Add rust module to prevent run-time memory dumping of main (#9393)

2025-12-16 00:03:56 +00:00 · 2024-08-05 21:51:38 +02:00
parent 2ea691e81c
commit 8090a89a32
11 changed files with 144 additions and 4 deletions
--- a/apps/desktop/desktop_native/napi/index.d.ts
+++ b/apps/desktop/desktop_native/napi/index.d.ts
@@ -41,6 +41,12 @@ export namespace clipboards {
  export function read(): Promise<string>
  export function write(text: string, password: boolean): Promise<void>
 }
+export namespace processisolations {
+  export function disableCoredumps(): Promise<void>
+  export function isCoreDumpingDisabled(): Promise<boolean>
+  export function disableMemoryAccess(): Promise<void>
+}
+
 export namespace powermonitors {
  export function onLock(callback: (err: Error | null, ) => any): Promise<void>
  export function isLockMonitorAvailable(): Promise<boolean>
--- a/apps/desktop/desktop_native/napi/index.js
+++ b/apps/desktop/desktop_native/napi/index.js
@@ -206,9 +206,10 @@ if (!nativeBinding) {
  throw new Error(`Failed to load native binding`)
 }

-const { passwords, biometrics, clipboards, powermonitors } = nativeBinding
+const { passwords, biometrics, clipboards, processisolations, powermonitors } = nativeBinding

 module.exports.passwords = passwords
 module.exports.biometrics = biometrics
 module.exports.clipboards = clipboards
+module.exports.processisolations = processisolations
 module.exports.powermonitors = powermonitors
--- a/apps/desktop/desktop_native/napi/src/lib.rs
+++ b/apps/desktop/desktop_native/napi/src/lib.rs
@@ -142,6 +142,25 @@ pub mod clipboards {
    }
 }

+#[napi]
+pub mod processisolations {
+    #[napi]
+    pub async fn disable_coredumps() -> napi::Result<()> {
+        desktop_core::process_isolation::disable_coredumps()
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+    #[napi]
+    pub async fn is_core_dumping_disabled() -> napi::Result<bool> {
+        desktop_core::process_isolation::is_core_dumping_disabled()
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+    #[napi]
+    pub async fn disable_memory_access() -> napi::Result<()> {
+        desktop_core::process_isolation::disable_memory_access()
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+}
+
 #[napi]
 pub mod powermonitors {
    use napi::{threadsafe_function::{ErrorStrategy::CalleeHandled, ThreadsafeFunction, ThreadsafeFunctionCallMode}, tokio};