9c019b6147
* chore: bump chromium in DEPS to 136.0.7076.0 * chore: bump chromium in DEPS to 136.0.7077.0 * 6368856: Migrate absl variant.h and utility.h in content (part 2/2) |6368856* 6356528: Clean up LegacyRenderWidgetHostHWND code |6356528* chore: export patches * 6339113: [Viewport Segments] Add CDP commands to override Viewport Segments without overriding other device properties. |6339113* 6352169: [DevTools][MultiInstance] Support new tab in another window on Android |6352169* 6368856: Migrate absl variant.h and utility.h in content (part 2/2) |6368856* 6360858:Clickiness: Wire response from URLLoader to DB, add e2e tests|6360858* chore: bump chromium in DEPS to 136.0.7079.0 * chore: export patches * chore: bump chromium in DEPS to 136.0.7081.0 * chore: export patches * chore: bump chromium in DEPS to 136.0.7083.0 * 6361987: Remove double-declaration with gfx::NativeView and gfx::NativeWindow |6361987* chore: export patches * chore: bump chromium in DEPS to 136.0.7087.0 * chore: export patches * fix: include node patch for missing AtomicsWaitEvent6385540* build: add depot_tools python to path * fix: cppgc init and unregistering v8 isolate6333562CppGc is now initialized earlier so Node can skip reinitializing it. Additionally, gin::IsolateHandle was attempting to destruct an already destructed v8::Isolate upon electron::JavaScriptEnvironment destruction. By removing the call to NodePlatform::UnregisterIsolate, this fixes the crash on app shutdown. * fix: unregister isolate after destruction See code comment. * chore: bump chromium in DEPS to 136.0.7095.0 * chore: sync patches * fix: add script_parsing::ContentScriptType parameter6298395* fix: migrate content::BrowserAccessibilityState methods64014376383275* feat: enableHappyEyeballs option for host resolver6332599* fix: add new cookie exclusion reason6343479* fix: add new url loader method6337340* fix: add new cppgc header file for electron_node headers6348644* fix: disable CREL on Linux ARM64 https://chromium-review.googlesource.com/q/I3a62f02f564f07be63173b0773b4ecaffbe939b9 * fixup! fix: add new cppgc header file for electron_node headers6348644* chore: update corner smoothing patch * fixup! chore: update corner smoothing patch * chore: disable NAN weak tests These two tests are incompatible with a V8 change that disallows running JS code from a weak finalizer callback. Ref:4733273* test: fix task starvation in node test A V8 change makes these contexts get collected in a task that is posted and run asynchronously. The tests were synchronously GC'ing in an infinite loop, preventing the task loop from running the task that would GC these contexts. This change should be upstreamed in some way. Ref:4733273--------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: alice <alice@makenotion.com> Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: clavin <clavin@electronjs.org>
90 lines
4.3 KiB
Diff
90 lines
4.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
Date: Wed, 28 Nov 2018 13:20:27 -0800
|
|
Subject: support_mixed_sandbox_with_zygote.patch
|
|
|
|
On Linux, Chromium launches all new renderer processes via a "zygote"
|
|
process which has the sandbox pre-initialized (see
|
|
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
|
|
which some renderers are launched with the sandbox engaged and others
|
|
without it, we need the option to launch non-sandboxed renderers without
|
|
going through the zygote.
|
|
|
|
Chromium already supports a `--no-zygote` flag, but it turns off the
|
|
zygote completely, and thus also disables sandboxing. This patch allows
|
|
the `--no-zygote` flag to affect renderer processes on a case-by-case
|
|
basis, checking immediately prior to launch whether to go through the
|
|
zygote or not based on the command-line of the to-be-launched renderer.
|
|
|
|
This patch could conceivably be upstreamed, as it does not affect
|
|
production Chromium (which does not use the `--no-zygote` flag).
|
|
However, the patch would need to be reviewed by the security team, as it
|
|
does touch a security-sensitive class.
|
|
|
|
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
|
|
index 28e952d9766566e0a5213492aaf606aa56dc23f6..c0d553dcbb37db7657c2374d4a6b978d7bfee88c 100644
|
|
--- a/content/browser/renderer_host/render_process_host_impl.cc
|
|
+++ b/content/browser/renderer_host/render_process_host_impl.cc
|
|
@@ -1814,6 +1814,10 @@ bool RenderProcessHostImpl::Init() {
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
|
|
*cmd_line, IsPdf(), IsJitDisabled());
|
|
+#elif BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
|
|
#else
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
index 9f66bec84f6284d3f20e59342d3e0a7b2917f836..affaca4776178365fe5d3024d2f733c01da07e09 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
@@ -35,6 +35,9 @@ namespace content {
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
ZygoteCommunication* RendererSandboxedProcessLauncherDelegate::GetZygote() {
|
|
+ if (!use_zygote_) {
|
|
+ return nullptr;
|
|
+ }
|
|
const base::CommandLine& browser_command_line =
|
|
*base::CommandLine::ForCurrentProcess();
|
|
base::CommandLine::StringType renderer_prefix =
|
|
@@ -70,6 +73,9 @@ RendererSandboxedProcessLauncherDelegateWin::
|
|
is_pdf_renderer_(is_pdf_renderer) {
|
|
// PDF renderers must be jitless.
|
|
CHECK(!is_pdf_renderer || is_jit_disabled);
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+#endif
|
|
if (is_jit_disabled) {
|
|
dynamic_code_can_be_disabled_ = true;
|
|
return;
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
index e77326f149febfb1e236f221757fe24b989e01c0..4f621d8c36706557151560b2a6e0821a46f39c7f 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
public:
|
|
RendererSandboxedProcessLauncherDelegate() = default;
|
|
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
|
|
+ use_zygote_(use_zygote) {}
|
|
+#endif
|
|
+
|
|
~RendererSandboxedProcessLauncherDelegate() override = default;
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
@@ -30,6 +35,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
|
|
// sandbox::policy::SandboxDelegate:
|
|
sandbox::mojom::Sandbox GetSandboxType() override;
|
|
+
|
|
+ private:
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote_ = true;
|
|
+#endif
|
|
};
|
|
|
|
#if BUILDFLAG(IS_WIN)
|