6779769d22* chore: bump chromium in DEPS to 139.0.7205.0 * 6543986: Mac: decouple deserializing and applying sandbox policy Refs https://chromium-review.googlesource.com/c/chromium/src/+/6543986 * 6580079: Reland 'Remove the third-party blocking feature' Refs https://chromium-review.googlesource.com/c/chromium/src/+/6580079 * 6505716: guest-contents: Add components/guest_contents Refs https://chromium-review.googlesource.com/c/chromium/src/+/6505716 * 6572556: Move LogMessageManager out of gpu_service_impl.cc. Refs https://chromium-review.googlesource.com/c/chromium/src/+/6572556 * 6566111: Change UtilityProcessHost to manage its instance internally Refs https://chromium-review.googlesource.com/c/chromium/src/+/6566111 * 6550237: Rename ReconnectEventObserver to ConnectionChangeObserverClient Refs https://chromium-review.googlesource.com/c/chromium/src/+/6550237 * 6565918: Validate path is valid UTF8 in SelectFileDialogLinuxPortal Refs https://chromium-review.googlesource.com/c/chromium/src/+/6565918 * 6579713: Remove base::NotFatalUntil::M130 usage 6566111: Change UtilityProcessHost to manage its instance internally Refs https://chromium-review.googlesource.com/c/chromium/src/+/6579713 https://chromium-review.googlesource.com/c/chromium/src/+/6566111 * chore: update chromium patches * chore: update remaining patches * fixup! 6566111: Change UtilityProcessHost to manage its instance internally Refs https://chromium-review.googlesource.com/c/chromium/src/+/6566111 * 6577970: Remove superfluous includes for base/strings/stringprintf.h in headers Refs https://chromium-review.googlesource.com/c/chromium/src/+/6577970 * 6568811: Add FunctionCall structured metrics event for DevTools Refs https://chromium-review.googlesource.com/c/chromium/src/+/6568811 * [PDF Ink Signatures] Support PdfAnnotationsEnabled policy https://chromium-review.googlesource.com/c/chromium/src/+/6558970 * build: disable libcxx modules for rbe * chore: bump chromium in DEPS to 139.0.7217.0 * chore: bump chromium in DEPS to 139.0.7218.0 * chore: update patches fix_use_delegated_generic_capturer_when_available.patch was updated to handle a small change: 6582142: Use content::Create*Capturer in DesktopCaptureDevice. | https://chromium-review.googlesource.com/c/chromium/src/+/6582142 * chore: bump chromium in DEPS to 139.0.7219.0 * chore: update patches * 6594615: Change Chromium's deployment target to macOS 12 https://chromium-review.googlesource.com/c/chromium/src/+/6594615 Updated the assertion message to match the docs structure now too. I removed the callout to the supported versions doc because it has moved and doesn't contain minimum platform version information. * 6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232 |NativeWindow::GetContentMinimumSize| and |NativeWindow::GetContentMaximumSize| may be good opportunities for a refactor now. * add squirrel.mac patch for removed function This was triggered by the macOS 12.0 deployment upgrade change. See: https://developer.apple.com/documentation/coreservices/1444079-uttypeconformsto?language=objc * 6582142: Use content::Create*Capturer in DesktopCaptureDevice. https://chromium-review.googlesource.com/c/chromium/src/+/6582142 * 6579732: Two minor API "quality of life" cleanups in OSCrypt Async https://chromium-review.googlesource.com/c/chromium/src/+/6579732 * chore: add include for base::SingleThreadTaskRunner Not sure what change caused this, I expect it would be a removed include somewhere else, but it's likely not important to track down. * chore: update libcxx filenames * chore: update CI build-tools commit target for macOS SDK 15.4 The following change uses an API that was added in the macOS 15.4 SDK. Support for that SDK version was added later than the current build-tools commit target. 6575804: Use a quick-and-dirty solution to avoid glitching with paste-and-go | https://chromium-review.googlesource.com/c/chromium/src/+/6575804 See: https://developer.apple.com/documentation/appkit/nspasteboard/accessbehavior-swift.enum?language=objc * fixup! 6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232 * chore: bump chromium in DEPS to 139.0.7220.0 * chore: update patches Minor changes due to: 6613978: pwa: let events fall through in the transparent area of TopContainerView | https://chromium-review.googlesource.com/c/chromium/src/+/6613978 6614778: Refactor auto pip tab observer for Android support | https://chromium-review.googlesource.com/c/chromium/src/+/6614778 * 6543986: Mac: decouple deserializing and applying sandbox policy https://chromium-review.googlesource.com/c/chromium/src/+/6543986 The DecodeVarInt and DecodeString functions look benign from a MAS perspective. I suspect they were patched out to avoid "unused function" errors. Their complements for encoding are unpatched, supporting this idea. The code that uses these functions was refactored out of the section that we patch out. Instead of patching out that new function, I decided to treat it the same as the serialization function that is unpatched. * chore: bump chromium in DEPS to 139.0.7222.0 * chore: bump chromium in DEPS to 139.0.7224.0 * chore: bump chromium in DEPS to 139.0.7226.0 * chore: bump chromium in DEPS to 139.0.7228.0 * chore: update patches * Don't use static variable for UseExternalPopupMenus https://chromium-review.googlesource.com/c/chromium/src/+/6534657 * Reland "Roll libc++ from a01c02c9d4ac to a9cc573e7c59 https://chromium-review.googlesource.com/c/chromium/src/+/6607589 * chore: bump chromium in DEPS to 139.0.7219.0 * chore: update patches * revert Don't use static variable for UseExternalPopupMenus * tls: remove deprecated tls.createSecurePair and SecurePair https://github.com/nodejs/node/pull/57361 * Revert "Reland "Roll libc++ from a01c02c9d4ac to a9cc573e7c59" This reverts commit 33e1436a0c598ffa8cd308d08de481ed9cd22168. * test: cleanup api-desktop-capturer-spec.ts * test: more cleanup of api-desktop-capturer-spec.ts * chore: debug dcheck error in webrtc on linux * fixup patch * add debugging to desktop capturer spec * test: fixup api-desktop-capturer-spec.ts for linux * chore: remove debugging patch * Revert "fixup! 6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232" This reverts commit 32e75651c14512572d322e819c98ab1469663bb6. * Revert "6606232: [views] Remove DesktopWindowTreeHostWin::window_enlargement_" This reverts commit 89c51aa1c7771fd7f1d634486bc77f493f1d2ea9. * [views] Remove DesktopWindowTreeHostWin::window_enlargement_ https://chromium-review.googlesource.com/c/chromium/src/+/6606232 Reverting as we need this functionality for now. * fixup: remove patch that was accidentally added back --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Samuel Maddock <smaddock@slack-corp.com> Co-authored-by: deepak1556 <hop2deep@gmail.com> Co-authored-by: clavin <clavin@electronjs.org> Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org>
90 lines
4.3 KiB
Diff
90 lines
4.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
Date: Wed, 28 Nov 2018 13:20:27 -0800
|
|
Subject: support_mixed_sandbox_with_zygote.patch
|
|
|
|
On Linux, Chromium launches all new renderer processes via a "zygote"
|
|
process which has the sandbox pre-initialized (see
|
|
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
|
|
which some renderers are launched with the sandbox engaged and others
|
|
without it, we need the option to launch non-sandboxed renderers without
|
|
going through the zygote.
|
|
|
|
Chromium already supports a `--no-zygote` flag, but it turns off the
|
|
zygote completely, and thus also disables sandboxing. This patch allows
|
|
the `--no-zygote` flag to affect renderer processes on a case-by-case
|
|
basis, checking immediately prior to launch whether to go through the
|
|
zygote or not based on the command-line of the to-be-launched renderer.
|
|
|
|
This patch could conceivably be upstreamed, as it does not affect
|
|
production Chromium (which does not use the `--no-zygote` flag).
|
|
However, the patch would need to be reviewed by the security team, as it
|
|
does touch a security-sensitive class.
|
|
|
|
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
|
|
index b2d6afe09a4c6395a18bee4ea97fa524a51aac85..90a7b376cb0962830f8286ad401c6edc8598e795 100644
|
|
--- a/content/browser/renderer_host/render_process_host_impl.cc
|
|
+++ b/content/browser/renderer_host/render_process_host_impl.cc
|
|
@@ -1845,6 +1845,10 @@ bool RenderProcessHostImpl::Init() {
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
|
|
*cmd_line, IsPdf(), IsJitDisabled());
|
|
+#elif BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
|
|
#else
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
index 9f66bec84f6284d3f20e59342d3e0a7b2917f836..affaca4776178365fe5d3024d2f733c01da07e09 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
@@ -35,6 +35,9 @@ namespace content {
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
ZygoteCommunication* RendererSandboxedProcessLauncherDelegate::GetZygote() {
|
|
+ if (!use_zygote_) {
|
|
+ return nullptr;
|
|
+ }
|
|
const base::CommandLine& browser_command_line =
|
|
*base::CommandLine::ForCurrentProcess();
|
|
base::CommandLine::StringType renderer_prefix =
|
|
@@ -70,6 +73,9 @@ RendererSandboxedProcessLauncherDelegateWin::
|
|
is_pdf_renderer_(is_pdf_renderer) {
|
|
// PDF renderers must be jitless.
|
|
CHECK(!is_pdf_renderer || is_jit_disabled);
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+#endif
|
|
if (is_jit_disabled) {
|
|
dynamic_code_can_be_disabled_ = true;
|
|
return;
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
index e77326f149febfb1e236f221757fe24b989e01c0..4f621d8c36706557151560b2a6e0821a46f39c7f 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
public:
|
|
RendererSandboxedProcessLauncherDelegate() = default;
|
|
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
|
|
+ use_zygote_(use_zygote) {}
|
|
+#endif
|
|
+
|
|
~RendererSandboxedProcessLauncherDelegate() override = default;
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
@@ -30,6 +35,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
|
|
// sandbox::policy::SandboxDelegate:
|
|
sandbox::mojom::Sandbox GetSandboxType() override;
|
|
+
|
|
+ private:
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote_ = true;
|
|
+#endif
|
|
};
|
|
|
|
#if BUILDFLAG(IS_WIN)
|