- Revision
- 264297
- Author
- [email protected]
- Date
- 2020-07-13 02:32:07 -0700 (Mon, 13 Jul 2020)
Log Message
[GTK][WPE] WTR and API-tests timing out after r264283
https://bugs.webkit.org/show_bug.cgi?id=214244
Reviewed by Carlos Garcia Campos.
r264283 broke local file loads at least for GTK and WPE ports due to
additionally-introduced ENABLE(SANDBOX_EXTENSIONS) build guards.
This patch reverts to using the sandboxing code without these guards,
relying instead on no-op SandboxExtension implementations for ports not
yet providing the system-specific sandboxing functionality. Uses of the
audit token functionality (only available on Cocoa platforms) gain
HAVE(AUDIT_TOKEN) guards. Overall the changes keep the r264283-enabled
code running where viable while unbreaking local file loading for other
ports.
* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
* WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
(WebKit::MediaPlayerPrivateRemote::MediaPlayerPrivateRemote::load):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (264296 => 264297)
--- trunk/Source/WebKit/ChangeLog 2020-07-13 08:51:45 UTC (rev 264296)
+++ trunk/Source/WebKit/ChangeLog 2020-07-13 09:32:07 UTC (rev 264297)
@@ -1,3 +1,28 @@
+2020-07-13 Zan Dobersek <[email protected]>
+
+ [GTK][WPE] WTR and API-tests timing out after r264283
+ https://bugs.webkit.org/show_bug.cgi?id=214244
+
+ Reviewed by Carlos Garcia Campos.
+
+ r264283 broke local file loads at least for GTK and WPE ports due to
+ additionally-introduced ENABLE(SANDBOX_EXTENSIONS) build guards.
+
+ This patch reverts to using the sandboxing code without these guards,
+ relying instead on no-op SandboxExtension implementations for ports not
+ yet providing the system-specific sandboxing functionality. Uses of the
+ audit token functionality (only available on Cocoa platforms) gain
+ HAVE(AUDIT_TOKEN) guards. Overall the changes keep the r264283-enabled
+ code running where viable while unbreaking local file loading for other
+ ports.
+
+ * NetworkProcess/NetworkResourceLoadParameters.cpp:
+ (WebKit::NetworkResourceLoadParameters::encode const):
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
+ * WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
+ (WebKit::MediaPlayerPrivateRemote::MediaPlayerPrivateRemote::load):
+
2020-07-12 Said Abou-Hallawa <[email protected]>
[macOS]: A HEIF image, selected from the OpenPanel, should be converted to an accepted MIME type
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp (264296 => 264297)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp 2020-07-13 08:51:45 UTC (rev 264296)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp 2020-07-13 09:32:07 UTC (rev 264297)
@@ -66,12 +66,13 @@
if (request.url().isLocalFile()) {
SandboxExtension::Handle requestSandboxExtension;
-#if ENABLE(SANDBOX_EXTENSIONS)
+#if HAVE(AUDIT_TOKEN)
if (networkProcessAuditToken)
SandboxExtension::createHandleForReadByAuditToken(request.url().fileSystemPath(), *networkProcessAuditToken, requestSandboxExtension);
else
+#endif
SandboxExtension::createHandle(request.url().fileSystemPath(), SandboxExtension::Type::ReadOnly, requestSandboxExtension);
-#endif
+
encoder << requestSandboxExtension;
}
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (264296 => 264297)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-07-13 08:51:45 UTC (rev 264296)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2020-07-13 09:32:07 UTC (rev 264297)
@@ -1188,33 +1188,29 @@
closePage();
}
-#if !ENABLE(SANDBOX_EXTENSIONS)
-
-void WebPageProxy::maybeInitializeSandboxExtensionHandle(WebProcessProxy&, const URL&, const URL&, SandboxExtension::Handle&, bool)
-{
-}
-
-#else
-
void WebPageProxy::maybeInitializeSandboxExtensionHandle(WebProcessProxy& process, const URL& url, const URL& resourceDirectoryURL, SandboxExtension::Handle& sandboxExtensionHandle, bool checkAssumedReadAccessToResourceURL)
{
if (!url.isLocalFile())
return;
+#if HAVE(AUDIT_TOKEN)
// If the process is still launching then it does not have a PID yet. We will take care of creating the sandbox extension
// once the process has finished launching.
if (process.isLaunching() || process.wasTerminated())
return;
+#endif
if (!resourceDirectoryURL.isEmpty()) {
if (checkAssumedReadAccessToResourceURL && process.hasAssumedReadAccessToURL(resourceDirectoryURL))
return;
+ bool createdExtension = false;
+#if HAVE(AUDIT_TOKEN)
ASSERT(process.connection() && process.connection()->getAuditToken());
- bool createdExtension = false;
if (process.connection() && process.connection()->getAuditToken())
createdExtension = SandboxExtension::createHandleForReadByAuditToken(resourceDirectoryURL.fileSystemPath(), *(process.connection()->getAuditToken()), sandboxExtensionHandle);
else
+#endif
createdExtension = SandboxExtension::createHandle(resourceDirectoryURL.fileSystemPath(), SandboxExtension::Type::ReadOnly, sandboxExtensionHandle);
if (createdExtension) {
@@ -1229,11 +1225,13 @@
// Inspector resources are in a directory with assumed access.
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!WebKit::isInspectorPage(*this));
+ bool createdExtension = false;
+#if HAVE(AUDIT_TOKEN)
ASSERT(process.connection() && process.connection()->getAuditToken());
- bool createdExtension = false;
if (process.connection() && process.connection()->getAuditToken())
createdExtension = SandboxExtension::createHandleForReadByAuditToken("/", *(process.connection()->getAuditToken()), sandboxExtensionHandle);
else
+#endif
createdExtension = SandboxExtension::createHandle("/", SandboxExtension::Type::ReadOnly, sandboxExtensionHandle);
if (createdExtension) {
@@ -1251,17 +1249,17 @@
auto basePath = baseURL.fileSystemPath();
if (basePath.isNull())
return;
+#if HAVE(AUDIT_TOKEN)
if (process.connection() && process.connection()->getAuditToken())
createdExtension = SandboxExtension::createHandleForReadByAuditToken(basePath, *(process.connection()->getAuditToken()), sandboxExtensionHandle);
else
+#endif
createdExtension = SandboxExtension::createHandle(basePath, SandboxExtension::Type::ReadOnly, sandboxExtensionHandle);
-
+
if (createdExtension)
process.assumeReadAccessToBaseURL(*this, baseURL.string());
}
-#endif
-
#if !PLATFORM(COCOA)
void WebPageProxy::addPlatformLoadParameters(WebProcessProxy&, LoadParameters&)
Modified: trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp (264296 => 264297)
--- trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp 2020-07-13 08:51:45 UTC (rev 264296)
+++ trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp 2020-07-13 09:32:07 UTC (rev 264297)
@@ -139,15 +139,16 @@
void MediaPlayerPrivateRemote::MediaPlayerPrivateRemote::load(const URL& url, const ContentType& contentType, const String& keySystem)
{
Optional<SandboxExtension::Handle> sandboxExtensionHandle;
-
-#if ENABLE(SANDBOX_EXTENSIONS)
if (url.isLocalFile()) {
SandboxExtension::Handle handle;
auto fileSystemPath = url.fileSystemPath();
auto createExtension = [&] {
+#if HAVE(AUDIT_TOKEN)
if (auto auditToken = m_manager.gpuProcessConnection().auditToken())
return SandboxExtension::createHandleForReadByAuditToken(fileSystemPath, auditToken.value(), handle);
+#endif
+
return SandboxExtension::createHandle(fileSystemPath, SandboxExtension::Type::ReadOnly, handle);
};
@@ -160,7 +161,6 @@
sandboxExtensionHandle = WTFMove(handle);
}
-#endif
connection().sendWithAsyncReply(Messages::RemoteMediaPlayerProxy::Load(url, sandboxExtensionHandle, contentType, keySystem), [weakThis = makeWeakPtr(*this)](auto&& configuration) {
if (weakThis)
