Build GPU channel by creating the viz::Gpu in the video capture utility
service, which is bind to viz::GpuClient of browser process. By this
way, video capture service can setup GPU channel to GPU process on
Android platform to create shared images.
Bug: 40264379
Change-Id: Iae8a573ca04bb25ab9715c65166e981a261264fc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5957728
Commit-Queue: vikas soni <vikassoni@chromium.org>
Reviewed-by: Fred Shih <ffred@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1378303}
Build GPU channel by creating the viz::Gpu in the video capture utility
service, which is bind to viz::GpuClient of browser process. By this
way, video capture service can setup GPU channel to GPU process on
macOS platform to create shared images.
Bug: b:337294218
Change-Id: I8388baa24a7a3cafdfdbce6cea16ec931386adcd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5906709
Reviewed-by: Markus Handell <handellm@google.com>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Ahmed Moussa <ahmedmoussa@google.com>
Reviewed-by: Henrik Boström <hbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1365112}
The canonical bug format is TODO(crbug.com/<id>). TODOs of the
following forms will all be migrated to the new format:
- TODO(crbug.com/<old id>)
- TODO(https://crbug.com/<old id>)
- TODO(crbug/<old id>)
- TODO(crbug/monorail/<old id>)
- TODO(<old id>)
- TODO(issues.chromium.org/<old id>)
- TODO(https://issues.chromium.org/<old id>)
- TODO(https://issues.chromium.org/u/1/issues/<old id>)
- TODO(bugs.chromium.org/<old id>)
Bug id mapping is sourced from go/chrome-on-buganizer-prod-issues.
See go/crbug-todo-migration for details.
#crbug-todo-migration
Bug: b/321899722
Change-Id: Ieeb461e2d489e86fd50b87a2a0721a2be34520c3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5467317
Owners-Override: Alison Gale <agale@chromium.org>
Commit-Queue: Darryl James <dljames@chromium.org>
Commit-Queue: Alison Gale <agale@chromium.org>
Reviewed-by: Darryl James <dljames@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1290198}
This CL removes the PinUser32 helper functionality added to utility
processes as part of this CL:
https://chromium-review.googlesource.com/c/chromium/src/+/4534183
The following CL removes the callers of user32 from FileUtilService,
the only thing that depended on PinUser32:
https://chromium-review.googlesource.com/c/chromium/src/+/5397955
As the function isn't needed anymore, it should be safe to remove the
code. The feature is also incompatible with the WinSboxNoFakeGdiInit
feature, which prevents user32.dll from loading in kService sandbox.
How validated:
Now that browser_tests.exe delayloads similar to chrome.exe, the
following tests actually validate FileUtilService functionality
that used to depend on User32.dll:
DownloadProtectionServiceBrowserTest.MultipartRarInspection
DownloadProtectionServiceBrowserTest.MultipartRarInspectionSecondPart
DownloadProtectionServiceBrowserTest.VerifyRarHash
Bug: 326277735
Change-Id: I1a38dd34243e75103e8696ce6bf9eaf31f425d7d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5408185
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Greg Thompson <grt@chromium.org>
Commit-Queue: Stefan Smolen <ssmole@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#1281902}
This is a reland of commit 96dbfbb77a
bool fields changed to std::optional<> to ensure they are initialized
in all cases. Fixes failures on msan builds.
Original change's description:
> Guard binding viz.mojom.gpu in utilities
>
> Adds WithGpuClient() option and associated passkeys to the service
> process host so that only allowed utilities can access the gpu
> service by directly binding viz.mojom.gpu.
>
> Bug: 328099369
> Change-Id: I6561bd5f2f5ec41241c8fe2582fab83ea37d880a
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5342901
> Reviewed-by: Tom Sepez <tsepez@chromium.org>
> Commit-Queue: Alex Gough <ajgo@chromium.org>
> Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1268729}
Bug: 328099369
Change-Id: I9ed8f30d28ef6b56ff27833a7df651d2599e0722
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5347643
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1269305}
Adds WithGpuClient() option and associated passkeys to the service
process host so that only allowed utilities can access the gpu
service by directly binding viz.mojom.gpu.
Bug: 328099369
Change-Id: I6561bd5f2f5ec41241c8fe2582fab83ea37d880a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5342901
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Dmitry Gozman <dgozman@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1268729}
Build GPU channel by creating the viz::Gpu in the video capture utility
service, which is bind to viz::GpuClient of browser process. By this
way, video capture service can setup GPU channel to GPU process on
ChromeOS platform to create shared images.
Bug: b:314233378
Test: Verified that gpu buffer manager is available in utility process
Change-Id: I6e020b55efe6078fedc7739178f9f6202e4e8adb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5100650
Reviewed-by: Henrik Boström <hbos@chromium.org>
Commit-Queue: Sean Li <seannli@google.com>
Reviewed-by: Bo Liu <boliu@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1238439}
Build GPU channel by creating the viz::Gpu in the video capture utility
service, which is bind to viz::GpuClient of browser process. By this
way, video capture service can setup GPU channel to GPU process on
windows platform to create shared images.
Bug: chromium:1236801
Change-Id: I1773e1c2b93bd35dc7993f39c8561e7002946917
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4619072
Reviewed-by: Ilya Nikolaevskiy <ilnik@chromium.org>
Commit-Queue: Shaobo Yan <shaobo.yan@intel.com>
Reviewed-by: Sunny Sachanandani <sunnyps@chromium.org>
Reviewed-by: Bo Liu <boliu@chromium.org>
Reviewed-by: Henrik Boström <hbos@chromium.org>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1163347}
This CL adds a service process host option to pin user32
prior to lockdown in utility main, and plumbs the option
from the service process host.
Echo service tests are added to exercise the function
in user32 which motivated user32 pinning for services.
As content_browsertests effectively pins user32 anyway
this test always passes, but it will prevent regressions.
Services will migrate to use this API in a following CL.
Bug: 1435571,1408988
Change-Id: Ie36f16987f05cdcf42c70d28afbb04f6678c1e5e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4534183
Reviewed-by: Ken Rockot <rockot@google.com>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1146962}
This is a reland of commit fe96e5d8bd
Now builds correctly for asan.
Additionally, during testing a flaky failure was uncovered where
the mojo service could start before the preloading happened, this
is resolved by moving the preloading code ahead of IO thread
creation in UtilityMain.
Original change's description:
> Allow utilities to preload libraries before sandbox lockdown
>
> Some utilities on Windows wrap dynamic libraries which might be
> distributed as components. Allowing these to load requires punching
> holes in the sandbox using file interceptions that are being phased
> out.
>
> This CL introduces a mechanism for service processes to specify a
> list of dll paths which will be loaded before the sandbox goes into
> lockdown. They can later be loaded by code using the same path, as
> Windows keeps them in memory.
>
> The mechanism uses a new opaque data transfer mechanism in the
> sandbox which will extend to different uses later. For
> now the list of DLLs is the only data transferred so this CL uses
> base::Pickle to serialize & transfer the DLLs to load.
>
> As loading arbitrary DLLs is a powerful capability a passkey is
> added for the new service process host option, and a file containing
> valid callers is added with OWNERS from the sandbox to ensure
> security review.
>
> A following CL will enable this behavior for screen_ai, but at this
> point only tests exercise these APIs
>
> The flow is roughly:
> ---
> In the browser/broker:-
>
> ServiceProcessHost gets a new option:
> .WithPreloadedLibraries
>
> UtilityProcessHost gets a new member:
> preload_libraries_
>
> UtilityProcessHost gives this to the UtilitySandboxedProcessLauncherDelegate
>
> UtilitySandboxedProcessLauncherDelegate turns a list of DLLs into an
> opaque blob and attaches it to the sandbox's TargetPolicy during
> PreSpawnTarget.
>
> The sandbox smuggles this blob into the target (previous CL).
>
> In the child/target:-
>
> The UtilityMain knows it might have a blob, so asks TargetServices.
>
> UtilityMain coordinates with its sandbox delegate, so knows that
> the blob is a pickled list of DLLs.
>
> UtilityMain loads these dlls before sandbox lockdown.
> ---
>
> Bug: 1435571
> Change-Id: Ided63f9d723811b66c183335b5533c84e9783a2a
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4471953
> Reviewed-by: Nasko Oskov <nasko@chromium.org>
> Reviewed-by: Ken Rockot <rockot@google.com>
> Reviewed-by: Will Harris <wfh@chromium.org>
> Commit-Queue: Will Harris <wfh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1137415}
Bug: 1435571
Change-Id: Id0156d4649efd67adc5fe2eadaa73415b9c35503
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4518747
Reviewed-by: Ken Rockot <rockot@google.com>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1143553}
This reverts commit fe96e5d8bd.
Reason for revert: This appears to be the cause of a build failure on win-asan that is closing the tree:
ci.chromium.org/ui/p/chromium/builders/ci/win-asan/26430/overview
Original change's description:
> Allow utilities to preload libraries before sandbox lockdown
>
> Some utilities on Windows wrap dynamic libraries which might be
> distributed as components. Allowing these to load requires punching
> holes in the sandbox using file interceptions that are being phased
> out.
>
> This CL introduces a mechanism for service processes to specify a
> list of dll paths which will be loaded before the sandbox goes into
> lockdown. They can later be loaded by code using the same path, as
> Windows keeps them in memory.
>
> The mechanism uses a new opaque data transfer mechanism in the
> sandbox which will extend to different uses later. For
> now the list of DLLs is the only data transferred so this CL uses
> base::Pickle to serialize & transfer the DLLs to load.
>
> As loading arbitrary DLLs is a powerful capability a passkey is
> added for the new service process host option, and a file containing
> valid callers is added with OWNERS from the sandbox to ensure
> security review.
>
> A following CL will enable this behavior for screen_ai, but at this
> point only tests exercise these APIs
>
> The flow is roughly:
> ---
> In the browser/broker:-
>
> ServiceProcessHost gets a new option:
> .WithPreloadedLibraries
>
> UtilityProcessHost gets a new member:
> preload_libraries_
>
> UtilityProcessHost gives this to the UtilitySandboxedProcessLauncherDelegate
>
> UtilitySandboxedProcessLauncherDelegate turns a list of DLLs into an
> opaque blob and attaches it to the sandbox's TargetPolicy during
> PreSpawnTarget.
>
> The sandbox smuggles this blob into the target (previous CL).
>
> In the child/target:-
>
> The UtilityMain knows it might have a blob, so asks TargetServices.
>
> UtilityMain coordinates with its sandbox delegate, so knows that
> the blob is a pickled list of DLLs.
>
> UtilityMain loads these dlls before sandbox lockdown.
> ---
>
> Bug: 1435571
> Change-Id: Ided63f9d723811b66c183335b5533c84e9783a2a
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4471953
> Reviewed-by: Nasko Oskov <nasko@chromium.org>
> Reviewed-by: Ken Rockot <rockot@google.com>
> Reviewed-by: Will Harris <wfh@chromium.org>
> Commit-Queue: Will Harris <wfh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1137415}
Bug: 1435571
Change-Id: I8b3fd2ae342a173c532da08f1015266cf5d7b64c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4492274
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Michael Wilson <mjwilson@chromium.org>
Commit-Queue: Michael Wilson <mjwilson@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1137435}
Some utilities on Windows wrap dynamic libraries which might be
distributed as components. Allowing these to load requires punching
holes in the sandbox using file interceptions that are being phased
out.
This CL introduces a mechanism for service processes to specify a
list of dll paths which will be loaded before the sandbox goes into
lockdown. They can later be loaded by code using the same path, as
Windows keeps them in memory.
The mechanism uses a new opaque data transfer mechanism in the
sandbox which will extend to different uses later. For
now the list of DLLs is the only data transferred so this CL uses
base::Pickle to serialize & transfer the DLLs to load.
As loading arbitrary DLLs is a powerful capability a passkey is
added for the new service process host option, and a file containing
valid callers is added with OWNERS from the sandbox to ensure
security review.
A following CL will enable this behavior for screen_ai, but at this
point only tests exercise these APIs
The flow is roughly:
---
In the browser/broker:-
ServiceProcessHost gets a new option:
.WithPreloadedLibraries
UtilityProcessHost gets a new member:
preload_libraries_
UtilityProcessHost gives this to the UtilitySandboxedProcessLauncherDelegate
UtilitySandboxedProcessLauncherDelegate turns a list of DLLs into an
opaque blob and attaches it to the sandbox's TargetPolicy during
PreSpawnTarget.
The sandbox smuggles this blob into the target (previous CL).
In the child/target:-
The UtilityMain knows it might have a blob, so asks TargetServices.
UtilityMain coordinates with its sandbox delegate, so knows that
the blob is a pickled list of DLLs.
UtilityMain loads these dlls before sandbox lockdown.
---
Bug: 1435571
Change-Id: Ided63f9d723811b66c183335b5533c84e9783a2a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4471953
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1137415}
Build GPU channel by creating the viz::Gpu in the video capture utility
service, which is bind to viz::GpuClient of browser process. By this
way, video capture service can setup GPU channel to GPU process.
Bug: 1425770
Change-Id: If01c694489f53809efed3cefa591759f4eb23478
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4347663
Reviewed-by: Ilya Nikolaevskiy <ilnik@chromium.org>
Commit-Queue: Ilya Nikolaevskiy <ilnik@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1135084}
This is a reland of commit 2548a5c354
Compared to the original CL, this fixes the use of an uninit variable in
child_process_launcher_helper_posix.cc (region should be initialized to
kWholeFile if passing a file descriptor to the new process).
Original change's description:
> Linux: Fix zygote's use of base::FileDescriptorStore
>
> See crbug.com/1407326. This fixes (2) and adds a test to
> utility_process_host_browsertest.cc to ensure that this works in the
> future, with both the unsandboxed and the generic zygote.
>
> Unfortunately base::FileDescriptorStore still doesn't work on Android,
> so add a bug and a TODO to fix that.
>
> Bug: 692619, 1407326
>
> Change-Id: I83ecbb1ec84b36c55ed954acdbab890cb8f55862
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4166816
> Reviewed-by: Tom Sepez <tsepez@chromium.org>
> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
> Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1095906}
Bug: 692619, 1407326
Change-Id: Iad498b2949f4cc29d683f20cd4711fe2d4403656
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4191378
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1096462}
See crbug.com/1407326. This fixes (2) and adds a test to
utility_process_host_browsertest.cc to ensure that this works in the
future, with both the unsandboxed and the generic zygote.
Unfortunately base::FileDescriptorStore still doesn't work on Android,
so add a bug and a TODO to fix that.
Bug: 692619, 1407326
Change-Id: I83ecbb1ec84b36c55ed954acdbab890cb8f55862
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4166816
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1095906}
Header files that do not contain "RefCounted" and do not contain
scoped_refptr do not need to include base/memory/ref_counted.h. Remove
it and do IWYU to fix the build.
Bug: 242216
Change-Id: Ie70e43b0c926b8ef610419c99f43eea991ac8d81
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4005763
Reviewed-by: Kyle Charbonneau <kylechar@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Owners-Override: Kyle Charbonneau <kylechar@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1067592}
Remove the exceptions for is_chromecast on Fuchsia within the Content
layer, including //media, and Viz. Now that Content is no longer built
as part of the //chromecast:cast_test_lists target on Fuchsia, these
files are no longer reached, and the exceptions can be removed.
Also remove a similar exception in Chrome tests and update a couple TODOs to correctly reference https://crbug.com/1329657.
Bug: 1330636, 1329657
Test: gn check, ninja chromecast:cast_test_lists
Change-Id: If9b037d5b17b31183a2f1546bae817908c03279f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3712362
Reviewed-by: Will Cassella <cassew@chromium.org>
Commit-Queue: David Dorwin <ddorwin@chromium.org>
Reviewed-by: Vasiliy Telezhnikov <vasilyt@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Luke Halliwell <halliwell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1018918}
@QA: This CL is a no-op.
Caused by incorrectly covering base::Thread when using regex
"base::(Time|Thread)(Ticks|Delta)?\b"
This script removed base/time/time.h if:
1) "base::Thread" is present
2) There is no (Time|ThreadTicks|Days|Hours|Minutes|Seconds|
Milliseconds|Microseconds|Nanoseconds|Hertz)
string in the file (no base:: prefix required to skip removal)
Bug: 1026641
Change-Id: I9df5e8beccc74054bf9bfff12320a1d4e0295b62
AX-Relnotes: n/a.
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3563202
Commit-Queue: Gabriel Charette <gab@chromium.org>
Auto-Submit: Gabriel Charette <gab@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Owners-Override: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#988045}
This CL is a no-op.
Only fixing instances where base::Time (and Ticks/Delta) is used in
a statement (i.e. not as a parameter to avoid adding includes in mere
overrides). Skipping pointer and reference qualified instances.
i.e. matches this regex:
'(\n *[^/\n][^/\n][^/\n]*base::(Time|Thread)(Ticks|Delta)?\b[^*&][^)]*;)'
and skipping files that have any existing fwd-decl for any of the
variants.
This is a prereq to remove unused base/task/post_task.h includes in
https://chromium-review.googlesource.com/c/chromium/src/+/3555247
Bug: 1026641
Change-Id: I87b43a8dc92bdceb67f4bd59b327b54813aa72a6
AX-Relnotes: n/a.
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3557354
Commit-Queue: Gabriel Charette <gab@chromium.org>
Auto-Submit: Gabriel Charette <gab@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/main@{#987283}
This deprecated API and associate code are only used as Chromecast. Mark
it as Chromecast-only to reduce build cost on other platforms, and to
make it harder to add new callers.
Bug: 977637
Change-Id: I15260e371938e62fddc598c96d847ee37630e95d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3309879
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/heads/main@{#947087}
sandbox.mojom.Sandbox can now be used as the sandbox type so we
replace it everywhere.
The guts of the change are in //sandbox/policy/sandbox_type.h where
SandboxType is now deleted, and //sandbox/policy/mojom/sandbox.mojom
where sandbox types that are not already used in mojom ServiceSandbox
attributes are added.
Some cascading changes:-
- kService wasn't implemented on Mac (as it is equivalent to kUtility).
As we cannot alias enum fields in mojo like we can in C++ I have added
kService for Mac. The alternative is to define platform specific
ServiceSandbox attributes for all kService interfaces which seems to
put this complexity in the wrong place.
- sandbox_type.h included a number of buildflag headers that other files
then relied on. As sandbox_type.h is no longer needed in many places
and no longer needs these defines, they have been introduced where
required.
- sandbox::mojom::Sandbox is forward declared in a couple of headers
that are widely imported, hopefully reducing the number of times the
mojom.h is included but not used.
- some build deps must be modified.
- LibAssistantService needs a sandbox to be defined even when hosted
in process, so has kNoSandbox now when enable_cros_libassistant is
false.
Bug: 1210301
Change-Id: I13fa4fa8cbbb3090a38806fe5532787bbdf1e2fb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3213677
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Sean Topping <seantopping@chromium.org>
Reviewed-by: Filip Gorski <fgorski@chromium.org>
Reviewed-by: Derek Schuff <dschuff@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Reviewed-by: Tao Wu <wutao@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Reviewed-by: David Dorwin <ddorwin@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#934126}
This replaces DISALLOW_COPY_AND_ASSIGN with explicit constructor deletes
where a local script is able to detect its insertion place (~Foo() is
public => insert before this line).
This is incomplete as not all classes have a public ~Foo() declared, so
not all DISALLOW_COPY_AND_ASSIGN occurrences are replaced.
IWYU cleanup is left as a separate pass that is easier when these macros
go away.
Bug: 1010217
Change-Id: Iea478401b7580682c7b9f195f7af9cbbdb6ce315
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167292
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#923194}
This is a reland of 51c5fcb851
which just removes the unused APIs and omits the the change to
IPC Channel initialization for GPU processes. That change needs
to be investigated further due to subtle breaking side effects
around GpuProcessHost lifetime and/or related events in the
browser.
Original change's description:
> Remove unused legacy IPC APIs from GPU & Utility processes
>
> GPU and Utility processes no longer use any legacy IPCs. This removes
> their process hosts' implementation of IPC::Sender and IPC::Listener
> interfaces, as well as from GpuChildThread.
>
> This also omits initialization of the main legacy IPC Channel for
> GPU processes, as it's no longer used.
>
> Bug: 993189, 1196476
> Change-Id: Ie0e74d09ef1b6bbcd4ebbc2d482dcaebb79481b4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2967049
> Commit-Queue: Ken Rockot <rockot@google.com>
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#893274}
Bug: 993189, 1196476
Change-Id: I3c1fe87ecd7e6e9a8d8ee768af4167571e66c5c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2970603
Reviewed-by: Avi Drissman <avi@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#893591}
This reverts commit 51c5fcb851.
Reason for revert: Mac FYI GPU ASAN Release seems to consistly fails likely caused by low power gpu not used. Try reverting this one since it's the only gpu change in the blamelist
Original change's description:
> Remove unused legacy IPC APIs from GPU & Utility processes
>
> GPU and Utility processes no longer use any legacy IPCs. This removes
> their process hosts' implementation of IPC::Sender and IPC::Listener
> interfaces, as well as from GpuChildThread.
>
> This also omits initialization of the main legacy IPC Channel for
> GPU processes, as it's no longer used.
>
> Bug: 993189, 1196476
> Change-Id: Ie0e74d09ef1b6bbcd4ebbc2d482dcaebb79481b4
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2967049
> Commit-Queue: Ken Rockot <rockot@google.com>
> Reviewed-by: Avi Drissman <avi@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#893274}
Bug: 993189, 1196476, 1221227
Change-Id: Iab2062d99bf6f2c6ce13380709228937e2d32d6f
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2969707
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: Shrek Shao <shrekshao@google.com>
Reviewed-by: Ken Rockot <rockot@google.com>
Owners-Override: Shrek Shao <shrekshao@google.com>
Commit-Queue: Shrek Shao <shrekshao@google.com>
Cr-Commit-Position: refs/heads/master@{#893534}
GPU and Utility processes no longer use any legacy IPCs. This removes
their process hosts' implementation of IPC::Sender and IPC::Listener
interfaces, as well as from GpuChildThread.
This also omits initialization of the main legacy IPC Channel for
GPU processes, as it's no longer used.
Bug: 993189, 1196476
Change-Id: Ie0e74d09ef1b6bbcd4ebbc2d482dcaebb79481b4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2967049
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#893274}
Instead of using "network" as service sandbox type for both cases
of enabled and disabled sandbox, change the service sandbox type
to "none" if the sandbox is disabled, and make the behavior
consistent in both browser and child process conditional on this
type. This is similar to how other sandbox types like Audio
already work.
This means that sandbox policy of the network process can be fully
controlled by the browser rather than having the child process work
out its sandbox configuration dynamically.
This turns out to be needed as the sandbox can be enabled
dynamically based on Feature flags or field trials, whose state
cannot be accurately determined very early in child process
lifetime.
As a result, target services should always be correctly initialized
on Windows when network service sandbox is enabled, preventing
issue 947459 from manifesting when it's engaged in the future.
Fix up some code that was relying on sandbox type for behavior
and change it so that it uses utility subprocess type instead.
BUG=947459,841001
Change-Id: I7d39fd72eeb00f85dbfb4ffa8e46ca68099c978b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2657852
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Will Harris <wfh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#849985}
Originally the sandbox policies lived in //content, but with
servicification this would create unwanted dependencies between
//services and //content. Instead, create a new //sandbox/policy
library to hold the sandbox integration code. This library can depend
on the low-level //sandbox routines, but not nice versa.
Tbr: ajgo@chromium.org (mechanical change rule)
Bug: 1097376
Change-Id: I1ca9ac0015a625197f2d3aae104e8f7aa78dcfd9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2272609
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#786385}
Removes unused kNaClLoader (was PROCESS_TYPE_NACL_LOADER)
from Windows as these are in fact Ppapi (PPAPI) sandbox types.
Removes unused values from SandboxType enum and replaces default cases.
SandboxType is not used for iteration so these boundary values are removed
from the SandboxType enum.
The kInvalid SandboxType is retained as it is used as an error case in
a couple of places. It might be possible to remove this in the future.
This removes default cases from switch statements where it might make
sense to have a notification in future when new sandbox types are added.
In these cases the default case is replaced with all otherwise
unchecked cases, so retaining the existing behavior.
Change-Id: I76ffc8ae617f3f8fa9aa68236551ebcfa4cce32f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1938076
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Reviewed-by: Sergey Ulanov <sergeyu@chromium.org>
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#723425}
This removes all Service Manager dependencies from the Font Service in
favor of direct Mojo interface connection. The browser maintains an
internal API for connecting new pipes to the in-process service
instance.
This requires ChildProcessHostImpl to support the BindHostReceiver()
mojom API for non-renderer child processes, as well as
plumbing it up to UtilityProcessHost and PluginProcessHost. Rather than
generic support through Service Manager with manifest-based filtering,
each process host type explicitly implements its support for binding the
FontService interface when requested by the child process.
This CL also fixes some thread-safety bugs in the existing Font Service
client library code which could cause the client endpoint and/or the
WeakPtrFactory to be destroyed on the wrong sequence. FontServiceThread
has been refactored to make the WeakPtrFactory unnecessary, and the
client endpoint is now always destroyed on the correct sequence.
Finally, this changes font_service_unittests to use an in-process
background service instance rather than using the Service Manager to
spin up a dedicated service executable.
Bug: 977637
Change-Id: I3efdafb06ae2d79e9cb149675e49c29e30d0cad6
Test: for good measure, manually tested PDF rendering
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1756435
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Dominik Röttsches <drott@chromium.org>
Cr-Commit-Position: refs/heads/master@{#687694}
This refactors the Video Capture service and its clients to use the
simpler service model described in
https://docs.google.com/document/d/1M0-K0gi1xXO0f_-YKSH2LFVh4RJY-xe9T9VaGFOSXb0/edit.
The DeviceFactoryProvider interface is renamed to VideoCaptureService
and previous binders for other top-level interfaces (TestingControls and
cros.mojom.CrosImageCapture) have been added to the interface.
Service lifetime is no longer managed by manual ref-count but is instead
automated using new Mojo interface idling bevhaior. The behavior should
effectively mirror the service's behavior before this change. Namely:
- The service stays alive as long as any receivers are bound other
than the main interface pipe (previously DeviceFactoryProvider, now
VideoCaptureService). Once this condition is no longer met, the
service is considered idle.
- On non-Android platforms, when out-of-process Video Capture is
enabled, the service process is killed after 5 seconds of continuous
idling.
- On Android, the service process does not tear itself down ever.
- If out-of-process Video Capture is not enabled, all clients will use
the same shared in-browser instance of the service, which lives
forever.
This also ends up deleting a bunch of tests for the service which
effectively tested behavior that's no longer applicable, like lifetime
behavior built around VideoCaptureService (nee DeviceFactoryProvider)
connection.
Bug: 977637
Change-Id: I96ccf3558be7d173041de0de70251d841dd519f9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1710051
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Miguel Casas <mcasas@chromium.org>
Commit-Queue: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#680168}
This change covers a few useful improvements to ServiceProcessHost.
First, there are no longer actual ServiceProcessHost object
instances for users to retain. Instead, service process lifetime
is tied strictly to the lifetime of the relevant service pipe.
Either the service or the browser side can hang up to elicit
service process teardown.
Second, API surface has been added to allow callers to enumerate
currently running service processes as well as observe service
process lifecycle events globally.
ServiceProcessHost tests are updated to cover the new usage, as
well as to demonstrate recommended usage in conjunction with new
Mojo Remote idle timeout behavior for managing service process
lifetime.
Finally, additional documentation and clarification has been added
to ServiceProcessHost's header.
This is part of the ongoing effort to simplify Chrome services:
https://docs.google.com/document/d/1M0-K0gi1xXO0f_-YKSH2LFVh4RJY-xe9T9VaGFOSXb0/edit
Bug: 977637
Change-Id: If789159df0fcebae5161323a2a323481005c9516
Tbr: dcheng@chromium.org
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1703095
Commit-Queue: Ken Rockot <rockot@google.com>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#678705}
