mirror of
https://github.com/electron/electron.git
synced 2026-02-19 03:14:51 -05:00
a65cfed500
* chore: bump chromium in DEPS to 146.0.7652.0 * fix(patch-conflict): update mas_avoid_private_macos_api_usage context for constrainFrameRect method The upstream CL added a new constrainFrameRect:toScreen: method override to NativeWidgetMacNSWindow as part of headless mode window zoom implementation. The MAS patch's #endif for frameViewClassForStyleMask now correctly appears after that method, since constrainFrameRect is a public API override that doesn't need to be guarded. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7487666 * fix(patch-conflict): update printing.patch for base::DictValue rename Updated printing.patch to use the new base::DictValue type name instead of base::Value::Dict following Chromium's type renaming change. This affects CompleteUpdatePrintSettings() signature and related code. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820 * fix(patch-conflict): update accessibility_ui patch for base::DictValue/ListValue rename Updated adjust_accessibility_ui_for_electron.patch to use the new base::DictValue and base::ListValue type names instead of base::Value::Dict and base::Value::List following Chromium's type renaming change. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509820 * chore: update patches * 6625736: Rename DURABLE_STORAGE to PERSISTENT_STORAGE for consistency | https://chromium-review.googlesource.com/c/chromium/src/+/6625736 * chore: bump chromium in DEPS to 146.0.7653.0 * chore: update patches * 7000847: add type tag to v8::External for gin_helper function templates The upstream gin function templates now use v8::ExternalPointerTypeTag for type safety when using v8::External. Updated Electron's forked gin_helper function template to use the same kGinInternalCallbackHolderBaseTag that Chromium's gin uses. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847 * fix(patch-update): extend V8 Object API deprecation patch for Node.js Extended the existing patch to cover additional files that use GetAlignedPointerFromInternalField and SetAlignedPointerInInternalField: - src/stream_base-inl.h - src/udp_wrap.cc - src/js_udp_wrap.cc - src/node_process_methods.cc - src/node_snapshotable.cc - src/base_object.cc These APIs now require an EmbedderDataTypeTag parameter. Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956 * 7000847: add type tag to v8::External calls in shared_texture Updated v8::External::New and v8::External::Value calls to use the kExternalPointerTypeTagDefault tag as required by the V8 API change that deprecates the tagless versions. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7000847 * 7508687: use ChildProcessId for file permission APIs The ChildProcessSecurityPolicy::CanReadFile and GrantReadFile APIs now require ChildProcessId instead of int. Updated to use GetID() instead of GetDeprecatedID() for these specific calls. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7508687 * 7000847: add type tag to v8::External calls in callback and osr_converter The v8::External API now requires an EmbedderPointerTypeTag parameter for both New() and Value() methods to improve V8 sandbox type safety. Updated calls in: - callback.cc: TranslatorHolder constructor and CallTranslator - osr_converter.cc: OffscreenSharedTextureValue converter Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7000847 * fixup! 7087956: [api] Promote deprecation of v8::Context and v8::Object API methods Extended the Node.js patch to cover histogram.cc which also uses SetAlignedPointerInInternalField and GetAlignedPointerFromInternalField APIs that now require the EmbedderDataTypeTag parameter. Ref: https://chromium-review.googlesource.com/c/v8/v8/+/7087956 * chore: bump chromium in DEPS to 146.0.7655.0 * chore: update patches * 7509043: update WebSpellingMarker type for API change The upstream Chromium API changed - WebSpellingMarker was moved from a nested type within WebTextCheckClient to a standalone type in the blink namespace. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7509043 * 7498491: update process_id to use OriginatingProcess type The upstream Chromium API changed - URLLoaderFactoryParams::process_id was changed from an integer to a union type network::OriginatingProcess that distinguishes between browser and renderer processes. - For browser process requests, use OriginatingProcess::browser() - For renderer process lookups, check !is_browser() and use renderer_process().value() to get the child_id Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7498491 * 5710330: Add crash keys to debug NativeWidgetMacNSWindowBorderlessFrame exception | https://chromium-review.googlesource.com/c/chromium/src/+/5710330 5710330 added a new NSNextStepFrame interface extension and implementations for NativeWidgetMacNSWindowTitledFrame and NativeWidgetMacNSWindowBorderlessFrame. These use private macOS APIs that are not available in Mac App Store builds. * chore: update patches * chore: bump chromium in DEPS to 146.0.7661.0 * chore: bump chromium in DEPS to 146.0.7663.0 * fix(patch-conflict): update accessibility_ui for string_view API change Upstream removed redundant std::string(default_api_type) conversion as part of a string_view optimization cleanup. Updated patch context to match. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7514107 * fix(patch-conflict): update service process launch options for sandbox API refactor Upstream removed content/common/sandbox_init_win.cc and content/public/common/sandbox_init_win.h, moving the functionality directly into ChildProcessLauncherHelper. Updated patch to call sandbox::policy::SandboxWin::StartSandboxedProcess directly with the LaunchOptions pointer instead of going through the removed helper. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7528253 * fix(patch-conflict): update MAS safestorage for keychain API refactor Upstream refactored KeychainPassword::GetPassword() to use a new GetPasswordImpl() helper function with improved error tracking via base::expected<std::string, OSStatus>. Adapted patch to use the new GetPasswordImpl with the suffixed account name and handle migration from legacy accounts through the new API. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7516438 * chore: update patches * chore: bump chromium in DEPS to 146.0.7663.0 * fix: base::Value::Dict -> base::DictValue https://chromium-review.googlesource.com/c/chromium/src/+/7513889 * fix: include new cookie exclusion reason https://chromium-review.googlesource.com/c/chromium/src/+/7486527 * fix: enable libc++ ABI flag for trivially copyable std::vector<bool> Required for changes introduced in the following CL https://chromium-review.googlesource.com/c/chromium/src/+/7513653 * fixup! fix: base::Value::Dict -> base::DictValue https://chromium-review.googlesource.com/c/chromium/src/+/7513889 * fix: spellcheck not working in tests https://chromium-review.googlesource.com/c/chromium/src/+/7452579 * fix: cookie test failing due to multiple rejection reasons https://chromium-review.googlesource.com/c/chromium/src/+/7506629 * fix: macos sizing unmaximized window incorrectly https://chromium-review.googlesource.com/c/chromium/src/+/7487666 Changes to headless mode caused the unmaximized window to subtract the height of the menubar. * fix: skip tests for incompatible BoringSSL ML-DSA crypto https://boringssl-review.googlesource.com/c/boringssl/+/84929 * test: fix pseudonymization registration in utility process on Linux Ref: 7486913: Pass pseudonymization salt via shared memory at process launch | https://chromium-review.googlesource.com/c/chromium/src/+/7486913 * fix: restore MAS patch-outs Restores some `#if !IS_MAS_BUILD()` gates dropped in773054ad59* fixup! 7508687: use ChildProcessId for file permission APIs * fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor * chore: add note about parallel upstream change * fixup! Merge remote-tracking branch 'origin/main' into roller/chromium/main * Revert "fixup! 7508687: use ChildProcessId for file permission APIs" This reverts commit05c43e4e5d. The _impl version has the signature, but not the public interface. :oof: * fixup! fix(patch-conflict): update MAS safestorage for keychain API refactor --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Keeley Hammond <khammond@slack-corp.com> Co-authored-by: Samuel Maddock <samuelmaddock@electronjs.org> Co-authored-by: clavin <clavin@electronjs.org>
342 lines
12 KiB
C++
342 lines
12 KiB
C++
// Copyright (c) 2022 Microsoft, Inc.
|
|
// Use of this source code is governed by the MIT license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "shell/browser/usb/electron_usb_delegate.h"
|
|
|
|
#include <string_view>
|
|
#include <utility>
|
|
|
|
#include "base/observer_list.h"
|
|
#include "base/scoped_observation.h"
|
|
#include "content/public/browser/page.h"
|
|
#include "content/public/browser/render_frame_host.h"
|
|
#include "content/public/browser/web_contents.h"
|
|
#include "electron/buildflags/buildflags.h"
|
|
#include "services/device/public/mojom/usb_device.mojom.h"
|
|
#include "services/device/public/mojom/usb_enumeration_options.mojom.h"
|
|
#include "shell/browser/electron_browser_context.h"
|
|
#include "shell/browser/electron_permission_manager.h"
|
|
#include "shell/browser/usb/usb_chooser_context.h"
|
|
#include "shell/browser/usb/usb_chooser_context_factory.h"
|
|
#include "shell/browser/usb/usb_chooser_controller.h"
|
|
#include "shell/browser/web_contents_permission_helper.h"
|
|
|
|
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
#include "base/containers/fixed_flat_set.h"
|
|
#include "chrome/common/chrome_features.h"
|
|
#include "extensions/browser/extension_registry.h"
|
|
#include "extensions/browser/guest_view/web_view/web_view_guest.h"
|
|
#include "extensions/common/constants.h"
|
|
#include "extensions/common/extension.h"
|
|
#endif
|
|
|
|
namespace {
|
|
|
|
electron::UsbChooserContext* GetChooserContext(
|
|
content::BrowserContext* browser_context) {
|
|
return electron::UsbChooserContextFactory::GetForBrowserContext(
|
|
browser_context);
|
|
}
|
|
|
|
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
// These extensions can claim the smart card USB class and automatically gain
|
|
// permissions for devices that have an interface with this class.
|
|
constexpr auto kSmartCardPrivilegedExtensionIds =
|
|
base::MakeFixedFlatSet<std::string_view>({
|
|
// Smart Card Connector Extension and its Beta version, see
|
|
// crbug.com/1233881.
|
|
"khpfeaanjngmcnplbdlpegiifgpfgdco",
|
|
"mockcojkppdndnhgonljagclgpkjbkek",
|
|
});
|
|
|
|
bool DeviceHasInterfaceWithClass(
|
|
const device::mojom::UsbDeviceInfo& device_info,
|
|
uint8_t interface_class) {
|
|
for (const auto& configuration : device_info.configurations) {
|
|
for (const auto& interface : configuration->interfaces) {
|
|
for (const auto& alternate : interface->alternates) {
|
|
if (alternate->class_code == interface_class)
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
|
|
bool IsDevicePermissionAutoGranted(
|
|
const url::Origin& origin,
|
|
const device::mojom::UsbDeviceInfo& device_info) {
|
|
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
// Note: The `DeviceHasInterfaceWithClass()` call is made after checking the
|
|
// origin, since that method call is expensive.
|
|
if (origin.scheme() == extensions::kExtensionScheme &&
|
|
kSmartCardPrivilegedExtensionIds.contains(origin.host()) &&
|
|
DeviceHasInterfaceWithClass(device_info,
|
|
device::mojom::kUsbSmartCardClass)) {
|
|
return true;
|
|
}
|
|
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
|
|
return false;
|
|
}
|
|
|
|
} // namespace
|
|
|
|
namespace electron {
|
|
|
|
// Manages the UsbDelegate observers for a single browser context.
|
|
class ElectronUsbDelegate::ContextObservation
|
|
: private UsbChooserContext::DeviceObserver {
|
|
public:
|
|
ContextObservation(ElectronUsbDelegate* parent,
|
|
content::BrowserContext* browser_context)
|
|
: parent_(parent), browser_context_(browser_context) {
|
|
auto* chooser_context = GetChooserContext(browser_context_);
|
|
if (chooser_context)
|
|
device_observation_.Observe(chooser_context);
|
|
}
|
|
ContextObservation(ContextObservation&) = delete;
|
|
ContextObservation& operator=(ContextObservation&) = delete;
|
|
~ContextObservation() override = default;
|
|
|
|
// UsbChooserContext::DeviceObserver:
|
|
void OnDeviceAdded(const device::mojom::UsbDeviceInfo& device_info) override {
|
|
observer_list_.Notify(&content::UsbDelegate::Observer::OnDeviceAdded,
|
|
device_info);
|
|
}
|
|
|
|
void OnDeviceRemoved(
|
|
const device::mojom::UsbDeviceInfo& device_info) override {
|
|
observer_list_.Notify(&content::UsbDelegate::Observer::OnDeviceRemoved,
|
|
device_info);
|
|
}
|
|
|
|
void OnDeviceManagerConnectionError() override {
|
|
observer_list_.Notify(
|
|
&content::UsbDelegate::Observer::OnDeviceManagerConnectionError);
|
|
}
|
|
|
|
void OnBrowserContextShutdown() override {
|
|
parent_->observations_.erase(browser_context_);
|
|
// Return since `this` is now deleted.
|
|
}
|
|
|
|
void AddObserver(content::UsbDelegate::Observer* observer) {
|
|
observer_list_.AddObserver(observer);
|
|
}
|
|
|
|
void RemoveObserver(content::UsbDelegate::Observer* observer) {
|
|
observer_list_.RemoveObserver(observer);
|
|
}
|
|
|
|
private:
|
|
// Safe because `parent_` owns `this`.
|
|
const raw_ptr<ElectronUsbDelegate> parent_;
|
|
|
|
// Safe because `this` is destroyed when the context is lost.
|
|
const raw_ptr<content::BrowserContext> browser_context_;
|
|
|
|
base::ScopedObservation<UsbChooserContext, UsbChooserContext::DeviceObserver>
|
|
device_observation_{this};
|
|
base::ObserverList<content::UsbDelegate::Observer> observer_list_;
|
|
};
|
|
|
|
ElectronUsbDelegate::ElectronUsbDelegate() = default;
|
|
|
|
ElectronUsbDelegate::~ElectronUsbDelegate() = default;
|
|
|
|
void ElectronUsbDelegate::AdjustProtectedInterfaceClasses(
|
|
content::BrowserContext* browser_context,
|
|
const url::Origin& origin,
|
|
content::RenderFrameHost* frame,
|
|
std::vector<uint8_t>& classes) {
|
|
auto* permission_manager = static_cast<ElectronPermissionManager*>(
|
|
browser_context->GetPermissionControllerDelegate());
|
|
classes = permission_manager->CheckProtectedUSBClasses(classes);
|
|
}
|
|
|
|
std::unique_ptr<content::UsbChooser> ElectronUsbDelegate::RunChooser(
|
|
content::RenderFrameHost& frame,
|
|
blink::mojom::WebUsbRequestDeviceOptionsPtr options,
|
|
blink::mojom::WebUsbService::GetPermissionCallback callback) {
|
|
UsbChooserController* controller = ControllerForFrame(&frame);
|
|
if (controller) {
|
|
DeleteControllerForFrame(&frame);
|
|
}
|
|
AddControllerForFrame(&frame, std::move(options), std::move(callback));
|
|
// Return a nullptr because the return value isn't used for anything. The
|
|
// return value is simply used in Chromium to cleanup the chooser UI once the
|
|
// usb service is destroyed.
|
|
return nullptr;
|
|
}
|
|
|
|
bool ElectronUsbDelegate::CanRequestDevicePermission(
|
|
content::BrowserContext* browser_context,
|
|
const url::Origin& origin) {
|
|
if (!browser_context)
|
|
return false;
|
|
|
|
base::DictValue details;
|
|
details.Set("securityOrigin", origin.GetURL().spec());
|
|
auto* permission_manager = static_cast<ElectronPermissionManager*>(
|
|
browser_context->GetPermissionControllerDelegate());
|
|
return permission_manager->CheckPermissionWithDetails(
|
|
blink::PermissionType::USB, nullptr, origin.GetURL(), std::move(details));
|
|
}
|
|
|
|
void ElectronUsbDelegate::RevokeDevicePermissionWebInitiated(
|
|
content::BrowserContext* browser_context,
|
|
const url::Origin& origin,
|
|
const device::mojom::UsbDeviceInfo& device) {
|
|
auto* chooser_context = GetChooserContext(browser_context);
|
|
if (chooser_context) {
|
|
chooser_context->RevokeDevicePermissionWebInitiated(origin, device);
|
|
}
|
|
}
|
|
|
|
const device::mojom::UsbDeviceInfo* ElectronUsbDelegate::GetDeviceInfo(
|
|
content::BrowserContext* browser_context,
|
|
const std::string& guid) {
|
|
auto* chooser_context = GetChooserContext(browser_context);
|
|
if (!chooser_context)
|
|
return nullptr;
|
|
return chooser_context->GetDeviceInfo(guid);
|
|
}
|
|
|
|
bool ElectronUsbDelegate::HasDevicePermission(
|
|
content::BrowserContext* browser_context,
|
|
content::RenderFrameHost* frame,
|
|
const url::Origin& origin,
|
|
const device::mojom::UsbDeviceInfo& device_info) {
|
|
if (IsDevicePermissionAutoGranted(origin, device_info))
|
|
return true;
|
|
|
|
auto* chooser_context = GetChooserContext(browser_context);
|
|
if (!chooser_context)
|
|
return false;
|
|
|
|
return GetChooserContext(browser_context)
|
|
->HasDevicePermission(origin, device_info);
|
|
}
|
|
|
|
void ElectronUsbDelegate::GetDevices(
|
|
content::BrowserContext* browser_context,
|
|
blink::mojom::WebUsbService::GetDevicesCallback callback) {
|
|
auto* chooser_context = GetChooserContext(browser_context);
|
|
if (!chooser_context) {
|
|
std::move(callback).Run(std::vector<device::mojom::UsbDeviceInfoPtr>());
|
|
return;
|
|
}
|
|
chooser_context->GetDevices(std::move(callback));
|
|
}
|
|
|
|
void ElectronUsbDelegate::GetDevice(
|
|
content::BrowserContext* browser_context,
|
|
const std::string& guid,
|
|
base::span<const uint8_t> blocked_interface_classes,
|
|
mojo::PendingReceiver<device::mojom::UsbDevice> device_receiver,
|
|
mojo::PendingRemote<device::mojom::UsbDeviceClient> device_client) {
|
|
auto* chooser_context = GetChooserContext(browser_context);
|
|
if (chooser_context) {
|
|
chooser_context->GetDevice(guid, blocked_interface_classes,
|
|
std::move(device_receiver),
|
|
std::move(device_client));
|
|
}
|
|
}
|
|
|
|
void ElectronUsbDelegate::AddObserver(content::BrowserContext* browser_context,
|
|
Observer* observer) {
|
|
if (!browser_context)
|
|
return;
|
|
|
|
GetContextObserver(browser_context)->AddObserver(observer);
|
|
}
|
|
|
|
void ElectronUsbDelegate::RemoveObserver(
|
|
content::BrowserContext* browser_context,
|
|
Observer* observer) {
|
|
if (!browser_context)
|
|
return;
|
|
|
|
GetContextObserver(browser_context)->RemoveObserver(observer);
|
|
}
|
|
|
|
ElectronUsbDelegate::ContextObservation*
|
|
ElectronUsbDelegate::GetContextObserver(
|
|
content::BrowserContext* browser_context) {
|
|
CHECK(browser_context);
|
|
if (!observations_.contains(browser_context)) {
|
|
observations_.emplace(browser_context, std::make_unique<ContextObservation>(
|
|
this, browser_context));
|
|
}
|
|
return observations_[browser_context].get();
|
|
}
|
|
|
|
bool ElectronUsbDelegate::IsServiceWorkerAllowedForOrigin(
|
|
const url::Origin& origin) {
|
|
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
// WebUSB is only available on extension service workers for now.
|
|
if (origin.scheme() == extensions::kExtensionScheme) {
|
|
return true;
|
|
}
|
|
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
return false;
|
|
}
|
|
|
|
UsbChooserController* ElectronUsbDelegate::ControllerForFrame(
|
|
content::RenderFrameHost* render_frame_host) {
|
|
auto mapping = controller_map_.find(render_frame_host);
|
|
return mapping == controller_map_.end() ? nullptr : mapping->second.get();
|
|
}
|
|
|
|
UsbChooserController* ElectronUsbDelegate::AddControllerForFrame(
|
|
content::RenderFrameHost* render_frame_host,
|
|
blink::mojom::WebUsbRequestDeviceOptionsPtr options,
|
|
blink::mojom::WebUsbService::GetPermissionCallback callback) {
|
|
auto* web_contents =
|
|
content::WebContents::FromRenderFrameHost(render_frame_host);
|
|
auto controller = std::make_unique<UsbChooserController>(
|
|
render_frame_host, std::move(options), std::move(callback), web_contents,
|
|
weak_factory_.GetWeakPtr());
|
|
controller_map_.try_emplace(render_frame_host, std::move(controller));
|
|
return ControllerForFrame(render_frame_host);
|
|
}
|
|
|
|
void ElectronUsbDelegate::DeleteControllerForFrame(
|
|
content::RenderFrameHost* render_frame_host) {
|
|
controller_map_.erase(render_frame_host);
|
|
}
|
|
|
|
bool ElectronUsbDelegate::PageMayUseUsb(content::Page& page) {
|
|
content::RenderFrameHost& main_rfh = page.GetMainDocument();
|
|
#if BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
// WebViewGuests have no mechanism to show permission prompts and their
|
|
// embedder can't grant USB access through its permissionrequest API. Also
|
|
// since webviews use a separate StoragePartition, they must not gain access
|
|
// through permissions granted in non-webview contexts.
|
|
if (extensions::WebViewGuest::FromRenderFrameHost(&main_rfh)) {
|
|
return false;
|
|
}
|
|
#endif // BUILDFLAG(ENABLE_ELECTRON_EXTENSIONS)
|
|
|
|
// USB permissions are scoped to a BrowserContext instead of a
|
|
// StoragePartition, so we need to be careful about usage across
|
|
// StoragePartitions. Until this is scoped correctly, we'll try to avoid
|
|
// inappropriate sharing by restricting access to the API. We can't be as
|
|
// strict as we'd like, as cases like extensions and Isolated Web Apps still
|
|
// need USB access in non-default partitions, so we'll just guard against
|
|
// HTTP(S) as that presents a clear risk for inappropriate sharing.
|
|
// TODO(crbug.com/1469672): USB permissions should be explicitly scoped to
|
|
// StoragePartitions.
|
|
if (main_rfh.GetStoragePartition() !=
|
|
main_rfh.GetBrowserContext()->GetDefaultStoragePartition()) {
|
|
return !main_rfh.GetLastCommittedURL().SchemeIsHTTPOrHTTPS();
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
} // namespace electron
|