electron/patches/chromium/support_mixed_sandbox_with_zygote.patch
Alice Zhao 0a3ec0899d
chore: bump chromium to 128.0.6611.0 (32-x-y) (#43017)
* chore: bump chromium to 128.0.6611.0 (main) (#42779)

* chore: bump chromium in DEPS to 128.0.6577.0

* chore: bump chromium in DEPS to 128.0.6579.0

* 5675706: Reland "Reland "Reland "Reland "Add toolchains without PartitionAlloc-Everywhere for dump_syms et al""""

https://chromium-review.googlesource.com/c/chromium/src/+/5675706

* 5668597: [PDF Ink Signatures] Prompt download menu on save when there are edits

https://chromium-review.googlesource.com/c/chromium/src/+/5668597

* 5677014: Reland "Pull data_sharing_sdk from CIPD"

https://chromium-review.googlesource.com/c/chromium/src/+/5677014

* chore: fixup patch indices

* chore: bump chromium in DEPS to 128.0.6581.0

* chore: bump chromium in DEPS to 128.0.6583.0

* update patches

* 5455480: [Extensions] Allow service worker requests to continue without a cert

https://chromium-review.googlesource.com/c/chromium/src/+/5455480

* try to get some debugging output from script/push-patch.js

* chore: bump chromium in DEPS to 128.0.6585.0

* chore: bump chromium in DEPS to 128.0.6587.0

* update patches

* chore: bump chromium in DEPS to 128.0.6589.0

* more patch work

* maybe over here?

* chore: update patches

* 5673207: [HTTPS Upgrades] Disable in captive portal login webview

https://chromium-review.googlesource.com/c/chromium/src/+/5673207

* 5636785: Extensions: WAR: manifest.json's use_dynamic_url requires a dynamic url

https://chromium-review.googlesource.com/c/chromium/src/+/5636785

* chore: bump chromium in DEPS to 128.0.6591.0

* 5665458: Trigger WN2 page when feature is enabled

https://chromium-review.googlesource.com/c/chromium/src/+/5665458

* update patches

* chore: bump chromium in DEPS to 128.0.6593.0

* chore: bump chromium in DEPS to 128.0.6595.0

* chore: bump chromium in DEPS to 128.0.6597.0

* (patch update) 5694586: [compile hints] Remove the usage of v8::Isolate::SetJavaScriptCompileHintsMagicEnabledCallback API
https://chromium-review.googlesource.com/c/chromium/src/+/5694586

* update patches

* 5691287: Reland "Change blink::WebKeyboardEvent to use std::array in is members"
https://chromium-review.googlesource.com/c/chromium/src/+/5691287

The code changed here is modeled after code in `content/renderer/pepper/event_conversion.cc` that was also modified in this CL, so I took the same approach.

* 5529018: Cleanup EnableWebHidOnExtensionServiceWorker flag
https://chromium-review.googlesource.com/c/chromium/src/+/5529018

* 5526324: [Code Health] Add deprecation comment for base::SupportsWeakPtr.
https://chromium-review.googlesource.com/c/chromium/src/+/5526324

Note that this CL actually does make `SupportsWeakPtr` strictly restricted to existing implementations, no new ones. We could add a patch to add ourselves to this list, but it looks like we'll have to refactor this anyways in the near future. Since the refactor seems straightforward, let's try that first.

* chore: bump chromium in DEPS to 128.0.6598.0

* chore: update patches

* 5704737: Rename ExclusiveAccessContext::GetActiveWebContents to avoid conflict
https://chromium-review.googlesource.com/c/chromium/src/+/5704737

* chore: bump chromium in DEPS to 128.0.6601.0

* chore: update patches

* Add `base::StringPiece` header includes

Chromium is working on replacing `base::StringPiece` with `std::string_view`. (See the Chromium Bug below.) They're currently running mass codemods (across many multiple changes) to replace uses of `StringPiece` with `string_view`, including removing the header include for `StringPiece` in those files. This cascades down to our files that were implicitly depending on those includes through some other include.

They're on track to eventually deprecate and remove `StringPiece` so our code should be converted, but that can be done as an upgrade follow-up task. For now, adding the header back to files that need it should suffice for minimal upgrade changes.

Chromium Bug: https://issues.chromium.org/issues/40506050

* 5702737: GlobalRequestID: Avoid unwanted inlining and narrowing int conversions
https://chromium-review.googlesource.com/c/chromium/src/+/5702737

contender for smallest commit 2024

* 5706534: Rename GlobalFeatures to GlobalDesktopFeatures.
https://chromium-review.googlesource.com/c/chromium/src/+/5706534

* 5691321: ui: remove params variants of SelectFile listener functions
https://chromium-review.googlesource.com/c/chromium/src/+/5691321

* 5714949: [Extensions] Display re-enable dialog for MV2 disabled stage
https://chromium-review.googlesource.com/c/chromium/src/+/5714949

* chore: update libc++ filenames

* patch: disable scope reuse & associated dchecks in v8 (hopefully temp, upgrade follow-up)

* fixup! Add `base::StringPiece` header includes

* update MAS patch

5710330: Add crash keys to debug NativeWidgetMacNSWindowBorderlessFrame exception
https://chromium-review.googlesource.com/c/chromium/src/+/5710330

* chore: bump chromium in DEPS to 128.0.6603.0

* chore: update patches

* 5713258: Reland "Preparation for decoupling creation/initialization of context"
https://chromium-review.googlesource.com/c/chromium/src/+/5713258

When destroying a context, it must already be shutdown, and this change enforces it with a new CHECK.

We were overriding `BrowserContextKeyedServiceFactory::BrowserContextShutdown` with an empty implementation, which differed from the default implementation that notifies the `KeyedServiceFactory` that the context has shutdown. Since we were missing this notification, the CHECK would later trip when the service was being destoryed because it was not registered as shutdown when it was shutdown.

* chore: bump chromium in DEPS to 128.0.6605.2

* chore: update patches

* refactor: linux open/save dialog patch

Our existing implementation was relying on an opaque `void* params` parameter that was passed through `ui::SelectFileDialog`.

Recently, that parameter has been getting removed:
- 5691321: ui: remove params variants of SelectFile listener functions | https://chromium-review.googlesource.com/c/chromium/src/+/5691321
- 5709097: ui: remove SelectFileDialog impl params | https://chromium-review.googlesource.com/c/chromium/src/+/5709097
- https://issues.chromium.org/issues/340178601 "reconsider SelectFileDialog"

This restructures the patch to work with mostly the same mechanics, but directly on the `ui::SelectFileDialog` object. This nets us some wins in terms of a smaller patch.

* 5713262: DevTools UI binding AIDA client event returns response
https://chromium-review.googlesource.com/c/chromium/src/+/5713262

* fixup! refactor: linux open/save dialog patch

* chore: bump chromium in DEPS to 128.0.6606.0

* chore: update patches

* fixup! refactor: linux open/save dialog patch

* chore: bump chromium in DEPS to 128.0.6607.0

* chore: update printing.patch

Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5722937

* fix: pwd error in electron-test, nan-test

fix: unshallow depot_tools before 3-way apply

* chore: e patches all

* fixup! fix: pwd error in electron-test, nan-test

* chore: bump chromium in DEPS to 128.0.6609.0

* chore: bump chromium in DEPS to 128.0.6611.0

* chore: update patches

* chore: update libcxx filenames

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: clavin <clavin@electronjs.org>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: Alice Zhao <alice@makenotion.com>

* chore: delete duplicate declaration from merge conflict

* chore: bump chromium in DEPS to 128.0.6613.7

* Revert "chore: bump chromium in DEPS to 128.0.6613.7"

This reverts commit 78047428269c79d4d3532619daf0f07e307f4dbc.

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: Jeremy Rose <nornagon@nornagon.net>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: clavin <clavin@electronjs.org>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
2024-07-25 11:24:11 +02:00

95 lines
4.4 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <nornagon@nornagon.net>
Date: Wed, 28 Nov 2018 13:20:27 -0800
Subject: support_mixed_sandbox_with_zygote.patch
On Linux, Chromium launches all new renderer processes via a "zygote"
process which has the sandbox pre-initialized (see
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
which some renderers are launched with the sandbox engaged and others
without it, we need the option to launch non-sandboxed renderers without
going through the zygote.
Chromium already supports a `--no-zygote` flag, but it turns off the
zygote completely, and thus also disables sandboxing. This patch allows
the `--no-zygote` flag to affect renderer processes on a case-by-case
basis, checking immediately prior to launch whether to go through the
zygote or not based on the command-line of the to-be-launched renderer.
This patch could conceivably be upstreamed, as it does not affect
production Chromium (which does not use the `--no-zygote` flag).
However, the patch would need to be reviewed by the security team, as it
does touch a security-sensitive class.
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
index f8e2b5c2f270b9ed6e8ceda213decb0d81d56a41..03c7c523920d8670bad599dde8e9075f31603c19 100644
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -1604,9 +1604,15 @@ bool RenderProcessHostImpl::Init() {
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
*cmd_line, IsPdf(), /*is_jit_disabled=*/IsPdf());
+#else
+#if BUILDFLAG(USE_ZYGOTE)
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
#else
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
+#endif
#endif
auto tracing_config_memory_region =
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
index 2c724b73a55fa21154ff8cedd41d3ca5738dfa76..b3f5973a4b686542d46d8338722f5fe42c86c529 100644
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
@@ -35,6 +35,9 @@ namespace content {
#if BUILDFLAG(USE_ZYGOTE)
ZygoteCommunication* RendererSandboxedProcessLauncherDelegate::GetZygote() {
+ if (!use_zygote_) {
+ return nullptr;
+ }
const base::CommandLine& browser_command_line =
*base::CommandLine::ForCurrentProcess();
base::CommandLine::StringType renderer_prefix =
@@ -70,6 +73,9 @@ RendererSandboxedProcessLauncherDelegateWin::
is_pdf_renderer_(is_pdf_renderer) {
// PDF renderers must be jitless.
CHECK(!is_pdf_renderer || is_jit_disabled);
+#if BUILDFLAG(USE_ZYGOTE)
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
+#endif
if (is_jit_disabled) {
dynamic_code_can_be_disabled_ = true;
return;
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
index 00038da2c15696b361aea1469ccf73307e44963e..7ccfbf11ecfd56fd165915baa85919eaf2e923b9 100644
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
public:
RendererSandboxedProcessLauncherDelegate() = default;
+#if BUILDFLAG(USE_ZYGOTE)
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
+ use_zygote_(use_zygote) {}
+#endif
+
~RendererSandboxedProcessLauncherDelegate() override = default;
#if BUILDFLAG(USE_ZYGOTE)
@@ -30,6 +35,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
// sandbox::policy::SandboxDelegate:
sandbox::mojom::Sandbox GetSandboxType() override;
+
+ private:
+#if BUILDFLAG(USE_ZYGOTE)
+ bool use_zygote_ = true;
+#endif
};
#if BUILDFLAG(IS_WIN)