mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1
electron/patches/chromium/support_mixed_sandbox_with_zygote.patch
electron-roller[bot] 5d5e672f17
 chore: bump chromium to 141.0.7361.0 (main) (#48054) 
* chore: bump chromium in DEPS to 141.0.7352.0

* chore: update patches

* 6830573: Revert 'Migrate WrappableWithNamedPropertyInterceptor to gin::Wrappable' | https://chromium-review.googlesource.com/c/chromium/src/+/6830573

* chore: bump chromium in DEPS to 141.0.7354.0

* chore: bump chromium in DEPS to 141.0.7356.0

* chore: bump chromium in DEPS to 141.0.7357.0

* chore: bump chromium in DEPS to 141.0.7359.0

* chore: bump chromium in DEPS to 141.0.7361.0

* 6838518: [Mac] Correctly deallocate sandbox error buffers and prevent crash resulting from nullptr assignment | https://chromium-review.googlesource.com/c/chromium/src/+/6838518

* 6850973: Reland "Use base::ByteCount in base::SysInfo." | https://chromium-review.googlesource.com/c/chromium/src/+/6850973

* 6506565: [FPF-CI] Create initial NoiseHash in the browser. | https://chromium-review.googlesource.com/c/chromium/src/+/6506565

* chore: update patches

* fixup! 6850973: Reland "Use base::ByteCount in base::SysInfo." | https://chromium-review.googlesource.com/c/chromium/src/+/6850973

* fixup! 6506565: [FPF-CI] Create initial NoiseHash in the browser. | https://chromium-review.googlesource.com/c/chromium/src/+/6506565

* fix: unsafe buffer warning in fix_properly_honor_printing_page_ranges.patch

* fix: FTBFS in src_remove_dependency_on_wrapper-descriptor-based_cppheap.patch

This change should be upstreamed.

Fixes this error:

../../third_party/electron_node/src/env.cc:606:3: error: no matching function for call to 'Wrap'
  606 |   v8::Object::Wrap<v8::CppHeapPointerTag::kDefaultTag>(
      |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1076:14: note: candidate function template not viable: cannot convert argument of incomplete type 'void *' to 'v8::Object::Wrappable *' for 3rd argument
 1076 | void Object::Wrap(v8::Isolate* isolate, const v8::Local<v8::Object>& wrapper,
      |              ^
 1077 |                   v8::Object::Wrappable* wrappable) {
      |                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1084:14: note: candidate function template not viable: no known conversion from 'Local<Object>' to 'const PersistentBase<Object>' for 2nd argument
 1084 | void Object::Wrap(v8::Isolate* isolate, const PersistentBase<Object>& wrapper,
      |              ^                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../v8/include/v8-object.h:1093:14: note: candidate function template not viable: no known conversion from 'Local<Object>' to 'const BasicTracedReference<Object>' for 2nd argument
 1093 | void Object::Wrap(v8::Isolate* isolate,
      |              ^
 1094 |                   const BasicTracedReference<Object>& wrapper,
      |                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.

* [v8-init] Access crash key only from main thread | https://chromium-review.googlesource.com/c/chromium/src/+/6827167

* chore: e patches all

* chore: remove chore_restore_some_deprecated_wrapper_utility_in_gin.patch from patches

this remove line got re-added when rebasing roller/chromium/main

* chore: e patches all

* fix: include base/time/time.h when using base::Time

* chore: update patches

* Make --host-rules an alias for --host-resolver-rules.

Refs https://chromium-review.googlesource.com/c/chromium/src/+/4867872

* ci: update BUILD_TOOLS_SHA

Refs https://github.com/electron/build-tools/pull/746

* [Fontations] Remove Fontations suffix from font names

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6835930

* temp: debug macOS addon build failure

* Revert "temp: debug macOS addon build failure"

This reverts commit 40bc8abab65dc83e17c4ab97cb6e7522a193fb44.

* test: run tests with Xcode 16.4

* ci: fix tccdb update for macOS 15

* spec: disable opening external application for loadURL

on macOS opening unknown external application will bring
up dialog to choose apps from application store which will
break our other test suites that want to capture screen
for pixel matching.

The loadURL spec that tests bad-scheme://foo is sufficient
that we hit the permission handler for openExternal since
at that point we already know the runtime gave up on handling
the scheme.

* chore: rebase patches

* chore: disable codesiging tests

* ci: update ScreenCaptureApprovals.plist for /bin/bash

* ci: try updating tcc permissions

* ci: update TCC permissions

Refs https://www.rainforestqa.com/blog/macos-tcc-db-deep-dive

* chore: test with 1st quadrant of the window

* chore: adjust for macOS 15 menubar height

---------

Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Keeley Hammond <khammond@slack-corp.com>
Co-authored-by: Keeley Hammond <vertedinde@electronjs.org>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
2025-08-29 12:31:47 +09:00

90 lines
4.3 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Apthorp <nornagon@nornagon.net>
Date: Wed, 28 Nov 2018 13:20:27 -0800
Subject: support_mixed_sandbox_with_zygote.patch
On Linux, Chromium launches all new renderer processes via a "zygote"
process which has the sandbox pre-initialized (see
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
which some renderers are launched with the sandbox engaged and others
without it, we need the option to launch non-sandboxed renderers without
going through the zygote.
Chromium already supports a `--no-zygote` flag, but it turns off the
zygote completely, and thus also disables sandboxing. This patch allows
the `--no-zygote` flag to affect renderer processes on a case-by-case
basis, checking immediately prior to launch whether to go through the
zygote or not based on the command-line of the to-be-launched renderer.
This patch could conceivably be upstreamed, as it does not affect
production Chromium (which does not use the `--no-zygote` flag).
However, the patch would need to be reviewed by the security team, as it
does touch a security-sensitive class.
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
index c20d6b898f517856efb01e9f504a9dfa967fa3c3..95b4a649055e03ef7822a33347ed904ac7d64695 100644
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -1833,6 +1833,10 @@ bool RenderProcessHostImpl::Init() {
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
*cmd_line, IsPdf(), IsJitDisabled());
+#elif BUILDFLAG(USE_ZYGOTE)
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
#else
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
index 33c2fb1dde3cc92383c085fc1277c71ccfffedc0..033a3692e59e9a220a635462542f4f34e7a14f26 100644
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
@@ -35,6 +35,9 @@ namespace content {
#if BUILDFLAG(USE_ZYGOTE)
ZygoteCommunication* RendererSandboxedProcessLauncherDelegate::GetZygote() {
+ if (!use_zygote_) {
+ return nullptr;
+ }
const base::CommandLine& browser_command_line =
*base::CommandLine::ForCurrentProcess();
base::CommandLine::StringType renderer_prefix =
@@ -73,6 +76,9 @@ RendererSandboxedProcessLauncherDelegateWin::
->ShouldRestrictCoreSharingOnRenderer()) {
// PDF renderers must be jitless.
CHECK(!is_pdf_renderer || is_jit_disabled);
+#if BUILDFLAG(USE_ZYGOTE)
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
+#endif
if (is_jit_disabled) {
dynamic_code_can_be_disabled_ = true;
return;
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
index 85e9366a5bb28da302e475c99feb59863890ca09..ce29836e57dc72e0719998e1fa8734fd256e5633 100644
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
public:
RendererSandboxedProcessLauncherDelegate() = default;
+#if BUILDFLAG(USE_ZYGOTE)
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
+ use_zygote_(use_zygote) {}
+#endif
+
~RendererSandboxedProcessLauncherDelegate() override = default;
#if BUILDFLAG(USE_ZYGOTE)
@@ -30,6 +35,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
// sandbox::policy::SandboxDelegate:
sandbox::mojom::Sandbox GetSandboxType() override;
+
+ private:
+#if BUILDFLAG(USE_ZYGOTE)
+ bool use_zygote_ = true;
+#endif
};
#if BUILDFLAG(IS_WIN)
Reference in a new issue View git blame Copy permalink