feat: UtilityProcess API (#34980)

* chore: initial scaffolding

* chore: implement interface and docs

* chore: address code style review

* fix: cleanup of utility process on shutdown

* chore: simplify NodeBindings::CreateEnvironment

* chore: rename disableLibraryValidation => allowLoadingUnsignedLibraries

* chore: implement process.parentPort

* chore(posix): implement stdio pipe interface

* chore(win): implement stdio interface

* chore: reenable SetNodeOptions for utility process

* chore: add specs

* chore: fix lint

* fix: update kill API

* fix: update process.parentPort API

* fix: exit event

* docs: update exit event

* fix: tests on linux

* chore: expand on some comments

* fix: shutdown of pipe reader

Avoid logging since it is always the case that reader end of
pipe will terminate after the child process.

* fix: remove exit code check for crash spec

* fix: rm PR_SET_NO_NEW_PRIVS for unsandbox utility process

* chore: fix incorrect rebase

* fix: address review feedback

* chore: rename utility_process -> utility

* chore: update docs

* chore: cleanup c++ implemantation

* fix: leak in NodeServiceHost impl

* chore: minor cleanup

* chore: cleanup JS implementation

* chore: flip default stdio to inherit

* fix: some api improvements

* Support cwd option
* Remove path restriction for modulePath
* Rewire impl for env support

* fix: add tests for cwd and env option

* chore: alt impl for reading stdio handles

* chore: support message queuing

* chore: fix lint

* chore: new UtilityProcess => utilityProcess.fork

* fix: support for uncaught exception exits

* chore: remove process.execArgv as default

* fix: windows build

* fix: style changes

* fix: docs and style changes

* chore: update patches

* spec: disable flaky test on win32 arm CI

Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>

shell/services/node/node_service.cc

@@ -0,0 +1,104 @@
+// Copyright (c) 2022 Microsoft, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#include "shell/services/node/node_service.h"
+
+#include <utility>
+#include <vector>
+
+#include "base/command_line.h"
+#include "base/strings/utf_string_conversions.h"
+#include "shell/browser/javascript_environment.h"
+#include "shell/common/api/electron_bindings.h"
+#include "shell/common/gin_converters/file_path_converter.h"
+#include "shell/common/gin_helper/dictionary.h"
+#include "shell/common/node_bindings.h"
+#include "shell/common/node_includes.h"
+#include "shell/services/node/parent_port.h"
+
+namespace electron {
+
+NodeService::NodeService(
+    mojo::PendingReceiver<node::mojom::NodeService> receiver)
+    : node_bindings_(
+          NodeBindings::Create(NodeBindings::BrowserEnvironment::kUtility)),
+      electron_bindings_(
+          std::make_unique<ElectronBindings>(node_bindings_->uv_loop())) {
+  if (receiver.is_valid())
+    receiver_.Bind(std::move(receiver));
+}
+
+NodeService::~NodeService() {
+  if (!node_env_stopped_) {
+    node_env_->env()->set_trace_sync_io(false);
+    js_env_->DestroyMicrotasksRunner();
+    node::Stop(node_env_->env());
+  }
+}
+
+void NodeService::Initialize(node::mojom::NodeServiceParamsPtr params) {
+  if (NodeBindings::IsInitialized())
+    return;
+
+  ParentPort::GetInstance()->Initialize(std::move(params->port));
+
+  js_env_ = std::make_unique<JavascriptEnvironment>(node_bindings_->uv_loop());
+
+  v8::HandleScope scope(js_env_->isolate());
+
+  node_bindings_->Initialize();
+
+  // Append program path for process.argv0
+  auto program = base::CommandLine::ForCurrentProcess()->GetProgram();
+#if defined(OS_WIN)
+  params->args.insert(params->args.begin(), base::WideToUTF8(program.value()));
+#else
+  params->args.insert(params->args.begin(), program.value());
+#endif
+
+  // Create the global environment.
+  node::Environment* env = node_bindings_->CreateEnvironment(
+      js_env_->context(), js_env_->platform(), params->args, params->exec_args);
+  node_env_ = std::make_unique<NodeEnvironment>(env);
+
+  node::SetProcessExitHandler(env,
+                              [this](node::Environment* env, int exit_code) {
+                                // Destroy node platform.
+                                env->set_trace_sync_io(false);
+                                js_env_->DestroyMicrotasksRunner();
+                                node::Stop(env);
+                                node_env_stopped_ = true;
+                                receiver_.ResetWithReason(exit_code, "");
+                              });
+
+  env->set_trace_sync_io(env->options()->trace_sync_io);
+
+  // Add Electron extended APIs.
+  electron_bindings_->BindTo(env->isolate(), env->process_object());
+
+  // Add entry script to process object.
+  gin_helper::Dictionary process(env->isolate(), env->process_object());
+  process.SetHidden("_serviceStartupScript", params->script);
+
+  // Setup microtask runner.
+  js_env_->CreateMicrotasksRunner();
+
+  // Wrap the uv loop with global env.
+  node_bindings_->set_uv_env(env);
+
+  // LoadEnvironment should be called after setting up
+  // JavaScriptEnvironment including the microtask runner
+  // since this call will start compilation and execution
+  // of the entry script. If there is an uncaught exception
+  // the exit handler set above will be triggered and it expects
+  // both Node Env and JavaScriptEnviroment are setup to perform
+  // a clean shutdown of this process.
+  node_bindings_->LoadEnvironment(env);
+
+  // Run entry script.
+  node_bindings_->PrepareEmbedThread();
+  node_bindings_->StartPolling();
+}
+
+}  // namespace electron

shell/services/node/node_service.h

@@ -0,0 +1,44 @@
+// Copyright (c) 2022 Microsoft, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#ifndef ELECTRON_SHELL_SERVICES_NODE_NODE_SERVICE_H_
+#define ELECTRON_SHELL_SERVICES_NODE_NODE_SERVICE_H_
+
+#include <memory>
+
+#include "mojo/public/cpp/bindings/pending_receiver.h"
+#include "mojo/public/cpp/bindings/receiver.h"
+#include "shell/services/node/public/mojom/node_service.mojom.h"
+
+namespace electron {
+
+class ElectronBindings;
+class JavascriptEnvironment;
+class NodeBindings;
+class NodeEnvironment;
+
+class NodeService : public node::mojom::NodeService {
+ public:
+  explicit NodeService(
+      mojo::PendingReceiver<node::mojom::NodeService> receiver);
+  ~NodeService() override;
+
+  NodeService(const NodeService&) = delete;
+  NodeService& operator=(const NodeService&) = delete;
+
+  // mojom::NodeService implementation:
+  void Initialize(node::mojom::NodeServiceParamsPtr params) override;
+
+ private:
+  bool node_env_stopped_ = false;
+  std::unique_ptr<JavascriptEnvironment> js_env_;
+  std::unique_ptr<NodeBindings> node_bindings_;
+  std::unique_ptr<ElectronBindings> electron_bindings_;
+  std::unique_ptr<NodeEnvironment> node_env_;
+  mojo::Receiver<node::mojom::NodeService> receiver_{this};
+};
+
+}  // namespace electron
+
+#endif  // ELECTRON_SHELL_SERVICES_NODE_NODE_SERVICE_H_

shell/services/node/parent_port.cc

@@ -0,0 +1,133 @@
+// Copyright (c) 2022 Microsoft, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#include "shell/services/node/parent_port.h"
+
+#include <utility>
+
+#include "base/no_destructor.h"
+#include "gin/data_object_builder.h"
+#include "gin/handle.h"
+#include "shell/browser/api/message_port.h"
+#include "shell/common/gin_helper/dictionary.h"
+#include "shell/common/gin_helper/event_emitter_caller.h"
+#include "shell/common/node_includes.h"
+#include "shell/common/v8_value_serializer.h"
+#include "third_party/blink/public/common/messaging/transferable_message_mojom_traits.h"
+
+namespace electron {
+
+gin::WrapperInfo ParentPort::kWrapperInfo = {gin::kEmbedderNativeGin};
+
+ParentPort* ParentPort::GetInstance() {
+  static base::NoDestructor<ParentPort> instance;
+  return instance.get();
+}
+
+ParentPort::ParentPort() = default;
+ParentPort::~ParentPort() = default;
+
+void ParentPort::Initialize(blink::MessagePortDescriptor port) {
+  port_ = std::move(port);
+  connector_ = std::make_unique<mojo::Connector>(
+      port_.TakeHandleToEntangleWithEmbedder(),
+      mojo::Connector::SINGLE_THREADED_SEND,
+      base::ThreadTaskRunnerHandle::Get());
+  connector_->PauseIncomingMethodCallProcessing();
+  connector_->set_incoming_receiver(this);
+  connector_->set_connection_error_handler(
+      base::BindOnce(&ParentPort::Close, base::Unretained(this)));
+}
+
+void ParentPort::PostMessage(v8::Local<v8::Value> message_value) {
+  if (!connector_closed_ && connector_ && connector_->is_valid()) {
+    v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
+    blink::TransferableMessage transferable_message;
+    electron::SerializeV8Value(isolate, message_value, &transferable_message);
+    mojo::Message mojo_message =
+        blink::mojom::TransferableMessage::WrapAsMessage(
+            std::move(transferable_message));
+    connector_->Accept(&mojo_message);
+  }
+}
+
+void ParentPort::Close() {
+  if (!connector_closed_ && connector_->is_valid()) {
+    port_.GiveDisentangledHandle(connector_->PassMessagePipe());
+    connector_ = nullptr;
+    port_.Reset();
+    connector_closed_ = true;
+  }
+}
+
+void ParentPort::Start() {
+  if (!connector_closed_ && connector_ && connector_->is_valid()) {
+    connector_->ResumeIncomingMethodCallProcessing();
+  }
+}
+
+void ParentPort::Pause() {
+  if (!connector_closed_ && connector_ && connector_->is_valid()) {
+    connector_->PauseIncomingMethodCallProcessing();
+  }
+}
+
+bool ParentPort::Accept(mojo::Message* mojo_message) {
+  blink::TransferableMessage message;
+  if (!blink::mojom::TransferableMessage::DeserializeFromMessage(
+          std::move(*mojo_message), &message)) {
+    return false;
+  }
+
+  v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
+  v8::HandleScope handle_scope(isolate);
+  auto wrapped_ports =
+      MessagePort::EntanglePorts(isolate, std::move(message.ports));
+  v8::Local<v8::Value> message_value =
+      electron::DeserializeV8Value(isolate, message);
+  v8::Local<v8::Object> self;
+  if (!GetWrapper(isolate).ToLocal(&self))
+    return false;
+  auto event = gin::DataObjectBuilder(isolate)
+                   .Set("data", message_value)
+                   .Set("ports", wrapped_ports)
+                   .Build();
+  gin_helper::EmitEvent(isolate, self, "message", event);
+  return true;
+}
+
+// static
+gin::Handle<ParentPort> ParentPort::Create(v8::Isolate* isolate) {
+  return gin::CreateHandle(isolate, ParentPort::GetInstance());
+}
+
+// static
+gin::ObjectTemplateBuilder ParentPort::GetObjectTemplateBuilder(
+    v8::Isolate* isolate) {
+  return gin::Wrappable<ParentPort>::GetObjectTemplateBuilder(isolate)
+      .SetMethod("postMessage", &ParentPort::PostMessage)
+      .SetMethod("start", &ParentPort::Start)
+      .SetMethod("pause", &ParentPort::Pause);
+}
+
+const char* ParentPort::GetTypeName() {
+  return "ParentPort";
+}
+
+}  // namespace electron
+
+namespace {
+
+void Initialize(v8::Local<v8::Object> exports,
+                v8::Local<v8::Value> unused,
+                v8::Local<v8::Context> context,
+                void* priv) {
+  v8::Isolate* isolate = context->GetIsolate();
+  gin_helper::Dictionary dict(isolate, exports);
+  dict.SetMethod("createParentPort", &electron::ParentPort::Create);
+}
+
+}  // namespace
+
+NODE_LINKED_MODULE_CONTEXT_AWARE(electron_utility_parent_port, Initialize)

shell/services/node/parent_port.h

@@ -0,0 +1,68 @@
+// Copyright (c) 2022 Microsoft, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+#ifndef ELECTRON_SHELL_SERVICES_NODE_PARENT_PORT_H_
+#define ELECTRON_SHELL_SERVICES_NODE_PARENT_PORT_H_
+
+#include <memory>
+
+#include "gin/wrappable.h"
+#include "mojo/public/cpp/bindings/connector.h"
+#include "mojo/public/cpp/bindings/message.h"
+#include "shell/browser/event_emitter_mixin.h"
+
+namespace v8 {
+template <class T>
+class Local;
+class Value;
+class Isolate;
+}  // namespace v8
+
+namespace gin {
+class Arguments;
+template <typename T>
+class Handle;
+}  // namespace gin
+
+namespace electron {
+
+// There is only a single instance of this class
+// for the lifetime of a Utility Process which
+// also means that GC lifecycle is ignored by this class.
+class ParentPort : public gin::Wrappable<ParentPort>,
+                   public mojo::MessageReceiver {
+ public:
+  static ParentPort* GetInstance();
+  static gin::Handle<ParentPort> Create(v8::Isolate* isolate);
+
+  ParentPort(const ParentPort&) = delete;
+  ParentPort& operator=(const ParentPort&) = delete;
+
+  ParentPort();
+  ~ParentPort() override;
+  void Initialize(blink::MessagePortDescriptor port);
+
+  // gin::Wrappable
+  static gin::WrapperInfo kWrapperInfo;
+  gin::ObjectTemplateBuilder GetObjectTemplateBuilder(
+      v8::Isolate* isolate) override;
+  const char* GetTypeName() override;
+
+ private:
+  void PostMessage(v8::Local<v8::Value> message_value);
+  void Close();
+  void Start();
+  void Pause();
+
+  // mojo::MessageReceiver
+  bool Accept(mojo::Message* mojo_message) override;
+
+  bool connector_closed_ = false;
+  std::unique_ptr<mojo::Connector> connector_;
+  blink::MessagePortDescriptor port_;
+};
+
+}  // namespace electron
+
+#endif  // ELECTRON_SHELL_SERVICES_NODE_PARENT_PORT_H_

shell/services/node/public/mojom/BUILD.gn

@@ -0,0 +1,14 @@
+# Copyright (c) 2022 Microsoft, Inc.
+# Use of this source code is governed by the MIT license that can be
+# found in the LICENSE file.
+
+import("//mojo/public/tools/bindings/mojom.gni")
+
+mojom("mojom") {
+  sources = [ "node_service.mojom" ]
+  public_deps = [
+    "//mojo/public/mojom/base",
+    "//sandbox/policy/mojom",
+    "//third_party/blink/public/mojom:mojom_core",
+  ]
+}

shell/services/node/public/mojom/node_service.mojom

@@ -0,0 +1,21 @@
+// Copyright (c) 2022 Microsoft, Inc.
+// Use of this source code is governed by the MIT license that can be
+// found in the LICENSE file.
+
+module node.mojom;
+
+import "mojo/public/mojom/base/file_path.mojom";
+import "sandbox/policy/mojom/sandbox.mojom";
+import "third_party/blink/public/mojom/messaging/message_port_descriptor.mojom";
+
+struct NodeServiceParams {
+  mojo_base.mojom.FilePath script;
+  array<string> args;
+  array<string> exec_args;
+  blink.mojom.MessagePortDescriptor port;
+};
+
+[ServiceSandbox=sandbox.mojom.Sandbox.kNoSandbox]
+interface NodeService {
+  Initialize(NodeServiceParams params);
+};