From 2485f12f14c2bfe961337d3dd9fd7bc2b32bc918 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Sun, 16 Feb 2025 12:13:12 -0500 Subject: [PATCH] Update flatpak patches --- flatpak-Add-initial-sandbox-support.patch | 74 +++++++++---------- flatpak-Adjust-paths-for-the-sandbox.patch | 18 ++--- ...pak-Expose-Widevine-into-the-sandbox.patch | 36 ++++++--- 3 files changed, 70 insertions(+), 58 deletions(-) diff --git a/flatpak-Add-initial-sandbox-support.patch b/flatpak-Add-initial-sandbox-support.patch index dae2d943..73f39b12 100644 --- a/flatpak-Add-initial-sandbox-support.patch +++ b/flatpak-Add-initial-sandbox-support.patch @@ -1,4 +1,4 @@ -From ab11528f26a212417b0b6084b52c02e992fe43f7 Mon Sep 17 00:00:00 2001 +From e29f4b52c8770033504794b934bc14b1d7261ef1 Mon Sep 17 00:00:00 2001 From: Ryan Gonzalez Date: Tue, 17 Mar 2020 13:18:27 -0500 Subject: [PATCH] flatpak: Add initial sandbox support @@ -42,10 +42,10 @@ index 9056030523807..2c13d0ad5f1c7 100644 /.externalToolBuilders/ /.settings/ diff --git a/base/threading/thread_restrictions.h b/base/threading/thread_restrictions.h -index 149838be725f2..81034acc71e97 100644 +index e029700325e79..14ef172d37087 100644 --- a/base/threading/thread_restrictions.h +++ b/base/threading/thread_restrictions.h -@@ -407,6 +407,9 @@ class ScopedAllowThreadJoinForWebRtcTransport; +@@ -409,6 +409,9 @@ class ScopedAllowThreadJoinForWebRtcTransport; namespace rlz_lib { class FinancialPing; } @@ -55,7 +55,7 @@ index 149838be725f2..81034acc71e97 100644 namespace service_manager { class ServiceProcessLauncher; } -@@ -649,6 +652,7 @@ class BASE_EXPORT ScopedAllowBlocking { +@@ -646,6 +649,7 @@ class BASE_EXPORT ScopedAllowBlocking { friend class remoting:: ScopedBypassIOThreadRestrictions; // http://crbug.com/1144161 friend class remoting::ScopedAllowBlockingForCrashReporting; @@ -63,7 +63,7 @@ index 149838be725f2..81034acc71e97 100644 friend class ui::DrmDisplayHostManager; friend class ui::ScopedAllowBlockingForGbmSurface; friend class ui::SelectFileDialogLinux; -@@ -792,6 +796,7 @@ class BASE_EXPORT ScopedAllowBaseSyncPrimitives { +@@ -788,6 +792,7 @@ class BASE_EXPORT ScopedAllowBaseSyncPrimitives { friend class rlz_lib::FinancialPing; friend class shell_integration_linux:: LaunchXdgUtilityScopedAllowBaseSyncPrimitives; @@ -72,7 +72,7 @@ index 149838be725f2..81034acc71e97 100644 friend class syncer::HttpBridge; friend class syncer::GetLocalChangesRequest; diff --git a/chrome/browser/resources/sandbox_internals/sandbox_internals.ts b/chrome/browser/resources/sandbox_internals/sandbox_internals.ts -index f6d2f3f0bc41c..fcc58c6735eaa 100644 +index 1d2c06f540674..9946482709bbf 100644 --- a/chrome/browser/resources/sandbox_internals/sandbox_internals.ts +++ b/chrome/browser/resources/sandbox_internals/sandbox_internals.ts @@ -140,6 +140,7 @@ function addGoodBadRow(name: string, result: boolean): HTMLElement { @@ -94,10 +94,10 @@ index f6d2f3f0bc41c..fcc58c6735eaa 100644 addStatusRow('Layer 1 Sandbox', layer1SandboxType, layer1SandboxCssClass); diff --git a/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc b/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc -index 82aa27787a5e0..32bf674f33da6 100644 +index 1174a704b8126..e7fd738b705fb 100644 --- a/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc +++ b/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc -@@ -20,6 +20,7 @@ +@@ -15,6 +15,7 @@ #include "content/public/browser/web_contents.h" #include "content/public/browser/web_ui.h" #include "content/public/browser/web_ui_data_source.h" @@ -105,7 +105,7 @@ index 82aa27787a5e0..32bf674f33da6 100644 #include "services/network/public/mojom/content_security_policy.mojom.h" #if BUILDFLAG(IS_WIN) -@@ -46,6 +47,8 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) { +@@ -41,6 +42,8 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) { source->AddBoolean("suid", status & sandbox::policy::SandboxLinux::kSUID); source->AddBoolean("userNs", status & sandbox::policy::SandboxLinux::kUserNS); @@ -114,7 +114,7 @@ index 82aa27787a5e0..32bf674f33da6 100644 source->AddBoolean("pidNs", status & sandbox::policy::SandboxLinux::kPIDNS); source->AddBoolean("netNs", status & sandbox::policy::SandboxLinux::kNetNS); source->AddBoolean("seccompBpf", -@@ -63,7 +66,8 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) { +@@ -58,7 +61,8 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) { // Require either the setuid or namespace sandbox for our first-layer sandbox. bool good_layer1 = (status & sandbox::policy::SandboxLinux::kSUID || @@ -125,10 +125,10 @@ index 82aa27787a5e0..32bf674f33da6 100644 status & sandbox::policy::SandboxLinux::kNetNS; // A second-layer sandbox is also required to be adequately sandboxed. diff --git a/content/browser/child_process_host_impl.cc b/content/browser/child_process_host_impl.cc -index 95df576580a9e..8d5e0694660b6 100644 +index 583a386414590..c1cf93992da5b 100644 --- a/content/browser/child_process_host_impl.cc +++ b/content/browser/child_process_host_impl.cc -@@ -45,6 +45,7 @@ +@@ -46,6 +46,7 @@ #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) #include "base/linux_util.h" @@ -136,7 +136,7 @@ index 95df576580a9e..8d5e0694660b6 100644 #elif BUILDFLAG(IS_MAC) #include "base/apple/foundation_util.h" #include "content/browser/mac_helpers.h" -@@ -78,7 +79,12 @@ base::FilePath ChildProcessHost::GetChildPath(int flags) { +@@ -72,7 +73,12 @@ base::FilePath ChildProcessHost::GetChildPath(int flags) { #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) // Use /proc/self/exe rather than our known binary path so updates // can't swap out the binary from underneath us. @@ -151,7 +151,7 @@ index 95df576580a9e..8d5e0694660b6 100644 } #endif diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc -index 8eca918b65cbe..1703fb6ade044 100644 +index bd1013ccdd503..00f6ff8e13af5 100644 --- a/content/browser/zygote_host/zygote_host_impl_linux.cc +++ b/content/browser/zygote_host/zygote_host_impl_linux.cc @@ -12,6 +12,7 @@ @@ -162,7 +162,7 @@ index 8eca918b65cbe..1703fb6ade044 100644 #include "base/process/memory.h" #include "base/strings/string_number_conversions.h" #include "base/types/fixed_array.h" -@@ -22,6 +23,7 @@ +@@ -21,6 +22,7 @@ #include "content/common/zygote/zygote_handle_impl_linux.h" #include "content/public/common/zygote/zygote_handle.h" #include "sandbox/linux/services/credentials.h" @@ -170,7 +170,7 @@ index 8eca918b65cbe..1703fb6ade044 100644 #include "sandbox/linux/services/namespace_sandbox.h" #include "sandbox/linux/suid/client/setuid_sandbox_host.h" #include "sandbox/linux/suid/common/sandbox.h" -@@ -72,6 +74,7 @@ ZygoteHostImpl::ZygoteHostImpl() +@@ -71,6 +73,7 @@ ZygoteHostImpl::ZygoteHostImpl() : use_namespace_sandbox_(false), use_suid_sandbox_(false), use_suid_sandbox_for_adj_oom_score_(false), @@ -178,7 +178,7 @@ index 8eca918b65cbe..1703fb6ade044 100644 sandbox_binary_(), zygote_pids_lock_(), zygote_pids_() {} -@@ -110,9 +113,12 @@ void ZygoteHostImpl::Init(const base::CommandLine& command_line) { +@@ -109,9 +112,12 @@ void ZygoteHostImpl::Init(const base::CommandLine& command_line) { sandbox_binary_ = setuid_sandbox_host->GetSandboxBinaryPath().value(); } @@ -194,7 +194,7 @@ index 8eca918b65cbe..1703fb6ade044 100644 use_namespace_sandbox_ = true; } else if (!command_line.HasSwitch( sandbox::policy::switches::kDisableSetuidSandbox) && -@@ -183,10 +189,16 @@ pid_t ZygoteHostImpl::LaunchZygote( +@@ -182,10 +188,16 @@ pid_t ZygoteHostImpl::LaunchZygote( sandbox_host->SetupLaunchEnvironment(); } @@ -215,7 +215,7 @@ index 8eca918b65cbe..1703fb6ade044 100644 CHECK(process.IsValid()) << "Failed to launch zygote process"; dummy_fd.reset(); -@@ -195,7 +207,8 @@ pid_t ZygoteHostImpl::LaunchZygote( +@@ -194,7 +206,8 @@ pid_t ZygoteHostImpl::LaunchZygote( pid_t pid = process.Pid(); @@ -225,7 +225,7 @@ index 8eca918b65cbe..1703fb6ade044 100644 // The namespace and SUID sandbox will execute the zygote in a new // PID namespace, and the main zygote process will then fork from // there. Watch now our elaborate dance to find and validate the -@@ -223,7 +236,11 @@ pid_t ZygoteHostImpl::LaunchZygote( +@@ -222,7 +235,11 @@ pid_t ZygoteHostImpl::LaunchZygote( if (real_pid != pid) { // Reap the sandbox. @@ -238,7 +238,7 @@ index 8eca918b65cbe..1703fb6ade044 100644 } pid = real_pid; } -@@ -274,6 +291,10 @@ void ZygoteHostImpl::AdjustRendererOOMScore(base::ProcessHandle pid, +@@ -273,6 +290,10 @@ void ZygoteHostImpl::AdjustRendererOOMScore(base::ProcessHandle pid, selinux_valid = true; } @@ -250,10 +250,10 @@ index 8eca918b65cbe..1703fb6ade044 100644 if (!base::AdjustOOMScore(pid, score)) PLOG(ERROR) << "Failed to adjust OOM score of renderer with pid " << pid; diff --git a/content/browser/zygote_host/zygote_host_impl_linux.h b/content/browser/zygote_host/zygote_host_impl_linux.h -index 720d823d4a695..ad470963693c4 100644 +index 8ef884a7db6f4..f441900dd6343 100644 --- a/content/browser/zygote_host/zygote_host_impl_linux.h +++ b/content/browser/zygote_host/zygote_host_impl_linux.h -@@ -70,6 +70,7 @@ class CONTENT_EXPORT ZygoteHostImpl : public ZygoteHost { +@@ -69,6 +69,7 @@ class CONTENT_EXPORT ZygoteHostImpl : public ZygoteHost { bool use_namespace_sandbox_; bool use_suid_sandbox_; bool use_suid_sandbox_for_adj_oom_score_; @@ -262,10 +262,10 @@ index 720d823d4a695..ad470963693c4 100644 // This lock protects the |zygote_pids_| set. diff --git a/content/zygote/zygote_linux.cc b/content/zygote/zygote_linux.cc -index bdcb36f7eb2fe..239a6462e4b41 100644 +index f2c3b43281d53..9f3f3f6b1bc12 100644 --- a/content/zygote/zygote_linux.cc +++ b/content/zygote/zygote_linux.cc -@@ -127,7 +127,7 @@ bool Zygote::ProcessRequests() { +@@ -126,7 +126,7 @@ bool Zygote::ProcessRequests() { PCHECK(sigaddset(&sigset, SIGCHLD) == 0); PCHECK(sigprocmask(SIG_BLOCK, &sigset, &orig_sigmask) == 0); @@ -274,7 +274,7 @@ index bdcb36f7eb2fe..239a6462e4b41 100644 // Let the ZygoteHost know we are ready to go. // The receiving code is in // content/browser/zygote_host/zygote_host_impl_linux.cc. -@@ -233,6 +233,10 @@ bool Zygote::UsingNSSandbox() const { +@@ -231,6 +231,10 @@ bool Zygote::UsingNSSandbox() const { return sandbox_flags_ & sandbox::policy::SandboxLinux::kUserNS; } @@ -506,7 +506,7 @@ index 0000000000000..22799eb42f782 +#endif diff --git a/sandbox/linux/services/flatpak_sandbox.cc b/sandbox/linux/services/flatpak_sandbox.cc new file mode 100644 -index 0000000000000..2a915a5b9fa11 +index 0000000000000..31229fdf59127 --- /dev/null +++ b/sandbox/linux/services/flatpak_sandbox.cc @@ -0,0 +1,576 @@ @@ -570,7 +570,7 @@ index 0000000000000..2a915a5b9fa11 + +void WriteStringAsByteArray(dbus::MessageWriter* writer, + const std::string& str) { -+ writer->AppendArrayOfBytes(base::make_span( ++ writer->AppendArrayOfBytes(base::span( + reinterpret_cast(str.c_str()), str.size() + 1)); +} + @@ -1211,10 +1211,10 @@ index 0000000000000..167bbc85945ad + +#endif // SANDBOX_LINUX_SERVICES_FLATPAK_SANDBOX_H_ diff --git a/sandbox/policy/BUILD.gn b/sandbox/policy/BUILD.gn -index 4fe53b047b9aa..794e1ad1805d8 100644 +index 6767e25821a9a..521c089a5f3df 100644 --- a/sandbox/policy/BUILD.gn +++ b/sandbox/policy/BUILD.gn -@@ -129,6 +129,9 @@ component("policy") { +@@ -116,6 +116,9 @@ component("policy") { "//sandbox/linux:suid_sandbox_client", ] } @@ -1225,7 +1225,7 @@ index 4fe53b047b9aa..794e1ad1805d8 100644 sources += [ "linux/bpf_ime_policy_linux.cc", diff --git a/sandbox/policy/linux/sandbox_linux.cc b/sandbox/policy/linux/sandbox_linux.cc -index c7313416e6183..0cb8043f0ac72 100644 +index 6249a61685332..a3ae93f9f4191 100644 --- a/sandbox/policy/linux/sandbox_linux.cc +++ b/sandbox/policy/linux/sandbox_linux.cc @@ -37,6 +37,7 @@ @@ -1236,7 +1236,7 @@ index c7313416e6183..0cb8043f0ac72 100644 #include "sandbox/linux/services/libc_interceptor.h" #include "sandbox/linux/services/namespace_sandbox.h" #include "sandbox/linux/services/proc_util.h" -@@ -236,6 +237,9 @@ void SandboxLinux::PreinitializeSandbox() { +@@ -232,6 +233,9 @@ void SandboxLinux::PreinitializeSandbox() { const int yama_status = Yama::GetStatus(); yama_is_enforcing_ = (yama_status & Yama::STATUS_PRESENT) && (yama_status & Yama::STATUS_ENFORCING); @@ -1246,7 +1246,7 @@ index c7313416e6183..0cb8043f0ac72 100644 pre_initialized_ = true; } -@@ -274,6 +278,10 @@ int SandboxLinux::GetStatus() { +@@ -270,6 +274,10 @@ int SandboxLinux::GetStatus() { sandbox_status_flags_ |= kPIDNS; if (NamespaceSandbox::InNewNetNamespace()) sandbox_status_flags_ |= kNetNS; @@ -1291,10 +1291,10 @@ index 0e4f78b9e6cb7..91b638d8a96e0 100644 #if BUILDFLAG(USING_SANITIZER) std::unique_ptr<__sanitizer_sandbox_arguments> sanitizer_args_; diff --git a/services/service_manager/service_process_launcher.cc b/services/service_manager/service_process_launcher.cc -index e24a262fe90d5..c20fdbd88a1a6 100644 +index bb99780fb878d..4dcdee34d2338 100644 --- a/services/service_manager/service_process_launcher.cc +++ b/services/service_manager/service_process_launcher.cc -@@ -41,6 +41,7 @@ +@@ -40,6 +40,7 @@ #endif #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) @@ -1302,7 +1302,7 @@ index e24a262fe90d5..c20fdbd88a1a6 100644 #include "sandbox/linux/services/namespace_sandbox.h" #endif -@@ -286,8 +287,15 @@ void ServiceProcessLauncher::ProcessState::StopInBackground() { +@@ -285,8 +286,15 @@ void ServiceProcessLauncher::ProcessState::StopInBackground() { return; int rv = -1; @@ -1321,5 +1321,5 @@ index e24a262fe90d5..c20fdbd88a1a6 100644 } -- -2.46.1 +2.47.1 diff --git a/flatpak-Adjust-paths-for-the-sandbox.patch b/flatpak-Adjust-paths-for-the-sandbox.patch index 3b1863de..17c6bcdc 100644 --- a/flatpak-Adjust-paths-for-the-sandbox.patch +++ b/flatpak-Adjust-paths-for-the-sandbox.patch @@ -1,4 +1,4 @@ -From 997c9dc4160c468f26acb851eb65408f41e2a091 Mon Sep 17 00:00:00 2001 +From bf5f40f06d453e0128a9289d2df48d82822f8646 Mon Sep 17 00:00:00 2001 From: Ryan Gonzalez Date: Tue, 25 Aug 2020 19:26:07 -0500 Subject: [PATCH] flatpak: Adjust paths for the sandbox @@ -9,10 +9,10 @@ Subject: [PATCH] flatpak: Adjust paths for the sandbox 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/chrome/common/BUILD.gn b/chrome/common/BUILD.gn -index 76cf6a5985990..4044c87b656c4 100644 +index b7338a65d9a68..b13c79e33c3f6 100644 --- a/chrome/common/BUILD.gn +++ b/chrome/common/BUILD.gn -@@ -642,6 +642,10 @@ static_library("constants") { +@@ -633,6 +633,10 @@ static_library("constants") { "//third_party/widevine/cdm:headers", ] } @@ -24,7 +24,7 @@ index 76cf6a5985990..4044c87b656c4 100644 # Use a static library here because many test binaries depend on this but don't diff --git a/chrome/common/chrome_paths.cc b/chrome/common/chrome_paths.cc -index ec09803ffabcf..ecbc300b99e1d 100644 +index afc13e1b56f78..d707b71ba03ac 100644 --- a/chrome/common/chrome_paths.cc +++ b/chrome/common/chrome_paths.cc @@ -38,6 +38,10 @@ @@ -38,8 +38,8 @@ index ec09803ffabcf..ecbc300b99e1d 100644 #if BUILDFLAG(ENABLE_WIDEVINE) #include "third_party/widevine/cdm/widevine_cdm_common.h" // nogncheck #endif -@@ -537,6 +541,14 @@ bool PathProvider(int key, base::FilePath* result) { - break; +@@ -529,6 +533,14 @@ bool PathProvider(int key, base::FilePath* result) { + #endif #if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_OPENBSD) case chrome::DIR_POLICY_FILES: { +#if defined(OS_LINUX) @@ -53,7 +53,7 @@ index ec09803ffabcf..ecbc300b99e1d 100644 cur = base::FilePath(policy::kPolicyPath); break; } -@@ -557,7 +569,13 @@ bool PathProvider(int key, base::FilePath* result) { +@@ -549,7 +561,13 @@ bool PathProvider(int key, base::FilePath* result) { #endif #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) case chrome::DIR_STANDALONE_EXTERNAL_EXTENSIONS: { @@ -68,7 +68,7 @@ index ec09803ffabcf..ecbc300b99e1d 100644 break; } #endif -@@ -604,6 +622,12 @@ bool PathProvider(int key, base::FilePath* result) { +@@ -596,6 +614,12 @@ bool PathProvider(int key, base::FilePath* result) { "/Library/Application Support/Chromium/NativeMessagingHosts")); #endif #else // BUILDFLAG(IS_MAC) @@ -82,5 +82,5 @@ index ec09803ffabcf..ecbc300b99e1d 100644 cur = base::FilePath( FILE_PATH_LITERAL("/etc/opt/chrome/native-messaging-hosts")); -- -2.46.1 +2.47.1 diff --git a/flatpak-Expose-Widevine-into-the-sandbox.patch b/flatpak-Expose-Widevine-into-the-sandbox.patch index e74420db..fc2eaf35 100644 --- a/flatpak-Expose-Widevine-into-the-sandbox.patch +++ b/flatpak-Expose-Widevine-into-the-sandbox.patch @@ -1,11 +1,18 @@ -From 0446b3432c90bbab893c7bde22a5e664e14753af Mon Sep 17 00:00:00 2001 +From 266e6fc37326e45402f826b282b0e0c461614905 Mon Sep 17 00:00:00 2001 From: Ryan Gonzalez Date: Tue, 17 Nov 2020 13:00:39 -0600 Subject: [PATCH] flatpak: Expose Widevine into the sandbox -diff -up chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc.me chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc ---- chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc.me 2025-02-13 15:25:34.040044876 +0100 -+++ chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc 2025-02-13 17:19:22.030423834 +0100 +--- + .../zygote_host/zygote_host_impl_linux.cc | 54 +++++++++++++- + sandbox/linux/services/flatpak_sandbox.cc | 74 ++++++++++++++----- + sandbox/linux/services/flatpak_sandbox.h | 27 ++++++- + 3 files changed, 131 insertions(+), 24 deletions(-) + +diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc +index 00f6ff8e13af5..cf3019e26bbf2 100644 +--- a/content/browser/zygote_host/zygote_host_impl_linux.cc ++++ b/content/browser/zygote_host/zygote_host_impl_linux.cc @@ -9,7 +9,10 @@ #include @@ -92,9 +99,10 @@ diff -up chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_lin } else { process = base::LaunchProcess(*cmd_line, options); } -diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc.me chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc ---- chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc.me 2025-02-13 15:25:34.048045104 +0100 -+++ chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc 2025-02-13 17:14:05.784569012 +0100 +diff --git a/sandbox/linux/services/flatpak_sandbox.cc b/sandbox/linux/services/flatpak_sandbox.cc +index 31229fdf59127..cabda783879e6 100644 +--- a/sandbox/linux/services/flatpak_sandbox.cc ++++ b/sandbox/linux/services/flatpak_sandbox.cc @@ -4,6 +4,7 @@ #include "sandbox/linux/services/flatpak_sandbox.h" @@ -122,7 +130,7 @@ diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc.me chr FlatpakSandbox::FlatpakSandbox() : bus_thread_("FlatpakPortalBus"), process_info_cv_(&process_info_lock_) {} -@@ -168,8 +181,9 @@ bool FlatpakSandbox::IsPidSandboxed(base +@@ -168,8 +181,9 @@ bool FlatpakSandbox::IsPidSandboxed(base::ProcessId relative_pid) { base::Process FlatpakSandbox::LaunchProcess( const base::CommandLine& cmdline, @@ -134,7 +142,7 @@ diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc.me chr if (external_pid == base::kNullProcessId) { return base::Process(); } -@@ -363,9 +377,9 @@ void FlatpakSandbox::OnSpawnExitedSignal +@@ -363,9 +377,9 @@ void FlatpakSandbox::OnSpawnExitedSignal(dbus::Signal* signal) { process_info_cv_.Broadcast(); } @@ -252,9 +260,10 @@ diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc.me chr if (sandbox_flags != 0) { dbus::MessageWriter entry_writer(nullptr); options_writer.OpenDictEntry(&entry_writer); -diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h.me chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h ---- chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h.me 2025-02-13 15:25:34.048045104 +0100 -+++ chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h 2025-02-13 17:14:05.784569012 +0100 +diff --git a/sandbox/linux/services/flatpak_sandbox.h b/sandbox/linux/services/flatpak_sandbox.h +index 167bbc85945ad..de8e7165b4573 100644 +--- a/sandbox/linux/services/flatpak_sandbox.h ++++ b/sandbox/linux/services/flatpak_sandbox.h @@ -9,6 +9,8 @@ #include "base/compiler_specific.h" #include "base/containers/flat_map.h" @@ -312,3 +321,6 @@ diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h.me chro void OnSpawnResponse(base::ProcessId* out_external_pid, base::WaitableEvent* event, dbus::Response* response, +-- +2.47.1 +