WebKit Bugzilla
Attachment 359878 Details for
Bug 193571
: [GTK][WPE] Add API to add paths to sandbox
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193571-20190123101336.patch (text/plain), 11.03 KB, created by
Patrick Griffis
on 2019-01-23 07:13:37 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Patrick Griffis
Created:
2019-01-23 07:13:37 PST
Size:
11.03 KB
patch
obsolete
>Subversion Revision: 240107 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index e492f8af27f8e1849826495a30f68393b87ff200..dc023d9a41436d6d4de40df794afac69efc7ecce 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,21 @@ >+2019-01-18 Patrick Griffis <pgriffis@igalia.com> >+ >+ [GTK][WPE] Add API to add paths to sandbox >+ https://bugs.webkit.org/show_bug.cgi?id=193571 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * UIProcess/API/glib/WebKitWebContext.cpp: >+ (webkit_web_context_add_path_to_sandbox): >+ * UIProcess/API/gtk/WebKitWebContext.h: >+ * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt: >+ * UIProcess/API/wpe/docs/wpe-0.1-sections.txt: >+ * UIProcess/Launcher/glib/BubblewrapLauncher.cpp: >+ (WebKit::bubblewrapSpawn): >+ * UIProcess/WebProcessPool.h: >+ * UIProcess/glib/WebProcessProxyGLib.cpp: >+ (WebKit::WebProcessProxy::platformGetLaunchOptions): >+ > 2019-01-16 Youenn Fablet <youenn@apple.com> > > Add a new SPI for controlling getUserMedia >diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >index 0f39e125f3da6c48396a40c9cdfe8f4c41d969ae..a1168490506c88124853a6a1ec8ede14976d855f 100644 >--- a/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >+++ b/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp >@@ -1160,10 +1160,6 @@ void webkit_web_context_register_uri_scheme(WebKitWebContext* context, const cha > * > * This is only implemented on Linux and is a no-op otherwise. > * >- * The web process is granted read-only access to the subdirectory matching g_get_prgname() >- * in `$XDG_CONFIG_HOME`, `$XDG_CACHE_HOME`, and `$XDG_DATA_HOME` if it exists before the >- * process is created. This behavior may change in the future. >- * > * Since: 2.24 > */ > void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean enabled) >@@ -1176,6 +1172,33 @@ void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean > context->priv->processPool->setSandboxEnabled(enabled); > } > >+/** >+ * webkit_web_context_add_path_to_sandbox: >+ * @context: a #WebKitWebContext >+ * @path: (type filename): an absolute path to mount in the sandbox >+ * @read_only: if %TRUE the path will be read-only >+ * >+ * Adds a path to be mounted in the sandbox. @path must exist before any web process >+ * has been created otherwise it will be silently ignored. It is a fatal error to >+ * add paths after a web process has been spawned. >+ * >+ * See also webkit_web_context_set_sandbox_enabled() >+ * >+ * Since: 2.24 >+ */ >+void webkit_web_context_add_path_to_sandbox(WebKitWebContext* context, const char* path, gboolean read_only) >+{ >+ g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context)); >+ g_return_if_fail(g_path_is_absolute(path)); >+ >+ if (context->priv->processPool->processes().size()) >+ g_error("Sandbox paths cannot be changed after subprocesses were spawned."); >+ >+ auto stringPath = WebCore::FileSystem::stringFromFileSystemRepresentation(path); >+ auto permission = read_only ? SandboxPermission::ReadOnly : SandboxPermission::ReadWrite; >+ context->priv->processPool->appendSandboxPaths(stringPath, permission); >+} >+ > /** > * webkit_web_context_get_sandbox_enabled: > * @context: a #WebKitWebContext >diff --git a/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h b/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h >index bbdeac93316df2102b6e8c5cbb8e7b78f57f8939..81351af3c51080eb73c24505c6af822f6220c9a2 100644 >--- a/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h >+++ b/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h >@@ -254,6 +254,11 @@ webkit_web_context_set_sandbox_enabled (WebKitWebContext > WEBKIT_API gboolean > webkit_web_context_get_sandbox_enabled (WebKitWebContext *context); > >+WEBKIT_API void >+webkit_web_context_add_path_to_sandbox (WebKitWebContext *context, >+ const char *path, >+ gboolean read_only); >+ > WEBKIT_API gboolean > webkit_web_context_get_spell_checking_enabled (WebKitWebContext *context); > >diff --git a/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt b/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt >index 756aaa4de72da5bb73c70ffa0ce846afee4933ef..1b7b5b865638491c6d033b55588ca34e8d3b8f6a 100644 >--- a/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt >+++ b/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt >@@ -53,6 +53,7 @@ webkit_web_context_get_plugins > webkit_web_context_get_plugins_finish > webkit_web_context_get_sandbox_enabled > webkit_web_context_set_sandbox_enabled >+webkit_web_context_add_path_to_sandbox > webkit_web_context_get_spell_checking_enabled > webkit_web_context_set_spell_checking_enabled > webkit_web_context_get_spell_checking_languages >diff --git a/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h b/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h >index c1d493c98e94367f0473b449b839cae93308c0bb..081cd11a342a9f611a4f4198cec293294c2a2701 100644 >--- a/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h >+++ b/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h >@@ -254,6 +254,11 @@ webkit_web_context_set_sandbox_enabled (WebKitWebContext > WEBKIT_API gboolean > webkit_web_context_get_sandbox_enabled (WebKitWebContext *context); > >+WEBKIT_API void >+webkit_web_context_add_path_to_sandbox (WebKitWebContext *context, >+ const char *path, >+ gboolean read_only); >+ > WEBKIT_API gboolean > webkit_web_context_get_spell_checking_enabled (WebKitWebContext *context); > >diff --git a/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt b/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt >index 628db4252a4d2bf48f490da54087ac4c2c95bc91..5307b44158eea489f0f745425601f1a39fc70ea5 100644 >--- a/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt >+++ b/Source/WebKit/UIProcess/API/wpe/docs/wpe-0.1-sections.txt >@@ -31,6 +31,7 @@ webkit_web_context_get_plugins > webkit_web_context_get_plugins_finish > webkit_web_context_get_sandbox_enabled > webkit_web_context_set_sandbox_enabled >+webkit_web_context_add_path_to_sandbox > webkit_web_context_get_spell_checking_enabled > webkit_web_context_set_spell_checking_enabled > webkit_web_context_get_spell_checking_languages >diff --git a/Source/WebKit/UIProcess/Launcher/ProcessLauncher.h b/Source/WebKit/UIProcess/Launcher/ProcessLauncher.h >index e07dba272a2e15be829de234c5dd50d5738e1a0c..7610ac3a9a07fff6bed1679768c7b3f46a350803 100644 >--- a/Source/WebKit/UIProcess/Launcher/ProcessLauncher.h >+++ b/Source/WebKit/UIProcess/Launcher/ProcessLauncher.h >@@ -41,6 +41,13 @@ > > namespace WebKit { > >+#if PLATFORM(GTK) || PLATFORM(WPE) >+enum class SandboxPermission { >+ ReadOnly, >+ ReadWrite, >+}; >+#endif >+ > class ProcessLauncher : public ThreadSafeRefCounted<ProcessLauncher>, public CanMakeWeakPtr<ProcessLauncher> { > public: > class Client { >@@ -68,8 +75,11 @@ public: > bool shouldMakeProcessLaunchFailForTesting { false }; > CString customWebContentServiceBundleIdentifier; > >-#if ENABLE(DEVELOPER_MODE) && (PLATFORM(GTK) || PLATFORM(WPE)) >+#if PLATFORM(GTK) || PLATFORM(WPE) >+ HashMap<String, SandboxPermission> extraSandboxPaths; >+#if ENABLE(DEVELOPER_MODE) > String processCmdPrefix; >+#endif > #endif > }; > >diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp >index e434e0333987a92749c00ddc5b53360904def1be..5be6fe0f4eef696ddae75da4980f98b90a5b986b 100644 >--- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp >+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp >@@ -759,17 +759,13 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces > #endif > bindX11(sandboxArgs); > >- // NOTE: This is not a great solution but we just assume that applications create this directory >- // ahead of time if they require it. >- GUniquePtr<char> configDir(g_build_filename(g_get_user_config_dir(), g_get_prgname(), nullptr)); >- GUniquePtr<char> cacheDir(g_build_filename(g_get_user_cache_dir(), g_get_prgname(), nullptr)); >- GUniquePtr<char> dataDir(g_build_filename(g_get_user_data_dir(), g_get_prgname(), nullptr)); >- >- sandboxArgs.appendVector(Vector<CString>({ >- "--ro-bind-try", cacheDir.get(), cacheDir.get(), >- "--ro-bind-try", configDir.get(), configDir.get(), >- "--ro-bind-try", dataDir.get(), dataDir.get(), >- })); >+ for (const auto& pathAndPermission : launchOptions.extraSandboxPaths) { >+ const CString path = WebCore::FileSystem::fileSystemRepresentation(pathAndPermission.key); >+ sandboxArgs.appendVector(Vector<CString>({ >+ pathAndPermission.value == SandboxPermission::ReadOnly ? "--ro-bind-try": "--bind-try", >+ path, path >+ })); >+ } > > Vector<String> extraPaths = { "applicationCacheDirectory", "waylandSocket"}; > for (const auto& path : extraPaths) { >diff --git a/Source/WebKit/UIProcess/WebProcessPool.h b/Source/WebKit/UIProcess/WebProcessPool.h >index 1a161acc421bd3d9ea6f19819ef502f1d9b4428f..c819c955e1eac3647e8030a241c832b382566623 100644 >--- a/Source/WebKit/UIProcess/WebProcessPool.h >+++ b/Source/WebKit/UIProcess/WebProcessPool.h >@@ -471,6 +471,8 @@ public: > > #if PLATFORM(GTK) || PLATFORM(WPE) > void setSandboxEnabled(bool enabled) { m_sandboxEnabled = enabled; }; >+ void appendSandboxPaths(const String& path, SandboxPermission permission) { m_extraSandboxPaths.set(path, permission); }; >+ HashMap<String, SandboxPermission> sandboxPaths() { return m_extraSandboxPaths; }; > bool sandboxEnabled() const { return m_sandboxEnabled; }; > #endif > >@@ -728,6 +730,7 @@ private: > > #if PLATFORM(GTK) || PLATFORM(WPE) > bool m_sandboxEnabled { false }; >+ HashMap<String, SandboxPermission> m_extraSandboxPaths; > #endif > }; > >diff --git a/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp b/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp >index 8f5fa03ff46532f6b582579e99b017b06540aea5..4483268f13e138a3e23ad9974cc3e32ff6a3a379 100644 >--- a/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp >+++ b/Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp >@@ -44,6 +44,8 @@ void WebProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& l > websiteDataStore().resolveDirectoriesIfNecessary(); > launchOptions.extraInitializationData.set("applicationCacheDirectory", websiteDataStore().resolvedApplicationCacheDirectory()); > >+ launchOptions.extraSandboxPaths = m_processPool->sandboxPaths(); >+ > #if PLATFORM(WAYLAND) && USE(EGL) > if (PlatformDisplay::sharedDisplay().type() == PlatformDisplay::Type::Wayland) { > String displayName = WaylandCompositor::singleton().displayName();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=359878">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193571
:
359482
|
359484
|
359754
|
359878
|
359889
|
360011
|
360012
|
360018