[webkit-changes] [233672] trunk/Source

Mon, 09 Jul 2018 17:26:29 -0700

Title: [233672] trunk/Source
Revision
233672
Author
[email protected]
Date
2018-07-09 17:26:03 -0700 (Mon, 09 Jul 2018)

Log Message

Add the possibility to run unsandboxed plug-ins
https://bugs.webkit.org/show_bug.cgi?id=187310
<rdar://problem/41798808>

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Add a runtime flag to enforce plugin sandboxing.
Covered by manual testing.

* page/RuntimeEnabledFeatures.h:
(WebCore::RuntimeEnabledFeatures::setSandboxPlugInEnabled):
(WebCore::RuntimeEnabledFeatures::sandboxPlugInEnabled const):

Source/WebKit:

Add a utility method to know which plug-ins are allowed to run unsandboxed.
For such plug-ins, we skip the sandboxing done when starting the plug-in process.

* PluginProcess/mac/PluginProcessMac.mm:
(WebKit::PluginProcess::initializeSandbox):
* Shared/WebPreferences.yaml:
* UIProcess/Plugins/PluginInfoStore.cpp:
(WebKit::PluginInfoStore::shouldRunPluginUnsandboxed):
* UIProcess/Plugins/PluginInfoStore.h:
* UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
(WebKit::PluginInfoStore::shouldRunPluginUnsandboxed):
(WebKit::PluginInfoStore::shouldUsePlugin):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (233671 => 233672)


--- trunk/Source/WebCore/ChangeLog	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebCore/ChangeLog	2018-07-10 00:26:03 UTC (rev 233672)
@@ -1,3 +1,18 @@
+2018-07-09  Youenn Fablet  <[email protected]>
+
+        Add the possibility to run unsandboxed plug-ins
+        https://bugs.webkit.org/show_bug.cgi?id=187310
+        <rdar://problem/41798808>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Add a runtime flag to enforce plugin sandboxing.
+        Covered by manual testing.
+
+        * page/RuntimeEnabledFeatures.h:
+        (WebCore::RuntimeEnabledFeatures::setSandboxPlugInEnabled):
+        (WebCore::RuntimeEnabledFeatures::sandboxPlugInEnabled const):
+
 2018-07-09  Dean Jackson  <[email protected]>
 
         Remove fullscreen-auto-hide-delay

Modified: trunk/Source/WebCore/page/RuntimeEnabledFeatures.h (233671 => 233672)


--- trunk/Source/WebCore/page/RuntimeEnabledFeatures.h	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebCore/page/RuntimeEnabledFeatures.h	2018-07-10 00:26:03 UTC (rev 233672)
@@ -265,6 +265,9 @@
     void setServerTimingEnabled(bool isEnabled) { m_isServerTimingEnabled = isEnabled; }
     bool serverTimingEnabled() const { return m_isServerTimingEnabled; }
 
+    void setExperimentalPlugInSandboxProfilesEnabled(bool isEnabled) { m_experimentalPlugInSandboxProfilesEnabled = isEnabled; }
+    bool experimentalPlugInSandboxProfilesEnabled() const { return m_experimentalPlugInSandboxProfilesEnabled; }
+
     void setDisabledAdaptationsMetaTagEnabled(bool isEnabled) { m_disabledAdaptationsMetaTagEnabled = isEnabled; }
     bool disabledAdaptationsMetaTagEnabled() const { return m_disabledAdaptationsMetaTagEnabled; }
 
@@ -406,6 +409,7 @@
     bool m_isWebGLCompressedTextureASTCSupportEnabled { false };
     bool m_promptForStorageAccessAPIEnabled { false };
     bool m_isServerTimingEnabled { false };
+    bool m_experimentalPlugInSandboxProfilesEnabled { false };
     bool m_disabledAdaptationsMetaTagEnabled { false };
 
 #if USE(SYSTEM_PREVIEW)

Modified: trunk/Source/WebKit/ChangeLog (233671 => 233672)


--- trunk/Source/WebKit/ChangeLog	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebKit/ChangeLog	2018-07-10 00:26:03 UTC (rev 233672)
@@ -1,3 +1,24 @@
+2018-07-09  Youenn Fablet  <[email protected]>
+
+        Add the possibility to run unsandboxed plug-ins
+        https://bugs.webkit.org/show_bug.cgi?id=187310
+        <rdar://problem/41798808>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Add a utility method to know which plug-ins are allowed to run unsandboxed.
+        For such plug-ins, we skip the sandboxing done when starting the plug-in process.
+
+        * PluginProcess/mac/PluginProcessMac.mm:
+        (WebKit::PluginProcess::initializeSandbox):
+        * Shared/WebPreferences.yaml:
+        * UIProcess/Plugins/PluginInfoStore.cpp:
+        (WebKit::PluginInfoStore::shouldRunPluginUnsandboxed):
+        * UIProcess/Plugins/PluginInfoStore.h:
+        * UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
+        (WebKit::PluginInfoStore::shouldRunPluginUnsandboxed):
+        (WebKit::PluginInfoStore::shouldUsePlugin):
+
 2018-07-09  Dean Jackson  <[email protected]>
 
         Remove fullscreen-auto-hide-delay

Modified: trunk/Source/WebKit/PluginProcess/mac/PluginProcessMac.mm (233671 => 233672)


--- trunk/Source/WebKit/PluginProcess/mac/PluginProcessMac.mm	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebKit/PluginProcess/mac/PluginProcessMac.mm	2018-07-10 00:26:03 UTC (rev 233672)
@@ -31,6 +31,7 @@
 
 #import "ArgumentCoders.h"
 #import "NetscapePlugin.h"
+#import "PluginInfoStore.h"
 #import "PluginProcessCreationParameters.h"
 #import "PluginProcessProxyMessages.h"
 #import "PluginProcessShim.h"
@@ -633,6 +634,21 @@
         return;
     }
 
+    char cacheDirectory[PATH_MAX];
+    if (!confstr(_CS_DARWIN_USER_CACHE_DIR, cacheDirectory, sizeof(cacheDirectory))) {
+        WTFLogAlways("PluginProcess: couldn't retrieve system cache directory path: %d\n", errno);
+        exit(EX_OSERR);
+    }
+
+    m_nsurlCacheDirectory = [[[NSFileManager defaultManager] stringWithFileSystemRepresentation:cacheDirectory length:strlen(cacheDirectory)] stringByAppendingPathComponent:[[NSBundle mainBundle] bundleIdentifier]];
+    if (![[NSFileManager defaultManager] createDirectoryAtURL:[NSURL fileURLWithPath:m_nsurlCacheDirectory isDirectory:YES] withIntermediateDirectories:YES attributes:nil error:nil]) {
+        WTFLogAlways("PluginProcess: couldn't create NSURL cache directory '%s'\n", cacheDirectory);
+        exit(EX_OSERR);
+    }
+
+    if (PluginInfoStore::shouldAllowPluginToRunUnsandboxed(m_pluginBundleIdentifier))
+        return;
+
     bool parentIsSandboxed = parameters.connectionIdentifier.xpcConnection && connectedProcessIsSandboxed(parameters.connectionIdentifier.xpcConnection.get());
 
     if (parameters.extraInitializationData.get("disable-sandbox") == "1") {
@@ -660,18 +676,6 @@
         exit(EX_OSERR);
     }
 
-    char cacheDirectory[PATH_MAX];
-    if (!confstr(_CS_DARWIN_USER_CACHE_DIR, cacheDirectory, sizeof(cacheDirectory))) {
-        WTFLogAlways("PluginProcess: couldn't retrieve system cache directory path: %d\n", errno);
-        exit(EX_OSERR);
-    }
-
-    m_nsurlCacheDirectory = [[[NSFileManager defaultManager] stringWithFileSystemRepresentation:cacheDirectory length:strlen(temporaryDirectory)] stringByAppendingPathComponent:[[NSBundle mainBundle] bundleIdentifier]];
-    if (![[NSFileManager defaultManager] createDirectoryAtURL:[NSURL fileURLWithPath:m_nsurlCacheDirectory isDirectory:YES] withIntermediateDirectories:YES attributes:nil error:nil]) {
-        WTFLogAlways("PluginProcess: couldn't create NSURL cache directory '%s'\n", temporaryDirectory);
-        exit(EX_OSERR);
-    }
-
     if (strlcpy(temporaryDirectory, [[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:temporaryDirectory length:strlen(temporaryDirectory)] stringByAppendingPathComponent:@"WebKitPlugin-XXXXXX"] fileSystemRepresentation], sizeof(temporaryDirectory)) >= sizeof(temporaryDirectory)
         || !mkdtemp(temporaryDirectory)) {
         WTFLogAlways("PluginProcess: couldn't create private temporary directory '%s'\n", temporaryDirectory);

Modified: trunk/Source/WebKit/Shared/WebPreferences.yaml (233671 => 233672)


--- trunk/Source/WebKit/Shared/WebPreferences.yaml	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebKit/Shared/WebPreferences.yaml	2018-07-10 00:26:03 UTC (rev 233672)
@@ -1257,6 +1257,15 @@
   webcoreBinding: RuntimeEnabledFeatures
   webcoreName: serverTimingEnabled
 
+ExperimentalPlugInSandboxProfilesEnabled:
+  type: bool
+  defaultValue: false
+  humanReadableName: "Sandbox Plug-Ins"
+  humanReadableDescription: "Enable Plug-In sandboxing"
+  category: debug
+  webcoreBinding: RuntimeEnabledFeatures
+  webcoreName: experimentalPlugInSandboxProfilesEnabled
+
 FullScreenEnabled:
   type: bool
   defaultValue: DEFAULT_ENABLE_FULLSCREEN_API

Modified: trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.cpp (233671 => 233672)


--- trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.cpp	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.cpp	2018-07-10 00:26:03 UTC (rev 233672)
@@ -160,6 +160,12 @@
 
 #if !PLATFORM(COCOA)
 
+bool PluginInfoStore::shouldAllowPluginToRunUnsandboxed(const String& pluginBundleIdentifier)
+{
+    UNUSED_PARAM(pluginBundleIdentifier);
+    return false;
+}
+
 PluginModuleLoadPolicy PluginInfoStore::defaultLoadPolicyForPlugin(const PluginModuleInfo&)
 {
     return PluginModuleLoadNormally;

Modified: trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.h (233671 => 233672)


--- trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.h	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.h	2018-07-10 00:26:03 UTC (rev 233672)
@@ -68,6 +68,8 @@
     void addSupportedPlugin(String&& matchingDomain, String&& identifier, HashSet<String>&& mimeTypes, HashSet<String> extensions);
     void clearSupportedPlugins() { m_supportedPlugins = std::nullopt; }
 
+    static bool shouldAllowPluginToRunUnsandboxed(const String& pluginBundleIdentifier);
+
 private:
     PluginModuleInfo findPluginForMIMEType(const String& mimeType, WebCore::PluginData::AllowedPluginTypes) const;
     PluginModuleInfo findPluginForExtension(const String& extension, String& mimeType, WebCore::PluginData::AllowedPluginTypes) const;

Modified: trunk/Source/WebKit/UIProcess/Plugins/mac/PluginInfoStoreMac.mm (233671 => 233672)


--- trunk/Source/WebKit/UIProcess/Plugins/mac/PluginInfoStoreMac.mm	2018-07-10 00:25:14 UTC (rev 233671)
+++ trunk/Source/WebKit/UIProcess/Plugins/mac/PluginInfoStoreMac.mm	2018-07-10 00:26:03 UTC (rev 233672)
@@ -32,6 +32,7 @@
 #import "NetscapePluginModule.h"
 #import "SandboxUtilities.h"
 #import <WebCore/PluginBlacklist.h>
+#import <WebCore/RuntimeEnabledFeatures.h>
 #import <pwd.h>
 #import <wtf/HashSet.h>
 #import <wtf/RetainPtr.h>
@@ -83,6 +84,16 @@
     return loadPolicy == PluginModuleBlockedForSecurity || loadPolicy == PluginModuleBlockedForCompatibility;
 }
 
+bool PluginInfoStore::shouldAllowPluginToRunUnsandboxed(const String& pluginBundleIdentifier)
+{
+    if (RuntimeEnabledFeatures::sharedFeatures().experimentalPlugInSandboxProfilesEnabled())
+        return false;
+
+    return pluginBundleIdentifier == "com.cisco.webex.plugin.gpc64"_s
+        || pluginBundleIdentifier == "com.google.googletalkbrowserplugin"_s
+        || pluginBundleIdentifier == "com.google.o1dbrowserplugin"_s;
+}
+
 bool PluginInfoStore::shouldUsePlugin(Vector<PluginModuleInfo>& alreadyLoadedPlugins, const PluginModuleInfo& plugin)
 {
     for (size_t i = 0; i < alreadyLoadedPlugins.size(); ++i) {
@@ -104,7 +115,7 @@
         return false;
     }
 
-    if (currentProcessIsSandboxed() && !plugin.hasSandboxProfile) {
+    if (currentProcessIsSandboxed() && !plugin.hasSandboxProfile && !shouldAllowPluginToRunUnsandboxed(plugin.bundleIdentifier)) {
         LOG(Plugins, "Ignoring unsandboxed plug-in %s", plugin.bundleIdentifier.utf8().data());
         return false;
     }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to