Google Git
Sign in
chromium / chromium / src / refs/heads/main / . / content / public / browser / render_process_host.h
blob: f1f8b45743db797cbca7b0eae9f92e11e2133205 [file] [log] [blame]
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_PUBLIC_BROWSER_RENDER_PROCESS_HOST_H_
#define CONTENT_PUBLIC_BROWSER_RENDER_PROCESS_HOST_H_
#include <stddef.h>
#include <stdint.h>
#include <memory>
#include <string>
#include "base/callback_list.h"
#include "base/clang_profiling_buildflags.h"
#include "base/containers/heap_array.h"
#include "base/containers/id_map.h"
#include "base/functional/function_ref.h"
#include "base/memory/safety_checks.h"
#include "base/process/kill.h"
#include "base/process/process.h"
#include "base/supports_user_data.h"
#include "base/tracing/protos/chrome_track_event.pbzero.h"
#include "build/build_config.h"
#include "content/common/buildflags.h"
#include "content/common/content_export.h"
#include "content/public/browser/web_exposed_isolation_level.h"
#include "ipc/ipc_listener.h"
#include "ipc/ipc_sender.h"
#include "media/media_buildflags.h"
#include "media/mojo/mojom/video_decode_perf_history.mojom-forward.h"
#include "mojo/public/cpp/bindings/generic_pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "net/base/network_isolation_key.h"
#include "services/network/public/mojom/cross_origin_embedder_policy.mojom-forward.h"
#include "services/network/public/mojom/network_context.mojom-forward.h"
#include "services/network/public/mojom/restricted_cookie_manager.mojom-forward.h"
#include "services/network/public/mojom/url_loader_factory.mojom-forward.h"
#include "third_party/blink/public/mojom/background_sync/background_sync.mojom.h"
#include "third_party/blink/public/mojom/buckets/bucket_manager_host.mojom-forward.h"
#include "third_party/blink/public/mojom/cache_storage/cache_storage.mojom-forward.h"
#include "third_party/blink/public/mojom/file_system_access/file_system_access_manager.mojom.h"
#include "third_party/blink/public/mojom/filesystem/file_system.mojom-forward.h"
#include "third_party/blink/public/mojom/indexeddb/indexeddb.mojom-forward.h"
#include "third_party/blink/public/mojom/locks/lock_manager.mojom-forward.h"
#include "third_party/blink/public/mojom/notifications/notification_service.mojom-forward.h"
#include "third_party/blink/public/mojom/payments/payment_app.mojom-forward.h"
#include "third_party/blink/public/mojom/permissions/permission.mojom-forward.h"
#include "third_party/blink/public/mojom/quota/quota_manager_host.mojom-forward.h"
#include "third_party/blink/public/mojom/websockets/websocket_connector.mojom-forward.h"
#include "third_party/perfetto/include/perfetto/tracing/traced_proto.h"
#include "third_party/perfetto/include/perfetto/tracing/traced_value_forward.h"
#include "ui/gfx/native_widget_types.h"
#if BUILDFLAG(IS_ANDROID)
#include "content/public/browser/android/child_process_importance.h"
#endif
#if BUILDFLAG(ALLOW_OOP_VIDEO_DECODER)
#include "media/mojo/mojom/stable/stable_video_decoder.mojom-forward.h"
#endif // BUILDFLAG(ALLOW_OOP_VIDEO_DECODER)
#if BUILDFLAG(IS_FUCHSIA)
#include "media/mojo/mojom/fuchsia_media.mojom-forward.h"
#endif
class GURL;
namespace base {
class PersistentMemoryAllocator;
class TimeDelta;
class Token;
#if BUILDFLAG(IS_ANDROID)
namespace android {
enum class ChildBindingState;
}
#endif
} // namespace base
namespace blink {
class StorageKey;
} // namespace blink
namespace IPC {
class ChannelProxy;
} // namespace IPC
namespace network {
struct CrossOriginEmbedderPolicy;
} // namespace network
namespace storage {
struct BucketLocator;
}
namespace url {
class Origin;
} // namespace url
namespace content {
class BrowserContext;
class BucketContext;
class IsolationContext;
class ProcessLock;
class RenderFrameHost;
class RenderProcessHostObserver;
class RenderProcessHostPriorityClient;
class SiteInfo;
class StoragePartition;
struct GlobalRenderFrameHostId;
#if BUILDFLAG(IS_ANDROID)
enum class ChildProcessImportance;
#endif
#if BUILDFLAG(CONTENT_ENABLE_LEGACY_IPC)
class BrowserMessageFilter;
#endif
namespace mojom {
class Renderer;
} // namespace mojom
// Interface that represents the browser side of the browser <-> renderer
// communication channel. There will generally be one RenderProcessHost per
// renderer process.
class CONTENT_EXPORT RenderProcessHost : public IPC::Sender,
public IPC::Listener,
public base::SupportsUserData {
// Do not remove this macro!
// The macro is maintained by the memory safety team.
ADVANCED_MEMORY_SAFETY_CHECKS();
public:
using iterator = base::IDMap<RenderProcessHost*>::iterator;
// Crash reporting mode for ShutdownForBadMessage.
enum class CrashReportMode {
NO_CRASH_DUMP,
GENERATE_CRASH_DUMP,
};
enum class NotificationServiceCreatorType {
kDocument,
kDedicatedWorker,
kSharedWorker,
kServiceWorker
};
// General functions ---------------------------------------------------------
~RenderProcessHost() override {}
// Initialize the new renderer process, returning true on success. This must
// be called once before the object can be used, but can be called after
// that with no effect. Therefore, if the caller isn't sure about whether
// the process has been created, it should just call Init().
virtual bool Init() = 0;
// Ensures that a Channel exists and is at least queueing outgoing messages
// if there isn't a render process connected to it yet. This may be used to
// ensure that in the event of a renderer crash and restart, subsequent
// messages sent via Send() will eventually reach the new process.
virtual void EnableSendQueue() = 0;
// Gets the next available routing id.
virtual int GetNextRoutingID() = 0;
// These methods add or remove listener for a specific message routing ID.
// Used for refcounting, each holder of this object must AddRoute and
// RemoveRoute. This object should be allocated on the heap; when no
// listeners own it any more, it will delete itself.
virtual void AddRoute(int32_t routing_id, IPC::Listener* listener) = 0;
virtual void RemoveRoute(int32_t routing_id) = 0;
// Add and remove observers for lifecycle events. The order in which
// notifications are sent to observers is undefined. Observers must be sure to
// remove the observer before they go away.
virtual void AddObserver(RenderProcessHostObserver* observer) = 0;
virtual void RemoveObserver(RenderProcessHostObserver* observer) = 0;
// Called when a received message cannot be decoded. Terminates the renderer.
// Most callers should not call this directly, but instead should call
// bad_message::BadMessageReceived() or an equivalent method outside of the
// content module.
//
// If |crash_report_mode| is GENERATE_CRASH_DUMP, then a browser crash dump
// will be reported as well.
virtual void ShutdownForBadMessage(CrashReportMode crash_report_mode) = 0;
// Recompute Priority state. RenderProcessHostPriorityClient should call this
// when their individual priority changes.
virtual void UpdateClientPriority(
RenderProcessHostPriorityClient* client) = 0;
// Number of visible (ie |!is_hidden|) RenderProcessHostPriorityClients.
virtual int VisibleClientCount() = 0;
// Get computed frame depth from RenderProcessHostPriorityClients.
virtual unsigned int GetFrameDepth() = 0;
// Get computed viewport intersection state from
// RenderProcessHostPriorityClients.
virtual bool GetIntersectsViewport() = 0;
// Called when a video capture stream or an audio stream is added or removed
// and used to determine if the process should be backgrounded or not.
virtual void OnMediaStreamAdded() = 0;
virtual void OnMediaStreamRemoved() = 0;
// Called when a service worker is executing in the process and may need
// to respond to events from other processes in a timely manner. This is
// used to determine if the process should be backgrounded or not.
virtual void OnForegroundServiceWorkerAdded() = 0;
virtual void OnForegroundServiceWorkerRemoved() = 0;
// Indicates whether the current RenderProcessHost is exclusively hosting
// guest RenderFrames. Not all guest RenderFrames are created equal. A guest,
// as indicated by BrowserPluginGuest::IsGuest, may coexist with other
// non-guest RenderFrames in the same process if IsForGuestsOnly() is false.
virtual bool IsForGuestsOnly() = 0;
// Indicates whether the current RenderProcessHost is running with JavaScript
// JIT disabled.
virtual bool IsJitDisabled() = 0;
// Indicates whether the current RenderProcessHost exclusively hosts PDF
// content.
virtual bool IsPdf() = 0;
// Returns the storage partition associated with this process.
virtual StoragePartition* GetStoragePartition() = 0;
// Terminate the associated renderer process without running unload handlers,
// waiting for the process to exit, etc. If supported by the OS, set the
// process exit code to |exit_code|. Returns false if the shutdown request
// will not be dispatched. If called before
// RenderProcessHostObserver::RenderProcessReady,
// RenderProcessHostObserver::RenderProcessExited may never be called since
// Shutdown() will race with child process startup.
virtual bool Shutdown(int exit_code) = 0;
// Returns true if shutdown was started by calling |Shutdown()|.
virtual bool ShutdownRequested() = 0;
// Try to shut down the associated renderer process as fast as possible.
// If a non-zero |page_count| value is provided, then a fast shutdown will
// only happen if the count matches the active view count. If
// |skip_unload_handlers| is false and this renderer has any RenderViews with
// unload handlers, then this function does nothing. Otherwise, the function
// will ingnore checking for those handlers. Returns true if it was able to do
// fast shutdown.
virtual bool FastShutdownIfPossible(size_t page_count = 0,
bool skip_unload_handlers = false) = 0;
// Returns true if fast shutdown was started for the renderer.
virtual bool FastShutdownStarted() = 0;
// Returns the process object associated with the child process. In certain
// tests or single-process mode, this will actually represent the current
// process.
//
// NOTE: this is not necessarily valid immediately after calling Init, as
// Init starts the process asynchronously. It's guaranteed to be valid after
// the first IPC arrives or RenderProcessReady was called on a
// RenderProcessHostObserver for this. At that point, IsReady() returns true.
virtual const base::Process& GetProcess() = 0;
// Returns whether the process is ready. The process is ready once both
// conditions (which can happen in arbitrary order) are true:
// 1- the launcher reported a successful launch
// 2- the channel is connected.
//
// After that point, GetHandle() is valid, and deferred messages have been
// sent.
virtual bool IsReady() = 0;
// Returns the user browser context associated with this renderer process.
virtual content::BrowserContext* GetBrowserContext() = 0;
// Returns whether this process is using the same StoragePartition as
// |partition|.
virtual bool InSameStoragePartition(StoragePartition* partition) = 0;
// Returns the unique ID for this child process host. This can be used later
// in a call to FromID() to get back to this object (this is used to avoid
// sending non-threadsafe pointers to other threads).
//
// This ID will be unique across all child process hosts, including workers,
// plugins, etc.
//
// This will never return ChildProcessHost::kInvalidUniqueID.
virtual int GetID() const = 0;
// Returns a SafeRef to `this`. It should only be used in non-owning cases,
// where the caller is not expected to outlive `this`.
// This method is public so that it can be called from within //content, and
// used by MockRenderProcessHost. It isn't meant to be called outside of
// //content.
virtual base::SafeRef<RenderProcessHost> GetSafeRef() const = 0;
// Returns true iff the Init() was called and the process hasn't died yet.
//
// Note that even if IsInitializedAndNotDead() returns true, then (for a short
// duration after calling Init()) the process might not be fully spawned
// *yet*. For example - IsReady() might return false and GetProcess() might
// still return an invalid process with a null handle.
virtual bool IsInitializedAndNotDead() = 0;
// Returns true iff the decision has been made to delete `this`.
//
// If this returns true, then no new child processes will be associated
// with `this`.
virtual bool IsDeletingSoon() = 0;
// Returns the renderer channel.
virtual IPC::ChannelProxy* GetChannel() = 0;
#if BUILDFLAG(CONTENT_ENABLE_LEGACY_IPC)
// Adds a message filter to the IPC channel.
virtual void AddFilter(BrowserMessageFilter* filter) = 0;
#endif
// Sets whether this render process is blocked. This means that input events
// should not be sent to it, nor other timely signs of life expected from it.
virtual void SetBlocked(bool blocked) = 0;
virtual bool IsBlocked() = 0;
using BlockStateChangedCallbackList = base::RepeatingCallbackList<void(bool)>;
using BlockStateChangedCallback = BlockStateChangedCallbackList::CallbackType;
virtual base::CallbackListSubscription RegisterBlockStateChangedCallback(
const BlockStateChangedCallback& cb) = 0;
// Schedules the host for deletion and removes it from the all_hosts list.
virtual void Cleanup() = 0;
// Track the count of pending views that are being swapped back in. Called
// by listeners to register and unregister pending views to prevent the
// process from exiting.
virtual void AddPendingView() = 0;
virtual void RemovePendingView() = 0;
// Adds and removes priority clients.
virtual void AddPriorityClient(
RenderProcessHostPriorityClient* priority_client) = 0;
virtual void RemovePriorityClient(
RenderProcessHostPriorityClient* priority_client) = 0;
// Sets a process priority override. This overrides the entire built-in
// priority setting mechanism for the process.
virtual void SetPriorityOverride(bool foreground) = 0;
virtual bool HasPriorityOverride() = 0;
virtual void ClearPriorityOverride() = 0;
#if BUILDFLAG(IS_ANDROID)
// Return the highest importance of all widgets in this process.
virtual ChildProcessImportance GetEffectiveImportance() = 0;
// Return the highest binding this process has.
virtual base::android::ChildBindingState GetEffectiveChildBindingState() = 0;
// Dumps the stack of this render process without crashing it.
virtual void DumpProcessStack() = 0;
#endif
virtual void PauseSocketManagerForRenderFrameHost(
const GlobalRenderFrameHostId& render_frame_host_id) = 0;
virtual void ResumeSocketManagerForRenderFrameHost(
const GlobalRenderFrameHostId& render_frame_host_id) = 0;
// Sets a flag indicating that the process can be abnormally terminated.
virtual void SetSuddenTerminationAllowed(bool allowed) = 0;
// Returns true if the process can be abnormally terminated.
virtual bool SuddenTerminationAllowed() = 0;
// Returns how long the child has been idle. The definition of idle
// depends on when a derived class calls mark_child_process_activity_time().
// This is a rough indicator and its resolution should not be better than
// 10 milliseconds.
virtual base::TimeDelta GetChildProcessIdleTime() = 0;
// Checks that the given renderer is allowed to request `url`; if not, `url`
// will be set to "about:blank#blocked".
//
// `empty_allowed` must be `false` when filtering URLs for navigations. The
// browser typically treats a navigation to an empty URL as a navigation to
// the home page, but this is often a privileged page, e.g. chrome://newtab/,
// which is a security problem that this method is specifically trying to
// block.
//
// This method return whether or not the URL was blocked so that callers can
// distinguish between the blocked case and a literal request to navigate to
// "about:blank#blocked".
enum class FilterURLResult {
kAllowed,
kBlocked,
};
virtual FilterURLResult FilterURL(bool empty_allowed, GURL* url) = 0;
virtual void EnableAudioDebugRecordings(const base::FilePath& file) = 0;
virtual void DisableAudioDebugRecordings() = 0;
using WebRtcRtpPacketCallback =
base::RepeatingCallback<void(base::HeapArray<uint8_t> packet_header,
size_t packet_length,
bool incoming)>;
using WebRtcStopRtpDumpCallback =
base::OnceCallback<void(bool incoming, bool outgoing)>;
// Starts passing RTP packets to |packet_callback| and returns the callback
// used to stop dumping.
virtual WebRtcStopRtpDumpCallback StartRtpDump(
bool incoming,
bool outgoing,
WebRtcRtpPacketCallback packet_callback) = 0;
// Asks the renderer process to bind |receiver|. |receiver| arrives in the
// renderer process and is carried through the following flow, stopping if any
// step decides to bind it:
//
// 1. IO thread, |ChildProcessImpl::BindReceiver()| (child_thread_impl.cc)
// 2. IO thread ,|ContentClient::BindChildProcessInterface()|
// 3. Main thread, |ChildThreadImpl::OnBindReceiver()| (virtual)
// 4. Possibly more steps, depending on the ChildThreadImpl subclass.
virtual void BindReceiver(mojo::GenericPendingReceiver receiver) = 0;
// Extracts any persistent-memory-allocator used for renderer metrics.
// Ownership is passed to the caller. To support sharing of histogram data
// between the Renderer and the Browser, the allocator is created when the
// process is created and later retrieved by the SubprocessMetricsProvider
// for management.
virtual std::unique_ptr<base::PersistentMemoryAllocator>
TakeMetricsAllocator() = 0;
// Returns the time of the last call to Init that was completed successfully
// (after a new renderer process was created); further calls to Init would
// change this value only when they caused the new process to be created after
// a crash.
virtual const base::TimeTicks& GetLastInitTime() = 0;
// Returns true if this process currently has backgrounded priority.
virtual bool IsProcessBackgrounded() = 0;
// Returns a list of durations for active KeepAlive requests.
// For debugging only. TODO(wjmaclean): Remove once the causes behind
// https://crbug.com/1148542 are known.
virtual std::string GetKeepAliveDurations() const = 0;
// Returns the number of active Shutdown-Delay requests.
// For debugging only. TODO(wjmaclean): Remove once the causes behind
// https://crbug.com/1148542 are known.
virtual size_t GetShutdownDelayRefCount() const = 0;
// Diagnostic code for https://crbug/1148542. This will be removed prior to
// resolving that issue. It counts all RenderFrameHosts that have not been
// destroyed, including speculative ones and pending deletion ones. This
// is included to allow MockRenderProcessHost to override them, and should not
// be called from outside of content/.
virtual int GetRenderFrameHostCount() const = 0;
// Calls |on_frame| for every RenderFrameHost whose frames live in this
// process. Note that speculative RenderFrameHosts will be skipped.
virtual void ForEachRenderFrameHost(
base::FunctionRef<void(RenderFrameHost*)> on_frame) = 0;
// Register/unregister a RenderFrameHost instance whose frame lives in this
// process. RegisterRenderFrameHost and UnregisterRenderFrameHost are the
// implementation details and should be called only from within //content.
virtual void RegisterRenderFrameHost(
const GlobalRenderFrameHostId& render_frame_host_id) = 0;
virtual void UnregisterRenderFrameHost(
const GlobalRenderFrameHostId& render_frame_host_id) = 0;
// "Worker ref count" is similar to "Keep alive ref count", but is specific to
// workers since they do not have pre-defined timeouts. Also affected by
// DisableRefCounts() in the same manner as for
// Increment/DecrementKeepAliveRefCount() functions.
//
// List of users:
// - Service Worker:
// While there are service workers who live in this process, they wish
// the renderer process to be alive. The ref count is incremented when this
// process is allocated to the worker, and decremented when worker's
// shutdown sequence is completed.
// - Shared Worker:
// While there are shared workers who live in this process, they wish
// the renderer process to be alive. The ref count is incremented when
// a shared worker is created in the process, and decremented when
// it is terminated (it self-destructs when it no longer has clients).
// - Shared Storage Worklet:
// (https://github.com/pythagoraskitty/shared-storage)
// While there are shared storage worklets who live in this process, they
// wish the renderer process to be alive. The ref count is incremented when
// a shared storage worklet is created in the process, and decremented when
// it is terminated (after the document is destroyed, the worklet
// will be destroyed when all pending operations have finished or a timeout
// is reached). Note that this is only relevant for the implementation of
// shared storage worklets that run in the renderer process. The actual
// process that the shared storage worklets are going to use is determined
// by the concrete implementation of
// `SharedStorageRenderThreadWorkletDriver`.
// - Auction Worklets (on Android only):
// (https://github.com/WICG/turtledove/blob/main/FLEDGE.md)
// Keeps the renderer alive if there are any worklets using it.
virtual void IncrementWorkerRefCount() = 0;
virtual void DecrementWorkerRefCount() = 0;
// "Pending reuse" ref count may be used to keep a process alive because we
// know that it will be reused soon. Unlike the keep alive ref count, it is
// not time-based, and unlike the worker ref count above, it is not used for
// workers. It is intentionally kept separate from the other ref counts to
// ease debugging, so that it's easier to tell what kept a particular process
// alive.
virtual void IncrementPendingReuseRefCount() = 0;
virtual void DecrementPendingReuseRefCount() = 0;
// Sets all the various process lifetime ref counts to zero (e.g., keep alive,
// worker, etc). Called when the browser context will be destroyed so this
// RenderProcessHost can immediately die.
//
// After this is called, the Increment/DecrementKeepAliveRefCount() functions
// and Increment/DecrementWorkerRefCount() functions must not be called.
virtual void DisableRefCounts() = 0;
// Returns true if DisableRefCounts() was called.
virtual bool AreRefCountsDisabled() = 0;
// Acquires the |mojom::Renderer| interface to the render process. This is for
// internal use only, and is only exposed here to support
// MockRenderProcessHost usage in tests.
virtual mojom::Renderer* GetRendererInterface() = 0;
// Whether this process is locked out from ever being reused for sites other
// than the ones it currently has.
virtual bool MayReuseHost() = 0;
// Indicates whether this RenderProcessHost is "unused". This starts out as
// true for new processes and becomes false after one of the following:
// (1) This process commits any page.
// (2) This process is given to a SiteInstance that already has a site
// assigned.
// Note that a process hosting ServiceWorkers will be implicitly handled by
// (2) during ServiceWorker initialization, and SharedWorkers will be handled
// by (1) since a page needs to commit before it can create a SharedWorker.
//
// While a process is unused, it is still suitable to host a URL that
// requires a dedicated process.
virtual bool IsUnused() = 0;
virtual void SetIsUsed() = 0;
// Return true if the host has not been used. This is stronger than IsUnused()
// in that it checks if this RPH has ever been used to render at all, rather
// than just no being suitable to host a URL that requires a dedicated
// process.
// TODO(alexmos): can this be unified with IsUnused()? See also
// crbug.com/738634.
virtual bool HostHasNotBeenUsed() = 0;
// Returns true if this is a spare RenderProcessHost.
virtual bool IsSpare() const = 0;
// Locks this RenderProcessHost to documents compatible with |process_lock|.
// This method is public so that it can be called from within //content, and
// used by MockRenderProcessHost. It isn't meant to be called outside of
// //content.
virtual void SetProcessLock(const IsolationContext& isolation_context,
const ProcessLock& process_lock) = 0;
// Returns the ProcessLock associated with this process.
// This method is public so that it can be called from within //content, and
// used by MockRenderProcessHost. It isn't meant to be called outside of
// //content.
virtual ProcessLock GetProcessLock() const = 0;
// Returns true if this process is locked to a particular site-specific
// ProcessLock. See the SetProcessLock() call above.
virtual bool IsProcessLockedToSiteForTesting() = 0;
// The following several methods are for internal use only, and are only
// exposed here to support MockRenderProcessHost usage in tests.
virtual void DelayProcessShutdown(
const base::TimeDelta& subframe_shutdown_timeout,
const base::TimeDelta& unload_handler_timeout,
const SiteInfo& site_info) = 0;
virtual void StopTrackingProcessForShutdownDelay() = 0;
virtual void BindCacheStorage(
const network::CrossOriginEmbedderPolicy& cross_origin_embedder_policy,
mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter>
coep_reporter_remote,
const storage::BucketLocator& bucket_locator,
mojo::PendingReceiver<blink::mojom::CacheStorage> receiver) = 0;
virtual void BindFileSystemManager(
const blink::StorageKey& storage_key,
mojo::PendingReceiver<blink::mojom::FileSystemManager> receiver) = 0;
virtual void BindFileSystemAccessManager(
const blink::StorageKey& storage_key,
mojo::PendingReceiver<blink::mojom::FileSystemAccessManager>
receiver) = 0;
virtual void GetSandboxedFileSystemForBucket(
const storage::BucketLocator& bucket_locator,
blink::mojom::FileSystemAccessManager::GetSandboxedFileSystemCallback
callback) = 0;
virtual void BindIndexedDB(
const blink::StorageKey& storage_key,
const GlobalRenderFrameHostId& rfh_id,
mojo::PendingReceiver<blink::mojom::IDBFactory> receiver) = 0;
virtual void BindBucketManagerHost(
base::WeakPtr<BucketContext> bucket_context,
mojo::PendingReceiver<blink::mojom::BucketManagerHost> receiver) = 0;
virtual void BindRestrictedCookieManagerForServiceWorker(
const blink::StorageKey& storage_key,
mojo::PendingReceiver<network::mojom::RestrictedCookieManager>
receiver) = 0;
virtual void BindVideoDecodePerfHistory(
mojo::PendingReceiver<media::mojom::VideoDecodePerfHistory> receiver) = 0;
#if BUILDFLAG(IS_FUCHSIA)
virtual void BindMediaCodecProvider(
mojo::PendingReceiver<media::mojom::FuchsiaMediaCodecProvider>
receiver) = 0;
#endif
virtual void CreateOneShotSyncService(
const url::Origin& origin,
mojo::PendingReceiver<blink::mojom::OneShotBackgroundSyncService>
receiver) = 0;
virtual void CreatePeriodicSyncService(
const url::Origin& origin,
mojo::PendingReceiver<blink::mojom::PeriodicBackgroundSyncService>
receiver) = 0;
virtual void BindQuotaManagerHost(
const blink::StorageKey& storage_key,
mojo::PendingReceiver<blink::mojom::QuotaManagerHost> receiver) = 0;
virtual void CreateLockManager(
const blink::StorageKey& storage_key,
mojo::PendingReceiver<blink::mojom::LockManager> receiver) = 0;
virtual void CreatePermissionService(
const url::Origin& origin,
mojo::PendingReceiver<blink::mojom::PermissionService> receiver) = 0;
virtual void CreatePaymentManagerForOrigin(
const url::Origin& origin,
mojo::PendingReceiver<payments::mojom::PaymentManager> receiver) = 0;
// `rfh_id` is the id for RenderFrameHost for the `receiver` if
// the notification service is created by a document, or the id for the
// ancestor RenderFrameHost of the worker if the notification service is
// created by a dedicated worker, or empty value otherwise.
virtual void CreateNotificationService(
GlobalRenderFrameHostId rfh_id,
NotificationServiceCreatorType creator_type,
const blink::StorageKey& storage_key,
mojo::PendingReceiver<blink::mojom::NotificationService> receiver) = 0;
virtual void CreateWebSocketConnector(
const blink::StorageKey& storage_key,
mojo::PendingReceiver<blink::mojom::WebSocketConnector> receiver) = 0;
#if BUILDFLAG(ALLOW_OOP_VIDEO_DECODER)
virtual void CreateStableVideoDecoder(
mojo::PendingReceiver<media::stable::mojom::StableVideoDecoder>
receiver) = 0;
#endif // BUILDFLAG(ALLOW_OOP_VIDEO_DECODER)
// Returns the current number of active views in this process. Excludes
// any RenderViewHosts that are swapped out.
size_t GetActiveViewCount();
// Returns the cross-origin isolation mode used by content in this process.
//
// This returns the kMaybe* enum values because it can't take Permissions
// Policy into account. A frame's isolation capability may be kNotIsolated
// even if it is running in a kMaybeIsolated process if the
// "cross-origin-isolated" feature was not delegated to the frame. Because
// of this, not all frames or workers in the same process will share the same
// isolation capability.
//
// Additionally, unlike WebExposedIsolationInfo, this is not guaranteed to be
// the same for all processes in a BrowsingInstance; content that is
// cross-origin to a kMaybeIsolatedApplication main frame will return
// kMaybeIsolated, as the application isolation level cannot be inherited
// cross-origin.
//
// RenderFrameHost::GetWebExposedIsolationLevel() should typically be used
// instead of this function if running in the context a frame so that
// Permissions Policy can be taken into account. This function should be used
// in contexts that don't have an associated frame like shared/service
// workers. Once Permissions Policy applies to workers, a worker-specific
// API to access isolation capability may need to be introduced which should
// be used instead of this.
//
// Note that this function doesn't account for API availability for certain
// documents and URLs that might be force-enabled by the embedder even if they
// lack the necessary privilege; in order for this matter to be taken into
// consideration, use content::IsIsolatedContext(RenderProcessHost*).
WebExposedIsolationLevel GetWebExposedIsolationLevel();
// Posts |task|, if this RenderProcessHost is ready or when it becomes ready
// (see RenderProcessHost::IsReady method). The |task| might not run at all
// (e.g. if |render_process_host| is destroyed before becoming ready). This
// function can only be called on the browser's UI thread (and the |task| will
// be posted back on the UI thread).
void PostTaskWhenProcessIsReady(base::OnceClosure task);
// Forces the renderer process to crash ASAP.
virtual void ForceCrash() {}
// Returns a string that contains information useful for debugging
// crashes related to RenderProcessHost objects staying alive longer than
// the BrowserContext they are associated with.
virtual std::string GetInfoForBrowserContextDestructionCrashReporting() = 0;
using TraceProto = perfetto::protos::pbzero::RenderProcessHost;
// Write a representation of this object into a trace.
virtual void WriteIntoTrace(
perfetto::TracedProto<TraceProto> proto) const = 0;
#if BUILDFLAG(CLANG_PROFILING_INSIDE_SANDBOX)
// Ask the renderer process to dump its profiling data to disk. Invokes
// |callback| once this has completed.
virtual void DumpProfilingData(base::OnceClosure callback) {}
#endif
#if BUILDFLAG(IS_CHROMEOS_ASH)
// Reinitializes the child process's logging with the given settings. This
// is needed on Chrome OS, which switches to a log file in the user's home
// directory once they log in.
virtual void ReinitializeLogging(uint32_t logging_dest,
base::ScopedFD log_file_descriptor) = 0;
#endif
// Asks the renderer process to prioritize energy efficiency because the
// embedder is in battery saver mode. This signal is propagated to blink and
// v8. The default state is `false`, meaning the power/speed tuning is left up
// to the different components to figure out.
virtual void SetBatterySaverMode(bool battery_saver_mode_enabled) = 0;
// Static management functions -----------------------------------------------
// Possibly start an unbound, spare RenderProcessHost. A subsequent creation
// of a RenderProcessHost with a matching browser_context may use this
// preinitialized RenderProcessHost, improving performance.
//
// It is safe to call this multiple times or when it is not certain that the
// spare renderer will be used, although calling this too eagerly may reduce
// performance as unnecessary RenderProcessHosts are created. The spare
// renderer will only be used if it using the default StoragePartition of a
// matching BrowserContext.
//
// The spare RenderProcessHost is meant to be created in a situation where a
// navigation is imminent and it is unlikely an existing RenderProcessHost
// will be used, for example in a cross-site navigation when a Service Worker
// will need to be started. Note that if ContentBrowserClient opts into
// strict site isolation (via ShouldEnableStrictSiteIsolation), then the
// //content layer will maintain a warm spare process host at all times
// (without a need for separate calls to WarmupSpareRenderProcessHost).
static void WarmupSpareRenderProcessHost(BrowserContext* browser_context);
// Return the spare RenderProcessHost, if it exists. There is at most one
// globally-used spare RenderProcessHost at any time.
// TODO(crbug.com/41492171): remove the non-test method once the performance
// investigation is finished.
static RenderProcessHost* GetSpareRenderProcessHost();
static RenderProcessHost* GetSpareRenderProcessHostForTesting();
// Registers a callback to be notified when the spare RenderProcessHost is
// changed. If a new spare RenderProcessHost is created, the callback is made
// when the host is ready (RenderProcessHostObserver::RenderProcessReady). If
// the spare RenderProcessHost is promoted to be a "real" RenderProcessHost or
// discarded for any reason, the callback is made with a null pointer.
static base::CallbackListSubscription
RegisterSpareRenderProcessHostChangedCallback(
const base::RepeatingCallback<void(RenderProcessHost*)>& cb);
// Flag to run the renderer in process. This is primarily
// for debugging purposes. When running "in process", the
// browser maintains a single RenderProcessHost which communicates
// to a RenderProcess which is instantiated in the same process
// with the Browser. All IPC between the Browser and the
// Renderer is the same, it's just not crossing a process boundary.
static bool run_renderer_in_process();
// This also calls out to ContentBrowserClient::GetApplicationLocale and
// modifies the current process' command line.
// NOTE: This function is fundamentally unsafe and *should not be used*. By
// the time a ContentBrowserClient exists in test fixtures, it is already
// unsafe to modify the command-line. The command-line should only be modified
// from SetUpCommandLine, which is before the ContentClient is created. See
// crbug.com/1197147
static void SetRunRendererInProcess(bool value);
// This forces a renderer that is running "in process" to shut down.
static void ShutDownInProcessRenderer();
// Allows iteration over all the RenderProcessHosts in the browser. Note
// that each host may not be active, and therefore may have nullptr channels.
static iterator AllHostsIterator();
// Returns the RenderProcessHost given its ID. Returns nullptr if the ID does
// not correspond to a live RenderProcessHost.
static RenderProcessHost* FromID(int render_process_id);
// Returns the RenderProcessHost given its renderer's service instance ID,
// generated randomly when launching the renderer. Returns nullptr if the
// instance does not correspond to a live RenderProcessHost.
static RenderProcessHost* FromRendererInstanceId(
const base::Token& instance_id);
// Returns true if the caller should attempt to use an existing
// RenderProcessHost rather than creating a new one.
static bool ShouldTryToUseExistingProcessHost(
content::BrowserContext* browser_context,
const GURL& site_url);
// Overrides the default heuristic for limiting the max renderer process
// count. This is useful for unit testing process limit behaviors. It is
// also used to allow a command line parameter to configure the max number of
// renderer processes and should only be called once during startup.
// A value of zero means to use the default heuristic.
static void SetMaxRendererProcessCount(size_t count);
// Returns the current maximum number of renderer process hosts kept by the
// content module.
static size_t GetMaxRendererProcessCount();
// TODO(siggi): Remove once https://crbug.com/806661 is resolved.
using AnalyzeHungRendererFunction = void (*)(const base::Process& renderer);
static void SetHungRendererAnalysisFunction(
AnalyzeHungRendererFunction analyze_hung_renderer);
// Counts current RenderProcessHost(s), ignoring the spare process.
static int GetCurrentRenderProcessCountForTesting();
// Allows tests to override host interface binding behavior. Any interface
// binding request which would normally pass through the RPH's internal
// IOThreadHostImpl::BindHostReceiver() will pass through |callback| first if
// non-null. |callback| is only called from the IO thread.
using BindHostReceiverInterceptor =
base::RepeatingCallback<void(int render_process_id,
mojo::GenericPendingReceiver* receiver)>;
static void InterceptBindHostReceiverForTesting(
BindHostReceiverInterceptor callback);
};
} // namespace content
#endif // CONTENT_PUBLIC_BROWSER_RENDER_PROCESS_HOST_H_