-
-
Notifications
You must be signed in to change notification settings - Fork 643
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fallback to UIA if supported in Chromium and we don't have access to IA2 #13032
Conversation
Do we know if this is intentional, and if so, why that is the case? Does Google Chrome have this behaviour? Maybe we should raise this with MS. |
Chrome has this behavior and so have Electron apps. Firefox is also not accessible with IA2 when running under a different user. I am under the impression that it might be an IA2 specific thing. |
It would be good to be more clearer on the actual user scenarios here. What is the reasoning for running Edge as another user, and how does one actually do this? |
Calling accessibleObjectFromWindow is not a cheep call, nor probably is the accChild call. |
The scenario I use is
I'm working in a corporate environment where we use a different account for administrative tasks, such as database administratio. Running the browser under another user eases with single sign on.
That makes sense. I'll close this and will think about another approach. |
I implemented a new approach that gets the logon session ID from NVDA's process, caches that, and compares it with the logon session id of the appModule. Pretty sure that will be much cheaper indeed. |
I discussed this with a colleague and this indeed seems to differ significantly in that "run as admin" only ensures elevated permissions for the account that is currently running. So in your scenario, Edge would still be running as your standard user. Also, while we are at it, could you may be elaborate on what the IA2support in NVDAHelper is supposed to do? Is that meant to initialize IA2 support for the helper process, or is it also necessary to initialize IA2 in such a way that out of process calls can use it? |
Ah, I forgot about shift+applications key. Now I do see Run as user. I reproduced your problem by being logged in as a standard user, then running Edge as my other admin user. Everything just says "unknown". |
Re IA2 in-process: |
Thanks for clarifying. I really want to get to the bottom of this somehow. It looks like the IA2 to UIA bridge. is perfectly able to expose stuff from Firefox as well, when that's running under a different user. On the other hand, NVDA is unable to read anything. This suggests there might be something permission wise that blocks us from accessing Firefox. As expected, when running NVDA as admin, all works perfectly fine. |
I am marking this as a draft as this review comment is unresolved:
|
The review comment has been fixed. |
See test results for failed build of commit 88fcb449fb |
See test results for failed build of commit f9ffef5225 |
See test results for failed build of commit 62109b1f8b |
See test results for failed build of commit 258c421f9f |
source/nvda.pyw
Outdated
@@ -77,6 +77,15 @@ import logHandler | |||
from logHandler import log | |||
import winUser | |||
import winKernel | |||
# Avoid a E402 'module level import not at top of file' warning, | |||
# because monkeypatches need to be applied first first |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the second "first" a mistake, or have you added it just for emphasis?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That was definitely a mistake.
source/nvda.pyw
Outdated
from systemUtils import getProcessTokenOrigin # noqa: E402 | ||
|
||
try: | ||
globalVars.appLogonSessionID = getProcessTokenOrigin(winKernel.GetCurrentProcess()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An alternative implementation would be to create a\ function in systemUtils
named getAppLoginID
or similar which just retrieves logon ID of the current process first time it is called. If you're worried about performance you can cache the result similar to what is being done in hasSyswow64Dir
. I see several advantages:
- The NVDA's logon ID is retrieved only when needed i.e. only in cases where user accesses Chromium
- In the current approach if there is an error when getting NVDA's logon ID we won't know about it since logging is not yet ready and exception is swallowed.
- The NOQA comment would not be necessary :-D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this idea.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @LeonarddeR, the approach looks good to me. I've added some suggestions around coding style and documentation.
source/systemUtils.py
Outdated
_fields_ = [("OriginatingLogonSession", ctypes.c_ulonglong)] | ||
|
||
|
||
def getProcessTokenOrigin(processHandle: int) -> TOKEN_ORIGIN: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A docstring describing what this is getting, and what it is used for is needed here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I decided to merge the approach to get the logon session ID in one function, it looks more obvious now.
See test results for failed build of commit b7596ca0e1 |
Is this still meant to be a draft? What's remaining here? |
Ah I'm sorry, I think it's ready now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @LeonarddeR
Link to issue number:
None
Summary of the issue:
Currently, UIA is used in the following cases in Chromium (notably Edge)
There is a particular case missing here. When running Edge under a different user, the IAccessible2 implementation is not available, whereas UIA works pretty nicely.
Description of how this pull request fixes the issue:
Add another check to ensure we use UIA in this case.
Testing strategy:
Run edge under a different user and ensure that it is accessible.
Known issues with pull request:
None known
Change log entries:
Bug fixes
Code Review Checklist: