diff options
Diffstat (limited to 'chromium/content/browser/browser_context.cc')
| -rw-r--r-- | chromium/content/browser/browser_context.cc | 59 |
1 files changed, 49 insertions, 10 deletions
diff --git a/chromium/content/browser/browser_context.cc b/chromium/content/browser/browser_context.cc index 13e78598fea..18cb0f6c588 100644 --- a/chromium/content/browser/browser_context.cc +++ b/chromium/content/browser/browser_context.cc @@ -61,8 +61,6 @@ #include "media/learning/common/media_learning_tasks.h" #include "media/learning/impl/learning_session_impl.h" #include "media/mojo/services/video_decode_perf_history.h" -#include "net/cookies/cookie_store.h" -#include "net/url_request/url_request_context.h" #include "services/content/service.h" #include "services/network/public/cpp/features.h" #include "storage/browser/blob/blob_storage_context.h" @@ -340,7 +338,7 @@ void BrowserContext::DeliverPushMessage( int64_t service_worker_registration_id, const std::string& message_id, base::Optional<std::string> payload, - base::OnceCallback<void(blink::mojom::PushDeliveryStatus)> callback) { + base::OnceCallback<void(blink::mojom::PushEventStatus)> callback) { DCHECK_CURRENTLY_ON(BrowserThread::UI); PushMessagingRouter::DeliverMessage( browser_context, origin, service_worker_registration_id, message_id, @@ -348,6 +346,21 @@ void BrowserContext::DeliverPushMessage( } // static +void BrowserContext::FirePushSubscriptionChangeEvent( + BrowserContext* browser_context, + const GURL& origin, + int64_t service_worker_registration_id, + blink::mojom::PushSubscriptionPtr new_subscription, + blink::mojom::PushSubscriptionPtr old_subscription, + base::OnceCallback<void(blink::mojom::PushEventStatus)> callback) { + DCHECK_CURRENTLY_ON(BrowserThread::UI); + PushMessagingRouter::FireSubscriptionChangeEvent( + browser_context, origin, service_worker_registration_id, + std::move(new_subscription), std::move(old_subscription), + std::move(callback)); +} + +// static void BrowserContext::NotifyWillBeDestroyed(BrowserContext* browser_context) { TRACE_EVENT1("shutdown", "BrowserContext::NotifyWillBeDestroyed", "browser_context", browser_context); @@ -411,11 +424,13 @@ void BrowserContext::SaveSessionState(BrowserContext* browser_context) { base::WrapRefCounted(database_tracker))); if (BrowserThread::IsThreadInitialized(BrowserThread::IO)) { - GetIOThreadTaskRunner({})->PostTask( - FROM_HERE, - base::BindOnce(&SaveSessionStateOnIOThread, - static_cast<AppCacheServiceImpl*>( - storage_partition->GetAppCacheService()))); + auto* appcache_service = static_cast<AppCacheServiceImpl*>( + storage_partition->GetAppCacheService()); + if (appcache_service) { + GetIOThreadTaskRunner({})->PostTask( + FROM_HERE, + base::BindOnce(&SaveSessionStateOnIOThread, appcache_service)); + } } storage_partition->GetCookieManagerForBrowserProcess() @@ -466,10 +481,34 @@ BrowserContext::~BrowserContext() { base::debug::DumpWithoutCrashing(); } - // Clean up any isolated origins and other security state associated with this - // BrowserContext. + // Verify that there are no outstanding RenderProcessHosts that reference + // this context. Trigger a crash report if there are still references so + // we can detect/diagnose potential UAFs. + std::string rph_crash_key_value; ChildProcessSecurityPolicyImpl* policy = ChildProcessSecurityPolicyImpl::GetInstance(); + for (RenderProcessHost::iterator host_iterator = + RenderProcessHost::AllHostsIterator(); + !host_iterator.IsAtEnd(); host_iterator.Advance()) { + RenderProcessHost* host = host_iterator.GetCurrentValue(); + if (host->GetBrowserContext() == this) { + rph_crash_key_value += + "{ " + host->GetInfoForBrowserContextDestructionCrashReporting() + + " }"; + } + } + if (!rph_crash_key_value.empty()) { + NOTREACHED() << "rph_with_bc_reference : " << rph_crash_key_value; + + static auto* crash_key = base::debug::AllocateCrashKeyString( + "rph_with_bc_reference", base::debug::CrashKeySize::Size256); + base::debug::ScopedCrashKeyString auto_clear(crash_key, + rph_crash_key_value); + base::debug::DumpWithoutCrashing(); + } + + // Clean up any isolated origins and other security state associated with this + // BrowserContext. policy->RemoveStateForBrowserContext(*this); if (GetUserData(kDownloadManagerKeyName)) |