Title: [167238] releases/WebKitGTK/webkit-2.4/Source/WebKit2
- Revision
- 167238
- Author
- [email protected]
- Date
- 2014-04-14 04:12:23 -0700 (Mon, 14 Apr 2014)
Log Message
Merge r166026 - Generalize WebInspector check in maybeInitializeSandboxExtensionHandle().
https://bugs.webkit.org/show_bug.cgi?id=130079
<rdar://problem/16286683>
Reviewed by Anders Carlsson.
* UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
Perform an early return for all paths that don't need a sandbox extension due to
access being assumed, not only for WebInspector pages.
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::hasAssumedReadAccessToURL):
(WebKit::WebProcessProxy::checkURLReceivedFromWebProcess):
* UIProcess/WebProcessProxy.h:
Factored out m_localPathsWithAssumedReadAccess iteration to a public function.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.4/Source/WebKit2/ChangeLog (167237 => 167238)
--- releases/WebKitGTK/webkit-2.4/Source/WebKit2/ChangeLog 2014-04-14 11:04:57 UTC (rev 167237)
+++ releases/WebKitGTK/webkit-2.4/Source/WebKit2/ChangeLog 2014-04-14 11:12:23 UTC (rev 167238)
@@ -1,3 +1,21 @@
+2014-03-20 Alexey Proskuryakov <[email protected]>
+
+ Generalize WebInspector check in maybeInitializeSandboxExtensionHandle().
+ https://bugs.webkit.org/show_bug.cgi?id=130079
+ <rdar://problem/16286683>
+
+ Reviewed by Anders Carlsson.
+
+ * UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
+ Perform an early return for all paths that don't need a sandbox extension due to
+ access being assumed, not only for WebInspector pages.
+
+ * UIProcess/WebProcessProxy.cpp:
+ (WebKit::WebProcessProxy::hasAssumedReadAccessToURL):
+ (WebKit::WebProcessProxy::checkURLReceivedFromWebProcess):
+ * UIProcess/WebProcessProxy.h:
+ Factored out m_localPathsWithAssumedReadAccess iteration to a public function.
+
2014-04-11 Carlos Garcia Campos <[email protected]>
wk2-gtk does not display anything
Modified: releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebPageProxy.cpp (167237 => 167238)
--- releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebPageProxy.cpp 2014-04-14 11:04:57 UTC (rev 167237)
+++ releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebPageProxy.cpp 2014-04-14 11:12:23 UTC (rev 167238)
@@ -597,10 +597,12 @@
if (!url.isLocalFile())
return false;
+ if (m_process->hasAssumedReadAccessToURL(url))
+ return false;
+
#if ENABLE(INSPECTOR)
- // Don't give the inspector full access to the file system.
- if (WebInspectorProxy::isInspectorPage(*this))
- return false;
+ // Inspector resources are in a directory with assumed access.
+ ASSERT_WITH_SECURITY_IMPLICATION(!WebInspectorProxy::isInspectorPage(*this));
#endif
SandboxExtension::createHandle("/", SandboxExtension::ReadOnly, sandboxExtensionHandle);
Modified: releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebProcessProxy.cpp (167237 => 167238)
--- releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2014-04-14 11:04:57 UTC (rev 167237)
+++ releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2014-04-14 11:12:23 UTC (rev 167238)
@@ -245,6 +245,21 @@
m_localPathsWithAssumedReadAccess.add(baseURL.fileSystemPath());
}
+bool WebProcessProxy::hasAssumedReadAccessToURL(const URL& url) const
+{
+ if (!url.isLocalFile())
+ return false;
+
+ String path = url.fileSystemPath();
+ for (const String& assumedAccessPath : m_localPathsWithAssumedReadAccess) {
+ // There are no ".." components, because URL removes those.
+ if (path.startsWith(assumedAccessPath))
+ return true;
+ }
+
+ return false;
+}
+
bool WebProcessProxy::checkURLReceivedFromWebProcess(const String& urlString)
{
return checkURLReceivedFromWebProcess(URL(URL(), urlString));
@@ -263,15 +278,12 @@
return true;
// If we loaded a string with a file base URL before, loading resources from that subdirectory is fine.
- // There are no ".." components, because all URLs received from WebProcess are parsed with URL, which removes those.
- String path = url.fileSystemPath();
- for (HashSet<String>::const_iterator iter = m_localPathsWithAssumedReadAccess.begin(); iter != m_localPathsWithAssumedReadAccess.end(); ++iter) {
- if (path.startsWith(*iter))
- return true;
- }
+ if (hasAssumedReadAccessToURL(url))
+ return true;
// Items in back/forward list have been already checked.
// One case where we don't have sandbox extensions for file URLs in b/f list is if the list has been reinstated after a crash or a browser restart.
+ String path = url.fileSystemPath();
for (WebBackForwardListItemMap::iterator iter = m_backForwardListItemMap.begin(), end = m_backForwardListItemMap.end(); iter != end; ++iter) {
if (URL(URL(), iter->value->url()).fileSystemPath() == path)
return true;
Modified: releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebProcessProxy.h (167237 => 167238)
--- releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebProcessProxy.h 2014-04-14 11:04:57 UTC (rev 167237)
+++ releases/WebKitGTK/webkit-2.4/Source/WebKit2/UIProcess/WebProcessProxy.h 2014-04-14 11:12:23 UTC (rev 167238)
@@ -99,6 +99,7 @@
void willAcquireUniversalFileReadSandboxExtension() { m_mayHaveUniversalFileReadSandboxExtension = true; }
void assumeReadAccessToBaseURL(const String&);
+ bool hasAssumedReadAccessToURL(const WebCore::URL&) const;
bool checkURLReceivedFromWebProcess(const String&);
bool checkURLReceivedFromWebProcess(const WebCore::URL&);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes