d02c9f8bc6
* chore: bump chromium in DEPS to 111.0.5522.0 * chore: bump chromium in DEPS to 111.0.5524.0 * chore: bump chromium in DEPS to 111.0.5526.0 * chore: bump chromium in DEPS to 111.0.5528.0 * chore: update patches/chromium/mas_avoid_usage_of_private_macos_apis.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4132807 Fix simple code shear * chore: update patches/chromium/unsandboxed_ppapi_processes_skip_zygote.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4130675 Fix simple code shear * chore: update patches/chromium/hack_plugin_response_interceptor_to_point_to_electron.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4144281 Fix simple code shear; applied cleanly w/patch-fuzz * chore: update patches/chromium/disable_unload_metrics.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4126173 Fix simple code shear; applied cleanly w/patch-fuzz * chore: update patches/chromium/feat_add_data_parameter_to_processsingleton.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4144281 Fix simple code shear; applied cleanly w/patch-fuzz * chore: update patches/chromium/preconnect_manager.patch https://chromium-review.googlesource.com/c/chromium/src/+/4144281 Fix simple code shear; applied cleanly w/patch-fuzz * chore: update patches/v8/force_cppheapcreateparams_to_be_noncopyable.patch https://chromium-review.googlesource.com/c/v8/v8/+/3533019 Fix simple code shear; applied cleanly w/patch-fuzz * chore: update patches * chore: update patches/chromium/add_maximized_parameter_to_linuxui_getwindowframeprovider.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4128765 Upstream added a new call to HeaderContext(), whose signature we have patched * chore: bump chromium in DEPS to 111.0.5530.0 * chore: update patches * Move ChildProcessHost* from content/common to content/browser Xref: Move ChildProcessHost* from content/common to content/browser * Remove RenderViewHostChanged Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4134103 [upstream removal of RenderViewHostChanged] Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4092763 Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4093234 Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4133892 Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4134103 [examples of upstream code adjusting to the change] Upstream handles this change in roughly two approaches: 1. Move the code over to RenderFrameHostChanged(old_host, new_host) but test for new_host->IsInPrimaryMainFrame() before acting 2. Migrate to the PrimaryPageChanged(page) API and use page.GetMainDocument() to get the RenderFrameHost. I've chosen 1. because electron_api_web_contents needed that pointer to old_host to call RemoveInputEventListener(), but I may be missing some context & would appreciate review on this commit. * Make electron/shell/browser/relauncher_win.cc use <winternl.h> Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4129135 Many internal Windows types are now available in winternl.h so upstrem no longer defines the types themselves. * Move ChildProcessHost* from content/common to content/browser Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4134795 * fixup! Make electron/shell/browser/relauncher_win.cc use <winternl.h> winternl.h does not define the field we need, so clone the struct Chromium was using into unnamed namespace * fixup! Move ChildProcessHost* from content/common to content/browser chore: update #includes too * chore: bump chromium in DEPS to 111.0.5532.0 * chore: sync patches/chromium/pepper_plugin_support.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4133323 manually reync patch; no code changes * chore: sync patches/chromium/mas_no_private_api.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4143865 the content/common/pseudonymization_salt.cc patch is no longer needed * chore: sync patches/chromium/mas_disable_remote_accessibility.patch patch-fuzz update; no manual changes * chore: sync patches/chromium/build_do_not_depend_on_packed_resource_integrity.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4111725 manually reync patch; no code changes * chore: sync patches/chromium/create_browser_v8_snapshot_file_name_fuse.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4133323 manually reync patch; no code changes * chore: sync patches/v8/fix_build_deprecated_attribute_for_older_msvc_versions.patch Xref: https://chromium-review.googlesource.com/c/v8/v8/+/4127230 patch-fuzz update; no manual changes * chore: rebuild patches * fixup! Remove RenderViewHostChanged Use PrimaryPageChanged() * chore: remove unused method TabsUpdateFunction::OnExecuteCodeFinished() Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4133991 This private, already-unused function showed up as a FTBFS because it took a base::ListValue parameter and ListValue was removed upstream. * task posting v3: remove includes of runner handles and IWYU task runners Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4133323 * chore: lint * chore: more lint * fixup! task posting v3: remove includes of runner handles and IWYU task runners macOS, too * fixup! task posting v3: remove includes of runner handles and IWYU task runners * chore: bump chromium in DEPS to 111.0.5534.0 * chore: sync patches/chromium/allow_new_privileges_in_unsandboxed_child_processes.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4141862 patch-fuzz update; no manual changes * chore: sync patches/chromium/logging_win32_only_create_a_console_if_logging_to_stderr.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4153110 Sync to minor upstream changes. Add const correctness. * chore: sync electron/patches/chromium/feat_configure_launch_options_for_service_process.patch https://chromium-review.googlesource.com/c/chromium/src/+/4141862 patch-fuzz update; no manual changes * chore: patches/v8/fix_build_deprecated_attribute_for_older_msvc_versions.patch sync https://chromium-review.googlesource.com/c/v8/v8/+/4147787 patch-fuzz update; no manual changes * chore: update patches * chore: bump chromium in DEPS to 111.0.5536.0 * chore: sync patches/chromium/allow_new_privileges_in_unsandboxed_child_processes.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4141863 Sync with upstream code changes. Minor code golf for readability. Note: upstream is laying groundwork for being able to work off of env vars instead of switches. Doesn't affect us yet but worth being aware of. > + // Environment variables could be supported in the future, but are not > + // currently supported when launching with the zygote. * chore: update patches/chromium/feat_expose_raw_response_headers_from_urlloader.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4126836 patch-fuzz update; no manual changes * chore: sync electron/patches/chromium/feat_configure_launch_options_for_service_process.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4141863 manual sync * chore: sync electron/patches/v8/fix_build_deprecated_attribute_for_older_msvc_versions.patch https://chromium-review.googlesource.com/c/v8/v8/+/4147788 fuzz-patch * chore: rebuild patches * chore: bump chromium in DEPS to 111.0.5538.0 * chore: bump chromium in DEPS to 111.0.5540.0 * chore: update patches * Remove sdk_forward_declarations https://chromium-review.googlesource.com/c/chromium/src/+/4166680 * task posting v3: Remove task runner handles from codebase entirely Refs https://chromium-review.googlesource.com/c/chromium/src/+/4150928 * Cleanup child_process_launcher_helper* Refs https://chromium-review.googlesource.com/c/chromium/src/+/4141863 * fix: utilityprocess spec on macOS * fix: build on windows Refs https://chromium-review.googlesource.com/c/chromium/src/+/4141863 * chore: fix lint * chore: bump chromium 111.0.5544.3 * chore: gen filenames.libcxx.gni * Add check for Executable+Writable handles in renderer processes. Refs https://chromium-review.googlesource.com/c/chromium/src/+/3774416 * fixup! Add check for Executable+Writable handles in renderer processes. * 4143761: [110] Disable SwiftShader for WebGL on M1 Macs. https://chromium-review.googlesource.com/c/chromium/src/+/4143761 (cherry picked from commit 2f74db3c2139424c416f92d9169aeaa8a2f9c1ec) * chore: bump chromium to 111.0.5555.0 * 56085: Remove hmac.h include from ssl.h. https://boringssl-review.googlesource.com/c/boringssl/+/56085 * 4167020: Remove forwarding headers https://chromium-review.googlesource.com/c/chromium/src/+/4167020 * chore: bump chromium to 111.0.5559.0 * 4181044: Restrict WebCursor usage to RenderWidgetHostViewAura https://chromium-review.googlesource.com/c/chromium/src/+/4181044 * 4189437: views: rename ink_drop_host_view to ink_drop_host https://chromium-review.googlesource.com/c/chromium/src/+/4189437 * chore: bump chromium to 111.0.5560.0 * 4167016: win7dep: remove non aeroglass code https://chromium-review.googlesource.com/c/chromium/src/+/4167016 * fixup after rebase: Remove forwarding header s https://chromium-review.googlesource.com/c/chromium/src/+/4167020 * 4125755: Reland "Reject getDisplayMedia calls without user activation" https://chromium-review.googlesource.com/c/chromium/src/+/4125755 * test: add workaround * chore: update patches * fix: alter coreModuleRegExp to prevent arm crash * Revert "fix: alter coreModuleRegExp to prevent arm crash" This reverts commit 7e50630c98137831a711c5abdbc8809e60cf1d73. * 4218354: Disable the use of preserve_most on arm64 Windows https://chromium-review.googlesource.com/c/v8/v8/+/4218354 * chore: review changes --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: deepak1556 <hop2deep@gmail.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
95 lines
4.5 KiB
Diff
95 lines
4.5 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
Date: Wed, 28 Nov 2018 13:20:27 -0800
|
|
Subject: support_mixed_sandbox_with_zygote.patch
|
|
|
|
On Linux, Chromium launches all new renderer processes via a "zygote"
|
|
process which has the sandbox pre-initialized (see
|
|
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
|
|
which some renderers are launched with the sandbox engaged and others
|
|
without it, we need the option to launch non-sandboxed renderers without
|
|
going through the zygote.
|
|
|
|
Chromium already supports a `--no-zygote` flag, but it turns off the
|
|
zygote completely, and thus also disables sandboxing. This patch allows
|
|
the `--no-zygote` flag to affect renderer processes on a case-by-case
|
|
basis, checking immediately prior to launch whether to go through the
|
|
zygote or not based on the command-line of the to-be-launched renderer.
|
|
|
|
This patch could conceivably be upstreamed, as it does not affect
|
|
production Chromium (which does not use the `--no-zygote` flag).
|
|
However, the patch would need to be reviewed by the security team, as it
|
|
does touch a security-sensitive class.
|
|
|
|
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
|
|
index 200131d89e8616054c321841b4b27fbee67b5d88..31678701d6ee0aefdb86c046178abdf11277de3d 100644
|
|
--- a/content/browser/renderer_host/render_process_host_impl.cc
|
|
+++ b/content/browser/renderer_host/render_process_host_impl.cc
|
|
@@ -1800,9 +1800,15 @@ bool RenderProcessHostImpl::Init() {
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
|
|
cmd_line.get(), IsJitDisabled());
|
|
+#else
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
|
|
#else
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
|
|
+#endif
|
|
#endif
|
|
|
|
auto file_data = std::make_unique<ChildProcessLauncherFileData>();
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
index 83f3f0d60d9832112f50fbd4ef9fff98ef09d7c4..3ab11ff1a934192d439db7d2102248fa73b47183 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
@@ -33,6 +33,9 @@ namespace content {
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
ZygoteCommunication* RendererSandboxedProcessLauncherDelegate::GetZygote() {
|
|
+ if (!use_zygote_) {
|
|
+ return nullptr;
|
|
+ }
|
|
const base::CommandLine& browser_command_line =
|
|
*base::CommandLine::ForCurrentProcess();
|
|
base::CommandLine::StringType renderer_prefix =
|
|
@@ -62,6 +65,9 @@ RendererSandboxedProcessLauncherDelegateWin::
|
|
GetContentClient()->browser()->IsRendererCodeIntegrityEnabled()),
|
|
renderer_app_container_disabled_(
|
|
GetContentClient()->browser()->IsRendererAppContainerDisabled()) {
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+#endif
|
|
if (is_jit_disabled) {
|
|
dynamic_code_can_be_disabled_ = true;
|
|
return;
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
index 8f6531e5aa2ce7f9faf4c6b24652366fe74941b1..9377b8aefbf3c67ce6a24f0804e913069c0594d2 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
public:
|
|
RendererSandboxedProcessLauncherDelegate() = default;
|
|
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
|
|
+ use_zygote_(use_zygote) {}
|
|
+#endif
|
|
+
|
|
~RendererSandboxedProcessLauncherDelegate() override = default;
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
@@ -29,6 +34,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
#endif // BUILDFLAG(IS_MAC)
|
|
|
|
sandbox::mojom::Sandbox GetSandboxType() override;
|
|
+
|
|
+ private:
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote_ = true;
|
|
+#endif
|
|
};
|
|
|
|
#if BUILDFLAG(IS_WIN)
|