Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5be1236842b36137c9c9c85453a872e029dc6b8a
      
https://github.com/WebKit/WebKit/commit/5be1236842b36137c9c9c85453a872e029dc6b8a
  Author: Charlie Wolfe <[email protected]>
  Date:   2026-07-01 (Wed, 01 Jul 2026)

  Changed paths:
    A LayoutTests/ipc/register-file-backed-blob-path-validation-expected.txt
    A LayoutTests/ipc/register-file-backed-blob-path-validation.html
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in
    M Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.cpp
    M Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.h
    M Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.cpp
    M Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.h
    M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp
    M Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h

  Log Message:
  -----------
  Remove blanket storage-root file path allow from blob access enforcement
https://bugs.webkit.org/show_bug.cgi?id=313085
rdar://174405888

Reviewed by Sihui Liu.

isFilePathAllowed() accepted any path under the per-session general storage 
directory or custom IDB
storage path. This allowed a WebContent process to read any origin's persisted 
data via file-backed
blob registration.

Replace the directory-level allow with per-file grants: IDB result handlers now 
call
allowAccessToBlobFilesForProcess() to allow only the specific blob file paths 
being returned to the
WebContent process.

Test: ipc/register-file-backed-blob-path-validation.html

* LayoutTests/ipc/register-file-backed-blob-path-validation-expected.txt: Added.
* LayoutTests/ipc/register-file-backed-blob-path-validation.html: Added.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::isFilePathAllowed):
(WebKit::NetworkConnectionToWebProcess::registerInternalFileBlobURL):
(WebKit::NetworkConnectionToWebProcess::registerInternalBlobURLOptionallyFileBacked):
(WebKit::NetworkConnectionToWebProcess::generalStoragePathForTesting):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.h:
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.messages.in:
* Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.cpp:
(WebKit::IDBStorageConnectionToClient::IDBStorageConnectionToClient):
(WebKit::IDBStorageConnectionToClient::allowAccessToResultBlobFiles):
(WebKit::IDBStorageConnectionToClient::didGetRecord):
(WebKit::IDBStorageConnectionToClient::didGetAllRecords):
(WebKit::IDBStorageConnectionToClient::didOpenCursor):
(WebKit::IDBStorageConnectionToClient::didIterateCursor):
(WebKit::IDBStorageConnectionToClient::generateIndexKeyForRecord):
* Source/WebKit/NetworkProcess/storage/IDBStorageConnectionToClient.h:
* Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.cpp:
(WebKit::IDBStorageRegistry::IDBStorageRegistry):
(WebKit::IDBStorageRegistry::ensureConnectionToClient):
* Source/WebKit/NetworkProcess/storage/IDBStorageRegistry.h:
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.cpp:
(WebKit::NetworkStorageManager::NetworkStorageManager):
(WebKit::NetworkStorageManager::allowAccessToBlobFilesForProcess):
* Source/WebKit/NetworkProcess/storage/NetworkStorageManager.h:

Originally-landed-as: 305413.737@safari-7624-branch (defe0187e742). 
rdar://180436541
Canonical link: https://commits.webkit.org/316364@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to