborting AllocPBrowserParent.");
|
|
return false;
|
|
}
|
|
|
|
if (aContext.type() == IPCTabContext::TPopupIPCTabContext) {
|
|
const PopupIPCTabContext& popupContext = aContext.get_PopupIPCTabContext();
|
|
if (popupContext.opener().type() != PBrowserOrId::TPBrowserParent) {
|
|
ASSERT_UNLESS_FUZZING("Unexpected PopupIPCTabContext type. Aborting AllocPBrowserParent.");
|
|
return false;
|
|
}
|
|
|
|
auto opener = TabParent::GetFrom(popupContext.opener().get_PBrowserParent());
|
|
if (!opener) {
|
|
ASSERT_UNLESS_FUZZING("Got null opener from child; aborting AllocPBrowserParent.");
|
|
return false;
|
|
}
|
|
|
|
// Popup windows of isMozBrowserElement frames must be isMozBrowserElement if
|
|
// the parent isMozBrowserElement. Allocating a !isMozBrowserElement frame with
|
|
// same app ID would allow the content to access data it's not supposed to.
|
|
if (!popupContext.isMozBrowserElement() && opener->IsMozBrowserElement()) {
|
|
ASSERT_UNLESS_FUZZING("Child trying to escalate privileges! Aborting AllocPBrowserParent.");
|
|
return false;
|
|
}
|
|
}
|
|
|
|
MaybeInvalidTabContext tc(aContext);
|
|
if (!tc.IsValid()) {
|
|
NS_ERROR(nsPrintfCString("Child passed us an invalid TabContext. (%s) "
|
|
"Aborting AllocPBrowserParent.",
|
|
tc.GetInvalidReason()).get());
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
PBrowserParent*
|
|
nsIContentParent::AllocPBrowserParent(const TabId& aTabId,
|
|
const TabId& aSameTabGroupAs,
|
|
const IPCTabContext& aContext,
|
|
const uint32_t& aChromeFlags,
|
|
const ContentParentId& aCpId,
|
|
const bool& aIsForBrowser)
|
|
{
|
|
MOZ_ASSERT(!aSameTabGroupAs);
|
|
|
|
Unused << aCpId;
|
|
Unused << aIsForBrowser;
|
|
|
|
if (!CanOpenBrowser(aContext)) {
|
|
return nullptr;
|
|
}
|
|
|
|
uint32_t chromeFlags = aChromeFlags;
|
|
TabId openerTabId(0);
|
|
if (aContext.type() == IPCTabContext::TPopupIPCTabContext) {
|
|
// CanOpenBrowser has ensured that the IPCTabContext is of
|
|
// type PopupIPCTabContext, and that the opener TabParent is
|
|
// reachable.
|
|
const PopupIPCTabContext& popupContext = aContext.get_PopupIPCTabContext();
|
|
auto opener = TabParent::GetFrom(popupContext.opener().get_PBrowserParent());
|
|
openerTabId = opener->GetTabId();
|
|
|
|
// We must ensure that the private browsing and remoteness flags
|
|
// match those of the opener.
|
|
nsCOMPtr<nsILoadContext> loadContext = opener->GetLoadContext();
|
|
if (!loadContext) {
|
|
return nullptr;
|
|
}
|
|
|
|
bool isPrivate;
|
|
loadContext->GetUsePrivateBrowsing(&isPrivate);
|
|
if (isPrivate) {
|
|
chromeFlags |= nsIWebBrowserChrome::CHROME_PRIVATE_WINDOW;
|
|
}
|
|
}
|
|
|
|
if (openerTabId > 0 ||
|
|
aContext.type() == IPCTabContext::TUnsafeIPCTabContext) {
|
|
// Creation of PBrowser triggered from grandchild process is currently
|
|
// broken and not supported (i.e. this code path doesn't work in
|
|
// ContentBridgeParent).
|
|
//
|
|
// If you're working on fixing the code path for ContentBridgeParent,
|
|
// remember to handle the remote frame registration below carefully as it
|
|
// has to be registered in parent process.
|
|
MOZ_ASSERT(XRE_IsParentProcess());
|
|
if (!XRE_IsParentProcess()) {
|
|
return nullptr;
|
|
}
|
|
|
|
// The creation of PBrowser was triggered from content process through
|
|
// either window.open() or service worker's openWindow().
|
|
// We need to register remote frame with the child generated tab id.
|
|
ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
|
|
if (!cpm->RegisterRemoteFrame(aTabId, openerTabId, aContext, aCpId)) {
|
|
return nullptr;
|
|
}
|
|
}
|
|
|
|
// And because we're allocating a remote browser, of course the
|
|
// window is remote.
|
|
chromeFlags |= nsIWebBrowserChrome::CHROME_REMOTE_WINDOW;
|
|
|
|
MaybeInvalidTabContext tc(aContext);
|
|
MOZ_ASSERT(tc.IsValid());
|
|
TabParent* parent = new TabParent(this, aTabId, tc.GetTabContext(), chromeFlags);
|
|
|
|
// We release this ref in DeallocPBrowserParent()
|
|
NS_ADDREF(parent);
|
|
return parent;
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPBrowserParent(PBrowserParent* aFrame)
|
|
{
|
|
TabParent* parent = TabParent::GetFrom(aFrame);
|
|
NS_RELEASE(parent);
|
|
return true;
|
|
}
|
|
|
|
PBlobParent*
|
|
nsIContentParent::AllocPBlobParent(const BlobConstructorParams& aParams)
|
|
{
|
|
return BlobParent::Create(this, aParams);
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPBlobParent(PBlobParent* aActor)
|
|
{
|
|
BlobParent::Destroy(aActor);
|
|
return true;
|
|
}
|
|
|
|
PMemoryStreamParent*
|
|
nsIContentParent::AllocPMemoryStreamParent(const uint64_t& aSize)
|
|
{
|
|
return new MemoryStreamParent(aSize);
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPMemoryStreamParent(PMemoryStreamParent* aActor)
|
|
{
|
|
delete aActor;
|
|
return true;
|
|
}
|
|
|
|
PIPCBlobInputStreamParent*
|
|
nsIContentParent::AllocPIPCBlobInputStreamParent(const nsID& aID,
|
|
const uint64_t& aSize)
|
|
{
|
|
MOZ_CRASH("PIPCBlobInputStreamParent actors should be manually constructed!");
|
|
return nullptr;
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPIPCBlobInputStreamParent(PIPCBlobInputStreamParent* aActor)
|
|
{
|
|
delete aActor;
|
|
return true;
|
|
}
|
|
|
|
BlobParent*
|
|
nsIContentParent::GetOrCreateActorForBlob(Blob* aBlob)
|
|
{
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
MOZ_ASSERT(aBlob);
|
|
|
|
RefPtr<BlobImpl> blobImpl = aBlob->Impl();
|
|
MOZ_ASSERT(blobImpl);
|
|
|
|
return GetOrCreateActorForBlobImpl(blobImpl);
|
|
}
|
|
|
|
BlobParent*
|
|
nsIContentParent::GetOrCreateActorForBlobImpl(BlobImpl* aImpl)
|
|
{
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
MOZ_ASSERT(aImpl);
|
|
|
|
BlobParent* actor = BlobParent::GetOrCreate(this, aImpl);
|
|
NS_ENSURE_TRUE(actor, nullptr);
|
|
|
|
return actor;
|
|
}
|
|
|
|
mozilla::ipc::IPCResult
|
|
nsIContentParent::RecvSyncMessage(const nsString& aMsg,
|
|
const ClonedMessageData& aData,
|
|
InfallibleTArray<CpowEntry>&& aCpows,
|
|
const IPC::Principal& aPrincipal,
|
|
nsTArray<ipc::StructuredCloneData>* aRetvals)
|
|
{
|
|
NS_LossyConvertUTF16toASCII messageNameCStr(aMsg);
|
|
PROFILER_LABEL_DYNAMIC("nsIContentParent", "RecvSyncMessage",
|
|
js::ProfileEntry::Category::EVENTS,
|
|
messageNameCStr.get());
|
|
|
|
CrossProcessCpowHolder cpows(this, aCpows);
|
|
RefPtr<nsFrameMessageManager> ppm = mMessageManager;
|
|
if (ppm) {
|
|
ipc::StructuredCloneData data;
|
|
ipc::UnpackClonedMessageDataForParent(aData, data);
|
|
|
|
ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), nullptr,
|
|
aMsg, true, &data, &cpows, aPrincipal, aRetvals);
|
|
}
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult
|
|
nsIContentParent::RecvRpcMessage(const nsString& aMsg,
|
|
const ClonedMessageData& aData,
|
|
InfallibleTArray<CpowEntry>&& aCpows,
|
|
const IPC::Principal& aPrincipal,
|
|
nsTArray<ipc::StructuredCloneData>* aRetvals)
|
|
{
|
|
NS_LossyConvertUTF16toASCII messageNameCStr(aMsg);
|
|
PROFILER_LABEL_DYNAMIC("nsIContentParent", "RecvRpcMessage",
|
|
js::ProfileEntry::Category::EVENTS,
|
|
messageNameCStr.get());
|
|
|
|
CrossProcessCpowHolder cpows(this, aCpows);
|
|
RefPtr<nsFrameMessageManager> ppm = mMessageManager;
|
|
if (ppm) {
|
|
ipc::StructuredCloneData data;
|
|
ipc::UnpackClonedMessageDataForParent(aData, data);
|
|
|
|
ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), nullptr,
|
|
aMsg, true, &data, &cpows, aPrincipal, aRetvals);
|
|
}
|
|
return IPC_OK();
|
|
}
|
|
|
|
PFileDescriptorSetParent*
|
|
nsIContentParent::AllocPFileDescriptorSetParent(const FileDescriptor& aFD)
|
|
{
|
|
return new FileDescriptorSetParent(aFD);
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPFileDescriptorSetParent(PFileDescriptorSetParent* aActor)
|
|
{
|
|
delete static_cast<FileDescriptorSetParent*>(aActor);
|
|
return true;
|
|
}
|
|
|
|
PChildToParentStreamParent*
|
|
nsIContentParent::AllocPChildToParentStreamParent()
|
|
{
|
|
return mozilla::ipc::AllocPChildToParentStreamParent();
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPChildToParentStreamParent(PChildToParentStreamParent* aActor)
|
|
{
|
|
delete aActor;
|
|
return true;
|
|
}
|
|
|
|
PParentToChildStreamParent*
|
|
nsIContentParent::AllocPParentToChildStreamParent()
|
|
{
|
|
MOZ_CRASH("PParentToChildStreamChild actors should be manually constructed!");
|
|
}
|
|
|
|
bool
|
|
nsIContentParent::DeallocPParentToChildStreamParent(PParentToChildStreamParent* aActor)
|
|
{
|
|
delete aActor;
|
|
return true;
|
|
}
|
|
|
|
mozilla::ipc::IPCResult
|
|
nsIContentParent::RecvAsyncMessage(const nsString& aMsg,
|
|
InfallibleTArray<CpowEntry>&& aCpows,
|
|
const IPC::Principal& aPrincipal,
|
|
const ClonedMessageData& aData)
|
|
{
|
|
NS_LossyConvertUTF16toASCII messageNameCStr(aMsg);
|
|
PROFILER_LABEL_DYNAMIC("nsIContentParent", "RecvAsyncMessage",
|
|
js::ProfileEntry::Category::EVENTS,
|
|
messageNameCStr.get());
|
|
|
|
CrossProcessCpowHolder cpows(this, aCpows);
|
|
RefPtr<nsFrameMessageManager> ppm = mMessageManager;
|
|
if (ppm) {
|
|
ipc::StructuredCloneData data;
|
|
ipc::UnpackClonedMessageDataForParent(aData, data);
|
|
|
|
ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), nullptr,
|
|
aMsg, false, &data, &cpows, aPrincipal, nullptr);
|
|
}
|
|
return IPC_OK();
|
|
}
|
|
|
|
} // namespace dom
|
|
} // namespace mozilla
|