| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Firefox/modules/libpref/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 201 kB |
|
Quelle Preferences.cppSprache: C |
|||||||||||||||
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ // Documentation for libpref is in modules/libpref/docs/index.rst. #include <ctype.h> #include <stdlib.h> #include <string.h> #include "SharedPrefMap.h" #include "base/basictypes.h" #include "MainThreadUtils.h" #include "mozilla/AppShutdown.h" #include "mozilla/ArenaAllocatorExtensions.h" #include "mozilla/ArenaAllocator.h" #include "mozilla/ArrayUtils.h" #include "mozilla/Attributes.h" #include "mozilla/Components.h" #include "mozilla/dom/PContent.h" #include "mozilla/dom/Promise.h" #include "mozilla/dom/RemoteType.h" #include "mozilla/glean/LibprefMetrics.h" #include "mozilla/HashFunctions.h" #include "mozilla/HashTable.h" #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/MemoryReporting.h" #include "mozilla/Omnijar.h" #include "mozilla/Preferences.h" #include "mozilla/ProfilerLabels.h" #include "mozilla/ProfilerMarkers.h" #include "mozilla/ResultExtensions.h" #include "mozilla/SchedulerGroup.h" #include "mozilla/ScopeExit.h" #include "mozilla/ServoStyleSet.h" #include "mozilla/SpinEventLoopUntil.h" #include "mozilla/StaticMutex.h" #include "mozilla/StaticPrefsAll.h" #include "mozilla/StaticPtr.h" #include "mozilla/SyncRunnable.h" #include "mozilla/Try.h" #include "mozilla/UniquePtrExtensions.h" #include "mozilla/URLPreloader.h" #include "mozilla/Variant.h" #include "mozilla/Vector.h" #include "nsAppDirectoryServiceDefs.h" #include "nsCategoryManagerUtils.h" #include "nsClassHashtable.h" #include "nsCOMArray.h" #include "nsCOMPtr.h" #include "nsComponentManagerUtils.h" #include "nsContentUtils.h" #include "nsCRT.h" #include "nsTHashMap.h" #include "nsDirectoryServiceDefs.h" #include "nsIConsoleService.h" #include "nsIFile.h" #include "nsIMemoryReporter.h" #include "nsIObserver.h" #include "nsIObserverService.h" #include "nsIOutputStream.h" #include "nsIPrefBranch.h" #include "nsIPrefLocalizedString.h" #include "nsIRelativeFilePref.h" #include "nsISafeOutputStream.h" #include "nsISimpleEnumerator.h" #include "nsIStringBundle.h" #include "nsISupportsImpl.h" #include "nsISupportsPrimitives.h" #include "nsIZipReader.h" #include "nsNetUtil.h" #include "nsPrintfCString.h" #include "nsProxyRelease.h" #include "nsReadableUtils.h" #include "nsRefPtrHashtable.h" #include "nsRelativeFilePref.h" #include "nsString.h" #include "nsTArray.h" #include "nsThreadUtils.h" #include "nsUTF8Utils.h" #include "nsWeakReference.h" #include "nsXPCOMCID.h" #include "nsXPCOM.h" #include "nsXULAppAPI.h" #include "nsZipArchive.h" #include "plbase64.h" #include "PLDHashTable.h" #include "prdtoa.h" #include "prlink.h" #include "xpcpublic.h" #include "js/RootingAPI.h" #ifdef MOZ_BACKGROUNDTASKS # include "mozilla/BackgroundTasks.h" #endif #ifdef DEBUG # include <map> #endif #ifdef MOZ_MEMORY # include "mozmemory.h" #endif #ifdef XP_WIN # include "windows.h" #endif #if defined(MOZ_WIDGET_GTK) # include "mozilla/WidgetUtilsGtk.h" #endif // defined(MOZ_WIDGET_GTK) #ifdef MOZ_WIDGET_COCOA # include "ChannelPrefsUtil.h" #endif using namespace mozilla; using dom::Promise; using ipc::FileDescriptor; #ifdef DEBUG # define ENSURE_PARENT_PROCESS(func, pref) \ do { \ if (MOZ_UNLIKELY(!XRE_IsParentProcess())) { \ nsPrintfCString msg( \ "ENSURE_PARENT_PROCESS: called %s on %s in a non-parent process", \ func, pref); \ NS_ERROR(msg.get()); \ return NS_ERROR_NOT_AVAILABLE; \ } \ } while (0) #else // DEBUG # define ENSURE_PARENT_PROCESS(func, pref) \ if (MOZ_UNLIKELY(!XRE_IsParentProcess())) { \ return NS_ERROR_NOT_AVAILABLE; \ } #endif // DEBUG // Forward declarations. namespace mozilla::StaticPrefs { static void InitAll(); static void StartObservingAlwaysPrefs(); static void InitOncePrefs(); static void InitStaticPrefsFromShared(); static void RegisterOncePrefs(SharedPrefMapBuilder& aBuilder); static void ShutdownAlwaysPrefs(); } // namespace mozilla::StaticPrefs //=========================================================================== // Low-level types and operations //=========================================================================== typedef nsTArray<nsCString> PrefSaveData; // 1 MB should be enough for everyone. static const uint32_t MAX_PREF_LENGTH = 1 * 1024 * 1024; // Actually, 4kb should be enough for everyone. static const uint32_t MAX_ADVISABLE_PREF_LENGTH = 4 * 1024; // This is used for pref names and string pref values. We encode the string // length, then a '/', then the string chars. This encoding means there are no // special chars that are forbidden or require escaping. static void SerializeAndAppendString(const nsCString& aChars, nsCString& aStr) aStr.AppendInt(uint64_t(aChars.Length())); aStr.Append('/'); aStr.Append(aChars); } static char* DeserializeString(char* aChars, nsCString& aStr) { char* p = aChars; uint32_t length = strtol(p, &p, 10); MOZ_ASSERT(p[0] == '/'); p++; // move past the '/' aStr.Assign(p, length); p += length; // move past the string itself return p; } // Keep this in sync with PrefValue in parser/src/lib.rs. union PrefValue { // PrefValues within Pref objects own their chars. PrefValues passed around // as arguments don't own their chars. const char* mStringVal; int32_t mIntVal; bool mBoolVal; PrefValue() = default; explicit PrefValue(bool aVal) : mBoolVal(aVal) {} explicit PrefValue(int32_t aVal) : mIntVal(aVal) {} explicit PrefValue(const char* aVal) : mStringVal(aVal) {} bool Equals(PrefType aType, PrefValue aValue) { switch (aType) { case PrefType::String: { if (mStringVal && aValue.mStringVal) { return strcmp(mStringVal, aValue.mStringVal) == 0; } if (!mStringVal && !aValue.mStringVal) { return true; } return false; } case PrefType::Int: return mIntVal == aValue.mIntVal; case PrefType::Bool: return mBoolVal == aValue.mBoolVal; default: MOZ_CRASH("Unhandled enum value"); } } template <typename T> T Get() const; void Init(PrefType aNewType, PrefValue aNewValue) { if (aNewType == PrefType::String) { MOZ_ASSERT(aNewValue.mStringVal); aNewValue.mStringVal = moz_xstrdup(aNewValue.mStringVal); } *this = aNewValue; } void Clear(PrefType aType) { if (aType == PrefType::String) { free(const_cast<char*>(mStringVal)); } // Zero the entire value (regardless of type) via mStringVal. mStringVal = nullptr; } void Replace(bool aHasValue, PrefType aOldType, PrefType aNewType, PrefValue aNewValue) { if (aHasValue) { Clear(aOldType); } Init(aNewType, aNewValue); } void ToDomPrefValue(PrefType aType, dom::PrefValue* aDomValue) { switch (aType) { case PrefType::String: *aDomValue = nsDependentCString(mStringVal); return; case PrefType::Int: *aDomValue = mIntVal; return; case PrefType::Bool: *aDomValue = mBoolVal; return; default: MOZ_CRASH(); } } PrefType FromDomPrefValue(const dom::PrefValue& aDomValue) { switch (aDomValue.type()) { case dom::PrefValue::TnsCString: mStringVal = aDomValue.get_nsCString().get(); return PrefType::String; case dom::PrefValue::Tint32_t: mIntVal = aDomValue.get_int32_t(); return PrefType::Int; case dom::PrefValue::Tbool: mBoolVal = aDomValue.get_bool(); return PrefType::Bool; default: MOZ_CRASH(); } } void SerializeAndAppend(PrefType aType, nsCString& aStr) { switch (aType) { case PrefType::Bool: aStr.Append(mBoolVal ? 'T' : 'F'); break; case PrefType::Int: aStr.AppendInt(mIntVal); break; case PrefType::String: { SerializeAndAppendString(nsDependentCString(mStringVal), aStr); break; } case PrefType::None: default: MOZ_CRASH(); } } void ToString(PrefType aType, nsCString& aStr) { switch (aType) { case PrefType::Bool: aStr.Append(mBoolVal ? "true" : "false"); break; case PrefType::Int: aStr.AppendInt(mIntVal); break; case PrefType::String: { aStr.Append(nsDependentCString(mStringVal)); break; } case PrefType::None: default:; } } static char* Deserialize(PrefType aType, char* aStr, Maybe<dom::PrefValue>* aDomValue) { char* p = aStr; switch (aType) { case PrefType::Bool: if (*p == 'T') { *aDomValue = Some(true); } else if (*p == 'F') { *aDomValue = Some(false); } else { *aDomValue = Some(false); NS_ERROR("bad bool pref value"); } p++; return p; case PrefType::Int: { *aDomValue = Some(int32_t(strtol(p, &p, 10))); return p; } case PrefType::String: { nsCString str; p = DeserializeString(p, str); *aDomValue = Some(str); return p; } default: MOZ_CRASH(); } } }; template <> bool PrefValue::Get() const { return mBoolVal; } template <> int32_t PrefValue::Get() const { return mIntVal; } template <> nsDependentCString PrefValue::Get() const { return nsDependentCString(mStringVal); } #ifdef DEBUG const char* PrefTypeToString(PrefType aType) { switch (aType) { case PrefType::None: return "none"; case PrefType::String: return "string"; case PrefType::Int: return "int"; case PrefType::Bool: return "bool"; default: MOZ_CRASH("Unhandled enum value"); } } #endif // Assign to aResult a quoted, escaped copy of aOriginal. static void StrEscape(const char* aOriginal, nsCString& aResult) { if (aOriginal == nullptr) { aResult.AssignLiteral("\"\""); return; } // JavaScript does not allow quotes, slashes, or line terminators inside // strings so we must escape them. ECMAScript defines four line terminators, // but we're only worrying about \r and \n here. We currently feed our pref // script to the JS interpreter as Latin-1 so we won't encounter \u2028 // (line separator) or \u2029 (paragraph separator). // // WARNING: There are hints that we may be moving to storing prefs as utf8. // If we ever feed them to the JS compiler as UTF8 then we'll have to worry // about the multibyte sequences that would be interpreted as \u2028 and // \u2029. const char* p; aResult.Assign('"'); // Paranoid worst case all slashes will free quickly. for (p = aOriginal; *p; ++p) { switch (*p) { case '\n': aResult.AppendLiteral("\\n"); break; case '\r': aResult.AppendLiteral("\\r"); break; case '\\': aResult.AppendLiteral("\\\\"); break; case '\"': aResult.AppendLiteral("\\\""); break; default: aResult.Append(*p); break; } } aResult.Append('"'); } // Mimic the behaviour of nsTStringRepr::ToFloat before bug 840706 to preserve // error case handling for parsing pref strings. Many callers do not check error // codes, so the returned values may be used even if an error is set. // // This method should never return NaN, but may return +-inf if the provided // number is too large to fit in a float. static float ParsePrefFloat(const nsCString& aString, nsresult* aError) { if (aString.IsEmpty()) { *aError = NS_ERROR_ILLEGAL_VALUE; return 0.f; } // PR_strtod does a locale-independent conversion. char* stopped = nullptr; float result = PR_strtod(aString.get(), &stopped); // Defensively avoid potential breakage caused by returning NaN into // unsuspecting code. AFAIK this should never happen as PR_strtod cannot // return NaN as currently configured. if (std::isnan(result)) { MOZ_ASSERT_UNREACHABLE("PR_strtod shouldn't return NaN"); *aError = NS_ERROR_ILLEGAL_VALUE; return 0.f; } *aError = (stopped == aString.EndReading()) ? NS_OK : NS_ERROR_ILLEGAL_VALUE; return result; } struct PreferenceMarker { static constexpr Span<const char> MarkerTypeName() { return MakeStringSpan("Preference"); } static void StreamJSONMarkerData(baseprofiler::SpliceableJSONWriter& aWriter, const ProfilerString8View& aPrefName, const Maybe<PrefValueKind>& aPrefKind, PrefType aPrefType, const ProfilerString8View& aPrefValue) { aWriter.StringProperty("prefName", aPrefName); aWriter.StringProperty("prefKind", PrefValueKindToString(aPrefKind)); aWriter.StringProperty("prefType", PrefTypeToString(aPrefType)); aWriter.StringProperty("prefValue", aPrefValue); } static MarkerSchema MarkerTypeDisplay() { using MS = MarkerSchema; MS schema{MS::Location::MarkerChart, MS::Location::MarkerTable}; schema.AddKeyLabelFormatSearchable("prefName", "Name", MS::Format::String, MS::Searchable::Searchable); schema.AddKeyLabelFormat("prefKind", "Kind", MS::Format::String); schema.AddKeyLabelFormat("prefType", "Type", MS::Format::String); schema.AddKeyLabelFormat("prefValue", "Value", MS::Format::String); schema.SetTableLabel( "{marker.name} — {marker.data.prefName}: {marker.data.prefValue} " "({marker.data.prefType})"); return schema; } private: static Span<const char> PrefValueKindToString( const Maybe<PrefValueKind>& aKind) { if (aKind) { return *aKind == PrefValueKind::Default ? MakeStringSpan("Default") : MakeStringSpan("User"); } return "Shared"; } static Span<const char> PrefTypeToString(PrefType type) { switch (type) { case PrefType::None: return "None"; case PrefType::Int: return "Int"; case PrefType::Bool: return "Bool"; case PrefType::String: return "String"; default: MOZ_ASSERT_UNREACHABLE("Unknown preference type."); return "Unknown"; } } }; namespace mozilla { struct PrefsSizes { PrefsSizes() : mHashTable(0), mPrefValues(0), mStringValues(0), mRootBranches(0), mPrefNameArena(0), mCallbacksObjects(0), mCallbacksDomains(0), mMisc(0) {} size_t mHashTable; size_t mPrefValues; size_t mStringValues; size_t mRootBranches; size_t mPrefNameArena; size_t mCallbacksObjects; size_t mCallbacksDomains; size_t mMisc; }; } // namespace mozilla static StaticRefPtr<SharedPrefMap> gSharedMap; // Arena for Pref names. // Never access sPrefNameArena directly, always use PrefNameArena() // because it must only be accessed on the Main Thread typedef ArenaAllocator<4096, 1> NameArena; static NameArena* sPrefNameArena; static inline NameArena& PrefNameArena() { MOZ_ASSERT(NS_IsMainThread()); if (!sPrefNameArena) { sPrefNameArena = new NameArena(); } return *sPrefNameArena; } class PrefWrapper; // Three forward declarations for immediately below class Pref; static bool IsPreferenceSanitized(const Pref* const aPref); static bool ShouldSanitizePreference(const Pref* const aPref); // Note that this never changes in the parent process, and is only read in // content processes. static bool gContentProcessPrefsAreInited = false; class Pref { public: explicit Pref(const nsACString& aName) : mName(ArenaStrdup(aName, PrefNameArena()), aName.Length()), mType(static_cast<uint32_t>(PrefType::None)), mIsSticky(false), mIsLocked(false), mIsSanitized(false), mHasDefaultValue(false), mHasUserValue(false), mIsSkippedByIteration(false), mDefaultValue(), mUserValue() {} ~Pref() { // There's no need to free mName because it's allocated in memory owned by // sPrefNameArena. mDefaultValue.Clear(Type()); mUserValue.Clear(Type()); } const char* Name() const { return mName.get(); } const nsDependentCString& NameString() const { return mName; } // Types. PrefType Type() const { return static_cast<PrefType>(mType); } void SetType(PrefType aType) { mType = static_cast<uint32_t>(aType); } bool IsType(PrefType aType) const { return Type() == aType; } bool IsTypeNone() const { return IsType(PrefType::None); } bool IsTypeString() const { return IsType(PrefType::String); } bool IsTypeInt() const { return IsType(PrefType::Int); } bool IsTypeBool() const { return IsType(PrefType::Bool); } // Other properties. bool IsLocked() const { return mIsLocked; } void SetIsLocked(bool aValue) { mIsLocked = aValue; } bool IsSkippedByIteration() const { return mIsSkippedByIteration; } void SetIsSkippedByIteration(bool aValue) { mIsSkippedByIteration = aValue; } bool IsSticky() const { return mIsSticky; } bool IsSanitized() const { return mIsSanitized; } bool HasDefaultValue() const { return mHasDefaultValue; } bool HasUserValue() const { return mHasUserValue; } template <typename T> void AddToMap(SharedPrefMapBuilder& aMap) { // Sanitized preferences should never be added to the shared pref map MOZ_ASSERT(!ShouldSanitizePreference(this)); aMap.Add(NameString(), {HasDefaultValue(), HasUserValue(), IsSticky(), IsLocked(), /* isSanitized */ false, IsSkippedByIteration()}, HasDefaultValue() ? mDefaultValue.Get<T>() : T(), HasUserValue() ? mUserValue.Get<T>() : T()); } void AddToMap(SharedPrefMapBuilder& aMap) { if (IsTypeBool()) { AddToMap<bool>(aMap); } else if (IsTypeInt()) { AddToMap<int32_t>(aMap); } else if (IsTypeString()) { AddToMap<nsDependentCString>(aMap); } else { MOZ_ASSERT_UNREACHABLE("Unexpected preference type"); } } // Other operations. #define CHECK_SANITIZATION() \ if (IsPreferenceSanitized(this)) { \ glean::security::pref_usage_content_process.Record( \ Some(glean::security::PrefUsageContentProcessExtra{Some(Name())})); \ if (sCrashOnBlocklistedPref) { \ MOZ_CRASH_UNSAFE_PRINTF( \ "Should not access the preference '%s' in the Content Processes", \ Name()); \ } \ } bool GetBoolValue(PrefValueKind aKind = PrefValueKind::User) const { MOZ_ASSERT(IsTypeBool()); MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() : HasUserValue()); CHECK_SANITIZATION(); return aKind == PrefValueKind::Default ? mDefaultValue.mBoolVal : mUserValue.mBoolVal; } int32_t GetIntValue(PrefValueKind aKind = PrefValueKind::User) const { MOZ_ASSERT(IsTypeInt()); MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() : HasUserValue()); CHECK_SANITIZATION(); return aKind == PrefValueKind::Default ? mDefaultValue.mIntVal : mUserValue.mIntVal; } const char* GetBareStringValue( PrefValueKind aKind = PrefValueKind::User) const { MOZ_ASSERT(IsTypeString()); MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() : HasUserValue()); CHECK_SANITIZATION(); return aKind == PrefValueKind::Default ? mDefaultValue.mStringVal : mUserValue.mStringVal; } #undef CHECK_SANITIZATION nsDependentCString GetStringValue( PrefValueKind aKind = PrefValueKind::User) const { return nsDependentCString(GetBareStringValue(aKind)); } void ToDomPref(dom::Pref* aDomPref, bool aIsDestinationWebContentProcess) { MOZ_ASSERT(XRE_IsParentProcess()); aDomPref->name() = mName; aDomPref->isLocked() = mIsLocked; aDomPref->isSanitized() = aIsDestinationWebContentProcess && ShouldSanitizePreference(this); if (mHasDefaultValue) { aDomPref->defaultValue() = Some(dom::PrefValue()); mDefaultValue.ToDomPrefValue(Type(), &aDomPref->defaultValue().ref()); } else { aDomPref->defaultValue() = Nothing(); } if (mHasUserValue && !(aDomPref->isSanitized() && sOmitBlocklistedPrefValues)) { aDomPref->userValue() = Some(dom::PrefValue()); mUserValue.ToDomPrefValue(Type(), &aDomPref->userValue().ref()); } else { aDomPref->userValue() = Nothing(); } MOZ_ASSERT(aDomPref->defaultValue().isNothing() || aDomPref->userValue().isNothing() || (mIsSanitized && sOmitBlocklistedPrefValues) || (aDomPref->defaultValue().ref().type() == aDomPref->userValue().ref().type())); } void FromDomPref(const dom::Pref& aDomPref, bool* aValueChanged) { MOZ_ASSERT(!XRE_IsParentProcess()); MOZ_ASSERT(mName == aDomPref.name()); mIsLocked = aDomPref.isLocked(); mIsSanitized = aDomPref.isSanitized(); const Maybe<dom::PrefValue>& defaultValue = aDomPref.defaultValue(); bool defaultValueChanged = false; if (defaultValue.isSome()) { PrefValue value; PrefType type = value.FromDomPrefValue(defaultValue.ref()); if (!ValueMatches(PrefValueKind::Default, type, value)) { // Type() is PrefType::None if it's a newly added pref. This is ok. mDefaultValue.Replace(mHasDefaultValue, Type(), type, value); SetType(type); mHasDefaultValue = true; defaultValueChanged = true; } } // Note: we never clear a default value. const Maybe<dom::PrefValue>& userValue = aDomPref.userValue(); bool userValueChanged = false; if (userValue.isSome()) { PrefValue value; PrefType type = value.FromDomPrefValue(userValue.ref()); if (!ValueMatches(PrefValueKind::User, type, value)) { // Type() is PrefType::None if it's a newly added pref. This is ok. mUserValue.Replace(mHasUserValue, Type(), type, value); SetType(type); mHasUserValue = true; userValueChanged = true; } } else if (mHasUserValue) { ClearUserValue(); userValueChanged = true; } if (userValueChanged || (defaultValueChanged && !mHasUserValue)) { *aValueChanged = true; } } void FromWrapper(PrefWrapper& aWrapper); bool HasAdvisablySizedValues() { MOZ_ASSERT(XRE_IsParentProcess()); if (!IsTypeString()) { return true; } if (mHasDefaultValue && strlen(mDefaultValue.mStringVal) > MAX_ADVISABLE_PREF_LENGTH) { return false; } if (mHasUserValue && strlen(mUserValue.mStringVal) > MAX_ADVISABLE_PREF_LENGTH) { return false; } return true; } private: bool ValueMatches(PrefValueKind aKind, PrefType aType, PrefValue aValue) { return IsType(aType) && (aKind == PrefValueKind::Default ? mHasDefaultValue && mDefaultValue.Equals(aType, aValue) : mHasUserValue && mUserValue.Equals(aType, aValue)); } public: void ClearUserValue() { mUserValue.Clear(Type()); mHasUserValue = false; } nsresult SetDefaultValue(PrefType aType, PrefValue aValue, bool aIsSticky, bool aIsLocked, bool* aValueChanged) { // Types must always match when setting the default value. if (!IsType(aType)) { return NS_ERROR_UNEXPECTED; } // Should we set the default value? Only if the pref is not locked, and // doing so would change the default value. if (!IsLocked()) { if (aIsLocked) { SetIsLocked(true); } if (!ValueMatches(PrefValueKind::Default, aType, aValue)) { mDefaultValue.Replace(mHasDefaultValue, Type(), aType, aValue); mHasDefaultValue = true; if (aIsSticky) { mIsSticky = true; } if (!mHasUserValue) { *aValueChanged = true; } // What if we change the default to be the same as the user value? // Should we clear the user value? Currently we don't. } } return NS_OK; } nsresult SetUserValue(PrefType aType, PrefValue aValue, bool aFromInit, bool* aValueChanged) { // If we have a default value, types must match when setting the user // value. if (mHasDefaultValue && !IsType(aType)) { return NS_ERROR_UNEXPECTED; } // Should we clear the user value, if present? Only if the new user value // matches the default value, and the pref isn't sticky, and we aren't // force-setting it during initialization. if (ValueMatches(PrefValueKind::Default, aType, aValue) && !mIsSticky && !aFromInit) { if (mHasUserValue) { ClearUserValue(); if (!IsLocked()) { *aValueChanged = true; } } // Otherwise, should we set the user value? Only if doing so would // change the user value. } else if (!ValueMatches(PrefValueKind::User, aType, aValue)) { mUserValue.Replace(mHasUserValue, Type(), aType, aValue); SetType(aType); // needed because we may have changed the type mHasUserValue = true; if (!IsLocked()) { *aValueChanged = true; } } return NS_OK; } // Prefs are serialized in a manner that mirrors dom::Pref. The two should be // kept in sync. E.g. if something is added to one it should also be added to // the other. (It would be nice to be able to use the code generated from // IPDL for serializing dom::Pref here instead of writing by hand this // serialization/deserialization. Unfortunately, that generated code is // difficult to use directly, outside of the IPDL IPC code.) // // The grammar for the serialized prefs has the following form. // // <pref> = <type> <locked> <sanitized> ':' <name> ':' <value>? ':' // <value>? '\n' // <type> = 'B' | 'I' | 'S' // <locked> = 'L' | '-' // <sanitized> = 'S' | '-' // <name> = <string-value> // <value> = <bool-value> | <int-value> | <string-value> // <bool-value> = 'T' | 'F' // <int-value> = an integer literal accepted by strtol() // <string-value> = <int-value> '/' <chars> // <chars> = any char sequence of length dictated by the preceding // <int-value>. // // No whitespace is tolerated between tokens. <type> must match the types of // the values. // // The serialization is text-based, rather than binary, for the following // reasons. // // - The size difference wouldn't be much different between text-based and // binary. Most of the space is for strings (pref names and string pref // values), which would be the same in both styles. And other differences // would be minimal, e.g. small integers are shorter in text but long // integers are longer in text. // // - Likewise, speed differences should be negligible. // // - It's much easier to debug a text-based serialization. E.g. you can // print it and inspect it easily in a debugger. // // Examples of unlocked boolean prefs: // - "B--:8/my.bool1:F:T\n" // - "B--:8/my.bool2:F:\n" // - "B--:8/my.bool3::T\n" // // Examples of sanitized, unlocked boolean prefs: // - "B-S:8/my.bool1:F:T\n" // - "B-S:8/my.bool2:F:\n" // - "B-S:8/my.bool3::T\n" // // Examples of locked integer prefs: // - "IL-:7/my.int1:0:1\n" // - "IL-:7/my.int2:123:\n" // - "IL-:7/my.int3::-99\n" // // Examples of unlocked string prefs: // - "S--:10/my.string1:3/abc:4/wxyz\n" // - "S--:10/my.string2:5/1.234:\n" // - "S--:10/my.string3::7/string!\n" void SerializeAndAppend(nsCString& aStr, bool aSanitizeUserValue) { switch (Type()) { case PrefType::Bool: aStr.Append('B'); break; case PrefType::Int: aStr.Append('I'); break; case PrefType::String: { aStr.Append('S'); break; } case PrefType::None: default: MOZ_CRASH(); } aStr.Append(mIsLocked ? 'L' : '-'); aStr.Append(aSanitizeUserValue ? 'S' : '-'); aStr.Append(':'); SerializeAndAppendString(mName, aStr); aStr.Append(':'); if (mHasDefaultValue) { mDefaultValue.SerializeAndAppend(Type(), aStr); } aStr.Append(':'); if (mHasUserValue && !(aSanitizeUserValue && sOmitBlocklistedPrefValues)) { mUserValue.SerializeAndAppend(Type(), aStr); } aStr.Append('\n'); } static char* Deserialize(char* aStr, dom::Pref* aDomPref) { char* p = aStr; // The type. PrefType type; if (*p == 'B') { type = PrefType::Bool; } else if (*p == 'I') { type = PrefType::Int; } else if (*p == 'S') { type = PrefType::String; } else { NS_ERROR("bad pref type"); type = PrefType::None; } p++; // move past the type char // Locked? bool isLocked; if (*p == 'L') { isLocked = true; } else if (*p == '-') { isLocked = false; } else { NS_ERROR("bad pref locked status"); isLocked = false; } p++; // move past the isLocked char // Sanitize? bool isSanitized; if (*p == 'S') { isSanitized = true; } else if (*p == '-') { isSanitized = false; } else { NS_ERROR("bad pref sanitized status"); isSanitized = false; } p++; // move past the isSanitized char MOZ_ASSERT(*p == ':'); p++; // move past the ':' // The pref name. nsCString name; p = DeserializeString(p, name); MOZ_ASSERT(*p == ':'); p++; // move past the ':' preceding the default value Maybe<dom::PrefValue> maybeDefaultValue; if (*p != ':') { dom::PrefValue defaultValue; p = PrefValue::Deserialize(type, p, &maybeDefaultValue); } MOZ_ASSERT(*p == ':'); p++; // move past the ':' between the default and user values Maybe<dom::PrefValue> maybeUserValue; if (*p != '\n') { dom::PrefValue userValue; p = PrefValue::Deserialize(type, p, &maybeUserValue); } MOZ_ASSERT(*p == '\n'); p++; // move past the '\n' following the user value *aDomPref = dom::Pref(name, isLocked, isSanitized, maybeDefaultValue, maybeUserValue); return p; } void AddSizeOfIncludingThis(MallocSizeOf aMallocSizeOf, PrefsSizes& aSizes) { // Note: mName is allocated in sPrefNameArena, measured elsewhere. aSizes.mPrefValues += aMallocSizeOf(this); if (IsTypeString()) { if (mHasDefaultValue) { aSizes.mStringValues += aMallocSizeOf(mDefaultValue.mStringVal); } if (mHasUserValue) { aSizes.mStringValues += aMallocSizeOf(mUserValue.mStringVal); } } } void RelocateName(NameArena* aArena) { mName.Rebind(ArenaStrdup(mName.get(), *aArena), mName.Length()); } private: nsDependentCString mName; // allocated in sPrefNameArena uint32_t mType : 2; uint32_t mIsSticky : 1; uint32_t mIsLocked : 1; uint32_t mIsSanitized : 1; uint32_t mHasDefaultValue : 1; uint32_t mHasUserValue : 1; uint32_t mIsSkippedByIteration : 1; PrefValue mDefaultValue; PrefValue mUserValue; }; struct PrefHasher { using Key = UniquePtr<Pref>; using Lookup = const char*; static HashNumber hash(const Lookup aLookup) { return HashString(aLookup); } static bool match(const Key& aKey, const Lookup aLookup) { if (!aLookup || !aKey->Name()) { return false; } return strcmp(aLookup, aKey->Name()) == 0; } }; using PrefWrapperBase = Variant<Pref*, SharedPrefMap::Pref>; class MOZ_STACK_CLASS PrefWrapper : public PrefWrapperBase { using SharedPref = const SharedPrefMap::Pref; public: MOZ_IMPLICIT PrefWrapper(Pref* aPref) : PrefWrapperBase(AsVariant(aPref)) {} MOZ_IMPLICIT PrefWrapper(const SharedPrefMap::Pref& aPref) : PrefWrapperBase(AsVariant(aPref)) {} // Types. bool IsType(PrefType aType) const { return Type() == aType; } bool IsTypeNone() const { return IsType(PrefType::None); } bool IsTypeString() const { return IsType(PrefType::String); } bool IsTypeInt() const { return IsType(PrefType::Int); } bool IsTypeBool() const { return IsType(PrefType::Bool); } #define FORWARD(retType, method) \ retType method() const { \ struct Matcher { \ retType operator()(const Pref* aPref) { return aPref->method(); } \ retType operator()(SharedPref& aPref) { return aPref.method(); } \ }; \ return match(Matcher()); \ } FORWARD(bool, IsLocked) FORWARD(bool, IsSanitized) FORWARD(bool, IsSticky) FORWARD(bool, HasDefaultValue) FORWARD(bool, HasUserValue) FORWARD(const char*, Name) FORWARD(nsCString, NameString) FORWARD(PrefType, Type) #undef FORWARD #define FORWARD(retType, method) \ retType method(PrefValueKind aKind = PrefValueKind::User) const { \ struct Matcher { \ PrefValueKind mKind; \ \ retType operator()(const Pref* aPref) { return aPref->method(mKind); } \ retType operator()(SharedPref& aPref) { return aPref.method(mKind); } \ }; \ return match(Matcher{aKind}); \ } FORWARD(bool, GetBoolValue) FORWARD(int32_t, GetIntValue) FORWARD(nsCString, GetStringValue) FORWARD(const char*, GetBareStringValue) #undef FORWARD PrefValue GetValue(PrefValueKind aKind = PrefValueKind::User) const { switch (Type()) { case PrefType::Bool: return PrefValue{GetBoolValue(aKind)}; case PrefType::Int: return PrefValue{GetIntValue(aKind)}; case PrefType::String: return PrefValue{GetBareStringValue(aKind)}; case PrefType::None: // This check will be performed in the above functions; but for NoneType // we need to do it explicitly, then fall-through. if (IsPreferenceSanitized(Name())) { glean::security::pref_usage_content_process.Record(Some( glean::security::PrefUsageContentProcessExtra{Some(Name())})); if (sCrashOnBlocklistedPref) { MOZ_CRASH_UNSAFE_PRINTF( "Should not access the preference '%s' in the Content " "Processes", Name()); } } [[fallthrough]]; default: MOZ_ASSERT_UNREACHABLE("Unexpected pref type"); return PrefValue{}; } } Result<PrefValueKind, nsresult> WantValueKind(PrefType aType, PrefValueKind aKind) const { // WantValueKind may short-circuit GetValue functions and cause them to // return early, before this check occurs in GetFooValue() if (this->is<Pref*>() && IsPreferenceSanitized(this->as<Pref*>())) { glean::security::pref_usage_content_process.Record( Some(glean::security::PrefUsageContentProcessExtra{Some(Name())})); if (sCrashOnBlocklistedPref) { MOZ_CRASH_UNSAFE_PRINTF( "Should not access the preference '%s' in the Content Processes", Name()); } } else if (!this->is<Pref*>()) { // While we could use Name() above, and avoid the Variant checks, it // would less efficient than needed and we can instead do a debug-only // assert here to limit the inefficientcy MOZ_ASSERT(!IsPreferenceSanitized(Name()), "We should never have a sanitized SharedPrefMap::Pref."); } if (Type() != aType) { return Err(NS_ERROR_UNEXPECTED); } if (aKind == PrefValueKind::Default || IsLocked() || !HasUserValue()) { if (!HasDefaultValue()) { return Err(NS_ERROR_UNEXPECTED); } return PrefValueKind::Default; } return PrefValueKind::User; } nsresult GetValue(PrefValueKind aKind, bool* aResult) const { PrefValueKind kind; MOZ_TRY_VAR(kind, WantValueKind(PrefType::Bool, aKind)); *aResult = GetBoolValue(kind); return NS_OK; } nsresult GetValue(PrefValueKind aKind, int32_t* aResult) const { PrefValueKind kind; MOZ_TRY_VAR(kind, WantValueKind(PrefType::Int, aKind)); *aResult = GetIntValue(kind); return NS_OK; } nsresult GetValue(PrefValueKind aKind, uint32_t* aResult) const { return GetValue(aKind, reinterpret_cast<int32_t*>(aResult)); } nsresult GetValue(PrefValueKind aKind, float* aResult) const { nsAutoCString result; nsresult rv = GetValue(aKind, result); if (NS_SUCCEEDED(rv)) { // ParsePrefFloat() does a locale-independent conversion. // FIXME: Other `GetValue` overloads don't clobber `aResult` on error. *aResult = ParsePrefFloat(result, &rv); } return rv; } nsresult GetValue(PrefValueKind aKind, nsACString& aResult) const { PrefValueKind kind; MOZ_TRY_VAR(kind, WantValueKind(PrefType::String, aKind)); aResult = GetStringValue(kind); return NS_OK; } nsresult GetValue(PrefValueKind aKind, nsACString* aResult) const { return GetValue(aKind, *aResult); } // Returns false if this pref doesn't have a user value worth saving. bool UserValueToStringForSaving(nsCString& aStr) { // Should we save the user value, if present? Only if it does not match the // default value, or it is sticky. if (HasUserValue() && (!ValueMatches(PrefValueKind::Default, Type(), GetValue()) || IsSticky())) { if (IsTypeString()) { StrEscape(GetStringValue().get(), aStr); } else if (IsTypeInt()) { aStr.AppendInt(GetIntValue()); } else if (IsTypeBool()) { aStr = GetBoolValue() ? "true" : "false"; } return true; } // Do not save default prefs that haven't changed. return false; } bool Matches(PrefType aType, PrefValueKind aKind, PrefValue& aValue, bool aIsSticky, bool aIsLocked) const { return (ValueMatches(aKind, aType, aValue) && aIsSticky == IsSticky() && aIsLocked == IsLocked()); } bool ValueMatches(PrefValueKind aKind, PrefType aType, const PrefValue& aValue) const { if (!IsType(aType)) { return false; } if (!(aKind == PrefValueKind::Default ? HasDefaultValue() : HasUserValue())) { return false; } switch (aType) { case PrefType::Bool: return GetBoolValue(aKind) == aValue.mBoolVal; case PrefType::Int: return GetIntValue(aKind) == aValue.mIntVal; case PrefType::String: return strcmp(GetBareStringValue(aKind), aValue.mStringVal) == 0; default: MOZ_ASSERT_UNREACHABLE("Unexpected preference type"); return false; } } }; void Pref::FromWrapper(PrefWrapper& aWrapper) { MOZ_ASSERT(aWrapper.is<SharedPrefMap::Pref>()); auto pref = aWrapper.as<SharedPrefMap::Pref>(); MOZ_ASSERT(IsTypeNone()); MOZ_ASSERT(mName == pref.NameString()); mType = uint32_t(pref.Type()); mIsLocked = pref.IsLocked(); mIsSanitized = pref.IsSanitized(); mIsSticky = pref.IsSticky(); mHasDefaultValue = pref.HasDefaultValue(); mHasUserValue = pref.HasUserValue(); if (mHasDefaultValue) { mDefaultValue.Init(Type(), aWrapper.GetValue(PrefValueKind::Default)); } if (mHasUserValue) { mUserValue.Init(Type(), aWrapper.GetValue(PrefValueKind::User)); } } class CallbackNode { public: CallbackNode(const nsACString& aDomain, PrefChangedFunc aFunc, void* aData, Preferences::MatchKind aMatchKind) : mDomain(AsVariant(nsCString(aDomain))), mFunc(aFunc), mData(aData), mNextAndMatchKind(aMatchKind) {} CallbackNode(const char* const* aDomains, PrefChangedFunc aFunc, void* aData, Preferences::MatchKind aMatchKind) : mDomain(AsVariant(aDomains)), mFunc(aFunc), mData(aData), mNextAndMatchKind(aMatchKind) {} // mDomain is a UniquePtr<>, so any uses of Domain() should only be temporary // borrows. const Variant<nsCString, const char* const*>& Domain() const { return mDomain; } PrefChangedFunc Func() const { return mFunc; } void ClearFunc() { mFunc = nullptr; } void* Data() const { return mData; } Preferences::MatchKind MatchKind() const { return static_cast<Preferences::MatchKind>(mNextAndMatchKind & kMatchKindMask); } bool DomainIs(const nsACString& aDomain) const { return mDomain.is<nsCString>() && mDomain.as<nsCString>() == aDomain; } bool DomainIs(const char* const* aPrefs) const { return mDomain == AsVariant(aPrefs); } bool Matches(const nsACString& aPrefName) const { auto match = [&](const nsACString& aStr) { return MatchKind() == Preferences::ExactMatch ? aPrefName == aStr : StringBeginsWith(aPrefName, aStr); }; if (mDomain.is<nsCString>()) { return match(mDomain.as<nsCString>()); } for (const char* const* ptr = mDomain.as<const char* const*>(); *ptr; ptr++) { if (match(nsDependentCString(*ptr))) { return true; } } return false; } CallbackNode* Next() const { return reinterpret_cast<CallbackNode*>(mNextAndMatchKind & kNextMask); } void SetNext(CallbackNode* aNext) { uintptr_t matchKind = mNextAndMatchKind & kMatchKindMask; mNextAndMatchKind = reinterpret_cast<uintptr_t>(aNext); MOZ_ASSERT((mNextAndMatchKind & kMatchKindMask) == 0); mNextAndMatchKind |= matchKind; } void AddSizeOfIncludingThis(MallocSizeOf aMallocSizeOf, PrefsSizes& aSizes) { aSizes.mCallbacksObjects += aMallocSizeOf(this); if (mDomain.is<nsCString>()) { aSizes.mCallbacksDomains += mDomain.as<nsCString>().SizeOfExcludingThisIfUnshared(aMallocSizeOf); } } private: static const uintptr_t kMatchKindMask = uintptr_t(0x1); static const uintptr_t kNextMask = ~kMatchKindMask; Variant<nsCString, const char* const*> mDomain; // If someone attempts to remove the node from the callback list while // NotifyCallbacks() is running, |func| is set to nullptr. Such nodes will // be removed at the end of NotifyCallbacks(). PrefChangedFunc mFunc; void* mData; // Conceptually this is two fields: // - CallbackNode* mNext; // - Preferences::MatchKind mMatchKind; // They are combined into a tagged pointer to save memory. uintptr_t mNextAndMatchKind; }; using PrefsHashTable = HashSet<UniquePtr<Pref>, PrefHasher>; // The main prefs hash table. Inside a function so we can assert it's only // accessed on the main thread. (That assertion can be avoided but only do so // with great care!) static inline PrefsHashTable*& HashTable(bool aOffMainThread = false) { MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); static PrefsHashTable* sHashTable = nullptr; return sHashTable; } #ifdef DEBUG // This defines the type used to store our `once` mirrors checker. We can't use // HashMap for now due to alignment restrictions when dealing with // std::function<void()> (see bug 1557617). typedef std::function<void()> AntiFootgunCallback; struct CompareStr { bool operator()(char const* a, char const* b) const { return std::strcmp(a, b) < 0; } }; typedef std::map<const char*, AntiFootgunCallback, CompareStr> AntiFootgunMap; static StaticAutoPtr<AntiFootgunMap> gOnceStaticPrefsAntiFootgun; #endif // The callback list contains all the priority callbacks followed by the // non-priority callbacks. gLastPriorityNode records where the first part ends. static CallbackNode* gFirstCallback = nullptr; static CallbackNode* gLastPriorityNode = nullptr; #ifdef DEBUG # define ACCESS_COUNTS #endif #ifdef ACCESS_COUNTS using AccessCountsHashTable = nsTHashMap<nsCStringHashKey, uint32_t>; static StaticAutoPtr<AccessCountsHashTable> gAccessCounts; static void AddAccessCount(const nsACString& aPrefName) { // FIXME: Servo reads preferences from background threads in unsafe ways (bug // 1474789), and triggers assertions here if we try to add usage count entries // from background threads. if (NS_IsMainThread()) { JS::AutoSuppressGCAnalysis nogc; // Hash functions will not GC. uint32_t& count = gAccessCounts->LookupOrInsert(aPrefName); count++; } } static void AddAccessCount(const char* aPrefName) { AddAccessCount(nsDependentCString(aPrefName)); } #else static void MOZ_MAYBE_UNUSED AddAccessCount(const nsACString& aPrefName) {} static void AddAccessCount(const char* aPrefName) {} #endif // These are only used during the call to NotifyCallbacks(). static bool gCallbacksInProgress = false; static bool gShouldCleanupDeadNodes = false; class PrefsHashIter { using Iterator = decltype(HashTable()->modIter()); using ElemType = Pref*; Iterator mIter; public: explicit PrefsHashIter(PrefsHashTable* aTable) : mIter(aTable->modIter()) {} class Elem { friend class PrefsHashIter; PrefsHashIter& mParent; bool mDone; Elem(PrefsHashIter& aIter, bool aDone) : mParent(aIter), mDone(aDone) {} Iterator& Iter() { return mParent.mIter; } public: Elem& operator*() { return *this; } ElemType get() { if (mDone) { return nullptr; } return Iter().get().get(); } ElemType get() const { return const_cast<Elem*>(this)->get(); } ElemType operator->() { return get(); } ElemType operator->() const { return get(); } operator ElemType() { return get(); } void Remove() { Iter().remove(); } Elem& operator++() { MOZ_ASSERT(!mDone); Iter().next(); mDone = Iter().done(); return *this; } bool operator!=(Elem& other) { return mDone != other.mDone || this->get() != other.get(); } }; Elem begin() { return Elem(*this, mIter.done()); } Elem end() { return Elem(*this, true); } }; class PrefsIter { using Iterator = decltype(HashTable()->iter()); using ElemType = PrefWrapper; using HashElem = PrefsHashIter::Elem; using SharedElem = SharedPrefMap::Pref; using ElemTypeVariant = Variant<HashElem, SharedElem>; SharedPrefMap* mSharedMap; PrefsHashTable* mHashTable; PrefsHashIter mIter; ElemTypeVariant mPos; ElemTypeVariant mEnd; Maybe<PrefWrapper> mEntry; public: PrefsIter(PrefsHashTable* aHashTable, SharedPrefMap* aSharedMap) : mSharedMap(aSharedMap), mHashTable(aHashTable), mIter(aHashTable), mPos(AsVariant(mIter.begin())), mEnd(AsVariant(mIter.end())) { if (Done()) { NextIterator(); } } private: #define MATCH(type, ...) \ do { \ struct Matcher { \ PrefsIter& mIter; \ type operator()(HashElem& pos) { \ HashElem& end MOZ_MAYBE_UNUSED = mIter.mEnd.as<HashElem>(); \ __VA_ARGS__; \ } \ type operator()(SharedElem& pos) { \ SharedElem& end MOZ_MAYBE_UNUSED = mIter.mEnd.as<SharedElem>(); \ __VA_ARGS__; \ } \ }; \ return mPos.match(Matcher{*this}); \ } while (0); bool Done() { MATCH(bool, return pos == end); } PrefWrapper MakeEntry() { MATCH(PrefWrapper, return PrefWrapper(pos)); } void NextEntry() { mEntry.reset(); MATCH(void, ++pos); } #undef MATCH bool Next() { NextEntry(); return !Done() || NextIterator(); } bool NextIterator() { if (mPos.is<HashElem>() && mSharedMap) { mPos = AsVariant(mSharedMap->begin()); mEnd = AsVariant(mSharedMap->end()); return !Done(); } return false; } bool IteratingBase() { return mPos.is<SharedElem>(); } PrefWrapper& Entry() { MOZ_ASSERT(!Done()); if (!mEntry.isSome()) { mEntry.emplace(MakeEntry()); } return mEntry.ref(); } public: class Elem { friend class PrefsIter; PrefsIter& mParent; bool mDone; Elem(PrefsIter& aIter, bool aDone) : mParent(aIter), mDone(aDone) { SkipDuplicates(); } void Next() { mDone = !mParent.Next(); } void SkipDuplicates() { while (!mDone && (mParent.IteratingBase() ? mParent.mHashTable->has(ref().Name()) : ref().IsTypeNone())) { Next(); } } public: Elem& operator*() { return *this; } ElemType& ref() { return mParent.Entry(); } const ElemType& ref() const { return const_cast<Elem*>(this)->ref(); } ElemType* operator->() { return &ref(); } const ElemType* operator->() const { return &ref(); } operator ElemType() { return ref(); } Elem& operator++() { MOZ_ASSERT(!mDone); Next(); SkipDuplicates(); return *this; } bool operator!=(Elem& other) { if (mDone != other.mDone) { return true; } if (mDone) { return false; } return &this->ref() != &other.ref(); } }; Elem begin() { return {*this, Done()}; } Elem end() { return {*this, true}; } }; static Pref* pref_HashTableLookup(const char* aPrefName); static void NotifyCallbacks(const nsCString& aPrefName, const PrefWrapper* aPref = nullptr); static void NotifyCallbacks(const nsCString& aPrefName, const PrefWrapper& aPref) { NotifyCallbacks(aPrefName, &aPref); } // The approximate number of preferences in the dynamic hashtable for the parent // and content processes, respectively. These numbers are used to determine the // initial size of the dynamic preference hashtables, and should be chosen to // avoid rehashing during normal usage. The actual number of preferences will, // or course, change over time, but these numbers only need to be within a // binary order of magnitude of the actual values to remain effective. // // The number for the parent process should reflect the total number of // preferences in the database, since the parent process needs to initially // build a dynamic hashtable of the entire preference database. The number for // the child process should reflect the number of preferences which are likely // to change after the startup of the first content process, since content // processes only store changed preferences on top of a snapshot of the database // created at startup. // // Note: The capacity of a hashtable doubles when its length reaches an exact // power of two. A table with an initial length of 64 is twice as large as one // with an initial length of 63. This is important in content processes, where // lookup speed is less critical and we pay the price of the additional overhead // for each content process. So the initial content length should generally be // *under* the next power-of-two larger than its expected length. constexpr size_t kHashTableInitialLengthParent = 3000; constexpr size_t kHashTableInitialLengthContent = 64; static PrefSaveData pref_savePrefs() { MOZ_ASSERT(NS_IsMainThread()); PrefSaveData savedPrefs(HashTable()->count()); for (auto& pref : PrefsIter(HashTable(), gSharedMap)) { nsAutoCString prefValueStr; if (!pref->UserValueToStringForSaving(prefValueStr)) { continue; } nsAutoCString prefNameStr; StrEscape(pref->Name(), prefNameStr); nsPrintfCString str("user_pref(%s, %s);", prefNameStr.get(), prefValueStr.get()); savedPrefs.AppendElement(str); } return savedPrefs; } static Pref* pref_HashTableLookup(const char* aPrefName) { MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); MOZ_ASSERT_IF(!XRE_IsParentProcess(), gContentProcessPrefsAreInited); // We use readonlyThreadsafeLookup() because we often have concurrent lookups // from multiple Stylo threads. This is safe because those threads cannot // modify sHashTable, and the main thread is blocked while Stylo threads are // doing these lookups. auto p = HashTable()->readonlyThreadsafeLookup(aPrefName); return p ? p->get() : nullptr; } // While notifying preference callbacks, this holds the wrapper for the // preference being notified, in order to optimize lookups. // // Note: Callbacks and lookups only happen on the main thread, so this is safe // to use without locking. static const PrefWrapper* gCallbackPref; Maybe<PrefWrapper> pref_SharedLookup(const char* aPrefName) { MOZ_DIAGNOSTIC_ASSERT(gSharedMap, "gSharedMap must be initialized"); if (Maybe<SharedPrefMap::Pref> pref = gSharedMap->Get(aPrefName)) { return Some(*pref); } return Nothing(); } Maybe<PrefWrapper> pref_Lookup(const char* aPrefName, bool aIncludeTypeNone = false) { MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); AddAccessCount(aPrefName); if (gCallbackPref && strcmp(aPrefName, gCallbackPref->Name()) == 0) { return Some(*gCallbackPref); } if (Pref* pref = pref_HashTableLookup(aPrefName)) { if (aIncludeTypeNone || !pref->IsTypeNone() || pref->IsSanitized()) { return Some(pref); } } else if (gSharedMap) { return pref_SharedLookup(aPrefName); } return Nothing(); } static Result<Pref*, nsresult> pref_LookupForModify( const nsCString& aPrefName, const std::function<bool(const PrefWrapper&)>& aCheckFn) { Maybe<PrefWrapper> wrapper = pref_Lookup(aPrefName.get(), /* includeTypeNone */ true); if (wrapper.isNothing()) { return Err(NS_ERROR_INVALID_ARG); } if (!aCheckFn(*wrapper)) { return nullptr; } if (wrapper->is<Pref*>()) { return wrapper->as<Pref*>(); } Pref* pref = new Pref(aPrefName); if (!HashTable()->putNew(aPrefName.get(), pref)) { delete pref; return Err(NS_ERROR_OUT_OF_MEMORY); } pref->FromWrapper(*wrapper); return pref; } static nsresult pref_SetPref(const nsCString& aPrefName, PrefType aType, PrefValueKind aKind, PrefValue aValue, bool aIsSticky, bool aIsLocked, bool aFromInit) { MOZ_ASSERT(XRE_IsParentProcess()); MOZ_ASSERT(NS_IsMainThread()); if (AppShutdown::IsInOrBeyond(ShutdownPhase::XPCOMShutdownThreads)) { printf( "pref_SetPref: Attempt to write pref %s after XPCOMShutdownThreads " "started.\n", aPrefName.get()); if (nsContentUtils::IsInitialized()) { xpc_DumpJSStack(true, true, false); } MOZ_ASSERT(false, "Late preference writes should be avoided."); return NS_ERROR_ILLEGAL_DURING_SHUTDOWN; } if (!HashTable()) { return NS_ERROR_OUT_OF_MEMORY; } Pref* pref = nullptr; if (gSharedMap) { auto result = pref_LookupForModify(aPrefName, [&](const PrefWrapper& aWra return !aWrapper.Matches(aType, aKind, aValue, aIsSticky, aIsLocked); }); if (result.isOk() && !(pref = result.unwrap())) { // No changes required. return NS_OK; } } if (!pref) { auto p = HashTable()->lookupForAdd(aPrefName.get()); if (!p) { pref = new Pref(aPrefName); pref->SetType(aType); if (!HashTable()->add(p, pref)) { delete pref; return NS_ERROR_OUT_OF_MEMORY; } } else { pref = p->get(); } } bool valueChanged = false; nsresult rv; if (aKind == PrefValueKind::Default) { rv = pref->SetDefaultValue(aType, aValue, aIsSticky, aIsLocked, &valueChanged); } else { MOZ_ASSERT(!aIsLocked); // `locked` is disallowed in user pref files rv = pref->SetUserValue(aType, aValue, aFromInit, &valueChanged); } if (NS_FAILED(rv)) { NS_WARNING( nsPrintfCString("Rejected attempt to change type of pref %s's %s value " "from %s to %s", aPrefName.get(), (aKind == PrefValueKind::Default) ? "default" : "user", PrefTypeToString(pref->Type()), PrefTypeToString(aType)) .get()); return rv; } if (valueChanged) { if (!aFromInit && profiler_thread_is_being_profiled_for_markers()) { nsAutoCString value; aValue.ToString(aType, value); profiler_add_marker( "Preference Write", baseprofiler::category::OTHER_PreferenceRead, {}, PreferenceMarker{}, aPrefName, Some(aKind), aType, value); } if (aKind == PrefValueKind::User) { Preferences::HandleDirty(); } NotifyCallbacks(aPrefName, PrefWrapper(pref)); } return NS_OK; } // Removes |node| from callback list. Returns the node after the deleted one. static CallbackNode* pref_RemoveCallbackNode(CallbackNode* aNode, CallbackNode* aPrevNode) { MOZ_ASSERT(!aPrevNode || aPrevNode->Next() == aNode); MOZ_ASSERT(aPrevNode || gFirstCallback == aNode); MOZ_ASSERT(!gCallbacksInProgress); CallbackNode* next_node = aNode->Next(); if (aPrevNode) { aPrevNode->SetNext(next_node); } else { gFirstCallback = next_node; } if (gLastPriorityNode == aNode) { gLastPriorityNode = aPrevNode; } delete aNode; return next_node; } static void NotifyCallbacks(const nsCString& aPrefName, const PrefWrapper* aPref) { bool reentered = gCallbacksInProgress; gCallbackPref = aPref; auto cleanup = MakeScopeExit([]() { gCallbackPref = nullptr; }); // Nodes must not be deleted while gCallbacksInProgress is true. // Nodes that need to be deleted are marked for deletion by nulling // out the |func| pointer. We release them at the end of this function // if we haven't reentered. gCallbacksInProgress = true; for (CallbackNode* node = gFirstCallback; node; node = node->Next()) { if (node->Func()) { if (node->Matches(aPrefName)) { (node->Func())(aPrefName.get(), node->Data()); } } } gCallbacksInProgress = reentered; if (gShouldCleanupDeadNodes && !gCallbacksInProgress) { CallbackNode* prev_node = nullptr; CallbackNode* node = gFirstCallback; while (node) { if (!node->Func()) { node = pref_RemoveCallbackNode(node, prev_node); } else { prev_node = node; node = node->Next(); } } gShouldCleanupDeadNodes = false; } #ifdef DEBUG if (XRE_IsParentProcess() && !StaticPrefs::preferences_force_disable_check_once_policy() && (StaticPrefs::preferences_check_once_policy() || xpc::IsInAutomation())) { // Check that we aren't modifying a `once`-mirrored pref using that pref // name. We have about 100 `once`-mirrored prefs. std::map performs a // search in O(log n), so this is fast enough. MOZ_ASSERT(gOnceStaticPrefsAntiFootgun); auto search = gOnceStaticPrefsAntiFootgun->find(aPrefName.get()); if (search != gOnceStaticPrefsAntiFootgun->end()) { // Run the callback. (search->second)(); } } #endif } //=========================================================================== // Prefs parsing //=========================================================================== extern "C" { // Keep this in sync with PrefFn in parser/src/lib.rs. typedef void (*PrefsParserPrefFn)(const char* aPrefName, PrefType aType, PrefValueKind aKind, PrefValue aValue, bool aIsSticky, bool aIsLocked); // Keep this in sync with ErrorFn in parser/src/lib.rs. // // `aMsg` is just a borrow of the string, and must be copied if it is used // outside the lifetime of the prefs_parser_parse() call. typedef void (*PrefsParserErrorFn)(const char* aMsg); // Keep this in sync with prefs_parser_parse() in parser/src/lib.rs. bool prefs_parser_parse(const char* aPath, PrefValueKind aKind, const char* aBuf, size_t aLen, PrefsParserPrefFn aPrefFn, PrefsParserErrorFn aErrorFn); } class Parser { public: Parser() = default; ~Parser() = default; bool Parse(PrefValueKind aKind, const char* aPath, const nsCString& aBuf) { MOZ_ASSERT(XRE_IsParentProcess()); return prefs_parser_parse(aPath, aKind, aBuf.get(), aBuf.Length(), HandlePref, HandleError); } private: static void HandlePref(const char* aPrefName, PrefType aType, PrefValueKind aKind, PrefValue aValue, bool aIsSticky, bool aIsLocked) { MOZ_ASSERT(XRE_IsParentProcess()); pref_SetPref(nsDependentCString(aPrefName), aType, aKind, aValue, aIsSticky, aIsLocked, /* fromInit */ true); } static void HandleError(const char* aMsg) { nsresult rv; nsCOMPtr<nsIConsoleService> console = do_GetService("@mozilla.org/consoleservice;1", &rv); if (NS_SUCCEEDED(rv)) { console->LogStringMessage(NS_ConvertUTF8toUTF16(aMsg).get()); } #ifdef DEBUG NS_ERROR(aMsg); #else printf_stderr("%s\n", aMsg); #endif } }; // The following code is test code for the gtest. static void TestParseErrorHandlePref(const char* aPrefName, PrefType aType, PrefValueKind aKind, PrefValue aValue, bool aIsSticky, bool aIsLocked) {} MOZ_CONSTINIT static nsCString gTestParseErrorMsgs; static void TestParseErrorHandleError(const char* aMsg) { gTestParseErrorMsgs.Append(aMsg); gTestParseErrorMsgs.Append('\n'); } // Keep this in sync with the declaration in test/gtest/Parser.cpp. void TestParseError(PrefValueKind aKind, const char* aText, nsCString& aErrorMsg) { prefs_parser_parse("test", aKind, aText, strlen(aText), TestParseErrorHandlePref, TestParseErrorHandleError); // Copy the error messages into the outparam, then clear them from // gTestParseErrorMsgs. aErrorMsg.Assign(gTestParseErrorMsgs); gTestParseErrorMsgs.Truncate(); } //=========================================================================== // nsPrefBranch et al. //=========================================================================== namespace mozilla { class PreferenceServiceReporter; } // namespace mozilla class PrefCallback : public PLDHashEntryHdr { friend class mozilla::PreferenceServiceReporter; public: typedef PrefCallback* KeyType; typedef const PrefCallback* KeyTypePointer; static const PrefCallback* KeyToPointer(PrefCallback* aKey) { return aKey; } static PLDHashNumber HashKey(const PrefCallback* aKey) { uint32_t hash = HashString(aKey->mDomain); return AddToHash(hash, aKey->mCanonical); } public: // Create a PrefCallback with a strong reference to its observer. PrefCallback(const nsACString& aDomain, nsIObserver* aObserver, nsPrefBranch* aBranch) : mDomain(aDomain), mBranch(aBranch), mWeakRef(nullptr), mStrongRef(aObserver) { MOZ_COUNT_CTOR(PrefCallback); nsCOMPtr<nsISupports> canonical = do_QueryInterface(aObserver); mCanonical = canonical; } // Create a PrefCallback with a weak reference to its observer. PrefCallback(const nsACString& aDomain, nsISupportsWeakReference* aObserver, nsPrefBranch* aBranch) : mDomain(aDomain), mBranch(aBranch), mWeakRef(do_GetWeakReference(aObserver)), mStrongRef(nullptr) { MOZ_COUNT_CTOR(PrefCallback); nsCOMPtr<nsISupports> canonical = do_QueryInterface(aObserver); mCanonical = canonical; } // This is explicitly not a copy constructor. explicit PrefCallback(const PrefCallback*& aCopy) : mDomain(aCopy->mDomain), mBranch(aCopy->mBranch), mWeakRef(aCopy->mWeakRef), mStrongRef(aCopy->mStrongRef), mCanonical(aCopy->mCanonical) { MOZ_COUNT_CTOR(PrefCallback); } PrefCallback(const PrefCallback&) = delete; PrefCallback(PrefCallback&&) = default; MOZ_COUNTED_DTOR(PrefCallback) bool KeyEquals(const PrefCallback* aKey) const { // We want to be able to look up a weakly-referencing PrefCallback after // its observer has died so we can remove it from the table. Once the // callback's observer dies, its canonical pointer is stale -- in // particular, we may have allocated a new observer in the same spot in // memory! So we can't just compare canonical pointers to determine whether // aKey refers to the same observer as this. // // Our workaround is based on the way we use this hashtable: When we ask // the hashtable to remove a PrefCallback whose weak reference has expired, // we use as the key for removal the same object as was inserted into the // hashtable. Thus we can say that if one of the keys' weak references has // expired, the two keys are equal iff they're the same object. if (IsExpired() || aKey->IsExpired()) { return this == aKey; } if (mCanonical != aKey->mCanonical) { return false; } return mDomain.Equals(aKey->mDomain); } PrefCallback* GetKey() const { return const_cast<PrefCallback*>(this); } // Get a reference to the callback's observer, or null if the observer was // weakly referenced and has been destroyed. already_AddRefed<nsIObserver> GetObserver() const { if (!IsWeak()) { nsCOMPtr<nsIObserver> copy = mStrongRef; return copy.forget(); } nsCOMPtr<nsIObserver> observer = do_QueryReferent(mWeakRef); return observer.forget(); } const nsCString& GetDomain() const { return mDomain; } nsPrefBranch* GetPrefBranch() const { return mBranch; } // Has this callback's weak reference died? bool IsExpired() const { if (!IsWeak()) return false; nsCOMPtr<nsIObserver> observer(do_QueryReferent(mWeakRef)); return !observer; } size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const { size_t n = aMallocSizeOf(this); n += mDomain.SizeOfExcludingThisIfUnshared(aMallocSizeOf); // All the other fields are non-owning pointers, so we don't measure them. return n; } enum { ALLOW_MEMMOVE = true }; private: nsCString mDomain; nsPrefBranch* mBranch; // Exactly one of mWeakRef and mStrongRef should be non-null. nsWeakPtr mWeakRef; nsCOMPtr<nsIObserver> mStrongRef; // We need a canonical nsISupports pointer, per bug 578392. nsISupports* mCanonical; bool IsWeak() const { return !!mWeakRef; } }; class nsPrefBranch final : public nsIPrefBranch, public nsIObserver, public nsSupportsWeakReference { friend class mozilla::PreferenceServiceReporter; public: NS_DECL_ISUPPORTS NS_DECL_NSIPREFBRANCH NS_DECL_NSIOBSERVER nsPrefBranch(const char* aPrefRoot, PrefValueKind aKind); nsPrefBranch() = delete; static void NotifyObserver(const char* aNewpref, void* aData); size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const; private: using PrefName = nsCString; virtual ~nsPrefBranch(); int32_t GetRootLength() const { return mPrefRoot.Length(); } nsresult GetDefaultFromPropertiesFile(const char* aPrefName, nsAString& aReturn); // As SetCharPref, but without any check on the length of |aValue|. nsresult SetCharPrefNoLengthCheck(const char* aPrefName, const nsACString& aValue); // Reject strings that are more than 1Mb, warn if strings are more than 16kb. nsresult CheckSanityOfStringLength(const char* aPrefName, const nsAString& aValue); nsresult CheckSanityOfStringLength(const char* aPrefName, const nsACString& aValue); nsresult CheckSanityOfStringLength(const char* aPrefName, const uint32_t aLength); void RemoveExpiredCallback(PrefCallback* aCallback); PrefName GetPrefName(const char* aPrefName) const { return GetPrefName(nsDependentCString(aPrefName)); } PrefName GetPrefName(const nsACString& aPrefName) const; void FreeObserverList(void); const nsCString mPrefRoot; PrefValueKind mKind; bool mFreeingObserverList; nsClassHashtable<PrefCallback, PrefCallback> mObservers; }; class nsPrefLocalizedString final : public nsIPrefLocalizedString { public: nsPrefLocalizedString(); NS_DECL_ISUPPORTS NS_FORWARD_NSISUPPORTSPRIMITIVE(mUnicodeString->) NS_FORWARD_NSISUPPORTSSTRING(mUnicodeString->) nsresult Init(); private: virtual ~nsPrefLocalizedString(); nsCOMPtr<nsISupportsString> mUnicodeString; }; //---------------------------------------------------------------------------- // nsPrefBranch //---------------------------------------------------------------------------- nsPrefBranch::nsPrefBranch(const char* aPrefRoot, PrefValueKind aKind) : mPrefRoot(aPrefRoot), mKind(aKind), mFreeingObserverList(false) { nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); if (observerService) { ++mRefCnt; // must be > 0 when we call this, or we'll get deleted! // Add weakly so we don't have to clean up at shutdown. observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, true); --mRefCnt; } } nsPrefBranch::~nsPrefBranch() { FreeObserverList(); } NS_IMPL_ISUPPORTS(nsPrefBranch, nsIPrefBranch, nsIObserver, nsISupportsWeakReference) NS_IMETHODIMP nsPrefBranch::GetRoot(nsACString& aRoot) { aRoot = mPrefRoot; return NS_OK; } NS_IMETHODIMP nsPrefBranch::GetPrefType(const char* aPrefName, int32_t* aRetVal) { NS_ENSURE_ARG(aPrefName); const PrefName& prefName = GetPrefName(aPrefName); *aRetVal = Preferences::GetType(prefName.get()); return NS_OK; } NS_IMETHODIMP nsPrefBranch::GetBoolPrefWithDefault(const char* aPrefName, bool aDefaultValue, uint8_t aArgc, bool* aRetVal) { nsresult rv = GetBoolPref(aPrefName, aRetVal); if (NS_FAILED(rv) && aArgc == 1) { *aRetVal = aDefaultValue; return NS_OK; } return rv; } NS_IMETHODIMP nsPrefBranch::GetBoolPref(const char* aPrefName, bool* aRetVal) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::GetBool(pref.get(), aRetVal, mKind); } NS_IMETHODIMP nsPrefBranch::SetBoolPref(const char* aPrefName, bool aValue) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::SetBool(pref.get(), aValue, mKind); } NS_IMETHODIMP nsPrefBranch::GetFloatPrefWithDefault(const char* aPrefName, float aDefaultValue, uint8_t aArgc, float* aRetVal) { nsresult rv = GetFloatPref(aPrefName, aRetVal); if (NS_FAILED(rv) && aArgc == 1) { *aRetVal = aDefaultValue; return NS_OK; } return rv; } NS_IMETHODIMP nsPrefBranch::GetFloatPref(const char* aPrefName, float* aRetVal) { NS_ENSURE_ARG(aPrefName); nsAutoCString stringVal; nsresult rv = GetCharPref(aPrefName, stringVal); if (NS_SUCCEEDED(rv)) { // ParsePrefFloat() does a locale-independent conversion. *aRetVal = ParsePrefFloat(stringVal, &rv); } return rv; } NS_IMETHODIMP nsPrefBranch::GetCharPrefWithDefault(const char* aPrefName, const nsACString& aDefaultValue, uint8_t aArgc, nsACString& aRetVal) { nsresult rv = GetCharPref(aPrefName, aRetVal); if (NS_FAILED(rv) && aArgc == 1) { aRetVal = aDefaultValue; return NS_OK; } return rv; } NS_IMETHODIMP nsPrefBranch::GetCharPref(const char* aPrefName, nsACString& aRetVal) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::GetCString(pref.get(), aRetVal, mKind); } NS_IMETHODIMP nsPrefBranch::SetCharPref(const char* aPrefName, const nsACString& aValue) { nsresult rv = CheckSanityOfStringLength(aPrefName, aValue); if (NS_FAILED(rv)) { return rv; } return SetCharPrefNoLengthCheck(aPrefName, aValue); } nsresult nsPrefBranch::SetCharPrefNoLengthCheck(const char* aPrefName, const nsACString& aValue) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::SetCString(pref.get(), aValue, mKind); } NS_IMETHODIMP nsPrefBranch::GetStringPref(const char* aPrefName, const nsACString& aDefaultValue, uint8_t aArgc, nsACString& aRetVal) { nsCString utf8String; nsresult rv = GetCharPref(aPrefName, utf8String); if (NS_SUCCEEDED(rv)) { aRetVal = utf8String; return rv; } if (aArgc == 1) { aRetVal = aDefaultValue; return NS_OK; } return rv; } NS_IMETHODIMP nsPrefBranch::SetStringPref(const char* aPrefName, const nsACString& aValue) { nsresult rv = CheckSanityOfStringLength(aPrefName, aValue); if (NS_FAILED(rv)) { return rv; } return SetCharPrefNoLengthCheck(aPrefName, aValue); } NS_IMETHODIMP nsPrefBranch::GetIntPrefWithDefault(const char* aPrefName, int32_t aDefaultValue, uint8_t aArgc, int32_t* aRetVal) { nsresult rv = GetIntPref(aPrefName, aRetVal); if (NS_FAILED(rv) && aArgc == 1) { *aRetVal = aDefaultValue; return NS_OK; } return rv; } NS_IMETHODIMP nsPrefBranch::GetIntPref(const char* aPrefName, int32_t* aRetVal) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::GetInt(pref.get(), aRetVal, mKind); } NS_IMETHODIMP nsPrefBranch::SetIntPref(const char* aPrefName, int32_t aValue) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::SetInt(pref.get(), aValue, mKind); } NS_IMETHODIMP nsPrefBranch::GetComplexValue(const char* aPrefName, const nsIID& aType, void** aRetVal) { NS_ENSURE_ARG(aPrefName); nsresult rv; nsAutoCString utf8String; // We have to do this one first because it's different to all the rest. if (aType.Equals(NS_GET_IID(nsIPrefLocalizedString))) { nsCOMPtr<nsIPrefLocalizedString> theString( do_CreateInstance(NS_PREFLOCALIZEDSTRING_CONTRACTID, &rv)); if (NS_FAILED(rv)) { return rv; } const PrefName& pref = GetPrefName(aPrefName); bool bNeedDefault = false; if (mKind == PrefValueKind::Default) { bNeedDefault = true; } else { // if there is no user (or locked) value if (!Preferences::HasUserValue(pref.get()) && !Preferences::IsLocked(pref.get())) { bNeedDefault = true; } } // if we need to fetch the default value, do that instead, otherwise use the // value we pulled in at the top of this function if (bNeedDefault) { nsAutoString utf16String; rv = GetDefaultFromPropertiesFile(pref.get(), utf16String); if (NS_SUCCEEDED(rv)) { theString->SetData(utf16String); } } else { rv = GetCharPref(aPrefName, utf8String); if (NS_SUCCEEDED(rv)) { theString->SetData(NS_ConvertUTF8toUTF16(utf8String)); } } if (NS_SUCCEEDED(rv)) { theString.forget(reinterpret_cast<nsIPrefLocalizedString**>(aRetVal)); } return rv; } // if we can't get the pref, there's no point in being here rv = GetCharPref(aPrefName, utf8String); if (NS_FAILED(rv)) { return rv; } if (aType.Equals(NS_GET_IID(nsIFile))) { ENSURE_PARENT_PROCESS("GetComplexValue(nsIFile)", aPrefName); MOZ_TRY(NS_NewLocalFileWithPersistentDescriptor( utf8String, reinterpret_cast<nsIFile**>(aRetVal))); return NS_OK; } if (aType.Equals(NS_GET_IID(nsIRelativeFilePref))) { ENSURE_PARENT_PROCESS("GetComplexValue(nsIRelativeFilePref)", aPrefName); nsACString::const_iterator keyBegin, strEnd; utf8String.BeginReading(keyBegin); utf8String.EndReading(strEnd); // The pref has the format: [fromKey]a/b/c if (*keyBegin++ != '[') { return NS_ERROR_FAILURE; } nsACString::const_iterator keyEnd(keyBegin); if (!FindCharInReadable(']', keyEnd, strEnd)) { return NS_ERROR_FAILURE; } nsAutoCString key(Substring(keyBegin, keyEnd)); nsCOMPtr<nsIFile> fromFile; nsCOMPtr<nsIProperties> directoryService( do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv)); if (NS_FAILED(rv)) { return rv; } rv = directoryService->Get(key.get(), NS_GET_IID(nsIFile), getter_AddRefs(fromFile)); if (NS_FAILED(rv)) { return rv; } nsCOMPtr<nsIFile> theFile; MOZ_TRY(NS_NewLocalFileWithRelativeDescriptor( fromFile, Substring(++keyEnd, strEnd), getter_AddRefs(theFile))); nsCOMPtr<nsIRelativeFilePref> relativePref = new nsRelativeFilePref(); Unused << relativePref->SetFile(theFile); Unused << relativePref->SetRelativeToKey(key); relativePref.forget(reinterpret_cast<nsIRelativeFilePref**>(aRetVal)); return NS_OK; } NS_WARNING("nsPrefBranch::GetComplexValue - Unsupported interface type"); return NS_NOINTERFACE; } nsresult nsPrefBranch::CheckSanityOfStringLength(const char* aPrefName, const nsAString& aValue) { return CheckSanityOfStringLength(aPrefName, aValue.Length()); } nsresult nsPrefBranch::CheckSanityOfStringLength(const char* aPrefName, const nsACString& aValue) { return CheckSanityOfStringLength(aPrefName, aValue.Length()); } nsresult nsPrefBranch::CheckSanityOfStringLength(const char* aPrefName, const uint32_t aLength) { if (aLength > MAX_PREF_LENGTH) { return NS_ERROR_ILLEGAL_VALUE; } if (aLength <= MAX_ADVISABLE_PREF_LENGTH) { return NS_OK; } nsresult rv; nsCOMPtr<nsIConsoleService> console = do_GetService("@mozilla.org/consoleservice;1", &rv); if (NS_FAILED(rv)) { return rv; } nsAutoCString message(nsPrintfCString( "Warning: attempting to write %d bytes to preference %s. This is bad " "for general performance and memory usage. Such an amount of data " "should rather be written to an external file.", aLength, GetPrefName(aPrefName).get())); rv = console->LogStringMessage(NS_ConvertUTF8toUTF16(message).get()); if (NS_FAILED(rv)) { return rv; } return NS_OK; } NS_IMETHODIMP nsPrefBranch::SetComplexValue(const char* aPrefName, const nsIID& aType, nsISupports* aValue) { ENSURE_PARENT_PROCESS("SetComplexValue", aPrefName); NS_ENSURE_ARG(aPrefName); nsresult rv = NS_NOINTERFACE; if (aType.Equals(NS_GET_IID(nsIFile))) { nsCOMPtr<nsIFile> file = do_QueryInterface(aValue); if (!file) { return NS_NOINTERFACE; } nsAutoCString descriptorString; rv = file->GetPersistentDescriptor(descriptorString); if (NS_SUCCEEDED(rv)) { rv = SetCharPrefNoLengthCheck(aPrefName, descriptorString); } return rv; } if (aType.Equals(NS_GET_IID(nsIRelativeFilePref))) { nsCOMPtr<nsIRelativeFilePref> relFilePref = do_QueryInterface(aValue); if (!relFilePref) { return NS_NOINTERFACE; } nsCOMPtr<nsIFile> file; relFilePref->GetFile(getter_AddRefs(file)); if (!file) { return NS_NOINTERFACE; } nsAutoCString relativeToKey; (void)relFilePref->GetRelativeToKey(relativeToKey); nsCOMPtr<nsIFile> relativeToFile; nsCOMPtr<nsIProperties> directoryService( do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv)); if (NS_FAILED(rv)) { return rv; } rv = directoryService->Get(relativeToKey.get(), NS_GET_IID(nsIFile), getter_AddRefs(relativeToFile)); if (NS_FAILED(rv)) { return rv; } nsAutoCString relDescriptor; rv = file->GetRelativeDescriptor(relativeToFile, relDescriptor); if (NS_FAILED(rv)) { return rv; } nsAutoCString descriptorString; descriptorString.Append('['); descriptorString.Append(relativeToKey); descriptorString.Append(']'); descriptorString.Append(relDescriptor); return SetCharPrefNoLengthCheck(aPrefName, descriptorString); } if (aType.Equals(NS_GET_IID(nsIPrefLocalizedString))) { nsCOMPtr<nsISupportsString> theString = do_QueryInterface(aValue); if (theString) { nsString wideString; rv = theString->GetData(wideString); if (NS_SUCCEEDED(rv)) { // Check sanity of string length before any lengthy conversion rv = CheckSanityOfStringLength(aPrefName, wideString); if (NS_FAILED(rv)) { return rv; } rv = SetCharPrefNoLengthCheck(aPrefName, NS_ConvertUTF16toUTF8(wideString)); } } return rv; } NS_WARNING("nsPrefBranch::SetComplexValue - Unsupported interface type"); return NS_NOINTERFACE; } NS_IMETHODIMP nsPrefBranch::ClearUserPref(const char* aPrefName) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::ClearUser(pref.get()); } NS_IMETHODIMP nsPrefBranch::PrefHasUserValue(const char* aPrefName, bool* aRetVal) { NS_ENSURE_ARG_POINTER(aRetVal); NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); *aRetVal = Preferences::HasUserValue(pref.get()); return NS_OK; } NS_IMETHODIMP nsPrefBranch::PrefHasDefaultValue(const char* aPrefName, bool* aRetVal) { NS_ENSURE_ARG_POINTER(aRetVal); NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); *aRetVal = Preferences::HasDefaultValue(pref.get()); return NS_OK; } NS_IMETHODIMP nsPrefBranch::LockPref(const char* aPrefName) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::Lock(pref.get()); } NS_IMETHODIMP nsPrefBranch::PrefIsLocked(const char* aPrefName, bool* aRetVal) { NS_ENSURE_ARG_POINTER(aRetVal); NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); *aRetVal = Preferences::IsLocked(pref.get()); return NS_OK; } NS_IMETHODIMP nsPrefBranch::PrefIsSanitized(const char* aPrefName, bool* aRetVal) { NS_ENSURE_ARG_POINTER(aRetVal); NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); *aRetVal = Preferences::IsSanitized(pref.get()); return NS_OK; } NS_IMETHODIMP nsPrefBranch::UnlockPref(const char* aPrefName) { NS_ENSURE_ARG(aPrefName); const PrefName& pref = GetPrefName(aPrefName); return Preferences::Unlock(pref.get()); } NS_IMETHODIMP nsPrefBranch::DeleteBranch(const char* aStartingAt) { ENSURE_PARENT_PROCESS("DeleteBranch", aStartingAt); NS_ENSURE_ARG(aStartingAt); MOZ_ASSERT(NS_IsMainThread()); if (!HashTable()) { return NS_ERROR_NOT_INITIALIZED; } const PrefName& pref = GetPrefName(aStartingAt); nsAutoCString branchName(pref.get()); // Add a trailing '.' if it doesn't already have one. if (branchName.Length() > 1 && !StringEndsWith(branchName, "."_ns)) { branchName += '.'; } const nsACString& branchNameNoDot = Substring(branchName, 0, branchName.Length() - 1); for (auto iter = HashTable()->modIter(); !iter.done(); iter.next()) { // The first disjunct matches branches: e.g. a branch name "foo.bar." // matches a name "foo.bar.baz" (but it won't match "foo.barrel.baz"). // The second disjunct matches leaf nodes: e.g. a branch name "foo.bar." // matches a name "foo.bar" (by ignoring the trailing '.'). nsDependentCString name(iter.get()->Name()); if (StringBeginsWith(name, branchName) || name.Equals(branchNameNoDot)) { iter.remove(); // The saved callback pref may be invalid now. gCallbackPref = nullptr; } } Preferences::HandleDirty(); return NS_OK; } NS_IMETHODIMP nsPrefBranch::GetChildList(const char* aStartingAt, nsTArray<nsCString>& aChildArray) { NS_ENSURE_ARG(aStartingAt); MOZ_ASSERT(NS_IsMainThread()); // This will contain a list of all the pref name strings. Allocated on the // stack for speed. AutoTArray<nsCString, 32> prefArray; const PrefName& parent = GetPrefName(aStartingAt); size_t parentLen = parent.Length(); for (auto& pref : PrefsIter(HashTable(), gSharedMap)) { if (strncmp(pref->Name(), parent.get(), parentLen) == 0) { prefArray.AppendElement(pref->NameString()); } } // Now that we've built up the list, run the callback on all the matching // elements. aChildArray.SetCapacity(prefArray.Length()); for (auto& element : prefArray) { // we need to lop off mPrefRoot in case the user is planning to pass this // back to us because if they do we are going to add mPrefRoot again. aChildArray.AppendElement(Substring(element, mPrefRoot.Length())); } return NS_OK; } NS_IMETHODIMP nsPrefBranch::AddObserverImpl(const nsACString& aDomain, nsIObserver* aObserver, bool aHoldWeak) { UniquePtr<PrefCallback> pCallback; NS_ENSURE_ARG(aObserver); const nsCString& prefName = GetPrefName(aDomain); // Hold a weak reference to the observer if so requested. if (aHoldWeak) { nsCOMPtr<nsISupportsWeakReference> weakRefFactory = do_QueryInterface(aObserver); if (!weakRefFactory) { // The caller didn't give us a object that supports weak reference... // tell them. return NS_ERROR_INVALID_ARG; } // Construct a PrefCallback with a weak reference to the observer. pCallback = MakeUnique<PrefCallback>(prefName, weakRefFactory, this); } else { // Construct a PrefCallback with a strong reference to the observer. pCallback = MakeUnique<PrefCallback>(prefName, aObserver, this); } mObservers.WithEntryHandle(pCallback.get(), [&](auto&& p) { if (p) { NS_WARNING( nsPrintfCString("Ignoring duplicate observer: %s", prefName.get()) .get()); } else { // We must pass a fully qualified preference name to the callback // aDomain == nullptr is the only possible failure, and we trapped it with // NS_ENSURE_ARG above. Preferences::RegisterCallback(NotifyObserver, prefName, pCallback.get(), Preferences::PrefixMatch, /* isPriority */ false); p.Insert(std::move(pCallback)); } }); return NS_OK; } NS_IMETHODIMP nsPrefBranch::RemoveObserverImpl(const nsACString& aDomain, nsIObserver* aObserver) { NS_ENSURE_ARG(aObserver); nsresult rv = NS_OK; // If we're in the middle of a call to FreeObserverList, don't process this // RemoveObserver call -- the observer in question will be removed soon, if // it hasn't been already. // // It's important that we don't touch mObservers in any way -- even a Get() // which returns null might cause the hashtable to resize itself, which will // break the iteration in FreeObserverList. if (mFreeingObserverList) { return NS_OK; } // Remove the relevant PrefCallback from mObservers and get an owning pointer // to it. Unregister the callback first, and then let the owning pointer go // out of scope and destroy the callback. const nsCString& prefName = GetPrefName(aDomain); PrefCallback key(prefName, aObserver, this); mozilla::UniquePtr<PrefCallback> pCallback; mObservers.Remove(&key, &pCallback); if (pCallback) { rv = Preferences::UnregisterCallback( NotifyObserver, prefName, pCallback.get(), Preferences::PrefixMatch); } return rv; } NS_IMETHODIMP nsPrefBranch::Observe(nsISupports* aSubject, const char* aTopic, const char16_t* aData) { // Watch for xpcom shutdown and free our observers to eliminate any cyclic // references. if (!nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID)) { FreeObserverList(); } return NS_OK; } /* static */ void nsPrefBranch::NotifyObserver(const char* aNewPref, void* aData) { PrefCallback* pCallback = (PrefCallback*)aData; nsCOMPtr<nsIObserver> observer = pCallback->GetObserver(); if (!observer) { // The observer has expired. Let's remove this callback. pCallback->GetPrefBranch()->RemoveExpiredCallback(pCallback); return; } // Remove any root this string may contain so as to not confuse the observer // by passing them something other than what they passed us as a topic. uint32_t len = pCallback->GetPrefBranch()->GetRootLength(); nsDependentCString suffix(aNewPref + len); observer->Observe(static_cast<nsIPrefBranch*>(pCallback->GetPrefBranch()), NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, NS_ConvertASCIItoUTF16(suffix).get()); } size_t nsPrefBranch::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const { size_t n = aMallocSizeOf(this); n += mPrefRoot.SizeOfExcludingThisIfUnshared(aMallocSizeOf); n += mObservers.ShallowSizeOfExcludingThis(aMallocSizeOf); for (const auto& entry : mObservers) { const PrefCallback* data = entry.GetWeak(); n += data->SizeOfIncludingThis(aMallocSizeOf); } return n; } void nsPrefBranch::FreeObserverList() { // We need to prevent anyone from modifying mObservers while we're iterating // over it. In particular, some clients will call RemoveObserver() when // they're removed and destructed via the iterator; we set // mFreeingObserverList to keep those calls from touching mObservers. mFreeingObserverList = true; for (auto iter = mObservers.Iter(); !iter.Done(); iter.Next()) { auto callback = iter.UserData(); Preferences::UnregisterCallback(nsPrefBranch::NotifyObserver, callback->GetDomain(), callback, Preferences::PrefixMatch); iter.Remove(); } nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); if (observerService) { observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID); } mFreeingObserverList = false; } void nsPrefBranch::RemoveExpiredCallback(PrefCallback* aCallback) { MOZ_ASSERT(aCallback->IsExpired()); mObservers.Remove(aCallback); } nsresult nsPrefBranch::GetDefaultFromPropertiesFile(const char* aPrefName, nsAString& aReturn) { // The default value contains a URL to a .properties file. nsAutoCString propertyFileURL; nsresult rv = Preferences::GetCString(aPrefName, propertyFileURL, PrefValueKind::Default); if (NS_FAILED(rv)) { return rv; } nsCOMPtr<nsIStringBundleService> bundleService = components::StringBundle::Service(); if (!bundleService) { return NS_ERROR_FAILURE; } nsCOMPtr<nsIStringBundle> bundle; rv = bundleService->CreateBundle(propertyFileURL.get(), getter_AddRefs(bundle)); if (NS_FAILED(rv)) { return rv; } return bundle->GetStringFromName(aPrefName, aReturn); } nsPrefBranch::PrefName nsPrefBranch::GetPrefName( const nsACString& aPrefName) const { if (mPrefRoot.IsEmpty()) { return PrefName(PromiseFlatCString(aPrefName)); } return PrefName(mPrefRoot + aPrefName); } //---------------------------------------------------------------------------- // nsPrefLocalizedString //---------------------------------------------------------------------------- nsPrefLocalizedString::nsPrefLocalizedString() = default; nsPrefLocalizedString::~nsPrefLocalizedString() = default; NS_IMPL_ISUPPORTS(nsPrefLocalizedString, nsIPrefLocalizedString, nsISupportsString) nsresult nsPrefLocalizedString::Init() { nsresult rv; mUnicodeString = do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv); return rv; } //---------------------------------------------------------------------------- // nsRelativeFilePref //---------------------------------------------------------------------------- NS_IMPL_ISUPPORTS(nsRelativeFilePref, nsIRelativeFilePref) nsRelativeFilePref::nsRelativeFilePref() = default; nsRelativeFilePref::~nsRelativeFilePref() = default; NS_IMETHODIMP nsRelativeFilePref::GetFile(nsIFile** aFile) { NS_ENSURE_ARG_POINTER(aFile); *aFile = mFile; NS_IF_ADDREF(*aFile); return NS_OK; } NS_IMETHODIMP nsRelativeFilePref::SetFile(nsIFile* aFile) { mFile = aFile; return NS_OK; } NS_IMETHODIMP nsRelativeFilePref::GetRelativeToKey(nsACString& aRelativeToKey) { aRelativeToKey.Assign(mRelativeToKey); return NS_OK; } NS_IMETHODIMP nsRelativeFilePref::SetRelativeToKey(const nsACString& aRelativeToKey) { mRelativeToKey.Assign(aRelativeToKey); return NS_OK; } //=========================================================================== // class Preferences and related things //=========================================================================== namespace mozilla { #define INITIAL_PREF_FILES 10 void Preferences::HandleDirty() { MOZ_ASSERT(XRE_IsParentProcess()); if (!HashTable() || !sPreferences) { return; } if (sPreferences->mProfileShutdown) { NS_WARNING("Setting user pref after profile shutdown."); return; } if (!sPreferences->mDirty) { sPreferences->mDirty = true; if (sPreferences->mCurrentFile && sPreferences->AllowOffMainThreadSave() && !sPreferences->mSavePending) { sPreferences->mSavePending = true; static const int PREF_DELAY_MS = 500; NS_DelayedDispatchToCurrentThread( NewRunnableMethod("Preferences::SavePrefFileAsynchronous", sPreferences.get(), &Preferences::SavePrefFileAsynchronous), PREF_DELAY_MS); } } } static nsresult openPrefFile(nsIFile* aFile, PrefValueKind aKind); static nsresult parsePrefData(const nsCString& aData, PrefValueKind aKind); // clang-format off static const char kPrefFileHeader[] = "// Mozilla User Preferences" NS_LINEBREAK NS_LINEBREAK "// DO NOT EDIT THIS FILE." NS_LINEBREAK "//" NS_LINEBREAK "// If you make changes to this file while the application is running," NS_LINEBREAK "// the changes will be overwritten when the application exits." NS_LINEBREAK "//" NS_LINEBREAK "// To change a preference value, you can either:" NS_LINEBREAK "// - modify it via the UI (e.g. via about:config in the browser); or" NS_LINEBREAK "// - set it within a user.js file in your profile." NS_LINEBREAK NS_LINEBREAK; // clang-format on // Note: if sShutdown is true, sPreferences will be nullptr. StaticRefPtr<Preferences> Preferences::sPreferences; bool Preferences::sShutdown = false; // This globally enables or disables OMT pref writing, both sync and async. static int32_t sAllowOMTPrefWrite = -1; // Write the preference data to a file. class PreferencesWriter final { public: PreferencesWriter() = default; static nsresult Write(nsIFile* aFile, PrefSaveData& aPrefs) { nsCOMPtr<nsIOutputStream> outStreamSink; nsCOMPtr<nsIOutputStream> outStream; uint32_t writeAmount; nsresult rv; // Execute a "safe" save by saving through a tempfile. rv = NS_NewSafeLocalFileOutputStream(getter_AddRefs(outStreamSink), aFile, -1, 0600); if (NS_FAILED(rv)) { return rv; } rv = NS_NewBufferedOutputStream(getter_AddRefs(outStream), outStreamSink.forget(), 4096); if (NS_FAILED(rv)) { return rv; } struct CharComparator { bool LessThan(const nsCString& aA, const nsCString& aB) const { return aA < aB; } bool Equals(const nsCString& aA, const nsCString& aB) const { return aA == aB; } }; // Sort the preferences to make a readable file on disk. aPrefs.Sort(CharComparator()); // Write out the file header. outStream->Write(kPrefFileHeader, sizeof(kPrefFileHeader) - 1, &writeAmount); for (nsCString& pref : aPrefs) { outStream->Write(pref.get(), pref.Length(), &writeAmount); outStream->Write(NS_LINEBREAK, NS_LINEBREAK_LEN, &writeAmount); } // Tell the safe output stream to overwrite the real prefs file. // (It'll abort if there were any errors during writing.) nsCOMPtr<nsISafeOutputStream> safeStream = do_QueryInterface(outStream); MOZ_ASSERT(safeStream, "expected a safe output stream!"); if (safeStream) { rv = safeStream->Finish(); } #ifdef DEBUG if (NS_FAILED(rv)) { NS_WARNING("failed to save prefs file! possible data loss"); } #endif return rv; } static void Flush() { MOZ_DIAGNOSTIC_ASSERT(sPendingWriteCount >= 0); // SpinEventLoopUntil is unfortunate, but ultimately it's the best thing // we can do here given the constraint that we need to ensure that // the preferences on disk match what we have in memory. We could // easily perform the write here ourselves by doing exactly what // happens in PWRunnable::Run. This would be the right thing to do // if we're stuck here because other unrelated runnables are taking // a long time, and the wrong thing to do if PreferencesWriter::Write // is what takes a long time, as we would be trading a SpinEventLoopUntil // for a synchronous disk write, wherein we could not even spin the // event loop. Given that PWRunnable generally runs on a thread pool, // if we're stuck here, it's likely because of PreferencesWriter::Write // and not some other runnable. Thus, spin away. mozilla::SpinEventLoopUntil("PreferencesWriter::Flush"_ns, []() { return sPendingWriteCount <= 0; }); } // This is the data that all of the runnables (see below) will attempt // to write. It will always have the most up to date version, or be // null, if the up to date information has already been written out. static Atomic<PrefSaveData*> sPendingWriteData; // This is the number of writes via PWRunnables which have been dispatched // but not yet completed. This is intended to be used by Flush to ensure // that there are no outstanding writes left incomplete, and thus our prefs // on disk are in sync with what we have in memory. static Atomic<int> sPendingWriteCount; // See PWRunnable::Run for details on why we need this lock. static StaticMutex sWritingToFile MOZ_UNANNOTATED; }; Atomic<PrefSaveData*> PreferencesWriter::sPendingWriteData(nullptr); Atomic<int> PreferencesWriter::sPendingWriteCount(0); StaticMutex PreferencesWriter::sWritingToFile; class PWRunnable : public Runnable { public: explicit PWRunnable( nsIFile* aFile, UniquePtr<MozPromiseHolder<Preferences::WritePrefFilePromise>> aPromiseHolder) : Runnable("PWRunnable"), mFile(aFile), mPromiseHolder(std::move(aPromiseHolder)) {} NS_IMETHOD Run() override { // Preference writes are handled a bit strangely, in that a "newer" // write is generally regarded as always better. For this reason, // sPendingWriteData can be overwritten multiple times before anyone // gets around to actually using it, minimizing writes. However, // once we've acquired sPendingWriteData we've reached a // "point of no return" and have to complete the write. // // Unfortunately, this design allows the following behaviour: // // 1. write1 is queued up // 2. thread1 acquires write1 // 3. write2 is queued up // 4. thread2 acquires write2 // 5. thread1 and thread2 concurrently clobber each other // // To avoid this, we use this lock to ensure that only one thread // at a time is trying to acquire the write, and when it does, // all other threads are prevented from acquiring writes until it // completes the write. New writes are still allowed to be queued // up in this time. // // Although it's atomic, the acquire needs to be guarded by the mutex // to avoid reordering of writes -- we don't want an older write to // run after a newer one. To avoid this causing too much waiting, we check // if sPendingWriteData is already null before acquiring the mutex. If it // is, then there's definitely no work to be done (or someone is in the // middle of doing it for us). // // Note that every time a new write is queued up, a new write task is // is also queued up, so there will always be a task that can see the newest // write. // // Ideally this lock wouldn't be necessary, and the PreferencesWriter // would be used more carefully, but it's hard to untangle all that. nsresult rv = NS_OK; if (PreferencesWriter::sPendingWriteData) { StaticMutexAutoLock lock(PreferencesWriter::sWritingToFile); // If we get a nullptr on the exchange, it means that somebody // else has already processed the request, and we can just return. UniquePtr<PrefSaveData> prefs( PreferencesWriter::sPendingWriteData.exchange(nullptr)); if (prefs) { rv = PreferencesWriter::Write(mFile, *prefs); // Make a copy of these so we can have them in runnable lambda. // nsIFile is only there so that we would never release the // ref counted pointer off main thread. nsresult rvCopy = rv; nsCOMPtr<nsIFile> fileCopy(mFile); SchedulerGroup::Dispatch(NS_NewRunnableFunction( "Preferences::WriterRunnable", [fileCopy, rvCopy, promiseHolder = std::move(mPromiseHolder)] { MOZ_RELEASE_ASSERT(NS_IsMainThread()); if (NS_FAILED(rvCopy)) { Preferences::HandleDirty(); } if (promiseHolder) { promiseHolder->ResolveIfExists(true, __func__); } })); } } // We've completed the write to the best of our abilities, whether // we had prefs to write or another runnable got to them first. If // PreferencesWriter::Write failed, this is still correct as the // write is no longer outstanding, and the above HandleDirty call // will just start the cycle again. PreferencesWriter::sPendingWriteCount--; return rv; } private: ~PWRunnable() { if (mPromiseHolder) { mPromiseHolder->RejectIfExists(NS_ERROR_ABORT, __func__); } } protected: nsCOMPtr<nsIFile> mFile; UniquePtr<MozPromiseHolder<Preferences::WritePrefFilePromise>> mPromiseHolder; }; // Although this is a member of Preferences, it measures sPreferences and // several other global structures. /* static */ void Preferences::AddSizeOfIncludingThis(MallocSizeOf aMallocSizeOf, PrefsSizes& aSizes) { if (!sPreferences) { return; } aSizes.mMisc += aMallocSizeOf(sPreferences.get()); aSizes.mRootBranches += static_cast<nsPrefBranch*>(sPreferences->mRootBranch.get()) ->SizeOfIncludingThis(aMallocSizeOf) + static_cast<nsPrefBranch*>(sPreferences->mDefaultRootBranch.get()) ->SizeOfIncludingThis(aMallocSizeOf); } class PreferenceServiceReporter final : public nsIMemoryReporter { ~PreferenceServiceReporter() = default; public: NS_DECL_ISUPPORTS NS_DECL_NSIMEMORYREPORTER protected: static const uint32_t kSuspectReferentCount = 1000; }; NS_IMPL_ISUPPORTS(PreferenceServiceReporter, nsIMemoryReporter) MOZ_DEFINE_MALLOC_SIZE_OF(PreferenceServiceMallocSizeOf) NS_IMETHODIMP PreferenceServiceReporter::CollectReports( nsIHandleReportCallback* aHandleReport, nsISupports* aData, bool aAnonymize) { MOZ_ASSERT(NS_IsMainThread()); MallocSizeOf mallocSizeOf = PreferenceServiceMallocSizeOf; PrefsSizes sizes; Preferences::AddSizeOfIncludingThis(mallocSizeOf, sizes); if (HashTable()) { sizes.mHashTable += HashTable()->shallowSizeOfIncludingThis(mallocSizeOf); for (auto iter = HashTable()->iter(); !iter.done(); iter.next()) { iter.get()->AddSizeOfIncludingThis(mallocSizeOf, sizes); } } sizes.mPrefNameArena += PrefNameArena().SizeOfExcludingThis(mallocSizeOf); for (CallbackNode* node = gFirstCallback; node; node = node->Next()) { node->AddSizeOfIncludingThis(mallocSizeOf, sizes); } if (gSharedMap) { sizes.mMisc += mallocSizeOf(gSharedMap); } #ifdef ACCESS_COUNTS if (gAccessCounts) { sizes.mMisc += gAccessCounts->ShallowSizeOfIncludingThis(mallocSizeOf); } #endif MOZ_COLLECT_REPORT("explicit/preferences/hash-table", KIND_HEAP, UNITS_BYTES, sizes.mHashTable, "Memory used by libpref's hash table."); MOZ_COLLECT_REPORT("explicit/preferences/pref-values", KIND_HEAP, UNITS_BYTES, sizes.mPrefValues, "Memory used by PrefValues hanging off the hash table."); MOZ_COLLECT_REPORT("explicit/preferences/string-values", KIND_HEAP, UNITS_BYTES, sizes.mStringValues, "Memory used by libpref's string pref values."); MOZ_COLLECT_REPORT("explicit/preferences/root-branches", KIND_HEAP, UNITS_BYTES, sizes.mRootBranches, "Memory used by libpref's root branches."); MOZ_COLLECT_REPORT("explicit/preferences/pref-name-arena", KIND_HEAP, UNITS_BYTES, sizes.mPrefNameArena, "Memory used by libpref's arena for pref names."); MOZ_COLLECT_REPORT("explicit/preferences/callbacks/objects", KIND_HEAP, UNITS_BYTES, sizes.mCallbacksObjects, "Memory used by pref callback objects."); MOZ_COLLECT_REPORT("explicit/preferences/callbacks/domains", KIND_HEAP, UNITS_BYTES, sizes.mCallbacksDomains, "Memory used by pref callback domains (pref names and " "prefixes)."); MOZ_COLLECT_REPORT("explicit/preferences/misc", KIND_HEAP, UNITS_BYTES, sizes.mMisc, "Miscellaneous memory used by libpref."); if (gSharedMap) { if (XRE_IsParentProcess()) { MOZ_COLLECT_REPORT("explicit/preferences/shared-memory-map", KIND_NONHEAP, UNITS_BYTES, gSharedMap->MapSize(), "The shared memory mapping used to share a " "snapshot of preference values across processes."); } } nsPrefBranch* rootBranch = static_cast<nsPrefBranch*>(Preferences::GetRootBranch()); if (!rootBranch) { return NS_OK; } size_t numStrong = 0; size_t numWeakAlive = 0; size_t numWeakDead = 0; nsTArray<nsCString> suspectPreferences; // Count of the number of referents for each preference. nsTHashMap<nsCStringHashKey, uint32_t> prefCounter; for (const auto& entry : rootBranch->mObservers) { auto* callback = entry.GetWeak(); if (callback->IsWeak()) { nsCOMPtr<nsIObserver> callbackRef = do_QueryReferent(callback->mWeakRef); if (callbackRef) { numWeakAlive++; } else { numWeakDead++; } } else { numStrong++; } const uint32_t currentCount = prefCounter.Get(callback->GetDomain()) + 1; prefCounter.InsertOrUpdate(callback->GetDomain(), currentCount); // Keep track of preferences that have a suspiciously large number of // referents (a symptom of a leak). if (currentCount == kSuspectReferentCount) { suspectPreferences.AppendElement(callback->GetDomain()); } } for (uint32_t i = 0; i < suspectPreferences.Length(); i++) { nsCString& suspect = suspectPreferences[i]; const uint32_t totalReferentCount = prefCounter.Get(suspect); nsPrintfCString suspectPath( "preference-service-suspect/" "referent(pref=%s)", suspect.get()); aHandleReport->Callback( /* process = */ ""_ns, suspectPath, KIND_OTHER, UNITS_COUNT, totalReferentCount, "A preference with a suspiciously large number " "referents (symptom of a leak)."_ns, aData); } MOZ_COLLECT_REPORT( "preference-service/referent/strong", KIND_OTHER, UNITS_COUNT, numStrong, "The number of strong referents held by the preference service."); MOZ_COLLECT_REPORT( "preference-service/referent/weak/alive", KIND_OTHER, UNITS_COUNT, numWeakAlive, "The number of weak referents held by the preference service that are " "still alive."); MOZ_COLLECT_REPORT( "preference-service/referent/weak/dead", KIND_OTHER, UNITS_COUNT, numWeakDead, "The number of weak referents held by the preference service that are " "dead."); return NS_OK; } namespace { class AddPreferencesMemoryReporterRunnable : public Runnable { public: AddPreferencesMemoryReporterRunnable() : Runnable("AddPreferencesMemoryReporterRunnable") {} NS_IMETHOD Run() override { return RegisterStrongMemoryReporter(new PreferenceServiceReporter()); } }; } // namespace // A list of changed prefs sent from the parent via shared memory. static StaticAutoPtr<nsTArray<dom::Pref>> gChangedDomPrefs; static const char kTelemetryPref[] = "toolkit.telemetry.enabled"; static const char kChannelPref[] = "app.update.channel"; #ifdef MOZ_WIDGET_ANDROID static Maybe<bool> TelemetryPrefValue() { // Leave it unchanged if it's already set. // XXX: how could it already be set? if (Preferences::GetType(kTelemetryPref) != nsIPrefBranch::PREF_INVALID) { return Nothing(); } // Determine the correct default for toolkit.telemetry.enabled. If this // build has MOZ_TELEMETRY_ON_BY_DEFAULT *or* we're on the beta channel, // telemetry is on by default, otherwise not. This is necessary so that // beta users who are testing final release builds don't flipflop defaults. # ifdef MOZ_TELEMETRY_ON_BY_DEFAULT return Some(true); # else nsAutoCString channelPrefValue; Unused << Preferences::GetCString(kChannelPref, channelPrefValue, PrefValueKind::Default); return Some(channelPrefValue.EqualsLiteral("beta")); # endif } /* static */ void Preferences::SetupTelemetryPref() { MOZ_ASSERT(XRE_IsParentProcess()); Maybe<bool> telemetryPrefValue = TelemetryPrefValue(); if (telemetryPrefValue.isSome()) { Preferences::SetBool(kTelemetryPref, *telemetryPrefValue, PrefValueKind::Default); } } #else // !MOZ_WIDGET_ANDROID static bool TelemetryPrefValue() { // For platforms with Unified Telemetry (here meaning not-Android), // toolkit.telemetry.enabled determines whether we send "extended" data. // We only want extended data from pre-release channels due to size. constexpr auto channel = MOZ_STRINGIFY(MOZ_UPDATE_CHANNEL) ""_ns; // Easy cases: Nightly, Aurora, Beta. if (channel.EqualsLiteral("nightly") || channel.EqualsLiteral("aurora") || channel.EqualsLiteral("beta")) { return true; } # ifndef MOZILLA_OFFICIAL // Local developer builds: non-official builds on the "default" channel. if (channel.EqualsLiteral("default")) { return true; } # endif // Release Candidate builds: builds that think they are release builds, but // are shipped to beta users. if (channel.EqualsLiteral("release")) { nsAutoCString channelPrefValue; Unused << Preferences::GetCString(kChannelPref, channelPrefValue, PrefValueKind::Default); if (channelPrefValue.EqualsLiteral("beta")) { return true; } } return false; } /* static */ void Preferences::SetupTelemetryPref() { MOZ_ASSERT(XRE_IsParentProcess()); Preferences::SetBool(kTelemetryPref, TelemetryPrefValue(), PrefValueKind::Default); Preferences::Lock(kTelemetryPref); } #endif // MOZ_WIDGET_ANDROID /* static */ already_AddRefed<Preferences> Preferences::GetInstanceForService() { if (sPreferences) { return do_AddRef(sPreferences); } if (sShutdown) { return nullptr; } sPreferences = new Preferences(); MOZ_ASSERT(!HashTable()); HashTable() = new PrefsHashTable(XRE_IsParentProcess() ? kHashTableInitialLengthParent : kHashTableInitialLengthContent); #ifdef DEBUG gOnceStaticPrefsAntiFootgun = new AntiFootgunMap(); #endif #ifdef ACCESS_COUNTS MOZ_ASSERT(!gAccessCounts); gAccessCounts = new AccessCountsHashTable(); #endif nsresult rv = InitInitialObjects(/* isStartup */ true); if (NS_FAILED(rv)) { sPreferences = nullptr; return nullptr; } if (!XRE_IsParentProcess()) { MOZ_ASSERT(gChangedDomPrefs); for (unsigned int i = 0; i < gChangedDomPrefs->Length(); i++) { Preferences::SetPreference(gChangedDomPrefs->ElementAt(i)); } gChangedDomPrefs = nullptr; } else { // Check if there is a deployment configuration file. If so, set up the // pref config machinery, which will actually read the file. nsAutoCString lockFileName; nsresult rv = Preferences::GetCString("general.config.filename", lockFileName, PrefValueKind::User); if (NS_SUCCEEDED(rv)) { NS_CreateServicesFromCategory( "pref-config-startup", static_cast<nsISupports*>(static_cast<void*>(sPreferences)), "pref-config-startup"); } nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); if (!observerService) { sPreferences = nullptr; return nullptr; } observerService->AddObserver(sPreferences, "profile-before-change-telemetry", true); rv = observerService->AddObserver(sPreferences, "profile-before-change", true); observerService->AddObserver(sPreferences, "suspend_process_notification", true); if (NS_FAILED(rv)) { sPreferences = nullptr; return nullptr; } } const char* defaultPrefs = getenv("MOZ_DEFAULT_PREFS"); if (defaultPrefs) { parsePrefData(nsCString(defaultPrefs), PrefValueKind::Default); } // Preferences::GetInstanceForService() can be called from GetService(), and // RegisterStrongMemoryReporter calls GetService(nsIMemoryReporter). To // avoid a potential recursive GetService() call, we can't register the // memory reporter here; instead, do it off a runnable. RefPtr<AddPreferencesMemoryReporterRunnable> runnable = new AddPreferencesMemoryReporterRunnable(); NS_DispatchToMainThread(runnable); return do_AddRef(sPreferences); } /* static */ bool Preferences::IsServiceAvailable() { return !!sPreferences; } /* static */ bool Preferences::InitStaticMembers() { MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); if (MOZ_LIKELY(sPreferences)) { return true; } if (!sShutdown) { MOZ_ASSERT(NS_IsMainThread()); nsCOMPtr<nsIPrefService> prefService = do_GetService(NS_PREFSERVICE_CONTRACTID); } return sPreferences != nullptr; } /* static */ void Preferences::Shutdown() { if (!sShutdown) { sShutdown = true; // Don't create the singleton instance after here. sPreferences = nullptr; StaticPrefs::ShutdownAlwaysPrefs(); } } Preferences::Preferences() : mRootBranch(new nsPrefBranch("", PrefValueKind::User)), mDefaultRootBranch(new nsPrefBranch("", PrefValueKind::Default)) {} Preferences::~Preferences() { MOZ_ASSERT(!sPreferences); MOZ_ASSERT(!gCallbacksInProgress); CallbackNode* node = gFirstCallback; while (node) { CallbackNode* next_node = node->Next(); delete node; node = next_node; } gLastPriorityNode = gFirstCallback = nullptr; delete HashTable(); HashTable() = nullptr; #ifdef DEBUG gOnceStaticPrefsAntiFootgun = nullptr; #endif #ifdef ACCESS_COUNTS gAccessCounts = nullptr; #endif gSharedMap = nullptr; PrefNameArena().Clear(); } NS_IMPL_ISUPPORTS(Preferences, nsIPrefService, nsIObserver, nsIPrefBranch, nsISupportsWeakReference) /* static */ void Preferences::SerializePreferences(nsCString& aStr, bool aIsDestinationWebContentProcess) { MOZ_RELEASE_ASSERT(InitStaticMembers()); aStr.Truncate(); for (auto iter = HashTable()->iter(); !iter.done(); iter.next()) { Pref* pref = iter.get().get(); if (!pref->IsTypeNone() && pref->HasAdvisablySizedValues()) { pref->SerializeAndAppend(aStr, aIsDestinationWebContentProcess && ShouldSanitizePreference(pref)); } } aStr.Append('\0'); } /* static */ void Preferences::DeserializePreferences(char* aStr, size_t aPrefsLen) { MOZ_ASSERT(!XRE_IsParentProcess()); MOZ_ASSERT(!gChangedDomPrefs); gChangedDomPrefs = new nsTArray<dom::Pref>(); char* p = aStr; while (*p != '\0') { dom::Pref pref; p = Pref::Deserialize(p, &pref); gChangedDomPrefs->AppendElement(pref); } // We finished parsing on a '\0'. That should be the last char in the shared // memory. (aPrefsLen includes the '\0'.) MOZ_ASSERT(p == aStr + aPrefsLen - 1); MOZ_ASSERT(!gContentProcessPrefsAreInited); gContentProcessPrefsAreInited = true; } /* static */ mozilla::ipc::SharedMemoryHandle Preferences::EnsureSnapshot(size_t* aSize) { MOZ_ASSERT(XRE_IsParentProcess()); MOZ_ASSERT(NS_IsMainThread()); if (!gSharedMap) { SharedPrefMapBuilder builder; nsTArray<Pref*> toRepopulate; NameArena* newPrefNameArena = new NameArena(); for (auto iter = HashTable()->modIter(); !iter.done(); iter.next()) { if (!ShouldSanitizePreference(iter.get().get())) { iter.get()->AddToMap(builder); } else { Pref* pref = iter.getMutable().release(); pref->RelocateName(newPrefNameArena); toRepopulate.AppendElement(pref); } } // Store the current value of `once`-mirrored prefs. After this point they // will be immutable. StaticPrefs::RegisterOncePrefs(builder); gSharedMap = new SharedPrefMap(std::move(builder)); // Once we've built a snapshot of the database, there's no need to continue // storing dynamic copies of the preferences it contains. Once we reset the // hashtable, preference lookups will fall back to the snapshot for any // preferences not in the dynamic hashtable. // // And since the majority of the database is now contained in the snapshot, // we can initialize the hashtable with the expected number of per-session // changed preferences, rather than the expected total number of // preferences. HashTable()->clearAndCompact(); Unused << HashTable()->reserve(kHashTableInitialLengthContent); delete sPrefNameArena; sPrefNameArena = newPrefNameArena; gCallbackPref = nullptr; for (uint32_t i = 0; i < toRepopulate.Length(); i++) { auto pref = toRepopulate[i]; auto p = HashTable()->lookupForAdd(pref->Name()); MOZ_ASSERT(!p.found()); Unused << HashTable()->add(p, pref); } } *aSize = gSharedMap->MapSize(); return gSharedMap->CloneHandle(); } /* static */ void Preferences::InitSnapshot(const mozilla::ipc::SharedMemoryHandle& aHandle, size_t aSize) { MOZ_ASSERT(!XRE_IsParentProcess()); MOZ_ASSERT(!gSharedMap); gSharedMap = new SharedPrefMap(aHandle, aSize); StaticPrefs::InitStaticPrefsFromShared(); } /* static */ void Preferences::InitializeUserPrefs() { MOZ_ASSERT(XRE_IsParentProcess()); MOZ_ASSERT(!sPreferences->mCurrentFile, "Should only initialize prefs once"); // Prefs which are set before we initialize the profile are silently // discarded. This is stupid, but there are various tests which depend on // this behavior. sPreferences->ResetUserPrefs(); nsCOMPtr<nsIFile> prefsFile = sPreferences->ReadSavedPrefs(); sPreferences->ReadUserOverridePrefs(); sPreferences->mDirty = false; // Don't set mCurrentFile until we're done so that dirty flags work properly. sPreferences->mCurrentFile = std::move(prefsFile); } /* static */ void Preferences::FinishInitializingUserPrefs() { sPreferences->NotifyServiceObservers(NS_PREFSERVICE_READ_TOPIC_ID); } NS_IMETHODIMP Preferences::Observe(nsISupports* aSubject, const char* aTopic, const char16_t* someData) { if (MOZ_UNLIKELY(!XRE_IsParentProcess())) { return NS_ERROR_NOT_AVAILABLE; } nsresult rv = NS_OK; if (!nsCRT::strcmp(aTopic, "profile-before-change")) { // Normally prefs aren't written after this point, and so we kick off // an asynchronous pref save so that I/O can be done in parallel with // other shutdown. if (AllowOffMainThreadSave()) { SavePrefFile(nullptr); } } else if (!nsCRT::strcmp(aTopic, "profile-before-change-telemetry")) { // It's possible that a profile-before-change observer after ours // set a pref. A blocking save here re-saves if necessary and also waits // for any pending saves to complete. SavePrefFileBlocking(); MOZ_ASSERT(!mDirty, "Preferences should not be dirty"); mProfileShutdown = true; } else if (!nsCRT::strcmp(aTopic, "suspend_process_notification")) { // Our process is being suspended. The OS may wake our process later, // or it may kill the process. In case our process is going to be killed // from the suspended state, we save preferences before suspending. rv = SavePrefFileBlocking(); } return rv; } NS_IMETHODIMP Preferences::ReadDefaultPrefsFromFile(nsIFile* aFile) { ENSURE_PARENT_PROCESS("Preferences::ReadDefaultPrefsFromFile", "all prefs"); if (!aFile) { NS_ERROR("ReadDefaultPrefsFromFile requires a parameter"); return NS_ERROR_INVALID_ARG; } return openPrefFile(aFile, PrefValueKind::Default); } NS_IMETHODIMP Preferences::ReadUserPrefsFromFile(nsIFile* aFile) { ENSURE_PARENT_PROCESS("Preferences::ReadUserPrefsFromFile", "all prefs"); if (!aFile) { NS_ERROR("ReadUserPrefsFromFile requires a parameter"); return NS_ERROR_INVALID_ARG; } return openPrefFile(aFile, PrefValueKind::User); } NS_IMETHODIMP Preferences::ResetPrefs() { ENSURE_PARENT_PROCESS("Preferences::ResetPrefs", "all prefs"); if (gSharedMap) { return NS_ERROR_NOT_AVAILABLE; } HashTable()->clearAndCompact(); Unused << HashTable()->reserve(kHashTableInitialLengthParent); PrefNameArena().Clear(); return InitInitialObjects(/* isStartup */ false); } nsresult Preferences::ResetUserPrefs() { ENSURE_PARENT_PROCESS("Preferences::ResetUserPrefs", "all prefs"); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); MOZ_ASSERT(NS_IsMainThread()); Vector<const char*> prefNames; for (auto iter = HashTable()->modIter(); !iter.done(); iter.next()) { Pref* pref = iter.get().get(); if (pref->HasUserValue()) { if (!prefNames.append(pref->Name())) { return NS_ERROR_OUT_OF_MEMORY; } pref->ClearUserValue(); if (!pref->HasDefaultValue()) { iter.remove(); } } } for (const char* prefName : prefNames) { NotifyCallbacks(nsDependentCString(prefName)); } Preferences::HandleDirty(); return NS_OK; } bool Preferences::AllowOffMainThreadSave() { // Put in a preference that allows us to disable off main thread preference // file save. if (sAllowOMTPrefWrite < 0) { bool value = false; Preferences::GetBool("preferences.allow.omt-write", &value); sAllowOMTPrefWrite = value ? 1 : 0; } return !!sAllowOMTPrefWrite; } nsresult Preferences::SavePrefFileBlocking() { if (mDirty) { return SavePrefFileInternal(nullptr, SaveMethod::Blocking); } // If we weren't dirty to start, SavePrefFileInternal will early exit so // there is no guarantee that we don't have oustanding async saves in the // pipe. Since the contract of SavePrefFileOnMainThread is that the file on // disk matches the preferences, we have to make sure those requests are // completed. if (AllowOffMainThreadSave()) { PreferencesWriter::Flush(); } return NS_OK; } nsresult Preferences::SavePrefFileAsynchronous() { return SavePrefFileInternal(nullptr, SaveMethod::Asynchronous); } NS_IMETHODIMP Preferences::SavePrefFile(nsIFile* aFile) { // This is the method accessible from service API. Make it off main thread. return SavePrefFileInternal(aFile, SaveMethod::Asynchronous); } NS_IMETHODIMP Preferences::BackupPrefFile(nsIFile* aFile, JSContext* aCx, Promise** aPromise) { MOZ_ASSERT(NS_IsMainThread()); if (!aFile) { return NS_ERROR_INVALID_ARG; } if (mCurrentFile) { bool equalsCurrent = false; nsresult rv = aFile->Equals(mCurrentFile, &equalsCurrent); if (NS_FAILED(rv)) { return rv; } if (equalsCurrent) { return NS_ERROR_INVALID_ARG; } } ErrorResult result; RefPtr<Promise> promise = Promise::Create(xpc::CurrentNativeGlobal(aCx), result); if (MOZ_UNLIKELY(result.Failed())) { return result.StealNSResult(); } nsMainThreadPtrHandle<Promise> domPromiseHolder( new nsMainThreadPtrHolder<Promise>("Preferences::BackupPrefFile promise", promise)); auto mozPromiseHolder = MakeUnique<MozPromiseHolder<WritePrefFilePromise>>(); RefPtr<WritePrefFilePromise> writePrefPromise = mozPromiseHolder->Ensure(__func__); nsresult rv = WritePrefFile(aFile, SaveMethod::Asynchronous, std::move(mozPromiseHolder)); if (NS_FAILED(rv)) { // WritePrefFile is responsible for rejecting the underlying MozPromise in // the event that it the method failed somewhere. return rv; } writePrefPromise->Then( GetMainThreadSerialEventTarget(), __func__, [domPromiseHolder](bool) { MOZ_ASSERT(NS_IsMainThread()); domPromiseHolder.get()->MaybeResolveWithUndefined(); }, [domPromiseHolder](nsresult rv) { MOZ_ASSERT(NS_IsMainThread()); domPromiseHolder.get()->MaybeReject(rv); }); promise.forget(aPromise); return NS_OK; } /* static */ void Preferences::SetPreference(const dom::Pref& aDomPref) { MOZ_ASSERT(!XRE_IsParentProcess()); NS_ENSURE_TRUE(InitStaticMembers(), (void)0); const nsCString& prefName = aDomPref.name(); Pref* pref; auto p = HashTable()->lookupForAdd(prefName.get()); if (!p) { pref = new Pref(prefName); if (!HashTable()->add(p, pref)) { delete pref; return; } } else { pref = p->get(); } bool valueChanged = false; pref->FromDomPref(aDomPref, &valueChanged); // When the parent process clears a pref's user value we get a DomPref here // with no default value and no user value. There are two possibilities. // // - There was an existing pref with only a user value. FromDomPref() will // have just cleared that user value, so the pref can be removed. // // - There was no existing pref. FromDomPref() will have done nothing, and // `pref` will be valueless. We will end up adding and removing the value // needlessly, but that's ok because this case is rare. // if (!pref->HasDefaultValue() && !pref->HasUserValue() && !pref->IsSanitized()) { // If the preference exists in the shared map, we need to keep the dynamic // entry around to mask it. if (gSharedMap->Has(pref->Name())) { pref->SetType(PrefType::None); } else { HashTable()->remove(prefName.get()); } pref = nullptr; } // Note: we don't have to worry about HandleDirty() because we are setting // prefs in the content process that have come from the parent process. if (valueChanged) { if (pref) { NotifyCallbacks(prefName, PrefWrapper(pref)); } else { NotifyCallbacks(prefName); } } } /* static */ void Preferences::GetPreference(dom::Pref* aDomPref, const GeckoProcessType aDestinationProcessType, const nsACString& aDestinationRemoteType) { MOZ_ASSERT(XRE_IsParentProcess()); bool destIsWebContent = aDestinationProcessType == GeckoProcessType_Content && (StringBeginsWith(aDestinationRemoteType, WEB_REMOTE_TYPE) || StringBeginsWith(aDestinationRemoteType, PREALLOC_REMOTE_TYPE) || StringBeginsWith(aDestinationRemoteType, PRIVILEGEDMOZILLA_REMOTE_TYPE)); Pref* pref = pref_HashTableLookup(aDomPref->name().get()); if (pref && pref->HasAdvisablySizedValues()) { pref->ToDomPref(aDomPref, destIsWebContent); } } #ifdef DEBUG bool Preferences::ArePrefsInitedInContentProcess() { MOZ_ASSERT(!XRE_IsParentProcess()); return gContentProcessPrefsAreInited; } #endif NS_IMETHODIMP Preferences::GetBranch(const char* aPrefRoot, nsIPrefBranch** aRetVal) { if ((nullptr != aPrefRoot) && (*aPrefRoot != '\0')) { // TODO: Cache this stuff and allow consumers to share branches (hold weak // references, I think). RefPtr<nsPrefBranch> prefBranch = new nsPrefBranch(aPrefRoot, PrefValueKind::User); prefBranch.forget(aRetVal); } else { // Special case: caching the default root. nsCOMPtr<nsIPrefBranch> root(sPreferences->mRootBranch); root.forget(aRetVal); } return NS_OK; } NS_IMETHODIMP Preferences::GetDefaultBranch(const char* aPrefRoot, nsIPrefBranch** aRetVal) { if (!aPrefRoot || !aPrefRoot[0]) { nsCOMPtr<nsIPrefBranch> root(sPreferences->mDefaultRootBranch); root.forget(aRetVal); return NS_OK; } // TODO: Cache this stuff and allow consumers to share branches (hold weak // references, I think). RefPtr<nsPrefBranch> prefBranch = new nsPrefBranch(aPrefRoot, PrefValueKind::Default); if (!prefBranch) { return NS_ERROR_OUT_OF_MEMORY; } prefBranch.forget(aRetVal); return NS_OK; } NS_IMETHODIMP Preferences::ReadStats(nsIPrefStatsCallback* aCallback) { #ifdef ACCESS_COUNTS for (const auto& entry : *gAccessCounts) { aCallback->Visit(entry.GetKey(), entry.GetData()); } return NS_OK; #else return NS_ERROR_NOT_IMPLEMENTED; #endif } NS_IMETHODIMP Preferences::ResetStats() { #ifdef ACCESS_COUNTS gAccessCounts->Clear(); return NS_OK; #else return NS_ERROR_NOT_IMPLEMENTED; #endif } // We would much prefer to use C++ lambdas, but we cannot convert // lambdas that capture (here, the underlying observer) to C pointer // to functions. So, here we are, with icky C callbacks. Be aware // that nothing is thread-safe here because there's a single global // `nsIPrefObserver` instance. Use this from the main thread only. nsIPrefObserver* PrefObserver = nullptr; void HandlePref(const char* aPrefName, PrefType aType, PrefValueKind aKind, PrefValue aValue, bool aIsSticky, bool aIsLocked) { MOZ_ASSERT(NS_IsMainThread()); if (!PrefObserver) { return; } const char* kind = aKind == PrefValueKind::Default ? "Default" : "User"; switch (aType) { case PrefType::String: PrefObserver->OnStringPref(kind, aPrefName, aValue.mStringVal, aIsSticky, aIsLocked); break; case PrefType::Int: PrefObserver->OnIntPref(kind, aPrefName, aValue.mIntVal, aIsSticky, aIsLocked); break; case PrefType::Bool: PrefObserver->OnBoolPref(kind, aPrefName, aValue.mBoolVal, aIsSticky, aIsLocked); break; default: PrefObserver->OnError("Unexpected pref type."); } } void HandleError(const char* aMsg) { MOZ_ASSERT(NS_IsMainThread()); if (!PrefObserver) { return; } PrefObserver->OnError(aMsg); } NS_IMETHODIMP Preferences::ParsePrefsFromBuffer(const nsTArray<uint8_t>& aBytes, nsIPrefObserver* aObserver, const char* aPathLabel) { MOZ_ASSERT(NS_IsMainThread()); // We need a null-terminated buffer. nsTArray<uint8_t> data = aBytes.Clone(); data.AppendElement(0); // Parsing as default handles both `pref` and `user_pref`. PrefObserver = aObserver; prefs_parser_parse(aPathLabel ? aPathLabel : "<ParsePrefsFromBuffer data>", PrefValueKind::Default, (const char*)data.Elements(), data.Length() - 1, HandlePref, HandleError); PrefObserver = nullptr; return NS_OK; } NS_IMETHODIMP Preferences::GetUserPrefsFileLastModifiedAtStartup(PRTime* aLastModified) { *aLastModified = mUserPrefsFileLastModifiedAtStartup; return NS_OK; } NS_IMETHODIMP Preferences::GetDirty(bool* aRetVal) { *aRetVal = mDirty; return NS_OK; } nsresult Preferences::NotifyServiceObservers(const char* aTopic) { nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); if (!observerService) { return NS_ERROR_FAILURE; } auto subject = static_cast<nsIPrefService*>(this); observerService->NotifyObservers(subject, aTopic, nullptr); return NS_OK; } already_AddRefed<nsIFile> Preferences::ReadSavedPrefs() { nsCOMPtr<nsIFile> file; nsresult rv = NS_GetSpecialDirectory(NS_APP_PREFS_50_FILE, getter_AddRefs(file)); if (NS_WARN_IF(NS_FAILED(rv))) { return nullptr; } rv = openPrefFile(file, PrefValueKind::User); if (rv == NS_ERROR_FILE_NOT_FOUND) { // This is a normal case for new users. rv = NS_OK; } else { // Store the last modified time of the file while we've got it. // We don't really care if this fails. Unused << file->GetLastModifiedTime(&mUserPrefsFileLastModifiedAtStartup); if (NS_FAILED(rv)) { // Save a backup copy of the current (invalid) prefs file, since all prefs // from the error line to the end of the file will be lost (bug 361102). // TODO we should notify the user about it (bug 523725). glean::preferences::prefs_file_was_invalid.Set(true); MakeBackupPrefFile(file); } } return file.forget(); } void Preferences::ReadUserOverridePrefs() { nsCOMPtr<nsIFile> aFile; nsresult rv = NS_GetSpecialDirectory(NS_APP_PREFS_50_DIR, getter_AddRefs(aFile)); if (NS_WARN_IF(NS_FAILED(rv))) { return; } aFile->AppendNative("user.js"_ns); rv = openPrefFile(aFile, PrefValueKind::User); } nsresult Preferences::MakeBackupPrefFile(nsIFile* aFile) { // Example: this copies "prefs.js" to "Invalidprefs.js" in the same directory. // "Invalidprefs.js" is removed if it exists, prior to making the copy. nsAutoString newFilename; nsresult rv = aFile->GetLeafName(newFilename); NS_ENSURE_SUCCESS(rv, rv); newFilename.InsertLiteral(u"Invalid", 0); nsCOMPtr<nsIFile> newFile; rv = aFile->GetParent(getter_AddRefs(newFile)); NS_ENSURE_SUCCESS(rv, rv); rv = newFile->Append(newFilename); NS_ENSURE_SUCCESS(rv, rv); bool exists = false; newFile->Exists(&exists); if (exists) { rv = newFile->Remove(false); NS_ENSURE_SUCCESS(rv, rv); } rv = aFile->CopyTo(nullptr, newFilename); NS_ENSURE_SUCCESS(rv, rv); return rv; } nsresult Preferences::SavePrefFileInternal(nsIFile* aFile, SaveMethod aSaveMethod) { ENSURE_PARENT_PROCESS("Preferences::SavePrefFileInternal", "all prefs"); // We allow different behavior here when aFile argument is not null, but it // happens to be the same as the current file. It is not clear that we // should, but it does give us a "force" save on the unmodified pref file // (see the original bug 160377 when we added this.) if (nullptr == aFile) { mSavePending = false; // Off main thread writing only if allowed. if (!AllowOffMainThreadSave()) { aSaveMethod = SaveMethod::Blocking; } // The mDirty flag tells us if we should write to mCurrentFile. We only // check this flag when the caller wants to write to the default. if (!mDirty) { return NS_OK; } // Check for profile shutdown after mDirty because the runnables from // HandleDirty() can still be pending. if (mProfileShutdown) { NS_WARNING("Cannot save pref file after profile shutdown."); return NS_ERROR_ILLEGAL_DURING_SHUTDOWN; } // It's possible that we never got a prefs file. nsresult rv = NS_OK; if (mCurrentFile) { rv = WritePrefFile(mCurrentFile, aSaveMethod); } // If we succeeded writing to mCurrentFile, reset the dirty flag. if (NS_SUCCEEDED(rv)) { mDirty = false; } return rv; } else { // We only allow off main thread writes on mCurrentFile using this method. // If you want to write asynchronously, use BackupPrefFile instead. return WritePrefFile(aFile, SaveMethod::Blocking); } } nsresult Preferences::WritePrefFile( nsIFile* aFile, SaveMethod aSaveMethod, UniquePtr<MozPromiseHolder<WritePrefFilePromise>> aPromiseHolder /* = nullptr */) { MOZ_ASSERT(XRE_IsParentProcess()); #define REJECT_IF_PROMISE_HOLDER_EXISTS(rv) \ if (aPromiseHolder) { \ aPromiseHolder->RejectIfExists(rv, __func__); \ } \ return rv; if (!HashTable()) { REJECT_IF_PROMISE_HOLDER_EXISTS(NS_ERROR_NOT_INITIALIZED); } AUTO_PROFILER_LABEL("Preferences::WritePrefFile", OTHER); if (AllowOffMainThreadSave()) { UniquePtr<PrefSaveData> prefs = MakeUnique<PrefSaveData>(pref_savePrefs()); nsresult rv = NS_OK; bool writingToCurrent = false; if (mCurrentFile) { rv = mCurrentFile->Equals(aFile, &writingToCurrent); if (NS_FAILED(rv)) { REJECT_IF_PROMISE_HOLDER_EXISTS(rv); } } // Put the newly constructed preference data into sPendingWriteData // for the next request to pick up prefs.reset(PreferencesWriter::sPendingWriteData.exchange(prefs.release())); if (prefs && !writingToCurrent) { MOZ_ASSERT(!aPromiseHolder, "Shouldn't be able to enter here if aPromiseHolder is set"); // There was a previous request writing to the default location that // hasn't been processed. It will do the work of eventually writing this // latest batch of data to disk. return NS_OK; } // There were no previous requests. Dispatch one since sPendingWriteData has // the up to date information. nsCOMPtr<nsIEventTarget> target = do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID, &rv); if (NS_SUCCEEDED(rv)) { bool async = aSaveMethod == SaveMethod::Asynchronous; // Increment sPendingWriteCount, even though it's redundant to track this // in the case of a sync runnable; it just makes it easier to simply // decrement this inside PWRunnable. We cannot use the constructor / // destructor for increment/decrement, as on dispatch failure we might // leak the runnable in order to not destroy it on the wrong thread, which // would make us get stuck in an infinite SpinEventLoopUntil inside // PreferencesWriter::Flush. Better that in future code we miss an // increment of sPendingWriteCount and cause a simple crash due to it // ending up negative. // // If aPromiseHolder is not null, ownership is transferred to PWRunnable. // The PWRunnable will automatically reject the MozPromise if it is // destroyed before being resolved or rejected by the Run method. PreferencesWriter::sPendingWriteCount++; if (async) { rv = target->Dispatch(new PWRunnable(aFile, std::move(aPromiseHolder)), nsIEventTarget::DISPATCH_NORMAL); } else { rv = SyncRunnable::DispatchToThread( target, new PWRunnable(aFile, std::move(aPromiseHolder)), true); } if (NS_FAILED(rv)) { // If our dispatch failed, we should correct our bookkeeping to // avoid shutdown hangs. PreferencesWriter::sPendingWriteCount--; // No need to reject the aPromiseHolder here, as the PWRunnable will // have already done so. return rv; } return NS_OK; } // If we can't get the thread for writing, for whatever reason, do the main // thread write after making some noise. MOZ_ASSERT(false, "failed to get the target thread for OMT pref write"); } // This will do a main thread write. It is safe to do it this way because // AllowOffMainThreadSave() returns a consistent value for the lifetime of // the parent process. PrefSaveData prefsData = pref_savePrefs(); // If we were given a MozPromiseHolder, this means the caller is attempting // to write prefs asynchronously to the disk - but if we get here, it means // that AllowOffMainThreadSave() return false, and that we will be forced // to write on the main thread instead. We still have to resolve or reject // that MozPromise regardless. nsresult rv = PreferencesWriter::Write(aFile, prefsData); if (aPromiseHolder) { NS_WARNING( "Cannot write to prefs asynchronously, as AllowOffMainThreadSave() " "returned false."); if (NS_SUCCEEDED(rv)) { aPromiseHolder->ResolveIfExists(true, __func__); } else { aPromiseHolder->RejectIfExists(rv, __func__); } } return rv; #undef REJECT_IF_PROMISE_HOLDER_EXISTS } static nsresult openPrefFile(nsIFile* aFile, PrefValueKind aKind) { MOZ_ASSERT(XRE_IsParentProcess()); nsCString data; MOZ_TRY_VAR(data, URLPreloader::ReadFile(aFile)); nsAutoString filenameUtf16; aFile->GetLeafName(filenameUtf16); NS_ConvertUTF16toUTF8 filename(filenameUtf16); nsAutoString path; aFile->GetPath(path); Parser parser; if (!parser.Parse(aKind, NS_ConvertUTF16toUTF8(path).get(), data)) { return NS_ERROR_FILE_CORRUPTED; } return NS_OK; } static nsresult parsePrefData(const nsCString& aData, PrefValueKind aKind) { const nsCString path = "$MOZ_DEFAULT_PREFS"_ns; Parser parser; if (!parser.Parse(aKind, path.get(), aData)) { return NS_ERROR_FILE_CORRUPTED; } return NS_OK; } static int pref_CompareFileNames(nsIFile* aFile1, nsIFile* aFile2) { nsAutoCString filename1, filename2; aFile1->GetNativeLeafName(filename1); aFile2->GetNativeLeafName(filename2); return Compare(filename2, filename1); } // Load default pref files from a directory. The files in the directory are // sorted reverse-alphabetically. static nsresult pref_LoadPrefsInDir(nsIFile* aDir) { MOZ_ASSERT(XRE_IsParentProcess()); nsresult rv, rv2; nsCOMPtr<nsIDirectoryEnumerator> dirIterator; // This may fail in some normal cases, such as embedders who do not use a // GRE. rv = aDir->GetDirectoryEntries(getter_AddRefs(dirIterator)); if (NS_FAILED(rv)) { // If the directory doesn't exist, then we have no reason to complain. We // loaded everything (and nothing) successfully. if (rv == NS_ERROR_FILE_NOT_FOUND) { rv = NS_OK; } return rv; } nsCOMArray<nsIFile> prefFiles(INITIAL_PREF_FILES); nsCOMPtr<nsIFile> prefFile; while (NS_SUCCEEDED(dirIterator->GetNextFile(getter_AddRefs(prefFile))) && prefFile) { nsAutoCString leafName; prefFile->GetNativeLeafName(leafName); MOZ_ASSERT( !leafName.IsEmpty(), "Failure in default prefs: directory enumerator returned empty file?"); // Skip non-js files. if (StringEndsWith(leafName, ".js"_ns, nsCaseInsensitiveCStringComparator)) { prefFiles.AppendObject(prefFile); } } if (prefFiles.Count() == 0) { NS_WARNING("No default pref files found."); if (NS_SUCCEEDED(rv)) { rv = NS_SUCCESS_FILE_DIRECTORY_EMPTY; } return rv; } prefFiles.Sort(pref_CompareFileNames); uint32_t arrayCount = prefFiles.Count(); uint32_t i; for (i = 0; i < arrayCount; ++i) { rv2 = openPrefFile(prefFiles[i], PrefValueKind::Default); if (NS_FAILED(rv2)) { NS_ERROR("Default pref file not parsed successfully."); rv = rv2; } } return rv; } static nsresult pref_ReadPrefFromJar(nsZipArchive* aJarReader, const char* aName) { nsCString manifest; MOZ_TRY_VAR(manifest, URLPreloader::ReadZip(aJarReader, nsDependentCString(aName))); Parser parser; if (!parser.Parse(PrefValueKind::Default, aName, manifest)) { return NS_ERROR_FILE_CORRUPTED; } return NS_OK; } static nsresult pref_ReadDefaultPrefs(const RefPtr<nsZipArchive> jarReader, const char* path) { UniquePtr<nsZipFind> find; nsTArray<nsCString> prefEntries; const char* entryName; uint16_t entryNameLen; nsresult rv = jarReader->FindInit(path, getter_Transfers(find)); NS_ENSURE_SUCCESS(rv, rv); while (NS_SUCCEEDED(find->FindNext(&entryName, &entryNameLen))) { prefEntries.AppendElement(Substring(entryName, entryNameLen)); } prefEntries.Sort(); for (uint32_t i = prefEntries.Length(); i--;) { rv = pref_ReadPrefFromJar(jarReader, prefEntries[i].get()); if (NS_FAILED(rv)) { NS_WARNING("Error parsing preferences."); } } return NS_OK; } static nsCString PrefValueToString(const bool* b) { return nsCString(*b ? "true" : "false"); } static nsCString PrefValueToString(const int* i) { return nsPrintfCString("%d", *i); } static nsCString PrefValueToString(const uint32_t* u) { return nsPrintfCString("%d", *u); } static nsCString PrefValueToString(const float* f) { return nsPrintfCString("%f", *f); } static nsCString PrefValueToString(const nsACString* s) { return nsCString(*s); } static nsCString PrefValueToString(const nsACString& s) { return nsCString(s); } // These preference getter wrappers allow us to look up the value for static // preferences based on their native types, rather than manually mapping them to // the appropriate Preferences::Get* functions. // We define these methods in a struct which is made friend of Preferences in // order to access private members. struct Internals { template <typename T> static nsresult GetPrefValue(const char* aPrefName, T&& aResult, PrefValueKind aKind) { nsresult rv = NS_ERROR_UNEXPECTED; NS_ENSURE_TRUE(Preferences::InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); if (Maybe<PrefWrapper> pref = pref_Lookup(aPrefName)) { rv = pref->GetValue(aKind, std::forward<T>(aResult)); if (profiler_thread_is_being_profiled_for_markers()) { profiler_add_marker( "Preference Read", baseprofiler::category::OTHER_PreferenceRead, {}, PreferenceMarker{}, ProfilerString8View::WrapNullTerminatedString(aPrefName), Some(aKind), pref->Type(), PrefValueToString(aResult)); } } return rv; } template <typename T> static nsresult GetSharedPrefValue(const char* aName, T* aResult) { nsresult rv = NS_ERROR_UNEXPECTED; if (Maybe<PrefWrapper> pref = pref_SharedLookup(aName)) { rv = pref->GetValue(PrefValueKind::User, aResult); if (profiler_thread_is_being_profiled_for_markers()) { profiler_add_marker( "Preference Read", baseprofiler::category::OTHER_PreferenceRead, {}, PreferenceMarker{}, ProfilerString8View::WrapNullTerminatedString(aName), Nothing() /* indicates Shared */, pref->Type(), PrefValueToString(aResult)); } } return rv; } template <typename T> static T GetPref(const char* aPrefName, T aFallback, PrefValueKind aKind = PrefValueKind::User) { T result = aFallback; GetPrefValue(aPrefName, &result, aKind); return result; } template <typename T, typename V> static void MOZ_NEVER_INLINE AssignMirror(T& aMirror, V aValue) { aMirror = aValue; } static void MOZ_NEVER_INLINE AssignMirror(DataMutexString& aMirror, nsCString&& aValue) { auto lock = aMirror.Lock(); lock->Assign(std::move(aValue)); } static void MOZ_NEVER_INLINE AssignMirror(DataMutexString& aMirror, const nsLiteralCString& aValue) { auto lock = aMirror.Lock(); lock->Assign(aValue); } static void ClearMirror(DataMutexString& aMirror) { auto lock = aMirror.Lock(); lock->Assign(nsCString()); } template <typename T> static void UpdateMirror(const char* aPref, void* aMirror) { StripAtomic<T> value; nsresult rv = GetPrefValue(aPref, &value, PrefValueKind::User); if (NS_SUCCEEDED(rv)) { AssignMirror(*static_cast<T*>(aMirror), std::forward<StripAtomic<T>>(value)); } else { // GetPrefValue() can fail if the update is caused by the pref being // deleted or if it fails to make a cast. This assertion is the only place // where we safeguard these. In this case the mirror variable will be // untouched, thus keeping the value it had prior to the change. // (Note that this case won't happen for a deletion via DeleteBranch() // unless bug 343600 is fixed, but it will happen for a deletion via // ClearUserPref().) NS_WARNING(nsPrintfCString("Pref changed failure: %s\n", aPref).get()); MOZ_ASSERT(false); } } template <typename T> static nsresult RegisterCallback(void* aMirror, const nsACString& aPref) { return Preferences::RegisterCallback(UpdateMirror<T>, aPref, aMirror, Preferences::ExactMatch, /* isPriority */ true); } }; // Initialize default preference JavaScript buffers from appropriate TEXT // resources. /* static */ nsresult Preferences::InitInitialObjects(bool aIsStartup) { MOZ_ASSERT(NS_IsMainThread()); if (!XRE_IsParentProcess()) { MOZ_DIAGNOSTIC_ASSERT(gSharedMap); if (aIsStartup) { StaticPrefs::StartObservingAlwaysPrefs(); } return NS_OK; } // Initialize static prefs before prefs from data files so that the latter // will override the former. StaticPrefs::InitAll(); // In the omni.jar case, we load the following prefs: // - jar:$gre/omni.jar!/greprefs.js // - jar:$gre/omni.jar!/defaults/pref/*.js // // In the non-omni.jar case, we load: // - $gre/greprefs.js // // In both cases, we also load: // - $gre/defaults/pref/*.js // // This is kept for bug 591866 (channel-prefs.js should not be in omni.jar) // in the `$app == $gre` case; we load all files instead of channel-prefs.js // only to have the same behaviour as `$app != $gre`, where this is required // as a supported location for GRE preferences. // // When `$app != $gre`, we additionally load, in the omni.jar case: // - jar:$app/omni.jar!/defaults/preferences/*.js // - $app/defaults/preferences/*.js // // and in the non-omni.jar case: // - $app/defaults/preferences/*.js // // When `$app == $gre`, we additionally load, in the omni.jar case: // - jar:$gre/omni.jar!/defaults/preferences/*.js // // Thus, in the omni.jar case, we always load app-specific default // preferences from omni.jar, whether or not `$app == $gre`. nsresult rv = NS_ERROR_FAILURE; UniquePtr<nsZipFind> find; nsTArray<nsCString> prefEntries; const char* entryName; uint16_t entryNameLen; RefPtr<nsZipArchive> jarReader = Omnijar::GetReader(Omnijar::GRE); if (jarReader) { #ifdef MOZ_WIDGET_ANDROID // Try to load an architecture-specific greprefs.js first. This will be // present in FAT AAR builds of GeckoView on Android. const char* abi = getenv("MOZ_ANDROID_CPU_ABI"); if (abi) { nsAutoCString path; path.AppendPrintf("%s/greprefs.js", abi); rv = pref_ReadPrefFromJar(jarReader, path.get()); } if (NS_FAILED(rv)) { // Fallback to toplevel greprefs.js if arch-specific load fails. rv = pref_ReadPrefFromJar(jarReader, "greprefs.js"); } #else // Load jar:$gre/omni.jar!/greprefs.js. rv = pref_ReadPrefFromJar(jarReader, "greprefs.js"); #endif NS_ENSURE_SUCCESS(rv, rv); // Load jar:$gre/omni.jar!/defaults/pref/*.js. rv = pref_ReadDefaultPrefs(jarReader, "defaults/pref/*.js$"); NS_ENSURE_SUCCESS(rv, rv); #ifdef MOZ_BACKGROUNDTASKS if (BackgroundTasks::IsBackgroundTaskMode()) { rv = pref_ReadDefaultPrefs(jarReader, "defaults/backgroundtasks/*.js$"); NS_ENSURE_SUCCESS(rv, rv); } #endif #ifdef MOZ_WIDGET_ANDROID // Load jar:$gre/omni.jar!/defaults/pref/$MOZ_ANDROID_CPU_ABI/*.js. nsAutoCString path; path.AppendPrintf("jar:$gre/omni.jar!/defaults/pref/%s/*.js$", abi); pref_ReadDefaultPrefs(jarReader, path.get()); NS_ENSURE_SUCCESS(rv, rv); #endif } else { // Load $gre/greprefs.js. nsCOMPtr<nsIFile> greprefsFile; rv = NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(greprefsFile)); NS_ENSURE_SUCCESS(rv, rv); rv = greprefsFile->AppendNative("greprefs.js"_ns); NS_ENSURE_SUCCESS(rv, rv); rv = openPrefFile(greprefsFile, PrefValueKind::Default); if (NS_FAILED(rv)) { NS_WARNING( "Error parsing GRE default preferences. Is this an old-style " "embedding app?"); } } // Load $gre/defaults/pref/*.js. nsCOMPtr<nsIFile> defaultPrefDir; rv = NS_GetSpecialDirectory(NS_APP_PREF_DEFAULTS_50_DIR, getter_AddRefs(defaultPrefDir)); NS_ENSURE_SUCCESS(rv, rv); rv = pref_LoadPrefsInDir(defaultPrefDir); if (NS_FAILED(rv)) { NS_WARNING("Error parsing application default preferences."); } #ifdef MOZ_WIDGET_COCOA // On macOS, channel-prefs.js is no longer bundled with the application and // the "app.update.channel" pref is now read from a Framework instead. // Previously, channel-prefs.js was read as one of the files in // NS_APP_PREF_DEFAULTS_50_DIR (see just above). See bug 1799332 for more // info. nsAutoCString appUpdatePrefKey; appUpdatePrefKey.Assign(kChannelPref); nsAutoCString appUpdatePrefValue; PrefValue channelPrefValue; channelPrefValue.mStringVal = MOZ_STRINGIFY(MOZ_UPDATE_CHANNEL); if (ChannelPrefsUtil::GetChannelPrefValue(appUpdatePrefValue)) { channelPrefValue.mStringVal = appUpdatePrefValue.get(); } pref_SetPref(appUpdatePrefKey, PrefType::String, PrefValueKind::Default, channelPrefValue, /* isSticky */ false, /* isLocked */ true, /* fromInit */ true); #endif // Load jar:$app/omni.jar!/defaults/preferences/*.js // or jar:$gre/omni.jar!/defaults/preferences/*.js. RefPtr<nsZipArchive> appJarReader = Omnijar::GetReader(Omnijar::APP); // GetReader(Omnijar::APP) returns null when `$app == $gre`, in // which case we look for app-specific default preferences in $gre. if (!appJarReader) { appJarReader = Omnijar::GetReader(Omnijar::GRE); } if (appJarReader) { rv = appJarReader->FindInit("defaults/preferences/*.js$", getter_Transfers(find)); NS_ENSURE_SUCCESS(rv, rv); prefEntries.Clear(); while (NS_SUCCEEDED(find->FindNext(&entryName, &entryNameLen))) { prefEntries.AppendElement(Substring(entryName, entryNameLen)); } prefEntries.Sort(); for (uint32_t i = prefEntries.Length(); i--;) { rv = pref_ReadPrefFromJar(appJarReader, prefEntries[i].get()); if (NS_FAILED(rv)) { NS_WARNING("Error parsing preferences."); } } #ifdef MOZ_BACKGROUNDTASKS if (BackgroundTasks::IsBackgroundTaskMode()) { rv = appJarReader->FindInit("defaults/backgroundtasks/*.js$", getter_Transfers(find)); NS_ENSURE_SUCCESS(rv, rv); prefEntries.Clear(); while (NS_SUCCEEDED(find->FindNext(&entryName, &entryNameLen))) { prefEntries.AppendElement(Substring(entryName, entryNameLen)); } prefEntries.Sort(); for (uint32_t i = prefEntries.Length(); i--;) { rv = pref_ReadPrefFromJar(appJarReader, prefEntries[i].get()); if (NS_FAILED(rv)) { NS_WARNING("Error parsing preferences."); } } } #endif } nsCOMPtr<nsIProperties> dirSvc( do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv)); NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr<nsISimpleEnumerator> list; dirSvc->Get(NS_APP_PREFS_DEFAULTS_DIR_LIST, NS_GET_IID(nsISimpleEnumerator), getter_AddRefs(list)); if (list) { bool hasMore; while (NS_SUCCEEDED(list->HasMoreElements(&hasMore)) && hasMore) { nsCOMPtr<nsISupports> elem; list->GetNext(getter_AddRefs(elem)); if (!elem) { continue; } nsCOMPtr<nsIFile> path = do_QueryInterface(elem); if (!path) { continue; } // Do we care if a file provided by this process fails to load? pref_LoadPrefsInDir(path); } } #if defined(MOZ_WIDGET_GTK) // To ensure the system-wide preferences are not overwritten by // firefox/browser/defauts/preferences/*.js we need to load // the /etc/firefox/defaults/pref/*.js settings as last. // Under Flatpak, the NS_OS_SYSTEM_CONFIG_DIR points to /app/etc/firefox nsCOMPtr<nsIFile> defaultSystemPrefDir; rv = NS_GetSpecialDirectory(NS_OS_SYSTEM_CONFIG_DIR, getter_AddRefs(defaultSystemPrefDir)); NS_ENSURE_SUCCESS(rv, rv); defaultSystemPrefDir->AppendNative("defaults"_ns); defaultSystemPrefDir->AppendNative("pref"_ns); rv = pref_LoadPrefsInDir(defaultSystemPrefDir); if (NS_FAILED(rv)) { NS_WARNING("Error parsing application default preferences."); } #endif if (XRE_IsParentProcess()) { SetupTelemetryPref(); } if (aIsStartup) { // Now that all prefs have their initial values, install the callbacks for // `always`-mirrored static prefs. We do this now rather than in // StaticPrefs::InitAll() so that the callbacks don't need to be traversed // while we load prefs from data files. StaticPrefs::StartObservingAlwaysPrefs(); } NS_CreateServicesFromCategory(NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID, nullptr, NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID); nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); if (NS_WARN_IF(!observerService)) { return NS_ERROR_FAILURE; } observerService->NotifyObservers(nullptr, NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID, nullptr); return NS_OK; } /* static */ nsresult Preferences::GetBool(const char* aPrefName, bool* aResult, PrefValueKind aKind) { MOZ_ASSERT(aResult); return Internals::GetPrefValue(aPrefName, aResult, aKind); } /* static */ nsresult Preferences::GetInt(const char* aPrefName, int32_t* aResult, PrefValueKind aKind) { MOZ_ASSERT(aResult); return Internals::GetPrefValue(aPrefName, aResult, aKind); } /* static */ nsresult Preferences::GetFloat(const char* aPrefName, float* aResult, PrefValueKind aKind) { MOZ_ASSERT(aResult); return Internals::GetPrefValue(aPrefName, aResult, aKind); } /* static */ nsresult Preferences::GetCString(const char* aPrefName, nsACString& aResult, PrefValueKind aKind) { aResult.SetIsVoid(true); return Internals::GetPrefValue(aPrefName, aResult, aKind); } /* static */ nsresult Preferences::GetString(const char* aPrefName, nsAString& aResult, PrefValueKind aKind) { nsAutoCString result; nsresult rv = Preferences::GetCString(aPrefName, result, aKind); if (NS_SUCCEEDED(rv)) { CopyUTF8toUTF16(result, aResult); } return rv; } /* static */ nsresult Preferences::GetLocalizedCString(const char* aPrefName, nsACString& aResult, PrefValueKind aKind) { nsAutoString result; nsresult rv = GetLocalizedString(aPrefName, result, aKind); if (NS_SUCCEEDED(rv)) { CopyUTF16toUTF8(result, aResult); } return rv; } /* static */ nsresult Preferences::GetLocalizedString(const char* aPrefName, nsAString& aResult, PrefValueKind aKind) { NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); nsCOMPtr<nsIPrefLocalizedString> prefLocalString; nsresult rv = GetRootBranch(aKind)->GetComplexValue( aPrefName, NS_GET_IID(nsIPrefLocalizedString), getter_AddRefs(prefLocalString)); if (NS_SUCCEEDED(rv)) { MOZ_ASSERT(prefLocalString, "Succeeded but the result is NULL"); prefLocalString->GetData(aResult); } return rv; } /* static */ nsresult Preferences::GetComplex(const char* aPrefName, const nsIID& aType, void** aResult, PrefValueKind aKind) { NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); return GetRootBranch(aKind)->GetComplexValue(aPrefName, aType, aResult); } /* static */ bool Preferences::GetBool(const char* aPrefName, bool aFallback, PrefValueKind aKind) { return Internals::GetPref(aPrefName, aFallback, aKind); } /* static */ int32_t Preferences::GetInt(const char* aPrefName, int32_t aFallback, PrefValueKind aKind) { return Internals::GetPref(aPrefName, aFallback, aKind); } /* static */ uint32_t Preferences::GetUint(const char* aPrefName, uint32_t aFallback, PrefValueKind aKind) { return Internals::GetPref(aPrefName, aFallback, aKind); } /* static */ float Preferences::GetFloat(const char* aPrefName, float aFallback, PrefValueKind aKind) { return Internals::GetPref(aPrefName, aFallback, aKind); } /* static */ nsresult Preferences::SetCString(const char* aPrefName, const nsACString& aValue, PrefValueKind aKind) { ENSURE_PARENT_PROCESS("SetCString", aPrefName); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); if (aValue.Length() > MAX_PREF_LENGTH) { return NS_ERROR_ILLEGAL_VALUE; } // It's ok to stash a pointer to the temporary PromiseFlatCString's chars in // pref because pref_SetPref() duplicates those chars. PrefValue prefValue; const nsCString& flat = PromiseFlatCString(aValue); prefValue.mStringVal = flat.get(); return pref_SetPref(nsDependentCString(aPrefName), PrefType::String, aKind, prefValue, /* isSticky */ false, /* isLocked */ false, /* fromInit */ false); } /* static */ nsresult Preferences::SetBool(const char* aPrefName, bool aValue, PrefValueKind aKind) { ENSURE_PARENT_PROCESS("SetBool", aPrefName); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); PrefValue prefValue; prefValue.mBoolVal = aValue; return pref_SetPref(nsDependentCString(aPrefName), PrefType::Bool, aKind, prefValue, /* isSticky */ false, /* isLocked */ false, /* fromInit */ false); } /* static */ nsresult Preferences::SetInt(const char* aPrefName, int32_t aValue, PrefValueKind aKind) { ENSURE_PARENT_PROCESS("SetInt", aPrefName); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); PrefValue prefValue; prefValue.mIntVal = aValue; return pref_SetPref(nsDependentCString(aPrefName), PrefType::Int, aKind, prefValue, /* isSticky */ false, /* isLocked */ false, /* fromInit */ false); } /* static */ nsresult Preferences::SetComplex(const char* aPrefName, const nsIID& aType, nsISupports* aValue, PrefValueKind aKind) { NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); return GetRootBranch(aKind)->SetComplexValue(aPrefName, aType, aValue); } /* static */ nsresult Preferences::Lock(const char* aPrefName) { ENSURE_PARENT_PROCESS("Lock", aPrefName); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); const auto& prefName = nsDependentCString(aPrefName); Pref* pref; MOZ_TRY_VAR(pref, pref_LookupForModify(prefName, [](const PrefWrapper& aPref) { return !aPref.IsLocked(); })); if (pref) { pref->SetIsLocked(true); NotifyCallbacks(prefName, PrefWrapper(pref)); } return NS_OK; } /* static */ nsresult Preferences::Unlock(const char* aPrefName) { ENSURE_PARENT_PROCESS("Unlock", aPrefName); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); const auto& prefName = nsDependentCString(aPrefName); Pref* pref; MOZ_TRY_VAR(pref, pref_LookupForModify(prefName, [](const PrefWrapper& aPref) { return aPref.IsLocked(); })); if (pref) { pref->SetIsLocked(false); NotifyCallbacks(prefName, PrefWrapper(pref)); } return NS_OK; } /* static */ bool Preferences::IsLocked(const char* aPrefName) { NS_ENSURE_TRUE(InitStaticMembers(), false); Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); return pref.isSome() && pref->IsLocked(); } /* static */ bool Preferences::IsSanitized(const char* aPrefName) { NS_ENSURE_TRUE(InitStaticMembers(), false); Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); return pref.isSome() && pref->IsSanitized(); } /* static */ nsresult Preferences::ClearUser(const char* aPrefName) { ENSURE_PARENT_PROCESS("ClearUser", aPrefName); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); const auto& prefName = nsDependentCString{aPrefName}; auto result = pref_LookupForModify( prefName, [](const PrefWrapper& aPref) { return aPref.HasUserValue(); }); if (result.isErr()) { return NS_OK; } if (Pref* pref = result.unwrap()) { pref->ClearUserValue(); if (!pref->HasDefaultValue()) { MOZ_ASSERT( !gSharedMap || !pref->IsSanitized() || !gSharedMap->Has(pref->Name()), "A sanitized pref should never be in the shared pref map."); if (!pref->IsSanitized() && (!gSharedMap || !gSharedMap->Has(pref->Name()))) { HashTable()->remove(aPrefName); } else { pref->SetType(PrefType::None); } NotifyCallbacks(prefName); } else { NotifyCallbacks(prefName, PrefWrapper(pref)); } Preferences::HandleDirty(); } return NS_OK; } /* static */ bool Preferences::HasUserValue(const char* aPrefName) { NS_ENSURE_TRUE(InitStaticMembers(), false); Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); return pref.isSome() && pref->HasUserValue(); } /* static */ bool Preferences::HasDefaultValue(const char* aPrefName) { NS_ENSURE_TRUE(InitStaticMembers(), false); Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); return pref.isSome() && pref->HasDefaultValue(); } /* static */ int32_t Preferences::GetType(const char* aPrefName) { NS_ENSURE_TRUE(InitStaticMembers(), nsIPrefBranch::PREF_INVALID); if (!HashTable()) { return PREF_INVALID; } Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); if (!pref.isSome()) { return PREF_INVALID; } switch (pref->Type()) { case PrefType::String: return PREF_STRING; case PrefType::Int: return PREF_INT; case PrefType::Bool: return PREF_BOOL; case PrefType::None: if (IsPreferenceSanitized(aPrefName)) { glean::security::pref_usage_content_process.Record(Some( glean::security::PrefUsageContentProcessExtra{Some(aPrefName)})); if (sCrashOnBlocklistedPref) { MOZ_CRASH_UNSAFE_PRINTF( "Should not access the preference '%s' in the Content Processes", aPrefName); } else { return PREF_INVALID; } } [[fallthrough]]; default: MOZ_CRASH(); } } /* static */ nsresult Preferences::AddStrongObserver(nsIObserver* aObserver, const nsACString& aPref) { MOZ_ASSERT(aObserver); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); return sPreferences->mRootBranch->AddObserver(aPref, aObserver, false); } /* static */ nsresult Preferences::AddWeakObserver(nsIObserver* aObserver, const nsACString& aPref) { MOZ_ASSERT(aObserver); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); return sPreferences->mRootBranch->AddObserver(aPref, aObserver, true); } /* static */ nsresult Preferences::RemoveObserver(nsIObserver* aObserver, const nsACString& aPref) { MOZ_ASSERT(aObserver); if (sShutdown) { MOZ_ASSERT(!sPreferences); return NS_OK; // Observers have been released automatically. } NS_ENSURE_TRUE(sPreferences, NS_ERROR_NOT_AVAILABLE); return sPreferences->mRootBranch->RemoveObserver(aPref, aObserver); } template <typename T> static void AssertNotMallocAllocated(T* aPtr) { #if defined(DEBUG) && defined(MOZ_MEMORY) jemalloc_ptr_info_t info; jemalloc_ptr_info((void*)aPtr, &info); MOZ_ASSERT(info.tag == TagUnknown); #endif } /* static */ nsresult Preferences::AddStrongObservers(nsIObserver* aObserver, const char* const* aPrefs) { MOZ_ASSERT(aObserver); for (uint32_t i = 0; aPrefs[i]; i++) { AssertNotMallocAllocated(aPrefs[i]); nsCString pref; pref.AssignLiteral(aPrefs[i], strlen(aPrefs[i])); nsresult rv = AddStrongObserver(aObserver, pref); NS_ENSURE_SUCCESS(rv, rv); } return NS_OK; } /* static */ nsresult Preferences::AddWeakObservers(nsIObserver* aObserver, const char* const* aPrefs) { MOZ_ASSERT(aObserver); for (uint32_t i = 0; aPrefs[i]; i++) { AssertNotMallocAllocated(aPrefs[i]); nsCString pref; pref.AssignLiteral(aPrefs[i], strlen(aPrefs[i])); nsresult rv = AddWeakObserver(aObserver, pref); NS_ENSURE_SUCCESS(rv, rv); } return NS_OK; } /* static */ nsresult Preferences::RemoveObservers(nsIObserver* aObserver, const char* const* aPrefs) { MOZ_ASSERT(aObserver); if (sShutdown) { MOZ_ASSERT(!sPreferences); return NS_OK; // Observers have been released automatically. } NS_ENSURE_TRUE(sPreferences, NS_ERROR_NOT_AVAILABLE); for (uint32_t i = 0; aPrefs[i]; i++) { nsresult rv = RemoveObserver(aObserver, nsDependentCString(aPrefs[i])); NS_ENSURE_SUCCESS(rv, rv); } return NS_OK; } template <typename T> /* static */ nsresult Preferences::RegisterCallbackImpl(PrefChangedFunc aCallback, T& aPrefNode, void* aData, MatchKind aMatchKind, bool aIsPriority) { NS_ENSURE_ARG(aCallback); NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); auto node = new CallbackNode(aPrefNode, aCallback, aData, aMatchKind); if (aIsPriority) { // Add to the start of the list. node->SetNext(gFirstCallback); gFirstCallback = node; if (!gLastPriorityNode) { gLastPriorityNode = node; } } else { // Add to the start of the non-priority part of the list. if (gLastPriorityNode) { node->SetNext(gLastPriorityNode->Next()); gLastPriorityNode->SetNext(node); } else { node->SetNext(gFirstCallback); gFirstCallback = node; } } return NS_OK; } /* static */ nsresult Preferences::RegisterCallback(PrefChangedFunc aCallback, const nsACString& aPrefNode, void* aData, MatchKind aMatchKind, bool aIsPriority) { return RegisterCallbackImpl(aCallback, aPrefNode, aData, aMatchKind, aIsPriority); } /* static */ nsresult Preferences::RegisterCallbacks(PrefChangedFunc aCallback, const char* const* aPrefs, void* aData, MatchKind aMatchKind) { return RegisterCallbackImpl(aCallback, aPrefs, aData, aMatchKind); } /* static */ nsresult Preferences::RegisterCallbackAndCall(PrefChangedFunc aCallback, const nsACString& aPref, void* aClosure, MatchKind aMatchKind) { MOZ_ASSERT(aCallback); nsresult rv = RegisterCallback(aCallback, aPref, aClosure, aMatchKind); if (NS_SUCCEEDED(rv)) { (*aCallback)(PromiseFlatCString(aPref).get(), aClosure); } return rv; } /* static */ nsresult Preferences::RegisterCallbacksAndCall(PrefChangedFunc aCallback, const char* const* aPrefs, void* aClosure) { MOZ_ASSERT(aCallback); nsresult rv = RegisterCallbacks(aCallback, aPrefs, aClosure, MatchKind::ExactMatch); if (NS_SUCCEEDED(rv)) { for (const char* const* ptr = aPrefs; *ptr; ptr++) { (*aCallback)(*ptr, aClosure); } } return rv; } template <typename T> /* static */ nsresult Preferences::UnregisterCallbackImpl(PrefChangedFunc aCallback, T& aPrefNode, void* aData, MatchKind aMatchKind) { MOZ_ASSERT(aCallback); if (sShutdown) { MOZ_ASSERT(!sPreferences); return NS_OK; // Observers have been released automatically. } NS_ENSURE_TRUE(sPreferences, NS_ERROR_NOT_AVAILABLE); nsresult rv = NS_ERROR_FAILURE; CallbackNode* node = gFirstCallback; CallbackNode* prev_node = nullptr; while (node) { if (node->Func() == aCallback && node->Data() == aData && node->MatchKind() == aMatchKind && node->DomainIs(aPrefNode)) { if (gCallbacksInProgress) { // Postpone the node removal until after callbacks enumeration is // finished. node->ClearFunc(); gShouldCleanupDeadNodes = true; prev_node = node; node = node->Next(); } else { node = pref_RemoveCallbackNode(node, prev_node); } rv = NS_OK; } else { prev_node = node; node = node->Next(); } } return rv; } /* static */ nsresult Preferences::UnregisterCallback(PrefChangedFunc aCallback, const nsACString& aPrefNode, void* aData, MatchKind aMatchKind) { return UnregisterCallbackImpl<const nsACString&>(aCallback, aPrefNode, aData, aMatchKind); } /* static */ nsresult Preferences::UnregisterCallbacks(PrefChangedFunc aCallback, const char* const* aPrefs, void* aData, MatchKind aMatchKind) { return UnregisterCallbackImpl(aCallback, aPrefs, aData, aMatchKind); } template <typename T> static void AddMirrorCallback(T* aMirror, const nsACString& aPref) { MOZ_ASSERT(NS_IsMainThread()); Internals::RegisterCallback<T>(aMirror, aPref); } // Don't inline because it explodes compile times. template <typename T> static MOZ_NEVER_INLINE void AddMirror(T* aMirror, const nsACString& aPref, StripAtomic<T> aDefault) { *aMirror = Internals::GetPref(PromiseFlatCString(aPref).get(), aDefault); AddMirrorCallback(aMirror, aPref); } static MOZ_NEVER_INLINE void AddMirror(DataMutexString& aMirror, const nsACString& aPref) { auto lock = aMirror.Lock(); nsCString result(*lock); Internals::GetPrefValue(PromiseFlatCString(aPref).get(), result, PrefValueKind::User); lock->Assign(std::move(result)); AddMirrorCallback(&aMirror, aPref); } // The InitPref_*() functions below end in a `_<type>` suffix because they are // used by the PREF macro definition in InitAll() below. static void InitPref_bool(const nsCString& aName, bool aDefaultValue) { MOZ_ASSERT(XRE_IsParentProcess()); PrefValue value; value.mBoolVal = aDefaultValue; pref_SetPref(aName, PrefType::Bool, PrefValueKind::Default, value, /* isSticky */ false, /* isLocked */ false, /* fromInit */ true); } static void InitPref_int32_t(const nsCString& aName, int32_t aDefaultValue) { MOZ_ASSERT(XRE_IsParentProcess()); PrefValue value; value.mIntVal = aDefaultValue; pref_SetPref(aName, PrefType::Int, PrefValueKind::Default, value, /* isSticky */ false, /* isLocked */ false, /* fromInit */ true); } static void InitPref_uint32_t(const nsCString& aName, uint32_t aDefaultValue) { InitPref_int32_t(aName, int32_t(aDefaultValue)); } static void InitPref_float(const nsCString& aName, float aDefaultValue) { MOZ_ASSERT(XRE_IsParentProcess()); PrefValue value; // Convert the value in a locale-independent way, including a trailing ".0" // if necessary to distinguish floating-point from integer prefs when viewing // them in about:config. nsAutoCString defaultValue; defaultValue.AppendFloat(aDefaultValue); if (!defaultValue.Contains('.') && !defaultValue.Contains('e')) { defaultValue.AppendLiteral(".0"); } value.mStringVal = defaultValue.get(); pref_SetPref(aName, PrefType::String, PrefValueKind::Default, value, /* isSticky */ false, /* isLocked */ false, /* fromInit */ true); } static void InitPref_String(const nsCString& aName, const char* aDefaultValue) { MOZ_ASSERT(XRE_IsParentProcess()); PrefValue value; value.mStringVal = aDefaultValue; pref_SetPref(aName, PrefType::String, PrefValueKind::Default, value, /* isSticky */ false, /* isLocked */ false, /* fromInit */ true); } static void InitPref(const nsCString& aName, bool aDefaultValue) { InitPref_bool(aName, aDefaultValue); } static void InitPref(const nsCString& aName, int32_t aDefaultValue) { InitPref_int32_t(aName, aDefaultValue); } static void InitPref(const nsCString& aName, uint32_t aDefaultValue) { InitPref_uint32_t(aName, aDefaultValue); } static void InitPref(const nsCString& aName, float aDefaultValue) { InitPref_float(aName, aDefaultValue); } template <typename T> static void InitAlwaysPref(const nsCString& aName, T* aCache, StripAtomic<T> aDefaultValue) { // Only called in the parent process. Set/reset the pref value and the // `always` mirror to the default value. // `once` mirrors will be initialized lazily in InitOncePrefs(). InitPref(aName, aDefaultValue); *aCache = aDefaultValue; } static void InitAlwaysPref(const nsCString& aName, DataMutexString& aCache, const nsLiteralCString& aDefaultValue) { // Only called in the parent process. Set/reset the pref value and the // `always` mirror to the default value. // `once` mirrors will be initialized lazily in InitOncePrefs(). InitPref_String(aName, aDefaultValue.get()); Internals::AssignMirror(aCache, aDefaultValue); } static Atomic<bool> sOncePrefRead(false); static StaticMutex sOncePrefMutex MOZ_UNANNOTATED; namespace StaticPrefs { void MaybeInitOncePrefs() { if (MOZ_LIKELY(sOncePrefRead)) { // `once`-mirrored prefs have already been initialized to their default // value. return; } StaticMutexAutoLock lock(sOncePrefMutex); if (NS_IsMainThread()) { InitOncePrefs(); } else { RefPtr<Runnable> runnable = NS_NewRunnableFunction( "Preferences::MaybeInitOncePrefs", [&]() { InitOncePrefs(); }); // This logic needs to run on the main thread SyncRunnable::DispatchToThread(GetMainThreadSerialEventTarget(), runnable); } sOncePrefRead = true; } // For mirrored prefs we generate a variable definition. #define NEVER_PREF(name, cpp_type, value) #define ALWAYS_PREF(name, base_id, full_id, cpp_type, default_value) \ cpp_type sMirror_##full_id(default_value); #define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, default_value) \ MOZ_RUNINIT cpp_type sMirror_##full_id("DataMutexString"); #define ONCE_PREF(name, base_id, full_id, cpp_type, default_value) \ cpp_type sMirror_##full_id(default_value); #include "mozilla/StaticPrefListAll.h" #undef NEVER_PREF #undef ALWAYS_PREF #undef ALWAYS_DATAMUTEX_PREF #undef ONCE_PREF static void InitAll() { MOZ_ASSERT(NS_IsMainThread()); MOZ_ASSERT(XRE_IsParentProcess()); // For all prefs we generate some initialization code. // // The InitPref_*() functions have a type suffix to avoid ambiguity between // prefs having int32_t and float default values. That suffix is not needed // for the InitAlwaysPref() functions because they take a pointer parameter, // which prevents automatic int-to-float coercion. #define NEVER_PREF(name, cpp_type, value) \ InitPref_##cpp_type(name ""_ns, value); #define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) \ InitAlwaysPref(name ""_ns, &sMirror_##full_id, value); #define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) \ InitAlwaysPref(name ""_ns, sMirror_##full_id, value); #define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ InitPref_##cpp_type(name ""_ns, value); #include "mozilla/StaticPrefListAll.h" #undef NEVER_PREF #undef ALWAYS_PREF #undef ALWAYS_DATAMUTEX_PREF #undef ONCE_PREF } static void StartObservingAlwaysPrefs() { MOZ_ASSERT(NS_IsMainThread()); // Call AddMirror so that our mirrors for `always` prefs will stay updated. // The call to AddMirror re-reads the current pref value into the mirror, so // our mirror will now be up-to-date even if some of the prefs have changed // since the call to InitAll(). #define NEVER_PREF(name, cpp_type, value) #define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) \ AddMirror(&sMirror_##full_id, name ""_ns, sMirror_##full_id); #define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) \ AddMirror(sMirror_##full_id, name ""_ns); #define ONCE_PREF(name, base_id, full_id, cpp_type, value) #include "mozilla/StaticPrefListAll.h" #undef NEVER_PREF #undef ALWAYS_PREF #undef ALWAYS_DATAMUTEX_PREF #undef ONCE_PREF } static void InitOncePrefs() { // For `once`-mirrored prefs we generate some initialization code. This is // done in case the pref value was updated when reading pref data files. It's // necessary because we don't have callbacks registered for `once`-mirrored // prefs. // // In debug builds, we also install a mechanism that can check if the // preference value is modified after `once`-mirrored prefs are initialized. // In tests this would indicate a likely misuse of a `once`-mirrored pref and // suggest that it should instead be `always`-mirrored. #define NEVER_PREF(name, cpp_type, value) #define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) #define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) #ifdef DEBUG # define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ { \ MOZ_ASSERT(gOnceStaticPrefsAntiFootgun); \ sMirror_##full_id = Internals::GetPref(name, cpp_type(value)); \ auto checkPref = [&]() { \ MOZ_ASSERT(sOncePrefRead); \ cpp_type staticPrefValue = full_id(); \ cpp_type preferenceValue = \ Internals::GetPref(GetPrefName_##base_id(), cpp_type(value)); \ MOZ_ASSERT(staticPrefValue == preferenceValue, \ "Preference '" name \ "' got modified since StaticPrefs::" #full_id \ " was initialized. Consider using an `always` mirror kind " \ "instead"); \ }; \ gOnceStaticPrefsAntiFootgun->insert( \ std::pair<const char*, AntiFootgunCallback>(GetPrefName_##base_id(), \ std::move(checkPref))); \ } #else # define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ sMirror_##full_id = Internals::GetPref(name, cpp_type(value)); #endif #include "mozilla/StaticPrefListAll.h" #undef NEVER_PREF #undef ALWAYS_PREF #undef ALWAYS_DATAMUTEX_PREF #undef ONCE_PREF } static void ShutdownAlwaysPrefs() { MOZ_ASSERT(NS_IsMainThread()); // We may need to do clean up for leak detection for some StaticPrefs. #define NEVER_PREF(name, cpp_type, value) #define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) #define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) \ Internals::ClearMirror(sMirror_##full_id); #define ONCE_PREF(name, base_id, full_id, cpp_type, value) #include "mozilla/StaticPrefListAll.h" #undef NEVER_PREF #undef ALWAYS_PREF #undef ALWAYS_DATAMUTEX_PREF #undef ONCE_PREF } } // namespace StaticPrefs static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( SharedPrefMapBuilder& aBuilder, const nsACString& aName, bool aValue) { auto oncePref = MakeUnique<Pref>(aName); oncePref->SetType(PrefType::Bool); oncePref->SetIsSkippedByIteration(true); bool valueChanged = false; MOZ_ALWAYS_SUCCEEDS( oncePref->SetDefaultValue(PrefType::Bool, PrefValue(aValue), /* isSticky */ true, /* isLocked */ true, &valueChanged)); oncePref->AddToMap(aBuilder); } static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( SharedPrefMapBuilder& aBuilder, const nsACString& aName, int32_t aValue) { auto oncePref = MakeUnique<Pref>(aName); oncePref->SetType(PrefType::Int); oncePref->SetIsSkippedByIteration(true); bool valueChanged = false; MOZ_ALWAYS_SUCCEEDS( oncePref->SetDefaultValue(PrefType::Int, PrefValue(aValue), /* isSticky */ true, /* isLocked */ true, &valueChanged)); oncePref->AddToMap(aBuilder); } static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( SharedPrefMapBuilder& aBuilder, const nsACString& aName, uint32_t aValue) { SaveOncePrefToSharedMap(aBuilder, aName, int32_t(aValue)); } static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( SharedPrefMapBuilder& aBuilder, const nsACString& aName, float aValue) { auto oncePref = MakeUnique<Pref>(aName); oncePref->SetType(PrefType::String); oncePref->SetIsSkippedByIteration(true); nsAutoCString value; value.AppendFloat(aValue); bool valueChanged = false; // It's ok to stash a pointer to the temporary PromiseFlatCString's chars in // pref because pref_SetPref() duplicates those chars. const nsCString& flat = PromiseFlatCString(value); MOZ_ALWAYS_SUCCEEDS( oncePref->SetDefaultValue(PrefType::String, PrefValue(flat.get()), /* isSticky */ true, /* isLocked */ true, &valueChanged)); oncePref->AddToMap(aBuilder); } #define ONCE_PREF_NAME(name) "$$$" name "$$$" namespace StaticPrefs { static void RegisterOncePrefs(SharedPrefMapBuilder& aBuilder) { MOZ_ASSERT(XRE_IsParentProcess()); MOZ_DIAGNOSTIC_ASSERT(!gSharedMap, "Must be called before gSharedMap has been created"); MaybeInitOncePrefs(); // For `once`-mirrored prefs we generate a save call, which saves the value // as it was at parent startup. It is stored in a special (hidden and locked) // entry in the global SharedPreferenceMap. In order for the entry to be // hidden and not appear in about:config nor ever be stored to disk, we set // its IsSkippedByIteration flag to true. We also distinguish it by adding a // "$$$" prefix and suffix to the preference name. #define NEVER_PREF(name, cpp_type, value) #define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) #define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) #define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ SaveOncePrefToSharedMap(aBuilder, ONCE_PREF_NAME(name) ""_ns, \ cpp_type(sMirror_##full_id)); #include "mozilla/StaticPrefListAll.h" #undef NEVER_PREF #undef ALWAYS_PREF #undef ALWAYS_DATAMUTEX_PREF #undef ONCE_PREF } // Disable thread safety analysis on this function, because it explodes build // times and memory usage. MOZ_NO_THREAD_SAFETY_ANALYSIS static void InitStaticPrefsFromShared() { MOZ_ASSERT(!XRE_IsParentProcess()); MOZ_DIAGNOSTIC_ASSERT(gSharedMap, "Must be called once gSharedMap has been created"); #ifdef DEBUG # define ASSERT_PREF_NOT_SANITIZED(name, cpp_type) \ if (IsString<cpp_type>::value && IsPreferenceSanitized(name)) { \ MOZ_CRASH("Unexpected sanitized string preference '" name \ "'. " \ "Static Preferences cannot be sanitized currently, because " \ "they expect to be initialized from the Static Map, and " \ "sanitized preferences are not present there."); \ } #else # define ASSERT_PREF_NOT_SANITIZED(name, cpp_type) #endif // For mirrored static prefs we generate some initialization code. Each // mirror variable is already initialized in the binary with the default // value. If the pref value hasn't changed from the default in the main // process (the common case) then the overwriting here won't change the // mirror variable's value. // // Note that the MOZ_ASSERT calls below can fail in one obscure case: when a // Firefox update occurs and we get a main process from the old binary (with // static prefs {A,B,C,D}) plus a new content process from the new binary // (with static prefs {A,B,C,D,E}). The content process' call to // GetSharedPrefValue() for pref E will fail because the shared pref map was // created by the main process, which doesn't have pref E. // // This silent failure is safe. The mirror variable for pref E is already // initialized to the default value in the content process, and the main // process cannot have changed pref E because it doesn't know about it! // // Nonetheless, it's useful to have the MOZ_ASSERT here for testing of debug // builds, where this scenario involving inconsistent binaries should not // occur. #define NEVER_PREF(name, cpp_type, default_value) #define ALWAYS_PREF(name, base_id, full_id, cpp_type, default_value) \ { \ StripAtomic<cpp_type> val; \ ASSERT_PREF_NOT_SANITIZED(name, cpp_type); \ DebugOnly<nsresult> rv = Internals::GetSharedPrefValue(name, &val); \ MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed accessing " name); \ StaticPrefs::sMirror_##full_id = val; \ } #define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, default_value) \ { \ StripAtomic<cpp_type> val; \ ASSERT_PREF_NOT_SANITIZED(name, cpp_type); \ DebugOnly<nsresult> rv = Internals::GetSharedPrefValue(name, &val); \ MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed accessing " name); \ Internals::AssignMirror(StaticPrefs::sMirror_##full_id, \ std::forward<StripAtomic<cpp_type>>(val)); \ } #define ONCE_PREF(name, base_id, full_id, cpp_type, default_value) \ { \ cpp_type val; \ ASSERT_PREF_NOT_SANITIZED(name, cpp_type); \ DebugOnly<nsresult> rv = \ Internals::GetSharedPrefValue(ONCE_PREF_NAME(name), &val); \ MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed accessing " name); \ StaticPrefs::sMirror_##full_id = val; \ } #include "mozilla/StaticPrefListAll.h" #undef NEVER_PREF #undef ALWAYS_PREF #undef ALWAYS_DATAMUTEX_PREF #undef ONCE_PREF #undef ASSERT_PREF_NOT_SANITIZED // `once`-mirrored prefs have been set to their value in the step above and // outside the parent process they are immutable. We set sOncePrefRead so // that we can directly skip any lazy initializations. sOncePrefRead = true; } } // namespace StaticPrefs } // namespace mozilla #undef ENSURE_PARENT_PROCESS //=========================================================================== // Module and factory stuff //=========================================================================== NS_IMPL_COMPONENT_FACTORY(nsPrefLocalizedString) { auto str = MakeRefPtr<nsPrefLocalizedString>(); if (NS_SUCCEEDED(str->Init())) { return str.forget().downcast<nsISupports>(); } return nullptr; } namespace mozilla { void UnloadPrefsModule() { Preferences::Shutdown(); } } // namespace mozilla // Preference Sanitization Related Code --------------------------------------- #define PREF_LIST_ENTRY(s) {s, (sizeof(s) / sizeof(char)) - 1} struct PrefListEntry { const char* mPrefBranch; size_t mLen; }; // A preference is 'sanitized' (i.e. not sent to web content processes) if // one of two criteria are met: // 1. The pref name matches one of the prefixes in the following list // 2. The pref is dynamically named (i.e. not specified in all.js or // StaticPrefList.yml), a string pref, and it is NOT exempted in // sDynamicPrefOverrideList // // This behavior is codified in ShouldSanitizePreference() below. // Exclusions of preferences can be defined in sOverrideRestrictionsList[]. static const PrefListEntry sRestrictFromWebContentProcesses[] = { // Remove prefs with user data PREF_LIST_ENTRY("datareporting.policy."), PREF_LIST_ENTRY("browser.download.lastDir"), PREF_LIST_ENTRY("browser.newtabpage.pinned"), PREF_LIST_ENTRY("browser.uiCustomization.state"), PREF_LIST_ENTRY("browser.urlbar"), PREF_LIST_ENTRY("devtools.debugger.pending-selected-location"), PREF_LIST_ENTRY("identity.fxaccounts.account.device.name"), PREF_LIST_ENTRY("identity.fxaccounts.account.telemetry.sanitized_uid"), PREF_LIST_ENTRY("identity.fxaccounts.lastSignedInUserHash"), PREF_LIST_ENTRY("print_printer"), PREF_LIST_ENTRY("services."), // Remove UUIDs PREF_LIST_ENTRY("app.normandy.user_id"), PREF_LIST_ENTRY("browser.newtabpage.activity-stream.impressionId"), PREF_LIST_ENTRY("browser.pageActions.persistedActions"), PREF_LIST_ENTRY("browser.startup.lastColdStartupCheck"), PREF_LIST_ENTRY("dom.push.userAgentID"), PREF_LIST_ENTRY("extensions.webextensions.uuids"), PREF_LIST_ENTRY("privacy.userContext.extension"), PREF_LIST_ENTRY("toolkit.telemetry.cachedClientID"), PREF_LIST_ENTRY("toolkit.telemetry.cachedProfileGroupID"), // Remove IDs that could be used to correlate across origins PREF_LIST_ENTRY("app.update.lastUpdateTime."), PREF_LIST_ENTRY( "browser.contentblocking.cfr-milestone.milestone-shown-time"), PREF_LIST_ENTRY("browser.contextual-services.contextId"), PREF_LIST_ENTRY("browser.laterrun.bookkeeping.profileCreationTime"), PREF_LIST_ENTRY("browser.newtabpage.activity-stream.discoverystream."), PREF_LIST_ENTRY("browser.sessionstore.upgradeBackup.latestBuildID"), PREF_LIST_ENTRY("browser.shell.mostRecentDateSetAsDefault"), PREF_LIST_ENTRY("idle.lastDailyNotification"), PREF_LIST_ENTRY("media.gmp-gmpopenh264.lastUpdate"), PREF_LIST_ENTRY("media.gmp-manager.lastCheck"), PREF_LIST_ENTRY("places.database.lastMaintenance"), PREF_LIST_ENTRY("privacy.purge_trackers.last_purge"), PREF_LIST_ENTRY("storage.vacuum.last.places.sqlite"), PREF_LIST_ENTRY("toolkit.startup.last_success"), // Remove fingerprintable things PREF_LIST_ENTRY("browser.startup.homepage_override.buildID"), PREF_LIST_ENTRY("extensions.lastAppBuildId"), PREF_LIST_ENTRY("media.gmp-manager.buildID"), PREF_LIST_ENTRY("toolkit.telemetry.previousBuildID"), }; // Allowlist for prefs and branches blocklisted in // sRestrictFromWebContentProcesses[], including prefs from // StaticPrefList.yaml and *.js, to let them pass. static const PrefListEntry sOverrideRestrictionsList[]{ PREF_LIST_ENTRY("services.settings.clock_skew_seconds"), PREF_LIST_ENTRY("services.settings.last_update_seconds"), PREF_LIST_ENTRY("services.settings.loglevel"), // This is really a boolean dynamic pref, but one Nightly user // has it set as a string... PREF_LIST_ENTRY("services.settings.preview_enabled"), PREF_LIST_ENTRY("services.settings.server"), }; // These prefs are dynamically-named (i.e. not specified in prefs.js or // StaticPrefList) and would normally by blocklisted but we allow them through // anyway, so this override list acts as an allowlist static const PrefListEntry sDynamicPrefOverrideList[]{ PREF_LIST_ENTRY("accessibility.tabfocus"), PREF_LIST_ENTRY("app.update.channel"), PREF_LIST_ENTRY("apz.subtest"), PREF_LIST_ENTRY("browser.contentblocking.category"), PREF_LIST_ENTRY("browser.dom.window.dump.file"), PREF_LIST_ENTRY("browser.search.region"), PREF_LIST_ENTRY( "browser.tabs.remote.testOnly.failPBrowserCreation.browsingContext"), PREF_LIST_ENTRY("browser.uitour.testingOrigins"), PREF_LIST_ENTRY("browser.urlbar.loglevel"), PREF_LIST_ENTRY("browser.urlbar.opencompanionsearch.enabled"), PREF_LIST_ENTRY("capability.policy"), PREF_LIST_ENTRY("dom.securecontext.allowlist"), PREF_LIST_ENTRY("extensions.foobaz"), PREF_LIST_ENTRY( "extensions.formautofill.creditCards.heuristics.testConfidence"), PREF_LIST_ENTRY("general.appversion.override"), PREF_LIST_ENTRY("general.buildID.override"), PREF_LIST_ENTRY("general.oscpu.override"), PREF_LIST_ENTRY("general.useragent.override"), PREF_LIST_ENTRY("general.platform.override"), PREF_LIST_ENTRY("gfx.blacklist."), PREF_LIST_ENTRY("font.system.whitelist"), PREF_LIST_ENTRY("font.name."), PREF_LIST_ENTRY("intl.date_time.pattern_override."), PREF_LIST_ENTRY("intl.hyphenation-alias."), PREF_LIST_ENTRY("logging.config.LOG_FILE"), PREF_LIST_ENTRY("media.audio_loopback_dev"), PREF_LIST_ENTRY("media.decoder-doctor."), PREF_LIST_ENTRY("media.cubeb.backend"), PREF_LIST_ENTRY("media.cubeb.output_device"), PREF_LIST_ENTRY("media.getusermedia.fake-camera-name"), PREF_LIST_ENTRY("media.hls.server.url"), PREF_LIST_ENTRY("media.peerconnection.nat_simulator.filtering_type"), PREF_LIST_ENTRY("media.peerconnection.nat_simulator.mapping_type"), PREF_LIST_ENTRY("media.peerconnection.nat_simulator.redirect_address"), PREF_LIST_ENTRY("media.peerconnection.nat_simulator.redirect_targets"), PREF_LIST_ENTRY("media.peerconnection.nat_simulator.network_delay_ms"), PREF_LIST_ENTRY("media.video_loopback_dev"), PREF_LIST_ENTRY("media.webspeech.service.endpoint"), PREF_LIST_ENTRY("network.gio.supported-protocols"), PREF_LIST_ENTRY("network.protocol-handler.external."), PREF_LIST_ENTRY("network.security.ports.banned"), PREF_LIST_ENTRY("nimbus.syncdatastore."), PREF_LIST_ENTRY("pdfjs."), PREF_LIST_ENTRY("plugins.force.wmode"), PREF_LIST_ENTRY("print.printer_"), PREF_LIST_ENTRY("print_printer"), PREF_LIST_ENTRY("places.interactions.customBlocklist"), PREF_LIST_ENTRY("remote.log.level"), // services.* preferences should be added in sOverrideRestrictionsList[] - // the whole preference branch gets sanitized by default. PREF_LIST_ENTRY("spellchecker.dictionary"), PREF_LIST_ENTRY("test.char"), PREF_LIST_ENTRY("Test.IPC."), PREF_LIST_ENTRY("exists.thenDoesNot"), PREF_LIST_ENTRY("type.String."), PREF_LIST_ENTRY("toolkit.mozprotocol.url"), PREF_LIST_ENTRY("toolkit.telemetry.log.level"), PREF_LIST_ENTRY("ui."), }; #undef PREF_LIST_ENTRY static bool ShouldSanitizePreference(const Pref* const aPref) { // In the parent process, we use a heuristic to decide if a pref // value should be sanitized before sending to subprocesses. MOZ_DIAGNOSTIC_ASSERT(XRE_IsParentProcess()); const char* prefName = aPref->Name(); // If a pref starts with this magic string, it is a Once-Initialized pref // from Static Prefs. It should* not be in the above list and while it looks // like a dnyamically named pref, it is not. // * nothing enforces this if (strncmp(prefName, "$$$", 3) == 0) { return false; } // First check against the denylist. // The services pref is an annoying one - it's much easier to blocklist // the whole branch and then add this one check to let this one annoying // pref through. for (const auto& entry : sRestrictFromWebContentProcesses) { if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { for (const auto& pasEnt : sOverrideRestrictionsList) { if (strncmp(pasEnt.mPrefBranch, prefName, pasEnt.mLen) == 0) { return false; } } return true; } } // Then check if it's a dynamically named string preference and not // in the override list if (aPref->Type() == PrefType::String && !aPref->HasDefaultValue()) { for (const auto& entry : sDynamicPrefOverrideList) { if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { return false; } } return true; } return false; } // Forward Declaration - it's not defined in the .h, because we don't need to; // it's only used here. template <class T> static bool IsPreferenceSanitized_Impl(const T& aPref); static bool IsPreferenceSanitized(const Pref* const aPref) { return IsPreferenceSanitized_Impl(*aPref); } static bool IsPreferenceSanitized(const PrefWrapper& aPref) { return IsPreferenceSanitized_Impl(aPref); } template <class T> static bool IsPreferenceSanitized_Impl(const T& aPref) { if (aPref.IsSanitized()) { MOZ_DIAGNOSTIC_ASSERT(!XRE_IsParentProcess()); MOZ_DIAGNOSTIC_ASSERT(XRE_IsContentProcess()); return true; } return false; } namespace mozilla { // This is the only Check Sanitization function exposed outside of // Preferences.cpp, because this is the only one ever called from // outside this file. bool IsPreferenceSanitized(const char* aPrefName) { // Perform this comparison (see notes above) early to avoid a lookup // if we can avoid it. if (strncmp(aPrefName, "$$$", 3) == 0) { return false; } if (!gContentProcessPrefsAreInited) { return false; } if (Maybe<PrefWrapper> pref = pref_Lookup(aPrefName)) { if (pref.isNothing()) { return true; } return IsPreferenceSanitized(pref.value()); } return true; } Atomic<bool, Relaxed> sOmitBlocklistedPrefValues(false); Atomic<bool, Relaxed> sCrashOnBlocklistedPref(false); void OnFissionBlocklistPrefChange(const char* aPref, void* aData) { if (strcmp(aPref, kFissionEnforceBlockList) == 0) { sCrashOnBlocklistedPref = StaticPrefs::fission_enforceBlocklistedPrefsInSubprocesses(); } else if (strcmp(aPref, kFissionOmitBlockListValues) == 0) { sOmitBlocklistedPrefValues = StaticPrefs::fission_omitBlocklistedPrefsInSubprocesses(); } else { MOZ_CRASH("Unknown pref passed to callback"); } } } // namespace mozilla // This file contains the C wrappers for the C++ static pref getters, as used // by Rust code. #include "init/StaticPrefsCGetters.cpp"
¤ Dauer der Verarbeitung: 0.177 Sekunden (vorverarbeitet am 2026-04-30) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-05-26