mirror of
https://github.com/electron/electron.git
synced 2026-01-08 23:18:06 -05:00
fe477ce3aa
* chore: bump chromium in DEPS to 145.0.7562.0 * fix(patch-conflict): update code cache patch for PersistentCache refactor Upstream refactored code cache to use PersistentCache with new class-based implementation (NoopCodeCacheHost, LocalCodeCacheHost, CodeCacheWithPersistentCacheHost). Updated patch to integrate custom scheme support into the new structure while preserving ProcessLockURLIsCodeCacheScheme checks for embedder-registered schemes. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7044986 Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(patch-conflict): update dialog patch for RequestXdgDesktopPortal API Upstream changed from SetSystemdScopeUnitNameForXdgPortal to RequestXdgDesktopPortal API pattern. Updated OnServiceStarted signature and kept OnSystemdUnitStarted callback that calls Electron's file_dialog::StartPortalAvailabilityTestInBackground(). Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7204285 Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(patch-conflict): remove reference to deleted AbortByPlaceholderLayout flag Upstream removed the AbortByPlaceholderLayout runtime flag from runtime_enabled_features.json5. Updated patch to only add ElectronCSSCornerSmoothing without the removed flag reference. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7226494 Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * chore: update patch hunk headers Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(build): guard media_file_system_registry for ChromeOS only Upstream CL https://chromium-review.googlesource.com/c/chromium/src/+/7100719 moved media_file_system_registry to be ChromeOS-only since Media Galleries is a Chrome Apps API and Chrome Apps are only available on Chrome OS now. Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(build): update VideoPixelFormat API for SharedImageFormat Upstream CL https://chromium-review.googlesource.com/c/chromium/src/+/7207153 removed VideoPixelFormatToGfxBufferFormat as part of migration to SharedImageFormat. Update to use VideoPixelFormatToSharedImageFormat which directly returns the SharedImageFormat. Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(build): extend profile methods patch for ShouldEnableXfaForms The ShouldEnableXfaForms function uses Profile::FromBrowserContext() which is not available in Electron. Wrap the profile-dependent code in #if 0 to fall through to the feature flag default. Co-Authored-By: Claude <noreply@anthropic.com> * chore: bump chromium in DEPS to 145.0.7563.0 * chore: bump chromium in DEPS to 145.0.7565.0 * chore: bump chromium in DEPS to 145.0.7567.0 * chore: bump chromium in DEPS to 145.0.7568.0 * fix(patch-conflict): update content_main_delegate.h context for IsInitFeatureListEarly Upstream added a new IsInitFeatureListEarly() virtual method to ContentMainDelegate just before where our GetBrowserV8SnapshotFilename() method is added. Updated patch context to account for this new method. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7092856 Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * chore: update patch hunk headers Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(patch-update): include v8-cppgc.h for CppHeap complete type The std::unique_ptr<v8::CppHeap> default argument in node.h requires the complete CppHeap type definition for the destructor. Added the v8-cppgc.h include to provide the full type definition. Ref: Unable to locate CL - libc++ unique_ptr requires complete type for destructor Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * chore: update patch hunk headers Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(build): move NativeAppWindowFrameViewMacClient before constructor The std::unique_ptr<NativeAppWindowFrameViewMacClient> member requires the complete type definition to be visible at the point of the constructor because the unique_ptr destructor may be instantiated during exception handling. Moved the class definition before the NativeWindowMac constructor. Ref: Unable to locate CL - libc++ unique_ptr requires complete type for destructor Co-Authored-By: Claude <svc-devxp-claude@slack-corp.com> * fix(patch-conflict): update create_browser_v8_snapshot_file_name_fuse context for IsInitFeatureListEarly The upstream added IsInitFeatureListEarly() virtual method declaration to ContentMainDelegate class. Updated the patch context to account for this new function being present before the GetBrowserV8SnapshotFilename() declaration we add. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7092856 Co-Authored-By: Claude <noreply@anthropic.com> * chore: update patch hunk headers Co-Authored-By: Claude <noreply@anthropic.com> * fix(patch-update): remove reverted IsInitFeatureListEarly from v8 snapshot patch The upstream added IsInitFeatureListEarly() was reverted, so the patch should not include this declaration. Only GetBrowserV8SnapshotFilename() should be added by the create_browser_v8_snapshot_file_name_fuse patch. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7230430 Co-Authored-By: Claude <noreply@anthropic.com> * 6171655: include single_thread_task_runner.h for complete type Added include for base/task/single_thread_task_runner.h in osr_converter.cc to resolve incomplete type error when using base::SingleThreadTaskRunner::GetCurrentDefault(). Ref: https://chromium-review.googlesource.com/c/chromium/src/+/6171655 Co-Authored-By: Claude <noreply@anthropic.com> * 7224136: use CHROMIUM_GIT_REVISION directly instead of removed function Upstream removed GetChromiumGitRevision() function from embedder_support. Updated to use CHROMIUM_GIT_REVISION macro directly via build/util/chromium_git_revision.h as recommended in the Chromium CL. Ref: https://chromium-review.googlesource.com/c/chromium/src/+/7224136 Co-Authored-By: Claude <noreply@anthropic.com> * fixup! 7224136: use CHROMIUM_GIT_REVISION directly instead of removed function * fix(build): add missing include `components/dbus/xdg/systemd.h` for `void OnSystemdUnitStarted(dbus_xdg::SystemdUnitStatus)` in the same patch. * fix(build): adapt to string-view-ification change in windows jump_list.cc 7186922: Fix unsafe buffer usage in base/win/win_util.cc https://chromium-review.googlesource.com/c/chromium/src/+/7186922 * chore: update libc++ filenames * fixup! fix(build): add missing include * fixup! fix(build): extend profile methods patch for ShouldEnableXfaForms * fixup! fix(build): guard media_file_system_registry for ChromeOS only * fixup! fixup! fix(build): extend profile methods patch for ShouldEnableXfaForms --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Keeley Hammond <khammond@slack-corp.com> Co-authored-by: Claude <svc-devxp-claude@slack-corp.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: clavin <clavin@electronjs.org>
250 lines
10 KiB
Diff
250 lines
10 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Raymond Zhao <raymondzhao@microsoft.com>
|
|
Date: Wed, 18 Aug 2021 08:24:10 -0700
|
|
Subject: extend ProcessSingleton
|
|
|
|
This patch applies Electron ProcessSingleton changes onto the Chromium
|
|
files.
|
|
|
|
This patch adds a few changes to the Chromium code:
|
|
1. It adds a parameter `program_name` to the Windows constructor, making
|
|
the generated mutex name on the Windows-side program-dependent,
|
|
rather than shared between all Electron applications.
|
|
2. It adds an `IsAppSandboxed` check for macOS so that
|
|
sandboxed applications generate shorter temp paths.
|
|
3. It adds a `ChangeWindowMessageFilterEx` call to the Windows
|
|
implementation, along with a parameter `is_app_sandboxed` in the
|
|
constructor, to handle the case when the primary app is run with
|
|
admin permissions.
|
|
|
|
diff --git a/chrome/browser/process_singleton.h b/chrome/browser/process_singleton.h
|
|
index c19313c0b58baf0597a99d52ed7fcdb7faacc934..2748dd196fe1f56357348a204e24f0b8a28b97dd 100644
|
|
--- a/chrome/browser/process_singleton.h
|
|
+++ b/chrome/browser/process_singleton.h
|
|
@@ -101,12 +101,19 @@ class ProcessSingleton {
|
|
base::RepeatingCallback<bool(base::CommandLine command_line,
|
|
const base::FilePath& current_directory)>;
|
|
|
|
+#if BUILDFLAG(IS_WIN)
|
|
+ ProcessSingleton(const std::string& program_name,
|
|
+ const base::FilePath& user_data_dir,
|
|
+ bool is_sandboxed,
|
|
+ const NotificationCallback& notification_callback);
|
|
+#else
|
|
ProcessSingleton(const base::FilePath& user_data_dir,
|
|
const NotificationCallback& notification_callback);
|
|
|
|
ProcessSingleton(const ProcessSingleton&) = delete;
|
|
ProcessSingleton& operator=(const ProcessSingleton&) = delete;
|
|
|
|
+#endif
|
|
~ProcessSingleton();
|
|
|
|
// Notify another process, if available. Otherwise sets ourselves as the
|
|
@@ -175,6 +182,8 @@ class ProcessSingleton {
|
|
#if BUILDFLAG(IS_WIN)
|
|
bool EscapeVirtualization(const base::FilePath& user_data_dir);
|
|
|
|
+ std::string program_name_; // Used for mutexName.
|
|
+ bool is_app_sandboxed_; // Whether the Electron app is sandboxed.
|
|
HWND remote_window_; // The HWND_MESSAGE of another browser.
|
|
base::win::MessageWindow window_; // The message-only window.
|
|
bool is_virtualized_; // Stuck inside Microsoft Softricity VM environment.
|
|
diff --git a/chrome/browser/process_singleton_posix.cc b/chrome/browser/process_singleton_posix.cc
|
|
index 09f3425d08097eba3a9dc40d0a4af38209b06b1f..73aa4cb9652870b0bff4684d7c72ae7dbd852db8 100644
|
|
--- a/chrome/browser/process_singleton_posix.cc
|
|
+++ b/chrome/browser/process_singleton_posix.cc
|
|
@@ -55,6 +55,7 @@
|
|
#include <memory>
|
|
#include <set>
|
|
#include <string>
|
|
+#include <tuple>
|
|
#include <type_traits>
|
|
|
|
#include "base/base_paths.h"
|
|
@@ -86,6 +87,7 @@
|
|
#include "base/strings/utf_string_conversions.h"
|
|
#include "base/task/sequenced_task_runner_helpers.h"
|
|
#include "base/task/single_thread_task_runner.h"
|
|
+#include "base/threading/thread_restrictions.h"
|
|
#include "base/threading/platform_thread.h"
|
|
#include "base/time/time.h"
|
|
#include "base/timer/timer.h"
|
|
@@ -102,7 +104,7 @@
|
|
#include "ui/base/l10n/l10n_util.h"
|
|
#include "ui/base/resource/scoped_startup_resource_bundle.h"
|
|
|
|
-#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
|
|
+#if 0
|
|
#include "chrome/browser/ui/process_singleton_dialog_linux.h"
|
|
#endif
|
|
|
|
@@ -353,6 +355,8 @@ bool SymlinkPath(const base::FilePath& target, const base::FilePath& path) {
|
|
bool DisplayProfileInUseError(const base::FilePath& lock_path,
|
|
const std::string& hostname,
|
|
int pid) {
|
|
+ return true;
|
|
+#if 0
|
|
// Ensure there is an instance of ResourceBundle that is initialized for
|
|
// localized string resource accesses.
|
|
ui::ScopedStartupResourceBundle ensure_startup_resource_bundle;
|
|
@@ -375,6 +379,7 @@ bool DisplayProfileInUseError(const base::FilePath& lock_path,
|
|
#else
|
|
NOTREACHED();
|
|
#endif
|
|
+#endif
|
|
}
|
|
|
|
bool IsChromeProcess(pid_t pid) {
|
|
@@ -387,6 +392,21 @@ bool IsChromeProcess(pid_t pid) {
|
|
base::FilePath(chrome::kBrowserProcessExecutableName));
|
|
}
|
|
|
|
+bool IsAppSandboxed() {
|
|
+#if BUILDFLAG(IS_MAC)
|
|
+ // NB: There is no sane API for this, we have to just guess by
|
|
+ // reading tea leaves
|
|
+ base::FilePath home_dir;
|
|
+ if (!base::PathService::Get(base::DIR_HOME, &home_dir)) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ return home_dir.value().find("Library/Containers") != std::string::npos;
|
|
+#else
|
|
+ return false;
|
|
+#endif // BUILDFLAG(IS_MAC)
|
|
+}
|
|
+
|
|
// A helper class to hold onto a socket.
|
|
class ScopedSocket {
|
|
public:
|
|
@@ -773,6 +793,10 @@ ProcessSingleton::~ProcessSingleton() {
|
|
if (watcher_) {
|
|
watcher_->OnEminentProcessSingletonDestruction();
|
|
}
|
|
+ // Manually free resources with IO explicitly allowed.
|
|
+ base::ScopedAllowBlocking allow_blocking;
|
|
+ watcher_ = nullptr;
|
|
+ std::ignore = socket_dir_.Delete();
|
|
}
|
|
|
|
ProcessSingleton::NotifyResult ProcessSingleton::NotifyOtherProcess() {
|
|
@@ -1045,11 +1069,32 @@ bool ProcessSingleton::Create() {
|
|
// Create the socket file somewhere in /tmp which is usually mounted as a
|
|
// normal filesystem. Some network filesystems (notably AFS) are screwy and
|
|
// do not support Unix domain sockets.
|
|
- if (!socket_dir_.CreateUniqueTempDir(/*prefix=*/FILE_PATH_LITERAL(""))) {
|
|
- LOG(ERROR) << "Failed to create socket directory.";
|
|
+ base::FilePath tmp_dir;
|
|
+ if (!base::GetTempDir(&tmp_dir)) {
|
|
+ LOG(ERROR) << "Failed to get temporary directory.";
|
|
return false;
|
|
}
|
|
|
|
+ if (IsAppSandboxed()) {
|
|
+ // For sandboxed applications, the tmp dir could be too long to fit
|
|
+ // addr->sun_path, so we need to make it as short as possible.
|
|
+ if (!socket_dir_.Set(tmp_dir.Append("S"))) {
|
|
+ LOG(ERROR) << "Failed to set socket directory.";
|
|
+ return false;
|
|
+ }
|
|
+ } else {
|
|
+ // Create the socket file somewhere in /tmp which is usually mounted as a
|
|
+ // normal filesystem. Some network filesystems (notably AFS) are screwy and
|
|
+ // do not support Unix domain sockets.
|
|
+ // Prefer CreateUniqueTempDirUnderPath rather than CreateUniqueTempDir as
|
|
+ // the latter will calculate unique paths based on bundle ids which can
|
|
+ // increase the socket path length than what is allowed.
|
|
+ if (!socket_dir_.CreateUniqueTempDirUnderPath(tmp_dir)) {
|
|
+ LOG(ERROR) << "Failed to create socket directory.";
|
|
+ return false;
|
|
+ }
|
|
+ }
|
|
+
|
|
// Check that the directory was created with the correct permissions.
|
|
int dir_mode = 0;
|
|
CHECK(base::GetPosixFilePermissions(socket_dir_.GetPath(), &dir_mode) &&
|
|
diff --git a/chrome/browser/process_singleton_win.cc b/chrome/browser/process_singleton_win.cc
|
|
index ff44618efa8f8082b5da2c416802b781290c6cac..ae659d84a5ae2f2e87ce288477506575f8d86839 100644
|
|
--- a/chrome/browser/process_singleton_win.cc
|
|
+++ b/chrome/browser/process_singleton_win.cc
|
|
@@ -29,7 +29,9 @@
|
|
#include "base/win/wmi.h"
|
|
#include "chrome/browser/process_singleton_internal.h"
|
|
#include "chrome/browser/shell_integration.h"
|
|
+#if 0
|
|
#include "chrome/browser/ui/simple_message_box.h"
|
|
+#endif
|
|
#include "chrome/browser/win/chrome_process_finder.h"
|
|
#include "chrome/common/chrome_constants.h"
|
|
#include "chrome/common/chrome_paths.h"
|
|
@@ -164,6 +166,7 @@ bool ProcessLaunchNotification(
|
|
}
|
|
|
|
bool DisplayShouldKillMessageBox() {
|
|
+#if 0
|
|
TRACE_EVENT0("startup", "ProcessSingleton:DisplayShouldKillMessageBox");
|
|
|
|
// Ensure there is an instance of ResourceBundle that is initialized for
|
|
@@ -174,6 +177,10 @@ bool DisplayShouldKillMessageBox() {
|
|
NULL, l10n_util::GetStringUTF16(IDS_PRODUCT_NAME),
|
|
l10n_util::GetStringUTF16(IDS_BROWSER_HUNGBROWSER_MESSAGE)) !=
|
|
chrome::MESSAGE_BOX_RESULT_NO;
|
|
+#endif
|
|
+ // This is called when the secondary process can't ping the primary
|
|
+ // process.
|
|
+ return false;
|
|
}
|
|
|
|
// Function was copied from Process::Terminate.
|
|
@@ -256,9 +263,13 @@ bool ProcessSingleton::EscapeVirtualization(
|
|
}
|
|
|
|
ProcessSingleton::ProcessSingleton(
|
|
+ const std::string& program_name,
|
|
const base::FilePath& user_data_dir,
|
|
+ bool is_app_sandboxed,
|
|
const NotificationCallback& notification_callback)
|
|
: notification_callback_(notification_callback),
|
|
+ program_name_(program_name),
|
|
+ is_app_sandboxed_(is_app_sandboxed),
|
|
is_virtualized_(false),
|
|
lock_file_(INVALID_HANDLE_VALUE),
|
|
user_data_dir_(user_data_dir),
|
|
@@ -381,7 +392,7 @@ ProcessSingleton::NotifyOtherProcessOrCreate() {
|
|
bool ProcessSingleton::Create() {
|
|
TRACE_EVENT0("startup", "ProcessSingleton::Create");
|
|
|
|
- static const wchar_t kMutexName[] = L"Local\\ChromeProcessSingletonStartup!";
|
|
+ std::wstring mutexName = base::UTF8ToWide("Local\\" + program_name_ + "ProcessSingletonStartup");
|
|
|
|
remote_window_ = FindRunningChromeWindow(user_data_dir_);
|
|
if (!remote_window_ && !EscapeVirtualization(user_data_dir_)) {
|
|
@@ -390,7 +401,7 @@ bool ProcessSingleton::Create() {
|
|
// access. As documented, it's clearer to NOT request ownership on creation
|
|
// since it isn't guaranteed we will get it. It is better to create it
|
|
// without ownership and explicitly get the ownership afterward.
|
|
- base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, kMutexName));
|
|
+ base::win::ScopedHandle only_me(::CreateMutex(NULL, FALSE, mutexName.c_str()));
|
|
if (!only_me.is_valid()) {
|
|
DPLOG(FATAL) << "CreateMutex failed";
|
|
return false;
|
|
@@ -429,6 +440,17 @@ bool ProcessSingleton::Create() {
|
|
window_.CreateNamed(base::BindRepeating(&ProcessLaunchNotification,
|
|
notification_callback_),
|
|
user_data_dir_.value());
|
|
+
|
|
+ // When the app is sandboxed, firstly, the app should not be in
|
|
+ // admin mode, and even if it somehow is, messages from an unelevated
|
|
+ // instance should not be able to be sent to it.
|
|
+ if (!is_app_sandboxed_) {
|
|
+ // NB: Ensure that if the primary app gets started as elevated
|
|
+ // admin inadvertently, secondary windows running not as elevated
|
|
+ // will still be able to send messages.
|
|
+ ::ChangeWindowMessageFilterEx(window_.hwnd(), WM_COPYDATA, MSGFLT_ALLOW,
|
|
+ NULL);
|
|
+ }
|
|
CHECK(result && window_.hwnd());
|
|
}
|
|
}
|