diff --git a/www/ungoogled-chromium/Makefile b/www/ungoogled-chromium/Makefile index 238cb9468325..484289f10e6b 100644 --- a/www/ungoogled-chromium/Makefile +++ b/www/ungoogled-chromium/Makefile @@ -1,413 +1,414 @@ PORTNAME= ungoogled-chromium PORTVERSION= 143.0.7499.40 +PORTREVISION= 1 PULSEMV= 16 PULSEV= ${PULSEMV}.1 UGVERSION= ${DISTVERSION}-1 CATEGORIES= www wayland MASTER_SITES= https://commondatastorage.googleapis.com/chromium-browser-official/:goo \ https://freedesktop.org/software/pulseaudio/releases/:pulseaudio DISTFILES= chromium-${DISTVERSION}-lite${EXTRACT_SUFX}:goo \ pulseaudio-${PULSEV}.tar.gz:pulseaudio USE_GITHUB= yes GH_ACCOUNT= ungoogled-software GH_TAGNAME= ${UGVERSION} MAINTAINER= chromium@FreeBSD.org COMMENT= Google web browser based on WebKit sans integration with Google WWW= https://github.com/ungoogled-software/ungoogled-chromium LICENSE= BSD3CLAUSE LGPL21 MPL11 LICENSE_COMB= multi ONLY_FOR_ARCHS= aarch64 amd64 PATCH_DEPENDS= gpatch:devel/patch \ ${PYTHON_VERSION}:lang/python${PYTHON_SUFFIX} BUILD_DEPENDS= bash:shells/bash \ ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}ply>0:devel/py-ply@${PY_FLAVOR} \ bindgen:devel/rust-bindgen-cli \ gperf:devel/gperf \ flock:sysutils/flock \ node:www/node \ rustc:lang/rust \ xcb-proto>0:x11/xcb-proto \ ${LOCALBASE}/include/linux/videodev2.h:multimedia/v4l_compat \ ${LOCALBASE}/share/usbids/usb.ids:misc/usbids \ ${PYTHON_PKGNAMEPREFIX}html5lib>0:www/py-html5lib@${PY_FLAVOR} \ ${LOCALBASE}/include/va/va.h:multimedia/libva \ ${LOCALBASE}/libdata/pkgconfig/dri.pc:graphics/mesa-dri \ ${LOCALBASE}/libdata/pkgconfig/Qt5Core.pc:devel/qt5-core \ ${LOCALBASE}/libdata/pkgconfig/Qt5Widgets.pc:x11-toolkits/qt5-widgets LIB_DEPENDS= libatk-bridge-2.0.so:accessibility/at-spi2-core \ libatspi.so:accessibility/at-spi2-core \ libspeechd.so:accessibility/speech-dispatcher \ libFLAC.so:audio/flac \ libopus.so:audio/opus \ libspeex.so:audio/speex \ libdbus-1.so:devel/dbus \ libdbus-glib-1.so:devel/dbus-glib \ libepoll-shim.so:devel/libepoll-shim \ libevent.so:devel/libevent \ libffi.so:devel/libffi \ libicuuc.so:devel/icu \ libjsoncpp.so:devel/jsoncpp \ libpci.so:devel/libpci \ libnspr4.so:devel/nspr \ libre2.so:devel/re2 \ libcairo.so:graphics/cairo \ libdrm.so:graphics/libdrm \ libexif.so:graphics/libexif \ libpng.so:graphics/png \ libwebp.so:graphics/webp \ libdav1d.so:multimedia/dav1d \ libopenh264.so:multimedia/openh264 \ libfreetype.so:print/freetype2 \ libharfbuzz.so:print/harfbuzz \ libharfbuzz-icu.so:print/harfbuzz-icu \ libgcrypt.so:security/libgcrypt \ libsecret-1.so:security/libsecret \ libnss3.so:security/nss \ libexpat.so:textproc/expat2 \ libfontconfig.so:x11-fonts/fontconfig \ libwayland-client.so:graphics/wayland \ libxkbcommon.so:x11/libxkbcommon \ libxshmfence.so:x11/libxshmfence RUN_DEPENDS= xdg-open:devel/xdg-utils \ noto-basic>0:x11-fonts/noto-basic USES= bison compiler:c++17-lang cpe desktop-file-utils gl gmake gnome \ iconv:wchar_t jpeg localbase:ldflags ninja perl5 pkgconfig \ python:build qt:5 shebangfix tar:xz xorg CPE_VENDOR= google CPE_PRODUCT= chrome USE_GL= gbm gl USE_GNOME= atk dconf gdkpixbuf glib20 gtk30 libxml2 libxslt USE_LDCONFIG= ${DATADIR} USE_PERL5= build USE_XORG= x11 xcb xcomposite xcursor xext xdamage xfixes xi \ xorgproto xrandr xrender xscrnsaver xtst USE_QT= buildtools:build SHEBANG_FILES= chrome/tools/build/linux/chrome-wrapper MAKE_ARGS= -C out/${BUILDTYPE} ALL_TARGET= chrome BINARY_ALIAS= python3=${PYTHON_CMD} # TODO bz@ : install libwidevinecdm.so (see third_party/widevine/cdm/BUILD.gn) # # Run "./out/${BUILDTYPE}/gn args out/${BUILDTYPE} --list" for all variables. # Some parts don't have use_system_* flag, and can be turned on/off by using # replace_gn_files.py script, some parts just turned on/off for target host # OS "target_os == is_bsd", like libusb, libpci. GN_ARGS+= enable_widevine=true \ fatal_linker_warnings=false \ icu_use_data_file=false \ is_clang=true \ moc_qt5_path="${QT_TOOLDIR}/moc" \ optimize_webui=true \ toolkit_views=true \ use_allocator_shim=false \ use_aura=true \ use_custom_libcxx=true \ use_custom_libunwind=true \ use_lld=true \ use_partition_alloc=true \ use_partition_alloc_as_malloc=false \ use_qt5=true \ use_sysroot=false \ use_system_freetype=false \ use_system_harfbuzz=true \ use_system_libffi=true \ use_system_libjpeg=true \ use_udev=false \ extra_cxxflags="${CXXFLAGS} -I${LOCALBASE}/include/libepoll-shim ${PINCLUDES}" \ extra_ldflags="${LDFLAGS}" \ ffmpeg_branding="${FFMPEG_BRAND}" # sync with flags.gni GN_ARGS+= build_with_tflite_lib=false \ chrome_pgo_phase=0 \ clang_use_chrome_plugins=false \ disable_fieldtrial_testing_config=true \ enable_backup_ref_ptr_support=false \ enable_hangout_services_extension=false \ enable_mdns=false \ enable_remoting=false \ enable_reporting=false \ enable_service_discovery=false \ exclude_unwind_tables=true \ google_api_key="" \ google_default_client_id="" \ google_default_client_secret="" \ safe_browsing_mode=0 \ treat_warnings_as_errors=false \ use_official_google_api_keys=false \ use_unofficial_version_number=false # TODO: investigate building with these options: # use_system_minigbm GN_BOOTSTRAP_FLAGS= --no-clean --no-rebuild --skip-generate-buildfiles SUB_FILES= ungoogled-chromium.desktop ungoogled-chromium SUB_LIST+= COMMENT="${COMMENT}" OPTIONS_DEFINE= CODECS CUPS DEBUG DRIVER KERBEROS LTO PIPEWIRE TEST WIDEVINE OPTIONS_DEFAULT= CODECS CUPS DRIVER KERBEROS PIPEWIRE SNDIO ALSA PULSEAUDIO OPTIONS_EXCLUDE_aarch64=LTO OPTIONS_GROUP= AUDIO OPTIONS_GROUP_AUDIO= ALSA PULSEAUDIO SNDIO OPTIONS_RADIO= KERBEROS OPTIONS_RADIO_KERBEROS= HEIMDAL HEIMDAL_BASE MIT OPTIONS_SUB= yes CODECS_DESC= Compile and enable patented codecs like H.264 DRIVER_DESC= Install chromedriver HEIMDAL_BASE_DESC= Heimdal Kerberos (base) HEIMDAL_DESC= Heimdal Kerberos (security/heimdal) MIT_DESC= MIT Kerberos (security/krb5) ALSA_LIB_DEPENDS= libasound.so:audio/alsa-lib ALSA_RUN_DEPENDS= ${LOCALBASE}/lib/alsa-lib/libasound_module_pcm_oss.so:audio/alsa-plugins \ alsa-lib>=1.1.1_1:audio/alsa-lib ALSA_VARS= GN_ARGS+=use_alsa=true ALSA_VARS_OFF= GN_ARGS+=use_alsa=false CODECS_VARS= GN_ARGS+=proprietary_codecs=true \ FFMPEG_BRAND="Chrome" CODECS_VARS_OFF= GN_ARGS+=proprietary_codecs=false \ FFMPEG_BRAND="Chromium" CUPS_LIB_DEPENDS= libcups.so:print/cups CUPS_VARS= GN_ARGS+=use_cups=true CUPS_VARS_OFF= GN_ARGS+=use_cups=false DEBUG_BUILD_DEPENDS= esbuild:devel/esbuild DEBUG_VARS= BUILDTYPE=Debug \ GN_ARGS+=is_debug=true \ GN_ARGS+=is_component_build=false \ GN_ARGS+=symbol_level=1 \ GN_BOOTSTRAP_FLAGS+=--debug \ WANTSPACE="60 GB" \ WANTMEM="8 GB" DEBUG_VARS_OFF= BUILDTYPE=Release \ GN_ARGS+=blink_symbol_level=0 \ GN_ARGS+=is_debug=false \ GN_ARGS+=is_official_build=true \ GN_ARGS+=symbol_level=0 \ WANTSPACE="35 GB" \ WANTMEM="8 GB" DRIVER_MAKE_ARGS= chromedriver HEIMDAL_LIB_DEPENDS= libkrb.so.26:security/heimdal KERBEROS_VARS= GN_ARGS+=use_kerberos=true KERBEROS_VARS_OFF= GN_ARGS+=use_kerberos=false LTO_VARS= GN_ARGS+=use_thin_lto=true \ GN_ARGS+=thin_lto_enable_optimizations=true \ WANTSPACE="40 GB" \ WANTMEM="16 GB" LTO_VARS_OFF= GN_ARGS+=use_thin_lto=false MIT_LIB_DEPENDS= libkrb.so.3:security/krb5 PIPEWIRE_DESC= Screen capture via PipeWire PIPEWIRE_LIB_DEPENDS= libpipewire-0.3.so:multimedia/pipewire PIPEWIRE_VARS= GN_ARGS+=rtc_use_pipewire=true \ GN_ARGS+=rtc_link_pipewire=true PIPEWIRE_VARS_OFF= GN_ARGS+=rtc_use_pipewire=false \ GN_ARGS+=rtc_link_pipewire=false PULSEAUDIO_VARS= GN_ARGS+=use_pulseaudio=true \ PINCLUDES="-I${WRKDIR}/pulseaudio-${PULSEV}/src -DPA_MAJOR=${PULSEMV}" PULSEAUDIO_VARS_OFF= GN_ARGS+=use_pulseaudio=false SNDIO_LIB_DEPENDS= libsndio.so:audio/sndio SNDIO_VARS= GN_ARGS+=use_sndio=true SNDIO_VARS_OFF= GN_ARGS+=use_sndio=false WIDEVINE_DESC= Depend on foreign-cdm to enable playback of DRM content WIDEVINE_RUN_DEPENDS= foreign-cdm>0:www/foreign-cdm .include "Makefile.tests" TEST_DISTFILES= chromium-${DISTVERSION}-testdata${EXTRACT_SUFX} TEST_ALL_TARGET= ${TEST_TARGETS} .include .include # for COMPILER_VERSION .if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so) IGNORE= you have selected HEIMDAL_BASE but do not have Heimdal installed in base .endif LLVM_DEFAULT= 21 BUILD_DEPENDS+= clang${LLVM_DEFAULT}:devel/llvm${LLVM_DEFAULT} BINARY_ALIAS+= cpp=${LOCALBASE}/bin/clang-cpp${LLVM_DEFAULT} \ cc=${LOCALBASE}/bin/clang${LLVM_DEFAULT} \ c++=${LOCALBASE}/bin/clang++${LLVM_DEFAULT} \ ar=${LOCALBASE}/bin/llvm-ar${LLVM_DEFAULT} \ nm=${LOCALBASE}/bin/llvm-nm${LLVM_DEFAULT} \ ld=${LOCALBASE}/bin/ld.lld${LLVM_DEFAULT} # - swiftshader/lib/{libEGL.so,libGLESv2.so} is x86 only # - map ffmpeg target to ${ARCH} .if ${ARCH} == aarch64 PLIST_SUB+= NOT_AARCH64="@comment " FFMPEG_TARGET= arm64 .elif ${ARCH} == amd64 BUILD_DEPENDS+= nasm:devel/nasm PLIST_SUB+= NOT_AARCH64="" FFMPEG_TARGET= x64 .elif ${ARCH} == i386 BUILD_DEPENDS+= nasm:devel/nasm PLIST_SUB+= NOT_AARCH64="" FFMPEG_TARGET= ia32 .endif FFMPEG_BDIR= ${WRKSRC}/third_party/ffmpeg/build.${FFMPEG_TARGET}.freebsd/${FFMPEG_BRAND} FFMPEG_CDIR= ${WRKSRC}/third_party/ffmpeg/chromium/config/${FFMPEG_BRAND}/freebsd/${FFMPEG_TARGET} # Allow relocations against read-only segments (override lld default) LDFLAGS_i386= -Wl,-znotext # TODO: -isystem, would be just as ugly as this approach, but more reliably # build would fail without C_INCLUDE_PATH/CPLUS_INCLUDE_PATH env var set. MAKE_ENV+= C_INCLUDE_PATH=${LOCALBASE}/include \ CPLUS_INCLUDE_PATH=${LOCALBASE}/include WRKSRC= ${WRKDIR}/chromium-${DISTVERSION} # rust MAKE_ENV+= RUSTC_BOOTSTRAP=1 GN_ARGS+= enable_rust=true \ rust_sysroot_absolute="${LOCALBASE}" pre-everything:: @${ECHO_MSG} @${ECHO_MSG} "To build ${PORTNAME}, you should have at least:" @${ECHO_MSG} "- ${WANTMEM} of memory" @${ECHO_MSG} "- ${WANTSPACE} of free disk space" @${ECHO_MSG} "- 1.5 million free inodes" @${ECHO_MSG} pre-patch: cd ${WRKDIR}/ungoogled-chromium-${UGVERSION} && ${PYTHON_CMD} \ utils/prune_binaries.py ${WRKSRC} pruning.list cd ${WRKDIR}/ungoogled-chromium-${UGVERSION} && PATCH_BIN=gpatch \ ${PYTHON_CMD} utils/patches.py apply ${WRKSRC} patches cd ${WRKDIR}/ungoogled-chromium-${UGVERSION} && ${PYTHON_CMD} \ utils/domain_substitution.py apply -r domain_regex.list -f \ domain_substitution.list -c ${WRKSRC}/domsubcache.tar.gz ${WRKSRC} pre-configure: # We used to remove bundled libraries to be sure that chromium uses # system libraries and not shipped ones. # cd ${WRKSRC} && ${PYTHON_CMD} \ #./build/linux/unbundle/remove_bundled_libraries.py [list of preserved] cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ${PYTHON_CMD} \ ./build/linux/unbundle/replace_gn_files.py --system-libraries \ dav1d flac fontconfig harfbuzz-ng libdrm libpng \ libusb libwebp libxml libxslt openh264 opus || ${FALSE} # Chromium uses an unreleased version of FFmpeg, so configure it cd ${WRKSRC}/media/ffmpeg && \ ${PYTHON_CMD} scripts/build_ffmpeg.py freebsd ${FFMPEG_TARGET} \ --config-only --branding=${FFMPEG_BRAND} cd ${FFMPEG_BDIR} && ${GMAKE} ffversion.h ${MKDIR} ${FFMPEG_CDIR} .for _e in config.h config.asm config_components.h libavcodec libavformat libavutil -${CP} -pR ${FFMPEG_BDIR}/${_e} ${FFMPEG_CDIR} .endfor touch ${WRKDIR}/pulseaudio-${PULSEV}/src/pulse/version.h @${REINPLACE_CMD} -e 's|$${LOCALBASE}|${LOCALBASE}|;s|$${MODCLANG_VERSION}|${LLVM_DEFAULT}|' \ ${WRKSRC}/build/linux/strip_binary.gni \ ${WRKSRC}/build/rust/rust_bindgen.gni \ ${WRKSRC}/build/rust/rust_bindgen_generator.gni do-configure: # GN generator bootstrapping and generating ninja files cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} CC=${CC} CXX=${CXX} LD=${CXX} \ READELF=${READELF} AR=${AR} NM=${NM} ${PYTHON_CMD} \ ./tools/gn/bootstrap/bootstrap.py ${GN_BOOTSTRAP_FLAGS} cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./out/${BUILDTYPE}/gn \ gen --args='${GN_ARGS}' out/${BUILDTYPE} # Setup nodejs dependency @${MKDIR} ${WRKSRC}/third_party/node/freebsd/node-freebsd/bin ${LN} -sf ${LOCALBASE}/bin/node ${WRKSRC}/third_party/node/freebsd/node-freebsd/bin/node # Setup buildtools/freebsd @${MKDIR} ${WRKSRC}/buildtools/freebsd ${LN} -sf ${WRKSRC}/buildtools/linux64/clang-format ${WRKSRC}/buildtools/freebsd ${LN} -sf ${WRKSRC}/out/${BUILDTYPE}/gn ${WRKSRC}/buildtools/freebsd ${LN} -sf /usr/bin/strip ${WRKSRC}/buildtools/freebsd/strip do-install: @${MKDIR} ${STAGEDIR}${DATADIR} ${INSTALL_MAN} ${WRKSRC}/chrome/app/resources/manpage.1.in \ ${STAGEDIR}${PREFIX}/share/man/man1/ungoogled-chromium.1 @${SED} -i "" -e 's,\@\@PACKAGE\@\@,chromium,g;s,\@\@MENUNAME\@\@,Chromium Web Browser,g' \ ${STAGEDIR}${PREFIX}/share/man/man1/ungoogled-chromium.1 ${CP} ${WRKSRC}/chrome/app/theme/chromium/product_logo_22_mono.png ${WRKSRC}/chrome/app/theme/chromium/product_logo_22.png .for s in 22 24 48 64 128 256 @${MKDIR} ${STAGEDIR}${PREFIX}/share/icons/hicolor/${s}x${s}/apps ${INSTALL_DATA} ${WRKSRC}/chrome/app/theme/chromium/product_logo_${s}.png \ ${STAGEDIR}${PREFIX}/share/icons/hicolor/${s}x${s}/apps/ungoogled-chromium.png .endfor ${INSTALL_DATA} ${WRKSRC}/out/${BUILDTYPE}/*.png ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/out/${BUILDTYPE}/*.pak ${STAGEDIR}${DATADIR} .for d in protoc mksnapshot ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/${d} ${STAGEDIR}${DATADIR} .endfor .for d in snapshot_blob.bin v8_context_snapshot.bin ${INSTALL_DATA} ${WRKSRC}/out/${BUILDTYPE}/${d} ${STAGEDIR}${DATADIR} .endfor ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/chrome \ ${STAGEDIR}${DATADIR}/ungoogled-chromium cd ${WRKSRC}/out/${BUILDTYPE} && \ ${COPYTREE_SHARE} "locales resources" ${STAGEDIR}${DATADIR} @${MKDIR} ${STAGEDIR}${DESKTOPDIR} ${INSTALL_DATA} ${WRKDIR}/ungoogled-chromium.desktop \ ${STAGEDIR}${DESKTOPDIR} ${INSTALL_SCRIPT} ${WRKDIR}/ungoogled-chromium ${STAGEDIR}${PREFIX}/bin ${INSTALL_SCRIPT} ${WRKSRC}/chrome/tools/build/linux/chrome-wrapper \ ${STAGEDIR}${DATADIR} # ANGLE, EGL, Vk .for f in libEGL.so libGLESv2.so libVkICD_mock_icd.so ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/${f} ${STAGEDIR}${DATADIR} .endfor ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/libvulkan.so.1 \ ${STAGEDIR}${DATADIR}/libvulkan.so .if ${BUILDTYPE} == Debug ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/libVkLayer_khronos_validation.so ${STAGEDIR}${DATADIR} .endif # SwiftShader .if ${ARCH} != aarch64 ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/libvk_swiftshader.so ${STAGEDIR}${DATADIR} ${INSTALL_DATA} ${WRKSRC}/out/${BUILDTYPE}/vk_swiftshader_icd.json ${STAGEDIR}${DATADIR} .endif post-install-DEBUG-on: ${INSTALL_LIB} ${WRKSRC}/out/${BUILDTYPE}/*.so \ ${STAGEDIR}${DATADIR} ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/character_data_generator \ ${STAGEDIR}${DATADIR} post-install-DRIVER-on: ${INSTALL_PROGRAM} ${WRKSRC}/out/${BUILDTYPE}/chromedriver \ ${STAGEDIR}${PREFIX}/bin/ungoogled-chromedriver do-test-TEST-on: .for t in ${TEST_TARGETS} cd ${WRKSRC}/out/${BUILDTYPE} && ${SETENV} LC_ALL=en_US.UTF-8 \ ./${t} --gtest_filter=-${EXCLUDE_${t}:ts:} || ${TRUE} .endfor .include diff --git a/www/ungoogled-chromium/files/patch-base_base__paths__posix.cc b/www/ungoogled-chromium/files/patch-base_base__paths__posix.cc index cf91d4eaf304..5f08ff6b3b50 100644 --- a/www/ungoogled-chromium/files/patch-base_base__paths__posix.cc +++ b/www/ungoogled-chromium/files/patch-base_base__paths__posix.cc @@ -1,108 +1,108 @@ ---- base/base_paths_posix.cc.orig 2025-12-06 13:30:52 UTC +--- base/base_paths_posix.cc.orig 2025-12-12 07:44:27 UTC +++ base/base_paths_posix.cc @@ -15,6 +15,7 @@ #include #include +#include "base/command_line.h" #include "base/environment.h" #include "base/files/file_path.h" #include "base/files/file_util.h" @@ -26,9 +27,13 @@ #include "base/process/process_metrics.h" #include "build/build_config.h" -#if BUILDFLAG(IS_FREEBSD) +#if BUILDFLAG(IS_BSD) #include #include +#if BUILDFLAG(IS_OPENBSD) +#include +#define MAXTOKENS 2 +#endif #elif BUILDFLAG(IS_SOLARIS) || BUILDFLAG(IS_AIX) #include #endif @@ -47,8 +52,7 @@ bool PathProviderPosix(int key, FilePath* result) { *result = bin_dir; return true; #elif BUILDFLAG(IS_FREEBSD) - int name[] = {CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, -1}; - std::optional bin_dir = StringSysctl(name, std::size(name)); + std::optional bin_dir = StringSysctl({ CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, -1 }); if (!bin_dir.has_value() || bin_dir.value().length() <= 1) { NOTREACHED() << "Unable to resolve path."; } @@ -62,14 +66,65 @@ bool PathProviderPosix(int key, FilePath* result) { *result = FilePath(bin_dir); return true; #elif BUILDFLAG(IS_OPENBSD) || BUILDFLAG(IS_AIX) - // There is currently no way to get the executable path on OpenBSD - char* cpath; - if ((cpath = getenv("CHROME_EXE_PATH")) != NULL) { - *result = FilePath(cpath); - } else { - *result = FilePath("/usr/local/chrome/chrome"); + char *cpath; +#if !BUILDFLAG(IS_AIX) + struct kinfo_file *files; + kvm_t *kd = NULL; + char errbuf[_POSIX2_LINE_MAX]; + static char retval[PATH_MAX]; + int cnt; + struct stat sb; + pid_t cpid = getpid(); + bool ret = false; + + const base::CommandLine* command_line = + base::CommandLine::ForCurrentProcess(); + + VLOG(1) << "PathProviderPosix argv: " << command_line->argv()[0]; + + if (realpath(command_line->argv()[0].c_str(), retval) == NULL) + goto out; + + if (stat(command_line->argv()[0].c_str(), &sb) < 0) + goto out; + + if (!command_line->HasSwitch("no-sandbox")) { + ret = true; + *result = FilePath(retval); + VLOG(1) << "PathProviderPosix (sandbox) result: " << retval; + goto out; } - return true; + + if ((kd = kvm_openfiles(NULL, NULL, NULL, (int)KVM_NO_FILES, errbuf)) == NULL) + goto out; + + if ((files = kvm_getfiles(kd, KERN_FILE_BYPID, cpid, + sizeof(struct kinfo_file), &cnt)) == NULL) + goto out; + + for (int i = 0; i < cnt; i++) { + if (files[i].fd_fd == KERN_FILE_TEXT && + files[i].va_fsid == static_cast(sb.st_dev) && + files[i].va_fileid == sb.st_ino) { + ret = true; + *result = FilePath(retval); + VLOG(1) << "PathProviderPosix result: " << retval; + } + } +out: + if (kd) + kvm_close(kd); + if (!ret) { +#endif + if ((cpath = getenv("CHROME_EXE_PATH")) != NULL) + *result = FilePath(cpath); + else -+ *result = FilePath("/usr/local/chrome/chrome"); ++ *result = FilePath("/usr/local/ungoogled-chromium/ungoogled-chromium"); + return true; +#if !BUILDFLAG(IS_AIX) + } + return ret; +#endif #endif } case DIR_SRC_TEST_DATA_ROOT: { diff --git a/www/ungoogled-chromium/files/patch-chrome_common_chrome__paths.cc b/www/ungoogled-chromium/files/patch-chrome_common_chrome__paths.cc index a71275379258..ac0d74e93d83 100644 --- a/www/ungoogled-chromium/files/patch-chrome_common_chrome__paths.cc +++ b/www/ungoogled-chromium/files/patch-chrome_common_chrome__paths.cc @@ -1,82 +1,86 @@ ---- chrome/common/chrome_paths.cc.orig 2025-12-06 13:30:52 UTC +--- chrome/common/chrome_paths.cc.orig 2025-12-12 07:44:27 UTC +++ chrome/common/chrome_paths.cc @@ -31,7 +31,7 @@ #include "base/apple/foundation_util.h" #endif -#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_OPENBSD) +#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) #include "components/policy/core/common/policy_paths.h" #endif @@ -47,14 +47,14 @@ namespace { std::optional g_override_using_default_data_directory_for_testing; -#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) // The path to the external extension .json files. // /usr/share seems like a good choice, see: http://www.pathname.com/fhs/ const base::FilePath::CharType kFilepathSinglePrefExtensions[] = #if BUILDFLAG(GOOGLE_CHROME_BRANDING) - FILE_PATH_LITERAL("/usr/share/google-chrome/extensions"); -+ FILE_PATH_LITERAL("/usr/local/share/chromium/extensions"); ++ FILE_PATH_LITERAL("/usr/local/share/ungoogled-chromium/extensions"); #else - FILE_PATH_LITERAL("/usr/share/chromium/extensions"); -+ FILE_PATH_LITERAL("/usr/local/share/chromium/extensions"); ++ FILE_PATH_LITERAL("/usr/local/share/ungoogled-chromium/extensions"); #endif // BUILDFLAG(GOOGLE_CHROME_BRANDING) #endif // BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) @@ -175,7 +175,7 @@ bool PathProvider(int key, base::FilePath* result) { } break; case chrome::DIR_DEFAULT_DOWNLOADS_SAFE: -#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#if BUILDFLAG(IS_WIN) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) if (!GetUserDownloadsDirectorySafe(&cur)) { return false; } @@ -405,13 +405,13 @@ bool PathProvider(int key, base::FilePath* result) { break; } #endif -#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_OPENBSD) +#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) case chrome::DIR_POLICY_FILES: { cur = base::FilePath(policy::kPolicyPath); break; } #endif -#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_MAC) || \ +#if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_BSD) || \ (BUILDFLAG(IS_LINUX) && BUILDFLAG(CHROMIUM_BRANDING)) case chrome::DIR_USER_EXTERNAL_EXTENSIONS: { if (!base::PathService::Get(chrome::DIR_USER_DATA, &cur)) { @@ -421,7 +421,7 @@ bool PathProvider(int key, base::FilePath* result) { break; } #endif -#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) +#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_BSD) case chrome::DIR_STANDALONE_EXTERNAL_EXTENSIONS: { cur = base::FilePath(kFilepathSinglePrefExtensions); break; @@ -460,7 +460,7 @@ bool PathProvider(int key, base::FilePath* result) { #if BUILDFLAG(ENABLE_EXTENSIONS_CORE) && \ (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_MAC) || \ - BUILDFLAG(IS_ANDROID)) + BUILDFLAG(IS_ANDROID)) || BUILDFLAG(IS_BSD) case chrome::DIR_NATIVE_MESSAGING: #if BUILDFLAG(IS_MAC) #if BUILDFLAG(GOOGLE_CHROME_BRANDING) -@@ -474,6 +474,9 @@ bool PathProvider(int key, base::FilePath* result) { +@@ -474,9 +474,12 @@ bool PathProvider(int key, base::FilePath* result) { #if BUILDFLAG(GOOGLE_CHROME_BRANDING) cur = base::FilePath( FILE_PATH_LITERAL("/etc/opt/chrome/native-messaging-hosts")); +#elif BUILDFLAG(IS_FREEBSD) + cur = base::FilePath(FILE_PATH_LITERAL( -+ "/usr/local/etc/chromium/native-messaging-hosts")); ++ "/usr/local/etc/ungoogled-chromium/native-messaging-hosts")); #else cur = base::FilePath( - FILE_PATH_LITERAL("/etc/chromium/native-messaging-hosts")); +- FILE_PATH_LITERAL("/etc/chromium/native-messaging-hosts")); ++ FILE_PATH_LITERAL("/etc/ungoogled-chromium/native-messaging-hosts")); + #endif + #endif // !BUILDFLAG(IS_MAC) + break; diff --git a/www/ungoogled-chromium/files/patch-chrome_common_chrome__paths__linux.cc b/www/ungoogled-chromium/files/patch-chrome_common_chrome__paths__linux.cc new file mode 100644 index 000000000000..c7de7bb3f3f0 --- /dev/null +++ b/www/ungoogled-chromium/files/patch-chrome_common_chrome__paths__linux.cc @@ -0,0 +1,11 @@ +--- chrome/common/chrome_paths_linux.cc.orig 2025-12-12 07:44:27 UTC ++++ chrome/common/chrome_paths_linux.cc +@@ -95,7 +95,7 @@ bool GetDefaultUserDataDirectory(base::FilePath* resul + #elif BUILDFLAG(GOOGLE_CHROME_BRANDING) + std::string data_dir_basename = "google-chrome"; + #else +- std::string data_dir_basename = "chromium"; ++ std::string data_dir_basename = "ungoogled-chromium"; + #endif + *result = config_dir.Append(data_dir_basename + GetChannelSuffixForDataDir()); + return true; diff --git a/www/ungoogled-chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc b/www/ungoogled-chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc index 42479024f255..6864b9168a18 100644 --- a/www/ungoogled-chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc +++ b/www/ungoogled-chromium/files/patch-sandbox_policy_freebsd_sandbox__freebsd.cc @@ -1,213 +1,213 @@ ---- sandbox/policy/freebsd/sandbox_freebsd.cc.orig 2025-12-06 13:30:52 UTC +--- sandbox/policy/freebsd/sandbox_freebsd.cc.orig 2025-12-12 07:44:27 UTC +++ sandbox/policy/freebsd/sandbox_freebsd.cc @@ -0,0 +1,210 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "sandbox/policy/freebsd/sandbox_freebsd.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "base/command_line.h" +#include "base/debug/stack_trace.h" +#include "base/feature_list.h" +#include "base/files/file_path.h" +#include "base/files/file_util.h" +#include "base/files/scoped_file.h" +#include "base/logging.h" +#include "base/memory/singleton.h" +#include "base/path_service.h" +#include "base/posix/eintr_wrapper.h" +#include "base/strings/string_number_conversions.h" +#include "base/system/sys_info.h" +#include "base/threading/thread.h" +#include "base/time/time.h" +#include "build/build_config.h" +#include "crypto/crypto_buildflags.h" +#include "sandbox/constants.h" +#include "sandbox/linux/services/credentials.h" +#include "sandbox/linux/services/namespace_sandbox.h" +#include "sandbox/linux/services/proc_util.h" +#include "sandbox/linux/services/resource_limits.h" +#include "sandbox/linux/services/thread_helpers.h" +#include "sandbox/linux/syscall_broker/broker_command.h" +#include "sandbox/linux/syscall_broker/broker_process.h" +#include "sandbox/policy/sandbox.h" +#include "sandbox/policy/sandbox_type.h" +#include "sandbox/policy/mojom/sandbox.mojom.h" +#include "sandbox/policy/switches.h" +#include "sandbox/sandbox_buildflags.h" + +#if BUILDFLAG(USING_SANITIZER) +#include +#endif + +#if BUILDFLAG(USE_NSS_CERTS) +#include "crypto/nss_util.h" +#endif + +#include "third_party/boringssl/src/include/openssl/crypto.h" + +#include "ui/gfx/font_util.h" + +namespace sandbox { +namespace policy { + +SandboxLinux::SandboxLinux() + : sandbox_status_flags_(kInvalid), + pre_initialized_(false), + initialize_sandbox_ran_(false), + broker_process_(nullptr) { +} + +SandboxLinux::~SandboxLinux() { + if (pre_initialized_) { + CHECK(initialize_sandbox_ran_); + } +} + +SandboxLinux* SandboxLinux::GetInstance() { + SandboxLinux* instance = base::Singleton::get(); + CHECK(instance); + return instance; +} + +void SandboxLinux::StopThread(base::Thread* thread) { + DCHECK(thread); + thread->Stop(); +} + +void SandboxLinux::PreinitializeSandbox(sandbox::mojom::Sandbox sandbox_type) { + CHECK(!pre_initialized_); +#if BUILDFLAG(USING_SANITIZER) + // Sanitizers need to open some resources before the sandbox is enabled. + // This should not fork, not launch threads, not open a directory. + __sanitizer_sandbox_on_notify(sanitizer_args()); + sanitizer_args_.reset(); +#endif + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + base::SysInfo::AmountOfPhysicalMemory(); + base::SysInfo::NumberOfProcessors(); + base::SysInfo::CPUModelName(); + + switch (sandbox_type) { + case sandbox::mojom::Sandbox::kNoSandbox: + { +#if BUILDFLAG(USE_NSS_CERTS) + // The main process has to initialize the ~/.pki dir which won't work + // after unveil(2). + crypto::EnsureNSSInit(); +#endif + CRYPTO_pre_sandbox_init(); + + base::FilePath cache_directory, local_directory; + + base::PathService::Get(base::DIR_CACHE, &cache_directory); + base::PathService::Get(base::DIR_HOME, &local_directory); + -+ cache_directory = cache_directory.AppendASCII("chromium"); ++ cache_directory = cache_directory.AppendASCII("ungoogled-chromium"); + local_directory = local_directory.AppendASCII(".local").AppendASCII("share").AppendASCII("applications"); + + if (!base::CreateDirectory(cache_directory)) { + LOG(ERROR) << "Failed to create " << cache_directory.value() << " directory."; + } + + if (!base::CreateDirectory(local_directory)) { + LOG(ERROR) << "Failed to create " << local_directory.value() << " directory."; + } + + break; + } + case sandbox::mojom::Sandbox::kRenderer: + gfx::InitializeFonts(); + break; + default: + break; + } + + pre_initialized_ = true; +} + +bool SandboxLinux::InitializeSandbox(sandbox::mojom::Sandbox sandbox_type, + SandboxLinux::PreSandboxHook hook, + const Options& options) { + DCHECK(!initialize_sandbox_ran_); + initialize_sandbox_ran_ = true; + + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + if (command_line->HasSwitch(switches::kNoSandbox)) + return true; + + VLOG(1) << "SandboxLinux::InitializeSandbox: process_type=" + << process_type << " sandbox_type=" << sandbox_type; + + // Only one thread is running, pre-initialize if not already done. + if (!pre_initialized_) + PreinitializeSandbox(sandbox_type); + + // Attempt to limit the future size of the address space of the process. + int error = 0; + const bool limited_as = LimitAddressSpace(&error); + if (error) { + // Restore errno. Internally to |LimitAddressSpace|, the errno due to + // setrlimit may be lost. + errno = error; + PCHECK(limited_as); + } + + if (hook) + CHECK(std::move(hook).Run(options)); + + return true; +} + +bool SandboxLinux::LimitAddressSpace(int* error) { +#if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \ + !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + if (SandboxTypeFromCommandLine(*command_line) == sandbox::mojom::Sandbox::kNoSandbox) { + return false; + } + + // Unfortunately, it does not appear possible to set RLIMIT_AS such that it + // will both (a) be high enough to support V8's and WebAssembly's address + // space requirements while also (b) being low enough to mitigate exploits + // using integer overflows that require large allocations, heap spray, or + // other memory-hungry attack modes. + + *error = sandbox::ResourceLimits::Lower( + RLIMIT_DATA, static_cast(sandbox::kDataSizeLimit)); + + // Cache the resource limit before turning on the sandbox. + base::SysInfo::AmountOfVirtualMemory(); + base::SysInfo::MaxSharedMemorySize(); + + return *error == 0; +#else + base::SysInfo::AmountOfVirtualMemory(); + return false; +#endif // !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && + // !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) +} + +} // namespace policy +} // namespace sandbox diff --git a/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc b/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc index cd7b127314c6..3f4b52f31051 100644 --- a/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc +++ b/www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc @@ -1,399 +1,399 @@ ---- sandbox/policy/openbsd/sandbox_openbsd.cc.orig 2025-12-06 13:30:52 UTC +--- sandbox/policy/openbsd/sandbox_openbsd.cc.orig 2025-12-12 07:44:27 UTC +++ sandbox/policy/openbsd/sandbox_openbsd.cc @@ -0,0 +1,396 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "sandbox/policy/openbsd/sandbox_openbsd.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "base/command_line.h" +#include "base/debug/stack_trace.h" +#include "base/feature_list.h" +#include "base/files/file_path.h" +#include "base/files/file_util.h" +#include "base/files/scoped_file.h" +#include "base/logging.h" +#include "base/memory/singleton.h" +#include "base/path_service.h" +#include "base/posix/eintr_wrapper.h" +#include "base/strings/string_number_conversions.h" +#include "base/system/sys_info.h" +#include "base/threading/thread.h" +#include "base/time/time.h" +#include "build/build_config.h" +#include "crypto/crypto_buildflags.h" +#include "sandbox/constants.h" +#include "sandbox/linux/services/credentials.h" +#include "sandbox/linux/services/namespace_sandbox.h" +#include "sandbox/linux/services/proc_util.h" +#include "sandbox/linux/services/resource_limits.h" +#include "sandbox/linux/services/thread_helpers.h" +#include "sandbox/linux/syscall_broker/broker_command.h" +#include "sandbox/linux/syscall_broker/broker_process.h" +#include "sandbox/policy/sandbox.h" +#include "sandbox/policy/sandbox_type.h" +#include "sandbox/policy/mojom/sandbox.mojom.h" +#include "sandbox/policy/switches.h" +#include "sandbox/sandbox_buildflags.h" + +#if BUILDFLAG(USING_SANITIZER) +#include +#endif + +#if BUILDFLAG(USE_NSS_CERTS) +#include "crypto/nss_util.h" +#endif + +#include "third_party/boringssl/src/include/openssl/crypto.h" +#include "third_party/skia/rust/png/FFI.rs.h" + +#include +#include "ui/gfx/linux/fontconfig_util.h" + +#define MAXTOKENS 3 + -+#define _UNVEIL_MAIN "/etc/chromium/unveil.main"; -+#define _UNVEIL_GPU "/etc/chromium/unveil.gpu"; -+#define _UNVEIL_UTILITY_NETWORK "/etc/chromium/unveil.utility_network"; -+#define _UNVEIL_UTILITY_AUDIO "/etc/chromium/unveil.utility_audio"; -+#define _UNVEIL_UTILITY_VIDEO "/etc/chromium/unveil.utility_video"; ++#define _UNVEIL_MAIN "/etc/ungoogled-chromium/unveil.main"; ++#define _UNVEIL_GPU "/etc/ungoogled-chromium/unveil.gpu"; ++#define _UNVEIL_UTILITY_NETWORK "/etc/ungoogled-chromium/unveil.utility_network"; ++#define _UNVEIL_UTILITY_AUDIO "/etc/ungoogled-chromium/unveil.utility_audio"; ++#define _UNVEIL_UTILITY_VIDEO "/etc/ungoogled-chromium/unveil.utility_video"; + +namespace sandbox { +namespace policy { + +SandboxLinux::SandboxLinux() + : unveil_initialized_(false), + sandbox_status_flags_(kInvalid), + pre_initialized_(false), + initialize_sandbox_ran_(false), + broker_process_(nullptr) { +} + +SandboxLinux::~SandboxLinux() { + if (pre_initialized_) { + CHECK(initialize_sandbox_ran_); + } +} + +SandboxLinux* SandboxLinux::GetInstance() { + SandboxLinux* instance = base::Singleton::get(); + CHECK(instance); + return instance; +} + +void SandboxLinux::StopThread(base::Thread* thread) { + DCHECK(thread); + thread->Stop(); +} + +void SandboxLinux::PreinitializeSandbox(sandbox::mojom::Sandbox sandbox_type) { + CHECK(!pre_initialized_); +#if BUILDFLAG(USING_SANITIZER) + // Sanitizers need to open some resources before the sandbox is enabled. + // This should not fork, not launch threads, not open a directory. + __sanitizer_sandbox_on_notify(sanitizer_args()); + sanitizer_args_.reset(); +#endif + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + base::SysInfo::AmountOfPhysicalMemory(); + base::SysInfo::NumberOfProcessors(); + base::SysInfo::CPUModelName(); + + switch (sandbox_type) { + case sandbox::mojom::Sandbox::kNoSandbox: + { +#if BUILDFLAG(USE_NSS_CERTS) + // The main process has to initialize the ~/.pki dir which won't work + // after unveil(2). + crypto::EnsureNSSInit(); +#endif + CRYPTO_pre_sandbox_init(); + + rust_png::initialize_cpudetect(); + + base::FilePath cache_directory, local_directory; + + base::PathService::Get(base::DIR_CACHE, &cache_directory); + base::PathService::Get(base::DIR_HOME, &local_directory); + -+ cache_directory = cache_directory.AppendASCII("chromium"); ++ cache_directory = cache_directory.AppendASCII("ungoogled-chromium"); + local_directory = local_directory.AppendASCII(".local").AppendASCII("share").AppendASCII("applications"); + + if (!base::CreateDirectory(cache_directory)) { + LOG(ERROR) << "Failed to create " << cache_directory.value() << " directory."; + } + + if (!base::CreateDirectory(local_directory)) { + LOG(ERROR) << "Failed to create " << local_directory.value() << " directory."; + } + + break; + } + case sandbox::mojom::Sandbox::kRenderer: + { + FcConfig* config = gfx::GetGlobalFontConfig(); + DCHECK(config); + break; + } + default: + break; + } + + pre_initialized_ = true; +} + +bool SandboxLinux::SetPledge(const char *pstring, const char *ppath) { + FILE *fp; + char *s = NULL; + size_t len = 0; + ssize_t read; + + if (pstring != NULL) { + if (pledge(pstring, NULL) == -1) + goto err; + VLOG(5) << "pledge " << pstring; + } else if (ppath != NULL) { + fp = fopen(ppath, "r"); + if (fp != NULL) { + while ((read = getline(&s, &len, fp)) != -1 ) { + if (s[strlen(s)-1] == '\n') + s[strlen(s)-1] = '\0'; + if (pledge(s, NULL) == -1) + goto err; + VLOG(5) << "pledge " << s; + } + fclose(fp); + } else { + LOG(ERROR) << "fopen(" << ppath << ") failed, errno: " << errno; + return false; + } + } + return true; +err: + LOG(ERROR) << "pledge() failed, errno: " << errno; + return false; +} + +bool SandboxLinux::SetUnveil(const std::string process_type, sandbox::mojom::Sandbox sandbox_type) { + FILE *fp; + char *s = NULL, *cp = NULL, *home = NULL, **ap, *tokens[MAXTOKENS]; + char *xdg_var = NULL; + char path[PATH_MAX]; + const char *ufile; + size_t len = 0, lineno = 0; + + switch (sandbox_type) { + case sandbox::mojom::Sandbox::kNoSandbox: + ufile = _UNVEIL_MAIN; + break; + case sandbox::mojom::Sandbox::kGpu: + case sandbox::mojom::Sandbox::kOnDeviceModelExecution: + ufile = _UNVEIL_GPU; + break; + case sandbox::mojom::Sandbox::kNetwork: + ufile = _UNVEIL_UTILITY_NETWORK; + break; + case sandbox::mojom::Sandbox::kAudio: + ufile = _UNVEIL_UTILITY_AUDIO; + break; + case sandbox::mojom::Sandbox::kVideoCapture: + ufile = _UNVEIL_UTILITY_VIDEO; + break; + default: + unveil("/dev/null", "r"); + goto done; + } + + fp = fopen(ufile, "r"); + if (fp != NULL) { + while (!feof(fp)) { + if ((s = fparseln(fp, &len, &lineno, NULL, + FPARSELN_UNESCCOMM | FPARSELN_UNESCCONT)) == NULL) { + if (ferror(fp)) { + LOG(ERROR) << "ferror(), errno: " << errno; + _exit(1); + } else { + continue; + } + } + cp = s; + cp += strspn(cp, " \t\n"); /* eat whitespace */ + if (cp[0] == '\0') + continue; + + for (ap = tokens; ap < &tokens[MAXTOKENS - 1] && + (*ap = strsep(&cp, " \t")) != NULL;) { + if (**ap != '\0') + ap++; + } + *ap = NULL; + + if (tokens[1] == NULL) { + LOG(ERROR) << ufile << ": line " << lineno << ": must supply value to " << s; + _exit(1); + } + + if (tokens[0][0] == '~') { + if ((home = getenv("HOME")) == NULL || *home == '\0') { + LOG(ERROR) << "failed to get home"; + _exit(1); + } + memmove(tokens[0], tokens[0] + 1, strlen(tokens[0])); + strncpy(path, home, sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + strncat(path, tokens[0], sizeof(path) - 1 - strlen(path)); + } else if (strncmp(tokens[0], "XDG_", 4) == 0) { + if ((xdg_var = getenv(tokens[0])) == NULL || *xdg_var == '\0') { + LOG(ERROR) << "failed to get " << tokens[0]; + continue; + } + strncpy(path, xdg_var, sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + } else { + strncpy(path, tokens[0], sizeof(path) - 1); + path[sizeof(path) - 1] = '\0'; + } + + if (unveil(path, tokens[1]) == -1) { + LOG(ERROR) << "failed unveiling " << path << " with permissions " << tokens[1]; + _exit(1); + } else { + VLOG(5) << "unveiling " << path << " with permissions " << tokens[1]; + } + } + fclose(fp); + } else { + LOG(ERROR) << "failed to open " << ufile << " errno: " << errno; + _exit(1); + } + +done: + unveil_initialized_ = true; + + return true; +} + +bool SandboxLinux::unveil_initialized() const { + return unveil_initialized_; +} + +bool SandboxLinux::InitializeSandbox(sandbox::mojom::Sandbox sandbox_type, + SandboxLinux::PreSandboxHook hook, + const Options& options) { + DCHECK(!initialize_sandbox_ran_); + initialize_sandbox_ran_ = true; + + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + const std::string process_type = + command_line->GetSwitchValueASCII(switches::kProcessType); + + if (command_line->HasSwitch(switches::kNoSandbox)) + return true; + + VLOG(1) << "SandboxLinux::InitializeSandbox: process_type=" + << process_type << " sandbox_type=" << sandbox_type; + + // Only one thread is running, pre-initialize if not already done. + if (!pre_initialized_) + PreinitializeSandbox(sandbox_type); + + // Attempt to limit the future size of the address space of the process. + int error = 0; + const bool limited_as = LimitAddressSpace(&error); + if (error) { + // Restore errno. Internally to |LimitAddressSpace|, the errno due to + // setrlimit may be lost. + errno = error; + PCHECK(limited_as); + } + + if (hook) + CHECK(std::move(hook).Run(options)); + + if (!command_line->HasSwitch(switches::kDisableUnveil)) + SetUnveil(process_type, sandbox_type); + + switch(sandbox_type) { + case sandbox::mojom::Sandbox::kNoSandbox: -+ SetPledge(NULL, "/etc/chromium/pledge.main"); ++ SetPledge(NULL, "/etc/ungoogled-chromium/pledge.main"); + break; + case sandbox::mojom::Sandbox::kRenderer: + // prot_exec needed by v8 + // flock needed by sqlite3 locking + SetPledge("stdio rpath flock prot_exec recvfd sendfd ps", NULL); + break; + case sandbox::mojom::Sandbox::kGpu: + case sandbox::mojom::Sandbox::kOnDeviceModelExecution: + SetPledge("stdio drm inet rpath flock cpath wpath prot_exec recvfd sendfd tmppath unix", NULL); + break; + case sandbox::mojom::Sandbox::kAudio: -+ SetPledge(NULL, "/etc/chromium/pledge.utility_audio"); ++ SetPledge(NULL, "/etc/ungoogled-chromium/pledge.utility_audio"); + break; + case sandbox::mojom::Sandbox::kNetwork: -+ SetPledge(NULL, "/etc/chromium/pledge.utility_network"); ++ SetPledge(NULL, "/etc/ungoogled-chromium/pledge.utility_network"); + break; + case sandbox::mojom::Sandbox::kVideoCapture: -+ SetPledge(NULL, "/etc/chromium/pledge.utility_video"); ++ SetPledge(NULL, "/etc/ungoogled-chromium/pledge.utility_video"); + break; + case sandbox::mojom::Sandbox::kUtility: + case sandbox::mojom::Sandbox::kService: + SetPledge("stdio rpath cpath wpath fattr flock sendfd recvfd prot_exec", NULL); + break; + default: + LOG(ERROR) << "non-pledge()'d process: " << sandbox_type; + break; + } + + return true; +} + +bool SandboxLinux::LimitAddressSpace(int* error) { +#if !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && \ + !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) + base::CommandLine* command_line = base::CommandLine::ForCurrentProcess(); + if (SandboxTypeFromCommandLine(*command_line) == sandbox::mojom::Sandbox::kNoSandbox) { + return false; + } + + // Unfortunately, it does not appear possible to set RLIMIT_AS such that it + // will both (a) be high enough to support V8's and WebAssembly's address + // space requirements while also (b) being low enough to mitigate exploits + // using integer overflows that require large allocations, heap spray, or + // other memory-hungry attack modes. + + *error = sandbox::ResourceLimits::Lower( + RLIMIT_DATA, static_cast(sandbox::kDataSizeLimit)); + + // Cache the resource limit before turning on the sandbox. + base::SysInfo::AmountOfVirtualMemory(); + base::SysInfo::MaxSharedMemorySize(); + + return *error == 0; +#else + base::SysInfo::AmountOfVirtualMemory(); + return false; +#endif // !defined(ADDRESS_SANITIZER) && !defined(MEMORY_SANITIZER) && + // !defined(THREAD_SANITIZER) && !defined(LEAK_SANITIZER) +} + +} // namespace policy +} // namespace sandbox