Diff
Modified: trunk/Source/WebKit2/ChangeLog (144944 => 144945)
--- trunk/Source/WebKit2/ChangeLog 2013-03-06 18:20:17 UTC (rev 144944)
+++ trunk/Source/WebKit2/ChangeLog 2013-03-06 18:37:32 UTC (rev 144945)
@@ -1,3 +1,35 @@
+2013-03-05 Alexey Proskuryakov <[email protected]>
+
+ Track sandbox extensions for blobs in NetworkProcess
+ https://bugs.webkit.org/show_bug.cgi?id=111484
+
+ Reviewed by Sam Weinig.
+
+ * WebKit2.xcodeproj/project.pbxproj:
+ * NetworkProcess/FileAPI: Added.
+ * NetworkProcess/FileAPI/NetworkBlobRegistry.cpp: Added.
+ * NetworkProcess/FileAPI/NetworkBlobRegistry.h: Added.
+ Added a registry that wraps normal in-process "BlobRegistryImpl", and also tracks
+ sandbox extensions for blobs. It will also track process connections, so that
+ blobs could be removed when a process crashes.
+
+ * NetworkProcess/NetworkConnectionToWebProcess.cpp:
+ (WebKit::NetworkConnectionToWebProcess::registerBlobURL):
+ (WebKit::NetworkConnectionToWebProcess::registerBlobURLFromURL):
+ (WebKit::NetworkConnectionToWebProcess::unregisterBlobURL):
+ Use NetworkBlobRegistry.
+
+ * NetworkProcess/SchedulableLoader.h:
+ * NetworkProcess/SchedulableLoader.cpp:
+ (WebKit::SchedulableLoader::SchedulableLoader): Add extensions for blobs, both in
+ request URL and in request data.
+ (WebKit::SchedulableLoader::consumeSandboxExtensions): Request may now have multiple
+ extensions.
+ (WebKit::SchedulableLoader::invalidateSandboxExtensions): Ditto.
+
+ * Shared/FileAPI/BlobRegistrationData.cpp: Fixed extension creation - actually
+ store the result.
+
2013-03-06 Andras Becsi <[email protected]>
[Qt][WK2] Fix the Mac build after r144787
Added: trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.cpp (0 => 144945)
--- trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.cpp (rev 0)
+++ trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.cpp 2013-03-06 18:37:32 UTC (rev 144945)
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "NetworkBlobRegistry.h"
+
+#if ENABLE(BLOB) && ENABLE(NETWORK_PROCESS)
+
+#include "SandboxExtension.h"
+#include <WebCore/BlobRegistryImpl.h>
+#include <wtf/MainThread.h>
+
+using namespace WebCore;
+
+namespace WebKit {
+
+NetworkBlobRegistry& NetworkBlobRegistry::shared()
+{
+ ASSERT(isMainThread());
+ DEFINE_STATIC_LOCAL(NetworkBlobRegistry, registry, ());
+ return registry;
+}
+
+NetworkBlobRegistry::NetworkBlobRegistry()
+{
+}
+
+void NetworkBlobRegistry::registerBlobURL(const KURL& url, PassOwnPtr<BlobData> data, const Vector<RefPtr<SandboxExtension> >& newSandboxExtensions)
+{
+ ASSERT(!m_sandboxExtensions.contains(url.string()));
+
+ // Combine new extensions for File times and existing extensions for inner Blob items.
+ Vector<RefPtr<SandboxExtension> > sandboxExtensions = newSandboxExtensions;
+ const BlobDataItemList& items = data->items();
+ for (size_t i = 0, count = items.size(); i < count; ++i) {
+ if (items[i].type == BlobDataItem::Blob)
+ sandboxExtensions.append(m_sandboxExtensions.get(items[i].url.string()));
+ }
+
+ blobRegistry().registerBlobURL(url, data);
+
+ if (!sandboxExtensions.isEmpty())
+ m_sandboxExtensions.add(url.string(), sandboxExtensions);
+}
+
+void NetworkBlobRegistry::registerBlobURL(const WebCore::KURL& url, const WebCore::KURL& srcURL)
+{
+ blobRegistry().registerBlobURL(url, srcURL);
+ SandboxExtensionMap::iterator iter = m_sandboxExtensions.find(srcURL.string());
+ if (iter != m_sandboxExtensions.end())
+ m_sandboxExtensions.add(url.string(), iter->value);
+}
+
+void NetworkBlobRegistry::unregisterBlobURL(const WebCore::KURL& url)
+{
+ blobRegistry().unregisterBlobURL(url);
+ m_sandboxExtensions.remove(url.string());
+}
+
+const Vector<RefPtr<SandboxExtension> > NetworkBlobRegistry::sandboxExtensions(const WebCore::KURL& url)
+{
+ return m_sandboxExtensions.get(url.string());
+}
+
+}
+
+#endif
Property changes on: trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.cpp
___________________________________________________________________
Added: svn:eol-style
Added: trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.h (0 => 144945)
--- trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.h (rev 0)
+++ trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.h 2013-03-06 18:37:32 UTC (rev 144945)
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef NetworkBlobRegistry_h
+#define NetworkBlobRegistry_h
+
+#if ENABLE(BLOB) && ENABLE(NETWORK_PROCESS)
+
+#include <wtf/HashMap.h>
+#include <wtf/text/WTFString.h>
+
+namespace WebCore {
+class BlobData;
+class KURL;
+}
+
+namespace WebKit {
+
+class SandboxExtension;
+
+class NetworkBlobRegistry {
+WTF_MAKE_NONCOPYABLE(NetworkBlobRegistry);
+public:
+ NetworkBlobRegistry();
+ static NetworkBlobRegistry& shared();
+
+ void registerBlobURL(const WebCore::KURL&, PassOwnPtr<WebCore::BlobData>, const Vector<RefPtr<SandboxExtension> >&);
+ void registerBlobURL(const WebCore::KURL&, const WebCore::KURL& srcURL);
+ void unregisterBlobURL(const WebCore::KURL&);
+
+ const Vector<RefPtr<SandboxExtension> > sandboxExtensions(const WebCore::KURL&);
+
+private:
+ ~NetworkBlobRegistry();
+
+ typedef HashMap<String, Vector<RefPtr<SandboxExtension> > > SandboxExtensionMap;
+ SandboxExtensionMap m_sandboxExtensions;
+};
+
+}
+
+#endif // ENABLE(BLOB) && ENABLE(NETWORK_PROCESS)
+
+#endif // NetworkBlobRegistry_h
Property changes on: trunk/Source/WebKit2/NetworkProcess/FileAPI/NetworkBlobRegistry.h
___________________________________________________________________
Added: svn:eol-style
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkConnectionToWebProcess.cpp (144944 => 144945)
--- trunk/Source/WebKit2/NetworkProcess/NetworkConnectionToWebProcess.cpp 2013-03-06 18:20:17 UTC (rev 144944)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkConnectionToWebProcess.cpp 2013-03-06 18:37:32 UTC (rev 144945)
@@ -28,13 +28,13 @@
#include "BlobRegistrationData.h"
#include "ConnectionStack.h"
+#include "NetworkBlobRegistry.h"
#include "NetworkConnectionToWebProcessMessages.h"
#include "NetworkProcess.h"
#include "NetworkResourceLoader.h"
#include "RemoteNetworkingContext.h"
#include "SyncNetworkResourceLoader.h"
#include <WebCore/BlobData.h>
-#include <WebCore/BlobRegistry.h>
#include <WebCore/PlatformCookieJar.h>
#include <WebCore/ResourceLoaderOptions.h>
#include <WebCore/ResourceRequest.h>
@@ -182,19 +182,25 @@
void NetworkConnectionToWebProcess::registerBlobURL(const KURL& url, const BlobRegistrationData& data)
{
- // FIXME: Track sandbox extensions.
// FIXME: unregister all URLs when process connection closes.
- blobRegistry().registerBlobURL(url, data.releaseData());
+
+ Vector<RefPtr<SandboxExtension> > extensions;
+ for (size_t i = 0, count = data.sandboxExtensions().size(); i < count; ++i) {
+ if (RefPtr<SandboxExtension> extension = SandboxExtension::create(data.sandboxExtensions()[i]))
+ extensions.append(extension);
+ }
+
+ NetworkBlobRegistry::shared().registerBlobURL(url, data.releaseData(), extensions);
}
void NetworkConnectionToWebProcess::registerBlobURLFromURL(const KURL& url, const KURL& srcURL)
{
- blobRegistry().registerBlobURL(url, srcURL);
+ NetworkBlobRegistry::shared().registerBlobURL(url, srcURL);
}
void NetworkConnectionToWebProcess::unregisterBlobURL(const KURL& url)
{
- blobRegistry().unregisterBlobURL(url);
+ NetworkBlobRegistry::shared().unregisterBlobURL(url);
}
} // namespace WebKit
Modified: trunk/Source/WebKit2/NetworkProcess/SchedulableLoader.cpp (144944 => 144945)
--- trunk/Source/WebKit2/NetworkProcess/SchedulableLoader.cpp 2013-03-06 18:20:17 UTC (rev 144944)
+++ trunk/Source/WebKit2/NetworkProcess/SchedulableLoader.cpp 2013-03-06 18:37:32 UTC (rev 144945)
@@ -28,6 +28,11 @@
#if ENABLE(NETWORK_PROCESS)
+#include "NetworkBlobRegistry.h"
+#include <WebCore/FormData.h>
+
+using namespace WebCore;
+
namespace WebKit {
SchedulableLoader::SchedulableLoader(const NetworkResourceLoadParameters& parameters, NetworkConnectionToWebProcess* connection)
@@ -46,7 +51,25 @@
if (RefPtr<SandboxExtension> extension = SandboxExtension::create(parameters.requestBodySandboxExtensions()[i]))
m_requestBodySandboxExtensions.append(extension);
}
- m_resourceSandboxExtension = SandboxExtension::create(parameters.resourceSandboxExtension());
+
+#if ENABLE(BLOB)
+ if (m_request.httpBody()) {
+ const Vector<FormDataElement>& elements = m_request.httpBody()->elements();
+ for (size_t i = 0, count = elements.size(); i < count; ++i) {
+ if (elements[i].m_type == FormDataElement::encodedBlob) {
+ Vector<RefPtr<SandboxExtension> > blobElementExtensions = NetworkBlobRegistry::shared().sandboxExtensions(elements[i].m_url);
+ m_requestBodySandboxExtensions.append(blobElementExtensions);
+ }
+ }
+ }
+
+ if (m_request.url().protocolIs("blob")) {
+ ASSERT(!SandboxExtension::create(parameters.resourceSandboxExtension()));
+ m_resourceSandboxExtensions = NetworkBlobRegistry::shared().sandboxExtensions(m_request.url());
+ } else
+#endif
+ if (RefPtr<SandboxExtension> resourceSandboxExtension = SandboxExtension::create(parameters.resourceSandboxExtension()))
+ m_resourceSandboxExtensions.append(resourceSandboxExtension);
}
SchedulableLoader::~SchedulableLoader()
@@ -66,8 +89,8 @@
for (size_t i = 0, count = m_requestBodySandboxExtensions.size(); i < count; ++i)
m_requestBodySandboxExtensions[i]->consume();
- if (m_resourceSandboxExtension)
- m_resourceSandboxExtension->consume();
+ for (size_t i = 0, count = m_resourceSandboxExtensions.size(); i < count; ++i)
+ m_resourceSandboxExtensions[i]->consume();
}
void SchedulableLoader::invalidateSandboxExtensions()
@@ -75,8 +98,8 @@
for (size_t i = 0, count = m_requestBodySandboxExtensions.size(); i < count; ++i)
m_requestBodySandboxExtensions[i]->invalidate();
- if (m_resourceSandboxExtension)
- m_resourceSandboxExtension->invalidate();
+ for (size_t i = 0, count = m_resourceSandboxExtensions.size(); i < count; ++i)
+ m_resourceSandboxExtensions[i]->invalidate();
}
} // namespace WebKit
Modified: trunk/Source/WebKit2/NetworkProcess/SchedulableLoader.h (144944 => 144945)
--- trunk/Source/WebKit2/NetworkProcess/SchedulableLoader.h 2013-03-06 18:20:17 UTC (rev 144944)
+++ trunk/Source/WebKit2/NetworkProcess/SchedulableLoader.h 2013-03-06 18:37:32 UTC (rev 144945)
@@ -78,7 +78,7 @@
bool m_inPrivateBrowsingMode;
Vector<RefPtr<SandboxExtension> > m_requestBodySandboxExtensions;
- RefPtr<SandboxExtension> m_resourceSandboxExtension;
+ Vector<RefPtr<SandboxExtension> > m_resourceSandboxExtensions;
RefPtr<NetworkConnectionToWebProcess> m_connection;
Modified: trunk/Source/WebKit2/Shared/FileAPI/BlobRegistrationData.cpp (144944 => 144945)
--- trunk/Source/WebKit2/Shared/FileAPI/BlobRegistrationData.cpp 2013-03-06 18:20:17 UTC (rev 144944)
+++ trunk/Source/WebKit2/Shared/FileAPI/BlobRegistrationData.cpp 2013-03-06 18:37:32 UTC (rev 144945)
@@ -51,13 +51,12 @@
++fileCount;
}
- SandboxExtension::HandleArray sandboxExtensions;
- sandboxExtensions.allocate(fileCount);
+ m_sandboxExtensions.allocate(fileCount);
size_t extensionIndex = 0;
for (size_t i = 0, count = items.size(); i < count; ++i) {
const BlobDataItem& item = items[i];
if (item.type == BlobDataItem::File)
- SandboxExtension::createHandle(item.path, SandboxExtension::ReadOnly, sandboxExtensions[extensionIndex++]);
+ SandboxExtension::createHandle(item.path, SandboxExtension::ReadOnly, m_sandboxExtensions[extensionIndex++]);
}
}
Modified: trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj (144944 => 144945)
--- trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2013-03-06 18:20:17 UTC (rev 144944)
+++ trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2013-03-06 18:37:32 UTC (rev 144945)
@@ -1106,6 +1106,8 @@
E1790890169BAA7F006904C7 /* SecItemShimMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E18E6911169B667B009B6670 /* SecItemShimMessageReceiver.cpp */; };
E1790891169BAA82006904C7 /* SecItemShimMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = E18E6912169B667B009B6670 /* SecItemShimMessages.h */; };
E1790901169BB4F9006904C7 /* SecItemShim.dylib in Copy Sec Item Shim */ = {isa = PBXBuildFile; fileRef = 510031F61379CACB00C8DFE4 /* SecItemShim.dylib */; };
+ E1798C7916E6818800240139 /* NetworkBlobRegistry.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E1798C7716E6818800240139 /* NetworkBlobRegistry.cpp */; };
+ E1798C7A16E6818800240139 /* NetworkBlobRegistry.h in Headers */ = {isa = PBXBuildFile; fileRef = E1798C7816E6818800240139 /* NetworkBlobRegistry.h */; };
E179FD9C134D38060015B883 /* ArgumentCodersMac.h in Headers */ = {isa = PBXBuildFile; fileRef = E179FD9B134D38060015B883 /* ArgumentCodersMac.h */; };
E179FD9F134D38250015B883 /* ArgumentCodersMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = E179FD9E134D38250015B883 /* ArgumentCodersMac.mm */; };
E17AE2C316B9C63A001C42F1 /* com.apple.WebKit.NetworkProcess.sb in Resources */ = {isa = PBXBuildFile; fileRef = E17AE2C216B9C63A001C42F1 /* com.apple.WebKit.NetworkProcess.sb */; };
@@ -2550,6 +2552,8 @@
E170876A16D6CA6900F99226 /* BlobRegistryProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BlobRegistryProxy.h; path = WebProcess/FileAPI/BlobRegistryProxy.h; sourceTree = "<group>"; };
E170876E16D6CFE400F99226 /* BlobRegistrationData.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = BlobRegistrationData.cpp; path = FileAPI/BlobRegistrationData.cpp; sourceTree = "<group>"; };
E170876F16D6CFE500F99226 /* BlobRegistrationData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = BlobRegistrationData.h; path = FileAPI/BlobRegistrationData.h; sourceTree = "<group>"; };
+ E1798C7716E6818800240139 /* NetworkBlobRegistry.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = NetworkBlobRegistry.cpp; path = NetworkProcess/FileAPI/NetworkBlobRegistry.cpp; sourceTree = "<group>"; };
+ E1798C7816E6818800240139 /* NetworkBlobRegistry.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = NetworkBlobRegistry.h; path = NetworkProcess/FileAPI/NetworkBlobRegistry.h; sourceTree = "<group>"; };
E179FD9B134D38060015B883 /* ArgumentCodersMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArgumentCodersMac.h; sourceTree = "<group>"; };
E179FD9E134D38250015B883 /* ArgumentCodersMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ArgumentCodersMac.mm; sourceTree = "<group>"; };
E17AE2C116B9C139001C42F1 /* com.apple.WebKit.NetworkProcess.sb.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = com.apple.WebKit.NetworkProcess.sb.in; sourceTree = "<group>"; };
@@ -3478,6 +3482,7 @@
isa = PBXGroup;
children = (
BC82837C16B45DA500A278FE /* EntryPoint */,
+ E1798C7616E6815500240139 /* FileAPI */,
510CC7DC16138E2900D03ED3 /* mac */,
512C06861638F67E00ABB911 /* HostRecord.cpp */,
512C06871638F67E00ABB911 /* HostRecord.h */,
@@ -5011,6 +5016,15 @@
name = FileAPI;
sourceTree = "<group>";
};
+ E1798C7616E6815500240139 /* FileAPI */ = {
+ isa = PBXGroup;
+ children = (
+ E1798C7716E6818800240139 /* NetworkBlobRegistry.cpp */,
+ E1798C7816E6818800240139 /* NetworkBlobRegistry.h */,
+ );
+ name = FileAPI;
+ sourceTree = "<group>";
+ };
E199875B142BF9CF00BB2DE7 /* PDF */ = {
isa = PBXGroup;
children = (
@@ -5611,6 +5625,7 @@
E170876C16D6CA6900F99226 /* BlobRegistryProxy.h in Headers */,
E170877116D6CFE500F99226 /* BlobRegistrationData.h in Headers */,
E14A954A16E016A40068DE82 /* NetworkProcessPlatformStrategies.h in Headers */,
+ E1798C7A16E6818800240139 /* NetworkBlobRegistry.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -6816,6 +6831,7 @@
E170876B16D6CA6900F99226 /* BlobRegistryProxy.cpp in Sources */,
E170877016D6CFE500F99226 /* BlobRegistrationData.cpp in Sources */,
E14A954916E016A40068DE82 /* NetworkProcessPlatformStrategies.cpp in Sources */,
+ E1798C7916E6818800240139 /* NetworkBlobRegistry.cpp in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
