ipc/glue/GeckoChildProcessHost.h

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 #ifndef __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
   6 #define __IPC_GLUE_GECKOCHILDPROCESSHOST_H__
   7
   8 #include "base/file_path.h"
   9 #include "base/process_util.h"
  10 #include "base/waitable_event.h"
  11 #include "chrome/common/child_process_host.h"
  12
  13 #include "mozilla/DebugOnly.h"
  14 #include "mozilla/ipc/FileDescriptor.h"
  15 #include "mozilla/Monitor.h"
  16 #include "mozilla/StaticPtr.h"
  17
  18 #include "nsCOMPtr.h"
  19 #include "nsXULAppAPI.h"        // for GeckoProcessType
  20 #include "nsString.h"
  21
  22 #if defined(XP_WIN) && defined(MOZ_SANDBOX)
  23 #include "sandboxBroker.h"
  24 #endif
  25
  26 class nsIFile;
  27
  28 namespace mozilla {
  29 namespace ipc {
  30
  31 class GeckoChildProcessHost : public ChildProcessHost
  32 {
  33 protected:
  34   typedef mozilla::Monitor Monitor;
  35   typedef std::vector<std::string> StringVector;
  36
  37 public:
  38   typedef base::ChildPrivileges ChildPrivileges;
  39   typedef base::ProcessHandle ProcessHandle;
  40
  41   static ChildPrivileges DefaultChildPrivileges();
  42
  43   explicit GeckoChildProcessHost(GeckoProcessType aProcessType,
  44                                  ChildPrivileges aPrivileges=base::PRIVILEGES_DEFAULT);
  45
  46   ~GeckoChildProcessHost();
  47
  48   static nsresult GetArchitecturesForBinary(const char *path, uint32_t *result);
  49
  50   static uint32_t GetSupportedArchitecturesForProcessType(GeckoProcessType type);
  51
  52   // Block until the IPC channel for our subprocess is initialized,
  53   // but no longer.  The child process may or may not have been
  54   // created when this method returns.
  55   bool AsyncLaunch(StringVector aExtraOpts=StringVector(),
  56                    base::ProcessArchitecture arch=base::GetCurrentProcessArchitecture());
  57
  58   virtual bool WaitUntilConnected(int32_t aTimeoutMs = 0);
  59
  60   // Block until the IPC channel for our subprocess is initialized and
  61   // the OS process is created.  The subprocess may or may not have
  62   // connected back to us when this method returns.
  63   //
  64   // NB: on POSIX, this method is relatively cheap, and doesn't
  65   // require disk IO.  On win32 however, it requires at least the
  66   // analogue of stat().  This difference induces a semantic
  67   // difference in this method: on POSIX, when we return, we know the
  68   // subprocess has been created, but we don't know whether its
  69   // executable image can be loaded.  On win32, we do know that when
  70   // we return.  But we don't know if dynamic linking succeeded on
  71   // either platform.
  72   bool LaunchAndWaitForProcessHandle(StringVector aExtraOpts=StringVector());
  73
  74   // Block until the child process has been created and it connects to
  75   // the IPC channel, meaning it's fully initialized.  (Or until an
  76   // error occurs.)
  77   bool SyncLaunch(StringVector aExtraOpts=StringVector(),
  78                   int32_t timeoutMs=0,
  79                   base::ProcessArchitecture arch=base::GetCurrentProcessArchitecture());
  80
  81   virtual bool PerformAsyncLaunch(StringVector aExtraOpts=StringVector(),
  82                                   base::ProcessArchitecture aArch=base::GetCurrentProcessArchitecture());
  83
  84   virtual void OnChannelConnected(int32_t peer_pid);
  85   virtual void OnMessageReceived(const IPC::Message& aMsg);
  86   virtual void OnChannelError();
  87   virtual void GetQueuedMessages(std::queue<IPC::Message>& queue);
  88
  89   virtual void InitializeChannel();
  90
  91   virtual bool CanShutdown() { return true; }
  92
  93   virtual void OnWaitableEventSignaled(base::WaitableEvent *event);
  94
  95   IPC::Channel* GetChannel() {
  96     return channelp();
  97   }
  98
  99   base::WaitableEvent* GetShutDownEvent() {
 100     return GetProcessEvent();
 101   }
 102
 103   // Returns a "borrowed" handle to the child process - the handle returned
 104   // by this function must not be closed by the caller.
 105   ProcessHandle GetChildProcessHandle() {
 106     return mChildProcessHandle;
 107   }
 108
 109   // Returns an "owned" handle to the child process - the handle returned
 110   // by this function must be closed by the caller.
 111   ProcessHandle GetOwnedChildProcessHandle() {
 112     ProcessHandle handle;
 113     // We use OpenPrivilegedProcessHandle as that is where our
 114     // mChildProcessHandle initially came from.
 115     bool ok = base::OpenPrivilegedProcessHandle(base::GetProcId(mChildProcessHandle),
 116                                                 &handle);
 117     NS_ASSERTION(ok, "Failed to get owned process handle");
 118     return ok ? handle : 0;
 119   }
 120
 121   GeckoProcessType GetProcessType() {
 122     return mProcessType;
 123   }
 124
 125 #ifdef XP_MACOSX
 126   task_t GetChildTask() {
 127     return mChildTask;
 128   }
 129 #endif
 130
 131   /**
 132    * Must run on the IO thread.  Cause the OS process to exit and
 133    * ensure its OS resources are cleaned up.
 134    */
 135   void Join();
 136
 137   // For bug 943174: Skip the EnsureProcessTerminated call in the destructor.
 138   void SetAlreadyDead();
 139
 140 protected:
 141   GeckoProcessType mProcessType;
 142   ChildPrivileges mPrivileges;
 143   Monitor mMonitor;
 144   FilePath mProcessPath;
 145
 146   // This value must be accessed while holding mMonitor.
 147   enum {
 148     // This object has been constructed, but the OS process has not
 149     // yet.
 150     CREATING_CHANNEL = 0,
 151     // The IPC channel for our subprocess has been created, but the OS
 152     // process has still not been created.
 153     CHANNEL_INITIALIZED,
 154     // The OS process has been created, but it hasn't yet connected to
 155     // our IPC channel.
 156     PROCESS_CREATED,
 157     // The process is launched and connected to our IPC channel.  All
 158     // is well.
 159     PROCESS_CONNECTED,
 160     PROCESS_ERROR
 161   } mProcessState;
 162
 163   static int32_t mChildCounter;
 164
 165   void PrepareLaunch();
 166
 167 #ifdef XP_WIN
 168   void InitWindowsGroupID();
 169   nsString mGroupId;
 170
 171 #ifdef MOZ_SANDBOX
 172   SandboxBroker mSandboxBroker;
 173   std::vector<std::wstring> mAllowedFilesRead;
 174   bool mEnableSandboxLogging;
 175
 176   // XXX: Bug 1124167: We should get rid of the process specific logic for
 177   // sandboxing in this class at some point. Unfortunately it will take a bit
 178   // of reorganizing so I don't think this patch is the right time.
 179   bool mEnableNPAPISandbox;
 180 #if defined(MOZ_CONTENT_SANDBOX)
 181   bool mMoreStrictContentSandbox;
 182 #endif
 183 #endif
 184 #endif // XP_WIN
 185
 186 #if defined(OS_POSIX)
 187   base::file_handle_mapping_vector mFileMap;
 188 #endif
 189
 190   base::WaitableEventWatcher::Delegate* mDelegate;
 191
 192   ProcessHandle mChildProcessHandle;
 193 #if defined(OS_MACOSX)
 194   task_t mChildTask;
 195 #endif
 196
 197   void OpenPrivilegedHandle(base::ProcessId aPid);
 198
 199 private:
 200   DISALLOW_EVIL_CONSTRUCTORS(GeckoChildProcessHost);
 201
 202   // Does the actual work for AsyncLaunch, on the IO thread.
 203   bool PerformAsyncLaunchInternal(std::vector<std::string>& aExtraOpts,
 204                                   base::ProcessArchitecture arch);
 205
 206   bool RunPerformAsyncLaunch(StringVector aExtraOpts=StringVector(),
 207                              base::ProcessArchitecture aArch=base::GetCurrentProcessArchitecture());
 208
 209   static void GetPathToBinary(FilePath& exePath);
 210
 211   // In between launching the subprocess and handing off its IPC
 212   // channel, there's a small window of time in which *we* might still
 213   // be the channel listener, and receive messages.  That's bad
 214   // because we have no idea what to do with those messages.  So queue
 215   // them here until we hand off the eventual listener.
 216   //
 217   // FIXME/cjones: this strongly indicates bad design.  Shame on us.
 218   std::queue<IPC::Message> mQueue;
 219 };
 220
 221 #ifdef MOZ_NUWA_PROCESS
 222 class GeckoExistingProcessHost MOZ_FINAL : public GeckoChildProcessHost
 223 {
 224 public:
 225   GeckoExistingProcessHost(GeckoProcessType aProcessType,
 226                            base::ProcessHandle aProcess,
 227                            const FileDescriptor& aFileDescriptor,
 228                            ChildPrivileges aPrivileges=base::PRIVILEGES_DEFAULT);
 229
 230   ~GeckoExistingProcessHost();
 231
 232   virtual bool PerformAsyncLaunch(StringVector aExtraOpts=StringVector(),
 233           base::ProcessArchitecture aArch=base::GetCurrentProcessArchitecture()) MOZ_OVERRIDE;
 234
 235   virtual void InitializeChannel() MOZ_OVERRIDE;
 236
 237 private:
 238   base::ProcessHandle mExistingProcessHandle;
 239   mozilla::ipc::FileDescriptor mExistingFileDescriptor;
 240 };
 241 #endif /* MOZ_NUWA_PROCESS */
 242
 243 } /* namespace ipc */
 244 } /* namespace mozilla */
 245
 246 #endif /* __IPC_GLUE_GECKOCHILDPROCESSHOST_H__ */