search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge mozilla-central to autoland on a CLOSED TREE
[gecko.git] / ipc / glue / GeckoChildProcessHost.h
blob6820f62b275e89a829d1bd4e25c6dcaa04b45425
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
8 #define __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
9
10 #include "base/file_path.h"
11 #include "base/process_util.h"
12 #include "base/waitable_event.h"
13 #include "chrome/common/ipc_message.h"
14 #include "mojo/core/ports/port_ref.h"
15
16 #include "mozilla/ipc/Endpoint.h"
17 #include "mozilla/ipc/FileDescriptor.h"
18 #include "mozilla/ipc/NodeChannel.h"
19 #include "mozilla/ipc/LaunchError.h"
20 #include "mozilla/ipc/ScopedPort.h"
21 #include "mozilla/Atomics.h"
22 #include "mozilla/Buffer.h"
23 #include "mozilla/LinkedList.h"
24 #include "mozilla/Monitor.h"
25 #include "mozilla/MozPromise.h"
26 #include "mozilla/RWLock.h"
27 #include "mozilla/StaticMutex.h"
28 #include "mozilla/StaticPtr.h"
29 #include "mozilla/UniquePtr.h"
30
31 #include "nsCOMPtr.h"
32 #include "nsExceptionHandler.h"
33 #include "nsXULAppAPI.h" // for GeckoProcessType
34 #include "nsString.h"
35
36 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
37 # include "sandboxBroker.h"
38 #endif
39
40 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
41 # include "mozilla/Sandbox.h"
42 #endif
43
44 #if defined(MOZ_SANDBOX)
45 # include "mozilla/ipc/UtilityProcessSandboxing.h"
46 #endif
47
48 #if (defined(XP_WIN) && defined(_ARM64_)) || \
49 (defined(XP_MACOSX) && defined(__aarch64__))
50 # define ALLOW_GECKO_CHILD_PROCESS_ARCH
51 #endif
52
53 struct _MacSandboxInfo;
54 typedef _MacSandboxInfo MacSandboxInfo;
55
56 namespace mozilla {
57 namespace ipc {
58
59 typedef mozilla::MozPromise<base::ProcessHandle, LaunchError, false>
60 ProcessHandlePromise;
61
62 class GeckoChildProcessHost : public SupportsWeakPtr,
63 public LinkedListElement<GeckoChildProcessHost> {
64 protected:
65 typedef mozilla::Monitor Monitor;
66 typedef std::vector<std::string> StringVector;
67
68 public:
69 using ProcessId = base::ProcessId;
70 using ProcessHandle = base::ProcessHandle;
71
72 explicit GeckoChildProcessHost(GeckoProcessType aProcessType,
73 bool aIsFileContent = false);
74
75 // Causes the object to be deleted, on the I/O thread, after any
76 // pending asynchronous work (like launching) is complete. This
77 // method can be called from any thread. If called from the I/O
78 // thread itself, deletion won't happen until the event loop spins;
79 // otherwise, it could happen immediately.
80 //
81 // GeckoChildProcessHost instances must not be deleted except
82 // through this method.
83 void Destroy();
84
85 static uint32_t GetUniqueID();
86
87 // Call this before launching to set an environment variable for the
88 // child process. The arguments must be UTF-8.
89 void SetEnv(const char* aKey, const char* aValue);
90
91 // Does not block. The IPC channel may not be initialized yet, and
92 // the child process may or may not have been created when this
93 // method returns.
94 bool AsyncLaunch(StringVector aExtraOpts = StringVector());
95
96 virtual bool WaitUntilConnected(int32_t aTimeoutMs = 0);
97
98 // Block until the IPC channel for our subprocess is initialized and
99 // the OS process is created. The subprocess may or may not have
100 // connected back to us when this method returns.
101 //
102 // NB: on POSIX, this method is relatively cheap, and doesn't
103 // require disk IO. On win32 however, it requires at least the
104 // analogue of stat(). This difference induces a semantic
105 // difference in this method: on POSIX, when we return, we know the
106 // subprocess has been created, but we don't know whether its
107 // executable image can be loaded. On win32, we do know that when
108 // we return. But we don't know if dynamic linking succeeded on
109 // either platform.
110 bool LaunchAndWaitForProcessHandle(StringVector aExtraOpts = StringVector());
111 bool WaitForProcessHandle();
112
113 // Block until the child process has been created and it connects to
114 // the IPC channel, meaning it's fully initialized. (Or until an
115 // error occurs.)
116 bool SyncLaunch(StringVector aExtraOpts = StringVector(),
117 int32_t timeoutMs = 0);
118
119 virtual void OnChannelConnected(base::ProcessId peer_pid);
120
121 // Resolves to the process handle when it's available (see
122 // LaunchAndWaitForProcessHandle); use with AsyncLaunch.
123 RefPtr<ProcessHandlePromise> WhenProcessHandleReady();
124
125 void InitializeChannel(IPC::Channel::ChannelHandle&& aServerHandle);
126
127 virtual bool CanShutdown() { return true; }
128
129 UntypedEndpoint TakeInitialEndpoint() {
130 return UntypedEndpoint{PrivateIPDLInterface{}, std::move(mInitialPort),
131 mInitialChannelId, base::GetCurrentProcId(),
132 GetChildProcessId()};
133 }
134
135 // Returns a "borrowed" handle to the child process - the handle returned
136 // by this function must not be closed by the caller. The handle is also
137 // not guaranteed to remain valid; if the caller is using it for anything
138 // more than logging or asserting non-null, it will need to deal with
139 // synchronization.
140 //
141 // Warning: the null value here is 0, not kInvalidProcessHandle.
142 ProcessHandle GetChildProcessHandle();
143
144 // Returns the child's process ID; as for GetChildProcessHandle, there is
145 // no inherent guarantee that it will remain valid or continue to
146 // reference the same process.
147 //
148 // The null value here is also 0; this matches the result of
149 // GetProcId on a zero or (on Windows) invalid handle.
150 ProcessId GetChildProcessId();
151
152 GeckoProcessType GetProcessType() { return mProcessType; }
153
154 #ifdef XP_MACOSX
155 task_t GetChildTask();
156 #endif
157
158 #ifdef XP_WIN
159
160 void AddHandleToShare(HANDLE aHandle) {
161 mLaunchOptions->handles_to_inherit.push_back(aHandle);
162 }
163 #else
164 void AddFdToRemap(int aSrcFd, int aDstFd) {
165 mLaunchOptions->fds_to_remap.push_back(std::make_pair(aSrcFd, aDstFd));
166 }
167 #endif
168
169 #ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
170 void SetLaunchArchitecture(uint32_t aArch) { mLaunchArch = aArch; }
171 #endif
172
173 // For bug 943174: Skip the EnsureProcessTerminated call in the destructor.
174 void SetAlreadyDead();
175
176 #if defined(MOZ_SANDBOX) && defined(XP_MACOSX)
177 // Start the sandbox from the child process.
178 static bool StartMacSandbox(int aArgc, char** aArgv,
179 std::string& aErrorMessage);
180
181 // The sandbox type that will be use when sandboxing is
182 // enabled in the derived class and FillMacSandboxInfo
183 // has not been overridden.
184 static MacSandboxType GetDefaultMacSandboxType() {
185 return MacSandboxType_Utility;
186 };
187
188 // Must be called before the process is launched. Determines if
189 // child processes will be launched with OS_ACTIVITY_MODE set to
190 // "disabled" or not. When |mDisableOSActivityMode| is set to true,
191 // child processes will be launched with OS_ACTIVITY_MODE
192 // disabled to avoid connection attempts to diagnosticd(8) which are
193 // blocked in child processes due to sandboxing.
194 void DisableOSActivityMode();
195 #endif // defined(MOZ_SANDBOX) && defined(XP_MACOSX)
196 typedef std::function<void(GeckoChildProcessHost*)> GeckoProcessCallback;
197
198 // Iterates over all instances and calls aCallback with each one of them.
199 // This method will lock any addition/removal of new processes
200 // so you need to make sure the callback is as fast as possible.
201 //
202 // To reiterate: the callbacks are executed synchronously.
203 static void GetAll(const GeckoProcessCallback& aCallback);
204
205 friend class BaseProcessLauncher;
206 friend class PosixProcessLauncher;
207 friend class WindowsProcessLauncher;
208
209 protected:
210 virtual ~GeckoChildProcessHost();
211 GeckoProcessType mProcessType;
212 bool mIsFileContent;
213 Monitor mMonitor;
214 FilePath mProcessPath;
215 #ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
216 // Used on platforms where we may launch a child process with a different
217 // architecture than the parent process.
218 uint32_t mLaunchArch = base::PROCESS_ARCH_INVALID;
219 #endif
220 // GeckoChildProcessHost holds the launch options so they can be set
221 // up on the main thread using main-thread-only APIs like prefs, and
222 // then used for the actual launch on another thread. This pointer
223 // is set to null to free the options after the child is launched.
224 UniquePtr<base::LaunchOptions> mLaunchOptions;
225 ScopedPort mInitialPort;
226 nsID mInitialChannelId;
227 RefPtr<NodeController> mNodeController;
228 RefPtr<NodeChannel> mNodeChannel;
229
230 // This value must be accessed while holding mMonitor.
231 enum {
232 // This object has been constructed, but the OS process has not
233 // yet.
234 CREATING_CHANNEL = 0,
235 // The IPC channel for our subprocess has been created, but the OS
236 // process has still not been created.
237 CHANNEL_INITIALIZED,
238 // The OS process has been created, but it hasn't yet connected to
239 // our IPC channel.
240 PROCESS_CREATED,
241 // The process is launched and connected to our IPC channel. All
242 // is well.
243 PROCESS_CONNECTED,
244 PROCESS_ERROR
245 } mProcessState MOZ_GUARDED_BY(mMonitor);
246
247 void PrepareLaunch();
248
249 #ifdef XP_WIN
250 void InitWindowsGroupID();
251 nsString mGroupId;
252 CrashReporter::WindowsErrorReportingData mWerData;
253 # ifdef MOZ_SANDBOX
254 RefPtr<AbstractSandboxBroker> mSandboxBroker;
255 std::vector<std::wstring> mAllowedFilesRead;
256 bool mEnableSandboxLogging;
257 int32_t mSandboxLevel;
258 # endif
259 #endif // XP_WIN
260
261 #if defined(MOZ_SANDBOX)
262 SandboxingKind mSandbox;
263 #endif
264
265 mozilla::RWLock mHandleLock;
266 ProcessHandle mChildProcessHandle MOZ_GUARDED_BY(mHandleLock);
267 #if defined(XP_DARWIN)
268 task_t mChildTask MOZ_GUARDED_BY(mHandleLock);
269 #endif
270 RefPtr<ProcessHandlePromise> mHandlePromise;
271
272 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
273 bool mDisableOSActivityMode;
274 #endif
275
276 bool OpenPrivilegedHandle(base::ProcessId aPid) MOZ_REQUIRES(mHandleLock);
277
278 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
279 // Override this method to return true to launch the child process
280 // using the Mac utility (by default) sandbox. Override
281 // FillMacSandboxInfo() to change the sandbox type and settings.
282 virtual bool IsMacSandboxLaunchEnabled() { return false; }
283
284 // Fill a MacSandboxInfo to configure the sandbox
285 virtual bool FillMacSandboxInfo(MacSandboxInfo& aInfo);
286
287 // Adds the command line arguments needed to enable
288 // sandboxing of the child process at startup before
289 // the child event loop is up.
290 virtual bool AppendMacSandboxParams(StringVector& aArgs);
291 #endif
292
293 private:
294 DISALLOW_EVIL_CONSTRUCTORS(GeckoChildProcessHost);
295
296 // Removes the instance from sGeckoChildProcessHosts
297 void RemoveFromProcessList();
298
299 // Linux-Only. Set this up before we're called from a different thread.
300 nsCString mTmpDirName;
301 // Mac and Windows. Set this up before we're called from a different thread.
302 nsCOMPtr<nsIFile> mProfileDir;
303
304 mozilla::Atomic<bool> mDestroying;
305
306 static uint32_t sNextUniqueID;
307 static StaticAutoPtr<LinkedList<GeckoChildProcessHost>>
308 sGeckoChildProcessHosts MOZ_GUARDED_BY(sMutex);
309 static StaticMutex sMutex;
310 };
311
312 nsCOMPtr<nsIEventTarget> GetIPCLauncher();
313
314 } /* namespace ipc */
315 } /* namespace mozilla */
316
317 #endif /* __IPC_GLUE_GECKOCHILDPROCESSHOST_H__ */