Diff
Modified: trunk/Source/WebKit/ChangeLog (244746 => 244747)
--- trunk/Source/WebKit/ChangeLog 2019-04-29 19:36:21 UTC (rev 244746)
+++ trunk/Source/WebKit/ChangeLog 2019-04-29 19:52:56 UTC (rev 244747)
@@ -1,3 +1,23 @@
+2019-04-29 Brent Fulgham <bfulg...@apple.com>
+
+ [Cocoa] Move common sandbox files from Shared/mac to Shared/Cocoa
+ https://bugs.webkit.org/show_bug.cgi?id=197376
+ <rdar://problem/50305272>
+
+ Reviewed by Dean Jackson.
+
+ The Apple sandboxing logic currently lives in the inappropriate 'Shared/mac' directory. This is
+ confusing because the code is used by all Apple ports, not just macOS.
+
+ This patch just moves the relevant files from 'Shared/mac' to 'Shared/Cocoa' to avoid this confusion.
+
+ * Shared/Cocoa/SandboxExtensionCocoa.mm: Renamed from Source/WebKit/Shared/mac/SandboxExtensionMac.mm.
+ * Shared/Cocoa/SandboxInitialiationParametersCocoa.mm: Renamed from Source/WebKit/Shared/mac/SandboxInitialiationParametersMac.mm.
+ * Shared/Cocoa/SandboxUtilities.h: Renamed from Source/WebKit/Shared/mac/SandboxUtilities.h.
+ * Shared/Cocoa/SandboxUtilities.mm: Renamed from Source/WebKit/Shared/mac/SandboxUtilities.mm.
+ * SourcesCocoa.txt:
+ * WebKit.xcodeproj/project.pbxproj:
+
2019-04-29 Alexander Mikhaylenko <exalm7...@gmail.com>
[GTK] Back/forward gesture snapshot always times out
Copied: trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm (from rev 244746, trunk/Source/WebKit/Shared/mac/SandboxExtensionMac.mm) (0 => 244747)
--- trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm (rev 0)
+++ trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm 2019-04-29 19:52:56 UTC (rev 244747)
@@ -0,0 +1,446 @@
+/*
+ * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "SandboxExtension.h"
+
+#if ENABLE(SANDBOX_EXTENSIONS)
+
+#import "DataReference.h"
+#import "Decoder.h"
+#import "Encoder.h"
+#import <sys/stat.h>
+#import <wtf/FileSystem.h>
+#import <wtf/spi/darwin/SandboxSPI.h>
+#import <wtf/text/CString.h>
+
+namespace WebKit {
+
+class SandboxExtensionImpl {
+public:
+ static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
+ {
+ std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, pid) };
+ if (!impl->m_token)
+ return nullptr;
+ return impl;
+ }
+
+ SandboxExtensionImpl(const char* serializedFormat, size_t length)
+ : m_token { strndup(serializedFormat, length) }
+ {
+ }
+
+ ~SandboxExtensionImpl()
+ {
+ free(m_token);
+ }
+
+ bool WARN_UNUSED_RETURN consume()
+ {
+ m_handle = sandbox_extension_consume(m_token);
+#if PLATFORM(IOS_FAMILY_SIMULATOR)
+ return !sandbox_check(getpid(), 0, SANDBOX_FILTER_NONE);
+#else
+ if (m_handle == -1) {
+ LOG_ERROR("Could not create a sandbox extension for '%s', errno = %d", m_token, errno);
+ return false;
+ }
+ return m_handle;
+#endif
+ }
+
+ bool invalidate()
+ {
+ return !sandbox_extension_release(std::exchange(m_handle, 0));
+ }
+
+ const char* WARN_UNUSED_RETURN getSerializedFormat(size_t& length)
+ {
+ length = strlen(m_token);
+ return m_token;
+ }
+
+private:
+ char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
+ {
+ switch (type) {
+ case SandboxExtension::Type::ReadOnly:
+ return sandbox_extension_issue_file(APP_SANDBOX_READ, path, 0);
+ case SandboxExtension::Type::ReadWrite:
+ return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0);
+ case SandboxExtension::Type::Mach:
+#if HAVE(SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_PID)
+ return sandbox_extension_issue_mach_to_process_by_pid("com.apple.webkit.extension.mach"_s, path, 0, pid.value());
+#else
+ UNUSED_PARAM(pid);
+ ASSERT_NOT_REACHED();
+ return nullptr;
+#endif
+ case SandboxExtension::Type::Generic:
+ return sandbox_extension_issue_generic(path, 0);
+ }
+ }
+
+ SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
+ : m_token { sandboxExtensionForType(path, type, pid) }
+ {
+ }
+
+ char* m_token;
+ int64_t m_handle { 0 };
+};
+
+SandboxExtension::Handle::Handle()
+{
+}
+
+SandboxExtension::Handle::Handle(Handle&&) = default;
+SandboxExtension::Handle& SandboxExtension::Handle::operator=(Handle&&) = default;
+
+SandboxExtension::Handle::~Handle()
+{
+ if (m_sandboxExtension)
+ m_sandboxExtension->invalidate();
+}
+
+void SandboxExtension::Handle::encode(IPC::Encoder& encoder) const
+{
+ if (!m_sandboxExtension) {
+ encoder << IPC::DataReference();
+ return;
+ }
+
+ size_t length = 0;
+ const char* serializedFormat = m_sandboxExtension->getSerializedFormat(length);
+ ASSERT(serializedFormat);
+
+ encoder << IPC::DataReference(reinterpret_cast<const uint8_t*>(serializedFormat), length);
+
+ // Encoding will destroy the sandbox extension locally.
+ m_sandboxExtension = 0;
+}
+
+auto SandboxExtension::Handle::decode(IPC::Decoder& decoder) -> Optional<Handle>
+{
+ IPC::DataReference dataReference;
+ if (!decoder.decode(dataReference))
+ return WTF::nullopt;
+
+ if (dataReference.isEmpty())
+ return {{ }};
+
+ Handle handle;
+ handle.m_sandboxExtension = std::make_unique<SandboxExtensionImpl>(reinterpret_cast<const char*>(dataReference.data()), dataReference.size());
+ return WTFMove(handle);
+}
+
+SandboxExtension::HandleArray::HandleArray()
+{
+}
+
+SandboxExtension::HandleArray::~HandleArray()
+{
+}
+
+void SandboxExtension::HandleArray::allocate(size_t size)
+{
+ if (!size)
+ return;
+
+ ASSERT(m_data.isEmpty());
+
+ m_data.resize(size);
+}
+
+SandboxExtension::Handle& SandboxExtension::HandleArray::operator[](size_t i)
+{
+ RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(i < m_data.size());
+ return m_data[i];
+}
+
+const SandboxExtension::Handle& SandboxExtension::HandleArray::operator[](size_t i) const
+{
+ RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(i < m_data.size());
+ return m_data[i];
+}
+
+size_t SandboxExtension::HandleArray::size() const
+{
+ return m_data.size();
+}
+
+void SandboxExtension::HandleArray::encode(IPC::Encoder& encoder) const
+{
+ encoder << static_cast<uint64_t>(size());
+ for (auto& handle : m_data)
+ encoder << handle;
+}
+
+Optional<SandboxExtension::HandleArray> SandboxExtension::HandleArray::decode(IPC::Decoder& decoder)
+{
+ Optional<uint64_t> size;
+ decoder >> size;
+ if (!size)
+ return WTF::nullopt;
+ SandboxExtension::HandleArray handles;
+ handles.allocate(*size);
+ for (size_t i = 0; i < *size; ++i) {
+ Optional<SandboxExtension::Handle> handle;
+ decoder >> handle;
+ if (!handle)
+ return WTF::nullopt;
+ handles[i] = WTFMove(*handle);
+ }
+ return WTFMove(handles);
+}
+
+RefPtr<SandboxExtension> SandboxExtension::create(Handle&& handle)
+{
+ if (!handle.m_sandboxExtension)
+ return nullptr;
+
+ return adoptRef(new SandboxExtension(handle));
+}
+
+static CString resolveSymlinksInPath(const CString& path)
+{
+ struct stat statBuf;
+
+ // Check if this file exists.
+ if (!stat(path.data(), &statBuf)) {
+ char resolvedName[PATH_MAX];
+
+ return realpath(path.data(), resolvedName);
+ }
+
+ const char* slashPtr = strrchr(path.data(), '/');
+ if (slashPtr == path.data())
+ return path;
+
+ size_t parentDirectoryLength = slashPtr - path.data();
+ if (parentDirectoryLength >= PATH_MAX)
+ return CString();
+
+ // Get the parent directory.
+ char parentDirectory[PATH_MAX];
+ memcpy(parentDirectory, path.data(), parentDirectoryLength);
+ parentDirectory[parentDirectoryLength] = '\0';
+
+ // Resolve it.
+ CString resolvedParentDirectory = resolveSymlinksInPath(CString(parentDirectory));
+ if (resolvedParentDirectory.isNull())
+ return CString();
+
+ size_t lastPathComponentLength = path.length() - parentDirectoryLength;
+ size_t resolvedPathLength = resolvedParentDirectory.length() + lastPathComponentLength;
+ if (resolvedPathLength >= PATH_MAX)
+ return CString();
+
+ // Combine the resolved parent directory with the last path component.
+ char* resolvedPathBuffer;
+ CString resolvedPath = CString::newUninitialized(resolvedPathLength, resolvedPathBuffer);
+ memcpy(resolvedPathBuffer, resolvedParentDirectory.data(), resolvedParentDirectory.length());
+ memcpy(resolvedPathBuffer + resolvedParentDirectory.length(), slashPtr, lastPathComponentLength);
+
+ return resolvedPath;
+}
+
+String stringByResolvingSymlinksInPath(const String& path)
+{
+ return String::fromUTF8(resolveSymlinksInPath(path.utf8()));
+}
+
+String resolveAndCreateReadWriteDirectoryForSandboxExtension(const String& path)
+{
+ NSError *error = nil;
+ NSString *nsPath = path;
+
+ if (![[NSFileManager defaultManager] createDirectoryAtPath:nsPath withIntermediateDirectories:YES attributes:nil error:&error]) {
+ NSLog(@"could not create directory \"%@\" for future sandbox extension, error %@", nsPath, error);
+ return { };
+ }
+
+ return resolvePathForSandboxExtension(path);
+}
+
+String resolvePathForSandboxExtension(const String& path)
+{
+ // FIXME: Do we need both resolveSymlinksInPath() and -stringByStandardizingPath?
+ CString fileSystemPath = FileSystem::fileSystemRepresentation([(NSString *)path stringByStandardizingPath]);
+ if (fileSystemPath.isNull()) {
+ LOG_ERROR("Could not create a valid file system representation for the string '%s' of length %lu", fileSystemPath.data(), fileSystemPath.length());
+ return { };
+ }
+
+ CString standardizedPath = resolveSymlinksInPath(fileSystemPath);
+ return String::fromUTF8(standardizedPath);
+}
+
+bool SandboxExtension::createHandleWithoutResolvingPath(const String& path, Type type, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+
+ handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), type);
+ if (!handle.m_sandboxExtension) {
+ LOG_ERROR("Could not create a sandbox extension for '%s'", path.utf8().data());
+ return false;
+ }
+ return true;
+}
+
+bool SandboxExtension::createHandle(const String& path, Type type, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+
+ return createHandleWithoutResolvingPath(resolvePathForSandboxExtension(path), type, handle);
+}
+
+bool SandboxExtension::createHandleForReadWriteDirectory(const String& path, SandboxExtension::Handle& handle)
+{
+ String resolvedPath = resolveAndCreateReadWriteDirectoryForSandboxExtension(path);
+ if (resolvedPath.isNull())
+ return false;
+
+ return SandboxExtension::createHandleWithoutResolvingPath(resolvedPath, SandboxExtension::Type::ReadWrite, handle);
+}
+
+String SandboxExtension::createHandleForTemporaryFile(const String& prefix, Type type, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+
+ Vector<char> path(PATH_MAX);
+ if (!confstr(_CS_DARWIN_USER_TEMP_DIR, path.data(), path.size()))
+ return String();
+
+ // Shrink the vector.
+ path.shrink(strlen(path.data()));
+
+ // FIXME: Change to a runtime assertion that the path ends with a slash once <rdar://problem/23579077> is
+ // fixed in all iOS Simulator versions that we use.
+ if (path.last() != '/')
+ path.append('/');
+
+ // Append the file name.
+ path.append(prefix.utf8().data(), prefix.length());
+ path.append('\0');
+
+ handle.m_sandboxExtension = SandboxExtensionImpl::create(FileSystem::fileSystemRepresentation(path.data()).data(), type);
+
+ if (!handle.m_sandboxExtension) {
+ WTFLogAlways("Could not create a sandbox extension for temporary file '%s'", path.data());
+ return String();
+ }
+ return String(path.data());
+}
+
+bool SandboxExtension::createHandleForGenericExtension(const String& extensionClass, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+
+ handle.m_sandboxExtension = SandboxExtensionImpl::create(extensionClass.utf8().data(), Type::Generic);
+ if (!handle.m_sandboxExtension) {
+ WTFLogAlways("Could not create a '%s' sandbox extension", extensionClass.utf8().data());
+ return false;
+ }
+
+ return true;
+}
+
+bool SandboxExtension::createHandleForMachLookupByPid(const String& service, pid_t pid, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+
+ handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, pid);
+ if (!handle.m_sandboxExtension) {
+ WTFLogAlways("Could not create a '%s' sandbox extension", service.utf8().data());
+ return false;
+ }
+
+ return true;
+}
+
+SandboxExtension::SandboxExtension(const Handle& handle)
+ : m_sandboxExtension(WTFMove(handle.m_sandboxExtension))
+{
+}
+
+SandboxExtension::~SandboxExtension()
+{
+ if (!m_sandboxExtension)
+ return;
+
+ ASSERT(!m_useCount);
+}
+
+bool SandboxExtension::revoke()
+{
+ ASSERT(m_sandboxExtension);
+ ASSERT(m_useCount);
+
+ if (--m_useCount)
+ return true;
+
+ return m_sandboxExtension->invalidate();
+}
+
+bool SandboxExtension::consume()
+{
+ ASSERT(m_sandboxExtension);
+
+ if (m_useCount++)
+ return true;
+
+ return m_sandboxExtension->consume();
+}
+
+bool SandboxExtension::consumePermanently()
+{
+ ASSERT(m_sandboxExtension);
+
+ bool result = m_sandboxExtension->consume();
+
+ // Destroy the extension without invalidating it.
+ m_sandboxExtension = nullptr;
+
+ return result;
+}
+
+bool SandboxExtension::consumePermanently(const Handle& handle)
+{
+ if (!handle.m_sandboxExtension)
+ return false;
+
+ bool result = handle.m_sandboxExtension->consume();
+
+ // Destroy the extension without invalidating it.
+ handle.m_sandboxExtension = nullptr;
+
+ return result;
+}
+
+} // namespace WebKit
+
+#endif // ENABLE(SANDBOX_EXTENSIONS)
Copied: trunk/Source/WebKit/Shared/Cocoa/SandboxInitialiationParametersCocoa.mm (from rev 244746, trunk/Source/WebKit/Shared/mac/SandboxInitialiationParametersMac.mm) (0 => 244747)
--- trunk/Source/WebKit/Shared/Cocoa/SandboxInitialiationParametersCocoa.mm (rev 0)
+++ trunk/Source/WebKit/Shared/Cocoa/SandboxInitialiationParametersCocoa.mm 2019-04-29 19:52:56 UTC (rev 244747)
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "SandboxInitializationParameters.h"
+
+namespace WebKit {
+
+SandboxInitializationParameters::SandboxInitializationParameters()
+ : m_profileSelectionMode(ProfileSelectionMode::UseDefaultSandboxProfilePath)
+{
+}
+
+SandboxInitializationParameters::~SandboxInitializationParameters()
+{
+ for (size_t i = 0; i + 1 < m_namedParameters.size(); i += 2)
+ fastFree(const_cast<char*>(m_namedParameters[i + 1]));
+}
+
+void SandboxInitializationParameters::appendPathInternal(const char* name, const char* path)
+{
+ char normalizedPath[PATH_MAX];
+ if (!realpath(path, normalizedPath))
+ normalizedPath[0] = '\0';
+
+ ASSERT(!(m_namedParameters.size() % 2));
+
+ m_namedParameters.append(name);
+ m_namedParameters.append(fastStrDup(normalizedPath));
+}
+
+void SandboxInitializationParameters::addConfDirectoryParameter(const char* name, int confID)
+{
+ char path[PATH_MAX];
+ if (confstr(confID, path, PATH_MAX) <= 0)
+ path[0] = '\0';
+
+ appendPathInternal(name, path);
+}
+
+void SandboxInitializationParameters::addPathParameter(const char* name, NSString *path)
+{
+ appendPathInternal(name, [path length] ? [(NSString *)path fileSystemRepresentation] : "");
+}
+
+void SandboxInitializationParameters::addPathParameter(const char* name, const char* path)
+{
+ appendPathInternal(name, path);
+}
+
+void SandboxInitializationParameters::addParameter(const char* name, const char* value)
+{
+ m_namedParameters.append(name);
+ m_namedParameters.append(fastStrDup(value));
+}
+
+const char* const* SandboxInitializationParameters::namedParameterArray() const
+{
+ if (!(m_namedParameters.size() % 2))
+ m_namedParameters.append(static_cast<const char*>(0));
+
+ return m_namedParameters.data();
+}
+
+size_t SandboxInitializationParameters::count() const
+{
+ return m_namedParameters.size() / 2;
+}
+
+const char* SandboxInitializationParameters::name(size_t index) const
+{
+ ASSERT(index != m_namedParameters.size());
+ return m_namedParameters[index * 2];
+}
+
+const char* SandboxInitializationParameters::value(size_t index) const
+{
+ return m_namedParameters[index * 2 + 1];
+}
+
+} // namespace WebKit
Copied: trunk/Source/WebKit/Shared/Cocoa/SandboxUtilities.h (from rev 244746, trunk/Source/WebKit/Shared/mac/SandboxUtilities.h) (0 => 244747)
--- trunk/Source/WebKit/Shared/Cocoa/SandboxUtilities.h (rev 0)
+++ trunk/Source/WebKit/Shared/Cocoa/SandboxUtilities.h 2019-04-29 19:52:56 UTC (rev 244747)
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2014 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#import <sys/types.h>
+#import <wtf/Forward.h>
+#import <wtf/spi/darwin/XPCSPI.h>
+
+namespace WebKit {
+
+bool connectedProcessIsSandboxed(xpc_connection_t);
+bool currentProcessIsSandboxed();
+bool processHasContainer();
+
+// Returns an empty string if the process is not in a container.
+String pathForProcessContainer();
+
+}
Copied: trunk/Source/WebKit/Shared/Cocoa/SandboxUtilities.mm (from rev 244746, trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm) (0 => 244747)
--- trunk/Source/WebKit/Shared/Cocoa/SandboxUtilities.mm (rev 0)
+++ trunk/Source/WebKit/Shared/Cocoa/SandboxUtilities.mm 2019-04-29 19:52:56 UTC (rev 244747)
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2014 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "SandboxUtilities.h"
+
+#import <array>
+#import <sys/param.h>
+#import <wtf/OSObjectPtr.h>
+#import <wtf/spi/darwin/SandboxSPI.h>
+#import <wtf/spi/darwin/XPCSPI.h>
+#import <wtf/text/WTFString.h>
+
+namespace WebKit {
+
+bool currentProcessIsSandboxed()
+{
+ return sandbox_check(getpid(), nullptr, SANDBOX_FILTER_NONE);
+}
+
+bool connectedProcessIsSandboxed(xpc_connection_t connectionToParent)
+{
+ audit_token_t token;
+ xpc_connection_get_audit_token(connectionToParent, &token);
+ return sandbox_check_by_audit_token(token, nullptr, SANDBOX_FILTER_NONE);
+}
+
+bool processHasContainer()
+{
+ static bool hasContainer = !pathForProcessContainer().isEmpty();
+ return hasContainer;
+}
+
+String pathForProcessContainer()
+{
+ std::array<char, MAXPATHLEN> path;
+ path[0] = 0;
+ sandbox_container_path_for_pid(getpid(), path.data(), path.size());
+
+ return String::fromUTF8(path.data());
+}
+
+}
Deleted: trunk/Source/WebKit/Shared/mac/SandboxExtensionMac.mm (244746 => 244747)
--- trunk/Source/WebKit/Shared/mac/SandboxExtensionMac.mm 2019-04-29 19:36:21 UTC (rev 244746)
+++ trunk/Source/WebKit/Shared/mac/SandboxExtensionMac.mm 2019-04-29 19:52:56 UTC (rev 244747)
@@ -1,446 +0,0 @@
-/*
- * Copyright (C) 2010-2016 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#import "config.h"
-#import "SandboxExtension.h"
-
-#if ENABLE(SANDBOX_EXTENSIONS)
-
-#import "DataReference.h"
-#import "Decoder.h"
-#import "Encoder.h"
-#import <sys/stat.h>
-#import <wtf/FileSystem.h>
-#import <wtf/spi/darwin/SandboxSPI.h>
-#import <wtf/text/CString.h>
-
-namespace WebKit {
-
-class SandboxExtensionImpl {
-public:
- static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
- {
- std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, pid) };
- if (!impl->m_token)
- return nullptr;
- return impl;
- }
-
- SandboxExtensionImpl(const char* serializedFormat, size_t length)
- : m_token { strndup(serializedFormat, length) }
- {
- }
-
- ~SandboxExtensionImpl()
- {
- free(m_token);
- }
-
- bool consume() WARN_UNUSED_RETURN
- {
- m_handle = sandbox_extension_consume(m_token);
-#if PLATFORM(IOS_FAMILY_SIMULATOR)
- return !sandbox_check(getpid(), 0, SANDBOX_FILTER_NONE);
-#else
- if (m_handle == -1) {
- LOG_ERROR("Could not create a sandbox extension for '%s', errno = %d", m_token, errno);
- return false;
- }
- return m_handle;
-#endif
- }
-
- bool invalidate()
- {
- return !sandbox_extension_release(std::exchange(m_handle, 0));
- }
-
- const char* getSerializedFormat(size_t& length) WARN_UNUSED_RETURN
- {
- length = strlen(m_token);
- return m_token;
- }
-
-private:
- char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
- {
- switch (type) {
- case SandboxExtension::Type::ReadOnly:
- return sandbox_extension_issue_file(APP_SANDBOX_READ, path, 0);
- case SandboxExtension::Type::ReadWrite:
- return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0);
- case SandboxExtension::Type::Mach:
-#if HAVE(SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_PID)
- return sandbox_extension_issue_mach_to_process_by_pid("com.apple.webkit.extension.mach"_s, path, 0, pid.value());
-#else
- UNUSED_PARAM(pid);
- ASSERT_NOT_REACHED();
- return nullptr;
-#endif
- case SandboxExtension::Type::Generic:
- return sandbox_extension_issue_generic(path, 0);
- }
- }
-
- SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
- : m_token { sandboxExtensionForType(path, type, pid) }
- {
- }
-
- char* m_token;
- int64_t m_handle { 0 };
-};
-
-SandboxExtension::Handle::Handle()
-{
-}
-
-SandboxExtension::Handle::Handle(Handle&&) = default;
-SandboxExtension::Handle& SandboxExtension::Handle::operator=(Handle&&) = default;
-
-SandboxExtension::Handle::~Handle()
-{
- if (m_sandboxExtension)
- m_sandboxExtension->invalidate();
-}
-
-void SandboxExtension::Handle::encode(IPC::Encoder& encoder) const
-{
- if (!m_sandboxExtension) {
- encoder << IPC::DataReference();
- return;
- }
-
- size_t length = 0;
- const char* serializedFormat = m_sandboxExtension->getSerializedFormat(length);
- ASSERT(serializedFormat);
-
- encoder << IPC::DataReference(reinterpret_cast<const uint8_t*>(serializedFormat), length);
-
- // Encoding will destroy the sandbox extension locally.
- m_sandboxExtension = 0;
-}
-
-auto SandboxExtension::Handle::decode(IPC::Decoder& decoder) -> Optional<Handle>
-{
- IPC::DataReference dataReference;
- if (!decoder.decode(dataReference))
- return WTF::nullopt;
-
- if (dataReference.isEmpty())
- return {{ }};
-
- Handle handle;
- handle.m_sandboxExtension = std::make_unique<SandboxExtensionImpl>(reinterpret_cast<const char*>(dataReference.data()), dataReference.size());
- return WTFMove(handle);
-}
-
-SandboxExtension::HandleArray::HandleArray()
-{
-}
-
-SandboxExtension::HandleArray::~HandleArray()
-{
-}
-
-void SandboxExtension::HandleArray::allocate(size_t size)
-{
- if (!size)
- return;
-
- ASSERT(m_data.isEmpty());
-
- m_data.resize(size);
-}
-
-SandboxExtension::Handle& SandboxExtension::HandleArray::operator[](size_t i)
-{
- RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(i < m_data.size());
- return m_data[i];
-}
-
-const SandboxExtension::Handle& SandboxExtension::HandleArray::operator[](size_t i) const
-{
- RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(i < m_data.size());
- return m_data[i];
-}
-
-size_t SandboxExtension::HandleArray::size() const
-{
- return m_data.size();
-}
-
-void SandboxExtension::HandleArray::encode(IPC::Encoder& encoder) const
-{
- encoder << static_cast<uint64_t>(size());
- for (auto& handle : m_data)
- encoder << handle;
-}
-
-Optional<SandboxExtension::HandleArray> SandboxExtension::HandleArray::decode(IPC::Decoder& decoder)
-{
- Optional<uint64_t> size;
- decoder >> size;
- if (!size)
- return WTF::nullopt;
- SandboxExtension::HandleArray handles;
- handles.allocate(*size);
- for (size_t i = 0; i < *size; ++i) {
- Optional<SandboxExtension::Handle> handle;
- decoder >> handle;
- if (!handle)
- return WTF::nullopt;
- handles[i] = WTFMove(*handle);
- }
- return WTFMove(handles);
-}
-
-RefPtr<SandboxExtension> SandboxExtension::create(Handle&& handle)
-{
- if (!handle.m_sandboxExtension)
- return nullptr;
-
- return adoptRef(new SandboxExtension(handle));
-}
-
-static CString resolveSymlinksInPath(const CString& path)
-{
- struct stat statBuf;
-
- // Check if this file exists.
- if (!stat(path.data(), &statBuf)) {
- char resolvedName[PATH_MAX];
-
- return realpath(path.data(), resolvedName);
- }
-
- const char* slashPtr = strrchr(path.data(), '/');
- if (slashPtr == path.data())
- return path;
-
- size_t parentDirectoryLength = slashPtr - path.data();
- if (parentDirectoryLength >= PATH_MAX)
- return CString();
-
- // Get the parent directory.
- char parentDirectory[PATH_MAX];
- memcpy(parentDirectory, path.data(), parentDirectoryLength);
- parentDirectory[parentDirectoryLength] = '\0';
-
- // Resolve it.
- CString resolvedParentDirectory = resolveSymlinksInPath(CString(parentDirectory));
- if (resolvedParentDirectory.isNull())
- return CString();
-
- size_t lastPathComponentLength = path.length() - parentDirectoryLength;
- size_t resolvedPathLength = resolvedParentDirectory.length() + lastPathComponentLength;
- if (resolvedPathLength >= PATH_MAX)
- return CString();
-
- // Combine the resolved parent directory with the last path component.
- char* resolvedPathBuffer;
- CString resolvedPath = CString::newUninitialized(resolvedPathLength, resolvedPathBuffer);
- memcpy(resolvedPathBuffer, resolvedParentDirectory.data(), resolvedParentDirectory.length());
- memcpy(resolvedPathBuffer + resolvedParentDirectory.length(), slashPtr, lastPathComponentLength);
-
- return resolvedPath;
-}
-
-String stringByResolvingSymlinksInPath(const String& path)
-{
- return String::fromUTF8(resolveSymlinksInPath(path.utf8()));
-}
-
-String resolveAndCreateReadWriteDirectoryForSandboxExtension(const String& path)
-{
- NSError *error = nil;
- NSString *nsPath = path;
-
- if (![[NSFileManager defaultManager] createDirectoryAtPath:nsPath withIntermediateDirectories:YES attributes:nil error:&error]) {
- NSLog(@"could not create directory \"%@\" for future sandbox extension, error %@", nsPath, error);
- return { };
- }
-
- return resolvePathForSandboxExtension(path);
-}
-
-String resolvePathForSandboxExtension(const String& path)
-{
- // FIXME: Do we need both resolveSymlinksInPath() and -stringByStandardizingPath?
- CString fileSystemPath = FileSystem::fileSystemRepresentation([(NSString *)path stringByStandardizingPath]);
- if (fileSystemPath.isNull()) {
- LOG_ERROR("Could not create a valid file system representation for the string '%s' of length %lu", fileSystemPath.data(), fileSystemPath.length());
- return { };
- }
-
- CString standardizedPath = resolveSymlinksInPath(fileSystemPath);
- return String::fromUTF8(standardizedPath);
-}
-
-bool SandboxExtension::createHandleWithoutResolvingPath(const String& path, Type type, Handle& handle)
-{
- ASSERT(!handle.m_sandboxExtension);
-
- handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), type);
- if (!handle.m_sandboxExtension) {
- LOG_ERROR("Could not create a sandbox extension for '%s'", path.utf8().data());
- return false;
- }
- return true;
-}
-
-bool SandboxExtension::createHandle(const String& path, Type type, Handle& handle)
-{
- ASSERT(!handle.m_sandboxExtension);
-
- return createHandleWithoutResolvingPath(resolvePathForSandboxExtension(path), type, handle);
-}
-
-bool SandboxExtension::createHandleForReadWriteDirectory(const String& path, SandboxExtension::Handle& handle)
-{
- String resolvedPath = resolveAndCreateReadWriteDirectoryForSandboxExtension(path);
- if (resolvedPath.isNull())
- return false;
-
- return SandboxExtension::createHandleWithoutResolvingPath(resolvedPath, SandboxExtension::Type::ReadWrite, handle);
-}
-
-String SandboxExtension::createHandleForTemporaryFile(const String& prefix, Type type, Handle& handle)
-{
- ASSERT(!handle.m_sandboxExtension);
-
- Vector<char> path(PATH_MAX);
- if (!confstr(_CS_DARWIN_USER_TEMP_DIR, path.data(), path.size()))
- return String();
-
- // Shrink the vector.
- path.shrink(strlen(path.data()));
-
- // FIXME: Change to a runtime assertion that the path ends with a slash once <rdar://problem/23579077> is
- // fixed in all iOS Simulator versions that we use.
- if (path.last() != '/')
- path.append('/');
-
- // Append the file name.
- path.append(prefix.utf8().data(), prefix.length());
- path.append('\0');
-
- handle.m_sandboxExtension = SandboxExtensionImpl::create(FileSystem::fileSystemRepresentation(path.data()).data(), type);
-
- if (!handle.m_sandboxExtension) {
- WTFLogAlways("Could not create a sandbox extension for temporary file '%s'", path.data());
- return String();
- }
- return String(path.data());
-}
-
-bool SandboxExtension::createHandleForGenericExtension(const String& extensionClass, Handle& handle)
-{
- ASSERT(!handle.m_sandboxExtension);
-
- handle.m_sandboxExtension = SandboxExtensionImpl::create(extensionClass.utf8().data(), Type::Generic);
- if (!handle.m_sandboxExtension) {
- WTFLogAlways("Could not create a '%s' sandbox extension", extensionClass.utf8().data());
- return false;
- }
-
- return true;
-}
-
-bool SandboxExtension::createHandleForMachLookupByPid(const String& service, pid_t pid, Handle& handle)
-{
- ASSERT(!handle.m_sandboxExtension);
-
- handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, pid);
- if (!handle.m_sandboxExtension) {
- WTFLogAlways("Could not create a '%s' sandbox extension", service.utf8().data());
- return false;
- }
-
- return true;
-}
-
-SandboxExtension::SandboxExtension(const Handle& handle)
- : m_sandboxExtension(WTFMove(handle.m_sandboxExtension))
-{
-}
-
-SandboxExtension::~SandboxExtension()
-{
- if (!m_sandboxExtension)
- return;
-
- ASSERT(!m_useCount);
-}
-
-bool SandboxExtension::revoke()
-{
- ASSERT(m_sandboxExtension);
- ASSERT(m_useCount);
-
- if (--m_useCount)
- return true;
-
- return m_sandboxExtension->invalidate();
-}
-
-bool SandboxExtension::consume()
-{
- ASSERT(m_sandboxExtension);
-
- if (m_useCount++)
- return true;
-
- return m_sandboxExtension->consume();
-}
-
-bool SandboxExtension::consumePermanently()
-{
- ASSERT(m_sandboxExtension);
-
- bool result = m_sandboxExtension->consume();
-
- // Destroy the extension without invalidating it.
- m_sandboxExtension = nullptr;
-
- return result;
-}
-
-bool SandboxExtension::consumePermanently(const Handle& handle)
-{
- if (!handle.m_sandboxExtension)
- return false;
-
- bool result = handle.m_sandboxExtension->consume();
-
- // Destroy the extension without invalidating it.
- handle.m_sandboxExtension = nullptr;
-
- return result;
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SANDBOX_EXTENSIONS)
Deleted: trunk/Source/WebKit/Shared/mac/SandboxInitialiationParametersMac.mm (244746 => 244747)
--- trunk/Source/WebKit/Shared/mac/SandboxInitialiationParametersMac.mm 2019-04-29 19:36:21 UTC (rev 244746)
+++ trunk/Source/WebKit/Shared/mac/SandboxInitialiationParametersMac.mm 2019-04-29 19:52:56 UTC (rev 244747)
@@ -1,103 +0,0 @@
-/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SandboxInitializationParameters.h"
-
-namespace WebKit {
-
-SandboxInitializationParameters::SandboxInitializationParameters()
- : m_profileSelectionMode(ProfileSelectionMode::UseDefaultSandboxProfilePath)
-{
-}
-
-SandboxInitializationParameters::~SandboxInitializationParameters()
-{
- for (size_t i = 0; i + 1 < m_namedParameters.size(); i += 2)
- fastFree(const_cast<char*>(m_namedParameters[i + 1]));
-}
-
-void SandboxInitializationParameters::appendPathInternal(const char* name, const char* path)
-{
- char normalizedPath[PATH_MAX];
- if (!realpath(path, normalizedPath))
- normalizedPath[0] = '\0';
-
- ASSERT(!(m_namedParameters.size() % 2));
-
- m_namedParameters.append(name);
- m_namedParameters.append(fastStrDup(normalizedPath));
-}
-
-void SandboxInitializationParameters::addConfDirectoryParameter(const char* name, int confID)
-{
- char path[PATH_MAX];
- if (confstr(confID, path, PATH_MAX) <= 0)
- path[0] = '\0';
-
- appendPathInternal(name, path);
-}
-
-void SandboxInitializationParameters::addPathParameter(const char* name, NSString *path)
-{
- appendPathInternal(name, [path length] ? [(NSString *)path fileSystemRepresentation] : "");
-}
-
-void SandboxInitializationParameters::addPathParameter(const char* name, const char* path)
-{
- appendPathInternal(name, path);
-}
-
-void SandboxInitializationParameters::addParameter(const char* name, const char* value)
-{
- m_namedParameters.append(name);
- m_namedParameters.append(fastStrDup(value));
-}
-
-const char* const* SandboxInitializationParameters::namedParameterArray() const
-{
- if (!(m_namedParameters.size() % 2))
- m_namedParameters.append(static_cast<const char*>(0));
-
- return m_namedParameters.data();
-}
-
-size_t SandboxInitializationParameters::count() const
-{
- return m_namedParameters.size() / 2;
-}
-
-const char* SandboxInitializationParameters::name(size_t index) const
-{
- ASSERT(index != m_namedParameters.size());
- return m_namedParameters[index * 2];
-}
-
-const char* SandboxInitializationParameters::value(size_t index) const
-{
- return m_namedParameters[index * 2 + 1];
-}
-
-} // namespace WebKit
Deleted: trunk/Source/WebKit/Shared/mac/SandboxUtilities.h (244746 => 244747)
--- trunk/Source/WebKit/Shared/mac/SandboxUtilities.h 2019-04-29 19:36:21 UTC (rev 244746)
+++ trunk/Source/WebKit/Shared/mac/SandboxUtilities.h 2019-04-29 19:52:56 UTC (rev 244747)
@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#import <sys/types.h>
-#import <wtf/Forward.h>
-#import <wtf/spi/darwin/XPCSPI.h>
-
-namespace WebKit {
-
-bool connectedProcessIsSandboxed(xpc_connection_t);
-bool currentProcessIsSandboxed();
-bool processHasContainer();
-
-// Returns an empty string if the process is not in a container.
-String pathForProcessContainer();
-
-}
Deleted: trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm (244746 => 244747)
--- trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm 2019-04-29 19:36:21 UTC (rev 244746)
+++ trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm 2019-04-29 19:52:56 UTC (rev 244747)
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#import "config.h"
-#import "SandboxUtilities.h"
-
-#import <array>
-#import <sys/param.h>
-#import <wtf/OSObjectPtr.h>
-#import <wtf/spi/darwin/SandboxSPI.h>
-#import <wtf/spi/darwin/XPCSPI.h>
-#import <wtf/text/WTFString.h>
-
-namespace WebKit {
-
-bool currentProcessIsSandboxed()
-{
- return sandbox_check(getpid(), nullptr, SANDBOX_FILTER_NONE);
-}
-
-bool connectedProcessIsSandboxed(xpc_connection_t connectionToParent)
-{
- audit_token_t token;
- xpc_connection_get_audit_token(connectionToParent, &token);
- return sandbox_check_by_audit_token(token, nullptr, SANDBOX_FILTER_NONE);
-}
-
-bool processHasContainer()
-{
- static bool hasContainer = !pathForProcessContainer().isEmpty();
- return hasContainer;
-}
-
-String pathForProcessContainer()
-{
- std::array<char, MAXPATHLEN> path;
- path[0] = 0;
- sandbox_container_path_for_pid(getpid(), path.data(), path.size());
-
- return String::fromUTF8(path.data());
-}
-
-}
Modified: trunk/Source/WebKit/SourcesCocoa.txt (244746 => 244747)
--- trunk/Source/WebKit/SourcesCocoa.txt 2019-04-29 19:36:21 UTC (rev 244746)
+++ trunk/Source/WebKit/SourcesCocoa.txt 2019-04-29 19:52:56 UTC (rev 244747)
@@ -143,6 +143,9 @@
Shared/Cocoa/CompletionHandlerCallChecker.mm
Shared/Cocoa/DataDetectionResult.mm
Shared/Cocoa/LoadParametersCocoa.mm
+Shared/Cocoa/SandboxExtensionCocoa.mm
+Shared/Cocoa/SandboxInitialiationParametersCocoa.mm
+Shared/Cocoa/SandboxUtilities.mm
Shared/Cocoa/SharedRingBufferStorage.cpp
Shared/Cocoa/WebCoreArgumentCodersCocoa.mm
Shared/Cocoa/WebErrorsCocoa.mm
@@ -186,9 +189,6 @@
Shared/mac/PasteboardTypes.mm
Shared/mac/PDFKitImports.mm
Shared/mac/PrintInfoMac.mm
-Shared/mac/SandboxExtensionMac.mm
-Shared/mac/SandboxInitialiationParametersMac.mm
-Shared/mac/SandboxUtilities.mm
Shared/mac/SecItemRequestData.cpp
Shared/mac/SecItemResponseData.cpp
Shared/mac/SecItemShim.cpp
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (244746 => 244747)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2019-04-29 19:36:21 UTC (rev 244746)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2019-04-29 19:52:56 UTC (rev 244747)
@@ -2239,7 +2239,6 @@
1AAB0378185A7C6A00EDF501 /* MessageSender.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MessageSender.h; sourceTree = "<group>"; };
1AAB037B185F99D800EDF501 /* APIData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = APIData.cpp; sourceTree = "<group>"; };
1AAB4A8C1296F0A20023952F /* SandboxExtension.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SandboxExtension.h; sourceTree = "<group>"; };
- 1AAB4AA91296F1540023952F /* SandboxExtensionMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SandboxExtensionMac.mm; sourceTree = "<group>"; };
1AABFE391829C1ED005B070E /* _WKRemoteObjectInterfaceInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = _WKRemoteObjectInterfaceInternal.h; sourceTree = "<group>"; };
1AADE6FE10D855FC00D3D63D /* ApplicationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ApplicationServices.framework; path = System/Library/Frameworks/ApplicationServices.framework; sourceTree = SDKROOT; };
1AAF089819267EE500B6390C /* WKUserScript.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WKUserScript.mm; sourceTree = "<group>"; };
@@ -3622,6 +3621,9 @@
7A8A9D571EF119AA009801AE /* APIInjectedBundleClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIInjectedBundleClient.h; sourceTree = "<group>"; };
7A8A9D591EF13020009801AE /* APIInjectedBundleBundleClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIInjectedBundleBundleClient.h; sourceTree = "<group>"; };
7A8A9D5B1EF1458E009801AE /* APIInjectedBundlePageResourceLoadClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIInjectedBundlePageResourceLoadClient.h; sourceTree = "<group>"; };
+ 7AB4EA3F22777C460085BBAA /* SandboxExtensionCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SandboxExtensionCocoa.mm; sourceTree = "<group>"; };
+ 7AB4EA4122777FC70085BBAA /* SandboxInitialiationParametersCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = SandboxInitialiationParametersCocoa.mm; sourceTree = "<group>"; };
+ 7AB4EA42227780DD0085BBAA /* SandboxUtilities.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = SandboxUtilities.mm; sourceTree = "<group>"; };
7AB6EA441EEAAE2300037B2B /* APIIconDatabaseClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIIconDatabaseClient.h; sourceTree = "<group>"; };
7AB6EA461EEAB6B000037B2B /* APIGeolocationProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIGeolocationProvider.h; sourceTree = "<group>"; };
7ACE82E7221CAE06000DA94C /* ResourceLoadStatisticsStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ResourceLoadStatisticsStore.h; path = Classifier/ResourceLoadStatisticsStore.h; sourceTree = "<group>"; };
@@ -4542,7 +4544,6 @@
E19582D4153CC05300B60875 /* PDFKitImports.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = PDFKitImports.mm; sourceTree = "<group>"; };
E1967E37150AB5E200C73169 /* com.apple.WebProcess.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = com.apple.WebProcess.sb; path = DerivedSources/WebKit2/com.apple.WebProcess.sb; sourceTree = BUILT_PRODUCTS_DIR; };
E19BDA8419365F4B00B97F57 /* com.apple.appstore.CodeRedeemerNetscapePlugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.appstore.CodeRedeemerNetscapePlugin.sb; sourceTree = "<group>"; };
- E19BDA87193686A400B97F57 /* SandboxUtilities.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SandboxUtilities.mm; sourceTree = "<group>"; };
E19BDA88193686A400B97F57 /* SandboxUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SandboxUtilities.h; sourceTree = "<group>"; };
E1A31731134CEA6C007C9A4F /* AttributedString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AttributedString.h; sourceTree = "<group>"; };
E1A31734134CEA80007C9A4F /* AttributedString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AttributedString.mm; sourceTree = "<group>"; };
@@ -4553,7 +4554,6 @@
E1CC1B8E12D7EADF00625838 /* PrintInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PrintInfo.h; sourceTree = "<group>"; };
E1CC1B8F12D7EADF00625838 /* PrintInfoMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = PrintInfoMac.mm; sourceTree = "<group>"; };
E1D26A4C1759634E0095BFD1 /* WebContentProcess.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; name = WebContentProcess.xib; path = Resources/WebContentProcess.xib; sourceTree = "<group>"; };
- E1E552C216AE065E004ED653 /* SandboxInitialiationParametersMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SandboxInitialiationParametersMac.mm; sourceTree = "<group>"; };
E1E552C316AE065E004ED653 /* SandboxInitializationParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SandboxInitializationParameters.h; sourceTree = "<group>"; };
E1EE53DC11F8CF9F00CCBEE4 /* InjectedBundlePageEditorClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InjectedBundlePageEditorClient.h; sourceTree = "<group>"; };
E1EE53E611F8CFFB00CCBEE4 /* InjectedBundlePageEditorClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = InjectedBundlePageEditorClient.cpp; sourceTree = "<group>"; };
@@ -6352,6 +6352,10 @@
2D1087621D2C641B00B85F82 /* LoadParametersCocoa.mm */,
CD2865EC2255562000606AC7 /* ProcessTaskStateObserver.h */,
CD2865ED2255562000606AC7 /* ProcessTaskStateObserver.mm */,
+ 7AB4EA3F22777C460085BBAA /* SandboxExtensionCocoa.mm */,
+ 7AB4EA4122777FC70085BBAA /* SandboxInitialiationParametersCocoa.mm */,
+ E19BDA88193686A400B97F57 /* SandboxUtilities.h */,
+ 7AB4EA42227780DD0085BBAA /* SandboxUtilities.mm */,
CD4B4D9A1E765E0000D27092 /* SharedRingBufferStorage.cpp */,
CD4B4D9B1E765E0000D27092 /* SharedRingBufferStorage.h */,
1AB1F78E1D1B34A6007C9BD1 /* WebCoreArgumentCodersCocoa.mm */,
@@ -7975,10 +7979,6 @@
E19582D2153CBFD700B60875 /* PDFKitImports.h */,
E19582D4153CC05300B60875 /* PDFKitImports.mm */,
E1CC1B8F12D7EADF00625838 /* PrintInfoMac.mm */,
- 1AAB4AA91296F1540023952F /* SandboxExtensionMac.mm */,
- E1E552C216AE065E004ED653 /* SandboxInitialiationParametersMac.mm */,
- E19BDA88193686A400B97F57 /* SandboxUtilities.h */,
- E19BDA87193686A400B97F57 /* SandboxUtilities.mm */,
51D1304F1382EAC000351EDD /* SecItemRequestData.cpp */,
51D130501382EAC000351EDD /* SecItemRequestData.h */,
51D130511382EAC000351EDD /* SecItemResponseData.cpp */,