| ActorsChild.cpp |
QuotaChild
**************************************************************************** |
5667 |
| ActorsChild.h |
|
2669 |
| ActorsParent.cpp |
|
341388 |
| ActorsParent.h |
|
667 |
| ArtificialFailure.cpp |
|
1200 |
| ArtificialFailure.h |
Checks if an artificial failure should be triggered based on the specified
category and the configured probability.
This method evaluates if the provided failure category matches the
categories set in the preferences. If a match is found, it then checks
the probability of triggering an artificial failure. A random value is
generated to determine if the failure should occur based on this
probability. If both the category matches and the random value falls within
the defined probability, the method returns an error code indicating the
artificial failure. Otherwise, it returns a successful result.
@param aCategory - The failure category to check against the configured
categories for triggering an artificial failure. It must have only one bit
set.
@returns Result<Ok, nsresult> - An Ok result if no failure occurs; an Err
result containing an error code if an artificial failure is triggered.
Note:
Consider replacing the preferences with a dedicated class with static
methods for entering and leaving artificial failure mode, something like
`ChaosMode`. The class would also implement an interface, for example
`nsIQuotaArtificialFailure` allowing access from scripts.
Example usage:
This example demonstrates the usage of `ArtificialFailure` in conjunction
with the `QM_TRY` macro to handle potential artificial failures gracefully.
The `QM_TRY` macro will return early if an artificial failure occurs, with
the corresponding error code from `ArtificialFailure`.
```cpp
QM_TRY(ArtificialFailure(
nsIQuotaArtificialFailure::CATEGORY_INITIALIZE_ORIGIN));
```
|
2492 |
| Assertions.cpp |
|
1210 |
| Assertions.h |
|
794 |
| AssertionsImpl.h |
|
1413 |
| BackgroundThreadObject.cpp |
|
1172 |
| BackgroundThreadObject.h |
|
931 |
| CachingDatabaseConnection.cpp |
|
5720 |
| CachingDatabaseConnection.h |
|
7457 |
| CanonicalQuotaObject.cpp |
aTruncate |
10013 |
| CanonicalQuotaObject.h |
aIsRemote |
2418 |
| CheckedUnsafePtr.h |
|
20455 |
| CipherKeyManager.h |
|
3195 |
| CipherStrategy.h |
|
1426 |
| Client.cpp |
|
6683 |
| Client.h |
|
5575 |
| ClientDirectoryLock.cpp |
|
2426 |
| ClientDirectoryLock.h |
|
2282 |
| ClientDirectoryLockHandle.cpp |
|
4326 |
| ClientDirectoryLockHandle.h |
@class ClientDirectoryLockHandle
@brief RAII-style wrapper for managing a ClientDirectoryLock.
ClientDirectoryLockHandle is a RAII-style wrapper that manages a
ClientDirectoryLock created by QuotaManager::OpenClientDirectory.
This class ensures that the associated directory lock remains acquired
while the handle is in scope and automatically drops it when destroyed.
## Usage:
- See QuotaManager::OpenClientDirectory for details on obtaining a
ClientDirectoryLockHandle.
- The handle should be retained for as long as access to the directory is
needed.
## Threading:
- Must be used only on the thread that created it, except that it may be
safely destroyed from another thread after being moved (see also
Destruction).
- `AssertIsOnOwningThread()` is primarily used internally to verify correct
threading, but clients can use it for additional thread-safety checks if
needed.
## Destruction:
- If the lock has already been dropped (e.g., due to move), the destructor
does nothing.
- The destructor automatically drops the lock if it is still held.
- Thus, it is safe to destroy a handle from any thread as long as the handle
was moved beforehand on the owning thread.
## Key Features:
- Move-only: Prevents accidental copies.
- Implicit boolean conversion to check if the handle holds a valid
`ClientDirectoryLock`.
- Easy access to the underlying ClientDirectoryLock using `operator*` and
`operator->`.
- Moved-from handles are placed in a well-defined inert state and can be
safely inspected using `IsInert()` for diagnostic purposes.
|
4248 |
| ClientImpl.h |
|
1088 |
| ClientStorageScope.h |
Represents a scope within an origin directory, currently covering either a
specific client (`Client`), metadata (`Metadata`), or a match-all scope
(`Null`).
The use of "Storage" in the class name is intentional. Unlike
`PersistenceScope` and `OriginScope`, which match only specific directories,
this scope is meant to cover all entries within an origin directory. That
includes client specific folders (e.g., idb/, fs/) and, in the future, files
like metadata that exist alongside them.
The special `Metadata` scope exists because adding the metadata type to
client types would complicate other aspects of the system. A special client
implementation just for working with the metadata file would be overkill.
However, we need a way to lock just the metadata file. Since metadata files
reside alongside client directories under the same origin directory, it
makes sense to include them in the `ClientStorageScope`.
This class provides operations to check the current scope type
(`Client`, `Metadata`, or `Null`), set the scope type, retrieve a client
type, and match it with another scope.
|
4966 |
| ClientUsageArray.cpp |
|
1601 |
| ClientUsageArray.h |
|
1248 |
| CommonMetadata.h |
|
7945 |
| CommonMetadataArray.h |
|
578 |
| CommonMetadataArrayFwd.h |
|
664 |
| components.conf |
|
1123 |
| ConditionalCompilation.h |
Macros for conditional compilation based on build configuration.
These macros are primarily used to inline debug or configuration specific
declarations or expressions in a single line without needing explicit #ifdef
blocks. This improves readability and avoids code clutter.
Current macros include:
- DEBUGONLY(expr)
- DIAGNOSTICONLY(expr)
This header may also include future macros such as:
- NIGHTLYONLY(expr)
- IF_NIGHTLY(expr)
All macros in this file are designed for compile time control over code
inclusion and should not introduce runtime behavior.
|
1358 |
| Config.h |
|
1047 |
| Constants.h |
|
3010 |
| Date.h |
A lightweight utility class representing a date as the number of days since
the Unix epoch (1970-01-01 UTC).
This class is useful when full timestamp precision is not needed and only
a compact representation is required, such as when storing the value in an
int32_t field. An int32_t can safely represent dates out to the year ~5.8
million, making this format ideal for tracking coarse-grained time values
like origin maintenance dates, and similar use cases.
Internally, the date is derived from PR_Now(), which returns microseconds
since the epoch. This ensures consistency with other quota-related timestamp
logic, such as origin last access time.
|
2290 |
| DecryptingInputStream.cpp |
|
3572 |
| DecryptingInputStream.h |
|
6342 |
| DecryptingInputStream_impl.h |
aCheckAvailableBytes |
15981 |
| DirectoryLock.h |
|
1103 |
| DirectoryLockCategory.h |
|
2388 |
| DirectoryLockImpl.cpp |
Automatically log information about a directory lock if acquiring of the
directory lock takes this long. We've chosen a value that is long enough
that it is unlikely for the problem to be falsely triggered by slow system
I/O. We've also chosen a value long enough so that testers can notice the
timeout; we want to know about the timeouts, not hide them. On the other
hand this value is less than 45 seconds which is used by quota manager to
crash a hung quota manager shutdown.
|
14506 |
| DirectoryLockImpl.h |
|
8369 |
| DirectoryLockInlines.h |
|
1744 |
| DirectoryMetadata.cpp |
|
4150 |
| DirectoryMetadata.h |
Directory Metadata File Format (.metadata-v2)
The metadata file is a binary file containing metadata information for an
origin directory. It consists of a header and several additional fields,
some of which are maintained only for backward compatibility.
Header (OriginStateMetadata):
- int64_t mLastAccessTime
The last access time of the origin in microseconds since the epoch.
- bool mPersisted
True if the origin is marked as persisted and should survive origin
eviction.
- uint32_t flags
A bitfield of DirectoryMetadataFlags used to store boolean state flags.
This field currently maps only to mAccessed. The defined flags are:
- Initialized: Always set when writing metadata; indicates that this
field contains valid flag bits. Older files written before this
flag was introduced will have this field set to zero.
- Accessed: Indicates whether the origin has been accessed by a quota
client. This maps directly to the mAccessed field in memory.
If the Initialized flag is not set, the flags field is considered
invalid and mAccessed is conservatively set to true to ensure a full
initialization scan.
- int32_t mLastMaintenanceDate
The last maintenance date of the origin in days since the epoch.
Legacy fields (still written and read for backward compatibility, but no
longer used):
- nsCString mSuffix
Originally used for origin attributes. Still written to preserve
compatibility.
- nsCString mGroup
Originally used for quota group. Still written to preserve
compatibility.
Storage fields:
- nsCString mStorageOrigin
Storage origin string (actively used for reconstructing the principal).
Legacy fields (continued):
- bool mIsPrivate
Flag originally used for private browsing contexts or apps. Still
written.
Validation check:
- After reading all expected fields, any additional data (even a single
32-bit value) is treated as an error.
Notes:
- OriginStateMetadata is loaded first and interpreted independently. This
allows fast and safe updates to the metadata header on disk without
rewriting the full file.
- The header is intentionally designed to contain only fixed-size fields.
This allows updating the header in-place without creating a temporary
file.
|
3638 |
| DummyCipherStrategy.h |
|
1746 |
| EncryptedBlock.h |
|
3592 |
| EncryptingOutputStream.cpp |
|
2033 |
| EncryptingOutputStream.h |
|
3850 |
| EncryptingOutputStream_impl.h |
|
8563 |
| ErrorHandling.h |
|
1419 |
| FileStreams.cpp |
aTruncate |
6864 |
| FileStreams.h |
|
6204 |
| FileUtils.cpp |
|
1408 |
| FileUtils.h |
|
715 |
| FirstInitializationAttempts.h |
|
2448 |
| FirstInitializationAttemptsImpl.h |
|
1394 |
| Flatten.h |
|
3192 |
| ForwardDecls.h |
|
3865 |
| GroupInfo.cpp |
|
2705 |
| GroupInfo.h |
|
1992 |
| GroupInfoPair.cpp |
|
928 |
| GroupInfoPair.h |
|
2538 |
| HashKeys.h |
|
808 |
| InitializationTypes.cpp |
|
2506 |
| InitializationTypes.h |
|
3431 |
| IPCQuotaObject.ipdlh |
|
441 |
| IPCStreamCipherStrategy.h |
|
575 |
| metrics.yaml |
|
8695 |
| moz.build |
|
4890 |
| MozPromiseUtils.h |
|
3788 |
| NormalOriginOperationBase.cpp |
|
1091 |
| NormalOriginOperationBase.h |
|
1802 |
| NotifyUtils.cpp |
|
2027 |
| NotifyUtils.h |
|
888 |
| NotifyUtilsCommon.cpp |
|
1424 |
| NotifyUtilsCommon.h |
|
738 |
| nsIndexedDBProtocolHandler.cpp |
|
1359 |
| nsIndexedDBProtocolHandler.h |
|
821 |
| nsIQuotaArtificialFailure.idl |
|
649 |
| nsIQuotaCallbacks.idl |
|
745 |
| nsIQuotaManagerService.idl |
Asynchronously retrieves storage name and returns it as a plain string.
If the dom.quotaManager.testing preference is not true the call will be
a no-op.
|
18989 |
| nsIQuotaManagerServiceInternal.idl |
This interface defines internal methods for use within Quota Manager code.
It is intended strictly for internal implementation details and should not
be used outside of Quota Manager internal code.
|
1508 |
| nsIQuotaRequests.idl |
|
1404 |
| nsIQuotaResults.idl |
|
1957 |
| nsIQuotaUtilsService.idl |
This interface provides utility methods for storage and quota management
that require information only available in JavaScript system modules. It
serves as a bridge for accessing such information from C++ code where direct
access is not feasible.
|
970 |
| NSSCipherStrategy.cpp |
|
4976 |
| NSSCipherStrategy.h |
|
1824 |
| OpenClientDirectoryInfo.cpp |
|
2536 |
| OpenClientDirectoryInfo.h |
@class OpenClientDirectoryInfo
@brief Tracks the first and last access to an origin directory.
OpenClientDirectoryInfo is a lightweight internal helper used to track
access to a specific origin directory after a call to
QuotaManager::OpenClientDirectory.
It keeps a count of active ClientDirectoryLockHandle instances associated
with the origin directory and allows the QuotaManager to update the
directory’s access time when the first handle is created and when the last
one is released.
Although this class is currently focused on tracking origin-level access, it
may be extended in the future to track finer-grained access to individual
client directories as well. The name reflects its connection to the broader
OpenClientDirectory mechanism, which is central to how quota clients
initiate access to their storage.
## Usage:
- Created by QuotaManager::RegisterClientDirectoryLockHandle.
- Removed by QuotaManager::UnregisterClientDirectoryLockHandle.
## Lifetime:
- Exists only while at least one ClientDirectoryLockHandle is active for the
origin directory.
## Threading:
- Must be used only on the thread that created it.
- `AssertIsOnOwningThread()` can be used to verify correct usage.
|
3002 |
| OpenClientDirectoryUtils.h |
aExclusive |
6081 |
| OriginDirectoryLock.cpp |
aExclusive |
1578 |
| OriginDirectoryLock.h |
|
1792 |
| OriginInfo.cpp |
|
6743 |
| OriginInfo.h |
In some special cases like the LocalStorage client where it's possible to
create a Quota-using representation but not actually write any data, we
want to be able to track quota for an origin without creating its origin
directory or the per-client files until they are actually needed to store
data. In those cases, the OriginInfo will be created by
InitQuotaForOrigin and the resulting mDirectoryExists will be false until
the origin actually needs to be created. It is possible for mUsage to be
greater than zero while mDirectoryExists is false, representing a state
where a client like LocalStorage has reserved quota for disk writes, but
has not yet flushed the data to disk.
|
5043 |
| OriginOperationBase.cpp |
|
4953 |
| OriginOperationBase.h |
|
2042 |
| OriginOperationCallbacks.h |
|
2206 |
| OriginOperations.cpp |
|
125171 |
| OriginOperations.h |
|
7862 |
| OriginParser.cpp |
|
12395 |
| OriginParser.h |
Checks whether the given origin attributes suffix corresponds to a specific
user context, based on the provided `userContextId` value.
This function parses the input suffix into an `OriginAttributes` object
and evaluates the `userContextId` attribute. If the attribute matches the
given `aUserContextId`, the suffix is considered to belong to that user
context. Other attributes in the suffix are ignored.
@param aSuffix The origin attributes suffix to check. This must be a valid
suffix; otherwise, the code will trigger an assertion failure.
@param aUserContextId The `userContextId` value to compare against the
attribute in the suffix.
@return `true` if the `userContextId` attribute matches `aUserContextId`,
`false` otherwise.
@note The input must be a valid suffix. Invalid inputs will cause a
diagnostic assertion failure because of `MOZ_ALWAYS_TRUE`.
|
5035 |
| OriginScope.h |
|
11570 |
| PersistenceScope.cpp |
|
962 |
| PersistenceScope.h |
|
4465 |
| PersistenceType.cpp |
|
7150 |
| PersistenceType.h |
|
2482 |
| PQuota.ipdl |
|
6111 |
| PQuotaRequest.ipdl |
|
1091 |
| PQuotaUsageRequest.ipdl |
|
459 |
| PRemoteQuotaObject.ipdl |
|
730 |
| PrincipalUtils.cpp |
|
9306 |
| PrincipalUtils.h |
|
1734 |
| PromiseUtils.cpp |
|
1124 |
| PromiseUtils.h |
|
690 |
| QMResult.cpp |
|
670 |
| QMResult.h |
Propagate the result.
This is used by GenericErrorResult<QMResult> to create a propagated
result.
|
1622 |
| QuotaCommon.cpp |
aStart |
22400 |
| QuotaCommon.h |
|
70672 |
| QuotaManager.h |
|
43487 |
| QuotaManagerImpl.h |
|
1837 |
| QuotaManagerService.cpp |
aIID |
52334 |
| QuotaManagerService.h |
mozilla_dom_quota_QuotaManagerService_h |
2712 |
| QuotaObject.cpp |
|
2507 |
| QuotaObject.h |
|
2547 |
| QuotaParent.cpp |
|
38583 |
| QuotaParent.h |
|
6783 |
| QuotaPrefs.cpp |
|
1570 |
| QuotaPrefs.h |
The QuotaPrefs class provides static helper methods for evaluating
preferences with non-trivial logic.
|
817 |
| QuotaRequestBase.cpp |
|
1152 |
| QuotaRequestBase.h |
|
1545 |
| QuotaRequests.cpp |
|
6385 |
| QuotaRequests.h |
|
2775 |
| QuotaResults.cpp |
|
4459 |
| QuotaResults.h |
|
1943 |
| QuotaUsageRequestChild.cpp |
|
1390 |
| QuotaUsageRequestChild.h |
|
1365 |
| QuotaUsageRequestParent.cpp |
|
1153 |
| QuotaUsageRequestParent.h |
|
1211 |
| QuotaUtilsService.sys.mjs |
|
827 |
| RemoteQuotaObject.cpp |
aIsRemote |
1623 |
| RemoteQuotaObject.h |
|
1385 |
| RemoteQuotaObjectChild.cpp |
|
1002 |
| RemoteQuotaObjectChild.h |
|
1084 |
| RemoteQuotaObjectParent.cpp |
aTruncate |
1995 |
| RemoteQuotaObjectParent.h |
|
1363 |
| RemoteQuotaObjectParentTracker.h |
|
1225 |
| RemoveParen.h |
|
900 |
| ResolvableNormalOriginOp.h |
|
1931 |
| ResultExtensions.h |
|
5012 |
| SanitizationUtils.cpp |
|
1146 |
| SanitizationUtils.h |
|
682 |
| ScopedLogExtraInfo.cpp |
static |
2665 |
| ScopedLogExtraInfo.h |
|
2475 |
| scripts |
|
|
| SerializationHelpers.h |
|
6432 |
| StorageHelpers.cpp |
|
2015 |
| StorageHelpers.h |
This class provides a RAII wrap of attaching and detaching database
in a given C++ scope. It is guaranteed that an attached database will
be detached even if you have an exception or return early.
@param aConnection
The connection to attach a database to.
@param aDatabaseFile
The database file to attach.
@param aSchemaName
The schema-name. Can be any string literal which is supported by the
underlying database. For more details about schema-name, see
https://www.sqlite.org/lang_attach.html
|
1779 |
| StorageManager.cpp |
PersistentStoragePermissionRequest
**************************************************************************** |
22029 |
| StorageManager.h |
|
1769 |
| StorageOriginAttributes.cpp |
|
2769 |
| StorageOriginAttributes.h |
|
2010 |
| StreamUtils.cpp |
|
2749 |
| StreamUtils.h |
|
1209 |
| StringifyUtils.cpp |
static |
1711 |
| StringifyUtils.h |
|
1848 |
| TargetPtrHolder.h |
|
1495 |
| test |
|
|
| ThreadUtils.cpp |
aThread |
2547 |
| ThreadUtils.h |
Add a temporary thread observer and listen for the "AfterProcessNextEvent"
notification. Once the notification is received, remove the temporary thread
observer and call aCallback.
In practice, this calls aCallback immediately after the current thread is
done with running and releasing recently popped event from thread's event
queue.
If called multiple times, all the callbacks will be executed, in the
order in which RunAfterProcessingCurrentEvent() was called.
Use this method if you need to dispatch the same or some other runnable to
another thread in a way which prevents any race conditions (for example
unpredictable releases of objects).
This method should be used only in existing code which can't be easily
converted to use MozPromise which doesn't have the problem with
unpredictable releases of objects, see:
https://searchfox.org/mozilla-central/rev/4582d908c17fbf7924f5699609fe4a12c28ddc4a/xpcom/threads/MozPromise.h#866
Note: Calling this method from a thread pool is not supported since thread
pools don't fire the "AfterProcessNextEvent" notification. The method has
a diagnostic assertion for that so any calls like that will be caught
in builds with enabled diagnostic assertions. The callback will never
get executed in other builds, such as release builds. The limitation can
be removed completely when thread pool implementation gets support for firing
the "AfterProcessNextEvent".
|
2577 |
| UniversalDirectoryLock.cpp |
aExclusive |
3032 |
| UniversalDirectoryLock.h |
/ |
2161 |
| UsageInfo.h |
|
2599 |