Diff
Modified: trunk/Source/WebKit2/ChangeLog (127383 => 127384)
--- trunk/Source/WebKit2/ChangeLog 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/ChangeLog 2012-09-02 03:08:00 UTC (rev 127384)
@@ -1,3 +1,50 @@
+2012-09-01 Sam Weinig <[email protected]>
+
+ Use dynamic sandbox extension rather than sandbox parameters for paths provided by the UIProcess
+ https://bugs.webkit.org/show_bug.cgi?id=95651
+
+ Reviewed by Dan Bernstein.
+
+ This is the first step to not relying on the initialization message to initialize
+ the sandbox.
+
+ * Shared/SandboxExtension.h:
+ (SandboxExtension):
+ * Shared/mac/SandboxExtensionMac.mm:
+ (WebKit::SandboxExtension::consumePermanently):
+ Add static version of SandboxExtension::consumePermanently which takes a
+ SandboxExtension::Handle. There is no reason to create a SandboxExtension
+ just to consume it forever.
+
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ (WebProcessCreationParameters):
+ Add SandboxExtension::Handles for paths we need access to, and remove
+ webInspectorBaseDirectory, which is unused.
+
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::createNewWebProcess):
+ * UIProcess/mac/WebContextMac.mm:
+ (WebKit::WebContext::platformInitializeWebProcess):
+ Create SandboxExtension::Handles for paths we need access to, and move
+ getting the presenterApplicationPid to platformInitializeWebProcess, since
+ it is Mac only.
+
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::initializeWebProcess):
+ Move setting the presenterApplicationPid to platformInitializeWebProcess.
+
+ * WebProcess/mac/WebProcessMac.mm:
+ (WebKit::initializeSandbox):
+ (WebKit::WebProcess::platformInitializeWebProcess):
+ Replace the use of sandbox parameters for opening access for necessary paths
+ with permanent consumption of sandbox extensions.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+ Remove sandbox rules that are now handled via extensions.
+
2012-08-31 Byungwoo Lee <[email protected]>
Build warning : -Wformat on WebMemorySampler.cpp.
Modified: trunk/Source/WebKit2/Shared/SandboxExtension.h (127383 => 127384)
--- trunk/Source/WebKit2/Shared/SandboxExtension.h 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/Shared/SandboxExtension.h 2012-09-02 03:08:00 UTC (rev 127384)
@@ -99,6 +99,8 @@
bool consume();
bool consumePermanently();
+ static bool consumePermanently(const Handle&);
+
private:
explicit SandboxExtension(const Handle&);
Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp (127383 => 127384)
--- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2012-09-02 03:08:00 UTC (rev 127384)
@@ -52,8 +52,11 @@
encoder->encode(injectedBundlePath);
encoder->encode(injectedBundlePathExtensionHandle);
encoder->encode(applicationCacheDirectory);
+ encoder->encode(applicationCacheDirectoryExtensionHandle);
encoder->encode(databaseDirectory);
+ encoder->encode(databaseDirectoryExtensionHandle);
encoder->encode(localStorageDirectory);
+ encoder->encode(localStorageDirectoryExtensionHandle);
encoder->encode(urlSchemesRegistererdAsEmptyDocument);
encoder->encode(urlSchemesRegisteredAsSecure);
encoder->encode(urlSchemesForWhichDomainRelaxationIsForbidden);
@@ -78,11 +81,12 @@
encoder->encode(parentProcessName);
encoder->encode(presenterApplicationPid);
encoder->encode(nsURLCachePath);
+ encoder->encode(nsURLCachePathExtensionHandle);
encoder->encode(nsURLCacheMemoryCapacity);
encoder->encode(nsURLCacheDiskCapacity);
encoder->encode(acceleratedCompositingPort);
encoder->encode(uiProcessBundleResourcePath);
- encoder->encode(webInspectorBaseDirectory);
+ encoder->encode(uiProcessBundleResourcePathExtensionHandle);
#elif PLATFORM(WIN)
encoder->encode(shouldPaintNativeControls);
encoder->encode(cfURLCachePath);
@@ -114,10 +118,16 @@
return false;
if (!decoder->decode(parameters.applicationCacheDirectory))
return false;
+ if (!decoder->decode(parameters.applicationCacheDirectoryExtensionHandle))
+ return false;
if (!decoder->decode(parameters.databaseDirectory))
return false;
+ if (!decoder->decode(parameters.databaseDirectoryExtensionHandle))
+ return false;
if (!decoder->decode(parameters.localStorageDirectory))
return false;
+ if (!decoder->decode(parameters.localStorageDirectoryExtensionHandle))
+ return false;
if (!decoder->decode(parameters.urlSchemesRegistererdAsEmptyDocument))
return false;
if (!decoder->decode(parameters.urlSchemesRegisteredAsSecure))
@@ -162,6 +172,8 @@
return false;
if (!decoder->decode(parameters.nsURLCachePath))
return false;
+ if (!decoder->decode(parameters.nsURLCachePathExtensionHandle))
+ return false;
if (!decoder->decode(parameters.nsURLCacheMemoryCapacity))
return false;
if (!decoder->decode(parameters.nsURLCacheDiskCapacity))
@@ -170,7 +182,7 @@
return false;
if (!decoder->decode(parameters.uiProcessBundleResourcePath))
return false;
- if (!decoder->decode(parameters.webInspectorBaseDirectory))
+ if (!decoder->decode(parameters.uiProcessBundleResourcePathExtensionHandle))
return false;
#elif PLATFORM(WIN)
if (!decoder->decode(parameters.shouldPaintNativeControls))
Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h (127383 => 127384)
--- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2012-09-02 03:08:00 UTC (rev 127384)
@@ -55,8 +55,11 @@
SandboxExtension::Handle injectedBundlePathExtensionHandle;
String applicationCacheDirectory;
+ SandboxExtension::Handle applicationCacheDirectoryExtensionHandle;
String databaseDirectory;
+ SandboxExtension::Handle databaseDirectoryExtensionHandle;
String localStorageDirectory;
+ SandboxExtension::Handle localStorageDirectoryExtensionHandle;
Vector<String> urlSchemesRegistererdAsEmptyDocument;
Vector<String> urlSchemesRegisteredAsSecure;
@@ -98,15 +101,16 @@
// FIXME: These should be merged with CFURLCache counterparts below.
String nsURLCachePath;
+ SandboxExtension::Handle nsURLCachePathExtensionHandle;
+
uint64_t nsURLCacheMemoryCapacity;
uint64_t nsURLCacheDiskCapacity;
CoreIPC::MachPort acceleratedCompositingPort;
String uiProcessBundleResourcePath;
+ SandboxExtension::Handle uiProcessBundleResourcePathExtensionHandle;
- String webInspectorBaseDirectory;
-
#elif PLATFORM(WIN)
String cfURLCachePath;
uint64_t cfURLCacheDiskCapacity;
Modified: trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm (127383 => 127384)
--- trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2012-09-02 03:08:00 UTC (rev 127384)
@@ -290,6 +290,19 @@
return result;
}
+bool SandboxExtension::consumePermanently(const Handle& handle)
+{
+ ASSERT(handle.m_sandboxExtension);
+
+ bool result = WKSandboxExtensionConsume(handle.m_sandboxExtension);
+
+ // Destroy the extension without invalidating it.
+ WKSandboxExtensionDestroy(handle.m_sandboxExtension);
+ handle.m_sandboxExtension = 0;
+
+ return result;
+}
+
} // namespace WebKit
#endif // ENABLE(WEB_PROCESS_SANDBOX)
Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (127383 => 127384)
--- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2012-09-02 03:08:00 UTC (rev 127384)
@@ -307,21 +307,25 @@
WebProcessCreationParameters parameters;
- if (!injectedBundlePath().isEmpty()) {
- parameters.injectedBundlePath = injectedBundlePath();
+ parameters.injectedBundlePath = injectedBundlePath();
+ if (!parameters.injectedBundlePath.isEmpty())
SandboxExtension::createHandle(parameters.injectedBundlePath, SandboxExtension::ReadOnly, parameters.injectedBundlePathExtensionHandle);
- }
- parameters.shouldTrackVisitedLinks = m_historyClient.shouldTrackVisitedLinks();
- parameters.cacheModel = m_cacheModel;
- parameters.languages = userPreferredLanguages();
parameters.applicationCacheDirectory = applicationCacheDirectory();
+ if (!parameters.applicationCacheDirectory.isEmpty())
+ SandboxExtension::createHandle(parameters.applicationCacheDirectory, SandboxExtension::ReadWrite, parameters.applicationCacheDirectoryExtensionHandle);
+
parameters.databaseDirectory = databaseDirectory();
+ if (!parameters.databaseDirectory.isEmpty())
+ SandboxExtension::createHandle(parameters.databaseDirectory, SandboxExtension::ReadWrite, parameters.databaseDirectoryExtensionHandle);
+
parameters.localStorageDirectory = localStorageDirectory();
+ if (!parameters.localStorageDirectory.isEmpty())
+ SandboxExtension::createHandle(parameters.localStorageDirectory, SandboxExtension::ReadWrite, parameters.localStorageDirectoryExtensionHandle);
-#if PLATFORM(MAC)
- parameters.presenterApplicationPid = getpid();
-#endif
+ parameters.shouldTrackVisitedLinks = m_historyClient.shouldTrackVisitedLinks();
+ parameters.cacheModel = m_cacheModel;
+ parameters.languages = userPreferredLanguages();
copyToVector(m_schemesToRegisterAsEmptyDocument, parameters.urlSchemesRegistererdAsEmptyDocument);
copyToVector(m_schemesToRegisterAsSecure, parameters.urlSchemesRegisteredAsSecure);
Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (127383 => 127384)
--- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2012-09-02 03:08:00 UTC (rev 127384)
@@ -75,24 +75,28 @@
void WebContext::platformInitializeWebProcess(WebProcessCreationParameters& parameters)
{
+ parameters.presenterApplicationPid = getpid();
+
if (!omitPDFSupport()) {
// We want to use a PDF view in the UI process for PDF MIME types.
HashSet<String, CaseFoldingHash> mimeType = pdfAndPostScriptMIMETypes();
parameters.mimeTypesWithCustomRepresentation.appendRange(mimeType.begin(), mimeType.end());
}
+ parameters.parentProcessName = [[NSProcessInfo processInfo] processName];
+
RetainPtr<CFStringRef> cachePath(AdoptCF, WKCopyFoundationCacheDirectory());
if (!cachePath)
cachePath = reinterpret_cast<CFStringRef>(NSHomeDirectory());
+ parameters.nsURLCachePath = [(NSString *)cachePath.get() stringByStandardizingPath];
+ SandboxExtension::createHandle(parameters.nsURLCachePath, SandboxExtension::ReadWrite, parameters.nsURLCachePathExtensionHandle);
+ ASSERT(!parameters.nsURLCachePath.isEmpty());
+
NSURLCache *urlCache = [NSURLCache sharedURLCache];
-
- parameters.parentProcessName = [[NSProcessInfo processInfo] processName];
- parameters.nsURLCachePath = [(NSString *)cachePath.get() stringByStandardizingPath];
parameters.nsURLCacheMemoryCapacity = [urlCache memoryCapacity];
parameters.nsURLCacheDiskCapacity = [urlCache diskCapacity];
- ASSERT(!parameters.nsURLCachePath.isEmpty());
#if ENABLE(PLUGIN_PROCESS)
parameters.disablePluginProcessMessageTimeout = [[NSUserDefaults standardUserDefaults] boolForKey:@"WebKitDisablePluginProcessMessageTimeout"];
@@ -110,6 +114,7 @@
// FIXME: This should really be configurable; we shouldn't just blindly allow read access to the UI process bundle.
parameters.uiProcessBundleResourcePath = [[NSBundle mainBundle] resourcePath];
+ SandboxExtension::createHandle(parameters.uiProcessBundleResourcePath, SandboxExtension::ReadOnly, parameters.uiProcessBundleResourcePathExtensionHandle);
parameters.uiProcessBundleIdentifier = String([[NSBundle mainBundle] bundleIdentifier]);
Modified: trunk/Source/WebKit2/WebProcess/WebProcess.cpp (127383 => 127384)
--- trunk/Source/WebKit2/WebProcess/WebProcess.cpp 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/WebProcess/WebProcess.cpp 2012-09-02 03:08:00 UTC (rev 127384)
@@ -253,10 +253,6 @@
for (size_t i = 0; i < parameters.mimeTypesWithCustomRepresentation.size(); ++i)
m_mimeTypesWithCustomRepresentations.add(parameters.mimeTypesWithCustomRepresentation[i]);
-
-#if PLATFORM(MAC)
- m_presenterApplicationPid = parameters.presenterApplicationPid;
-#endif
if (parameters.shouldAlwaysUseComplexTextCodePath)
setAlwaysUsesComplexTextCodePath(true);
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (127383 => 127384)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2012-09-02 03:08:00 UTC (rev 127384)
@@ -107,30 +107,6 @@
(if (positive? (string-length (param "DARWIN_USER_TEMP_DIR")))
(allow file* (subpath (param "DARWIN_USER_TEMP_DIR"))))
-;; Database directory.
-(if (positive? (string-length (param "WEBKIT_DATABASE_DIR")))
- (allow file* (subpath (param "WEBKIT_DATABASE_DIR"))))
-
-;; LocalStorage directory.
-(if (positive? (string-length (param "WEBKIT_LOCALSTORAGE_DIR")))
- (allow file* (subpath (param "WEBKIT_LOCALSTORAGE_DIR"))))
-
-;; ApplicationCache directory.
-(if (positive? (string-length (param "WEBKIT_APPLICATION_CACHE_DIR")))
- (allow file* (subpath (param "WEBKIT_APPLICATION_CACHE_DIR"))))
-
-;; The Web Inspector directory.
-(if (positive? (string-length (param "WEBKIT_WEB_INSPECTOR_DIR")))
- (allow file-read* (subpath (param "WEBKIT_WEB_INSPECTOR_DIR"))))
-
-;; The NSURLCache directory.
-(if (positive? (string-length (param "NSURL_CACHE_DIR")))
- (allow file* (subpath (param "NSURL_CACHE_DIR"))))
-
-;; The bundle resource path of the UI process.
-(if (positive? (string-length (param "UI_PROCESS_BUNDLE_RESOURCE_DIR")))
- (allow file-read* (subpath (param "UI_PROCESS_BUNDLE_RESOURCE_DIR"))))
-
;; IOKit user clients
(allow iokit-open
(iokit-connection "IOAccelerator")
Modified: trunk/Source/WebKit2/WebProcess/mac/WebProcessMac.mm (127383 => 127384)
--- trunk/Source/WebKit2/WebProcess/mac/WebProcessMac.mm 2012-09-02 00:15:33 UTC (rev 127383)
+++ trunk/Source/WebKit2/WebProcess/mac/WebProcessMac.mm 2012-09-02 03:08:00 UTC (rev 127384)
@@ -205,8 +205,6 @@
// These are read-only.
appendReadonlySandboxDirectory(sandboxParameters, "WEBKIT2_FRAMEWORK_DIR", [[[NSBundle bundleForClass:NSClassFromString(@"WKView")] bundlePath] stringByDeletingLastPathComponent]);
- appendReadonlySandboxDirectory(sandboxParameters, "UI_PROCESS_BUNDLE_RESOURCE_DIR", parameters.uiProcessBundleResourcePath);
- appendReadonlySandboxDirectory(sandboxParameters, "WEBKIT_WEB_INSPECTOR_DIR", parameters.webInspectorBaseDirectory);
// These are read-write getconf paths.
appendReadwriteConfDirectory(sandboxParameters, "DARWIN_USER_TEMP_DIR", _CS_DARWIN_USER_TEMP_DIR);
@@ -214,10 +212,6 @@
// These are read-write paths.
appendReadwriteSandboxDirectory(sandboxParameters, "HOME_DIR", NSHomeDirectory());
- appendReadwriteSandboxDirectory(sandboxParameters, "WEBKIT_DATABASE_DIR", parameters.databaseDirectory);
- appendReadwriteSandboxDirectory(sandboxParameters, "WEBKIT_LOCALSTORAGE_DIR", parameters.localStorageDirectory);
- appendReadwriteSandboxDirectory(sandboxParameters, "WEBKIT_APPLICATION_CACHE_DIR", parameters.applicationCacheDirectory);
- appendReadwriteSandboxDirectory(sandboxParameters, "NSURL_CACHE_DIR", parameters.nsURLCachePath);
sandboxParameters.append(static_cast<const char*>(0));
@@ -258,6 +252,12 @@
initializeSandbox(parameters);
+ SandboxExtension::consumePermanently(parameters.uiProcessBundleResourcePathExtensionHandle);
+ SandboxExtension::consumePermanently(parameters.localStorageDirectoryExtensionHandle);
+ SandboxExtension::consumePermanently(parameters.databaseDirectoryExtensionHandle);
+ SandboxExtension::consumePermanently(parameters.applicationCacheDirectoryExtensionHandle);
+ SandboxExtension::consumePermanently(parameters.nsURLCachePathExtensionHandle);
+
if (!parameters.parentProcessName.isNull()) {
NSString *applicationName = [NSString stringWithFormat:WEB_UI_STRING("%@ Web Content", "Visible name of the web process. The argument is the application name."), (NSString *)parameters.parentProcessName];
WKSetVisibleApplicationName((CFStringRef)applicationName);
@@ -277,6 +277,8 @@
m_notificationManager.initialize(parameters.notificationPermissions);
#endif
+ m_presenterApplicationPid = parameters.presenterApplicationPid;
+
// rdar://9118639 accessibilityFocusedUIElement in NSApplication defaults to use the keyWindow. Since there's
// no window in WK2, NSApplication needs to use the focused page's focused element.
Method methodToPatch = class_getInstanceMethod([NSApplication class], @selector(accessibilityFocusedUIElement));
