mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
electron/patches/chromium/process_singleton.patch
electron-roller[bot] 16f459228b
chore: bump chromium to 108.0.5329.0 (main) (#35628) 
Co-authored-by: Samuel Attard <sattard@salesforce.com>
Co-authored-by: VerteDinde <vertedinde@electronjs.org>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2022-10-03 13:21:00 -07:00

248 lines
9.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Raymond Zhao <raymondzhao@microsoft.com>
Date: Wed, 18 Aug 2021 08:24:10 -0700
Subject: extend ProcessSingleton
This patch applies Electron ProcessSingleton changes onto the Chromium
files.
This patch adds a few changes to the Chromium code:
1. It adds a parameter `program_name` to the Windows constructor, making
the generated mutex name on the Windows-side program-dependent,
rather than shared between all Electron applications.
2. It adds an `IsAppSandboxed` check for macOS so that
sandboxed applications generate shorter temp paths.
3. It adds a `ChangeWindowMessageFilterEx` call to the Windows
implementation, along with a parameter `is_app_sandboxed` in the
constructor, to handle the case when the primary app is run with
admin permissions.
diff --git a/chrome/browser/process_singleton.h b/chrome/browser/process_singleton.h
index 2db06b7dc4cb729ebfb5ae48ab676a7bc0697a99..19350d58e817ea8ac7868dd90a08cc25836c9921 100644
--- a/chrome/browser/process_singleton.h
+++ b/chrome/browser/process_singleton.h
@@ -102,12 +102,19 @@ class ProcessSingleton {
base::RepeatingCallback<bool(const base::CommandLine& command_line,
const base::FilePath& current_directory)>;
+#if BUILDFLAG(IS_WIN)
+ ProcessSingleton(const std::string& program_name,
+ const base::FilePath& user_data_dir,
+ bool is_sandboxed,
+ const NotificationCallback& notification_callback);
+#else
ProcessSingleton(const base::FilePath& user_data_dir,
const NotificationCallback& notification_callback);
ProcessSingleton(const ProcessSingleton&) = delete;
ProcessSingleton& operator=(const ProcessSingleton&) = delete;
+#endif
~ProcessSingleton();
// Notify another process, if available. Otherwise sets ourselves as the
@@ -176,6 +183,8 @@ class ProcessSingleton {
#if BUILDFLAG(IS_WIN)
bool EscapeVirtualization(const base::FilePath& user_data_dir);
+ std::string program_name_; // Used for mutexName.
+ bool is_app_sandboxed_; // Whether the Electron app is sandboxed.
HWND remote_window_; // The HWND_MESSAGE of another browser.
base::win::MessageWindow window_; // The message-only window.
bool is_virtualized_; // Stuck inside Microsoft Softricity VM environment.
diff --git a/chrome/browser/process_singleton_posix.cc b/chrome/browser/process_singleton_posix.cc
index afe39196a3882326c27527623ffeeb5019f685b0..455585a9f6d59d65bcfd322f4f925641148cbf55 100644
--- a/chrome/browser/process_singleton_posix.cc
+++ b/chrome/browser/process_singleton_posix.cc
@@ -54,6 +54,7 @@
#include <memory>
#include <set>
#include <string>
+#include <tuple>
#include <type_traits>
#include "base/base_paths.h"
@@ -97,9 +98,11 @@
#include "net/base/network_interfaces.h"
#include "ui/base/l10n/l10n_util.h"
+#if 0
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
#include "chrome/browser/ui/process_singleton_dialog_linux.h"
#endif
+#endif
using content::BrowserThread;
@@ -343,6 +346,9 @@ bool SymlinkPath(const base::FilePath& target, const base::FilePath& path) {
bool DisplayProfileInUseError(const base::FilePath& lock_path,
const std::string& hostname,
int pid) {
+ return true;
+
+#if 0
std::u16string error = l10n_util::GetStringFUTF16(
IDS_PROFILE_IN_USE_POSIX, base::NumberToString16(pid),
base::ASCIIToUTF16(hostname));
@@ -362,6 +368,7 @@ bool DisplayProfileInUseError(const base::FilePath& lock_path,
NOTREACHED();
return false;
+#endif
}
bool IsChromeProcess(pid_t pid) {
@@ -402,6 +409,21 @@ bool CheckCookie(const base::FilePath& path, const base::FilePath& cookie) {
return (cookie == ReadLink(path));
}
+bool IsAppSandboxed() {
+#if BUILDFLAG(IS_MAC)
+ // NB: There is no sane API for this, we have to just guess by
+ // reading tea leaves
+ base::FilePath home_dir;
+ if (!base::PathService::Get(base::DIR_HOME, &home_dir)) {
+ return false;
+ }
+
+ return home_dir.value().find("Library/Containers") != std::string::npos;
+#else
+ return false;
+#endif // BUILDFLAG(IS_MAC)
+}
+
bool ConnectSocket(ScopedSocket* socket,
const base::FilePath& socket_path,
const base::FilePath& cookie_path) {
@@ -768,6 +790,10 @@ ProcessSingleton::ProcessSingleton(
ProcessSingleton::~ProcessSingleton() {
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ // Manually free resources with IO explicitly allowed.
+ base::ThreadRestrictions::ScopedAllowIO allow_io;
+ watcher_ = nullptr;
+ std::ignore = socket_dir_.Delete();
}
ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcess() {
@@ -1031,14 +1057,32 @@ bool ProcessSingleton::Create() {
#endif
}
- // Create the socket file somewhere in /tmp which is usually mounted as a
- // normal filesystem. Some network filesystems (notably AFS) are screwy and
- // do not support Unix domain sockets.
- if (!socket_dir_.CreateUniqueTempDir()) {
- LOG(ERROR) << "Failed to create socket directory.";
+ base::FilePath tmp_dir;
+ if (!base::GetTempDir(&tmp_dir)) {
+ LOG(ERROR) << "Failed to get temporary directory.";
return false;
}
+ if (IsAppSandboxed()) {
+ // For sandboxed applications, the tmp dir could be too long to fit
+ // addr->sun_path, so we need to make it as short as possible.
+ if (!socket_dir_.Set(tmp_dir.Append("S"))) {
+ LOG(ERROR) << "Failed to set socket directory.";
+ return false;
+ }
+ } else {
+ // Create the socket file somewhere in /tmp which is usually mounted as a
+ // normal filesystem. Some network filesystems (notably AFS) are screwy and
+ // do not support Unix domain sockets.
+ // Prefer CreateUniqueTempDirUnderPath rather than CreateUniqueTempDir as
+ // the latter will calculate unique paths based on bundle ids which can
+ // increase the socket path length than what is allowed.
+ if (!socket_dir_.CreateUniqueTempDirUnderPath(tmp_dir)) {
+ LOG(ERROR) << "Failed to create socket directory.";
+ return false;
+ }
+ }
+
// Check that the directory was created with the correct permissions.
int dir_mode = 0;
CHECK(base::GetPosixFilePermissions(socket_dir_.GetPath(), &dir_mode) &&
diff --git a/chrome/browser/process_singleton_win.cc b/chrome/browser/process_singleton_win.cc
index f89f9265ba8de66a2f661a77611334dc91c08c0f..009b522049adc32144c51842369dc1156bd959fa 100644
--- a/chrome/browser/process_singleton_win.cc
+++ b/chrome/browser/process_singleton_win.cc
@@ -29,7 +29,9 @@
#include "base/win/wmi.h"
#include "chrome/browser/process_singleton_internal.h"
#include "chrome/browser/shell_integration.h"
+#if 0
#include "chrome/browser/ui/simple_message_box.h"
+#endif
#include "chrome/browser/win/chrome_process_finder.h"
#include "chrome/common/chrome_constants.h"
#include "chrome/common/chrome_paths.h"
@@ -164,6 +166,7 @@ bool ProcessLaunchNotification(
}
bool DisplayShouldKillMessageBox() {
+#if 0
TRACE_EVENT0("startup", "ProcessSingleton:DisplayShouldKillMessageBox");
// Ensure there is an instance of ResourceBundle that is initialized for
@@ -174,6 +177,10 @@ bool DisplayShouldKillMessageBox() {
NULL, l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
l10n_util::GetStringUTF16(IDS_BROWSER_HUNGBROWSER_MESSAGE)) !=
chrome::MESSAGE_BOX_RESULT_NO;
+#endif
+ // This is called when the secondary process can't ping the primary
+ // process.
+ return false;
}
// Function was copied from Process::Terminate.
@@ -258,9 +265,13 @@ bool ProcessSingleton::EscapeVirtualization(
}
ProcessSingleton::ProcessSingleton(
+ const std::string& program_name,
const base::FilePath& user_data_dir,
+ bool is_app_sandboxed,
const NotificationCallback& notification_callback)
: notification_callback_(notification_callback),
+ program_name_(program_name),
+ is_app_sandboxed_(is_app_sandboxed),
is_virtualized_(false),
lock_file_(INVALID_HANDLE_VALUE),
user_data_dir_(user_data_dir),
@@ -380,7 +391,7 @@ ProcessSingleton::NotifyOtherProcessOrCreate() {
bool ProcessSingleton::Create() {
TRACE_EVENT0("startup", "ProcessSingleton::Create");
- static const wchar_t kMutexName[] = L"Local\\ChromeProcessSingletonStartup!";
+ std::wstring mutexName = base::UTF8ToWide("Local\\" + program_name_ + "ProcessSingletonStartup");
remote_window_ = chrome::FindRunningChromeWindow(user_data_dir_);
if (!remote_window_ && !EscapeVirtualization(user_data_dir_)) {
@@ -389,7 +400,7 @@ bool ProcessSingleton::Create() {
// access. As documented, it's clearer to NOT request ownership on creation
// since it isn't guaranteed we will get it. It is better to create it
// without ownership and explicitly get the ownership afterward.
- base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, kMutexName));
+ base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, mutexName.c_str()));
if (!only_me.IsValid()) {
DPLOG(FATAL) << "CreateMutex failed";
return false;
@@ -428,6 +439,17 @@ bool ProcessSingleton::Create() {
window_.CreateNamed(base::BindRepeating(&ProcessLaunchNotification,
notification_callback_),
user_data_dir_.value());
+
+ // When the app is sandboxed, firstly, the app should not be in
+ // admin mode, and even if it somehow is, messages from an unelevated
+ // instance should not be able to be sent to it.
+ if (!is_app_sandboxed_) {
+ // NB: Ensure that if the primary app gets started as elevated
+ // admin inadvertently, secondary windows running not as elevated
+ // will still be able to send messages.
+ ::ChangeWindowMessageFilterEx(window_.hwnd(), WM_COPYDATA, MSGFLT_ALLOW,
+ NULL);
+ }
CHECK(result && window_.hwnd());
}
}
Reference in a new issue View git blame Copy permalink