Diff
Modified: trunk/Source/WebKit2/ChangeLog (171023 => 171024)
--- trunk/Source/WebKit2/ChangeLog 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/ChangeLog 2014-07-12 18:33:43 UTC (rev 171024)
@@ -1,5 +1,29 @@
2014-07-12 Oliver Hunt <oli...@apple.com>
+ Extend WebContent sandbox to allow some extra access for frameworks
+ https://bugs.webkit.org/show_bug.cgi?id=134844
+
+ Reviewed by Sam Weinig.
+
+ Open up the webcontent sandbox a bit so that some external frameworks
+ can work correctly.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::createNewWebProcess):
+ (WebKit::WebContext::mediaCacheDirectory):
+ * UIProcess/WebContext.h:
+ * UIProcess/mac/WebContextMac.mm:
+ (WebKit::WebContext::platformMediaCacheDirectory):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+
+2014-07-12 Oliver Hunt <oli...@apple.com>
+
Temporary work around for <rdar://<rdar://problem/17513375>
https://bugs.webkit.org/show_bug.cgi?id=134848
Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (171023 => 171024)
--- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2014-07-12 18:33:43 UTC (rev 171024)
@@ -85,5 +85,9 @@
(allow mach-lookup
(global-name "com.apple.webinspector"))
+;; Various services required by CFNetwork and other frameworks
+(allow mach-lookup
+ (global-name "com.apple.PowerManagement.control"))
+
(deny file-write-create (vnode-type SYMLINK))
(deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp (171023 => 171024)
--- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2014-07-12 18:33:43 UTC (rev 171024)
@@ -69,6 +69,8 @@
encoder << cookieStorageDirectoryExtensionHandle;
encoder << openGLCacheDirectory;
encoder << openGLCacheDirectoryExtensionHandle;
+ encoder << mediaCacheDirectory;
+ encoder << mediaCacheDirectoryExtensionHandle;
encoder << shouldUseTestingNetworkSession;
encoder << urlSchemesRegistererdAsEmptyDocument;
encoder << urlSchemesRegisteredAsSecure;
@@ -166,6 +168,10 @@
return false;
if (!decoder.decode(parameters.openGLCacheDirectoryExtensionHandle))
return false;
+ if (!decoder.decode(parameters.mediaCacheDirectory))
+ return false;
+ if (!decoder.decode(parameters.mediaCacheDirectoryExtensionHandle))
+ return false;
if (!decoder.decode(parameters.shouldUseTestingNetworkSession))
return false;
if (!decoder.decode(parameters.urlSchemesRegistererdAsEmptyDocument))
Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h (171023 => 171024)
--- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2014-07-12 18:33:43 UTC (rev 171024)
@@ -74,6 +74,8 @@
SandboxExtension::Handle cookieStorageDirectoryExtensionHandle;
String openGLCacheDirectory;
SandboxExtension::Handle openGLCacheDirectoryExtensionHandle;
+ String mediaCacheDirectory;
+ SandboxExtension::Handle mediaCacheDirectoryExtensionHandle;
bool shouldUseTestingNetworkSession;
Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (171023 => 171024)
--- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-07-12 18:33:43 UTC (rev 171024)
@@ -594,6 +594,10 @@
if (!parameters.openGLCacheDirectory.isEmpty())
SandboxExtension::createHandleForReadWriteDirectory(parameters.openGLCacheDirectory, parameters.openGLCacheDirectoryExtensionHandle);
+ parameters.mediaCacheDirectory = mediaCacheDirectory();
+ if (!parameters.mediaCacheDirectory.isEmpty())
+ SandboxExtension::createHandleForReadWriteDirectory(parameters.mediaCacheDirectory, parameters.mediaCacheDirectoryExtensionHandle);
+
parameters.shouldUseTestingNetworkSession = m_shouldUseTestingNetworkSession;
parameters.cacheModel = m_cacheModel;
@@ -1187,6 +1191,14 @@
return platformDefaultOpenGLCacheDirectory();
}
+String WebContext::mediaCacheDirectory() const
+{
+ if (!m_overrideMediaCacheDirectory.isEmpty())
+ return m_overrideMediaCacheDirectory;
+
+ return platformMediaCacheDirectory();
+}
+
void WebContext::useTestingNetworkSession()
{
ASSERT(m_processes.isEmpty());
Modified: trunk/Source/WebKit2/UIProcess/WebContext.h (171023 => 171024)
--- trunk/Source/WebKit2/UIProcess/WebContext.h 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/UIProcess/WebContext.h 2014-07-12 18:33:43 UTC (rev 171024)
@@ -426,6 +426,9 @@
String openGLCacheDirectory() const;
String platformDefaultOpenGLCacheDirectory() const;
+ String mediaCacheDirectory() const;
+ String platformMediaCacheDirectory() const;
+
#if PLATFORM(COCOA)
void registerNotificationObservers();
void unregisterNotificationObservers();
@@ -522,6 +525,7 @@
String m_overrideDiskCacheDirectory;
String m_overrideCookieStorageDirectory;
String m_overrideOpenGLCacheDirectory;
+ String m_overrideMediaCacheDirectory;
String m_webSQLDatabaseDirectory;
String m_indexedDBDatabaseDirectory;
Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (171023 => 171024)
--- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-12 18:33:43 UTC (rev 171024)
@@ -303,6 +303,18 @@
#endif
}
+String WebContext::platformMediaCacheDirectory() const
+{
+#if PLATFORM(IOS)
+ String path = NSTemporaryDirectory();
+ path = path + "/MediaCache";
+ return stringByResolvingSymlinksInPath(path);
+#else
+ notImplemented();
+ return [@"" stringByStandardizingPath];
+#endif
+}
+
String WebContext::platformDefaultWebSQLDatabaseDirectory()
{
NSString *databasesDirectory = [[NSUserDefaults standardUserDefaults] objectForKey:WebDatabaseDirectoryDefaultsKey];
Modified: trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm (171023 => 171024)
--- trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-07-12 18:32:13 UTC (rev 171023)
+++ trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-07-12 18:33:43 UTC (rev 171024)
@@ -169,6 +169,7 @@
SandboxExtension::consumePermanently(parameters.diskCacheDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.openGLCacheDirectoryExtensionHandle);
+ SandboxExtension::consumePermanently(parameters.mediaCacheDirectoryExtensionHandle);
#endif
// When the network process is enabled, each web process wants a stand-alone
