New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add app.disablePluginSandbox(mimeType) #18939
Conversation
cc @Feverqwe |
8a51acb
to
46d8df8
Compare
As a feature being targetted at |
@MarshallOfSound added to the agenda. Regardless of whether it should be backported or not, how does the PR look to you? |
46d8df8
to
f0a64c5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm curious why the choice of mimeType as the filter. It seems like it might be better to filter on plugin path, or name? But I don't have all the info :)
Date: Sat, 22 Jun 2019 12:23:04 +0200 | ||
Subject: Add ContentBrowserClient::IsPluginSandboxDisabled() callback | ||
|
||
Allows the embedder to decide whether the plugin should be sandboxed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please upstream this patch & add a link to the chromium codereview :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have never upstreamed stuff to Chromium so far, I need to try it for the first time. Any tips?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, I meant to respond to this ages ago. The best place to start is https://chromium.googlesource.com/chromium/src/+/master/docs/contributing.md
tldr: get a chromium checkout, make a branch, and run git cl upload
.
@@ -988,6 +989,17 @@ bool AtomBrowserClient::PreSpawnRenderer(sandbox::TargetPolicy* policy) { | |||
} | |||
#endif // defined(OS_WIN) | |||
|
|||
bool AtomBrowserClient::IsPluginSandboxDisabled( | |||
const content::PepperPluginInfo& info) { | |||
const auto& unsandboxed_plugins = Browser::Get()->unsandboxed_plugins(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be reasonable to implement this as a callback into JS? I'm imagining an API like
app.setPluginSandboxEnabledHandler((mimeType) => {
return mimeType !== 'foo/bar'
})
As written, the API doesn't allow for re-enabling the sandbox after it's disabled, or for choosing which webContents are allowed to launch unsandboxed plugins. I'm not sure that it'd be likely to need such features, just asking whether we should consider them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we can easily map the plugin to the webContents. Also the plugin hosting process is instantiated per plugin. Multiple webContents can share the same one.
My thinking was that there are plugins that just don't work with sandbox at all, so we just need a way to opt-out to make them work. I don't think it's necessary to do it with more granularity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the JS handler on the other hand could get more information from content::PepperPluginInfo
, including the name, path and MIME types
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Feverqwe what do you think as the person experiencing the issue that we are trying to solve here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that any api will be fine. setPluginSandboxEnabledHandler is more flexible, but and disablePluginSandbox looks good.
2efa235
to
9db5b3b
Compare
@miniak do you still want to merge this? it's needing rebase |
Closing for now given no action and no response to the above but we can re-open should there be a path forward :) |
Can we re-open this? |
Description of Change
Added
app.disablePluginSandbox(mimeType)
that allows to disable sandboxing of the ppapi plugin host process, which is per-plugin and shared by multipleBrowserWindow
instances.Address #18516. Follow up to #15894 (comment).
/cc @nornagon
Checklist
npm test
passesRelease Notes
Notes: Added
app.disablePluginSandbox(mimeType)
, which disables sandbox for the plugin identified bymimeType
.