SUModelSaveToFileWithVersion and SUModelSaveToFile don't work in chrome sandbox

[runforu]

API Issues Only

Please note that this is a tracker for the SketchUp and LayOut APIs only.

Bugs or feature requests that do not relate to the APIs will be removed. Fill in as much details as possible.

Bug Reports

Please include the following:

1. SketchUp/LayOut Version: all sersions
2. OS Platform: Windows 10

Steps:

1. Downloading the chrome sandbox and modify some example code to wrap sketch up saving process.
2. Grant all permissions in chrome sandbox like enabling file and folder read and write permission.

Expected: the sketch up model is saved.
Result: SU_ERROR_SERIALIZATION is returned by these two method.

Note:
Sandbox doesn't support Winsock, Com and DirectX interface, please check if these two method use such APIs.

[thomthom]

Can you please provide more information? Links to what you are talking about? And some code snippet that indicates what we're talking about here.

[runforu]

Can you please provide more information? Links to what you are talking about? And some code snippet that indicates what we're talking about here.

1. Here is a FAQ about chrome sandbox, the first content answers your question what is chrome sandbox
   https://chromium.googlesource.com/chromium/src/+/refs/heads/main/docs/design/sandbox_faq.md
2. For the NDA, I cannot provide any code snippet, but it's easy to create a C demo to use sandbox. Here is some basic steps:
   A. create a demo to use one of the two methods to save a model to file.
   B. find some chrome sandbox example code and modified the code to call your demo to make the demo work in sandbox process.
   C. please make sure that the sandbox code grants the permission to the demo: the folder read/write permission that the demo need.
3. I don't think that writing code to demo the bug is a fast way to fix it because these two methods fail in saving a model to the file in sandbox process, the possible reasons are the two method uses DirectX API, COM interface, Winsock or accessing some other resource rather than the target saving file. Please check how many underlying resources that the two methods use. Theoretically, files and folders reading and writing are enough for these two methods, but your APIs may access other resources, which causes sandbox forbid the operation. Please mention the resources that the two API uses other than file folders.
4. I am curious that what causes the failure, and I am worrying about if the API will access more resource than they needs, and I am suspecting that how a simple writing to file will fail (in our product, I am sure we grant the read/write permissions of temp folder and target file and folders and we grant registry reading permission).

[runforu]

You can try our "SAP 3D Visual Enterprise Author", open a model and export to skp file format, don't forget enable sandbox: "Help" -> "Plugin Manager" -> "Security" -> "Use Secure Sandbox"
30-day trial version:
https://sap.sharepoint.com/:u:/r/teams/SAP3DVisualEnterprise-OnPremise/Shared%20Documents/RELEASES/VE%209.0/2021.08/FP11%20MP2/VEAUTHOR_911P_2-70000891.EXE?csf=1&web=1&e=PaA6YK

[runforu]

You can image the exporting to skp file in our product like that:

1. create a temp file of the current scene with our format.
2. start sandbox process and pass the arguments: the temp file of our format, the target file name and the target file format (skp). It looks like passing argument to the "int main(int argc, char** argv)". In sandbox process, only granted resource can be accessed. We grant all temp file folder and target file, we notice that the failure happens on the above two APIs, we support many file format, but only skp file fails in sandbox, skp file exporting works without sandbox.
3. get the sandbox process result after process ends.