mirror of
https://github.com/electron/electron.git
synced 2026-01-06 22:24:03 -05:00
809ab09b6f
* chore: bump chromium in DEPS to 145.0.7588.0 * fix(patch-conflict): update scroll_bounce_flag for split overscroll methods Chromium split IsElasticOverscrollEnabled() into two methods: IsElasticOverscrollEnabledOnRoot() and IsElasticOverscrollSupported(). Updated patch to apply the scroll-bounce command-line switch to both methods. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7233733 * fix(patch-conflict): update exclusive_access patch context Upstream refactored the profile variable declaration. Updated patch to match new surrounding context with brace-style if statement. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7239252 * fix(patch-conflict): update screen capture kit non-shareable filter Upstream refactored PiP window exclusion to use GetWindowsToExclude() helper function. Updated patch to combine non-shareable window filtering with the new helper's output. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7274596 * fix(patch-conflict): update corner smoothing CSS property id position Upstream added new internal overscroll CSS properties. Updated patch to add kElectronCornerSmoothing after the new entries. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7234051 * fix(patch-conflict): update permission patches for new permission types Upstream added new permission types: LOCAL_NETWORK, LOOPBACK_NETWORK, and GEOLOCATION_APPROXIMATE. Updated Electron permission patches to include these new types and renumber Electron-specific permissions. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7231952 * fix(patch-conflict): update memory query fallback for new function signature Upstream added AmountOfTotalPhysicalMemory() with PCHECK. Updated patch to maintain fallback logic with correct ByteSize return type. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254886 * chore: update patch hunk headers * fix(patch): update reclient-configs patch to use new file mode The fix_add_python_remote_wrapper patch was using 'copy from' mode which caused inconsistent behavior between local and CI git versions. Changed to 'new file' mode for consistent patch application. * fix(patch-conflict): remove duplicate GEOLOCATION_APPROXIMATE case Upstream moved GEOLOCATION_APPROXIMATE earlier in the switch statement in GetPermissionString(). The 3-way merge kept both the old and new positions, causing a duplicate case error. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/6397637 * chore: update libcxx filenames for new headers * chore: bump chromium in DEPS to 145.0.7590.0 * chore: update patch hunk headers * fix(patch): update memory fallback return type to ByteSize Upstream changed the return type from ByteCount to ByteSize. * fix: suppress nodiscard warning in node_file.cc libc++ added [[nodiscard]] to std::filesystem::copy_options operator|= which causes build failures with -Werror. * 7229082: update CopyFromSurface to use CopyFromSurfaceResult Upstream changed CopyFromSurface callback to return base::expected<viz::CopyOutputBitmapWithMetadata, std::string> instead of SkBitmap, enabling better error handling. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7229082 * 7254070: add ip_address_space param to OnLocalNetworkAccessPermissionRequired Upstream added IPAddressSpace parameter to check address space for proper permission handling in Local Network Access. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254070 * 7136679: add spelling_markers param to RequestCheckingOfText Upstream added spelling_markers parameter to report misspelling ranges from Blink to Spellcheck to IME. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7136679 * 7240487: remove second param from RegisterWebSafeIsolatedScheme Upstream removed the schemes_okay_to_appear_as_origin_headers_ parameter. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7240487 * 7254577: use explicit WebElement constructor WebElement default constructor now requires explicit construction rather than brace initialization. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7254577 * 7256335: remove override from CreateGlobalFeaturesForTesting Upstream removed BrowserProcess::CreateGlobalFeaturesForTesting virtual method so the override specifier is no longer valid. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7256335 * chore: add missing SingleThreadTaskRunner include A transitive include of SingleThreadTaskRunner was removed upstream, requiring an explicit include. Ref: Unable to locate specific CL (transitive include change) * 7260483: add LOCAL_NETWORK, LOOPBACK_NETWORK permission type cases Upstream added new permission types for Local Network Access split permissions. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7260483 * chore: update patch hunk headers * 7264893: update postMessage tests for file: origin serialization change Chromium now serializes file: origins as 'null' in MessageEvent per spec. This is a security improvement aligning with the HTML spec behavior. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7264893 * fix: add paths to custom scheme URLs in protocol tests Custom scheme URLs without paths (e.g. test-scheme://foo) cause a DCHECK crash in ASAN builds when CorsURLLoader tries to log the request via GenerateRequestLine -> PathForRequest, which asserts that the path is non-empty. Adding trailing slashes ensures URLs have valid paths. * chore: bump chromium in DEPS to 145.0.7592.0 * chore: update patches (trivial only) * chore: bump chromium in DEPS to 145.0.7594.0 * chore: bump chromium in DEPS to 145.0.7596.0 * chore: update accelerator.patch no manual changes; patch applied with fuzz 2 (offset 1 line) * chore: update patches (trivial only) * chore: node ./script/gen-libc++-filenames.js --------- Co-authored-by: Alice Zhao <alicelovescake@anthropic.com> Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr <charles@charleskerr.com>
91 lines
4.3 KiB
Diff
91 lines
4.3 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Jeremy Apthorp <nornagon@nornagon.net>
|
|
Date: Wed, 28 Nov 2018 13:20:27 -0800
|
|
Subject: support_mixed_sandbox_with_zygote.patch
|
|
|
|
On Linux, Chromium launches all new renderer processes via a "zygote"
|
|
process which has the sandbox pre-initialized (see
|
|
//docs/linux_zygote.md). In order to support mixed-sandbox mode, in
|
|
which some renderers are launched with the sandbox engaged and others
|
|
without it, we need the option to launch non-sandboxed renderers without
|
|
going through the zygote.
|
|
|
|
Chromium already supports a `--no-zygote` flag, but it turns off the
|
|
zygote completely, and thus also disables sandboxing. This patch allows
|
|
the `--no-zygote` flag to affect renderer processes on a case-by-case
|
|
basis, checking immediately prior to launch whether to go through the
|
|
zygote or not based on the command-line of the to-be-launched renderer.
|
|
|
|
This patch could conceivably be upstreamed, as it does not affect
|
|
production Chromium (which does not use the `--no-zygote` flag).
|
|
However, the patch would need to be reviewed by the security team, as it
|
|
does touch a security-sensitive class.
|
|
|
|
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
|
|
index c42299a4faf470a1f0b4b0bd3de70fa9c4e39486..8bbf6800a7932b80c9690df23799e3795a3dea74 100644
|
|
--- a/content/browser/renderer_host/render_process_host_impl.cc
|
|
+++ b/content/browser/renderer_host/render_process_host_impl.cc
|
|
@@ -1934,6 +1934,10 @@ bool RenderProcessHostImpl::Init() {
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegateWin>(
|
|
*cmd_line, IsPdf(), IsJitDisabled());
|
|
+#elif BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+ std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
+ std::make_unique<RendererSandboxedProcessLauncherDelegate>(use_zygote);
|
|
#else
|
|
std::unique_ptr<SandboxedProcessLauncherDelegate> sandbox_delegate =
|
|
std::make_unique<RendererSandboxedProcessLauncherDelegate>();
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
index 0936beb23188f0d07cd5750f3a2e56dc560fdef2..996eab5dae4ffa6b7898cc070de8162ad2130d70 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.cc
|
|
@@ -35,6 +35,9 @@ namespace content {
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
ZygoteCommunication* RendererSandboxedProcessLauncherDelegate::GetZygote() {
|
|
+ if (!use_zygote_) {
|
|
+ return nullptr;
|
|
+ }
|
|
const base::CommandLine& browser_command_line =
|
|
*base::CommandLine::ForCurrentProcess();
|
|
base::CommandLine::StringType renderer_prefix =
|
|
@@ -71,6 +74,9 @@ RendererSandboxedProcessLauncherDelegateWin::
|
|
->ShouldRestrictCoreSharingOnRenderer()) {
|
|
// PDF renderers must be jitless.
|
|
CHECK(!is_pdf_renderer || is_jit_disabled);
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ use_zygote_ = !cmd_line->HasSwitch(switches::kNoZygote);
|
|
+#endif
|
|
if (is_jit_disabled) {
|
|
dynamic_code_can_be_disabled_ = true;
|
|
return;
|
|
diff --git a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
index b98b23a95003c3e3dd7b2da6a48b956cdbeb5251..0597eca8efa2bea2cb800c6919b59dfb64c87083 100644
|
|
--- a/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
+++ b/content/browser/renderer_host/renderer_sandboxed_process_launcher_delegate.h
|
|
@@ -18,6 +18,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
public:
|
|
RendererSandboxedProcessLauncherDelegate() = default;
|
|
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ RendererSandboxedProcessLauncherDelegate(bool use_zygote):
|
|
+ use_zygote_(use_zygote) {}
|
|
+#endif
|
|
+
|
|
~RendererSandboxedProcessLauncherDelegate() override = default;
|
|
|
|
#if BUILDFLAG(USE_ZYGOTE)
|
|
@@ -30,6 +35,11 @@ class CONTENT_EXPORT RendererSandboxedProcessLauncherDelegate
|
|
|
|
// sandbox::policy::SandboxDelegate:
|
|
sandbox::mojom::Sandbox GetSandboxType() override;
|
|
+
|
|
+ private:
|
|
+#if BUILDFLAG(USE_ZYGOTE)
|
|
+ bool use_zygote_ = true;
|
|
+#endif
|
|
};
|
|
|
|
#if BUILDFLAG(IS_WIN)
|