[webkit-changes] [239440] trunk/Source/WebKit

Thu, 20 Dec 2018 08:19:54 -0800

Title: [239440] trunk/Source/WebKit
Revision
239440
Author
[email protected]
Date
2018-12-20 08:18:26 -0800 (Thu, 20 Dec 2018)

Log Message

[GTK][WPE] Grant the sandbox read access to XDG_DATA_HOME/prgname
https://bugs.webkit.org/show_bug.cgi?id=192929

Patch by Patrick Griffis <[email protected]> on 2018-12-20
Reviewed by Michael Catanzaro.

* UIProcess/API/glib/WebKitWebContext.cpp:
* UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
(WebKit::bubblewrapSpawn):

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (239439 => 239440)


--- trunk/Source/WebKit/ChangeLog	2018-12-20 16:06:44 UTC (rev 239439)
+++ trunk/Source/WebKit/ChangeLog	2018-12-20 16:18:26 UTC (rev 239440)
@@ -1,3 +1,14 @@
+2018-12-20  Patrick Griffis  <[email protected]>
+
+        [GTK][WPE] Grant the sandbox read access to XDG_DATA_HOME/prgname
+        https://bugs.webkit.org/show_bug.cgi?id=192929
+
+        Reviewed by Michael Catanzaro.
+
+        * UIProcess/API/glib/WebKitWebContext.cpp:
+        * UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
+        (WebKit::bubblewrapSpawn):
+
 2018-12-20  Chris Dumez  <[email protected]>
 
         [PSON] SuspendedPageProxy fails to release its process assertion if the WebPage fails to enter PageCache

Modified: trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp (239439 => 239440)


--- trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp	2018-12-20 16:06:44 UTC (rev 239439)
+++ trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp	2018-12-20 16:18:26 UTC (rev 239440)
@@ -1159,9 +1159,9 @@
  *
  * This is only implemented on Linux and is a no-op otherwise.
  *
- * If you read from `$XDG_CONFIG_HOME/g_get_prgname()` or `$XDG_CACHE_HOME/g_get_prgname()`
- * in your WebProcess you must ensure it exists before subprocesses are created.
- * This behavior may change in the future.
+ * The web process is granted read-only access to the subdirectory matching g_get_prgname()
+ * in `$XDG_CONFIG_HOME`, `$XDG_CACHE_HOME`, and `$XDG_DATA_HOME` if it exists before the
+ * process is created. This behavior may change in the future.
  *
  * Since: 2.24
  */

Modified: trunk/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (239439 => 239440)


--- trunk/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp	2018-12-20 16:06:44 UTC (rev 239439)
+++ trunk/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp	2018-12-20 16:18:26 UTC (rev 239440)
@@ -779,7 +779,14 @@
         // ahead of time if they require it.
         GUniquePtr<char> configDir(g_build_filename(g_get_user_config_dir(), g_get_prgname(), nullptr));
         GUniquePtr<char> cacheDir(g_build_filename(g_get_user_cache_dir(), g_get_prgname(), nullptr));
+        GUniquePtr<char> dataDir(g_build_filename(g_get_user_data_dir(), g_get_prgname(), nullptr));
 
+        sandboxArgs.appendVector(Vector<CString>({
+            "--ro-bind-try", cacheDir.get(), cacheDir.get(),
+            "--ro-bind-try", configDir.get(), configDir.get(),
+            "--ro-bind-try", dataDir.get(), dataDir.get(),
+        }));
+
         Vector<String> extraPaths = { "applicationCacheDirectory", "waylandSocket"};
         for (const auto& path : extraPaths) {
             String extraPath = launchOptions.extraInitializationData.get(path);
@@ -787,11 +794,6 @@
                 sandboxArgs.appendVector(Vector<CString>({ "--bind-try", extraPath.utf8(), extraPath.utf8() }));
         }
 
-        sandboxArgs.appendVector(Vector<CString>({
-            "--ro-bind-try", cacheDir.get(), cacheDir.get(),
-            "--ro-bind-try", configDir.get(), configDir.get(),
-        }));
-
         bindDBusSession(sandboxArgs, proxy);
         // FIXME: This needs to be restricted, upstream is working on it.
         bindDconf(sandboxArgs);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to