0ct0pu5/bromite
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Release 93.0.4577.110

Browse source
This commit is contained in:
csagan5 2021-10-10 11:03:59 +02:00
parent 9b61de8734
commit 3884e3d733
14 changed files with 478 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
CHANGELOG.md
View file

@ -1,3 +1,14 @@
# 93.0.4577.110
* set enable_reporting to false (thanks to @nikolowry)
* backported patches for security issues https://crbug.com/1245578 and https://crbug.com/1251787
* disable AGSA by default
* disable UA client hint for model
* disable lock icon in address bar by default
* enable share intent (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/1062)
* allow forcing external links to open in incognito (thanks to @uazo, fixes https://github.com/bromite/bromite/issues/728)
* avoid double restart for default tab groups flags status
# 93.0.4577.83
* dropped patch for FLoC (already disabled by upstream)
* dropped patch for build with system sysroots

2
build/RELEASE
View file

@ -1 +1 @@
93.0.4577.83
93.0.4577.110

10
build/bromite_patches_list.txt
View file

@ -29,7 +29,6 @@ ungoogled-chromium-Disable-Google-host-detection.patch
ungoogled-chromium-Disable-Gaia.patch
ungoogled-chromium-Disable-domain-reliability.patch
ungoogled-chromium-Disable-Network-Time-Tracker.patch
ungoogled-chromium-Fix-building-without-enabling-reporting.patch
Disable-safe-browsing.patch
Skip-the-first-run-and-metrics.patch
Disable-all-promo-dialogs.patch
@ -154,9 +153,14 @@ Logcat-crash-reports-UI.patch
Add-support-for-ISupportHelpAndFeedback.patch
JIT-less-toggle.patch
API-level-21-prevent-crash-on-download.patch
Add-vibration-flag.patch
Add-flag-to-disable-vibration.patch
mime_util-force-text-x-suse-ymp-to-be-downloaded.patch
Disable-UA-client-hint.patch
Disable-UA-client-hint-for-model.patch
Disable-AGSA-by-default.patch
Allow-building-without-enable_reporting.patch
Disable-lock-icon-in-address-bar-by-default.patch
Force-open-external-links-in-incognito.patch
Enable-share-intent.patch
Automated-domain-substitution.patch
Observe-WebContents-in-PPAPIDownloadRequest.patch
Prevents-non-browser-processes-from-requesting-memory-dumps.patch

2
build/patches/Add-vibration-flag.patch → build/patches/Add-flag-to-disable-vibration.patch
View file

@ -1,6 +1,6 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Sun, 27 Jun 2021 17:35:39 +0200
Subject: Add vibration flag
Subject: Add flag to disable vibration
---
chrome/browser/about_flags.cc | 4 ++++

4
build/patches/Automated-domain-substitution.patch
View file

@ -30573,7 +30573,7 @@ diff --git a/third_party/blink/renderer/core/frame/deprecation.cc b/third_party/
diff --git a/third_party/blink/renderer/core/frame/local_frame.cc b/third_party/blink/renderer/core/frame/local_frame.cc
--- a/third_party/blink/renderer/core/frame/local_frame.cc
+++ b/third_party/blink/renderer/core/frame/local_frame.cc
@@ -1706,7 +1706,7 @@ static bool CanNavigateHelper(LocalFrame& initiating_frame,
@@ -1709,7 +1709,7 @@ static bool CanNavigateHelper(LocalFrame& initiating_frame,
"The frame attempting navigation of the top-level window is "
"sandboxed with the 'allow-top-navigation-by-user-activation' "
"flag, but has no user activation (aka gesture). See "
@ -30582,7 +30582,7 @@ diff --git a/third_party/blink/renderer/core/frame/local_frame.cc b/third_party/
}
return false;
}
@@ -1807,7 +1807,7 @@ static bool CanNavigateHelper(LocalFrame& initiating_frame,
@@ -1810,7 +1810,7 @@ static bool CanNavigateHelper(LocalFrame& initiating_frame,
"The frame attempting navigation is targeting its top-level window, "
"but is neither same-origin with its target nor has it received a "
"user gesture. See "

36
build/patches/Disable-AGSA-by-default.patch Normal file
View file

@ -0,0 +1,36 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Sun, 26 Sep 2021 11:17:53 +0200
Subject: Disable AGSA by default
---
chrome/browser/flags/android/chrome_feature_list.cc | 2 +-
.../org/chromium/chrome/browser/flags/CachedFeatureFlags.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browser/flags/android/chrome_feature_list.cc
--- a/chrome/browser/flags/android/chrome_feature_list.cc
+++ b/chrome/browser/flags/android/chrome_feature_list.cc
@@ -575,7 +575,7 @@ const base::Feature kEnhancedProtectionPromoCard{
"EnhancedProtectionPromoCard", base::FEATURE_DISABLED_BY_DEFAULT};
const base::Feature kExperimentsForAgsa{"ExperimentsForAgsa",
- base::FEATURE_ENABLED_BY_DEFAULT};
+ base::FEATURE_DISABLED_BY_DEFAULT};
const base::Feature kExploreSites{"ExploreSites",
base::FEATURE_DISABLED_BY_DEFAULT};
diff --git a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
--- a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
+++ b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
@@ -84,7 +84,7 @@ public class CachedFeatureFlags {
put(ChromeFeatureList.CCT_REMOVE_REMOTE_VIEW_IDS, true);
put(ChromeFeatureList.OFFLINE_MEASUREMENTS_BACKGROUND_TASK, false);
put(ChromeFeatureList.CCT_INCOGNITO, true);
- put(ChromeFeatureList.EXPERIMENTS_FOR_AGSA, true);
+ put(ChromeFeatureList.EXPERIMENTS_FOR_AGSA, false);
put(ChromeFeatureList.APP_MENU_MOBILE_SITE_OPTION, false);
put(ChromeFeatureList.CLIPBOARD_SUGGESTION_CONTENT_HIDDEN, false);
put(ChromeFeatureList.OPTIMIZATION_GUIDE_PUSH_NOTIFICATIONS, false);
--
2.17.1

46
build/patches/Disable-UA-client-hint-for-model.patch Normal file
View file

@ -0,0 +1,46 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Thu, 22 Jul 2021 23:10:52 +0200
Subject: Disable UA client hint for model
Disable permissions policy by default
---
content/public/common/content_features.cc | 2 +-
third_party/blink/common/client_hints/client_hints.cc | 4 +++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -296,7 +296,7 @@ const base::Feature kExtraSafelistedRequestHeadersForOutOfBlinkCors{
// Controls whether Client Hints are guarded by Permissions Policy.
const base::Feature kFeaturePolicyForClientHints{
- "FeaturePolicyForClientHints", base::FEATURE_ENABLED_BY_DEFAULT};
+ "FeaturePolicyForClientHints", base::FEATURE_DISABLED_BY_DEFAULT};
// Enables the AccessHandle surface for File System Access API's Origin Private
// File System. Tracking bug: https://crbug.com/1218431.
diff --git a/third_party/blink/common/client_hints/client_hints.cc b/third_party/blink/common/client_hints/client_hints.cc
--- a/third_party/blink/common/client_hints/client_hints.cc
+++ b/third_party/blink/common/client_hints/client_hints.cc
@@ -106,6 +106,9 @@ absl::optional<std::vector<network::mojom::WebClientHintsType>> FilterAcceptCH(
for (network::mojom::WebClientHintsType hint : in.value()) {
// Some hints are supported only conditionally.
switch (hint) {
+ case network::mojom::WebClientHintsType::kUAModel:
+ // model is never provided for privacy reasons
+ break;
case network::mojom::WebClientHintsType::kLang:
if (permit_lang_hints)
result.push_back(hint);
@@ -114,7 +117,6 @@ absl::optional<std::vector<network::mojom::WebClientHintsType>> FilterAcceptCH(
case network::mojom::WebClientHintsType::kUAArch:
case network::mojom::WebClientHintsType::kUAPlatform:
case network::mojom::WebClientHintsType::kUAPlatformVersion:
- case network::mojom::WebClientHintsType::kUAModel:
case network::mojom::WebClientHintsType::kUAMobile:
case network::mojom::WebClientHintsType::kUAFullVersion:
case network::mojom::WebClientHintsType::kUABitness:
--
2.17.1

23
build/patches/Disable-UA-client-hint.patch
View file

@ -1,23 +0,0 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Thu, 22 Jul 2021 23:10:52 +0200
Subject: Disable UA client hint
---
content/public/common/content_features.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -296,7 +296,7 @@ const base::Feature kExtraSafelistedRequestHeadersForOutOfBlinkCors{
// Controls whether Client Hints are guarded by Permissions Policy.
const base::Feature kFeaturePolicyForClientHints{
- "FeaturePolicyForClientHints", base::FEATURE_ENABLED_BY_DEFAULT};
+ "FeaturePolicyForClientHints", base::FEATURE_DISABLED_BY_DEFAULT};
// Enables the AccessHandle surface for File System Access API's Origin Private
// File System. Tracking bug: https://crbug.com/1218431.
--
2.17.1

21
build/patches/Disable-lock-icon-in-address-bar-by-default.patch Normal file
View file

@ -0,0 +1,21 @@
From: csagan5 <32685696+csagan5@users.noreply.github.com>
Date: Fri, 8 Oct 2021 00:30:26 +0200
Subject: Disable lock icon in address bar by default
---
chrome/browser/ui/toolbar/chrome_location_bar_model_delegate.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chrome/browser/ui/toolbar/chrome_location_bar_model_delegate.cc b/chrome/browser/ui/toolbar/chrome_location_bar_model_delegate.cc
--- a/chrome/browser/ui/toolbar/chrome_location_bar_model_delegate.cc
+++ b/chrome/browser/ui/toolbar/chrome_location_bar_model_delegate.cc
@@ -276,5 +276,5 @@ TemplateURLService* ChromeLocationBarModelDelegate::GetTemplateURLService() {
void ChromeLocationBarModelDelegate::RegisterProfilePrefs(
user_prefs::PrefRegistrySyncable* registry) {
registry->RegisterBooleanPref(omnibox::kPreventUrlElisionsInOmnibox, true);
- registry->RegisterBooleanPref(omnibox::kLockIconInAddressBarEnabled, false);
+ registry->RegisterBooleanPref(omnibox::kLockIconInAddressBarEnabled, true);
}
--
2.17.1

18
build/patches/Enable-darken-websites-checkbox-in-themes.patch
View file

@ -4,22 +4,26 @@ Subject: Enable darken websites checkbox in themes
Unexpire #darken-websites-checkbox-in-themes-setting
---
chrome/browser/flag-metadata.json | 2 +-
chrome/browser/flag-metadata.json | 6 +++---
chrome/browser/flags/android/chrome_feature_list.cc | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
--- a/chrome/browser/flag-metadata.json
+++ b/chrome/browser/flag-metadata.json
@@ -1142,7 +1142,7 @@
@@ -917,9 +917,9 @@
"expiry_milestone": 100
},
{
"name": "disable-keepalive-fetch",
"owners": [ "yhirano" ],
- "expiry_milestone": 83
- "name": "darken-websites-checkbox-in-themes-setting",
- "owners": [ "lazzzis@google.com", "twellington" ],
- "expiry_milestone": 92
+ "name": "darken-websites-checkbox-in-themes-setting",
+ "owners": [ "lazzzis@google.com", "twellington" ],
+ "expiry_milestone": -1
},
{
"name": "disable-office-editing-component-app",
"name": "dcheck-is-fatal",
diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browser/flags/android/chrome_feature_list.cc
--- a/chrome/browser/flags/android/chrome_feature_list.cc
+++ b/chrome/browser/flags/android/chrome_feature_list.cc

91
build/patches/Observe-WebContents-in-PPAPIDownloadRequest.patch Normal file
View file

@ -0,0 +1,91 @@
From: Daniel Rubery <drubery@chromium.org>
Date: Tue, 28 Sep 2021 19:16:15 +0000
Subject: Observe WebContents in PPAPIDownloadRequest
If the WebContents is destroyed while the PPAPIDownloadRequest is
checking the allowlist, we end up with a UaF. The fix for this is to
observe the WebContents and cancel the request.
(cherry picked from commit e7d560979f89705ea2844f9f64b5c7a598a03f2b)
Bug: 1245578
Change-Id: Idbe5c1cb966fe21ab1a49a7345a5b197afa0b807
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3150060
Reviewed-by: Bettina Dea <bdea@chromium.org>
Commit-Queue: Daniel Rubery <drubery@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#919488}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3188403
Auto-Submit: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Bettina Dea <bdea@chromium.org>
Cr-Commit-Position: refs/branch-heads/4606@{#1241}
Cr-Branched-From: 35b0d5a9dc8362adfd44e2614f0d5b7402ef63d0-refs/heads/master@{#911515}
---
.../download_protection/ppapi_download_request.cc | 6 ++++++
.../download_protection/ppapi_download_request.h | 8 ++++++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/chrome/browser/safe_browsing/download_protection/ppapi_download_request.cc b/chrome/browser/safe_browsing/download_protection/ppapi_download_request.cc
--- a/chrome/browser/safe_browsing/download_protection/ppapi_download_request.cc
+++ b/chrome/browser/safe_browsing/download_protection/ppapi_download_request.cc
@@ -71,6 +71,8 @@ PPAPIDownloadRequest::PPAPIDownloadRequest(
return;
}
+ Observe(web_contents);
+
SafeBrowsingNavigationObserverManager* observer_manager =
service->GetNavigationObserverManager(web_contents);
if (observer_manager) {
@@ -138,6 +140,10 @@ GURL PPAPIDownloadRequest::GetDownloadRequestUrl() {
return url;
}
+void PPAPIDownloadRequest::WebContentsDestroyed() {
+ Finish(RequestOutcome::REQUEST_DESTROYED, DownloadCheckResult::UNKNOWN);
+}
+
// Allowlist checking needs to the done on the IO thread.
void PPAPIDownloadRequest::CheckAllowlistsOnIOThread(
const GURL& requestor_url,
diff --git a/chrome/browser/safe_browsing/download_protection/ppapi_download_request.h b/chrome/browser/safe_browsing/download_protection/ppapi_download_request.h
--- a/chrome/browser/safe_browsing/download_protection/ppapi_download_request.h
+++ b/chrome/browser/safe_browsing/download_protection/ppapi_download_request.h
@@ -12,6 +12,7 @@
#include "base/memory/weak_ptr.h"
#include "chrome/browser/safe_browsing/download_protection/download_protection_util.h"
#include "components/sessions/core/session_id.h"
+#include "content/public/browser/web_contents_observer.h"
#include "url/gurl.h"
namespace content {
@@ -43,7 +44,7 @@ class PPAPIDownloadRequest;
//
// PPAPIDownloadRequest objects are owned by the DownloadProtectionService
// indicated by |service|.
-class PPAPIDownloadRequest {
+class PPAPIDownloadRequest : public content::WebContentsObserver {
public:
// The outcome of the request. These values are used for UMA. New values
// should only be added at the end.
@@ -70,7 +71,7 @@ class PPAPIDownloadRequest {
DownloadProtectionService* service,
scoped_refptr<SafeBrowsingDatabaseManager> database_manager);
- ~PPAPIDownloadRequest();
+ ~PPAPIDownloadRequest() override;
// Start the process of checking the download request. The callback passed as
// the |callback| parameter to the constructor will be invoked with the result
@@ -89,6 +90,9 @@ class PPAPIDownloadRequest {
// Returns the URL that will be used for download requests.
static GURL GetDownloadRequestUrl();
+ // WebContentsObserver implementation
+ void WebContentsDestroyed() override;
+
private:
static const char kDownloadRequestUrl[];
--
2.17.1

234
build/patches/Prevents-non-browser-processes-from-requesting-memory-dumps.patch Normal file
View file

@ -0,0 +1,234 @@
From: Erik Chen <erikchen@chromium.org>
Date: Wed, 29 Sep 2021 21:16:47 +0000
Subject: Prevents non-browser processes from requesting memory dumps.
This CL makes several changes:
(1) Causes the browser to reset non-browser
mojo::PendingReceiver<Coordinator>. This means that non-browser
processes will never be able to use the Coordinator interface.
(2) Add CHECKs to existing code to prevent non-browser processes from
attempting to use the Coordinator interface.
A code audit shows that all Coordinator usages should already only be
from the browser process.
Note that (2) is important since attempting to use an unbound interface
will trigger a nullptr dereference, which is undefined behavior.
(cherry picked from commit d9cc471e122e9a2391a68fa7cd72ea50587d8d97)
Bug: 1251787
Change-Id: Ifbe9610cc0e373edaaa60fad46b447e8bdb3ec04
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3174305
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: ssid <ssid@chromium.org>
Auto-Submit: Erik Chen <erikchen@chromium.org>
Commit-Queue: Erik Chen <erikchen@chromium.org>
Cr-Original-Commit-Position: refs/heads/main@{#923693}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3194811
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Krishna Govind <govind@chromium.org>
Commit-Queue: Krishna Govind <govind@chromium.org>
Owners-Override: Krishna Govind <govind@chromium.org>
Cr-Commit-Position: refs/branch-heads/4606@{#1253}
Cr-Branched-From: 35b0d5a9dc8362adfd44e2614f0d5b7402ef63d0-refs/heads/master@{#911515}
---
.../browser/browser_child_process_host_impl.cc | 3 +++
.../renderer_host/render_process_host_impl.cc | 3 +++
.../memory_instrumentation/coordinator_impl.cc | 3 ++-
.../client_process_impl.cc | 13 +++++++++++--
.../client_process_impl.h | 3 +++
.../memory_instrumentation.cc | 17 ++++++++++++-----
.../memory_instrumentation.h | 9 +++++++--
7 files changed, 41 insertions(+), 10 deletions(-)
diff --git a/content/browser/browser_child_process_host_impl.cc b/content/browser/browser_child_process_host_impl.cc
--- a/content/browser/browser_child_process_host_impl.cc
+++ b/content/browser/browser_child_process_host_impl.cc
@@ -708,6 +708,9 @@ void BrowserChildProcessHostImpl::RegisterCoordinatorClient(
mojo::PendingReceiver<memory_instrumentation::mojom::Coordinator> receiver,
mojo::PendingRemote<memory_instrumentation::mojom::ClientProcess>
client_process) {
+ // Intentionally disallow non-browser processes from getting a Coordinator.
+ receiver.reset();
+
// The child process may have already terminated by the time this message is
// dispatched. We do nothing in that case.
if (!IsProcessLaunched())
diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
--- a/content/browser/renderer_host/render_process_host_impl.cc
+++ b/content/browser/renderer_host/render_process_host_impl.cc
@@ -2838,6 +2838,9 @@ void RenderProcessHostImpl::RegisterCoordinatorClient(
mojo::PendingReceiver<memory_instrumentation::mojom::Coordinator> receiver,
mojo::PendingRemote<memory_instrumentation::mojom::ClientProcess>
client_process) {
+ // Intentionally disallow non-browser processes from getting a Coordinator.
+ receiver.reset();
+
if (!GetProcess().IsValid()) {
// If the process dies before we get this message. we have no valid PID
// and there's nothing to register.
diff --git a/services/resource_coordinator/memory_instrumentation/coordinator_impl.cc b/services/resource_coordinator/memory_instrumentation/coordinator_impl.cc
--- a/services/resource_coordinator/memory_instrumentation/coordinator_impl.cc
+++ b/services/resource_coordinator/memory_instrumentation/coordinator_impl.cc
@@ -105,7 +105,8 @@ void CoordinatorImpl::RegisterClientProcess(
const absl::optional<std::string>& service_name) {
DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
mojo::Remote<mojom::ClientProcess> process(std::move(client_process));
- coordinator_receivers_.Add(this, std::move(receiver), process_id);
+ if (receiver.is_valid())
+ coordinator_receivers_.Add(this, std::move(receiver), process_id);
process.set_disconnect_handler(
base::BindOnce(&CoordinatorImpl::UnregisterClientProcess,
base::Unretained(this), process_id));
diff --git a/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.cc b/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.cc
--- a/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.cc
+++ b/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.cc
@@ -24,6 +24,11 @@ void ClientProcessImpl::CreateInstance(
mojo::PendingReceiver<mojom::ClientProcess> receiver,
mojo::PendingRemote<mojom::Coordinator> coordinator,
bool is_browser_process) {
+ // Intentionally disallow non-browser processes from ever holding a
+ // Coordinator.
+ if (!is_browser_process)
+ coordinator.reset();
+
static ClientProcessImpl* instance = nullptr;
if (!instance) {
instance = new ClientProcessImpl(
@@ -39,10 +44,12 @@ ClientProcessImpl::ClientProcessImpl(
mojo::PendingRemote<mojom::Coordinator> coordinator,
bool is_browser_process,
bool initialize_memory_instrumentation)
- : receiver_(this, std::move(receiver)) {
+ : receiver_(this, std::move(receiver)),
+ is_browser_process_(is_browser_process) {
if (initialize_memory_instrumentation) {
// Initialize the public-facing MemoryInstrumentation helper.
- MemoryInstrumentation::CreateInstance(std::move(coordinator));
+ MemoryInstrumentation::CreateInstance(std::move(coordinator),
+ is_browser_process);
} else {
coordinator_.Bind(std::move(coordinator));
}
@@ -110,6 +117,8 @@ void ClientProcessImpl::OnChromeMemoryDumpDone(
void ClientProcessImpl::RequestGlobalMemoryDump_NoCallback(
base::trace_event::MemoryDumpType dump_type,
base::trace_event::MemoryDumpLevelOfDetail level_of_detail) {
+ CHECK(is_browser_process_);
+
if (!task_runner_->RunsTasksInCurrentSequence()) {
task_runner_->PostTask(
FROM_HERE,
diff --git a/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.h b/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.h
--- a/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.h
+++ b/services/resource_coordinator/public/cpp/memory_instrumentation/client_process_impl.h
@@ -96,6 +96,9 @@ class COMPONENT_EXPORT(RESOURCE_COORDINATOR_PUBLIC_MEMORY_INSTRUMENTATION)
mojo::Remote<mojom::Coordinator> coordinator_;
scoped_refptr<base::SingleThreadTaskRunner> task_runner_;
+ // Only browser process is allowed to request memory dumps.
+ const bool is_browser_process_;
+
// TODO(crbug.com/728199): The observer is only used to setup and tear down
// MemoryDumpManager in each process. Setting up MemoryDumpManager should
// be moved away from TracingObserver.
diff --git a/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.cc b/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.cc
--- a/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.cc
+++ b/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.cc
@@ -21,10 +21,11 @@ void WrapGlobalMemoryDump(
// static
void MemoryInstrumentation::CreateInstance(
- mojo::PendingRemote<memory_instrumentation::mojom::Coordinator>
- coordinator) {
+ mojo::PendingRemote<memory_instrumentation::mojom::Coordinator> coordinator,
+ bool is_browser_process) {
DCHECK(!g_instance);
- g_instance = new MemoryInstrumentation(std::move(coordinator));
+ g_instance =
+ new MemoryInstrumentation(std::move(coordinator), is_browser_process);
}
// static
@@ -33,8 +34,10 @@ MemoryInstrumentation* MemoryInstrumentation::GetInstance() {
}
MemoryInstrumentation::MemoryInstrumentation(
- mojo::PendingRemote<memory_instrumentation::mojom::Coordinator> coordinator)
- : coordinator_(std::move(coordinator)) {}
+ mojo::PendingRemote<memory_instrumentation::mojom::Coordinator> coordinator,
+ bool is_browser_process)
+ : coordinator_(std::move(coordinator)),
+ is_browser_process_(is_browser_process) {}
MemoryInstrumentation::~MemoryInstrumentation() {
g_instance = nullptr;
@@ -43,6 +46,7 @@ MemoryInstrumentation::~MemoryInstrumentation() {
void MemoryInstrumentation::RequestGlobalDump(
const std::vector<std::string>& allocator_dump_names,
RequestGlobalDumpCallback callback) {
+ CHECK(is_browser_process_);
coordinator_->RequestGlobalMemoryDump(
MemoryDumpType::SUMMARY_ONLY, MemoryDumpLevelOfDetail::BACKGROUND,
MemoryDumpDeterminism::NONE, allocator_dump_names,
@@ -52,6 +56,7 @@ void MemoryInstrumentation::RequestGlobalDump(
void MemoryInstrumentation::RequestPrivateMemoryFootprint(
base::ProcessId pid,
RequestGlobalDumpCallback callback) {
+ CHECK(is_browser_process_);
coordinator_->RequestPrivateMemoryFootprint(
pid, base::BindOnce(&WrapGlobalMemoryDump, std::move(callback)));
}
@@ -60,6 +65,7 @@ void MemoryInstrumentation::RequestGlobalDumpForPid(
base::ProcessId pid,
const std::vector<std::string>& allocator_dump_names,
RequestGlobalDumpCallback callback) {
+ CHECK(is_browser_process_);
coordinator_->RequestGlobalMemoryDumpForPid(
pid, allocator_dump_names,
base::BindOnce(&WrapGlobalMemoryDump, std::move(callback)));
@@ -70,6 +76,7 @@ void MemoryInstrumentation::RequestGlobalDumpAndAppendToTrace(
MemoryDumpLevelOfDetail level_of_detail,
MemoryDumpDeterminism determinism,
RequestGlobalMemoryDumpAndAppendToTraceCallback callback) {
+ CHECK(is_browser_process_);
coordinator_->RequestGlobalMemoryDumpAndAppendToTrace(
dump_type, level_of_detail, determinism, std::move(callback));
}
diff --git a/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.h b/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.h
--- a/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.h
+++ b/services/resource_coordinator/public/cpp/memory_instrumentation/memory_instrumentation.h
@@ -34,7 +34,8 @@ class COMPONENT_EXPORT(RESOURCE_COORDINATOR_PUBLIC_MEMORY_INSTRUMENTATION)
static void CreateInstance(
mojo::PendingRemote<memory_instrumentation::mojom::Coordinator>
- coordinator);
+ coordinator,
+ bool is_browser_process);
static MemoryInstrumentation* GetInstance();
// Retrieves a Coordinator interface to communicate with the service. This is
@@ -100,12 +101,16 @@ class COMPONENT_EXPORT(RESOURCE_COORDINATOR_PUBLIC_MEMORY_INSTRUMENTATION)
private:
explicit MemoryInstrumentation(
mojo::PendingRemote<memory_instrumentation::mojom::Coordinator>
- coordinator);
+ coordinator,
+ bool is_browser_process);
~MemoryInstrumentation();
const mojo::SharedRemote<memory_instrumentation::mojom::Coordinator>
coordinator_;
+ // Only browser process is allowed to request memory dumps.
+ const bool is_browser_process_;
+
DISALLOW_COPY_AND_ASSIGN(MemoryInstrumentation);
};
--
2.17.1

2
build/patches/Revert-the-removal-of-an-option-to-block-autoplay.patch
View file

@ -416,7 +416,7 @@ diff --git a/components/browser_ui/strings/android/site_settings.grdp b/componen
diff --git a/components/content_settings/core/browser/content_settings_registry.cc b/components/content_settings/core/browser/content_settings_registry.cc
--- a/components/content_settings/core/browser/content_settings_registry.cc
+++ b/components/content_settings/core/browser/content_settings_registry.cc
@@ -337,7 +337,7 @@ void ContentSettingsRegistry::Init() {
@@ -326,7 +326,7 @@ void ContentSettingsRegistry::Init() {
ContentSettingsInfo::PERSISTENT,
ContentSettingsInfo::EXCEPTIONS_ON_SECURE_ORIGINS_ONLY);

19
build/patches/Unexpire-tab-groups-flags.patch
View file

@ -4,9 +4,10 @@ Subject: Unexpire tab groups flags
Disable by default
---
chrome/browser/flag-metadata.json | 4 ++--
chrome/browser/flags/android/chrome_feature_list.cc | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
chrome/browser/flag-metadata.json | 4 ++--
chrome/browser/flags/android/chrome_feature_list.cc | 4 ++--
.../org/chromium/chrome/browser/flags/CachedFeatureFlags.java | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/chrome/browser/flag-metadata.json b/chrome/browser/flag-metadata.json
--- a/chrome/browser/flag-metadata.json
@ -48,6 +49,18 @@ diff --git a/chrome/browser/flags/android/chrome_feature_list.cc b/chrome/browse
const base::Feature kTabGridLayoutAndroid{"TabGridLayoutAndroid",
base::FEATURE_ENABLED_BY_DEFAULT};
diff --git a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
--- a/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
+++ b/chrome/browser/flags/android/java/src/org/chromium/chrome/browser/flags/CachedFeatureFlags.java
@@ -66,7 +66,7 @@ public class CachedFeatureFlags {
put(ChromeFeatureList.PREFETCH_NOTIFICATION_SCHEDULING_INTEGRATION, false);
put(ChromeFeatureList.STORE_HOURS, false);
put(ChromeFeatureList.TAB_GRID_LAYOUT_ANDROID, true);
- put(ChromeFeatureList.TAB_GROUPS_ANDROID, true);
+ put(ChromeFeatureList.TAB_GROUPS_ANDROID, false);
put(ChromeFeatureList.TAB_GROUPS_CONTINUATION_ANDROID, false);
put(ChromeFeatureList.TOOLBAR_USE_HARDWARE_BITMAP_DRAW, false);
put(ChromeFeatureList.CLOSE_TAB_SUGGESTIONS, false);
--
2.17.1