diff options
Diffstat (limited to 'src/process')
-rw-r--r-- | src/process/QtWebEngineProcess.entitlements | 12 | ||||
-rw-r--r-- | src/process/main.cpp | 8 | ||||
-rw-r--r-- | src/process/process.pro | 28 | ||||
-rw-r--r-- | src/process/support_win.cpp | 49 |
4 files changed, 94 insertions, 3 deletions
diff --git a/src/process/QtWebEngineProcess.entitlements b/src/process/QtWebEngineProcess.entitlements new file mode 100644 index 000000000..f2fbabddb --- /dev/null +++ b/src/process/QtWebEngineProcess.entitlements @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key> + <true/> + <key>com.apple.security.cs.disable-library-validation</key> + <true/> + <key>com.apple.security.cs.allow-jit</key> + <true/> +</dict> +</plist> diff --git a/src/process/main.cpp b/src/process/main.cpp index ef653e109..53596d0ee 100644 --- a/src/process/main.cpp +++ b/src/process/main.cpp @@ -89,13 +89,17 @@ struct tm* localtime64_r_proxy(const time_t* timep, struct tm* result) #endif // defined(OS_LINUX) #ifdef Q_OS_WIN +namespace QtWebEngineProcess { void initDpiAwareness(); +void initializeStaticCopy(int argc, const char **argv); +} // namespace #endif // defined(Q_OS_WIN) int main(int argc, const char **argv) { #ifdef Q_OS_WIN - initDpiAwareness(); + QtWebEngineProcess::initializeStaticCopy(argc, argv); + QtWebEngineProcess::initDpiAwareness(); #endif // Chromium on Linux manipulates argv to set a process title @@ -123,6 +127,6 @@ int main(int argc, const char **argv) QCoreApplication qtApplication(argc, argv_.get()); - return QtWebEngine::processMain(argc, argv); + return QtWebEngineCore::processMain(argc, argv); } diff --git a/src/process/process.pro b/src/process/process.pro index 0bdc9dd93..72aad52a5 100644 --- a/src/process/process.pro +++ b/src/process/process.pro @@ -9,7 +9,30 @@ INCLUDEPATH += ../core SOURCES = main.cpp +CONFIG -= ltcg + +# On windows we need to statically link to the windows sandbox code win32 { + # The Chromium headers we include are not clean + CONFIG -= warnings_are_errors + + # Look for linking information produced by GN + linking_pri = $$OUT_PWD/../core/$$getConfigDir()/qtwebengine_sandbox_win.pri + + !include($$linking_pri) { + error("Could not find the linking information that gn should have generated.") + } + isEmpty(NINJA_OBJECTS): error("//sandbox/win:sandbox linking changed, update process.pro") + isEmpty(NINJA_ARCHIVES): error("//sandbox/win:sandbox linking changed, update process.pro") + + LIBS_PRIVATE += $$NINJA_LIB_DIRS $$NINJA_LIBS $$NINJA_ARCHIVES $$NINJA_OBJECTS + QMAKE_LFLAGS += $$NINJA_LFLAGS + POST_TARGETDEPS += $$eval($$NINJA_TARGETDEPS) + + CHROMIUM_SRC_DIR = $$QTWEBENGINE_ROOT/$$getChromiumSrcDir() + INCLUDEPATH += $$CHROMIUM_SRC_DIR \ + $$OUT_PWD/../core/$$getConfigDir()/gen + SOURCES += \ support_win.cpp @@ -23,6 +46,11 @@ qtConfig(build_all): CONFIG += build_all qtConfig(framework) { # Deploy the QtWebEngineProcess app bundle into the QtWebEngineCore framework. DESTDIR = $$MODULE_BASE_OUTDIR/lib/QtWebEngineCore.framework/Versions/5/Helpers + + # Deploy the entitlements file so macdeployqt can use it. + entitlements.files = QtWebEngineProcess.entitlements + entitlements.path = Contents/Resources/ + QMAKE_BUNDLE_DATA += entitlements } else { CONFIG -= app_bundle win32: DESTDIR = $$MODULE_BASE_OUTDIR/bin diff --git a/src/process/support_win.cpp b/src/process/support_win.cpp index 3d0ef37bf..4fe69b7a9 100644 --- a/src/process/support_win.cpp +++ b/src/process/support_win.cpp @@ -41,7 +41,13 @@ #include <qoperatingsystemversion.h> #include <qsysinfo.h> #include <qt_windows.h> -#include <Tlhelp32.h> +#include <TlHelp32.h> +#include "../3rdparty/chromium/sandbox/win/src/process_mitigations.h" +#include "../3rdparty/chromium/sandbox/win/src/sandbox_factory.h" + +#ifndef NDEBUG +#include "../3rdparty/chromium/base/command_line.h" +#endif class User32DLL { public: @@ -134,6 +140,45 @@ static DWORD getParentProcessId() return parentPid; } +namespace QtWebEngineCore { +extern __declspec(dllimport) sandbox::SandboxInterfaceInfo *staticSandboxInterfaceInfo(sandbox::SandboxInterfaceInfo *info = nullptr); +} + +namespace QtWebEngineProcess { + +// A duplicate of the function by same name in startup_helper_win.cc +static void InitializeSandboxInfo(sandbox::SandboxInterfaceInfo *info) +{ + info->broker_services = sandbox::SandboxFactory::GetBrokerServices(); + if (!info->broker_services) { + info->target_services = sandbox::SandboxFactory::GetTargetServices(); + } else { + // Ensure the proper mitigations are enforced for the browser process. + sandbox::ApplyProcessMitigationsToCurrentProcess( + sandbox::MITIGATION_DEP | sandbox::MITIGATION_DEP_NO_ATL_THUNK | + sandbox::MITIGATION_HARDEN_TOKEN_IL_POLICY); + // Note: these mitigations are "post-startup". Some mitigations that need + // to be enabled sooner (e.g. MITIGATION_EXTENSION_POINT_DISABLE) are done + // so in Chrome_ELF. + } +} + +// Initializes the staticlib copy of //base and //sandbox used for Windows sandboxing +void initializeStaticCopy(int argc, const char **argv) +{ +#ifndef NDEBUG + // Initialize //base for debugging + base::CommandLine::Init(argc, argv); + logging::LoggingSettings settings; + settings.logging_dest = logging::LOG_TO_SYSTEM_DEBUG_LOG; + logging::InitLogging(settings); +#endif + sandbox::SandboxInterfaceInfo *info = new sandbox::SandboxInterfaceInfo(); + memset(info, 0, sizeof(sandbox::SandboxInterfaceInfo)); + InitializeSandboxInfo(info); + QtWebEngineCore::staticSandboxInterfaceInfo(info); +} + void initDpiAwareness() { ShcoreDLL shcore; @@ -157,3 +202,5 @@ void initDpiAwareness() user32.setProcessDPIAware(); } } + +} // namespace QtWebEngineProcess |