Closed Bug 1788596 Opened 2 years ago Closed 2 years ago

Get rid of UTILITY_AUDIO_DECODING_GENERIC

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Product:
Core
Component:
Security: Process Sandboxing
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
107 Branch
Tracking Flags:
Tracking Status
firefox107 --- fixed

People

(Reporter: gerard-majax, Assigned: gerard-majax)

References

Details

Attachments

(17 files)

Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r?jld!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r?nika!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Use Utility process actor names for crash annotations r?gsvelto!
48 bytes, text/x-phabricator-request
willkg
: data-review+
Details | Review
Bug 1788596 - Remove extra lock() on UtilityProcessChild r?nika!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Remove RecvNewContentRemoteDecoderManager on wrong class r?alwu!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Release UtilityAudioDecoderChild on process shutdown r?alwu!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Use CanSend() instead of boolean r?nika!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Remove Utility AudioDecoder process naming to keep generic name r?alwu!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Release UtilityProcessManager at the right moment r?nika!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Kill audioDecoder_Generic if hanging r?nika!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Assert CleanShutown() of audioDecoder_* actor shuts down fine r?nika!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Release UtilityProcessChild later to allow mShutdownBlockers to act r?nika!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1788596 - Force audio element load to avoid edge case on media error handling r?alwu!
48 bytes, text/x-phabricator-request
Details | Review
0001-Bug-1788596-Release-UtilityProcessManager-at-the-rig.patch (beta uplift)
1.17 KB, text/plain
Details
0002-Bug-1788596-Release-UtilityAudioDecoderChild-on-proc.patch (beta uplift)
5.18 KB, text/plain
Details
0001-Bug-1788596-Release-UtilityProcessManager-at-the-rig.patch (release uplift)
1.17 KB, text/plain
Details
0002-Bug-1788596-Release-UtilityAudioDecoderChild-on-proc.patch (release uplift)
4.66 KB, text/plain
Details

We now have not much justification for keeping a different sandbox UTILITY_AUDIO_DECODING_GENERIC except on Linux where we have to allow a few calls for ffmpeg. We would also need to change how we send telemetry / crash report SandboxingKind and move to sending the actors on the process

Depends on: 1788681
Severity: -- → S3
Priority: -- → P2

Depends on D156286

Depends on D156484

Attachment #9293172 - Attachment description: WIP: Bug 1788596 - Remove extra lock() on UtilityProcessChild → Bug 1788596 - Remove extra lock() on UtilityProcessChild r?nika!
Attachment #9293173 - Attachment description: WIP: Bug 1788596 - Remove RecvNewContentRemoteDecoderManager on wrong class → Bug 1788596 - Remove RecvNewContentRemoteDecoderManager on wrong class r?alwu!
Attachment #9293175 - Attachment description: WIP: Bug 1788596 - Use CanSend() instead of boolean → Bug 1788596 - Use CanSend() instead of boolean r?nika!
Attachment #9293174 - Attachment description: WIP: Bug 1788596 - Force Close() of UtilityAudioDecoderParent → WIP: Bug 1788596 - Release UtilityAudioDecoderChild on process shutdown

Depends on D156847

Attachment #9292805 - Attachment description: WIP: Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy → Bug 1788596 - Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r?jld!
Attachment #9292806 - Attachment description: WIP: Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC → Bug 1788596 - Remove UTILITY_AUDIO_DECODING_GENERIC r?nika!
Attachment #9292807 - Attachment description: WIP: Bug 1788596 - Use Utility process actor names for crash annotations → Bug 1788596 - Use Utility process actor names for crash annotations r?gsvelto!
Attachment #9293174 - Attachment description: WIP: Bug 1788596 - Release UtilityAudioDecoderChild on process shutdown → Bug 1788596 - Release UtilityAudioDecoderChild on process shutdown r?alwu!
Attachment #9293176 - Attachment description: WIP: Bug 1788596 - Remove Utility AudioDecoder process naming to keep generic name → Bug 1788596 - Remove Utility AudioDecoder process naming to keep generic name r?alwu!
Attachment #9293724 - Attachment description: WIP: Bug 1788596 - Release UtilityProcessManager at the right moment → Bug 1788596 - Release UtilityProcessManager at the right moment r?nika!
Attachment #9294912 - Attachment description: WIP: Bug 1788596 - Kill audioDecoder_Generic if hanging → Bug 1788596 - Kill audioDecoder_Generic if hanging r?nika!

Comment on attachment 9292807 [details]
Bug 1788596 - Use Utility process actor names for crash annotations r?gsvelto!

  1. What questions will you answer with this data?

What IPC actors were alive on the process at the time of the crash

  1. Why does Mozilla need to answer these questions? Are there benefits for users? Do we need this information to address product or business requirements? Some example responses:

We need it to help debug

  1. What alternative methods did you consider to answer these questions? Why were they not sufficient?

There is no alternative. We were collecting sandbox identifier, but now this is not relevant and we need to move to IPC actors name

  1. Can current instrumentation answer these questions?

No

  1. List all proposed measurements and indicate the category of data collection for each measurement, using the Firefox data collection categories found on the Mozilla wiki.

Note that the data steward reviewing your request will characterize your data collection based on the highest (and most sensitive) category.

<table>
<tr>
<td>Measurement Description</td>
<td>Data Collection Category</td>
<td>Tracking Bug #</td>
</tr>
<tr>
<td>IPC actors name</td>
<td>1 - Technical data</td>
<td>1788596</td>
</tr>
</table>

  1. Please provide a link to the documentation for this data collection which describes the ultimate data set in a public, complete, and accurate way.

Documentation is in
https://hg.mozilla.org/mozilla-central/file/tip/toolkit/crashreporter/CrashAnnotations.yaml

  1. How long will this data be collected? Choose one of the following:
  • I want to permanently monitor this data. (me)
  1. What populations will you measure?
  • All crahes
  1. If this data collection is default on, what is the opt-out mechanism for users?

No mechanism is required for crash report data.

  1. Please provide a general description of how you will analyze this data.

Crash debugging

  1. Where do you intend to share the results of your analysis?

N/A

  1. Is there a third-party tool (i.e. not Glean or Telemetry) that you are proposing to use for this data collection? If so:

No

Attachment #9292807 - Flags: data-review?(willkg)

Comment on attachment 9292807 [details]
Bug 1788596 - Use Utility process actor names for crash annotations r?gsvelto!

(In reply to Alexandre LISSY :gerard-majax from comment #12)

Comment on attachment 9292807 [details]
Bug 1788596 - Use Utility process actor names for crash annotations r?gsvelto!

DATA COLLECTION REVIEW RESPONSE:

  1. Is there or will there be documentation that describes the schema for the ultimate data set available publicly, complete and accurate?

Yes.

  1. Is there a control mechanism that allows the user to turn the data collection on and off?

Yes.

  1. If the request is for permanent data collection, is there someone who will monitor the data over time?

Yes.

  1. Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Category 1: technical

  1. Is the data collection request for default-on or default-off?

Default-off. (crash report)

  1. Does the instrumentation include the addition of any new identifiers?

No.

  1. Is the data collection covered by the existing Firefox privacy notice?

Yes.

  1. Does there need to be a check-in in the future to determine whether to renew the data?

No.

  1. Does the data collection use a third-party collection tool?

No.

Everything looks good!

Attachment #9292807 - Flags: data-review?(willkg) → data-review+
Attachment #9295810 - Attachment description: WIP: Bug 1788596 - Release UtilityProcessChild later to allow mShutdownBlockers to act → Bug 1788596 - Release UtilityProcessChild later to allow mShutdownBlockers to act r?nika!
Attachment #9294913 - Attachment description: WIP: Bug 1788596 - Assert CleanShutown() of audioDecoder_* actor shuts down fine → Bug 1788596 - Assert CleanShutown() of audioDecoder_* actor shuts down fine r?nika!
Attachment #9296066 - Attachment description: WIP: Bug 1788596 - Force audio element load to avoid edge case on media error handling → Bug 1788596 - Force audio element load to avoid edge case on media error handling r?alwu!
Blocks: 1792636
Regressions: 1793898
Pushed by alissy@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/63ee00ea9be6
Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
https://hg.mozilla.org/integration/autoland/rev/3e7125be66fa
Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
https://hg.mozilla.org/integration/autoland/rev/93f50c2f0b9e
Use Utility process actor names for crash annotations r=gsvelto
https://hg.mozilla.org/integration/autoland/rev/8b27ee4d4168
Remove extra lock() on UtilityProcessChild r=nika
https://hg.mozilla.org/integration/autoland/rev/9040533dabe1
Remove RecvNewContentRemoteDecoderManager on wrong class r=alwu
https://hg.mozilla.org/integration/autoland/rev/4ebb8837ee1a
Release UtilityAudioDecoderChild on process shutdown r=alwu
https://hg.mozilla.org/integration/autoland/rev/2fc674146915
Use CanSend() instead of boolean r=nika
https://hg.mozilla.org/integration/autoland/rev/077fd3a987ca
Remove Utility AudioDecoder process naming to keep generic name r=alwu
https://hg.mozilla.org/integration/autoland/rev/397e6c6587f3
Release UtilityProcessManager at the right moment r=nika
https://hg.mozilla.org/integration/autoland/rev/e9d29218beba
Kill audioDecoder_Generic if hanging r=nika
https://hg.mozilla.org/integration/autoland/rev/1d1d15dbe44c
Release UtilityProcessChild later to allow mShutdownBlockers to act r=nika
https://hg.mozilla.org/integration/autoland/rev/9d4a5c557191
Assert CleanShutown() of audioDecoder_* actor shuts down fine r=nika
https://hg.mozilla.org/integration/autoland/rev/338c18d01cfd
Force audio element load to avoid edge case on media error handling r=alwu

Backed out for causing browser-chrome failures in security/sandbox/test/browser_sandbox_test.js

Backout link: https://hg.mozilla.org/integration/autoland/rev/605cc3e4f2555c8f9473b7fa7c5ffe7e0c4b6ee3

Push with failures

Failure log

Flags: needinfo?(lissyx+mozillians)
Flags: needinfo?(lissyx+mozillians)

(In reply to Sandor Molnar from comment #18)

Backed out for causing browser-chrome failures in security/sandbox/test/browser_sandbox_test.js

Backout link: https://hg.mozilla.org/integration/autoland/rev/605cc3e4f2555c8f9473b7fa7c5ffe7e0c4b6ee3

Push with failures

Failure log

That was just a missing change I forgot on sandbox tests, it should now be addressed.

Pushed by alissy@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3dd59224f38b
Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
https://hg.mozilla.org/integration/autoland/rev/9a87f108548b
Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
https://hg.mozilla.org/integration/autoland/rev/e99c7089bf93
Use Utility process actor names for crash annotations r=gsvelto
https://hg.mozilla.org/integration/autoland/rev/1be7af1214cf
Remove extra lock() on UtilityProcessChild r=nika
https://hg.mozilla.org/integration/autoland/rev/a67c4ea1c8b3
Remove RecvNewContentRemoteDecoderManager on wrong class r=alwu
https://hg.mozilla.org/integration/autoland/rev/61dd9a9eb714
Release UtilityAudioDecoderChild on process shutdown r=alwu
https://hg.mozilla.org/integration/autoland/rev/f87c5fb2c36f
Use CanSend() instead of boolean r=nika
https://hg.mozilla.org/integration/autoland/rev/7e2ad8c47afb
Remove Utility AudioDecoder process naming to keep generic name r=alwu
https://hg.mozilla.org/integration/autoland/rev/d50fd0551159
Release UtilityProcessManager at the right moment r=nika
https://hg.mozilla.org/integration/autoland/rev/2221a97ebe97
Kill audioDecoder_Generic if hanging r=nika
https://hg.mozilla.org/integration/autoland/rev/707e4c9c8801
Release UtilityProcessChild later to allow mShutdownBlockers to act r=nika
https://hg.mozilla.org/integration/autoland/rev/1f64776a859a
Assert CleanShutown() of audioDecoder_* actor shuts down fine r=nika
https://hg.mozilla.org/integration/autoland/rev/620c85305800
Force audio element load to avoid edge case on media error handling r=alwu

Backed out for causing build bustage in toolkit/components/processtools/ProcInfo_common.cpp

Backout link: https://hg.mozilla.org/integration/autoland/rev/596f4e86d30a3ea5f427847d483bcc87c0c0319a

Push with failures

Failure log

ERROR -  /builds/worker/checkouts/gecko/toolkit/components/processtools/ProcInfo_common.cpp:57:1: error: control reaches end of non-void function [-Werror=return-type]
Flags: needinfo?(lissyx+mozillians)
Flags: needinfo?(lissyx+mozillians)
Pushed by alissy@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7cfe28a83389
Merge UtilityAudioDecoderSandboxPolicy into UtilitySandboxPolicy r=jld
https://hg.mozilla.org/integration/autoland/rev/177f31e3f220
Remove UTILITY_AUDIO_DECODING_GENERIC r=nika,media-playback-reviewers,alwu
https://hg.mozilla.org/integration/autoland/rev/2ec48e535022
Use Utility process actor names for crash annotations r=gsvelto
https://hg.mozilla.org/integration/autoland/rev/cf889ed1b472
Remove extra lock() on UtilityProcessChild r=nika
https://hg.mozilla.org/integration/autoland/rev/9957bea79dfc
Remove RecvNewContentRemoteDecoderManager on wrong class r=alwu
https://hg.mozilla.org/integration/autoland/rev/d8445c606d16
Release UtilityAudioDecoderChild on process shutdown r=alwu
https://hg.mozilla.org/integration/autoland/rev/1e0846e3f250
Use CanSend() instead of boolean r=nika
https://hg.mozilla.org/integration/autoland/rev/9196c8e260ef
Remove Utility AudioDecoder process naming to keep generic name r=alwu
https://hg.mozilla.org/integration/autoland/rev/bd09c870984f
Release UtilityProcessManager at the right moment r=nika
https://hg.mozilla.org/integration/autoland/rev/d45c5110187f
Kill audioDecoder_Generic if hanging r=nika
https://hg.mozilla.org/integration/autoland/rev/46d63e86fcfb
Release UtilityProcessChild later to allow mShutdownBlockers to act r=nika
https://hg.mozilla.org/integration/autoland/rev/d40e8b5496eb
Assert CleanShutown() of audioDecoder_* actor shuts down fine r=nika
https://hg.mozilla.org/integration/autoland/rev/83f35e186dd9
Force audio element load to avoid edge case on media error handling r=alwu
Regressions: 1794461
Regressions: 1794539
Blocks: 1795888
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: