author Jed Davis <>
Wed, 27 Feb 2019 20:14:54 +0000
changeset 519405 493b443954fe15f7b542ba14671f25e5f8531dff
parent 505862 140bc054964e43cce17d3011b82eca847425642b
child 528218 7f7f40328e31e35e21ec587ddc5320688f5e8469
permissions -rw-r--r--
Bug 1506291 - Add Linux sandboxing for the RDD (media decoder) process. r=gcp,mjf,flod The seccomp-bpf policy is currently just the "common" policy with no additions (but with the fixes in bug 1511560 to enable shared memory creation). The file broker policy allows shared memory creation and nothing else. The namespace setup is the same as for GMP (i.e., as restrictive as we currently can be). The sandbox can be turned off for troubleshooting by setting the environment variable MOZ_DISABLE_RDD_SANDBOX, similarly to the other process types. Tested against with the necessary prefs set. Depends on D20895 Differential Revision:

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at *

#ifndef MOZILLA_A11Y_ProxyAccessibleWrap_h
#define MOZILLA_A11Y_ProxyAccessibleWrap_h

#include "AccessibleWrap.h"
#include "DocAccessibleParent.h"

namespace mozilla {
namespace a11y {

 * A wrapper for Accessible proxies. The public methods here should be overriden
 * from AccessibleWrap or its super classes.
 * This gives us an abstraction layer so SessionAccessibility doesn't have
 * to distinguish between a local or remote accessibles.
 * NOTE: This shouldn't be regarded as a full Accessible implementation.
class ProxyAccessibleWrap : public AccessibleWrap {
  explicit ProxyAccessibleWrap(ProxyAccessible* aProxy);

  virtual void Shutdown() override;

  // Accessible

  virtual already_AddRefed<nsIPersistentProperties> Attributes() override;

  virtual uint32_t ChildCount() const override;

  virtual Accessible* GetChildAt(uint32_t aIndex) const override;

  virtual ENameValueFlag Name(nsString& aName) const override;

  virtual void Value(nsString& aValue) const override;

  virtual uint64_t State() override;

  virtual nsIntRect Bounds() const override;

  virtual void ScrollTo(uint32_t aHow) const override;

  virtual uint8_t ActionCount() const override;

  virtual bool DoAction(uint8_t aIndex) const override;

  // AccessibleWrap

  virtual void SetTextContents(const nsAString& aText) override;

  virtual void GetTextContents(nsAString& aText) override;

  virtual bool GetSelectionBounds(int32_t* aStartOffset,
                                  int32_t* aEndOffset) override;

  virtual void WrapperDOMNodeID(nsString& aDOMNodeID) override;

  virtual role WrapperRole() override;

  virtual AccessibleWrap* WrapperParent() override;

  virtual bool WrapperRangeInfo(double* aCurVal, double* aMinVal,
                                double* aMaxVal, double* aStep) override;

class DocProxyAccessibleWrap : public ProxyAccessibleWrap {
  explicit DocProxyAccessibleWrap(DocAccessibleParent* aProxy)
      : ProxyAccessibleWrap(aProxy) {
    mGenericTypes |= eDocument;

    if (auto parent = ParentDocument()) {
      mID = AcquireID();
      parent->AddID(mID, this);
    } else {
      // top level
      mID = kNoID;

  virtual void Shutdown() override {
    if (mID) {
      auto parent = ParentDocument();
      if (parent) {
        MOZ_ASSERT(mID != kNoID, "A non root accessible always has a parent");
    mID = 0;
    mBits.proxy = nullptr;
    mStateFlags |= eIsDefunct;

  DocProxyAccessibleWrap* ParentDocument() {
    DocAccessibleParent* proxy = static_cast<DocAccessibleParent*>(Proxy());
    if (DocAccessibleParent* parent = proxy->ParentDoc()) {
      return reinterpret_cast<DocProxyAccessibleWrap*>(parent->GetWrapper());

    return nullptr;

  DocProxyAccessibleWrap* GetChildDocumentAt(uint32_t aIndex) {
    auto doc = Proxy()->AsDoc();
    if (doc && doc->ChildDocCount() > aIndex) {
      return reinterpret_cast<DocProxyAccessibleWrap*>(

    return nullptr;

  void AddID(uint32_t aID, AccessibleWrap* aAcc) {
    mIDToAccessibleMap.Put(aID, aAcc);
  void RemoveID(uint32_t aID) { mIDToAccessibleMap.Remove(aID); }
  AccessibleWrap* GetAccessibleByID(uint32_t aID) const {
    return mIDToAccessibleMap.Get(aID);

   * This provides a mapping from 32 bit id to accessible objects.
  nsDataHashtable<nsUint32HashKey, AccessibleWrap*> mIDToAccessibleMap;
}  // namespace a11y
}  // namespace mozilla