This patch must be a no-op with all the common build flags.
Add the "DanglingUntriaged" raw_ptr annotation. It indicates a
raw_ptr becomes dangling, and it should be triaged/fixed.
This annotates the one firing during content_browsertests.
Multiple follow-up will complete the list, up until being able to
enable dangling pointer detection on a bot.
Stats:
- 175 DanglingUntriaged in code
- 69 DanglingUntriaged in tests
Bug=1291138
Change-Id: I00771bd46403f90297aa5b972fdd1ddc23b18e07
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3687960
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Bartek Nowierski <bartekn@chromium.org>
Owners-Override: Bartek Nowierski <bartekn@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1013525}
After CL2738156 landed, the risk of non-existing
MojoBinderPolicyApplier was fixed, and we do not receive new crash
reports anymore.
So we can close this issue https://crbug.com/1174506 and clean up
these CHECKs that were added for debugging purpose.
Bug: 1174506
Change-Id: I29d541d3ceb4e5396d0e74f683a3c5d1b9a60997
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780760
Commit-Queue: Lingqi Chi <lingqi@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#866061}
RenderFrameHostImpl
After https://chromium-review.googlesource.com/c/chromium/src/+/2689551,
RenderFrameHostImpl(RFHI) can access the correct prerendering state in
its constructor. So RFHI can decide whether to enable Mojo capability
control here according to the prerendering state.
This CL sets MojoBinderPolicyApplier in RFHI::ctor. It brings the
following benefits:
1. In prerendering pages, we can ensure that
BrowserInterfaceBrokerImpl(BIB) receives interface binders after
RFHI sets MojoBinderPolicyApplier, i.e., Mojo capability control is
enabled before BIB receives the first binding request.
2. It unifies the logic of setting MojoBinderPolicyApplier; RFHI sets it
in three different methods before this CL.
3. It guarantees every RenderFrameHostImpl in the prerendering frame
tree enables Mojo capability control. Before this CL, activating the
prerendering page could happen before RFHI::CommitNavigation(), which
fails `CHECK(policy_applier_);` in ReleaseMojoBinderPolicies().
Bug: 1132752, 1160611
Change-Id: Ie1bb0366fc01d3018ad7e6b52cff31152d000f78
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2738156
Commit-Queue: Lingqi Chi <lingqi@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#861494}
This CL adds two test cases to check for same-site and cross-site
navigation inside Prerendering browsing context before activation.
We validate that the PrerenderHost will continue to be keyed on
initial prerendered URL and the web contents will point to the
navigated URL on activation.
BUG=1179165
Change-Id: Ia98ea425c4fde566353e9da39fa64a43c7cfbbcc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2699644
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Commit-Queue: Sreeja Kamishetty <sreejakshetty@chromium.org>
Cr-Commit-Position: refs/heads/master@{#855704}
For some unknown reason, MojoBinderPolicyApplier instances may not exist
when the prerendered page is activated.
This CL changes DCHECK to CHECK to collect more detailed information for
investigation.
Bug: 1174506
Change-Id: Ic42faca60bea04ec86df784e7c25ab2bd4d39265
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2675787
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Commit-Queue: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#850988}
This CL introduces method IsPrerendered2Enabled() to
third_party/blink/public/common/features.h to make it easy to
query if kPrerender2 feature is enabled or not.
This would replace
base::FeatureList::IsEnabled(blink::features::kPrerender2)
-> blink::features::IsPrerender2Enabled()
BUG=1126305
Change-Id: I94778d363f5598dd34ae27fc95888031eb4f19b0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2642807
Commit-Queue: Sreeja Kamishetty <sreejakshetty@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#848166}
Prerender2 wants to defer running some interface binders so as to
control the capability of renderer processes in prerendering pages.
This CL creates MojoBinderPolicyApplier and adds it to
BrowserInterfaceBrokerImpl of prerendering frames to make it.
Bug: 1132752
Change-Id: I0777620c68eb0435611ab96e27bc3e56c4936029
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2629067
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Lingqi Chi <lingqi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#845087}
Some new features, such as prerendering, need to defer some binding
interface requests or stop the renderer when an unexpected mojo pipe is
requested to set up.
This CL introduces MojoBinderPolicyApplier that manages binding requests
and integrates it with BrowserInterfaceBroker.
Regarding the MojoBinderPolicyApplier, it should be initialized with a
predefined policy map. It decide the actions the applier takes when
handling incoming requests. Based on the predefined policies and the
current state, a MojoBinderPolicyApplier instance may take the following
actions:
1. Bind the given interface immediately. (kGrant or
`ResolveDeferredBinders` has been invoked)
2. Delay binding the interface until `ResolveDeferredBinders` is called.
(kDefer)
3. Call the cancelling closure. (kCancel)
4. Stop the renderer and collect some metrics for analysis. (kUnexpected)
Bug: 1132752
Change-Id: Ifdc2f0b27d2f4613274fe5c6e44ddb056a199509
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2513960
Commit-Queue: Lingqi Chi <lingqi@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#828609}
This change modifies BrowserInterfaceBrokerImpl::GetInterface() to
trigger a bad message error on its host's receiver.
Browser test added to verify the behaviour.
Empty binders added for interfaces requested by blink but
not bound by content (will mostly be called in tests).
Bug: 1047680
Change-Id: I242cb11fff56666b6b6bd29e49c2180954aa1227
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2062696
Reviewed-by: calamity <calamity@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Oksana Zhuravlova <oksamyt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#747877}
This change adds BrowserInterfaceBroker support for binders with context
(in this case shared and dedicated workers), as well as plumbing for
shared and dedicated workers.
It also converts FileSystemManager client in blink to use
BrowserInterfaceBroker for all contexts (should be safe because shared
workers don't use this interface).
DedicatedWorkerHost now has its own header since it is used by
browser_interface_binders.cc
Bug: 985112
Change-Id: If412b07948a0ae7831ec109ae876b0b62ffc1125
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1721936
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Robert Flack <flackr@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Oksana Zhuravlova <oksamyt@chromium.org>
Cr-Commit-Position: refs/heads/master@{#685422}
This CL adds the mojom interface that the renderer will use to get
interfaces from the browser, as well as its implementation, functions
for registering interface handlers and all the necessary plumbing.
This CL also converts AudioContext to use BrowserInterfaceBroker.
Bug: 718652
Change-Id: I6b24bc802ca482feac1d8ae5fff7e5bf44215fa4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1688547
Commit-Queue: Oksana Zhuravlova <oksamyt@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hongchan Choi <hongchan@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Scott Violet <sky@chromium.org>
Cr-Commit-Position: refs/heads/master@{#681341}
