Reland "Run v8 in proxy resolver in jitless mode."

This is a reland of a8a9ff46 Only change from original CL is to remove the macOS sandbox changes. Original change's description: > Run v8 in proxy resolver in jitless mode. > > This allows MITIGATION_DYNAMIC_CODE_DISABLE to be enabled for the > process on Windows, and moves PAC resolver from the Renderer helper > variant to the Default helper variant on macOS. > > BUG=961831,961592 > > Change-Id: I90f9dc69fa5ebf43f71b0395d7d2217fc24181b5 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2051153 > Commit-Queue: Will Harris <wfh@chromium.org> > Reviewed-by: Robert Sesek <rsesek@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Jochen Eisinger <jochen@chromium.org> > Cr-Commit-Position: refs/heads/master@{#741531} Bug: 961831, 961592, 1052853 Change-Id: I847f3987ca2c21cd4999bd9c226261223ef045d4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2064588Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#744784}

Reland "Run v8 in proxy resolver in jitless mode."
This is a reland of a8a9ff46 Only change from original CL is to remove the macOS sandbox changes. Original change's description: > Run v8 in proxy resolver in jitless mode. > > This allows MITIGATION_DYNAMIC_CODE_DISABLE to be enabled for the > process on Windows, and moves PAC resolver from the Renderer helper > variant to the Default helper variant on macOS. > > BUG=961831,961592 > > Change-Id: I90f9dc69fa5ebf43f71b0395d7d2217fc24181b5 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2051153 > Commit-Queue: Will Harris <wfh@chromium.org> > Reviewed-by: Robert Sesek <rsesek@chromium.org> > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Jochen Eisinger <jochen@chromium.org> > Cr-Commit-Position: refs/heads/master@{#741531} Bug: 961831, 961592, 1052853 Change-Id: I847f3987ca2c21cd4999bd9c226261223ef045d4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2064588Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#744784}
e705a64d · Will Harris · Commit Bot · 2d651f7b · e705a64d · e705a64d
Commit e705a64d authored Feb 26, 2020 by Will Harris Committed by Commit Bot Feb 26, 2020
9 changed files
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -3565,6 +3565,7 @@ base::string16 ChromeContentBrowserClient::GetAppContainerSidForSandboxType(
    case service_manager::SandboxType::kPrintCompositor:
    case service_manager::SandboxType::kAudio:
    case service_manager::SandboxType::kSoda:
+    case service_manager::SandboxType::kProxyResolver:
      // Should never reach here.
      CHECK(0);
      return base::string16();

--- a/chrome/browser/net/chrome_mojo_proxy_resolver_factory.cc
+++ b/chrome/browser/net/chrome_mojo_proxy_resolver_factory.cc
@@ -24,6 +24,10 @@
 #include "services/strings/grit/services_strings.h"
 #endif

+#if defined(OS_WIN)
+#include "services/service_manager/sandbox/sandbox_type.h"
+#endif
+
 namespace {

 proxy_resolver::mojom::ProxyResolverFactory* GetProxyResolverFactory() {
@@ -50,6 +54,9 @@ proxy_resolver::mojom::ProxyResolverFactory* GetProxyResolverFactory() {
            .WithChildFlags(content::ChildProcessHost::CHILD_RENDERER)
 #endif
            .WithDisplayName(IDS_PROXY_RESOLVER_DISPLAY_NAME)
+#if defined(OS_WIN)
+            .WithSandboxType(service_manager::SandboxType::kProxyResolver)
+#endif
            .Pass());

    // The service will report itself idle once there are no more bound

--- a/chrome/browser/ui/webui/sandbox/sandbox_handler.cc
+++ b/chrome/browser/ui/webui/sandbox/sandbox_handler.cc
@@ -56,6 +56,8 @@ std::string GetSandboxTypeInEnglish(content::SandboxType sandbox_type) {
      return "Audio";
    case content::SandboxType::kSoda:
      return "SODA";
+    case content::SandboxType::kProxyResolver:
+      return "Proxy Resolver";
  }
 }


--- a/content/browser/utility_process_host.cc
+++ b/content/browser/utility_process_host.cc
@@ -80,6 +80,7 @@ class UtilitySandboxedProcessLauncherDelegate
        sandbox_type_ ==
            service_manager::SandboxType::kNoSandboxAndElevatedPrivileges ||
        sandbox_type_ == service_manager::SandboxType::kXrCompositing ||
+        sandbox_type_ == service_manager::SandboxType::kProxyResolver ||
 #endif
        sandbox_type_ == service_manager::SandboxType::kUtility ||
        sandbox_type_ == service_manager::SandboxType::kNetwork ||
@@ -137,12 +138,20 @@ class UtilitySandboxedProcessLauncherDelegate
    if (sandbox_type_ == service_manager::SandboxType::kAudio)
      return audio::AudioPreSpawnTarget(policy);

+    if (sandbox_type_ == service_manager::SandboxType::kProxyResolver) {
+      sandbox::MitigationFlags flags = policy->GetDelayedProcessMitigations();
+      flags |= sandbox::MITIGATION_DYNAMIC_CODE_DISABLE;
+      if (sandbox::SBOX_ALL_OK != policy->SetDelayedProcessMitigations(flags))
+        return false;
+      return true;
+    }
+
    if (sandbox_type_ == service_manager::SandboxType::kXrCompositing &&
        base::FeatureList::IsEnabled(service_manager::features::kXRSandbox)) {
      // There were issues with some mitigations, causing an inability
      // to load OpenVR and Oculus APIs.
-      // TODO(https://crbug.com/881919): Try to harden the XR Compositor sandbox
-      // to use mitigations and restrict the token.
+      // TODO(https://crbug.com/881919): Try to harden the XR Compositor
+      // sandbox to use mitigations and restrict the token.
      policy->SetProcessMitigations(0);
      policy->SetDelayedProcessMitigations(0);


--- a/services/proxy_resolver/proxy_resolver_v8.cc
+++ b/services/proxy_resolver/proxy_resolver_v8.cc
@@ -378,8 +378,11 @@ class SharedIsolateFactory {
        // and not V8, so tune down V8 to use as little memory as possible.
        static const char kOptimizeForSize[] = "--optimize_for_size";
        v8::V8::SetFlagsFromString(kOptimizeForSize, strlen(kOptimizeForSize));
-        static const char kNoOpt[] = "--noopt";
-        v8::V8::SetFlagsFromString(kNoOpt, strlen(kNoOpt));
+
+        // Running v8 in jitless mode allows dynamic code to be disabled in the
+        // process.
+        static const char kJitless[] = "--jitless";
+        v8::V8::SetFlagsFromString(kJitless, strlen(kJitless));

        // WebAssembly isn't encountered during resolution, so reduce the
        // potential attack surface.

--- a/services/service_manager/sandbox/sandbox_type.cc
+++ b/services/service_manager/sandbox/sandbox_type.cc
@@ -23,6 +23,8 @@ bool IsUnsandboxedSandboxType(SandboxType sandbox_type) {
    case SandboxType::kXrCompositing:
      return !base::FeatureList::IsEnabled(
          service_manager::features::kXRSandbox);
+    case SandboxType::kProxyResolver:
+      return false;
 #endif
    case SandboxType::kAudio:
      return !IsAudioSandboxEnabled();
@@ -86,6 +88,7 @@ void SetCommandLineFlagsForSandboxType(base::CommandLine* command_line,
    case SandboxType::kAudio:
 #if defined(OS_WIN)
    case SandboxType::kXrCompositing:
+    case SandboxType::kProxyResolver:
 #endif  // defined(OS_WIN)
 #if defined(OS_CHROMEOS)
    case SandboxType::kIme:
@@ -171,6 +174,8 @@ std::string StringFromUtilitySandboxType(SandboxType sandbox_type) {
 #if defined(OS_WIN)
    case SandboxType::kXrCompositing:
      return switches::kXrCompositingSandbox;
+    case SandboxType::kProxyResolver:
+      return switches::kProxyResolverSandbox;
 #endif  // defined(OS_WIN)
 #if defined(OS_CHROMEOS)
    case SandboxType::kIme:
@@ -215,6 +220,8 @@ SandboxType UtilitySandboxTypeFromString(const std::string& sandbox_string) {
 #if defined(OS_WIN)
  if (sandbox_string == switches::kXrCompositingSandbox)
    return SandboxType::kXrCompositing;
+  if (sandbox_string == switches::kProxyResolverSandbox)
+    return SandboxType::kProxyResolver;
 #endif
  if (sandbox_string == switches::kAudioSandbox)
    return SandboxType::kAudio;

--- a/services/service_manager/sandbox/sandbox_type.h
+++ b/services/service_manager/sandbox/sandbox_type.h
@@ -27,6 +27,9 @@ enum class SandboxType {

  // The XR Compositing process.
  kXrCompositing,
+
+  // The proxy resolver process.
+  kProxyResolver,
 #endif

 #if defined(OS_FUCHSIA)

--- a/services/service_manager/sandbox/switches.cc
+++ b/services/service_manager/sandbox/switches.cc
@@ -31,6 +31,7 @@ const char kAudioSandbox[] = "audio";
 const char kSodaSandbox[] = "soda";

 #if defined(OS_WIN)
+const char kProxyResolverSandbox[] = "proxy_resolver";
 const char kXrCompositingSandbox[] = "xr_compositing";
 #endif  // OS_WIN


--- a/services/service_manager/sandbox/switches.h
+++ b/services/service_manager/sandbox/switches.h
@@ -30,6 +30,7 @@ SERVICE_MANAGER_SANDBOX_EXPORT extern const char kAudioSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kSodaSandbox[];

 #if defined(OS_WIN)
+SERVICE_MANAGER_SANDBOX_EXPORT extern const char kProxyResolverSandbox[];
 SERVICE_MANAGER_SANDBOX_EXPORT extern const char kXrCompositingSandbox[];
 #endif  // OS_WIN