ccd4531bfb
* chore: bump chromium in DEPS to 117.0.5846.0 * chore: update patches * 4628901: Bump the macOS deployment target to 10.15 https://chromium-review.googlesource.com/c/chromium/src/+/4628901 * 4593350: [Private Network Access] Trigger Permission Prompt https://chromium-review.googlesource.com/c/chromium/src/+/4593350 * 4631011: Remove unlaunched "InstallReplacementAndroidApp" Platform App APIs https://chromium-review.googlesource.com/c/chromium/src/+/4631011 * chore: disable API deprecation warnings in NSKeyedArchiver * chore: update libcxx filenames * chore: bump chromium in DEPS to 117.0.5848.2 * chore: update feat_add_set_theme_source_to_allow_apps_to.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4629743 No manual changes; patch succeeded with fuzz * chore: update process_singleton.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4605398 Trivial manual patch adjustments to account for code shear. * chore: remove electron::BrowserContext::GetMediaDeviceIDSalt() Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4608130 upstream tldr: - content::BrowserContext::GetMediaDeviceIDSalt() - content::ContentBrowserClient::ArePersistentMediaDeviceIDsAllowed() + content::ContentBrowserClient::GetMediaDeviceIDSalt() This commit leaves ElectronBrowserContext::GetMediaDeviceIDSalt() in place (now non-virtual, non-override). It is now called by the new function ElectronBrowserClient::GetMediaDeviceIDSalt(). As a followup, we might want to consider using the new upstream media_device_salt::MediaDeviceSaltService and removing our electron::MediaDeviceIDSalt code. CC @MarshallOfSound for 2nd opinion since he has done the most work on MediaDeviceIDSalt and may have more context. * chore: fix iwyu breakage Xref: https://chromium-review.googlesource.com/c/chromium/src/+/4629624 electron_browser_main_parts.cc uses ui::ColorProviderManager but didn't include it. Things worked anyway because we got it indirectly from content/public/browser/web_contents.h until 4629624. * chore: remove call to base::mac::IsAtLeastOS10_14 upstream has bumped minimum version to 10.15 so this call is moot? * chore: remove obsolete API_AVAILABLE calls in IAP upstream has bumped minimum version to 10.15 so this call is moot? * chore: remove obsolete API_AVAILABLE calls in electron_application_delegate upstream has bumped minimum version to 10.15 so this call is moot? * chore: remove broken-before-macOS-10.15 patch in mas_avoid_usage_of_private_macos_apis.patch Upstream has bumped minimum to macOS 10.15 * chore: remove @available(macOS 10.14) check Upstream minimum requirement for macOS is now 10.15 * chore: update patches * chore: bump chromium in DEPS to 117.0.5850.0 * chore: update patches * chore: bump chromium in DEPS to 117.0.5852.0 * chore: update patches * Move two params from NetworkContextParams to NetworkContextFilePaths. https://chromium-review.googlesource.com/c/chromium/src/+/4615930 * WebUSB: Add exclusionFilters to USBRequestDeviceOptions https://chromium-review.googlesource.com/c/chromium/src/+/4614682 * Convert /chrome/browser/ui to use ARC https://chromium-review.googlesource.com/c/chromium/src/+/4615920 * fixup! Bump the macOS deployment target to 10.15 * fixup! Bump the macOS deployment target to 10.15 * chore: update libcxx files * win: Remove 10Glass from Windows10Glass function and var names https://chromium-review.googlesource.com/c/chromium/src/+/4641314 * chore: revert 392e5f43 from chromium * Add an ExecutionContext to ScriptState https://chromium-review.googlesource.com/c/chromium/src/+/4609446 * fixup! Add an ExecutionContext to ScriptState * chore: fix header * Revert "chore: revert 392e5f43 from chromium" This reverts commit b7f782943e4ce83cae8cd35780d8d3618cf0772c. * fix: return correct min/max sizes in WinFrameView * fixup! Revert chore: revert 392e5f43 from chromium * fixup! Add an ExecutionContext to ScriptState * Revert "fixup! Revert chore: revert 392e5f43 from chromium" This reverts commit 7e2c7281abfc4f309255339fdba073d90a9ae3eb. * Revert "fix: return correct min/max sizes in WinFrameView" This reverts commit 3f418b1ab5155686730e087ae6cabe4a21b4bb61. * Revert "Revert "chore: revert 392e5f43 from chromium"" This reverts commit 56296d8b7c434147e032e3c3b08c0e371b6c27ba. --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: deepak1556 <hop2deep@gmail.com> Co-authored-by: Cheng Zhao <zcbenz@gmail.com>
256 lines
10 KiB
Diff
256 lines
10 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Raymond Zhao <raymondzhao@microsoft.com>
|
|
Date: Wed, 18 Aug 2021 08:24:10 -0700
|
|
Subject: extend ProcessSingleton
|
|
|
|
This patch applies Electron ProcessSingleton changes onto the Chromium
|
|
files.
|
|
|
|
This patch adds a few changes to the Chromium code:
|
|
1. It adds a parameter `program_name` to the Windows constructor, making
|
|
the generated mutex name on the Windows-side program-dependent,
|
|
rather than shared between all Electron applications.
|
|
2. It adds an `IsAppSandboxed` check for macOS so that
|
|
sandboxed applications generate shorter temp paths.
|
|
3. It adds a `ChangeWindowMessageFilterEx` call to the Windows
|
|
implementation, along with a parameter `is_app_sandboxed` in the
|
|
constructor, to handle the case when the primary app is run with
|
|
admin permissions.
|
|
|
|
diff --git a/chrome/browser/process_singleton.h b/chrome/browser/process_singleton.h
|
|
index b05c0157ecca222452fb38e3b28c9d7cc6bcfbfd..02d9eabfef9521722340739bf86df3dfc30018d7 100644
|
|
--- a/chrome/browser/process_singleton.h
|
|
+++ b/chrome/browser/process_singleton.h
|
|
@@ -102,12 +102,19 @@ class ProcessSingleton {
|
|
base::RepeatingCallback<bool(const base::CommandLine& command_line,
|
|
const base::FilePath& current_directory)>;
|
|
|
|
+#if BUILDFLAG(IS_WIN)
|
|
+ ProcessSingleton(const std::string& program_name,
|
|
+ const base::FilePath& user_data_dir,
|
|
+ bool is_sandboxed,
|
|
+ const NotificationCallback& notification_callback);
|
|
+#else
|
|
ProcessSingleton(const base::FilePath& user_data_dir,
|
|
const NotificationCallback& notification_callback);
|
|
|
|
ProcessSingleton(const ProcessSingleton&) = delete;
|
|
ProcessSingleton& operator=(const ProcessSingleton&) = delete;
|
|
|
|
+#endif
|
|
~ProcessSingleton();
|
|
|
|
// Notify another process, if available. Otherwise sets ourselves as the
|
|
@@ -176,6 +183,8 @@ class ProcessSingleton {
|
|
#if BUILDFLAG(IS_WIN)
|
|
bool EscapeVirtualization(const base::FilePath& user_data_dir);
|
|
|
|
+ std::string program_name_; // Used for mutexName.
|
|
+ bool is_app_sandboxed_; // Whether the Electron app is sandboxed.
|
|
HWND remote_window_; // The HWND_MESSAGE of another browser.
|
|
base::win::MessageWindow window_; // The message-only window.
|
|
bool is_virtualized_; // Stuck inside Microsoft Softricity VM environment.
|
|
diff --git a/chrome/browser/process_singleton_posix.cc b/chrome/browser/process_singleton_posix.cc
|
|
index 356c30cc4bf0d672f62ccf15de829b3c7c42f476..2071c301644f95e6cd0448b08cc7b535343a55a0 100644
|
|
--- a/chrome/browser/process_singleton_posix.cc
|
|
+++ b/chrome/browser/process_singleton_posix.cc
|
|
@@ -54,6 +54,7 @@
|
|
#include <memory>
|
|
#include <set>
|
|
#include <string>
|
|
+#include <tuple>
|
|
#include <type_traits>
|
|
|
|
#include "base/base_paths.h"
|
|
@@ -81,6 +82,7 @@
|
|
#include "base/strings/utf_string_conversions.h"
|
|
#include "base/task/sequenced_task_runner_helpers.h"
|
|
#include "base/task/single_thread_task_runner.h"
|
|
+#include "base/threading/thread_restrictions.h"
|
|
#include "base/threading/platform_thread.h"
|
|
#include "base/time/time.h"
|
|
#include "base/timer/timer.h"
|
|
@@ -97,9 +99,11 @@
|
|
#include "ui/base/l10n/l10n_util.h"
|
|
#include "ui/base/resource/scoped_startup_resource_bundle.h"
|
|
|
|
+#if 0
|
|
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
#include "chrome/browser/ui/process_singleton_dialog_linux.h"
|
|
#endif
|
|
+#endif
|
|
|
|
using content::BrowserThread;
|
|
|
|
@@ -343,6 +347,9 @@ bool SymlinkPath(const base::FilePath& target, const base::FilePath& path) {
|
|
bool DisplayProfileInUseError(const base::FilePath& lock_path,
|
|
const std::string& hostname,
|
|
int pid) {
|
|
+ return true;
|
|
+
|
|
+#if 0
|
|
// Ensure there is an instance of ResourceBundle that is initialized for
|
|
// localized string resource accesses.
|
|
ui::ScopedStartupResourceBundle ensure_startup_resource_bundle;
|
|
@@ -366,6 +373,7 @@ bool DisplayProfileInUseError(const base::FilePath& lock_path,
|
|
|
|
NOTREACHED();
|
|
return false;
|
|
+#endif
|
|
}
|
|
|
|
bool IsChromeProcess(pid_t pid) {
|
|
@@ -406,6 +414,21 @@ bool CheckCookie(const base::FilePath& path, const base::FilePath& cookie) {
|
|
return (cookie == ReadLink(path));
|
|
}
|
|
|
|
+bool IsAppSandboxed() {
|
|
+#if BUILDFLAG(IS_MAC)
|
|
+ // NB: There is no sane API for this, we have to just guess by
|
|
+ // reading tea leaves
|
|
+ base::FilePath home_dir;
|
|
+ if (!base::PathService::Get(base::DIR_HOME, &home_dir)) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ return home_dir.value().find("Library/Containers") != std::string::npos;
|
|
+#else
|
|
+ return false;
|
|
+#endif // BUILDFLAG(IS_MAC)
|
|
+}
|
|
+
|
|
bool ConnectSocket(ScopedSocket* socket,
|
|
const base::FilePath& socket_path,
|
|
const base::FilePath& cookie_path) {
|
|
@@ -773,6 +796,10 @@ ProcessSingleton::ProcessSingleton(
|
|
|
|
ProcessSingleton::~ProcessSingleton() {
|
|
DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
|
|
+ // Manually free resources with IO explicitly allowed.
|
|
+ base::ScopedAllowBlocking allow_blocking;
|
|
+ watcher_ = nullptr;
|
|
+ std::ignore = socket_dir_.Delete();
|
|
}
|
|
|
|
ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcess() {
|
|
@@ -1036,14 +1063,32 @@ bool ProcessSingleton::Create() {
|
|
#endif
|
|
}
|
|
|
|
- // Create the socket file somewhere in /tmp which is usually mounted as a
|
|
- // normal filesystem. Some network filesystems (notably AFS) are screwy and
|
|
- // do not support Unix domain sockets.
|
|
- if (!socket_dir_.CreateUniqueTempDir()) {
|
|
- LOG(ERROR) << "Failed to create socket directory.";
|
|
+ base::FilePath tmp_dir;
|
|
+ if (!base::GetTempDir(&tmp_dir)) {
|
|
+ LOG(ERROR) << "Failed to get temporary directory.";
|
|
return false;
|
|
}
|
|
|
|
+ if (IsAppSandboxed()) {
|
|
+ // For sandboxed applications, the tmp dir could be too long to fit
|
|
+ // addr->sun_path, so we need to make it as short as possible.
|
|
+ if (!socket_dir_.Set(tmp_dir.Append("S"))) {
|
|
+ LOG(ERROR) << "Failed to set socket directory.";
|
|
+ return false;
|
|
+ }
|
|
+ } else {
|
|
+ // Create the socket file somewhere in /tmp which is usually mounted as a
|
|
+ // normal filesystem. Some network filesystems (notably AFS) are screwy and
|
|
+ // do not support Unix domain sockets.
|
|
+ // Prefer CreateUniqueTempDirUnderPath rather than CreateUniqueTempDir as
|
|
+ // the latter will calculate unique paths based on bundle ids which can
|
|
+ // increase the socket path length than what is allowed.
|
|
+ if (!socket_dir_.CreateUniqueTempDirUnderPath(tmp_dir)) {
|
|
+ LOG(ERROR) << "Failed to create socket directory.";
|
|
+ return false;
|
|
+ }
|
|
+ }
|
|
+
|
|
// Check that the directory was created with the correct permissions.
|
|
int dir_mode = 0;
|
|
CHECK(base::GetPosixFilePermissions(socket_dir_.GetPath(), &dir_mode) &&
|
|
diff --git a/chrome/browser/process_singleton_win.cc b/chrome/browser/process_singleton_win.cc
|
|
index 844b1814ba832b82e6f57236a9a5f5380c6a65cc..3dff138357d9e1ae8d572df7630aa6ec429728a3 100644
|
|
--- a/chrome/browser/process_singleton_win.cc
|
|
+++ b/chrome/browser/process_singleton_win.cc
|
|
@@ -28,7 +28,9 @@
|
|
#include "base/win/wmi.h"
|
|
#include "chrome/browser/process_singleton_internal.h"
|
|
#include "chrome/browser/shell_integration.h"
|
|
+#if 0
|
|
#include "chrome/browser/ui/simple_message_box.h"
|
|
+#endif
|
|
#include "chrome/browser/win/chrome_process_finder.h"
|
|
#include "chrome/common/chrome_constants.h"
|
|
#include "chrome/common/chrome_paths.h"
|
|
@@ -163,6 +165,7 @@ bool ProcessLaunchNotification(
|
|
}
|
|
|
|
bool DisplayShouldKillMessageBox() {
|
|
+#if 0
|
|
TRACE_EVENT0("startup", "ProcessSingleton:DisplayShouldKillMessageBox");
|
|
|
|
// Ensure there is an instance of ResourceBundle that is initialized for
|
|
@@ -173,6 +176,10 @@ bool DisplayShouldKillMessageBox() {
|
|
NULL, l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
|
|
l10n_util::GetStringUTF16(IDS_BROWSER_HUNGBROWSER_MESSAGE)) !=
|
|
chrome::MESSAGE_BOX_RESULT_NO;
|
|
+#endif
|
|
+ // This is called when the secondary process can't ping the primary
|
|
+ // process.
|
|
+ return false;
|
|
}
|
|
|
|
// Function was copied from Process::Terminate.
|
|
@@ -255,9 +262,13 @@ bool ProcessSingleton::EscapeVirtualization(
|
|
}
|
|
|
|
ProcessSingleton::ProcessSingleton(
|
|
+ const std::string& program_name,
|
|
const base::FilePath& user_data_dir,
|
|
+ bool is_app_sandboxed,
|
|
const NotificationCallback& notification_callback)
|
|
: notification_callback_(notification_callback),
|
|
+ program_name_(program_name),
|
|
+ is_app_sandboxed_(is_app_sandboxed),
|
|
is_virtualized_(false),
|
|
lock_file_(INVALID_HANDLE_VALUE),
|
|
user_data_dir_(user_data_dir),
|
|
@@ -377,7 +388,7 @@ ProcessSingleton::NotifyOtherProcessOrCreate() {
|
|
bool ProcessSingleton::Create() {
|
|
TRACE_EVENT0("startup", "ProcessSingleton::Create");
|
|
|
|
- static const wchar_t kMutexName[] = L"Local\\ChromeProcessSingletonStartup!";
|
|
+ std::wstring mutexName = base::UTF8ToWide("Local\\" + program_name_ + "ProcessSingletonStartup");
|
|
|
|
remote_window_ = chrome::FindRunningChromeWindow(user_data_dir_);
|
|
if (!remote_window_ && !EscapeVirtualization(user_data_dir_)) {
|
|
@@ -386,7 +397,7 @@ bool ProcessSingleton::Create() {
|
|
// access. As documented, it's clearer to NOT request ownership on creation
|
|
// since it isn't guaranteed we will get it. It is better to create it
|
|
// without ownership and explicitly get the ownership afterward.
|
|
- base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, kMutexName));
|
|
+ base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, mutexName.c_str()));
|
|
if (!only_me.IsValid()) {
|
|
DPLOG(FATAL) << "CreateMutex failed";
|
|
return false;
|
|
@@ -425,6 +436,17 @@ bool ProcessSingleton::Create() {
|
|
window_.CreateNamed(base::BindRepeating(&ProcessLaunchNotification,
|
|
notification_callback_),
|
|
user_data_dir_.value());
|
|
+
|
|
+ // When the app is sandboxed, firstly, the app should not be in
|
|
+ // admin mode, and even if it somehow is, messages from an unelevated
|
|
+ // instance should not be able to be sent to it.
|
|
+ if (!is_app_sandboxed_) {
|
|
+ // NB: Ensure that if the primary app gets started as elevated
|
|
+ // admin inadvertently, secondary windows running not as elevated
|
|
+ // will still be able to send messages.
|
|
+ ::ChangeWindowMessageFilterEx(window_.hwnd(), WM_COPYDATA, MSGFLT_ALLOW,
|
|
+ NULL);
|
|
+ }
|
|
CHECK(result && window_.hwnd());
|
|
}
|
|
}
|