electron/patches/chromium/support_mixed_sandbox_with_zygote.patch
electron-roller[bot] 90af7d7fe2
chore: bump chromium to 111.0.5518.0 (main) (#36575)
* chore: bump chromium in DEPS to 110.0.5461.0

* chore: update patches

* 3903024: hid: Add connection count tracking methods for HidDelegate

https://chromium-review.googlesource.com/c/chromium/src/+/3903024

* 4076211: Turn FrameTreeNode::frame_tree into raw_ref.

https://chromium-review.googlesource.com/c/chromium/src/+/4076211

* chore: bump chromium in DEPS to 110.0.5463.0

* chore: bump chromium in DEPS to 110.0.5465.0

* fix patches

* 3835037: Add new slides media session actions to Picture-in-Picture window

https://chromium-review.googlesource.com/c/chromium/src/+/3835037

* chore: update patches

* chore: bump chromium in DEPS to 110.0.5467.0

* chore: update patches

* chore: bump chromium in DEPS to 110.0.5469.0

* chore: bump chromium in DEPS to 110.0.5471.0

* chore: bump chromium in DEPS to 110.0.5473.0

* chore: bump chromium in DEPS to 110.0.5475.0

* chore: update patches

* 4074449: Add gl::FrameData to software path

https://chromium-review.googlesource.com/c/chromium/src/+/4074449

* 4065264: [Extensions] Add a new side panel view type

https://chromium-review.googlesource.com/c/chromium/src/+/4065264

* 4060548: Remove base::Value::GetListDeprecated().

https://chromium-review.googlesource.com/c/chromium/src/+/4060548

* chore: add missing RefCountedMemory include

* 4081108: task posting v3: remove task_runner_util{.h,_unittest.cc}

https://chromium-review.googlesource.com/c/chromium/src/+/4081108

* 4072471: Rename Mixed Download Blocking to Insecure Download Blocking

https://chromium-review.googlesource.com/c/chromium/src/+/4072471

* 4025927: [Code Health] Migrate e/c/manifest.cc to base::Value::Dict interface

https://chromium-review.googlesource.com/c/chromium/src/+/4025927

* chore: fixup patch indices

* chore: bump chromium in DEPS to 110.0.5477.0

* chore: fixup preconnect_manager.patch

* chore: fixup patch indices

* fixup! 4074449: Add gl::FrameData to software path

* 4074449: Add gl::FrameData to software path

This commit also reformatted the two files in this patch. The only
change here is the addition of the |data| arg to |OnSwapBuffers|.

https://chromium-review.googlesource.com/c/chromium/src/+/4074449

* 4081108: task posting v3: remove task_runner_util{.h,_unittest.cc}

https://chromium-review.googlesource.com/c/chromium/src/+/4081108

* 4085814: [Test Automation] Move NativeWindowTracker to ui/views

https://chromium-review.googlesource.com/c/chromium/src/+/4085814

* 4032656: hid: Abstract HidSystemTrayIcon class for profiles' HID connections

https://chromium-review.googlesource.com/c/chromium/src/+/4032656

* chore: bump chromium in DEPS to 110.0.5479.0

* chore: fixup patches & simplify printing patch

To be specific, I replaced some combination of line removals &
commenting-out with `#if 0` blocks since they were already there for
android.

Should be functionally the same, just written differently for better
patch maintainability.

* chore: bump chromium in DEPS to 110.0.5481.0

* chore: update patch indicies

* 4098946: Migrate Extension::Create() argument to base::Value::Dict (part 4 of 4)

https://chromium-review.googlesource.com/c/chromium/src/+/4098946

* chore: bump chromium in DEPS to 111.0.5482.0

* chore: bump chromium in DEPS to 111.0.5484.0

* chore: bump chromium in DEPS to 111.0.5486.0

* chore: update patch indices

* 4112903: Reland "Move gl::FrameData to gfx::FrameData"

https://chromium-review.googlesource.com/c/chromium/src/+/4112903

* 4056216: Option to create a tab target with Target.createTarget in /json/new

https://chromium-review.googlesource.com/c/chromium/src/+/4056216

* chore: bump chromium in DEPS to 111.0.5488.0

* chore: bump chromium in DEPS to 111.0.5490.0

* chore: bump chromium in DEPS to 111.0.5492.0

* chore: bump chromium in DEPS to 111.0.5494.0

* chore: bump chromium in DEPS to 111.0.5496.0

* chore: bump chromium in DEPS to 111.0.5498.0

* chore: bump chromium in DEPS to 111.0.5500.0

* chore: bump chromium in DEPS to 111.0.5502.0

* chore: update patch indices

+ small update to printing.patch due to:
3653941: [printing] Extract settings logic from PrintJobWorker
https://chromium-review.googlesource.com/c/chromium/src/+/3653941

* 4113994: Cleanup: Rename webui_generated_resources_* to webui_resources_*.
https://chromium-review.googlesource.com/c/chromium/src/+/4113994

* 4112537: Remove DictionaryPrefUpdate.
https://chromium-review.googlesource.com/c/chromium/src/+/4112537

* 4072073: Remove //chrome/browser/ash dependency from pdf_extension_util.cc
https://chromium-review.googlesource.com/c/chromium/src/+/4072073

* 4055223: [Remove FileSystemConnector] Remove DownloadItemRerouteInfo
https://chromium-review.googlesource.com/c/chromium/src/+/4055223

* Migrate base::DictionaryValue to base::Value::Dict

This relates to multiple CLs cleaning up this class in this roll,
but the ones that are specifically relevant here:

4116096: [CodeHealth] Remove DictionaryValue::GetInteger
https://chromium-review.googlesource.com/c/chromium/src/+/4116096

4113764: [CodeHealth] Remove deprecated DictionaryValue::SetInteger()
https://chromium-review.googlesource.com/c/chromium/src/+/4113764

* 3653941: [printing] Extract settings logic from PrintJobWorker
https://chromium-review.googlesource.com/c/chromium/src/+/3653941

* chore: bump chromium in DEPS to 111.0.5504.0

* chore: update patches

* (WIP) 4003663: Enable Microtask queues per WindowAgent.

https://chromium-review.googlesource.com/c/chromium/src/+/4003663

* chore: bump chromium in DEPS to 111.0.5506.0

* chore: update patches

* fix: printing patch

It was complaining that this method isn't used on windows

* chore: bump chromium in DEPS to 111.0.5508.0

* chore: bump chromium in DEPS to 111.0.5510.0

* chore: bump chromium in DEPS to 111.0.5512.0

* chore: bump chromium in DEPS to 111.0.5514.0

* chore: bump chromium in DEPS to 111.0.5516.0

* chore: update patches

* chore: bump chromium in DEPS to 111.0.5518.0

* chore: update patches

* 4027428: [rsafor] Move rsaFor requests to a separate permission

https://chromium-review.googlesource.com/c/chromium/src/+/4027428

* Revert "(WIP) 4003663: Enable Microtask queues per WindowAgent."

This reverts commit cc36d226e3f3fe5f4bea6538102d55ce3203190f.

* chore: disable Microtask queues per WindowAgent.

see https://chromium-review.googlesource.com/c/chromium/src/+/4003663

* chore: cleanup after rebase

* fixup: disable Microtask queues per WindowAgent.

* chore: cleanup password from keychain after test

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: Calvin Watford <cwatford@slack-corp.com>
Co-authored-by: clavin <clavin@electronjs.org>
2023-01-05 21:35:34 -05:00

95 lines
4.5 KiB
Diff

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <nornagon@nornagon.net>
Date: Wed, 28 Nov 2018 13:20:27 -0800
Subject: support_mixed_sandbox_with_zygote.patch
On Linux, Chromium launches all new renderer processes via a "zygote"
process which has the sandbox pre-initialized (see
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
which some renderers are launched with the sandbox engaged and others
without it, we need the option to launch non-sandboxed renderers without
going through the zygote.
Chromium already supports a `--no-zygote` flag, but it turns off the
zygote completely, and thus also disables sandboxing. This patch allows
the `--no-zygote` flag to affect renderer processes on a case-by-case
basis, checking immediately prior to launch whether to go through the
zygote or not based on the command-line of the to-be-launched renderer.
This patch could conceivably be upstreamed, as it does not affect
production Chromium (which does not use the `--no-zygote` flag).
However, the patch would need to be reviewed by the security team, as it
does touch a security-sensitive class.
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
index 44d5616a627d34576cd70eac6dee664a1da25341..0602a370d017a0b82b9056fb53341a30becb7b58 100644
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -1793,9 +1793,15 @@ bool RenderProcessHostImpl::Init() {
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
cmd_line.get(), IsJitDisabled());
+#else
+#if BUILDFLAG(USE_ZYGOTE_HANDLE)
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
#else
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
+#endif
#endif
auto file_data = std::make_unique<ChildProcessLauncherFileData>();
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
index 099ded6131be193050c16d4c0b520810256116bd..52061527afcf99d0af3fd76b25f208928a36491f 100644
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
@@ -33,6 +33,9 @@ namespace content {
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
ZygoteHandle RendererSandboxedProcessLauncherDelegate::GetZygote() {
+ if (!use_zygote_) {
+ return nullptr;
+ }
const base::CommandLine& browser_command_line =
*base::CommandLine::ForCurrentProcess();
base::CommandLine::StringType renderer_prefix =
@@ -62,6 +65,9 @@ RendererSandboxedProcessLauncherDelegateWin::
GetContentClient()->browser()->IsRendererCodeIntegrityEnabled()),
renderer_app_container_disabled_(
GetContentClient()->browser()->IsRendererAppContainerDisabled()) {
+#if BUILDFLAG(USE_ZYGOTE_HANDLE)
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
+#endif
if (is_jit_disabled) {
dynamic_code_can_be_disabled_ = true;
return;
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
index 736b46ec59d495c9e5639fa53d2d76e8510d091c..bc37668adab98027d61f684c95b81d8c1dc893cd 100644
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
public:
RendererSandboxedProcessLauncherDelegate() = default;
+#if BUILDFLAG(USE_ZYGOTE_HANDLE)
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
+ use_zygote_(use_zygote) {}
+#endif
+
~RendererSandboxedProcessLauncherDelegate() override = default;
#if BUILDFLAG(USE_ZYGOTE_HANDLE)
@@ -29,6 +34,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
#endif // BUILDFLAG(IS_MAC)
sandbox::mojom::Sandbox GetSandboxType() override;
+
+ private:
+#if BUILDFLAG(USE_ZYGOTE_HANDLE)
+ bool use_zygote_ = true;
+#endif
};
#if BUILDFLAG(IS_WIN)