Refactor sandbox preload initialization.

Use a single synchronous IPC call to retrieve data required by early sandbox scripts. This has two purposes: - Optimize preload script initialization by: - Using one synchronous IPC call to retrieve preload script, webContentsId (more on that later), process.{platform,execPath,env} - Lazy loading as many modules as possible. - Fix #12316 for sandbox. @MarshallOfSound addressed the issue in #12342, but it was still present in sandbox mode. By loading webContentsId very early and skipping remote module at early startup, we fix it for sandbox.
electron · May 25, 2018 · 41167ad · 41167ad
1 parent 9574a4f
commit 41167ad
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 21 deletions.
diff --git a/lib/browser/rpc-server.js b/lib/browser/rpc-server.js
@@ -2,6 +2,7 @@
 
 const {Buffer} = require('buffer')
 const electron = require('electron')
+const fs = require('fs')
 const v8Util = process.atomBinding('v8_util')
 const {WebContents} = process.atomBinding('web_contents')
 
@@ -479,3 +480,22 @@ ipcMain.on('ELECTRON_BROWSER_WINDOW_CLOSE', function (event) {
   }
   event.returnValue = null
 })
+
+ipcMain.on('ELECTRON_BROWSER_SANDBOX_LOAD', function (event, preloadPath) {
+  let preloadSrc = null
+  let preloadError = null
+  if (preloadPath) {
+    try {
+      preloadSrc = fs.readFileSync(preloadPath).toString()
+    } catch (err) {
+      preloadError = {stack: err ? err.stack : (new Error(`Failed to load "${preloadPath}"`)).stack}
+    }
+  }
+  event.returnValue = {
+    preloadSrc: preloadSrc,
+    preloadError: preloadError,
+    webContentsId: event.sender.getId(),
+    platform: process.platform,
+    execPath: process.execPath
+  }
+})
diff --git a/lib/renderer/api/remote.js b/lib/renderer/api/remote.js
@@ -295,13 +295,19 @@ exports.getCurrentWebContents = () => {
   return metaToValue(ipcRenderer.sendSync('ELECTRON_BROWSER_CURRENT_WEB_CONTENTS'))
 }
 
-const CONTEXT_ARG = '--context-id='
-let initialContext = process.argv.find(arg => arg.startsWith(CONTEXT_ARG))
-if (initialContext) {
-  initialContext = parseInt(initialContext.substr(CONTEXT_ARG.length), 10)
+let initialContext
+if (process.webContentsId) {
+  // set by sandbox renderer init script
+  initialContext = process.webContentsId
 } else {
-  // In sandbox we need to pull this from remote
-  initialContext = exports.getCurrentWebContents().getId()
+  const CONTEXT_ARG = '--context-id='
+  initialContext = process.argv.find(arg => arg.startsWith(CONTEXT_ARG))
+  if (initialContext) {
+    initialContext = parseInt(initialContext.substr(CONTEXT_ARG.length), 10)
+  } else {
+    // if not available, pull from remote
+    initialContext = exports.getCurrentWebContents().getId()
+  }
 }
 
 // Get a global object in browser.

diff --git a/lib/sandboxed_renderer/init.js b/lib/sandboxed_renderer/init.js
@@ -1,6 +1,7 @@
 /* eslint no-eval: "off" */
 /* global binding, preloadPath, Buffer */
 const events = require('events')
+const electron = require('electron')
 
 process.atomBinding = require('../common/atom-binding-setup')(binding.get, 'renderer')
 
@@ -20,18 +21,29 @@ for (let prop of Object.keys(events.EventEmitter.prototype)) {
 }
 Object.setPrototypeOf(process, events.EventEmitter.prototype)
 
-const electron = require('electron')
-const fs = require('fs')
-const preloadModules = new Map([
-  ['child_process', require('child_process')],
+const remoteModules = new Set([
+  'child_process',
+  'fs',
+  'os',
+  'path'
+])
+
+const loadedModules = new Map([
   ['electron', electron],
-  ['fs', fs],
-  ['os', require('os')],
-  ['path', require('path')],
-  ['url', require('url')],
-  ['timers', require('timers')]
+  ['timers', require('timers')],
+  ['url', require('url')]
 ])
 
+const {
+  preloadSrc, preloadError, webContentsId, platform, execPath
+} = electron.ipcRenderer.sendSync('ELECTRON_BROWSER_SANDBOX_LOAD', preloadPath)
+
+Object.defineProperty(process, 'webContentsId', {
+  configurable: false,
+  writable: false,
+  value: webContentsId
+})
+
 // Pass different process object to the preload script(which should not have
 // access to things like `process.atomBinding`).
 const preloadProcess = new events.EventEmitter()
@@ -40,14 +52,18 @@ preloadProcess.hang = () => binding.hang()
 preloadProcess.getProcessMemoryInfo = () => binding.getProcessMemoryInfo()
 preloadProcess.getSystemMemoryInfo = () => binding.getSystemMemoryInfo()
 preloadProcess.argv = binding.getArgv()
-process.platform = preloadProcess.platform = electron.remote.process.platform
-process.execPath = preloadProcess.execPath = electron.remote.process.execPath
+preloadProcess.platform = process.platform = platform
+preloadProcess.execPath = process.execPath = execPath
+
 process.on('exit', () => preloadProcess.emit('exit'))
 
 // This is the `require` function that will be visible to the preload script
 function preloadRequire (module) {
-  if (preloadModules.has(module)) {
-    return preloadModules.get(module)
+  if (loadedModules.has(module)) {
+    return loadedModules.get(module)
+  }
+  if (remoteModules.has(module)) {
+    return require(module)
   }
   throw new Error('module not found')
 }
@@ -76,8 +92,7 @@ if (window.location.protocol === 'chrome-devtools:') {
 // and any `require('electron')` calls in `preload.js` will work as expected
 // since browserify won't try to include `electron` in the bundle, falling back
 // to the `preloadRequire` function above.
-if (preloadPath) {
-  const preloadSrc = fs.readFileSync(preloadPath).toString()
+if (preloadSrc) {
   const preloadWrapperSrc = `(function(require, process, Buffer, global, setImmediate) {
   ${preloadSrc}
   })`
@@ -88,4 +103,6 @@ if (preloadPath) {
   const preloadFn = geval(preloadWrapperSrc)
   const {setImmediate} = require('timers')
   preloadFn(preloadRequire, preloadProcess, Buffer, global, setImmediate)
+} else if (preloadError) {
+  console.error(preloadError.stack)
 }