Merge mozilla-central and fx-team
authorEd Morley <emorley@mozilla.com>
Tue, 22 Jul 2014 17:32:03 +0100
changeset 195531 0fadd5050d678b523bfd37c29f9914479b69b5d8
parent 195494 e5ced39f443bacc221ac4bd41f465bcc746aeb04 (current diff)
parent 195530 8a4691f767ea2c85302ffd65c5b5230ab6521d85 (diff)
child 195532 0b862f5df15213d51c1ce7e5ffe0f80b1b18bfbe
push id27185
push userkwierso@gmail.com
push dateWed, 23 Jul 2014 01:05:43 +0000
treeherdermozilla-central@5683746bac22 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
milestone34.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Merge mozilla-central and fx-team
--- a/content/base/public/nsIMessageManager.idl
+++ b/content/base/public/nsIMessageManager.idl
@@ -120,37 +120,39 @@ interface nsIPrincipal;
  * ====================================================
  *
  * The second realm of message managers is the "process message
  * managers".  With one exception, these always correspond to process
  * boundaries.  The picture looks like
  *
  *  Parent process                      Child processes
  * ----------------                    -----------------
- *  global PPMM
+ *  global (GPPMM)
  *   |
- *   +<----> child PPMM
+ *   +-->parent in-process PIPMM<-->child in-process CIPPMM
  *   |
- *   +-->parent PMM1<------------------>child process CMM1
+ *   +-->parent (PPMM1)<------------------>child (CPMM1)
  *   |
- *   +-->parent PMM2<------------------>child process PMM2
+ *   +-->parent (PPMM2)<------------------>child (CPMM2)
  *   ...
  *
- * For example: the parent-process PMM1 sends messages directly to
- * only the child-process CMM1.
+ * Note, PIPMM and CIPPMM both run in the parent process.
  *
- * For example: CMM1 sends messages directly to PMM1.  The global PPMM
+ * For example: the parent-process PPMM1 sends messages to the
+ * child-process CPMM1.
+ *
+ * For example: CPMM1 sends messages directly to PPMM1. The global GPPMM
  * will also notify their message listeners when the message arrives.
  *
- * For example: messages sent through the global PPMM will be
- * dispatched to the listeners of the same-process, "child PPMM".
- * They will also be broadcast to PPM1, PPM2, etc.
+ * For example: messages sent through the global GPPMM will be
+ * dispatched to the listeners of the same-process, CIPPMM, CPMM1,
+ * CPMM2, etc.
  *
  *   ***** PERFORMANCE AND SECURITY WARNING *****
- * Messages broadcast through the global PPMM can result in messages
+ * Messages broadcast through the GPPMM can result in messages
  * being dispatched across many OS processes, and to many processes
  * with different permissions.  Great care should be taken when
  * broadcasting.
  *
  * Requests sent to parent-process message listeners should usually
  * have replies scoped to the requesting CPMM.  The following pattern
  * is common
  *
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -17,16 +17,17 @@
 #include "mozilla/dom/TabChild.h"
 #include "mozilla/EventStateManager.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/Services.h"
 #include "mozilla/StartupTimeline.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/unused.h"
 #include "mozilla/VisualEventTracer.h"
+#include "URIUtils.h"
 
 #ifdef MOZ_LOGGING
 // so we can get logging even in release builds (but only for some things)
 #define FORCE_PR_LOG 1
 #endif
 
 #include "nsIContent.h"
 #include "nsIContentInlines.h"
@@ -4554,26 +4555,34 @@ nsDocShell::DisplayLoadError(nsresult aE
             }
         }
         if (!messageStr.IsEmpty()) {
             if (errorClass == nsINSSErrorsService::ERROR_CLASS_BAD_CERT) {
                 error.AssignLiteral("nssBadCert");
 
                 // if this is a Strict-Transport-Security host and the cert
                 // is bad, don't allow overrides (STS Spec section 7.3).
-                nsCOMPtr<nsISiteSecurityService> sss =
-                          do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
-                NS_ENSURE_SUCCESS(rv, rv);
-                uint32_t flags =
-                  mInPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
-                
+                uint32_t type = nsISiteSecurityService::HEADER_HSTS;
+                uint32_t flags = mInPrivateBrowsing
+                                 ? nsISocketProvider::NO_PERMANENT_STORAGE
+                                 : 0;
                 bool isStsHost = false;
-                rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS,
-                                      aURI, flags, &isStsHost);
-                NS_ENSURE_SUCCESS(rv, rv);
+                if (XRE_GetProcessType() == GeckoProcessType_Default) {
+                  nsCOMPtr<nsISiteSecurityService> sss =
+                            do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
+                  NS_ENSURE_SUCCESS(rv, rv);
+                  rv = sss->IsSecureURI(type, aURI, flags, &isStsHost);
+                  NS_ENSURE_SUCCESS(rv, rv);
+                } else {
+                  mozilla::dom::ContentChild* cc =
+                    mozilla::dom::ContentChild::GetSingleton();
+                  mozilla::ipc::URIParams uri;
+                  SerializeURI(aURI, uri);
+                  cc->SendIsSecureURI(type, uri, flags, &isStsHost);
+                }
 
                 uint32_t bucketId;
                 if (isStsHost) {
                   cssClass.AssignLiteral("badStsCert");
                   //measuring STS separately allows us to measure click through
                   //rates easily
                   bucketId = nsISecurityUITelemetry::WARNING_BAD_CERT_TOP_STS;
                 } else {
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -93,16 +93,17 @@
 #include "nsIMemoryInfoDumper.h"
 #include "nsIMemoryReporter.h"
 #include "nsIMozBrowserFrame.h"
 #include "nsIMutable.h"
 #include "nsIObserverService.h"
 #include "nsIPresShell.h"
 #include "nsIRemoteBlob.h"
 #include "nsIScriptError.h"
+#include "nsISiteSecurityService.h"
 #include "nsIStyleSheet.h"
 #include "nsISupportsPrimitives.h"
 #include "nsIURIFixup.h"
 #include "nsIWindowWatcher.h"
 #include "nsIXULRuntime.h"
 #include "nsMemoryInfoDumper.h"
 #include "nsMemoryReporterManager.h"
 #include "nsServiceManagerUtils.h"
@@ -3234,16 +3235,33 @@ ContentParent::RecvGetSystemMemory(const
     memoryTotal = mozilla::hal::GetTotalSystemMemoryLevel();
 #endif
 
     unused << SendSystemMemoryAvailable(aGetterId, memoryTotal);
 
     return true;
 }
 
+bool
+ContentParent::RecvIsSecureURI(const uint32_t& type,
+                               const URIParams& uri,
+                               const uint32_t& flags,
+                               bool* isSecureURI)
+{
+    nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
+    if (!sss) {
+        return false;
+    }
+    nsCOMPtr<nsIURI> ourURI = DeserializeURI(uri);
+    if (!ourURI) {
+        return false;
+    }
+    nsresult rv = sss->IsSecureURI(type, ourURI, flags, isSecureURI);
+    return NS_SUCCEEDED(rv);
+}
 
 bool
 ContentParent::RecvLoadURIExternal(const URIParams& uri)
 {
     nsCOMPtr<nsIExternalProtocolService> extProtService(do_GetService(NS_EXTERNALPROTOCOLSERVICE_CONTRACTID));
     if (!extProtService) {
         return true;
     }
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@@ -417,16 +417,19 @@ private:
     virtual PBlobParent* AllocPBlobParent(const BlobConstructorParams& aParams) MOZ_OVERRIDE;
     virtual bool DeallocPBlobParent(PBlobParent*) MOZ_OVERRIDE;
 
     virtual bool DeallocPCrashReporterParent(PCrashReporterParent* crashreporter) MOZ_OVERRIDE;
 
     virtual bool RecvGetRandomValues(const uint32_t& length,
                                      InfallibleTArray<uint8_t>* randomValues) MOZ_OVERRIDE;
 
+    virtual bool RecvIsSecureURI(const uint32_t& type, const URIParams& uri,
+                                 const uint32_t& flags, bool* isSecureURI);
+
     virtual bool DeallocPHalParent(PHalParent*) MOZ_OVERRIDE;
 
     virtual bool DeallocPIndexedDBParent(PIndexedDBParent* aActor) MOZ_OVERRIDE;
 
     virtual PMemoryReportRequestParent*
     AllocPMemoryReportRequestParent(const uint32_t& aGeneration,
                                     const bool &aAnonymize,
                                     const bool &aMinimizeMemoryUsage,
--- a/dom/ipc/PContent.ipdl
+++ b/dom/ipc/PContent.ipdl
@@ -473,16 +473,19 @@ parent:
 
     sync PCrashReporter(NativeThreadId tid, uint32_t processType);
 
     sync GetRandomValues(uint32_t length)
         returns (uint8_t[] randomValues);
 
     async GetSystemMemory(uint64_t getterId);
 
+    sync IsSecureURI(uint32_t type, URIParams uri, uint32_t flags)
+        returns (bool isSecureURI);
+
     PHal();
 
     PIndexedDB();
 
     PNecko();
 
     sync PScreenManager()
         returns (uint32_t numberOfScreens,
--- a/mobile/android/base/db/SearchHistoryProvider.java
+++ b/mobile/android/base/db/SearchHistoryProvider.java
@@ -1,14 +1,15 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko.db;
 
+import org.mozilla.gecko.db.BrowserContract;
 import org.mozilla.gecko.db.BrowserContract.SearchHistory;
 
 import android.content.ContentUris;
 import android.content.ContentValues;
 import android.database.Cursor;
 import android.database.SQLException;
 import android.database.sqlite.SQLiteDatabase;
 import android.net.Uri;
@@ -105,20 +106,21 @@ public class SearchHistoryProvider exten
     public int updateInTransaction(Uri uri, ContentValues values, String selection,
             String[] selectionArgs) {
         throw new UnsupportedOperationException("This content provider does not support updating items");
     }
 
     @Override
     public Cursor query(Uri uri, String[] projection, String selection,
             String[] selectionArgs, String sortOrder) {
-        String groupBy = null;
-        String having = null;
+        final String groupBy = null;
+        final String having = null;
+        final String limit = uri.getQueryParameter(BrowserContract.PARAM_LIMIT);
         final Cursor cursor = getReadableDatabase(uri).query(SearchHistory.TABLE_NAME, projection,
-                selection, selectionArgs, groupBy, having, sortOrder);
+                selection, selectionArgs, groupBy, having, sortOrder, limit);
         cursor.setNotificationUri(getContext().getContentResolver(), uri);
         return cursor;
     }
 
     @Override
     public String getType(Uri uri) {
         return SearchHistory.CONTENT_TYPE;
     }
--- a/mobile/android/base/tests/testSearchHistoryProvider.java
+++ b/mobile/android/base/tests/testSearchHistoryProvider.java
@@ -8,21 +8,23 @@ import java.util.concurrent.Callable;
 
 import org.mozilla.gecko.db.BrowserContract;
 import org.mozilla.gecko.db.BrowserContract.SearchHistory;
 import org.mozilla.gecko.db.SearchHistoryProvider;
 
 import android.content.ContentProvider;
 import android.content.ContentValues;
 import android.database.Cursor;
+import android.net.Uri;
 
 public class testSearchHistoryProvider extends ContentProviderTest {
 
     // Translations of "United Kingdom" in several different languages
-    private static final String[] testStrings = {"An Ríocht Aontaithe", // Irish
+    private static final String[] testStrings = {
+            "An Ríocht Aontaithe", // Irish
             "Angli", // Albanian
             "Britanniarum Regnum", // Latin
             "Britio", // Esperanto
             "Büyük Britanya", // Turkish
             "Egyesült Királyság", // Hungarian
             "Erresuma Batua", // Basque
             "Inggris Raya", // Indonesian
             "Ir-Renju Unit", // Maltese
@@ -90,16 +92,17 @@ public class testSearchHistoryProvider e
             };
 
     @Override
     public void setUp() throws Exception {
         super.setUp(sProviderFactory, BrowserContract.SEARCH_HISTORY_AUTHORITY, DB_NAME);
         mTests.add(new TestInsert());
         mTests.add(new TestUnicodeQuery());
         mTests.add(new TestTimestamp());
+        mTests.add(new TestLimit());
         mTests.add(new TestDelete());
         mTests.add(new TestIncrement());
     }
 
     public void testSearchHistory() throws Exception {
         for (Runnable test : mTests) {
             String testName = test.getClass().getSimpleName();
             setTestName(testName);
@@ -107,16 +110,90 @@ public class testSearchHistoryProvider e
                     "testBrowserProvider: Database empty - Starting " + testName + ".");
             // Clear the db
             mProvider.delete(SearchHistory.CONTENT_URI, null, null);
             test.run();
         }
     }
 
     /**
+     * Verify that we can pass a LIMIT clause using a query parameter.
+     */
+    private class TestLimit extends TestCase {
+        @Override
+        public void test() throws Exception {
+            ContentValues cv;
+            for (int i = 0; i < testStrings.length; i++) {
+                cv = new ContentValues();
+                cv.put(SearchHistory.QUERY, testStrings[i]);
+                mProvider.insert(SearchHistory.CONTENT_URI, cv);
+            }
+
+            final int limit = 5;
+
+            // Test 1: Handle proper input.
+
+            Uri uri = SearchHistory.CONTENT_URI
+                                   .buildUpon()
+                                   .appendQueryParameter(BrowserContract.PARAM_LIMIT, String.valueOf(limit))
+                                   .build();
+
+            Cursor c = mProvider.query(uri, null, null, null, null);
+            try {
+                mAsserter.is(c.getCount(), limit,
+                             String.format("Should have %d results", limit));
+            } finally {
+                c.close();
+            }
+
+            // Test 2: Empty input yields all results.
+
+            uri = SearchHistory.CONTENT_URI
+                                   .buildUpon()
+                                   .appendQueryParameter(BrowserContract.PARAM_LIMIT, "")
+                                   .build();
+
+            c = mProvider.query(uri, null, null, null, null);
+            try {
+                mAsserter.is(c.getCount(), testStrings.length, "Should have all results");
+            } finally {
+                c.close();
+            }
+
+            // Test 3: Illegal params.
+
+            String[] illegalParams = new String[] {"a", "-1"};
+            boolean success = true;
+
+            for (String param : illegalParams) {
+                success = true;
+
+                uri = SearchHistory.CONTENT_URI
+                                   .buildUpon()
+                                   .appendQueryParameter(BrowserContract.PARAM_LIMIT, param)
+                                   .build();
+
+                try {
+                    c = mProvider.query(uri, null, null, null, null);
+                    success = false;
+                } catch(IllegalArgumentException e) {
+                    // noop.
+                } finally {
+                    if (c != null) {
+                        c.close();
+                    }
+                }
+
+                mAsserter.ok(success, "LIMIT", param + " should have been an invalid argument");
+            }
+
+        }
+    }
+
+    /**
      * Verify that we can insert values into the DB, including unicode.
      */
     private class TestInsert extends TestCase {
         @Override
         public void test() throws Exception {
             ContentValues cv;
             for (int i = 0; i < testStrings.length; i++) {
                 cv = new ContentValues();
--- a/security/manager/boot/src/nsSiteSecurityService.cpp
+++ b/security/manager/boot/src/nsSiteSecurityService.cpp
@@ -15,16 +15,17 @@
 #include "nsNetUtil.h"
 #include "nsThreadUtils.h"
 #include "nsString.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsISocketProvider.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/LinkedList.h"
 #include "nsSecurityHeaderParser.h"
+#include "nsXULAppAPI.h"
 
 // A note about the preload list:
 // When a site specifically disables sts by sending a header with
 // 'max-age: 0', we keep a "knockout" value that means "we have no information
 // regarding the sts state of this host" (any ancestor of "this host" can still
 // influence its sts status via include subdomains, however).
 // This prevents the preload list from overriding the site's current
 // desired sts status. Knockout values are indicated by permission values of
@@ -82,16 +83,21 @@ nsSiteSecurityService::~nsSiteSecuritySe
 
 NS_IMPL_ISUPPORTS(nsSiteSecurityService,
                   nsIObserver,
                   nsISiteSecurityService)
 
 nsresult
 nsSiteSecurityService::Init()
 {
+   // Child processes are not allowed direct access to this.
+   if (XRE_GetProcessType() != GeckoProcessType_Default) {
+     MOZ_CRASH("Child process: no direct access to nsSiteSecurityService");
+   }
+
    nsresult rv;
 
    mPermMgr = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);
    NS_ENSURE_SUCCESS(rv, rv);
 
    mUsePreloadList = mozilla::Preferences::GetBool("network.stricttransportsecurity.preloadlist", true);
    mozilla::Preferences::AddStrongObserver(this, "network.stricttransportsecurity.preloadlist");
    mObserverService = mozilla::services::GetObserverService();