c670e38b4b
* chore: bump chromium in DEPS to 124.0.6361.0 * chore: bump chromium in DEPS to 124.0.6363.0 * chore: update patches Manually apply printing.patch w/no code changes due to upstream shear. Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5349263 * chore: bump chromium in DEPS to 124.0.6365.0 * chore: bump chromium in DEPS to 124.0.6367.0 * update patches * 5371735: Rename SystemGeolocationSourceMac to SystemGeolocationSourceApple https://chromium-review.googlesource.com/c/chromium/src/+/5371735 * missed a MAS bit * chore: update windows toolchain 5350823: New toolchain for Windows 11 10.0.22621.2428 SDK | https://chromium-review.googlesource.com/c/chromium/src/+/5350823 * chore: bump chromium in DEPS to 125.0.6368.0 * fix patches * chore: update patches * 5232401: [PDF] Move generic utils from //chrome to //components/pdf (1/2) https://chromium-review.googlesource.com/c/chromium/src/+/5232401 * revert https://chromium-review.googlesource.com/c/chromium/src/+/5380898 * chore: bump chromium in DEPS to 125.0.6370.0 * build: use updated windows toolchain * fix patches * chore: update patches * more pdf_util to components * 5372414: [Extensions] Remove DispatcherDelegate https://chromium-review.googlesource.com/c/chromium/src/+/5372414 * fix accessibility_ui patch * chore: bump chromium in DEPS to 125.0.6372.0 * chore: bump chromium in DEPS to 125.0.6374.0 * chore: bump chromium in DEPS to 125.0.6376.0 * chore: bump chromium in DEPS to 125.0.6378.0 * chore: bump chromium in DEPS to 125.0.6379.3 * chore: update patches (+ MAS patch changes) * chore: update patches * 5381159: Cleanup media::KeySystemSupportObserver https://chromium-review.googlesource.com/c/chromium/src/+/5381159 * 5382233: Reland "Web `Speech to Text` with SODA backend" https://chromium-review.googlesource.com/c/chromium/src/+/5382233 * chore: update `exclusive_access` patch - 5367497: Add a metric for the website state when Fullscreen API is requested - https://chromium-review.googlesource.com/c/chromium/src/+/5367497 * chore: add build dependency 5367497: Add a metric for the website state when Fullscreen API is requested https://chromium-review.googlesource.com/c/chromium/src/+/5367497 * chore: bump chromium in DEPS to 125.0.6382.0 * chore: update libcxx filenames * chore: update patches * chore: bump chromium in DEPS to 125.0.6384.0 * chore: remove old patch * 5394039: [Extensions] Change "blessed" -> "privileged" in extension feature files https://chromium-review.googlesource.com/c/chromium/src/+/5394039 * fix: remove deprecated errno constants in node/libuv * 5362194: Return expected from ProcessMetrics CPU methods https://chromium-review.googlesource.com/c/chromium/src/+/5362194 * 5383927: Add new Pickle factory functions with explicit ownership https://chromium-review.googlesource.com/c/chromium/src/+/5383927 * 5373340: Simplify app-region/Draggable Region implementation https://chromium-review.googlesource.com/c/chromium/src/+/5373340 * 5386875: Cleanup printing preferences files https://chromium-review.googlesource.com/c/chromium/src/+/5386875 * chore: update libc++ filenames * fix: add enterprise buildflags dep * chore: bump chromium in DEPS to 125.0.6386.0 * chore: add build dep * chore: update patches * chore: bump chromium in DEPS to 125.0.6388.0 * chore: bump chromium in DEPS to 125.0.6390.0 * chore: update patches * 4918014: preloading: Add NewTabPagePageLoadMetricsObserver https://chromium-review.googlesource.com/c/chromium/src/+/4918014 * 5401234: [PDF] Remove `PDFDocumentHelperClient::FindPdfChildFrame` API https://chromium-review.googlesource.com/c/chromium/src/+/5401234 * 5116175: Relocate Windows XPS printing feature helper methods https://chromium-review.googlesource.com/c/chromium/src/+/5116175 * fixup! 5373340: Simplify app-region/Draggable Region implementation https://chromium-review.googlesource.com/c/chromium/src/+/5373340 * fixup! chore: add build dep * chore: remove dead code & dead patch Was dealing with https://chromium-review.googlesource.com/c/chromium/src/+/5402805 when I realized this code is no longer possible to call. It seems like this code became dead in the previous roll (#41514). The patch exposed a `DxdiagDx12VulkanRequested` method on Chromium's `GpuDataManagerImpl`, which we consumed only in our own `GPUInfoManager::NeedsCompleteGpuInfoCollection`. There are no other references to this method, so it and the patch can both be deleted. Yay! * chore: bump chromium in DEPS to 125.0.6392.0 * chore: bump chromium in DEPS to 125.0.6393.0 * chore: update patches * chore: bump chromium in DEPS to 125.0.6394.0 * chore: bump chromium in DEPS to 125.0.6396.0 * chore: bump chromium in DEPS to 125.0.6397.0 * chore: update printing.patch Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5100842 No code changes, but had to apply patch manually due to upstream code shear * chore: update add_maximized_parameter_to_linuxui_getwindowframeprovider.patch No manual changes; patch applied with fuzz 1 * chore: update feat_allow_code_cache_in_custom_schemes.patch No manual changes; patch applied with fuzz 2 * chore: silence "space before tab in indent" git rebase-apply warning * chore: e patches all * build: update all.gn to avoid FTBFS when disabling raw_ptr Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5371737 * Rename PdfService Mojo interface to PdfHost Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5411957 * chore: bump chromium in DEPS to 125.0.6398.0 * chore: update patches * chore: bump chromium in DEPS to 125.0.6400.0 * chore: update patches * [media] Remove unused `GetSupportedKeySystems` from MediaClient Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5420247 * chore: update JSInjection::New call to match upstream change Xref: https://chromium-review.googlesource.com/c/chromium/src/+/5403967 [Extensions] Wire up the renderer for multiple user script worlds * 5362362: Derive display ID from monitor adapter ID instead of szDevice. https://chromium-review.googlesource.com/c/chromium/src/+/5362362 * 5116175: Relocate Windows XPS printing feature helper methods https://chromium-review.googlesource.com/c/chromium/src/+/5116175 * chore: add v8-sandbox.h to electron-node * chore: update patches * chore: update patches * fixup! 5394039: [Extensions] Change blessed -> privileged in extension feature files * chore: bump chromium in DEPS to 125.0.6412.0 * chore: update patches * chore: node script/gen-libc++-filenames.js * [FPF] Create Fingerprinting Protection ruleset service. Refs https://chromium-review.googlesource.com/c/chromium/src/+/5420158 * Add ExclusiveAccessPermissionManager Refs https://chromium-review.googlesource.com/c/chromium/src/+/5273787 * Preserve the PNG colorspace when decoding into a SkBitmap. Refs https://chromium-review.googlesource.com/c/chromium/src/+/5421254 * chore: iwyu * fix: abstract-socket compilation * ci: bump container for node 20 support * fixup! abstract-socket compilation * fix: compiling nan specs * chore: revert winreg version bump accidental bump to 1.2.5 revealed failing app.setasdefaultprotocolclient test suite. Should be revisited separately. * ci: set node 20 for darwin x64 tests * fix: broken patch export * chore: cleanup mas_avoid_private_macos_api_usage.patch.patch Removed code that was inadvertently put back after https://chromium-review.googlesource.com/c/chromium/src/+/5348565 removed it --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr <charles@charleskerr.com> Co-authored-by: Jeremy Rose <jeremya@chromium.org> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com> Co-authored-by: clavin <clavin@electronjs.org> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> Co-authored-by: deepak1556 <hop2deep@gmail.com>
407 lines
11 KiB
C++
407 lines
11 KiB
C++
// Copyright (c) 2014 GitHub, Inc.
|
|
// Use of this source code is governed by the MIT license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "shell/common/asar/archive.h"
|
|
|
|
#include <string>
|
|
#include <string_view>
|
|
#include <utility>
|
|
#include <vector>
|
|
|
|
#include "base/check.h"
|
|
#include "base/containers/span.h"
|
|
#include "base/files/file.h"
|
|
#include "base/files/file_util.h"
|
|
#include "base/json/json_reader.h"
|
|
#include "base/logging.h"
|
|
#include "base/pickle.h"
|
|
#include "base/values.h"
|
|
#include "electron/fuses.h"
|
|
#include "shell/common/asar/asar_util.h"
|
|
#include "shell/common/asar/scoped_temporary_file.h"
|
|
#include "shell/common/thread_restrictions.h"
|
|
|
|
#if BUILDFLAG(IS_WIN)
|
|
#include <io.h>
|
|
#endif
|
|
|
|
namespace asar {
|
|
|
|
namespace {
|
|
|
|
#if BUILDFLAG(IS_WIN)
|
|
const char kSeparators[] = "\\/";
|
|
#else
|
|
const char kSeparators[] = "/";
|
|
#endif
|
|
|
|
const base::Value::Dict* GetNodeFromPath(std::string path,
|
|
const base::Value::Dict& root);
|
|
|
|
// Gets the "files" from "dir".
|
|
const base::Value::Dict* GetFilesNode(const base::Value::Dict& root,
|
|
const base::Value::Dict& dir) {
|
|
// Test for symbol linked directory.
|
|
const std::string* link = dir.FindString("link");
|
|
if (link != nullptr) {
|
|
const base::Value::Dict* linked_node = GetNodeFromPath(*link, root);
|
|
if (!linked_node)
|
|
return nullptr;
|
|
return linked_node->FindDict("files");
|
|
}
|
|
|
|
return dir.FindDict("files");
|
|
}
|
|
|
|
// Gets sub-file "name" from "dir".
|
|
const base::Value::Dict* GetChildNode(const base::Value::Dict& root,
|
|
const std::string& name,
|
|
const base::Value::Dict& dir) {
|
|
if (name.empty())
|
|
return &root;
|
|
|
|
const base::Value::Dict* files = GetFilesNode(root, dir);
|
|
return files ? files->FindDict(name) : nullptr;
|
|
}
|
|
|
|
// Gets the node of "path" from "root".
|
|
const base::Value::Dict* GetNodeFromPath(std::string path,
|
|
const base::Value::Dict& root) {
|
|
if (path.empty())
|
|
return &root;
|
|
|
|
const base::Value::Dict* dir = &root;
|
|
for (size_t delimiter_position = path.find_first_of(kSeparators);
|
|
delimiter_position != std::string::npos;
|
|
delimiter_position = path.find_first_of(kSeparators)) {
|
|
const base::Value::Dict* child =
|
|
GetChildNode(root, path.substr(0, delimiter_position), *dir);
|
|
if (!child)
|
|
return nullptr;
|
|
|
|
dir = child;
|
|
path.erase(0, delimiter_position + 1);
|
|
}
|
|
|
|
return GetChildNode(root, path, *dir);
|
|
}
|
|
|
|
bool FillFileInfoWithNode(Archive::FileInfo* info,
|
|
uint32_t header_size,
|
|
bool load_integrity,
|
|
const base::Value::Dict* node) {
|
|
if (std::optional<int> size = node->FindInt("size")) {
|
|
info->size = static_cast<uint32_t>(*size);
|
|
} else {
|
|
return false;
|
|
}
|
|
|
|
if (std::optional<bool> unpacked = node->FindBool("unpacked")) {
|
|
info->unpacked = *unpacked;
|
|
if (info->unpacked) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
const std::string* offset = node->FindString("offset");
|
|
if (offset &&
|
|
base::StringToUint64(std::string_view{*offset}, &info->offset)) {
|
|
info->offset += header_size;
|
|
} else {
|
|
return false;
|
|
}
|
|
|
|
if (std::optional<bool> executable = node->FindBool("executable")) {
|
|
info->executable = *executable;
|
|
}
|
|
|
|
#if BUILDFLAG(IS_MAC)
|
|
if (load_integrity &&
|
|
electron::fuses::IsEmbeddedAsarIntegrityValidationEnabled()) {
|
|
if (const base::Value::Dict* integrity = node->FindDict("integrity")) {
|
|
const std::string* algorithm = integrity->FindString("algorithm");
|
|
const std::string* hash = integrity->FindString("hash");
|
|
std::optional<int> block_size = integrity->FindInt("blockSize");
|
|
const base::Value::List* blocks = integrity->FindList("blocks");
|
|
|
|
if (algorithm && hash && block_size && block_size > 0 && blocks) {
|
|
IntegrityPayload integrity_payload;
|
|
integrity_payload.hash = *hash;
|
|
integrity_payload.block_size =
|
|
static_cast<uint32_t>(block_size.value());
|
|
for (auto& value : *blocks) {
|
|
if (const std::string* block = value.GetIfString()) {
|
|
integrity_payload.blocks.push_back(*block);
|
|
} else {
|
|
LOG(FATAL)
|
|
<< "Invalid block integrity value for file in ASAR archive";
|
|
}
|
|
}
|
|
if (*algorithm == "SHA256") {
|
|
integrity_payload.algorithm = HashAlgorithm::kSHA256;
|
|
info->integrity = std::move(integrity_payload);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!info->integrity.has_value()) {
|
|
LOG(FATAL) << "Failed to read integrity for file in ASAR archive";
|
|
}
|
|
}
|
|
#endif
|
|
|
|
return true;
|
|
}
|
|
|
|
} // namespace
|
|
|
|
IntegrityPayload::IntegrityPayload()
|
|
: algorithm(HashAlgorithm::kNone), block_size(0) {}
|
|
IntegrityPayload::~IntegrityPayload() = default;
|
|
IntegrityPayload::IntegrityPayload(const IntegrityPayload& other) = default;
|
|
|
|
Archive::FileInfo::FileInfo()
|
|
: unpacked(false), executable(false), size(0), offset(0) {}
|
|
Archive::FileInfo::~FileInfo() = default;
|
|
|
|
Archive::Archive(const base::FilePath& path)
|
|
: initialized_(false), path_(path), file_(base::File::FILE_OK) {
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
file_.Initialize(path_, base::File::FLAG_OPEN | base::File::FLAG_READ);
|
|
#if BUILDFLAG(IS_WIN)
|
|
fd_ = _open_osfhandle(reinterpret_cast<intptr_t>(file_.GetPlatformFile()), 0);
|
|
#elif BUILDFLAG(IS_POSIX)
|
|
fd_ = file_.GetPlatformFile();
|
|
#endif
|
|
}
|
|
|
|
Archive::~Archive() {
|
|
#if BUILDFLAG(IS_WIN)
|
|
if (fd_ != -1) {
|
|
_close(fd_);
|
|
// Don't close the handle since we already closed the fd.
|
|
file_.TakePlatformFile();
|
|
}
|
|
#endif
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
file_.Close();
|
|
}
|
|
|
|
bool Archive::Init() {
|
|
// Should only be initialized once
|
|
CHECK(!initialized_);
|
|
initialized_ = true;
|
|
|
|
if (!file_.IsValid()) {
|
|
if (file_.error_details() != base::File::FILE_ERROR_NOT_FOUND) {
|
|
LOG(WARNING) << "Opening " << path_.value() << ": "
|
|
<< base::File::ErrorToString(file_.error_details());
|
|
}
|
|
return false;
|
|
}
|
|
|
|
std::vector<char> buf;
|
|
int len;
|
|
|
|
buf.resize(8);
|
|
{
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
len = file_.ReadAtCurrentPos(buf.data(), buf.size());
|
|
}
|
|
if (len != static_cast<int>(buf.size())) {
|
|
PLOG(ERROR) << "Failed to read header size from " << path_.value();
|
|
return false;
|
|
}
|
|
|
|
uint32_t size;
|
|
if (!base::PickleIterator(base::Pickle::WithData(base::as_byte_span(buf)))
|
|
.ReadUInt32(&size)) {
|
|
LOG(ERROR) << "Failed to parse header size from " << path_.value();
|
|
return false;
|
|
}
|
|
|
|
buf.resize(size);
|
|
{
|
|
electron::ScopedAllowBlockingForElectron allow_blocking;
|
|
len = file_.ReadAtCurrentPos(buf.data(), buf.size());
|
|
}
|
|
if (len != static_cast<int>(buf.size())) {
|
|
PLOG(ERROR) << "Failed to read header from " << path_.value();
|
|
return false;
|
|
}
|
|
|
|
std::string header;
|
|
if (!base::PickleIterator(base::Pickle::WithData(base::as_byte_span(buf)))
|
|
.ReadString(&header)) {
|
|
LOG(ERROR) << "Failed to parse header from " << path_.value();
|
|
return false;
|
|
}
|
|
|
|
#if BUILDFLAG(IS_MAC) || BUILDFLAG(IS_WIN)
|
|
// Validate header signature if required and possible
|
|
if (electron::fuses::IsEmbeddedAsarIntegrityValidationEnabled() &&
|
|
RelativePath().has_value()) {
|
|
std::optional<IntegrityPayload> integrity = HeaderIntegrity();
|
|
if (!integrity.has_value()) {
|
|
LOG(FATAL) << "Failed to get integrity for validatable asar archive: "
|
|
<< RelativePath().value();
|
|
}
|
|
|
|
// Currently we only support the sha256 algorithm, we can add support for
|
|
// more below ensure we read them in preference order from most secure to
|
|
// least
|
|
if (integrity.value().algorithm != HashAlgorithm::kNone) {
|
|
ValidateIntegrityOrDie(header.c_str(), header.length(),
|
|
integrity.value());
|
|
} else {
|
|
LOG(FATAL) << "No eligible hash for validatable asar archive: "
|
|
<< RelativePath().value();
|
|
}
|
|
|
|
header_validated_ = true;
|
|
}
|
|
#endif
|
|
|
|
std::optional<base::Value> value = base::JSONReader::Read(header);
|
|
if (!value || !value->is_dict()) {
|
|
LOG(ERROR) << "Failed to parse header";
|
|
return false;
|
|
}
|
|
|
|
header_size_ = 8 + size;
|
|
header_ = std::move(value->GetDict());
|
|
return true;
|
|
}
|
|
|
|
#if !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_WIN)
|
|
std::optional<IntegrityPayload> Archive::HeaderIntegrity() const {
|
|
return std::nullopt;
|
|
}
|
|
|
|
std::optional<base::FilePath> Archive::RelativePath() const {
|
|
return std::nullopt;
|
|
}
|
|
#endif
|
|
|
|
bool Archive::GetFileInfo(const base::FilePath& path, FileInfo* info) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::Value::Dict* node =
|
|
GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
const std::string* link = node->FindString("link");
|
|
if (link)
|
|
return GetFileInfo(base::FilePath::FromUTF8Unsafe(*link), info);
|
|
|
|
return FillFileInfoWithNode(info, header_size_, header_validated_, node);
|
|
}
|
|
|
|
bool Archive::Stat(const base::FilePath& path, Stats* stats) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::Value::Dict* node =
|
|
GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
if (node->Find("link")) {
|
|
stats->type = FileType::kLink;
|
|
return true;
|
|
}
|
|
|
|
if (node->Find("files")) {
|
|
stats->type = FileType::kDirectory;
|
|
return true;
|
|
}
|
|
|
|
return FillFileInfoWithNode(stats, header_size_, header_validated_, node);
|
|
}
|
|
|
|
bool Archive::Readdir(const base::FilePath& path,
|
|
std::vector<base::FilePath>* files) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::Value::Dict* node =
|
|
GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
const base::Value::Dict* files_node = GetFilesNode(*header_, *node);
|
|
if (!files_node)
|
|
return false;
|
|
|
|
for (const auto iter : *files_node)
|
|
files->push_back(base::FilePath::FromUTF8Unsafe(iter.first));
|
|
return true;
|
|
}
|
|
|
|
bool Archive::Realpath(const base::FilePath& path,
|
|
base::FilePath* realpath) const {
|
|
if (!header_)
|
|
return false;
|
|
|
|
const base::Value::Dict* node =
|
|
GetNodeFromPath(path.AsUTF8Unsafe(), *header_);
|
|
if (!node)
|
|
return false;
|
|
|
|
const std::string* link = node->FindString("link");
|
|
if (link) {
|
|
*realpath = base::FilePath::FromUTF8Unsafe(*link);
|
|
return true;
|
|
}
|
|
|
|
*realpath = path;
|
|
return true;
|
|
}
|
|
|
|
bool Archive::CopyFileOut(const base::FilePath& path, base::FilePath* out) {
|
|
if (!header_)
|
|
return false;
|
|
|
|
base::AutoLock auto_lock(external_files_lock_);
|
|
|
|
auto it = external_files_.find(path.value());
|
|
if (it != external_files_.end()) {
|
|
*out = it->second->path();
|
|
return true;
|
|
}
|
|
|
|
FileInfo info;
|
|
if (!GetFileInfo(path, &info))
|
|
return false;
|
|
|
|
if (info.unpacked) {
|
|
*out = path_.AddExtension(FILE_PATH_LITERAL("unpacked")).Append(path);
|
|
return true;
|
|
}
|
|
|
|
auto temp_file = std::make_unique<ScopedTemporaryFile>();
|
|
base::FilePath::StringType ext = path.Extension();
|
|
if (!temp_file->InitFromFile(&file_, ext, info.offset, info.size,
|
|
info.integrity))
|
|
return false;
|
|
|
|
#if BUILDFLAG(IS_POSIX)
|
|
if (info.executable) {
|
|
// chmod a+x temp_file;
|
|
base::SetPosixFilePermissions(temp_file->path(), 0755);
|
|
}
|
|
#endif
|
|
|
|
*out = temp_file->path();
|
|
external_files_[path.value()] = std::move(temp_file);
|
|
return true;
|
|
}
|
|
|
|
int Archive::GetUnsafeFD() const {
|
|
return fd_;
|
|
}
|
|
|
|
} // namespace asar
|