a5a75196ef
These functions in Windows may result in calls over the CSRSS ALPC and allocations on CSRSS heaps, both of which are closed as part of CSRSS lockdown, so they cannot be called from renderer processes if this sandboxing mode is enabled. This CL adds mojo support functions that proxy these calls, batching together multiple calls from blink::LocaleWin where this makes sense. The mojom calls are `[Sync]`. This is ok as they replace system calls which themselves required a blocking IPC call, and because each call is only needed to initialize cached members of Locale objects, which are also cached by blink. While initially supporting blink, these functions may support other child processes than renderers so live in //content/browser. As the calls to GetLocaleInfo() and LocaleNameToLCID() now happen in the browser process, the mojom interface limits which properties can be requested. Rather than allowing any LCTYPE the strings that can be queried are restricted to those needed by blink. The mojom implementation is guarded by WinSboxProxyLocale and calls are only proxied if this feature is enabled. Bug: 40408399 Change-Id: Ia34f8eff48d2e23e2c9a60825bbabd2ecd48caac Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6108617 Reviewed-by: Rakina Zata Amni <rakina@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Xianzhu Wang <wangxianzhu@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/main@{#1403046}
62 lines
2.2 KiB
C++
62 lines
2.2 KiB
C++
// Copyright 2018 The Chromium Authors
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef CONTENT_BROWSER_SANDBOX_SUPPORT_IMPL_H_
|
|
#define CONTENT_BROWSER_SANDBOX_SUPPORT_IMPL_H_
|
|
|
|
#include "build/build_config.h"
|
|
#include "content/common/content_export.h"
|
|
#include "content/common/sandbox_support.mojom.h"
|
|
#include "mojo/public/cpp/bindings/pending_receiver.h"
|
|
#include "mojo/public/cpp/bindings/receiver_set.h"
|
|
|
|
namespace content {
|
|
|
|
// Performs privileged operations on behalf of sandboxed child processes.
|
|
// This is used to implement the blink::WebSandboxSupport interface in the
|
|
// renderer. However all child process types have access to this interface.
|
|
// This class lives on the IO thread and is owned by the Mojo interface
|
|
// registry.
|
|
class CONTENT_EXPORT SandboxSupportImpl : public mojom::SandboxSupport {
|
|
public:
|
|
SandboxSupportImpl();
|
|
|
|
SandboxSupportImpl(const SandboxSupportImpl&) = delete;
|
|
SandboxSupportImpl& operator=(const SandboxSupportImpl&) = delete;
|
|
|
|
~SandboxSupportImpl() override;
|
|
|
|
void BindReceiver(mojo::PendingReceiver<mojom::SandboxSupport> receiver);
|
|
|
|
// content::mojom::SandboxSupport:
|
|
#if BUILDFLAG(IS_MAC)
|
|
void GetSystemColors(GetSystemColorsCallback callback) override;
|
|
#endif // BUILDFLAG(IS_MAC)
|
|
|
|
#if BUILDFLAG(IS_WIN)
|
|
void LcidAndFirstDayOfWeek(const std::u16string& locale,
|
|
const std::u16string& default_language,
|
|
bool force_defaults,
|
|
LcidAndFirstDayOfWeekCallback callback) override;
|
|
void DigitsAndSigns(uint32_t lcid,
|
|
bool force_defaults,
|
|
DigitsAndSignsCallback callback) override;
|
|
void LocaleStrings(uint32_t lcid,
|
|
bool force_defaults,
|
|
LcTypeStrings collection,
|
|
LocaleStringsCallback callback) override;
|
|
void LocaleString(uint32_t lcid,
|
|
bool force_defaults,
|
|
LcTypeString type,
|
|
LocaleStringCallback callback) override;
|
|
#endif // BUILDFLAG(IS_WIN)
|
|
|
|
private:
|
|
mojo::ReceiverSet<mojom::SandboxSupport> receivers_;
|
|
};
|
|
|
|
} // namespace content
|
|
|
|
#endif // CONTENT_BROWSER_SANDBOX_SUPPORT_IMPL_H_
|