Rename to process isolation

apps/desktop/.gitignore

@@ -3,4 +3,4 @@ dist-safari/
 *.env
 PlugIns/safari.appex/
 xcuserdata/
-memory_security/target/
+process_isolation/target/

apps/desktop/process_isolation/Cargo.toml

@@ -1,5 +1,5 @@
 [package]
-name = "memory-security"
+name = "process-isolation"
 version = "0.1.0"
 edition = "2024"
 

apps/desktop/process_isolation/src/lib.rs

@@ -24,7 +24,7 @@ unsafe extern "C" fn unsetenv(name: *const c_char) -> i32 {
 
         if name_str == "LD_PRELOAD" {
             // This env variable is provided by the flatpak configuration
-            let ld_preload = std::env::var("MEMORY_SECURITY_LD_PRELOAD").unwrap_or_default();
+            let ld_preload = std::env::var("PROCESS_ISOLATION_LD_PRELOAD").unwrap_or_default();
             std::env::set_var("LD_PRELOAD", ld_preload);
             return 0;
         }
@@ -38,7 +38,7 @@ unsafe extern "C" fn unsetenv(name: *const c_char) -> i32 {
 fn preload_init() {
     let pid = unsafe { libc::getpid() };
     unsafe {
-        println!("[memory-security] Enabling memory security for process {pid}");
+        println!("[Process Isolation] Enabling memory security for process {pid}");
         isolate::isolate_process();
         isolate::disable_coredumps();
     }

apps/desktop/process_isolation/test_isolation.sh

@@ -37,4 +37,4 @@ for pid in $pids; do
     mem_mb=$((rss / 1024))
 
     echo "PID: $pid | CMD: $cmd | Mem: ${mem_mb}MB | Owner: $owner | Status: $status"
-done
+done

apps/desktop/resources/com.bitwarden.desktop.devel.yaml

@@ -46,6 +46,6 @@ modules:
         commands:
           - ulimit -c 0
           - export TMPDIR="$XDG_RUNTIME_DIR/app/$FLATPAK_ID"
-          - export ZYPAK_LD_PRELOAD="/app/bin/libmemory_security.so"
-          - export MEMORY_SECURITY_LD_PRELOAD="/app/bin/libmemory_security.so"
+          - export ZYPAK_LD_PRELOAD="/app/bin/libprocess_isolation.so"
+          - export PROCESS_ISOLATION_LD_PRELOAD="/app/bin/libprocess_isolation.so"
           - exec zypak-wrapper /app/bin/bitwarden-app "$@"

apps/desktop/resources/linux-wrapper.sh

@@ -12,11 +12,11 @@ if [ -e "/usr/lib/x86_64-linux-gnu/libdbus-1.so.3" ]; then
   export LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libdbus-1.so.3"
 fi
 
-# If running in non-snap, add libmemory_security.so from app path to LD_PRELOAD
+# If running in non-snap, add libprocess_isolation.so from app path to LD_PRELOAD
 # This prevents debugger / memory dumping on all desktop processes
-if [ -z "$SNAP" ] && [ -f "$APP_PATH/libmemory_security.so" ]; then
-  LIBMEMORY_SECURITY_SO="$APP_PATH/libmemory_security.so"
-  LD_PRELOAD="$LIBMEMORY_SECURITY_SO${LD_PRELOAD:+:$LD_PRELOAD}"
+if [ -z "$SNAP" ] && [ -f "$APP_PATH/libprocess_isolation.so" ]; then
+  LIBPROCESS_ISOLATION_SO="$APP_PATH/libprocess_isolation.so"
+  LD_PRELOAD="$LIBPROCESS_ISOLATION_SO${LD_PRELOAD:+:$LD_PRELOAD}"
   export LD_PRELOAD
 fi
 

apps/desktop/scripts/after-pack.js

@@ -31,14 +31,14 @@ async function run(context) {
     fse.chmodSync(wrapperBin, "755");
     console.log("Copied memory-protection wrapper script");
 
-    const memorySecurityPath = path.join(__dirname, "../memory_security/");
+    const memorySecurityPath = path.join(__dirname, "../process_isolation/");
     const memorySecurityLibPath = path.join(
       memorySecurityPath,
       "target",
       "release",
-      "libmemory_security.so",
+      "libprocess_isolation.so",
     );
-    const memorySecurityLibOutPath = path.join(appOutDir, "libmemory_security.so");
+    const memorySecurityLibOutPath = path.join(appOutDir, "libprocess_isolation.so");
     child_process.execSync(`cargo build --release`, { cwd: memorySecurityPath });
     fse.copyFileSync(memorySecurityLibPath, memorySecurityLibOutPath);
   }