From d434fd9b5db3f33453e84bd9ade490fe9c7a0563 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Sun, 24 Aug 2025 16:03:37 +0200
Subject: [PATCH] Rename to process isolation

---
 apps/desktop/.gitignore                                   | 2 +-
 .../{memory_security => process_isolation}/Cargo.lock     | 0
 .../{memory_security => process_isolation}/Cargo.toml     | 2 +-
 .../{memory_security => process_isolation}/src/isolate.rs | 0
 .../{memory_security => process_isolation}/src/lib.rs     | 4 ++--
 .../test_isolation.sh                                     | 2 +-
 apps/desktop/resources/com.bitwarden.desktop.devel.yaml   | 4 ++--
 apps/desktop/resources/linux-wrapper.sh                   | 8 ++++----
 apps/desktop/scripts/after-pack.js                        | 6 +++---
 9 files changed, 14 insertions(+), 14 deletions(-)
 rename apps/desktop/{memory_security => process_isolation}/Cargo.lock (100%)
 rename apps/desktop/{memory_security => process_isolation}/Cargo.toml (82%)
 rename apps/desktop/{memory_security => process_isolation}/src/isolate.rs (100%)
 rename apps/desktop/{memory_security => process_isolation}/src/lib.rs (89%)
 rename apps/desktop/{memory_security => process_isolation}/test_isolation.sh (99%)

diff --git a/apps/desktop/.gitignore b/apps/desktop/.gitignore
index dd720fb3d54..edea27f4d44 100644
--- a/apps/desktop/.gitignore
+++ b/apps/desktop/.gitignore
@@ -3,4 +3,4 @@ dist-safari/
 *.env
 PlugIns/safari.appex/
 xcuserdata/
-memory_security/target/
\ No newline at end of file
+process_isolation/target/
diff --git a/apps/desktop/memory_security/Cargo.lock b/apps/desktop/process_isolation/Cargo.lock
similarity index 100%
rename from apps/desktop/memory_security/Cargo.lock
rename to apps/desktop/process_isolation/Cargo.lock
diff --git a/apps/desktop/memory_security/Cargo.toml b/apps/desktop/process_isolation/Cargo.toml
similarity index 82%
rename from apps/desktop/memory_security/Cargo.toml
rename to apps/desktop/process_isolation/Cargo.toml
index e348edfb1c4..889332fbe2f 100644
--- a/apps/desktop/memory_security/Cargo.toml
+++ b/apps/desktop/process_isolation/Cargo.toml
@@ -1,5 +1,5 @@
 [package]
-name = "memory-security"
+name = "process-isolation"
 version = "0.1.0"
 edition = "2024"
 
diff --git a/apps/desktop/memory_security/src/isolate.rs b/apps/desktop/process_isolation/src/isolate.rs
similarity index 100%
rename from apps/desktop/memory_security/src/isolate.rs
rename to apps/desktop/process_isolation/src/isolate.rs
diff --git a/apps/desktop/memory_security/src/lib.rs b/apps/desktop/process_isolation/src/lib.rs
similarity index 89%
rename from apps/desktop/memory_security/src/lib.rs
rename to apps/desktop/process_isolation/src/lib.rs
index 9c23a3cb1c7..4241d9fe569 100644
--- a/apps/desktop/memory_security/src/lib.rs
+++ b/apps/desktop/process_isolation/src/lib.rs
@@ -24,7 +24,7 @@ unsafe extern "C" fn unsetenv(name: *const c_char) -> i32 {
 
         if name_str == "LD_PRELOAD" {
             // This env variable is provided by the flatpak configuration
-            let ld_preload = std::env::var("MEMORY_SECURITY_LD_PRELOAD").unwrap_or_default();
+            let ld_preload = std::env::var("PROCESS_ISOLATION_LD_PRELOAD").unwrap_or_default();
             std::env::set_var("LD_PRELOAD", ld_preload);
             return 0;
         }
@@ -38,7 +38,7 @@ unsafe extern "C" fn unsetenv(name: *const c_char) -> i32 {
 fn preload_init() {
     let pid = unsafe { libc::getpid() };
     unsafe {
-        println!("[memory-security] Enabling memory security for process {pid}");
+        println!("[Process Isolation] Enabling memory security for process {pid}");
         isolate::isolate_process();
         isolate::disable_coredumps();
     }
diff --git a/apps/desktop/memory_security/test_isolation.sh b/apps/desktop/process_isolation/test_isolation.sh
similarity index 99%
rename from apps/desktop/memory_security/test_isolation.sh
rename to apps/desktop/process_isolation/test_isolation.sh
index 4464a3c865f..91f3b7933df 100644
--- a/apps/desktop/memory_security/test_isolation.sh
+++ b/apps/desktop/process_isolation/test_isolation.sh
@@ -37,4 +37,4 @@ for pid in $pids; do
     mem_mb=$((rss / 1024))
 
     echo "PID: $pid | CMD: $cmd | Mem: ${mem_mb}MB | Owner: $owner | Status: $status"
-done
\ No newline at end of file
+done
diff --git a/apps/desktop/resources/com.bitwarden.desktop.devel.yaml b/apps/desktop/resources/com.bitwarden.desktop.devel.yaml
index f6cd6ca985c..e72df98e22b 100644
--- a/apps/desktop/resources/com.bitwarden.desktop.devel.yaml
+++ b/apps/desktop/resources/com.bitwarden.desktop.devel.yaml
@@ -46,6 +46,6 @@ modules:
         commands:
           - ulimit -c 0
           - export TMPDIR="$XDG_RUNTIME_DIR/app/$FLATPAK_ID"
-          - export ZYPAK_LD_PRELOAD="/app/bin/libmemory_security.so"
-          - export MEMORY_SECURITY_LD_PRELOAD="/app/bin/libmemory_security.so"
+          - export ZYPAK_LD_PRELOAD="/app/bin/libprocess_isolation.so"
+          - export PROCESS_ISOLATION_LD_PRELOAD="/app/bin/libprocess_isolation.so"
           - exec zypak-wrapper /app/bin/bitwarden-app "$@"
diff --git a/apps/desktop/resources/linux-wrapper.sh b/apps/desktop/resources/linux-wrapper.sh
index 99f1cfaaf7c..50a323e1c18 100644
--- a/apps/desktop/resources/linux-wrapper.sh
+++ b/apps/desktop/resources/linux-wrapper.sh
@@ -12,11 +12,11 @@ if [ -e "/usr/lib/x86_64-linux-gnu/libdbus-1.so.3" ]; then
   export LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libdbus-1.so.3"
 fi
 
-# If running in non-snap, add libmemory_security.so from app path to LD_PRELOAD
+# If running in non-snap, add libprocess_isolation.so from app path to LD_PRELOAD
 # This prevents debugger / memory dumping on all desktop processes
-if [ -z "$SNAP" ] && [ -f "$APP_PATH/libmemory_security.so" ]; then
-  LIBMEMORY_SECURITY_SO="$APP_PATH/libmemory_security.so"
-  LD_PRELOAD="$LIBMEMORY_SECURITY_SO${LD_PRELOAD:+:$LD_PRELOAD}"
+if [ -z "$SNAP" ] && [ -f "$APP_PATH/libprocess_isolation.so" ]; then
+  LIBPROCESS_ISOLATION_SO="$APP_PATH/libprocess_isolation.so"
+  LD_PRELOAD="$LIBPROCESS_ISOLATION_SO${LD_PRELOAD:+:$LD_PRELOAD}"
   export LD_PRELOAD
 fi
 
diff --git a/apps/desktop/scripts/after-pack.js b/apps/desktop/scripts/after-pack.js
index b40ca79e602..c3e04217689 100644
--- a/apps/desktop/scripts/after-pack.js
+++ b/apps/desktop/scripts/after-pack.js
@@ -31,14 +31,14 @@ async function run(context) {
     fse.chmodSync(wrapperBin, "755");
     console.log("Copied memory-protection wrapper script");
 
-    const memorySecurityPath = path.join(__dirname, "../memory_security/");
+    const memorySecurityPath = path.join(__dirname, "../process_isolation/");
     const memorySecurityLibPath = path.join(
       memorySecurityPath,
       "target",
       "release",
-      "libmemory_security.so",
+      "libprocess_isolation.so",
     );
-    const memorySecurityLibOutPath = path.join(appOutDir, "libmemory_security.so");
+    const memorySecurityLibOutPath = path.join(appOutDir, "libprocess_isolation.so");
     child_process.execSync(`cargo build --release`, { cwd: memorySecurityPath });
     fse.copyFileSync(memorySecurityLibPath, memorySecurityLibOutPath);
   }