Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5be1236842b36137c9c9c85453a872e029dc6b8a
https://github.com/WebKit/WebKit/commit/5be1236842b36137c9c9c85453a872e029dc6b8a
Author: Charlie Wolfe <[email protected]>
Date: 2026-07-01 (Wed, 01 Jul 2026)
Changed paths:
A LayoutTests/ipc/register-file-backed-blob-path-validation-expected.txt
A LayoutTests/ipc/register-file-backed-blob-path-validation.html
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
M Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.cpp
M Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.h
M Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.cpp
M Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.h
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h
Log Message:
-----------
Remove blanket storage-root file path allow from blob access enforcement
https://bugs.webkit.org/show_bug.cgi?id=313085
rdar://174405888
Reviewed by Sihui Liu.
isFilePathAllowed() accepted any path under the per-session general storage
directory or custom IDB
storage path. This allowed a WebContent process to read any origin's persisted
data via file-backed
blob registration.
Replace the directory-level allow with per-file grants: IDB result handlers now
call
allowAccessToBlobFilesForProcess() to allow only the specific blob file paths
being returned to the
WebContent process.
Test: ipc/register-file-backed-blob-path-validation.html
* LayoutTests/ipc/register-file-backed-blob-path-validation-expected.txt: Added.
* LayoutTests/ipc/register-file-backed-blob-path-validation.html: Added.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::isFilePathAllowed):
(WebKit::NetworkConnectionToWebProcess::registerInternalFileBlobURL):
(WebKit::NetworkConnectionToWebProcess::registerInternalBlobURLOptionallyFileBacked):
(WebKit::NetworkConnectionToWebProcess::generalStoragePathForTesting):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.cpp:
(WebKit::IDBStorageConnectionToClient::IDBStorageConnectionToClient):
(WebKit::IDBStorageConnectionToClient::allowAccessToResultBlobFiles):
(WebKit::IDBStorageConnectionToClient::didGetRecord):
(WebKit::IDBStorageConnectionToClient::didGetAllRecords):
(WebKit::IDBStorageConnectionToClient::didOpenCursor):
(WebKit::IDBStorageConnectionToClient::didIterateCursor):
(WebKit::IDBStorageConnectionToClient::generateIndexKeyForRecord):
* Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.h:
* Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.cpp:
(WebKit::IDBStorageRegistry::IDBStorageRegistry):
(WebKit::IDBStorageRegistry::ensureConnectionToClient):
* Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.h:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::NetworkStorageManager):
(WebKit::NetworkStorageManager::allowAccessToBlobFilesForProcess):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:
Originally-landed-as: 305413.737@safari-7624-branch (defe0187e742).
rdar://180436541
Canonical link: https://commits.webkit.org/316364@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications