Attachment 359484 Details for Bug 193571 – Patch

[patch] Patch

bug-193571-20190118103013.patch (text/plain), 10.78 KB, created by Patrick Griffis on 2019-01-18 07:30:14 PST

(hide)

Description:

Filename:

MIME Type:

Creator: Patrick Griffis

Created: 2019-01-18 07:30:14 PST

Size: 10.78 KB

patch

obsolete

>Subversion Revision: 240107
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index e492f8af27f8e1849826495a30f68393b87ff200..dc023d9a41436d6d4de40df794afac69efc7ecce 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,21 @@
>+2019-01-18  Patrick Griffis  <pgriffis@igalia.com>
>+
>+        [GTK][WPE] Add API to add paths to sandbox
>+        https://bugs.webkit.org/show_bug.cgi?id=193571
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        * UIProcess/API/glib/WebKitWebContext.cpp:
>+        (webkit_web_context_add_path_to_sandbox):
>+        * UIProcess/API/gtk/WebKitWebContext.h:
>+        * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
>+        * UIProcess/API/wpe/docs/wpe-0.1-sections.txt:
>+        * UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
>+        (WebKit::bubblewrapSpawn):
>+        * UIProcess/WebProcessPool.h:
>+        * UIProcess/glib/WebProcessProxyGLib.cpp:
>+        (WebKit::WebProcessProxy::platformGetLaunchOptions):
>+
> 2019-01-16  Youenn Fablet  <youenn@apple.com>
> 
>         Add a new SPI for controlling getUserMedia
>diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
>index 0f39e125f3da6c48396a40c9cdfe8f4c41d969ae..48906f77b166f435352ecd316691e915227f4c21 100644
>--- a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
>+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
>@@ -1160,10 +1160,6 @@ void webkit_web_context_register_uri_scheme(WebKitWebContext* context, const cha
>  *
>  * This is only implemented on Linux and is a no-op otherwise.
>  *
>- * The web process is granted read-only access to the subdirectory matching g_get_prgname()
>- * in `$XDG_CONFIG_HOME`, `$XDG_CACHE_HOME`, and `$XDG_DATA_HOME` if it exists before the
>- * process is created. This behavior may change in the future.
>- *
>  * Since: 2.24
>  */
> void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean enabled)
>@@ -1176,6 +1172,31 @@ void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean
>     context->priv->processPool->setSandboxEnabled(enabled);
> }
> 
>+/**
>+ * webkit_web_context_add_path_to_sandbox:
>+ * @context: a #WebKitWebContext
>+ * @path: an absolute path to mount in the sandbox
>+ * @read_only: if %TRUE the path will be read-only
>+ *
>+ * Adds a path to be mounted in the sandbox. @path must exist before any web process
>+ * has been created otherwise it will be silently ignored. It is a fatal error to
>+ * add paths after a web process has been spawned.
>+ *
>+ * See also webkit_web_context_set_sandbox_enabled()
>+ *
>+ * Since: 2.24
>+ */
>+void webkit_web_context_add_path_to_sandbox(WebKitWebContext* context, const char* path, gboolean read_only)
>+{
>+    g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context));
>+    g_return_if_fail(g_path_is_absolute(path));
>+
>+    if (context->priv->processPool->processes().size())
>+        g_error("Sandbox paths cannot be changed after subprocesses were spawned.");
>+
>+    context->priv->processPool->appendSandboxPaths(String(path), read_only);
>+}
>+
> /**
>  * webkit_web_context_get_sandbox_enabled:
>  * @context: a #WebKitWebContext
>diff --git a/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h b/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h
>index bbdeac93316df2102b6e8c5cbb8e7b78f57f8939..81351af3c51080eb73c24505c6af822f6220c9a2 100644
>--- a/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h
>+++ b/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h
>@@ -254,6 +254,11 @@ webkit_web_context_set_sandbox_enabled              (WebKitWebContext
> WEBKIT_API gboolean
> webkit_web_context_get_sandbox_enabled              (WebKitWebContext              *context);
> 
>+WEBKIT_API void
>+webkit_web_context_add_path_to_sandbox              (WebKitWebContext              *context,
>+                                                     const char                    *path,
>+                                                     gboolean                       read_only);
>+
> WEBKIT_API gboolean
> webkit_web_context_get_spell_checking_enabled       (WebKitWebContext              *context);
> 
>diff --git a/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt b/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt
>index 756aaa4de72da5bb73c70ffa0ce846afee4933ef..1b7b5b865638491c6d033b55588ca34e8d3b8f6a 100644
>--- a/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt
>+++ b/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt
>@@ -53,6 +53,7 @@ webkit_web_context_get_plugins
> webkit_web_context_get_plugins_finish
> webkit_web_context_get_sandbox_enabled
> webkit_web_context_set_sandbox_enabled
>+webkit_web_context_add_path_to_sandbox
> webkit_web_context_get_spell_checking_enabled
> webkit_web_context_set_spell_checking_enabled
> webkit_web_context_get_spell_checking_languages
>diff --git a/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h b/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h
>index c1d493c98e94367f0473b449b839cae93308c0bb..081cd11a342a9f611a4f4198cec293294c2a2701 100644
>--- a/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h
>+++ b/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h
>@@ -254,6 +254,11 @@ webkit_web_context_set_sandbox_enabled              (WebKitWebContext
> WEBKIT_API gboolean
> webkit_web_context_get_sandbox_enabled              (WebKitWebContext              *context);
> 
>+WEBKIT_API void
>+webkit_web_context_add_path_to_sandbox              (WebKitWebContext              *context,
>+                                                     const char                    *path,
>+                                                     gboolean                       read_only);
>+
> WEBKIT_API gboolean
> webkit_web_context_get_spell_checking_enabled       (WebKitWebContext              *context);
> 
>diff --git a/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt b/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt
>index 628db4252a4d2bf48f490da54087ac4c2c95bc91..5307b44158eea489f0f745425601f1a39fc70ea5 100644
>--- a/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt
>+++ b/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt
>@@ -31,6 +31,7 @@ webkit_web_context_get_plugins
> webkit_web_context_get_plugins_finish
> webkit_web_context_get_sandbox_enabled
> webkit_web_context_set_sandbox_enabled
>+webkit_web_context_add_path_to_sandbox
> webkit_web_context_get_spell_checking_enabled
> webkit_web_context_set_spell_checking_enabled
> webkit_web_context_get_spell_checking_languages
>diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
>index e434e0333987a92749c00ddc5b53360904def1be..e77f43395b066fa5d67a738dc9c5b6d3a528b15b 100644
>--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
>+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
>@@ -759,17 +759,24 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
> #endif
>             bindX11(sandboxArgs);
> 
>-        // NOTE: This is not a great solution but we just assume that applications create this directory
>-        // ahead of time if they require it.
>-        GUniquePtr<char> configDir(g_build_filename(g_get_user_config_dir(), g_get_prgname(), nullptr));
>-        GUniquePtr<char> cacheDir(g_build_filename(g_get_user_cache_dir(), g_get_prgname(), nullptr));
>-        GUniquePtr<char> dataDir(g_build_filename(g_get_user_data_dir(), g_get_prgname(), nullptr));
>-
>-        sandboxArgs.appendVector(Vector<CString>({
>-            "--ro-bind-try", cacheDir.get(), cacheDir.get(),
>-            "--ro-bind-try", configDir.get(), configDir.get(),
>-            "--ro-bind-try", dataDir.get(), dataDir.get(),
>-        }));
>+        // Extra paths are stored as a single string and need to be manually split
>+        // They are in the format <path>:<rw|ro>\0  (see WebProcessProxyGLib.cpp)
>+        const String& extraPathString = launchOptions.extraInitializationData.get("extra-sandbox-paths");
>+        size_t length = extraPathString.length();
>+        size_t index = 0;
>+        while (index < length) {
>+            const String& pathAndPermissions = extraPathString.substring(index);
>+            bool readOnly = pathAndPermissions.endsWith(":ro");
>+            size_t pathLen = strlen(pathAndPermissions.utf8().data());
>+            const String& path = pathAndPermissions.substring(0, pathLen - 3);
>+
>+            sandboxArgs.appendVector(Vector<CString>({
>+                readOnly ? "--ro-bind-try": "--bind-try",
>+                path.utf8(), path.utf8()
>+            }));
>+
>+            index += pathLen + 1; // Skip NUL char
>+        }
> 
>         Vector<String> extraPaths = { "applicationCacheDirectory", "waylandSocket"};
>         for (const auto& path : extraPaths) {
>diff --git a/Source/WebKit/UIProcess/WebProcessPool.h b/Source/WebKit/UIProcess/WebProcessPool.h
>index 1a161acc421bd3d9ea6f19819ef502f1d9b4428f..9d20122b58efac44dd97c657458c1b08114704ab 100644
>--- a/Source/WebKit/UIProcess/WebProcessPool.h
>+++ b/Source/WebKit/UIProcess/WebProcessPool.h
>@@ -471,6 +471,8 @@ public:
> 
> #if PLATFORM(GTK) || PLATFORM(WPE)
>     void setSandboxEnabled(bool enabled) { m_sandboxEnabled = enabled; };
>+    void appendSandboxPaths(const String& path, bool readOnly) { m_extraSandboxPaths.set(path, readOnly); };
>+    HashMap<String, bool> sandboxPaths() { return m_extraSandboxPaths; };
>     bool sandboxEnabled() const { return m_sandboxEnabled; };
> #endif
> 
>@@ -728,6 +730,7 @@ private:
> 
> #if PLATFORM(GTK) || PLATFORM(WPE)
>     bool m_sandboxEnabled { false };
>+    HashMap<String, bool> m_extraSandboxPaths;
> #endif
> };
> 
>diff --git a/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp b/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp
>index 8f5fa03ff46532f6b582579e99b017b06540aea5..c849b2144a2640e14af999bb090431aa351f4a3e 100644
>--- a/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp
>+++ b/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp
>@@ -33,6 +33,7 @@
> #include "WebsiteDataStore.h"
> #include <WebCore/FileSystem.h>
> #include <WebCore/PlatformDisplay.h>
>+#include <wtf/text/WTFString.h>
> 
> namespace WebKit {
> using namespace WebCore;
>@@ -44,6 +45,16 @@ void WebProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& l
>     websiteDataStore().resolveDirectoriesIfNecessary();
>     launchOptions.extraInitializationData.set("applicationCacheDirectory", websiteDataStore().resolvedApplicationCacheDirectory());
> 
>+    String extraPaths;
>+    for (const auto& entry : m_processPool->sandboxPaths()) {
>+        if (!extraPaths.isEmpty())
>+            extraPaths.append('\0');
>+        extraPaths.append(entry.key);
>+        extraPaths.append(entry.value ? ":ro" : ":rw");
>+    }
>+
>+    launchOptions.extraInitializationData.add("extra-sandbox-paths", extraPaths);
>+
> #if PLATFORM(WAYLAND) && USE(EGL)
>     if (PlatformDisplay::sharedDisplay().type() == PlatformDisplay::Type::Wayland) {
>         String displayName = WaylandCompositor::singleton().displayName();

Actions: View | Formatted Diff | Diff

Attachments on bug 193571: 359482 | 359484 | 359754 | 359878 | 359889 | 360011 | 360012 | 360018