mirror of
https://github.com/bitwarden/browser
synced 2025-12-12 06:13:38 +00:00
remove sandbox feature flag and refactor to use bool
This commit is contained in:
John Harrington
3
.github/workflows/build-desktop.yml
vendored
3
.github/workflows/build-desktop.yml
vendored
@@ -1688,9 +1688,6 @@ jobs:
|
|||||||
- name: Build Native Module
|
- name: Build Native Module
|
||||||
if: steps.cache.outputs.cache-hit != 'true'
|
if: steps.cache.outputs.cache-hit != 'true'
|
||||||
working-directory: apps/desktop/desktop_native
|
working-directory: apps/desktop/desktop_native
|
||||||
env:
|
|
||||||
# required to bypass sandbox (MAS only)
|
|
||||||
SANDBOX_BUILD: 1
|
|
||||||
run: node build.js cross-platform
|
run: node build.js cross-platform
|
||||||
|
|
||||||
- name: Build
|
- name: Build
|
||||||
|
|||||||
@@ -43,6 +43,3 @@ sha1 = "=0.10.6"
|
|||||||
|
|
||||||
[lints]
|
[lints]
|
||||||
workspace = true
|
workspace = true
|
||||||
|
|
||||||
[features]
|
|
||||||
sandbox = []
|
|
||||||
|
|||||||
@@ -59,8 +59,6 @@ pub struct DefaultInstalledBrowserRetriever {}
|
|||||||
impl InstalledBrowserRetriever for DefaultInstalledBrowserRetriever {
|
impl InstalledBrowserRetriever for DefaultInstalledBrowserRetriever {
|
||||||
fn get_installed_browsers(mas_build: bool) -> Result<Vec<String>> {
|
fn get_installed_browsers(mas_build: bool) -> Result<Vec<String>> {
|
||||||
let mut browsers = Vec::with_capacity(SUPPORTED_BROWSER_MAP.len());
|
let mut browsers = Vec::with_capacity(SUPPORTED_BROWSER_MAP.len());
|
||||||
|
|
||||||
#[allow(unused_variables)] // config only used outside of sandbox
|
|
||||||
for (browser, config) in SUPPORTED_BROWSER_MAP.iter() {
|
for (browser, config) in SUPPORTED_BROWSER_MAP.iter() {
|
||||||
if mas_build {
|
if mas_build {
|
||||||
// show all browsers for MAS builds, user will grant access when selected
|
// show all browsers for MAS builds, user will grant access when selected
|
||||||
@@ -83,19 +81,30 @@ pub fn get_available_profiles(browser_name: &str) -> Result<Vec<ProfileInfo>> {
|
|||||||
Ok(get_profile_info(&local_state))
|
Ok(get_profile_info(&local_state))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Request access to browser directory (sandbox mode only)
|
/// Request access to browser directory (MAS builds only)
|
||||||
/// This shows the permission dialog and creates a security-scoped bookmark,
|
/// This shows the permission dialog and creates a security-scoped bookmark
|
||||||
#[cfg(all(target_os = "macos", feature = "sandbox"))]
|
#[cfg(target_os = "macos")]
|
||||||
pub fn request_browser_access(browser_name: &str) -> Result<()> {
|
pub fn request_browser_access(browser_name: &str, mas_build: bool) -> Result<()> {
|
||||||
platform::sandbox::ScopedBrowserAccess::request_only(browser_name)?;
|
if mas_build {
|
||||||
|
platform::sandbox::ScopedBrowserAccess::request_only(browser_name)?;
|
||||||
|
}
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn import_logins(browser_name: &str, profile_id: &str) -> Result<Vec<LoginImportResult>> {
|
pub async fn import_logins(
|
||||||
// In sandbox mode, resume access to browser directory (use the formerly created bookmark)
|
browser_name: &str,
|
||||||
#[cfg(all(target_os = "macos", feature = "sandbox"))]
|
profile_id: &str,
|
||||||
let _access = platform::sandbox::ScopedBrowserAccess::resume(browser_name)?;
|
mas_build: bool,
|
||||||
|
) -> Result<Vec<LoginImportResult>> {
|
||||||
|
// MAS builds will use the formerly created security bookmark
|
||||||
|
#[cfg(target_os = "macos")]
|
||||||
|
let _access = if mas_build {
|
||||||
|
Some(platform::sandbox::ScopedBrowserAccess::resume(
|
||||||
|
browser_name,
|
||||||
|
)?)
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
};
|
||||||
|
|
||||||
let (data_dir, local_state) = load_local_state_for_browser(browser_name)?;
|
let (data_dir, local_state) = load_local_state_for_browser(browser_name)?;
|
||||||
|
|
||||||
|
|||||||
@@ -11,7 +11,6 @@ use crate::{
|
|||||||
// Sandbox specific (for Mac App Store Builds)
|
// Sandbox specific (for Mac App Store Builds)
|
||||||
//
|
//
|
||||||
|
|
||||||
#[cfg(feature = "sandbox")]
|
|
||||||
pub mod sandbox {
|
pub mod sandbox {
|
||||||
use std::{ffi::CString, os::raw::c_char};
|
use std::{ffi::CString, os::raw::c_char};
|
||||||
|
|
||||||
|
|||||||
@@ -12,7 +12,6 @@ crate-type = ["cdylib"]
|
|||||||
[features]
|
[features]
|
||||||
default = []
|
default = []
|
||||||
manual_test = []
|
manual_test = []
|
||||||
sandbox = ["chromium_importer/sandbox"]
|
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
anyhow = { workspace = true }
|
anyhow = { workspace = true }
|
||||||
|
|||||||
4
apps/desktop/desktop_native/napi/index.d.ts
vendored
4
apps/desktop/desktop_native/napi/index.d.ts
vendored
@@ -255,8 +255,8 @@ export declare namespace chromium_importer {
|
|||||||
/** Returns OS aware metadata describing supported Chromium based importers as a JSON string. */
|
/** Returns OS aware metadata describing supported Chromium based importers as a JSON string. */
|
||||||
export function getMetadata(masBuild: boolean): Record<string, NativeImporterMetadata>
|
export function getMetadata(masBuild: boolean): Record<string, NativeImporterMetadata>
|
||||||
export function getAvailableProfiles(browser: string): Array<ProfileInfo>
|
export function getAvailableProfiles(browser: string): Array<ProfileInfo>
|
||||||
export function importLogins(browser: string, profileId: string): Promise<Array<LoginImportResult>>
|
export function importLogins(browser: string, profileId: string, masBuild: boolean): Promise<Array<LoginImportResult>>
|
||||||
export function requestBrowserAccess(browser: string): void
|
export function requestBrowserAccess(browser: string, masBuild: boolean): void
|
||||||
}
|
}
|
||||||
export declare namespace autotype {
|
export declare namespace autotype {
|
||||||
export function getForegroundWindowTitle(): string
|
export function getForegroundWindowTitle(): string
|
||||||
|
|||||||
@@ -11,9 +11,4 @@ if (isRelease) {
|
|||||||
process.env.RUST_LOG = 'debug';
|
process.env.RUST_LOG = 'debug';
|
||||||
}
|
}
|
||||||
|
|
||||||
const featuresArg = process.env.SANDBOX_BUILD === '1' ? '--features sandbox' : '';
|
execSync(`napi build --platform --js false`, { stdio: 'inherit', env: process.env });
|
||||||
if (featuresArg) {
|
|
||||||
console.log('Building with sandbox feature enabled.');
|
|
||||||
}
|
|
||||||
|
|
||||||
execSync(`napi build --platform --js false ${featuresArg}`, { stdio: 'inherit', env: process.env });
|
|
||||||
|
|||||||
@@ -1186,24 +1186,24 @@ pub mod chromium_importer {
|
|||||||
pub async fn import_logins(
|
pub async fn import_logins(
|
||||||
browser: String,
|
browser: String,
|
||||||
profile_id: String,
|
profile_id: String,
|
||||||
|
mas_build: bool,
|
||||||
) -> napi::Result<Vec<LoginImportResult>> {
|
) -> napi::Result<Vec<LoginImportResult>> {
|
||||||
chromium_importer::chromium::import_logins(&browser, &profile_id)
|
chromium_importer::chromium::import_logins(&browser, &profile_id, mas_build)
|
||||||
.await
|
.await
|
||||||
.map(|logins| logins.into_iter().map(LoginImportResult::from).collect())
|
.map(|logins| logins.into_iter().map(LoginImportResult::from).collect())
|
||||||
.map_err(|e| napi::Error::from_reason(e.to_string()))
|
.map_err(|e| napi::Error::from_reason(e.to_string()))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[napi]
|
#[napi]
|
||||||
#[allow(unused_variables)]
|
pub fn request_browser_access(browser: String, mas_build: bool) -> napi::Result<()> {
|
||||||
pub fn request_browser_access(browser: String) -> napi::Result<()> {
|
#[cfg(target_os = "macos")]
|
||||||
#[cfg(all(target_os = "macos", feature = "sandbox"))]
|
|
||||||
{
|
{
|
||||||
chromium_importer::chromium::request_browser_access(&browser)
|
chromium_importer::chromium::request_browser_access(&browser, mas_build)
|
||||||
.map_err(|e| napi::Error::from_reason(e.to_string()))
|
.map_err(|e| napi::Error::from_reason(e.to_string()))
|
||||||
}
|
}
|
||||||
#[cfg(not(all(target_os = "macos", feature = "sandbox")))]
|
#[cfg(not(target_os = "macos"))]
|
||||||
{
|
{
|
||||||
// No-op when built without sandbox feature
|
// No-op outside of Mac OS
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -35,7 +35,6 @@
|
|||||||
"build:renderer:watch": "cross-env NODE_ENV=development webpack --config webpack.config.js --config-name renderer --watch",
|
"build:renderer:watch": "cross-env NODE_ENV=development webpack --config webpack.config.js --config-name renderer --watch",
|
||||||
"electron": "node ./scripts/start.js",
|
"electron": "node ./scripts/start.js",
|
||||||
"electron:ignore": "node ./scripts/start.js --ignore-certificate-errors",
|
"electron:ignore": "node ./scripts/start.js --ignore-certificate-errors",
|
||||||
"electron:sandbox": "SANDBOX_BUILD=1 node ./scripts/start.js",
|
|
||||||
"flatpak:dev": "npm run clean:dist && electron-builder --dir -p never && flatpak-builder --force-clean --install --user ../../.flatpak/ ./resources/com.bitwarden.desktop.devel.yaml && flatpak run com.bitwarden.desktop",
|
"flatpak:dev": "npm run clean:dist && electron-builder --dir -p never && flatpak-builder --force-clean --install --user ../../.flatpak/ ./resources/com.bitwarden.desktop.devel.yaml && flatpak run com.bitwarden.desktop",
|
||||||
"clean:dist": "rimraf ./dist",
|
"clean:dist": "rimraf ./dist",
|
||||||
"pack:dir": "npm run clean:dist && electron-builder --dir -p never",
|
"pack:dir": "npm run clean:dist && electron-builder --dir -p never",
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ concurrently(
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "Elec",
|
name: "Elec",
|
||||||
command: `npx wait-on ./build/main.js && npx electron ${process.env.SANDBOX_BUILD ? "" : "--no-sandbox "}--inspect=5858 ${args.join(
|
command: `npx wait-on ./build/main.js && npx electron --no-sandbox --inspect=5858 ${args.join(
|
||||||
" ",
|
" ",
|
||||||
)} ./build --watch`,
|
)} ./build --watch`,
|
||||||
prefixColor: "green",
|
prefixColor: "green",
|
||||||
|
|||||||
@@ -2,6 +2,8 @@ import { ipcMain } from "electron";
|
|||||||
|
|
||||||
import { chromium_importer } from "@bitwarden/desktop-napi";
|
import { chromium_importer } from "@bitwarden/desktop-napi";
|
||||||
|
|
||||||
|
import { isMacAppStore } from "../../../utils";
|
||||||
|
|
||||||
export class ChromiumImporterService {
|
export class ChromiumImporterService {
|
||||||
constructor() {
|
constructor() {
|
||||||
ipcMain.handle("chromium_importer.getMetadata", async (event, isMas: boolean) => {
|
ipcMain.handle("chromium_importer.getMetadata", async (event, isMas: boolean) => {
|
||||||
@@ -11,7 +13,7 @@ export class ChromiumImporterService {
|
|||||||
// Used on Mac OS App Store builds to request permissions to browser entries outside the sandbox
|
// Used on Mac OS App Store builds to request permissions to browser entries outside the sandbox
|
||||||
ipcMain.handle("chromium_importer.requestBrowserAccess", async (event, browser: string) => {
|
ipcMain.handle("chromium_importer.requestBrowserAccess", async (event, browser: string) => {
|
||||||
if (chromium_importer.requestBrowserAccess) {
|
if (chromium_importer.requestBrowserAccess) {
|
||||||
return await chromium_importer.requestBrowserAccess(browser);
|
return await chromium_importer.requestBrowserAccess(browser, isMacAppStore());
|
||||||
}
|
}
|
||||||
// requestBrowserAccess not found, returning with no-op
|
// requestBrowserAccess not found, returning with no-op
|
||||||
return;
|
return;
|
||||||
@@ -24,7 +26,7 @@ export class ChromiumImporterService {
|
|||||||
ipcMain.handle(
|
ipcMain.handle(
|
||||||
"chromium_importer.importLogins",
|
"chromium_importer.importLogins",
|
||||||
async (event, browser: string, profileId: string) => {
|
async (event, browser: string, profileId: string) => {
|
||||||
return await chromium_importer.importLogins(browser, profileId);
|
return await chromium_importer.importLogins(browser, profileId, isMacAppStore());
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user