80a3ba5c68
* chore: bump chromium in DEPS to 116.0.5823.0 * chore: update patches * chore: bump chromium in DEPS to 116.0.5825.0 * chore: update patches * chore: bump chromium in DEPS to 116.0.5827.0 * chore: update patches * 4568811: Integrate Search Prefetch with Extensions. https://chromium-review.googlesource.com/c/chromium/src/+/4568811 * 4567511: [DevTools] Add recordCountHistogram API. https://chromium-review.googlesource.com/c/chromium/src/+/4567511 * 4507692: Delete base/guid.h https://chromium-review.googlesource.com/c/chromium/src/+/4507692 * 4589551: Convert some of /base to use ARC https://chromium-review.googlesource.com/c/chromium/src/+/4589551 Also: 4601769: Convert immersive mode controllers to use ARC https://chromium-review.googlesource.com/c/chromium/src/+/4601769 * [viz] Convert MaybeSizeInBytes() to take in SharedImageFormat https://chromium-review.googlesource.com/c/chromium/src/+/4594677 * 4564108: [BRP] Enable check_raw_ptr_fields for Mac https://chromium-review.googlesource.com/c/chromium/src/+/4564108 * chore: bump chromium in DEPS to 116.0.5828.0 * chore: bump chromium in DEPS to 116.0.5829.0 * chore: update patches --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
256 lines
10 KiB
Diff
256 lines
10 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Raymond Zhao <raymondzhao@microsoft.com>
|
|
Date: Wed, 18 Aug 2021 08:24:10 -0700
|
|
Subject: extend ProcessSingleton
|
|
|
|
This patch applies Electron ProcessSingleton changes onto the Chromium
|
|
files.
|
|
|
|
This patch adds a few changes to the Chromium code:
|
|
1. It adds a parameter `program_name` to the Windows constructor, making
|
|
the generated mutex name on the Windows-side program-dependent,
|
|
rather than shared between all Electron applications.
|
|
2. It adds an `IsAppSandboxed` check for macOS so that
|
|
sandboxed applications generate shorter temp paths.
|
|
3. It adds a `ChangeWindowMessageFilterEx` call to the Windows
|
|
implementation, along with a parameter `is_app_sandboxed` in the
|
|
constructor, to handle the case when the primary app is run with
|
|
admin permissions.
|
|
|
|
diff --git a/chrome/browser/process_singleton.h b/chrome/browser/process_singleton.h
|
|
index b05c0157ecca222452fb38e3b28c9d7cc6bcfbfd..02d9eabfef9521722340739bf86df3dfc30018d7 100644
|
|
--- a/chrome/browser/process_singleton.h
|
|
+++ b/chrome/browser/process_singleton.h
|
|
@@ -102,12 +102,19 @@ class ProcessSingleton {
|
|
base::RepeatingCallback<bool(const base::CommandLine& command_line,
|
|
const base::FilePath& current_directory)>;
|
|
|
|
+#if BUILDFLAG(IS_WIN)
|
|
+ ProcessSingleton(const std::string& program_name,
|
|
+ const base::FilePath& user_data_dir,
|
|
+ bool is_sandboxed,
|
|
+ const NotificationCallback& notification_callback);
|
|
+#else
|
|
ProcessSingleton(const base::FilePath& user_data_dir,
|
|
const NotificationCallback& notification_callback);
|
|
|
|
ProcessSingleton(const ProcessSingleton&) = delete;
|
|
ProcessSingleton& operator=(const ProcessSingleton&) = delete;
|
|
|
|
+#endif
|
|
~ProcessSingleton();
|
|
|
|
// Notify another process, if available. Otherwise sets ourselves as the
|
|
@@ -176,6 +183,8 @@ class ProcessSingleton {
|
|
#if BUILDFLAG(IS_WIN)
|
|
bool EscapeVirtualization(const base::FilePath& user_data_dir);
|
|
|
|
+ std::string program_name_; // Used for mutexName.
|
|
+ bool is_app_sandboxed_; // Whether the Electron app is sandboxed.
|
|
HWND remote_window_; // The HWND_MESSAGE of another browser.
|
|
base::win::MessageWindow window_; // The message-only window.
|
|
bool is_virtualized_; // Stuck inside Microsoft Softricity VM environment.
|
|
diff --git a/chrome/browser/process_singleton_posix.cc b/chrome/browser/process_singleton_posix.cc
|
|
index c7c8f4c7f89073990c8fd6269ab83e75abd9ad7d..7cd73bf6d1884bd9b38bcb33de009efb1da2add9 100644
|
|
--- a/chrome/browser/process_singleton_posix.cc
|
|
+++ b/chrome/browser/process_singleton_posix.cc
|
|
@@ -54,6 +54,7 @@
|
|
#include <memory>
|
|
#include <set>
|
|
#include <string>
|
|
+#include <tuple>
|
|
#include <type_traits>
|
|
|
|
#include "base/base_paths.h"
|
|
@@ -81,6 +82,7 @@
|
|
#include "base/strings/utf_string_conversions.h"
|
|
#include "base/task/sequenced_task_runner_helpers.h"
|
|
#include "base/task/single_thread_task_runner.h"
|
|
+#include "base/threading/thread_restrictions.h"
|
|
#include "base/threading/platform_thread.h"
|
|
#include "base/time/time.h"
|
|
#include "base/timer/timer.h"
|
|
@@ -96,9 +98,11 @@
|
|
#include "net/base/network_interfaces.h"
|
|
#include "ui/base/l10n/l10n_util.h"
|
|
|
|
+#if 0
|
|
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
#include "chrome/browser/ui/process_singleton_dialog_linux.h"
|
|
#endif
|
|
+#endif
|
|
|
|
using content::BrowserThread;
|
|
|
|
@@ -342,6 +346,9 @@ bool SymlinkPath(const base::FilePath& target, const base::FilePath& path) {
|
|
bool DisplayProfileInUseError(const base::FilePath& lock_path,
|
|
const std::string& hostname,
|
|
int pid) {
|
|
+ return true;
|
|
+
|
|
+#if 0
|
|
std::u16string error = l10n_util::GetStringFUTF16(
|
|
IDS_PROFILE_IN_USE_POSIX, base::NumberToString16(pid),
|
|
base::ASCIIToUTF16(hostname));
|
|
@@ -361,6 +368,7 @@ bool DisplayProfileInUseError(const base::FilePath& lock_path,
|
|
|
|
NOTREACHED();
|
|
return false;
|
|
+#endif
|
|
}
|
|
|
|
bool IsChromeProcess(pid_t pid) {
|
|
@@ -401,6 +409,21 @@ bool CheckCookie(const base::FilePath& path, const base::FilePath& cookie) {
|
|
return (cookie == ReadLink(path));
|
|
}
|
|
|
|
+bool IsAppSandboxed() {
|
|
+#if BUILDFLAG(IS_MAC)
|
|
+ // NB: There is no sane API for this, we have to just guess by
|
|
+ // reading tea leaves
|
|
+ base::FilePath home_dir;
|
|
+ if (!base::PathService::Get(base::DIR_HOME, &home_dir)) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ return home_dir.value().find("Library/Containers") != std::string::npos;
|
|
+#else
|
|
+ return false;
|
|
+#endif // BUILDFLAG(IS_MAC)
|
|
+}
|
|
+
|
|
bool ConnectSocket(ScopedSocket* socket,
|
|
const base::FilePath& socket_path,
|
|
const base::FilePath& cookie_path) {
|
|
@@ -768,6 +791,10 @@ ProcessSingleton::ProcessSingleton(
|
|
|
|
ProcessSingleton::~ProcessSingleton() {
|
|
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
|
|
+ // Manually free resources with IO explicitly allowed.
|
|
+ base::ScopedAllowBlocking allow_blocking;
|
|
+ watcher_ = nullptr;
|
|
+ std::ignore = socket_dir_.Delete();
|
|
}
|
|
|
|
ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcess() {
|
|
@@ -1031,14 +1058,32 @@ bool ProcessSingleton::Create() {
|
|
#endif
|
|
}
|
|
|
|
- // Create the socket file somewhere in /tmp which is usually mounted as a
|
|
- // normal filesystem. Some network filesystems (notably AFS) are screwy and
|
|
- // do not support Unix domain sockets.
|
|
- if (!socket_dir_.CreateUniqueTempDir()) {
|
|
- LOG(ERROR) << "Failed to create socket directory.";
|
|
+ base::FilePath tmp_dir;
|
|
+ if (!base::GetTempDir(&tmp_dir)) {
|
|
+ LOG(ERROR) << "Failed to get temporary directory.";
|
|
return false;
|
|
}
|
|
|
|
+ if (IsAppSandboxed()) {
|
|
+ // For sandboxed applications, the tmp dir could be too long to fit
|
|
+ // addr->sun_path, so we need to make it as short as possible.
|
|
+ if (!socket_dir_.Set(tmp_dir.Append("S"))) {
|
|
+ LOG(ERROR) << "Failed to set socket directory.";
|
|
+ return false;
|
|
+ }
|
|
+ } else {
|
|
+ // Create the socket file somewhere in /tmp which is usually mounted as a
|
|
+ // normal filesystem. Some network filesystems (notably AFS) are screwy and
|
|
+ // do not support Unix domain sockets.
|
|
+ // Prefer CreateUniqueTempDirUnderPath rather than CreateUniqueTempDir as
|
|
+ // the latter will calculate unique paths based on bundle ids which can
|
|
+ // increase the socket path length than what is allowed.
|
|
+ if (!socket_dir_.CreateUniqueTempDirUnderPath(tmp_dir)) {
|
|
+ LOG(ERROR) << "Failed to create socket directory.";
|
|
+ return false;
|
|
+ }
|
|
+ }
|
|
+
|
|
// Check that the directory was created with the correct permissions.
|
|
int dir_mode = 0;
|
|
CHECK(base::GetPosixFilePermissions(socket_dir_.GetPath(), &dir_mode) &&
|
|
diff --git a/chrome/browser/process_singleton_win.cc b/chrome/browser/process_singleton_win.cc
|
|
index 844b1814ba832b82e6f57236a9a5f5380c6a65cc..3dff138357d9e1ae8d572df7630aa6ec429728a3 100644
|
|
--- a/chrome/browser/process_singleton_win.cc
|
|
+++ b/chrome/browser/process_singleton_win.cc
|
|
@@ -28,7 +28,9 @@
|
|
#include "base/win/wmi.h"
|
|
#include "chrome/browser/process_singleton_internal.h"
|
|
#include "chrome/browser/shell_integration.h"
|
|
+#if 0
|
|
#include "chrome/browser/ui/simple_message_box.h"
|
|
+#endif
|
|
#include "chrome/browser/win/chrome_process_finder.h"
|
|
#include "chrome/common/chrome_constants.h"
|
|
#include "chrome/common/chrome_paths.h"
|
|
@@ -163,6 +165,7 @@ bool ProcessLaunchNotification(
|
|
}
|
|
|
|
bool DisplayShouldKillMessageBox() {
|
|
+#if 0
|
|
TRACE_EVENT0("startup", "ProcessSingleton:DisplayShouldKillMessageBox");
|
|
|
|
// Ensure there is an instance of ResourceBundle that is initialized for
|
|
@@ -173,6 +176,10 @@ bool DisplayShouldKillMessageBox() {
|
|
NULL, l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
|
|
l10n_util::GetStringUTF16(IDS_BROWSER_HUNGBROWSER_MESSAGE)) !=
|
|
chrome::MESSAGE_BOX_RESULT_NO;
|
|
+#endif
|
|
+ // This is called when the secondary process can't ping the primary
|
|
+ // process.
|
|
+ return false;
|
|
}
|
|
|
|
// Function was copied from Process::Terminate.
|
|
@@ -255,9 +262,13 @@ bool ProcessSingleton::EscapeVirtualization(
|
|
}
|
|
|
|
ProcessSingleton::ProcessSingleton(
|
|
+ const std::string& program_name,
|
|
const base::FilePath& user_data_dir,
|
|
+ bool is_app_sandboxed,
|
|
const NotificationCallback& notification_callback)
|
|
: notification_callback_(notification_callback),
|
|
+ program_name_(program_name),
|
|
+ is_app_sandboxed_(is_app_sandboxed),
|
|
is_virtualized_(false),
|
|
lock_file_(INVALID_HANDLE_VALUE),
|
|
user_data_dir_(user_data_dir),
|
|
@@ -377,7 +388,7 @@ ProcessSingleton::NotifyOtherProcessOrCreate() {
|
|
bool ProcessSingleton::Create() {
|
|
TRACE_EVENT0("startup", "ProcessSingleton::Create");
|
|
|
|
- static const wchar_t kMutexName[] = L"Local\\ChromeProcessSingletonStartup!";
|
|
+ std::wstring mutexName = base::UTF8ToWide("Local\\" + program_name_ + "ProcessSingletonStartup");
|
|
|
|
remote_window_ = chrome::FindRunningChromeWindow(user_data_dir_);
|
|
if (!remote_window_ && !EscapeVirtualization(user_data_dir_)) {
|
|
@@ -386,7 +397,7 @@ bool ProcessSingleton::Create() {
|
|
// access. As documented, it's clearer to NOT request ownership on creation
|
|
// since it isn't guaranteed we will get it. It is better to create it
|
|
// without ownership and explicitly get the ownership afterward.
|
|
- base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, kMutexName));
|
|
+ base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, mutexName.c_str()));
|
|
if (!only_me.IsValid()) {
|
|
DPLOG(FATAL) << "CreateMutex failed";
|
|
return false;
|
|
@@ -425,6 +436,17 @@ bool ProcessSingleton::Create() {
|
|
window_.CreateNamed(base::BindRepeating(&ProcessLaunchNotification,
|
|
notification_callback_),
|
|
user_data_dir_.value());
|
|
+
|
|
+ // When the app is sandboxed, firstly, the app should not be in
|
|
+ // admin mode, and even if it somehow is, messages from an unelevated
|
|
+ // instance should not be able to be sent to it.
|
|
+ if (!is_app_sandboxed_) {
|
|
+ // NB: Ensure that if the primary app gets started as elevated
|
|
+ // admin inadvertently, secondary windows running not as elevated
|
|
+ // will still be able to send messages.
|
|
+ ::ChangeWindowMessageFilterEx(window_.hwnd(), WM_COPYDATA, MSGFLT_ALLOW,
|
|
+ NULL);
|
|
+ }
|
|
CHECK(result && window_.hwnd());
|
|
}
|
|
}
|