3e22f992b0
* chore: bump chromium in DEPS to 128.0.6577.0 * chore: bump chromium in DEPS to 128.0.6579.0 * 5675706: Reland "Reland "Reland "Reland "Add toolchains without PartitionAlloc-Everywhere for dump_syms et al"""" https://chromium-review.googlesource.com/c/chromium/src/+/5675706 * 5668597: [PDF Ink Signatures] Prompt download menu on save when there are edits https://chromium-review.googlesource.com/c/chromium/src/+/5668597 * 5677014: Reland "Pull data_sharing_sdk from CIPD" https://chromium-review.googlesource.com/c/chromium/src/+/5677014 * chore: fixup patch indices * chore: bump chromium in DEPS to 128.0.6581.0 * chore: bump chromium in DEPS to 128.0.6583.0 * update patches * 5455480: [Extensions] Allow service worker requests to continue without a cert https://chromium-review.googlesource.com/c/chromium/src/+/5455480 * try to get some debugging output from script/push-patch.js * chore: bump chromium in DEPS to 128.0.6585.0 * chore: bump chromium in DEPS to 128.0.6587.0 * update patches * chore: bump chromium in DEPS to 128.0.6589.0 * more patch work * maybe over here? * chore: update patches * 5673207: [HTTPS Upgrades] Disable in captive portal login webview https://chromium-review.googlesource.com/c/chromium/src/+/5673207 * 5636785: Extensions: WAR: manifest.json's use_dynamic_url requires a dynamic url https://chromium-review.googlesource.com/c/chromium/src/+/5636785 * chore: bump chromium in DEPS to 128.0.6591.0 * 5665458: Trigger WN2 page when feature is enabled https://chromium-review.googlesource.com/c/chromium/src/+/5665458 * update patches * chore: bump chromium in DEPS to 128.0.6593.0 * chore: bump chromium in DEPS to 128.0.6595.0 * chore: bump chromium in DEPS to 128.0.6597.0 * (patch update) 5694586: [compile hints] Remove the usage of v8::Isolate::SetJavaScriptCompileHintsMagicEnabledCallback API https://chromium-review.googlesource.com/c/chromium/src/+/5694586 * update patches * 5691287: Reland "Change blink::WebKeyboardEvent to use std::array in is members" https://chromium-review.googlesource.com/c/chromium/src/+/5691287 The code changed here is modeled after code in `content/renderer/pepper/event_conversion.cc` that was also modified in this CL, so I took the same approach. * 5529018: Cleanup EnableWebHidOnExtensionServiceWorker flag https://chromium-review.googlesource.com/c/chromium/src/+/5529018 * 5526324: [Code Health] Add deprecation comment for base::SupportsWeakPtr. https://chromium-review.googlesource.com/c/chromium/src/+/5526324 Note that this CL actually does make `SupportsWeakPtr` strictly restricted to existing implementations, no new ones. We could add a patch to add ourselves to this list, but it looks like we'll have to refactor this anyways in the near future. Since the refactor seems straightforward, let's try that first. * chore: bump chromium in DEPS to 128.0.6598.0 * chore: update patches * 5704737: Rename ExclusiveAccessContext::GetActiveWebContents to avoid conflict https://chromium-review.googlesource.com/c/chromium/src/+/5704737 * chore: bump chromium in DEPS to 128.0.6601.0 * chore: update patches * Add `base::StringPiece` header includes Chromium is working on replacing `base::StringPiece` with `std::string_view`. (See the Chromium Bug below.) They're currently running mass codemods (across many multiple changes) to replace uses of `StringPiece` with `string_view`, including removing the header include for `StringPiece` in those files. This cascades down to our files that were implicitly depending on those includes through some other include. They're on track to eventually deprecate and remove `StringPiece` so our code should be converted, but that can be done as an upgrade follow-up task. For now, adding the header back to files that need it should suffice for minimal upgrade changes. Chromium Bug: https://issues.chromium.org/issues/40506050 * 5702737: GlobalRequestID: Avoid unwanted inlining and narrowing int conversions https://chromium-review.googlesource.com/c/chromium/src/+/5702737 contender for smallest commit 2024 * 5706534: Rename GlobalFeatures to GlobalDesktopFeatures. https://chromium-review.googlesource.com/c/chromium/src/+/5706534 * 5691321: ui: remove params variants of SelectFile listener functions https://chromium-review.googlesource.com/c/chromium/src/+/5691321 * 5714949: [Extensions] Display re-enable dialog for MV2 disabled stage https://chromium-review.googlesource.com/c/chromium/src/+/5714949 * chore: update libc++ filenames * patch: disable scope reuse & associated dchecks in v8 (hopefully temp, upgrade follow-up) * fixup! Add `base::StringPiece` header includes * update MAS patch 5710330: Add crash keys to debug NativeWidgetMacNSWindowBorderlessFrame exception https://chromium-review.googlesource.com/c/chromium/src/+/5710330 * chore: bump chromium in DEPS to 128.0.6603.0 * chore: update patches * 5713258: Reland "Preparation for decoupling creation/initialization of context" https://chromium-review.googlesource.com/c/chromium/src/+/5713258 When destroying a context, it must already be shutdown, and this change enforces it with a new CHECK. We were overriding `BrowserContextKeyedServiceFactory::BrowserContextShutdown` with an empty implementation, which differed from the default implementation that notifies the `KeyedServiceFactory` that the context has shutdown. Since we were missing this notification, the CHECK would later trip when the service was being destoryed because it was not registered as shutdown when it was shutdown. * chore: bump chromium in DEPS to 128.0.6605.2 * chore: update patches * refactor: linux open/save dialog patch Our existing implementation was relying on an opaque `void* params` parameter that was passed through `ui::SelectFileDialog`. Recently, that parameter has been getting removed: - 5691321: ui: remove params variants of SelectFile listener functions | https://chromium-review.googlesource.com/c/chromium/src/+/5691321 - 5709097: ui: remove SelectFileDialog impl params | https://chromium-review.googlesource.com/c/chromium/src/+/5709097 - https://issues.chromium.org/issues/340178601 "reconsider SelectFileDialog" This restructures the patch to work with mostly the same mechanics, but directly on the `ui::SelectFileDialog` object. This nets us some wins in terms of a smaller patch. * 5713262: DevTools UI binding AIDA client event returns response https://chromium-review.googlesource.com/c/chromium/src/+/5713262 * fixup! refactor: linux open/save dialog patch * chore: bump chromium in DEPS to 128.0.6606.0 * chore: update patches * fixup! refactor: linux open/save dialog patch * chore: bump chromium in DEPS to 128.0.6607.0 * chore: update printing.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5722937 * fix: pwd error in electron-test, nan-test fix: unshallow depot_tools before 3-way apply * chore: e patches all * fixup! fix: pwd error in electron-test, nan-test * chore: bump chromium in DEPS to 128.0.6609.0 * chore: bump chromium in DEPS to 128.0.6611.0 * chore: update patches * chore: update libcxx filenames --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> Co-authored-by: Jeremy Rose <nornagon@nornagon.net> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: clavin <clavin@electronjs.org> Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: Alice Zhao <alice@makenotion.com>
95 lines
4.4 KiB
Diff
95 lines
4.4 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
Date: Wed, 28 Nov 2018 13:20:27 -0800
|
|
Subject: support_mixed_sandbox_with_zygote.patch
|
|
|
|
On Linux, Chromium launches all new renderer processes via a "zygote"
|
|
process which has the sandbox pre-initialized (see
|
|
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
|
|
which some renderers are launched with the sandbox engaged and others
|
|
without it, we need the option to launch non-sandboxed renderers without
|
|
going through the zygote.
|
|
|
|
Chromium already supports a `--no-zygote` flag, but it turns off the
|
|
zygote completely, and thus also disables sandboxing. This patch allows
|
|
the `--no-zygote` flag to affect renderer processes on a case-by-case
|
|
basis, checking immediately prior to launch whether to go through the
|
|
zygote or not based on the command-line of the to-be-launched renderer.
|
|
|
|
This patch could conceivably be upstreamed, as it does not affect
|
|
production Chromium (which does not use the `--no-zygote` flag).
|
|
However, the patch would need to be reviewed by the security team, as it
|
|
does touch a security-sensitive class.
|
|
|
|
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
|
|
index f8e2b5c2f270b9ed6e8ceda213decb0d81d56a41..03c7c523920d8670bad599dde8e9075f31603c19 100644
|
|
--- a/content/browser/renderer_host/render_process_host_impl.cc
|
|
+++ b/content/browser/renderer_host/render_process_host_impl.cc
|
|
@@ -1604,9 +1604,15 @@ bool RenderProcessHostImpl::Init() {
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
|
|
*cmd_line, IsPdf(), /*is_jit_disabled=*/IsPdf());
|
|
+#else
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
|
|
#else
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
|
|
+#endif
|
|
#endif
|
|
|
|
auto tracing_config_memory_region =
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
index 2c724b73a55fa21154ff8cedd41d3ca5738dfa76..b3f5973a4b686542d46d8338722f5fe42c86c529 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
@@ -35,6 +35,9 @@ namespace content {
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
ZygoteCommunication* RendererSandboxedProcessLauncherDelegate::GetZygote() {
|
|
+ if (!use_zygote_) {
|
|
+ return nullptr;
|
|
+ }
|
|
const base::CommandLine& browser_command_line =
|
|
*base::CommandLine::ForCurrentProcess();
|
|
base::CommandLine::StringType renderer_prefix =
|
|
@@ -70,6 +73,9 @@ RendererSandboxedProcessLauncherDelegateWin::
|
|
is_pdf_renderer_(is_pdf_renderer) {
|
|
// PDF renderers must be jitless.
|
|
CHECK(!is_pdf_renderer || is_jit_disabled);
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+#endif
|
|
if (is_jit_disabled) {
|
|
dynamic_code_can_be_disabled_ = true;
|
|
return;
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
index 00038da2c15696b361aea1469ccf73307e44963e..7ccfbf11ecfd56fd165915baa85919eaf2e923b9 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
public:
|
|
RendererSandboxedProcessLauncherDelegate() = default;
|
|
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
|
|
+ use_zygote_(use_zygote) {}
|
|
+#endif
|
|
+
|
|
~RendererSandboxedProcessLauncherDelegate() override = default;
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
@@ -30,6 +35,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
|
|
// sandbox::policy::SandboxDelegate:
|
|
sandbox::mojom::Sandbox GetSandboxType() override;
|
|
+
|
|
+ private:
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote_ = true;
|
|
+#endif
|
|
};
|
|
|
|
#if BUILDFLAG(IS_WIN)
|