feat: sandbox renderer processes for cross-origin frames

electron · Jun 5, 2019 · 4341891 · 4341891
1 parent a0b1f4f
commit 4341891
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 5 deletions.
diff --git a/atom/browser/atom_browser_client.cc b/atom/browser/atom_browser_client.cc
@@ -325,6 +325,10 @@ void AtomBrowserClient::ConsiderSiteInstanceForAffinity(
   }
 }
 
+bool AtomBrowserClient::isRendererSubFrame(int process_id) const {
+  return base::ContainsKey(renderer_is_subframe_, process_id);
+}
+
 void AtomBrowserClient::RenderProcessWillLaunch(
     content::RenderProcessHost* host,
     service_manager::mojom::ServiceRequest* service_request) {
@@ -461,6 +465,11 @@ void AtomBrowserClient::RegisterPendingSiteInstance(
   auto* web_contents = content::WebContents::FromRenderFrameHost(rfh);
   auto* pending_process = pending_site_instance->GetProcess();
   pending_processes_[pending_process->GetID()] = web_contents;
+
+  if (rfh->GetParent())
+    renderer_is_subframe_.insert(pending_process->GetID());
+  else
+    renderer_is_subframe_.erase(pending_process->GetID());
 }
 
 void AtomBrowserClient::AppendExtraCommandLineSwitches(
@@ -511,7 +520,8 @@ void AtomBrowserClient::AppendExtraCommandLineSwitches(
     }
     auto* web_preferences = WebContentsPreferences::From(web_contents);
     if (web_preferences)
-      web_preferences->AppendCommandLineSwitches(command_line);
+      web_preferences->AppendCommandLineSwitches(
+          command_line, isRendererSubFrame(process_id));
     SessionPreferences::AppendExtraCommandLineSwitches(
         web_contents->GetBrowserContext(), command_line);
     if (CanUseCustomSiteInstance()) {
@@ -757,6 +767,7 @@ void AtomBrowserClient::RenderProcessHostDestroyed(
     content::RenderProcessHost* host) {
   int process_id = host->GetID();
   pending_processes_.erase(process_id);
+  renderer_is_subframe_.erase(process_id);
   RemoveProcessPreferences(process_id);
 }
 

diff --git a/atom/browser/atom_browser_client.h b/atom/browser/atom_browser_client.h
@@ -234,11 +234,15 @@ class AtomBrowserClient : public content::ContentBrowserClient,
   void ConsiderSiteInstanceForAffinity(content::RenderFrameHost* rfh,
                                        content::SiteInstance* site_instance);
 
+  bool isRendererSubFrame(int process_id) const;
+
   // pending_render_process => web contents.
   std::map<int, content::WebContents*> pending_processes_;
 
   std::map<int, base::ProcessId> render_process_host_pids_;
 
+  std::set<int> renderer_is_subframe_;
+
   // list of site per affinity. weak_ptr to prevent instance locking
   std::map<std::string, content::SiteInstance*> site_per_affinities_;
 

diff --git a/atom/browser/web_contents_preferences.cc b/atom/browser/web_contents_preferences.cc
@@ -271,7 +271,8 @@ WebContentsPreferences* WebContentsPreferences::From(
 }
 
 void WebContentsPreferences::AppendCommandLineSwitches(
-    base::CommandLine* command_line) {
+    base::CommandLine* command_line,
+    bool is_subframe) {
   // Check if plugins are enabled.
   if (IsEnabled(options::kPlugins))
     command_line->AppendSwitch(switches::kEnablePlugins);
@@ -293,12 +294,14 @@ void WebContentsPreferences::AppendCommandLineSwitches(
   if (IsEnabled(options::kWebviewTag))
     command_line->AppendSwitch(switches::kWebviewTag);
 
+  bool sandbox = is_subframe && !IsEnabled(options::kNodeIntegrationInSubFrames));
+
   // If the `sandbox` option was passed to the BrowserWindow's webPreferences,
   // pass `--enable-sandbox` to the renderer so it won't have any node.js
   // integration.
-  if (IsEnabled(options::kSandbox)) {
+  if (IsEnabled(options::kSandbox) || sandbox) {
     command_line->AppendSwitch(switches::kEnableSandbox);
-  } else if (!command_line->HasSwitch(switches::kEnableSandbox)) {
+  } else if (!command_line->HasSwitch(switches::kEnableSandbox) && !sandbox) {
     command_line->AppendSwitch(service_manager::switches::kNoSandbox);
     command_line->AppendSwitch(::switches::kNoZygote);
   }

diff --git a/atom/browser/web_contents_preferences.h b/atom/browser/web_contents_preferences.h
@@ -47,7 +47,8 @@ class WebContentsPreferences
   void Merge(const base::DictionaryValue& new_web_preferences);
 
   // Append command paramters according to preferences.
-  void AppendCommandLineSwitches(base::CommandLine* command_line);
+  void AppendCommandLineSwitches(base::CommandLine* command_line,
+                                 bool is_subframe);
 
   // Modify the WebPreferences according to preferences.
   void OverrideWebkitPrefs(content::WebPreferences* prefs);