Attachment 357810 Details for Bug 192929 – Patch

[patch] Patch

bug-192929-20181220102402.patch (text/plain), 3.55 KB, created by Patrick Griffis on 2018-12-20 07:24:03 PST

(hide)

Description:

Filename:

MIME Type:

Creator: Patrick Griffis

Created: 2018-12-20 07:24:03 PST

Size: 3.55 KB

patch

obsolete

>Subversion Revision: 239124
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 896920c7e58385a45639eba38cbac067b0736ee3..ebe2c75d06d28b752b83df84a3331b0dae545deb 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,14 @@
>+2018-12-20  Patrick Griffis  <pgriffis@igalia.com>
>+
>+        [GTK][WPE] Grant the sandbox read access to XDG_DATA_HOME/prgname
>+        https://bugs.webkit.org/show_bug.cgi?id=192929
>+
>+        Reviewed by Michael Catanzaro.
>+
>+        * UIProcess/API/glib/WebKitWebContext.cpp:
>+        * UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
>+        (WebKit::bubblewrapSpawn):
>+
> 2018-12-12  Chris Fleizach  <cfleizach@apple.com>
> 
>         [meta][WebKit] Remove using namespace WebCore and WebKit in the global scope for unified source builds
>diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
>index 7afa79c61ebcc02ecfb8ef99bddde13758624133..364f127737c8e644ce3546b5ad0013afbff38ef2 100644
>--- a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
>+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
>@@ -1159,9 +1159,9 @@ void webkit_web_context_register_uri_scheme(WebKitWebContext* context, const cha
>  *
>  * This is only implemented on Linux and is a no-op otherwise.
>  *
>- * If you read from `$XDG_CONFIG_HOME/g_get_prgname()` or `$XDG_CACHE_HOME/g_get_prgname()`
>- * in your WebProcess you must ensure it exists before subprocesses are created.
>- * This behavior may change in the future.
>+ * The web process is granted read-only access to the subdirectory matching g_get_prgname()
>+ * in `$XDG_CONFIG_HOME`, `$XDG_CACHE_HOME`, and `$XDG_DATA_HOME` if it exists before the
>+ * process is created. This behavior may change in the future.
>  *
>  * Since: 2.24
>  */
>diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
>index 99a1824774a464e6dc1bf43807bdc6ad68ac1e6a..e434e0333987a92749c00ddc5b53360904def1be 100644
>--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
>+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
>@@ -763,6 +763,13 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
>         // ahead of time if they require it.
>         GUniquePtr<char> configDir(g_build_filename(g_get_user_config_dir(), g_get_prgname(), nullptr));
>         GUniquePtr<char> cacheDir(g_build_filename(g_get_user_cache_dir(), g_get_prgname(), nullptr));
>+        GUniquePtr<char> dataDir(g_build_filename(g_get_user_data_dir(), g_get_prgname(), nullptr));
>+
>+        sandboxArgs.appendVector(Vector<CString>({
>+            "--ro-bind-try", cacheDir.get(), cacheDir.get(),
>+            "--ro-bind-try", configDir.get(), configDir.get(),
>+            "--ro-bind-try", dataDir.get(), dataDir.get(),
>+        }));
> 
>         Vector<String> extraPaths = { "applicationCacheDirectory", "waylandSocket"};
>         for (const auto& path : extraPaths) {
>@@ -771,11 +778,6 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
>                 sandboxArgs.appendVector(Vector<CString>({ "--bind-try", extraPath.utf8(), extraPath.utf8() }));
>         }
> 
>-        sandboxArgs.appendVector(Vector<CString>({
>-            "--ro-bind-try", cacheDir.get(), cacheDir.get(),
>-            "--ro-bind-try", configDir.get(), configDir.get(),
>-        }));
>-
>         bindDBusSession(sandboxArgs, proxy);
>         // FIXME: We should move to Pipewire as soon as viable, Pulse doesn't restrict clients atm.
>         bindPulse(sandboxArgs);

Actions: View | Formatted Diff | Diff

Attachments on bug 192929: 357809 | 357810