cef/patch/patches/base_sandbox_2743.patch

234 lines
7.2 KiB
Diff
Raw Permalink Normal View History

diff --git base/BUILD.gn base/BUILD.gn
index a989a351a8765..3f7af447dd187 100644
--- base/BUILD.gn
+++ base/BUILD.gn
@@ -41,6 +41,7 @@ import("//build/nocompile.gni")
import("//build/timestamp.gni")
import("//build/util/process_version.gni")
import("//build_overrides/build.gni")
+import("//cef/libcef/features/features.gni")
import("//testing/libfuzzer/fuzzer_test.gni")
import("//testing/test.gni")
@@ -1507,7 +1508,11 @@ component("base") {
"hash/md5_constexpr_internal.h",
"hash/sha1.h",
]
- if (is_nacl) {
+ deps += [ "//cef/libcef/features" ]
+ if (enable_cef) {
+ configs += [ "//cef/libcef/features:config" ]
+ }
+ if (is_nacl || is_cef_sandbox_build) {
sources += [
"hash/md5_nacl.cc",
"hash/md5_nacl.h",
@@ -1936,6 +1941,12 @@ component("base") {
defines += [ "COM_INIT_CHECK_HOOK_DISABLED" ]
}
+ if (!use_custom_libcxx) {
+ # Enable the VS 2015 Update 2 fix when building with the MSVC standard
+ # library.
+ defines += [ "_ENABLE_ATOMIC_ALIGNMENT_FIX" ]
+ }
+
libs += [
"cfgmgr32.lib",
"ntdll.lib",
diff --git base/allocator/dispatcher/dispatcher.cc base/allocator/dispatcher/dispatcher.cc
index 4595034abae30..da29453cf7d71 100644
--- base/allocator/dispatcher/dispatcher.cc
+++ base/allocator/dispatcher/dispatcher.cc
@@ -10,6 +10,7 @@
#include "base/check.h"
#include "base/dcheck_is_on.h"
#include "base/no_destructor.h"
+#include "cef/libcef/features/features.h"
#if DCHECK_IS_ON()
#include <atomic>
@@ -33,7 +34,7 @@ struct Dispatcher::Impl {
}
void Reset() {
-#if DCHECK_IS_ON()
+#if DCHECK_IS_ON() && !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
DCHECK([&]() {
auto const was_set = is_initialized_check_flag_.test_and_set();
is_initialized_check_flag_.clear();
diff --git base/hash/md5.h base/hash/md5.h
index b49701893a182..acefcbc5bc439 100644
--- base/hash/md5.h
+++ base/hash/md5.h
@@ -11,8 +11,9 @@
#include "base/base_export.h"
#include "base/containers/span.h"
#include "build/build_config.h"
+#include "cef/libcef/features/features.h"
-#if BUILDFLAG(IS_NACL)
+#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)
#include "base/hash/md5_nacl.h"
#else
#include "base/hash/md5_boringssl.h"
diff --git base/hash/sha1.h base/hash/sha1.h
index 1891e95fa387d..fc190dc39ae7d 100644
--- base/hash/sha1.h
+++ base/hash/sha1.h
@@ -14,7 +14,9 @@
#include "base/base_export.h"
#include "base/containers/span.h"
#include "build/build_config.h"
-#if BUILDFLAG(IS_NACL)
+#include "cef/libcef/features/features.h"
+
+#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)
#include "base/hash/sha1_nacl.h"
#else
#include "base/hash/sha1_boringssl.h"
diff --git base/rand_util.h base/rand_util.h
index a24e93122172e..5084668cb93a7 100644
--- base/rand_util.h
+++ base/rand_util.h
@@ -17,8 +17,9 @@
#include "base/containers/span.h"
#include "base/gtest_prod_util.h"
#include "build/build_config.h"
+#include "cef/libcef/features/features.h"
-#if !BUILDFLAG(IS_NACL)
+#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
#include "third_party/boringssl/src/include/openssl/rand.h"
#endif
@@ -125,7 +126,7 @@ class RandomBitGenerator {
~RandomBitGenerator() = default;
};
-#if !BUILDFLAG(IS_NACL)
+#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
class NonAllocatingRandomBitGenerator {
public:
using result_type = uint64_t;
diff --git base/rand_util_win.cc base/rand_util_win.cc
index 299e54300a09d..cdc43cc48dce6 100644
--- base/rand_util_win.cc
+++ base/rand_util_win.cc
@@ -15,8 +15,12 @@
#include "base/check.h"
#include "base/feature_list.h"
+#include "cef/libcef/features/features.h"
+
+#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/rand.h"
+#endif
// Prototype for ProcessPrng.
// See: https://learn.microsoft.com/en-us/windows/win32/seccng/processprng
@@ -28,6 +32,7 @@ namespace base {
namespace internal {
+#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
namespace {
// The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and
@@ -49,6 +54,10 @@ bool UseBoringSSLForRandBytes() {
return g_use_boringssl.load(std::memory_order_relaxed);
}
+#else // !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
+void ConfigureBoringSSLBackedRandBytesFieldTrial() {}
+#endif
+
} // namespace internal
namespace {
@@ -66,6 +75,7 @@ decltype(&ProcessPrng) GetProcessPrng() {
}
void RandBytes(span<uint8_t> output, bool avoid_allocation) {
+#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) {
// Ensure BoringSSL is initialized so it can use things like RDRAND.
CRYPTO_library_init();
@@ -73,6 +83,7 @@ void RandBytes(span<uint8_t> output, bool avoid_allocation) {
(void)RAND_bytes(output.data(), output.size());
return;
}
+#endif // !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
static decltype(&ProcessPrng) process_prng_fn = GetProcessPrng();
BOOL success =
diff --git base/unguessable_token.cc base/unguessable_token.cc
index da65502f75c3a..8b9d6eec4a1e2 100644
--- base/unguessable_token.cc
+++ base/unguessable_token.cc
@@ -10,8 +10,9 @@
#include "base/format_macros.h"
#include "base/rand_util.h"
#include "build/build_config.h"
+#include "cef/libcef/features/features.h"
-#if !BUILDFLAG(IS_NACL)
+#if !BUILDFLAG(IS_NACL) && !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
#include "third_party/boringssl/src/include/openssl/mem.h"
#endif
@@ -57,7 +58,7 @@ absl::optional<UnguessableToken> UnguessableToken::DeserializeFromString(
}
bool operator==(const UnguessableToken& lhs, const UnguessableToken& rhs) {
-#if BUILDFLAG(IS_NACL)
+#if BUILDFLAG(IS_NACL) || BUILDFLAG(IS_CEF_SANDBOX_BUILD)
// BoringSSL is unavailable for NaCl builds so it remains timing dependent.
return lhs.token_ == rhs.token_;
#else
diff --git base/win/sid.cc base/win/sid.cc
index 3323cc7cbfee1..778b86dcd4154 100644
--- base/win/sid.cc
+++ base/win/sid.cc
@@ -17,6 +17,7 @@
#include <utility>
#include "base/check.h"
+#include "base/notreached.h"
#include "base/no_destructor.h"
#include "base/rand_util.h"
#include "base/ranges/algorithm.h"
@@ -24,8 +25,12 @@
#include "base/win/scoped_handle.h"
#include "base/win/scoped_localalloc.h"
#include "base/win/windows_version.h"
+#include "cef/libcef/features/features.h"
+
+#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/sha.h"
+#endif
namespace base::win {
@@ -126,6 +131,7 @@ Sid Sid::FromNamedCapability(const std::wstring& capability_name) {
if (known_cap != known_capabilities->end()) {
return FromKnownCapability(known_cap->second);
}
+#if !BUILDFLAG(IS_CEF_SANDBOX_BUILD)
CRYPTO_library_init();
static_assert((SHA256_DIGEST_LENGTH / sizeof(DWORD)) ==
SECURITY_APP_PACKAGE_RID_COUNT);
@@ -138,6 +144,10 @@ Sid Sid::FromNamedCapability(const std::wstring& capability_name) {
reinterpret_cast<uint8_t*>(&rids[2]));
return FromSubAuthorities(SECURITY_APP_PACKAGE_AUTHORITY, std::size(rids),
rids);
+#else
+ NOTREACHED();
+ return Sid(WellKnownSid::kNull);
+#endif
}
Sid Sid::FromKnownSid(WellKnownSid type) {