Open Bug 1883453 Opened 4 months ago Updated 3 months ago

[Gecko iOS] Fixes to BrowserEngineKit content process integration

Categories

(Core :: DOM: Content Processes, enhancement)

Product:
Core
Component:
DOM: Content Processes
Type:
enhancement

Tracking

()

People

(Reporter: nika, Assigned: nika)

References

(Blocks 1 open bug)

Details

Attachments

(3 files, 1 obsolete file)

Bug 1883453 - Part 1: Apply the restricted sandbox in content processes, r=glandium!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1883453 - Part 2: Split out AndroidLog between iOS/Android, r=glandium!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1883453 - Part 4: Only embed GeckoView.framework in the primary browser app, r=glandium!
48 bytes, text/x-phabricator-request
Details | Review
No description provided.

This should enable support for applying apple's restricted content process
sandbox on iOS. So far I have been unable to test this, as the simulator does
not appear to actually impose an effective sandbox on content processes, so it
is unclear if this will work once we get entitlements, and run on a real
device.

Like sandboxing on other platforms, it can be controlled using the
security.sandbox.content.level preference, where a value of '0' will not
sandbox the process, and a non-zero value will.

For now the pref is enabled to enable the sandbox, as it works fine on
simulator.

This avoids the need to pre-process this header while we're doing the initial
landing to mozilla-central. After landing to m-c we can refactor the GeckoView
JS code to make the shared and non-shared modules more explicitly separated.

Depends on D203491

In the initial landing of BrowserEngineKit process launch support, we closed
file descriptors which were inherited by the content process too early during
the launch process, leading to them being closed twice. This ended up only
causing assertion failures on debug builds, which were missed, due to the lack
of automated iOS testing.

This fixes the mistake to bring the behaviour in line with other platforms.

Depends on D203492

It appears that nested App Extensions set their @rpath to include the
Frameworks directory of the embedding application, meaning that we should be
able to share resources between the primary and child processes by not
embedding it multiple times.

This requires some changes to how GREDir is determined in the content process,
as the relative path of GeckoView.framework has changed. This will need to
change further when we start bundling XUL into a framework.

Depends on D203493

Attachment #9389194 - Attachment is obsolete: true

There are some r+ patches which didn't land and no activity in this bug for 2 weeks.
:nika, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit BugBot documentation.

Flags: needinfo?(nika)
Flags: needinfo?(m_kato)

This has landed on cedar, but not in m-c yet.

Flags: needinfo?(nika)
Flags: needinfo?(m_kato)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: