From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 ...d_memory_duplication_after_initialization.patch | 94 ++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 security/sandbox/chromium-shim/patches/after_update/move_shared_memory_duplication_after_initialization.patch

(limited to 'security/sandbox/chromium-shim/patches/after_update/move_shared_memory_duplication_after_initialization.patch')

diff --git a/security/sandbox/chromium-shim/patches/after_update/move_shared_memory_duplication_after_initialization.patch b/security/sandbox/chromium-shim/patches/after_update/move_shared_memory_duplication_after_initialization.patch
new file mode 100644
index 0000000000..f8250b788d
--- /dev/null
+++ b/security/sandbox/chromium-shim/patches/after_update/move_shared_memory_duplication_after_initialization.patch
@@ -0,0 +1,94 @@
+# HG changeset patch
+# User Bob Owen <bobowencode@gmail.com>
+# Date 1577387989 0
+#      Thu Dec 26 19:19:49 2019 +0000
+# Node ID 32adf437117bdca54be4959813acbb604f65137f
+# Parent  214214029beb6cca606e11ba519d11cc7dbb37af
+Bug 1605867: Don't duplicate IPC shared memory when we might fail to launch the process correctly. r=handyman
+
+Differential Revision: https://phabricator.services.mozilla.com/D58271
+
+diff --git a/security/sandbox/chromium/sandbox/win/src/target_process.cc b/security/sandbox/chromium/sandbox/win/src/target_process.cc
+--- a/security/sandbox/chromium/sandbox/win/src/target_process.cc
++++ b/security/sandbox/chromium/sandbox/win/src/target_process.cc
+@@ -286,45 +286,28 @@ ResultCode TargetProcess::Init(Dispatche
+   shared_section_.Set(::CreateFileMappingW(INVALID_HANDLE_VALUE, nullptr,
+                                            PAGE_READWRITE | SEC_COMMIT, 0,
+                                            shared_mem_size, nullptr));
+   if (!shared_section_.IsValid()) {
+     *win_error = ::GetLastError();
+     return SBOX_ERROR_CREATE_FILE_MAPPING;
+   }
+ 
+-  DWORD access = FILE_MAP_READ | FILE_MAP_WRITE | SECTION_QUERY;
+-  HANDLE target_shared_section;
+-  if (!::DuplicateHandle(::GetCurrentProcess(), shared_section_.Get(),
+-                         sandbox_process_info_.process_handle(),
+-                         &target_shared_section, access, false, 0)) {
+-    *win_error = ::GetLastError();
+-    return SBOX_ERROR_DUPLICATE_SHARED_SECTION;
+-  }
+-
+   void* shared_memory = ::MapViewOfFile(
+       shared_section_.Get(), FILE_MAP_WRITE | FILE_MAP_READ, 0, 0, 0);
+   if (!shared_memory) {
+     *win_error = ::GetLastError();
+     return SBOX_ERROR_MAP_VIEW_OF_SHARED_SECTION;
+   }
+ 
+   CopyPolicyToTarget(policy, shared_policy_size,
+                      reinterpret_cast<char*>(shared_memory) + shared_IPC_size);
+ 
+   ResultCode ret;
+   // Set the global variables in the target. These are not used on the broker.
+-  g_shared_section = target_shared_section;
+-  ret = TransferVariable("g_shared_section", &g_shared_section,
+-                         sizeof(g_shared_section));
+-  g_shared_section = nullptr;
+-  if (SBOX_ALL_OK != ret) {
+-    *win_error = ::GetLastError();
+-    return ret;
+-  }
+   g_shared_IPC_size = shared_IPC_size;
+   ret = TransferVariable("g_shared_IPC_size", &g_shared_IPC_size,
+                          sizeof(g_shared_IPC_size));
+   g_shared_IPC_size = 0;
+   if (SBOX_ALL_OK != ret) {
+     *win_error = ::GetLastError();
+     return ret;
+   }
+@@ -339,16 +322,34 @@ ResultCode TargetProcess::Init(Dispatche
+ 
+   ipc_server_.reset(new SharedMemIPCServer(
+       sandbox_process_info_.process_handle(),
+       sandbox_process_info_.process_id(), thread_pool_, ipc_dispatcher));
+ 
+   if (!ipc_server_->Init(shared_memory, shared_IPC_size, kIPCChannelSize))
+     return SBOX_ERROR_NO_SPACE;
+ 
++  DWORD access = FILE_MAP_READ | FILE_MAP_WRITE | SECTION_QUERY;
++  HANDLE target_shared_section;
++  if (!::DuplicateHandle(::GetCurrentProcess(), shared_section_.Get(),
++                         sandbox_process_info_.process_handle(),
++                         &target_shared_section, access, false, 0)) {
++    *win_error = ::GetLastError();
++    return SBOX_ERROR_DUPLICATE_SHARED_SECTION;
++  }
++
++  g_shared_section = target_shared_section;
++  ret = TransferVariable("g_shared_section", &g_shared_section,
++                         sizeof(g_shared_section));
++  g_shared_section = nullptr;
++  if (SBOX_ALL_OK != ret) {
++    *win_error = ::GetLastError();
++    return ret;
++  }
++
+   // After this point we cannot use this handle anymore.
+   ::CloseHandle(sandbox_process_info_.TakeThreadHandle());
+ 
+   return SBOX_ALL_OK;
+ }
+ 
+ void TargetProcess::Terminate() {
+   if (!sandbox_process_info_.IsValid())
-- 
cgit v1.2.3