search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
no bug - Bumping Firefox l10n changesets r=release a=l10n-bump DONTBUILD CLOSED TREE
[gecko.git] / ipc / glue / GeckoChildProcessHost.h
blob61c986c5a2a2f717fbab90924f0eca102cd6e52e
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #ifndef __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
8 #define __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
9
10 #include "base/file_path.h"
11 #include "base/process_util.h"
12 #include "base/waitable_event.h"
13 #include "chrome/common/ipc_message.h"
14 #include "mojo/core/ports/port_ref.h"
15
16 #include "mozilla/ipc/Endpoint.h"
17 #include "mozilla/ipc/FileDescriptor.h"
18 #include "mozilla/ipc/NodeChannel.h"
19 #include "mozilla/ipc/LaunchError.h"
20 #include "mozilla/ipc/ScopedPort.h"
21 #include "mozilla/Atomics.h"
22 #include "mozilla/Buffer.h"
23 #include "mozilla/LinkedList.h"
24 #include "mozilla/Monitor.h"
25 #include "mozilla/MozPromise.h"
26 #include "mozilla/RWLock.h"
27 #include "mozilla/StaticMutex.h"
28 #include "mozilla/StaticPtr.h"
29 #include "mozilla/UniquePtr.h"
30
31 #include "nsCOMPtr.h"
32 #include "nsExceptionHandler.h"
33 #include "nsXULAppAPI.h" // for GeckoProcessType
34 #include "nsString.h"
35
36 #if defined(XP_IOS)
37 # include "mozilla/ipc/ExtensionKitUtils.h"
38 #endif
39
40 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
41 # include "sandboxBroker.h"
42 #endif
43
44 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
45 # include "mozilla/Sandbox.h"
46 #endif
47
48 #if defined(MOZ_SANDBOX)
49 # include "mozilla/ipc/UtilityProcessSandboxing.h"
50 #endif
51
52 #if (defined(XP_WIN) && defined(_ARM64_)) || \
53 (defined(XP_MACOSX) && defined(__aarch64__))
54 # define ALLOW_GECKO_CHILD_PROCESS_ARCH
55 #endif
56
57 struct _MacSandboxInfo;
58 typedef _MacSandboxInfo MacSandboxInfo;
59
60 namespace mozilla {
61 namespace ipc {
62
63 typedef mozilla::MozPromise<base::ProcessHandle, LaunchError, false>
64 ProcessHandlePromise;
65
66 class GeckoChildProcessHost : public SupportsWeakPtr,
67 public LinkedListElement<GeckoChildProcessHost> {
68 protected:
69 typedef mozilla::Monitor Monitor;
70 typedef std::vector<std::string> StringVector;
71
72 public:
73 using ProcessId = base::ProcessId;
74 using ProcessHandle = base::ProcessHandle;
75
76 explicit GeckoChildProcessHost(GeckoProcessType aProcessType,
77 bool aIsFileContent = false);
78
79 // Causes the object to be deleted, on the I/O thread, after any
80 // pending asynchronous work (like launching) is complete. This
81 // method can be called from any thread. If called from the I/O
82 // thread itself, deletion won't happen until the event loop spins;
83 // otherwise, it could happen immediately.
84 //
85 // GeckoChildProcessHost instances must not be deleted except
86 // through this method.
87 void Destroy();
88
89 static uint32_t GetUniqueID();
90
91 // Call this before launching to set an environment variable for the
92 // child process. The arguments must be UTF-8.
93 void SetEnv(const char* aKey, const char* aValue);
94
95 // Does not block. The IPC channel may not be initialized yet, and
96 // the child process may or may not have been created when this
97 // method returns.
98 bool AsyncLaunch(StringVector aExtraOpts = StringVector());
99
100 virtual bool WaitUntilConnected(int32_t aTimeoutMs = 0);
101
102 // Block until the IPC channel for our subprocess is initialized and
103 // the OS process is created. The subprocess may or may not have
104 // connected back to us when this method returns.
105 //
106 // NB: on POSIX, this method is relatively cheap, and doesn't
107 // require disk IO. On win32 however, it requires at least the
108 // analogue of stat(). This difference induces a semantic
109 // difference in this method: on POSIX, when we return, we know the
110 // subprocess has been created, but we don't know whether its
111 // executable image can be loaded. On win32, we do know that when
112 // we return. But we don't know if dynamic linking succeeded on
113 // either platform.
114 bool LaunchAndWaitForProcessHandle(StringVector aExtraOpts = StringVector());
115 bool WaitForProcessHandle();
116
117 // Block until the child process has been created and it connects to
118 // the IPC channel, meaning it's fully initialized. (Or until an
119 // error occurs.)
120 bool SyncLaunch(StringVector aExtraOpts = StringVector(),
121 int32_t timeoutMs = 0);
122
123 virtual void OnChannelConnected(base::ProcessId peer_pid);
124
125 // Resolves to the process handle when it's available (see
126 // LaunchAndWaitForProcessHandle); use with AsyncLaunch.
127 RefPtr<ProcessHandlePromise> WhenProcessHandleReady();
128
129 void InitializeChannel(IPC::Channel::ChannelHandle&& aServerHandle);
130
131 virtual bool CanShutdown() { return true; }
132
133 UntypedEndpoint TakeInitialEndpoint() {
134 return UntypedEndpoint{PrivateIPDLInterface{}, std::move(mInitialPort),
135 mInitialChannelId, base::GetCurrentProcId(),
136 GetChildProcessId()};
137 }
138
139 // Returns a "borrowed" handle to the child process - the handle returned
140 // by this function must not be closed by the caller. The handle is also
141 // not guaranteed to remain valid; if the caller is using it for anything
142 // more than logging or asserting non-null, it will need to deal with
143 // synchronization.
144 //
145 // Warning: the null value here is 0, not kInvalidProcessHandle.
146 ProcessHandle GetChildProcessHandle();
147
148 // Returns the child's process ID; as for GetChildProcessHandle, there is
149 // no inherent guarantee that it will remain valid or continue to
150 // reference the same process.
151 //
152 // The null value here is also 0; this matches the result of
153 // GetProcId on a zero or (on Windows) invalid handle.
154 ProcessId GetChildProcessId();
155
156 GeckoProcessType GetProcessType() { return mProcessType; }
157
158 #ifdef XP_DARWIN
159 task_t GetChildTask();
160 #endif
161
162 #ifdef XP_WIN
163
164 void AddHandleToShare(HANDLE aHandle) {
165 mLaunchOptions->handles_to_inherit.push_back(aHandle);
166 }
167 #else
168 void AddFdToRemap(int aSrcFd, int aDstFd) {
169 mLaunchOptions->fds_to_remap.push_back(std::make_pair(aSrcFd, aDstFd));
170 }
171 #endif
172
173 #ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
174 void SetLaunchArchitecture(uint32_t aArch) { mLaunchArch = aArch; }
175 #endif
176
177 // For bug 943174: Skip the EnsureProcessTerminated call in the destructor.
178 void SetAlreadyDead();
179
180 #if defined(MOZ_SANDBOX) && defined(XP_MACOSX)
181 // Start the sandbox from the child process.
182 static bool StartMacSandbox(int aArgc, char** aArgv,
183 std::string& aErrorMessage);
184
185 // The sandbox type that will be use when sandboxing is
186 // enabled in the derived class and FillMacSandboxInfo
187 // has not been overridden.
188 static MacSandboxType GetDefaultMacSandboxType() {
189 return MacSandboxType_Utility;
190 };
191
192 // Must be called before the process is launched. Determines if
193 // child processes will be launched with OS_ACTIVITY_MODE set to
194 // "disabled" or not. When |mDisableOSActivityMode| is set to true,
195 // child processes will be launched with OS_ACTIVITY_MODE
196 // disabled to avoid connection attempts to diagnosticd(8) which are
197 // blocked in child processes due to sandboxing.
198 void DisableOSActivityMode();
199 #endif // defined(MOZ_SANDBOX) && defined(XP_MACOSX)
200 typedef std::function<void(GeckoChildProcessHost*)> GeckoProcessCallback;
201
202 // Iterates over all instances and calls aCallback with each one of them.
203 // This method will lock any addition/removal of new processes
204 // so you need to make sure the callback is as fast as possible.
205 //
206 // To reiterate: the callbacks are executed synchronously.
207 static void GetAll(const GeckoProcessCallback& aCallback);
208
209 friend class BaseProcessLauncher;
210 friend class PosixProcessLauncher;
211 friend class WindowsProcessLauncher;
212
213 protected:
214 virtual ~GeckoChildProcessHost();
215 GeckoProcessType mProcessType;
216 bool mIsFileContent;
217 Monitor mMonitor;
218 FilePath mProcessPath;
219 #ifdef ALLOW_GECKO_CHILD_PROCESS_ARCH
220 // Used on platforms where we may launch a child process with a different
221 // architecture than the parent process.
222 uint32_t mLaunchArch = base::PROCESS_ARCH_INVALID;
223 #endif
224 // GeckoChildProcessHost holds the launch options so they can be set
225 // up on the main thread using main-thread-only APIs like prefs, and
226 // then used for the actual launch on another thread. This pointer
227 // is set to null to free the options after the child is launched.
228 UniquePtr<base::LaunchOptions> mLaunchOptions;
229 ScopedPort mInitialPort;
230 nsID mInitialChannelId;
231 RefPtr<NodeController> mNodeController;
232 RefPtr<NodeChannel> mNodeChannel;
233
234 // This value must be accessed while holding mMonitor.
235 enum {
236 // This object has been constructed, but the OS process has not
237 // yet.
238 CREATING_CHANNEL = 0,
239 // The IPC channel for our subprocess has been created, but the OS
240 // process has still not been created.
241 CHANNEL_INITIALIZED,
242 // The OS process has been created, but it hasn't yet connected to
243 // our IPC channel.
244 PROCESS_CREATED,
245 // The process is launched and connected to our IPC channel. All
246 // is well.
247 PROCESS_CONNECTED,
248 PROCESS_ERROR
249 } mProcessState MOZ_GUARDED_BY(mMonitor);
250
251 void PrepareLaunch();
252
253 #ifdef XP_WIN
254 void InitWindowsGroupID();
255 nsString mGroupId;
256 # ifdef MOZ_SANDBOX
257 RefPtr<AbstractSandboxBroker> mSandboxBroker;
258 std::vector<std::wstring> mAllowedFilesRead;
259 bool mEnableSandboxLogging;
260 int32_t mSandboxLevel;
261 # endif
262 #endif // XP_WIN
263
264 #if defined(MOZ_SANDBOX)
265 SandboxingKind mSandbox;
266 #endif
267
268 mozilla::RWLock mHandleLock;
269 ProcessHandle mChildProcessHandle MOZ_GUARDED_BY(mHandleLock);
270 #if defined(XP_DARWIN)
271 task_t mChildTask MOZ_GUARDED_BY(mHandleLock);
272 #endif
273 #if defined(MOZ_WIDGET_UIKIT)
274 Maybe<ExtensionKitProcess> mExtensionKitProcess MOZ_GUARDED_BY(mHandleLock);
275 DarwinObjectPtr<xpc_connection_t> mXPCConnection MOZ_GUARDED_BY(mHandleLock);
276 UniqueBEProcessCapabilityGrant mForegroundCapabilityGrant
277 MOZ_GUARDED_BY(mHandleLock);
278 #endif
279 RefPtr<ProcessHandlePromise> mHandlePromise;
280
281 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
282 bool mDisableOSActivityMode;
283 #endif
284
285 bool OpenPrivilegedHandle(base::ProcessId aPid) MOZ_REQUIRES(mHandleLock);
286
287 #if defined(XP_MACOSX) && defined(MOZ_SANDBOX)
288 // Override this method to return true to launch the child process
289 // using the Mac utility (by default) sandbox. Override
290 // FillMacSandboxInfo() to change the sandbox type and settings.
291 virtual bool IsMacSandboxLaunchEnabled() { return false; }
292
293 // Fill a MacSandboxInfo to configure the sandbox
294 virtual bool FillMacSandboxInfo(MacSandboxInfo& aInfo);
295
296 // Adds the command line arguments needed to enable
297 // sandboxing of the child process at startup before
298 // the child event loop is up.
299 virtual bool AppendMacSandboxParams(StringVector& aArgs);
300 #endif
301
302 private:
303 DISALLOW_EVIL_CONSTRUCTORS(GeckoChildProcessHost);
304
305 // Removes the instance from sGeckoChildProcessHosts
306 void RemoveFromProcessList();
307
308 // Linux-Only. Set this up before we're called from a different thread.
309 nsCString mTmpDirName;
310 // Mac and Windows. Set this up before we're called from a different thread.
311 nsCOMPtr<nsIFile> mProfileDir;
312
313 mozilla::Atomic<bool> mDestroying;
314
315 static uint32_t sNextUniqueID;
316 static StaticAutoPtr<LinkedList<GeckoChildProcessHost>>
317 sGeckoChildProcessHosts MOZ_GUARDED_BY(sMutex);
318 static StaticMutex sMutex;
319 };
320
321 nsCOMPtr<nsIEventTarget> GetIPCLauncher();
322
323 } /* namespace ipc */
324 } /* namespace mozilla */
325
326 #endif /* __IPC_GLUE_GECKOCHILDPROCESSHOST_H__ */