New issue
Advanced search Search tips

Issue 764840 link

Starred by 3 users
Status: Fixed
Owner:
xhw...@chromium.org
Closed: Oct 2017
Cc:
jrumm...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 2
Type: Bug

Blocking:
issue 403462



Sign in to add a comment

Preload CDMs in the zygote process on Linux

Project Member Reported by xhw...@chromium.org, Sep 13 2017 
Today on Linux, to support loading pepper plugins in the PPAPI process (forked off the zygote process), all registered pepper plugins, including the CDM adapter, are preloaded in the zygote process before the sandbox is sealed. 

As we are switching from pepper CDM to mojo CDM, and given we will not use the pepper CDM adapter (the plugin), we should preload all CDMs registered in the CdmRegistry in the zygote process to achieve the same result.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 12 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1213d18447982bca833d6adb1a5e0a29c3713e62

commit 1213d18447982bca833d6adb1a5e0a29c3713e62
Author: Xiaohan Wang <xhwang@chromium.org>
Date: Thu Oct 12 19:47:26 2017

media: Run CDM service in utility process with CDM sandbox

- In cdm_manifest.json, register the CDM service to run with "cdm"
  sandbox type.
- The "cdm" sandbox type has different meanings on different platforms.
  * Linux: see bpf_cdm_policy_linux.cc
  * Mac: see cdm.sb
  * Windows: sandbox initialization is delayed; same as ppapi process.
- This is how CDM loading works on each platform:
  * On Linux, preload all registered CDMs in the zygote process, similar
    to how all registered pepper plugins are preloaded. This would allow
    access to the CDMs in the utility process (forked from the zygote).
  * On Mac, updates media_service.mojom to pass an interface to get a
    sandbox seatbelt extension token from the browser process. This
    token can be used to allow to read the CDM within the Mac sandbox.
    On the browser side, the mojom::SeatbeltExtensionTokenProvider is
    implemented by SeatbeltExtensionTokenProviderImpl to provide the
    token we call LoadCdm() in MediaInterfaceProxy. The token will only
    be created the first time we connect to the service.
  * On Windows, the sandbox initialization is delayed for the "cdm"
    sandbox type. After the CDM is loaded, the process will be sandboxed
    immediately. This is the same as how the CDM is loaded with ppapi
    sandbox today.
- Add EnsureSandboxed() on MojoMediaClient interface to ensure we
  initialize the sandbox on Windows.

BUG=510604, 764840 
TEST=Tested on Linux, Windows and Mac. All browser_tests passes.

Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Change-Id: I24260e435175bd57257fd377eec7226b1b782552
Reviewed-on: https://chromium-review.googlesource.com/667930
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: John Rummell <jrummell@chromium.org>
Reviewed-by: Will Harris <wfh@chromium.org>
Commit-Queue: Xiaohan Wang <xhwang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#508388}
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/content/browser/browser_main_loop.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/content/browser/frame_host/render_frame_host_impl.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/content/browser/media/media_interface_proxy.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/content/browser/zygote_host/zygote_communication_linux.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/content/utility/utility_main.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/content/utility/utility_service_factory.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/content/zygote/zygote_main_linux.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/DEPS
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/interfaces/BUILD.gn
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/interfaces/media_service.mojom
[add] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/interfaces/media_service_mac.mojom
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/services/BUILD.gn
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/services/cdm_manifest.json
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/services/media_service.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/services/media_service.h
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/services/media_service_unittest.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/services/mojo_media_client.cc
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/media/mojo/services/mojo_media_client.h
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/services/service_manager/sandbox/mac/BUILD.gn
[add] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/services/service_manager/sandbox/mac/cdm.sb
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/services/service_manager/sandbox/mac/sandbox_mac.h
[modify] https://crrev.com/1213d18447982bca833d6adb1a5e0a29c3713e62/services/service_manager/sandbox/mac/sandbox_mac.mm

Comment 2 by xhw...@chromium.org, Oct 12 2017

Status: Fixed (was: Started)

Sign in to add a comment