feat: add app.disablePluginSandbox(mimeType) #18939
Conversation
|
cc @Feverqwe |
miniak
changed the title
miniak
force-pushed
the
miniak/disable-plugin-sandbox
branch
3 times, most recently
from
8a51acb
to
46d8df8
Compare
|
As a feature being targetted at |
|
@MarshallOfSound added to the agenda. Regardless of whether it should be backported or not, how does the PR look to you? |
miniak
force-pushed
the
miniak/disable-plugin-sandbox
branch
from
46d8df8
to
f0a64c5
Compare
| Date: Sat, 22 Jun 2019 12:23:04 +0200 | ||
| Subject: Add ContentBrowserClient::IsPluginSandboxDisabled() callback | ||
|
|
||
| Allows the embedder to decide whether the plugin should be sandboxed. |
There was a problem hiding this comment.
Please upstream this patch & add a link to the chromium codereview :)
There was a problem hiding this comment.
I have never upstreamed stuff to Chromium so far, I need to try it for the first time. Any tips?
There was a problem hiding this comment.
Oops, I meant to respond to this ages ago. The best place to start is https://chromium.googlesource.com/chromium/src/+/master/docs/contributing.md
tldr: get a chromium checkout, make a branch, and run git cl upload.
| @@ -988,6 +989,17 @@ bool AtomBrowserClient::PreSpawnRenderer(sandbox::TargetPolicy* policy) { | |||
| } | |||
| #endif // defined(OS_WIN) | |||
|
|
|||
| bool AtomBrowserClient::IsPluginSandboxDisabled( | |||
| const content::PepperPluginInfo& info) { | |||
| const auto& unsandboxed_plugins = Browser::Get()->unsandboxed_plugins(); | |||
There was a problem hiding this comment.
Would it be reasonable to implement this as a callback into JS? I'm imagining an API like
app.setPluginSandboxEnabledHandler((mimeType) => {
return mimeType !== 'foo/bar'
})As written, the API doesn't allow for re-enabling the sandbox after it's disabled, or for choosing which webContents are allowed to launch unsandboxed plugins. I'm not sure that it'd be likely to need such features, just asking whether we should consider them.
There was a problem hiding this comment.
I don't think we can easily map the plugin to the webContents. Also the plugin hosting process is instantiated per plugin. Multiple webContents can share the same one.
My thinking was that there are plugins that just don't work with sandbox at all, so we just need a way to opt-out to make them work. I don't think it's necessary to do it with more granularity.
There was a problem hiding this comment.
the JS handler on the other hand could get more information from content::PepperPluginInfo, including the name, path and MIME types
There was a problem hiding this comment.
@Feverqwe what do you think as the person experiencing the issue that we are trying to solve here?
There was a problem hiding this comment.
I think that any api will be fine. setPluginSandboxEnabledHandler is more flexible, but and disablePluginSandbox looks good.
miniak
force-pushed
the
miniak/disable-plugin-sandbox
branch
from
2efa235
to
9db5b3b
Compare
|
@miniak do you still want to merge this? it's needing rebase |
|
Closing for now given no action and no response to the above but we can re-open should there be a path forward :) |
|
Can we re-open this? |
Description of Change
Added
app.disablePluginSandbox(mimeType)that allows to disable sandboxing of the ppapi plugin host process, which is per-plugin and shared by multipleBrowserWindowinstances.Address #18516. Follow up to #15894 (comment).
/cc @nornagon
Checklist
npm testpassesRelease Notes
Notes: Added
app.disablePluginSandbox(mimeType), which disables sandbox for the plugin identified bymimeType.