Diff
Modified: trunk/Source/WebKit/ChangeLog (247095 => 247096)
--- trunk/Source/WebKit/ChangeLog 2019-07-03 18:11:19 UTC (rev 247095)
+++ trunk/Source/WebKit/ChangeLog 2019-07-03 19:50:25 UTC (rev 247096)
@@ -1,3 +1,26 @@
+2019-07-03 Patrick Griffis <[email protected]>
+
+ [GTK][WPE] Remove Flatpak sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=199416
+
+ Reviewed by Michael Catanzaro.
+
+ The flatpak-spawn based sandbox was only a proof of concept and
+ lacks flexibility for our needs so we ended up using it with very
+ permissive permissions and it still imposed limitations that our main
+ bubblewrap sandbox didn't have.
+
+ So in order to get as many applications using the sandbox as possible we
+ will just remove this for now and focus on bubblewrap. At some point
+ it may be possible to improve flatpak-spawn to fit our needs.
+
+ * SourcesGTK.txt:
+ * SourcesWPE.txt:
+ * UIProcess/Launcher/glib/FlatpakLauncher.cpp: Removed.
+ * UIProcess/Launcher/glib/FlatpakLauncher.h: Removed.
+ * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
+ (WebKit::ProcessLauncher::launchProcess):
+
2019-07-03 Ryan Haddad <[email protected]>
Unreviewed, rolling out r246616.
Modified: trunk/Source/WebKit/SourcesGTK.txt (247095 => 247096)
--- trunk/Source/WebKit/SourcesGTK.txt 2019-07-03 18:11:19 UTC (rev 247095)
+++ trunk/Source/WebKit/SourcesGTK.txt 2019-07-03 19:50:25 UTC (rev 247096)
@@ -214,7 +214,6 @@
UIProcess/Launcher/glib/ProcessLauncherGLib.cpp @no-unify
UIProcess/Launcher/glib/BubblewrapLauncher.cpp @no-unify
-UIProcess/Launcher/glib/FlatpakLauncher.cpp @no-unify
UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
Modified: trunk/Source/WebKit/SourcesWPE.txt (247095 => 247096)
--- trunk/Source/WebKit/SourcesWPE.txt 2019-07-03 18:11:19 UTC (rev 247095)
+++ trunk/Source/WebKit/SourcesWPE.txt 2019-07-03 19:50:25 UTC (rev 247096)
@@ -195,7 +195,6 @@
UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
UIProcess/Launcher/glib/BubblewrapLauncher.cpp
-UIProcess/Launcher/glib/FlatpakLauncher.cpp
UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
Deleted: trunk/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp (247095 => 247096)
--- trunk/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp 2019-07-03 18:11:19 UTC (rev 247095)
+++ trunk/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp 2019-07-03 19:50:25 UTC (rev 247096)
@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2018 Igalia S.L.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "FlatpakLauncher.h"
-
-#if OS(LINUX)
-
-#include <gio/gio.h>
-#include <wtf/glib/GUniquePtr.h>
-
-namespace WebKit {
-
-GRefPtr<GSubprocess> flatpakSpawn(GSubprocessLauncher* launcher, const WebKit::ProcessLauncher::LaunchOptions& launchOptions, char** argv, int childProcessSocket, GError** error)
-{
- ASSERT(launcher);
-
- // When we are running inside of flatpak's sandbox we do not have permissions to
- // use the same sandbox we do outside but flatpak offers to create new sandboxes
- // for us using flatpak-spawn.
- //
- // This is just a stub implementation atm though as the Spawn interface does not expose
- // much outside of `--sandbox` (no permissions) and `--no-network`. We need to
- // add some permissions in between those for this to provide meaningful security.
-
- GUniquePtr<gchar> childProcessSocketArg(g_strdup_printf("--forward-fd=%d", childProcessSocket));
- Vector<const char*> flatpakArgs = {
- "/usr/bin/flatpak-spawn",
- childProcessSocketArg.get(),
- };
-
- if (launchOptions.processType == ProcessLauncher::ProcessType::Web)
- flatpakArgs.append("--no-network");
-
- char** newArgv = g_newa(char*, g_strv_length(argv) + flatpakArgs.size() + 1);
- size_t i = 0;
-
- for (const auto& arg : flatpakArgs)
- newArgv[i++] = const_cast<char*>(arg);
- for (size_t x = 0; argv[x]; x++)
- newArgv[i++] = argv[x];
- newArgv[i++] = nullptr;
-
- return adoptGRef(g_subprocess_launcher_spawnv(launcher, newArgv, error));
-}
-
-};
-
-#endif // OS(LINUX)
Deleted: trunk/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h (247095 => 247096)
--- trunk/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h 2019-07-03 18:11:19 UTC (rev 247095)
+++ trunk/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h 2019-07-03 19:50:25 UTC (rev 247096)
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2018 Igalia S.L.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#if OS(LINUX)
-
-#include "ProcessLauncher.h"
-
-#include <wtf/glib/GRefPtr.h>
-
-typedef struct _GSubprocess GSubprocess;
-typedef struct _GSubprocessLauncher GSubprocessLauncher;
-
-namespace WebKit {
-
-GRefPtr<GSubprocess> flatpakSpawn(GSubprocessLauncher*, const WebKit::ProcessLauncher::LaunchOptions&, char** argv, int childProcessSocket, GError**);
-
-};
-
-#endif
Modified: trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (247095 => 247096)
--- trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-07-03 18:11:19 UTC (rev 247095)
+++ trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2019-07-03 19:50:25 UTC (rev 247096)
@@ -29,7 +29,6 @@
#include "BubblewrapLauncher.h"
#include "Connection.h"
-#include "FlatpakLauncher.h"
#include "ProcessExecutablePath.h"
#include <errno.h>
#include <fcntl.h>
@@ -50,7 +49,7 @@
close(socket);
}
-#if OS(LINUX)
+#if ENABLE(BUBBLEWRAP_SANDBOX)
static bool isInsideFlatpak()
{
static int ret = -1;
@@ -57,14 +56,7 @@
if (ret != -1)
return ret;
- GUniquePtr<GKeyFile> infoFile(g_key_file_new());
- if (!g_key_file_load_from_file(infoFile.get(), "/.flatpak-info", G_KEY_FILE_NONE, nullptr)) {
- ret = false;
- return ret;
- }
-
- // If we are in a `flatpak build` session we cannot launch ourselves since we aren't installed.
- ret = !g_key_file_get_boolean(infoFile.get(), "Instance", "build", nullptr);
+ ret = g_file_test("/.flatpak-info", G_FILE_TEST_EXISTS);
return ret;
}
#endif
@@ -136,7 +128,8 @@
GUniqueOutPtr<GError> error;
GRefPtr<GSubprocess> process;
-#if OS(LINUX)
+
+#if ENABLE(BUBBLEWRAP_SANDBOX)
const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX");
bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true";
@@ -143,12 +136,9 @@
if (sandboxEnv)
sandboxEnabled = !strcmp(sandboxEnv, "1");
- if (sandboxEnabled && isInsideFlatpak())
- process = flatpakSpawn(launcher.get(), m_launchOptions, argv, socketPair.client, &error.outPtr());
-#if ENABLE(BUBBLEWRAP_SANDBOX)
- else if (sandboxEnabled)
+ // You cannot use bubblewrap within Flatpak so lets ensure it never happens.
+ if (sandboxEnabled && !isInsideFlatpak())
process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
-#endif
else
#endif
process = adoptGRef(g_subprocess_launcher_spawnv(launcher.get(), argv, &error.outPtr()));
