Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: use plugin executable for utility process on macOS #161102

Merged
merged 1 commit into from Sep 21, 2022
Merged

chore: use plugin executable for utility process on macOS #161102

merged 1 commit into from Sep 21, 2022

Conversation

deepak1556
Copy link
Contributor

@deepak1556 deepak1556 commented Sep 16, 2022
edited

This PR switches the executable used on macOS to spawn the extension host process from Code Helper.app to Code Helper (Plugin).app using the allowLoadingUnsignedLibraries capability of the utility process.

This allows us to remove some privileged entitlements from the main application bundle which will protect the main process from loading any unsigned libraries or from dyld linker processing the DYLD_ variables that can be used to inject code into the process.

@VSCodeTriageBot VSCodeTriageBot added this to the September 2022 milestone Sep 16, 2022
@deepak1556
Copy link
Contributor Author

Testing insiders build https://monacotools.visualstudio.com/Monaco/_build/results?buildId=185574&view=results

@deepak1556 deepak1556 modified the milestones: September 2022, On Deck Sep 16, 2022
@deepak1556
Copy link
Contributor Author

Actually this is not urgent, lets make this change after extension host utility process is made default in stable so that we don't have to maintain a separate change in distro.

@deepak1556 deepak1556 marked this pull request as draft September 16, 2022 14:05
bpasero
bpasero previously approved these changes Sep 16, 2022
View reviewed changes
@bpasero
Copy link
Member

bpasero commented Sep 16, 2022

Can we ship this as long as there is still that setting to disable utility process?

@deepak1556
Copy link
Contributor Author

We could do it potentially if I add back the changes to build/azure-pipelines/darwin/app-entitlements.plist so that the old extension host process will work as expected when utility process is disabled. In that case, I can do the following,

  1. Add back the changes to build/azure-pipelines/darwin/app-entitlements.plist
  2. Ship the PR, this will get self-hosting on the new executable code path for utility process on macOS
  3. Once utility process setting is removed, make the changes again to build/azure-pipelines/darwin/app-entitlements.plist

Thoughts ?

@bpasero
Copy link
Member

bpasero commented Sep 19, 2022

Yeah sounds good to me.

@deepak1556 deepak1556 marked this pull request as ready for review September 19, 2022 11:40
@deepak1556
Copy link
Contributor Author

Build to verify https://monacotools.visualstudio.com/Monaco/_build/results?buildId=185713&view=results

@deepak1556 deepak1556 changed the title chore: update app entitlements chore: use plugin executable for utility process on macOS Sep 19, 2022
@deepak1556 deepak1556 modified the milestones: On Deck, September 2022 Sep 19, 2022
@deepak1556
Copy link
Contributor Author

Builds are looking good 🚀

@bpasero bpasero requested review from bpasero and removed request for bpasero September 20, 2022 03:48
@deepak1556 deepak1556 merged commit 0d5fbcc into main Sep 21, 2022
@deepak1556 deepak1556 deleted the robo/update_entitlements branch September 21, 2022 15:18
@github-actions github-actions bot locked and limited conversation to collaborators Nov 5, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bpasero bpasero bpasero approved these changes

@alexdima alexdima Awaiting requested review from alexdima

Assignees

@deepak1556 deepak1556

Labels
None yet
Projects
None yet
Milestone
September 2022
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@deepak1556 @bpasero @VSCodeTriageBot