Merge remote-tracking branch 'origin/5.15' into dev

Blacklists tst_Accessibility::focusChild() for now.

Conflicts:
	src/core/api/core_api.pro
	src/core/net/plugin_response_interceptor_url_loader_throttle.h
	src/process/process.pro

Change-Id: I95821a3851120dc16673f4c760e802952eae5c41

4 files changed, 105 insertions, 4 deletions

diff --git a/src/process/QtWebEngineProcess.entitlements b/src/process/QtWebEngineProcess.entitlements
new file mode 100644
index 000000000..f2fbabddb
--- /dev/null
+++ b/src/process/QtWebEngineProcess.entitlements
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+	<key>com.apple.security.cs.disable-library-validation</key>
+	<true/>
+	<key>com.apple.security.cs.allow-jit</key>
+	<true/>
+</dict>
+</plist>
diff --git a/src/process/main.cpp b/src/process/main.cpp
index ef653e109..53596d0ee 100644
--- a/src/process/main.cpp
+++ b/src/process/main.cpp
@@ -89,13 +89,17 @@ struct tm* localtime64_r_proxy(const time_t* timep, struct tm* result)
 #endif // defined(OS_LINUX)
 
 #ifdef Q_OS_WIN
+namespace QtWebEngineProcess {
 void initDpiAwareness();
+void initializeStaticCopy(int argc, const char **argv);
+} // namespace
 #endif // defined(Q_OS_WIN)
 
 int main(int argc, const char **argv)
 {
 #ifdef Q_OS_WIN
-    initDpiAwareness();
+    QtWebEngineProcess::initializeStaticCopy(argc, argv);
+    QtWebEngineProcess::initDpiAwareness();
 #endif
 
     // Chromium on Linux manipulates argv to set a process title
@@ -123,6 +127,6 @@ int main(int argc, const char **argv)
 
     QCoreApplication qtApplication(argc, argv_.get());
 
-    return QtWebEngine::processMain(argc, argv);
+    return QtWebEngineCore::processMain(argc, argv);
 }
 
diff --git a/src/process/process.pro b/src/process/process.pro
index 459eb9969..55b43ecad 100644
--- a/src/process/process.pro
+++ b/src/process/process.pro
@@ -9,20 +9,53 @@ INCLUDEPATH += ../core
 
 SOURCES = main.cpp
 
+CONFIG -= ltcg
+
+# On windows we need to statically link to the windows sandbox code
 win32 {
+    # The Chromium headers we include are not clean
+    CONFIG -= warnings_are_errors
+
+    # Look for linking information produced by GN
+    linking_pri = $$OUT_PWD/../core/$$getConfigDir()/qtwebengine_sandbox_win.pri
+
+    !include($$linking_pri) {
+        error("Could not find the linking information that gn should have generated.")
+    }
+    isEmpty(NINJA_OBJECTS): error("//sandbox/win:sandbox linking changed, update process.pro")
+    isEmpty(NINJA_ARCHIVES): error("//sandbox/win:sandbox linking changed, update process.pro")
+
+    LIBS_PRIVATE += $$NINJA_LIB_DIRS $$NINJA_LIBS $$NINJA_ARCHIVES $$NINJA_OBJECTS
+    QMAKE_LFLAGS += $$NINJA_LFLAGS
+    POST_TARGETDEPS += $$eval($$NINJA_TARGETDEPS)
+
+    CHROMIUM_SRC_DIR = $$QTWEBENGINE_ROOT/$$getChromiumSrcDir()
+    INCLUDEPATH += $$CHROMIUM_SRC_DIR \
+                   $$OUT_PWD/../core/$$getConfigDir()/gen
+
     SOURCES += \
         support_win.cpp
 
     msvc: QMAKE_LFLAGS += /MANIFESTINPUT:$$PWD/process.exe.manifest
 }
 
-load(qt_app)
+TEMPLATE = app
+
+load(qt_build_paths)
+
+!build_pass:qtConfig(debug_and_release): CONFIG += release
+CONFIG += relative_qt_rpath
 
 qtConfig(build_all): CONFIG += build_all
 
 qtConfig(framework) {
     # Deploy the QtWebEngineProcess app bundle into the QtWebEngineCore framework.
     DESTDIR = $$MODULE_BASE_OUTDIR/lib/QtWebEngineCore.framework/Versions/$$QT_MAJOR_VERSION/Helpers
+
+    # Deploy the entitlements file so macdeployqt can use it.
+    entitlements.files = QtWebEngineProcess.entitlements
+    entitlements.path = Contents/Resources/
+    QMAKE_BUNDLE_DATA += entitlements
 } else {
     CONFIG -= app_bundle
     win32: DESTDIR = $$MODULE_BASE_OUTDIR/bin
@@ -35,3 +68,8 @@ qtConfig(framework) {
 } else {
     target.path = $$[QT_INSTALL_LIBEXECS]
 }
+
+load(qt_targets)
+load(qt_common)
+
+INSTALLS += target
diff --git a/src/process/support_win.cpp b/src/process/support_win.cpp
index 3d0ef37bf..4fe69b7a9 100644
--- a/src/process/support_win.cpp
+++ b/src/process/support_win.cpp
@@ -41,7 +41,13 @@
 #include <qoperatingsystemversion.h>
 #include <qsysinfo.h>
 #include <qt_windows.h>
-#include <Tlhelp32.h>
+#include <TlHelp32.h>
+#include "../3rdparty/chromium/sandbox/win/src/process_mitigations.h"
+#include "../3rdparty/chromium/sandbox/win/src/sandbox_factory.h"
+
+#ifndef NDEBUG
+#include "../3rdparty/chromium/base/command_line.h"
+#endif
 
 class User32DLL {
 public:
@@ -134,6 +140,45 @@ static DWORD getParentProcessId()
     return parentPid;
 }
 
+namespace QtWebEngineCore {
+extern __declspec(dllimport) sandbox::SandboxInterfaceInfo *staticSandboxInterfaceInfo(sandbox::SandboxInterfaceInfo *info = nullptr);
+}
+
+namespace QtWebEngineProcess {
+
+// A duplicate of the function by same name in startup_helper_win.cc
+static void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo *info)
+{
+    info->broker_services = sandbox::SandboxFactory::GetBrokerServices();
+    if (!info->broker_services) {
+        info->target_services = sandbox::SandboxFactory::GetTargetServices();
+    } else {
+        // Ensure the proper mitigations are enforced for the browser process.
+        sandbox::ApplyProcessMitigationsToCurrentProcess(
+            sandbox::MITIGATION_DEP | sandbox::MITIGATION_DEP_NO_ATL_THUNK |
+            sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY);
+        // Note: these mitigations are "post-startup".  Some mitigations that need
+        // to be enabled sooner (e.g. MITIGATION_EXTENSION_POINT_DISABLE) are done
+        // so in Chrome_ELF.
+    }
+}
+
+// Initializes the staticlib copy of //base and //sandbox used for Windows sandboxing
+void initializeStaticCopy(int argc, const char **argv)
+{
+#ifndef NDEBUG
+    // Initialize //base for debugging
+    base::CommandLine::Init(argc, argv);
+    logging::LoggingSettings settings;
+    settings.logging_dest = logging::LOG_TO_SYSTEM_DEBUG_LOG;
+    logging::InitLogging(settings);
+#endif
+    sandbox::SandboxInterfaceInfo *info = new sandbox::SandboxInterfaceInfo();
+    memset(info, 0, sizeof(sandbox::SandboxInterfaceInfo));
+    InitializeSandboxInfo(info);
+    QtWebEngineCore::staticSandboxInterfaceInfo(info);
+}
+
 void initDpiAwareness()
 {
     ShcoreDLL shcore;
@@ -157,3 +202,5 @@ void initDpiAwareness()
             user32.setProcessDPIAware();
     }
 }
+
+} // namespace QtWebEngineProcess