Diff
Modified: trunk/Source/WebKit2/ChangeLog (140729 => 140730)
--- trunk/Source/WebKit2/ChangeLog 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/ChangeLog 2013-01-24 22:59:38 UTC (rev 140730)
@@ -1,3 +1,41 @@
+2013-01-24 Sam Weinig <[email protected]>
+
+ Cleanup sandbox initialization a bit
+ https://bugs.webkit.org/show_bug.cgi?id=107847
+
+ Reviewed by Alexey Proskuryakov.
+
+ * NetworkProcess/NetworkProcess.cpp:
+ (WebKit::NetworkProcess::initializeSandbox):
+ * NetworkProcess/NetworkProcess.h:
+ * NetworkProcess/mac/NetworkProcessMac.mm:
+ (WebKit::NetworkProcess::initializeSandbox):
+ * PluginProcess/PluginProcess.h:
+ * Shared/ChildProcess.cpp:
+ (WebKit::ChildProcess::initialize):
+ (WebKit::ChildProcess::initializeSandbox):
+ * Shared/ChildProcess.h:
+ (ChildProcess):
+ * Shared/SandboxInitializationParameters.h:
+ (SandboxInitializationParameters):
+ (WebKit::SandboxInitializationParameters::mode):
+ (WebKit::SandboxInitializationParameters::setOverrideSandboxProfilePath):
+ (WebKit::SandboxInitializationParameters::overrideSandboxProfilePath):
+ (WebKit::SandboxInitializationParameters::setSandboxProfile):
+ (WebKit::SandboxInitializationParameters::sandboxProfile):
+ (WebKit::SandboxInitializationParameters::SandboxInitializationParameters):
+ (WebKit::SandboxInitializationParameters::~SandboxInitializationParameters):
+ * Shared/mac/ChildProcessMac.mm:
+ (WebKit::ChildProcess::platformInitialize):
+ (WebKit::ChildProcess::initializeSandbox):
+ * Shared/mac/SandboxInitialiationParametersMac.mm:
+ (WebKit::SandboxInitializationParameters::SandboxInitializationParameters):
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::initializeSandbox):
+ * WebProcess/WebProcess.h:
+ * WebProcess/mac/WebProcessMac.mm:
+ (WebKit::ChildProcess::initializeSandbox):
+
2013-01-24 Anders Carlsson <[email protected]>
Add stubbed out StorageAreaProxy class
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkProcess.cpp (140729 => 140730)
--- trunk/Source/WebKit2/NetworkProcess/NetworkProcess.cpp 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkProcess.cpp 2013-01-24 22:59:38 UTC (rev 140730)
@@ -216,7 +216,7 @@
{
}
-void NetworkProcess::processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters&)
+void NetworkProcess::initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&)
{
}
#endif
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkProcess.h (140729 => 140730)
--- trunk/Source/WebKit2/NetworkProcess/NetworkProcess.h 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkProcess.h 2013-01-24 22:59:38 UTC (rev 140730)
@@ -78,9 +78,9 @@
// ChildProcess
virtual void initializeProcessName(const ChildProcessInitializationParameters&) OVERRIDE;
+ virtual void initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&) OVERRIDE;
virtual void initializeConnection(CoreIPC::Connection*) OVERRIDE;
virtual bool shouldTerminate() OVERRIDE;
- virtual void processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters&) OVERRIDE;
// CoreIPC::Connection::Client
virtual void didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::MessageDecoder&) OVERRIDE;
Modified: trunk/Source/WebKit2/NetworkProcess/mac/NetworkProcessMac.mm (140729 => 140730)
--- trunk/Source/WebKit2/NetworkProcess/mac/NetworkProcessMac.mm 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/NetworkProcess/mac/NetworkProcessMac.mm 2013-01-24 22:59:38 UTC (rev 140730)
@@ -178,10 +178,12 @@
[NSURLRequest setAllowsSpecificHTTPSCertificate:(NSArray *)certificateInfo.certificateChain() forHost:(NSString *)host];
}
-// FIXME: Remove when the process has a profile.
-void NetworkProcess::processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters& parameters)
+void NetworkProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
{
- parameters.setSandboxProfilePath(String());
+ // FIXME: Remove when the process has a profile.
+ sandboxParameters.setOverrideSandboxProfilePath(String());
+
+ ChildProcess::initializeSandbox(parameters, sandboxParameters);
}
} // namespace WebKit
Modified: trunk/Source/WebKit2/PluginProcess/PluginProcess.h (140729 => 140730)
--- trunk/Source/WebKit2/PluginProcess/PluginProcess.h 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/PluginProcess/PluginProcess.h 2013-01-24 22:59:38 UTC (rev 140730)
@@ -77,7 +77,7 @@
virtual bool shouldTerminate() OVERRIDE;
// FIXME: PluginProcess should switch to common code for sandbox initialization.
- virtual void initializeSandbox(const ChildProcessInitializationParameters&) OVERRIDE { }
+ virtual void initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&) OVERRIDE { }
void platformInitializeProcess(const ChildProcessInitializationParameters&);
Modified: trunk/Source/WebKit2/Shared/ChildProcess.cpp (140729 => 140730)
--- trunk/Source/WebKit2/Shared/ChildProcess.cpp 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/Shared/ChildProcess.cpp 2013-01-24 22:59:38 UTC (rev 140730)
@@ -26,7 +26,7 @@
#include "config.h"
#include "ChildProcess.h"
-#include "WebKit2Initialize.h"
+#include "SandboxInitializationParameters.h"
#if !OS(WINDOWS)
#include <unistd.h>
@@ -70,7 +70,9 @@
initializeProcess(parameters);
initializeProcessName(parameters);
- initializeSandbox(parameters);
+
+ SandboxInitializationParameters sandboxParameters;
+ initializeSandbox(parameters, sandboxParameters);
m_connection = CoreIPC::Connection::createClientConnection(parameters.connectionIdentifier, this, RunLoop::main());
m_connection->setDidCloseOnConnectionWorkQueueCallback(didCloseOnConnectionWorkQueue);
@@ -86,16 +88,6 @@
{
}
-#if !PLATFORM(MAC)
-void ChildProcess::initializeSandbox(const ChildProcessInitializationParameters&)
-{
-}
-#endif
-
-void ChildProcess::processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters&)
-{
-}
-
void ChildProcess::initializeConnection(CoreIPC::Connection*)
{
}
@@ -156,6 +148,10 @@
void ChildProcess::platformInitialize()
{
}
+
+void ChildProcess::initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&)
+{
+}
#endif
} // namespace WebKit
Modified: trunk/Source/WebKit2/Shared/ChildProcess.h (140729 => 140730)
--- trunk/Source/WebKit2/Shared/ChildProcess.h 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/Shared/ChildProcess.h 2013-01-24 22:59:38 UTC (rev 140730)
@@ -79,6 +79,7 @@
virtual void initializeProcess(const ChildProcessInitializationParameters&);
virtual void initializeProcessName(const ChildProcessInitializationParameters&);
+ virtual void initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&);
virtual void initializeConnection(CoreIPC::Connection*);
virtual bool shouldTerminate() = 0;
@@ -88,9 +89,6 @@
void terminationTimerFired();
void platformInitialize();
- // FIXME: This function is virtual only because PluginProcess needs to bypass it. It should switch to common code.
- virtual void initializeSandbox(const ChildProcessInitializationParameters&);
- virtual void processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters&);
// The timeout, in seconds, before this process will be terminated if termination
// has been enabled. If the timeout is 0 seconds, the process will be terminated immediately.
Modified: trunk/Source/WebKit2/Shared/SandboxInitializationParameters.h (140729 => 140730)
--- trunk/Source/WebKit2/Shared/SandboxInitializationParameters.h 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/Shared/SandboxInitializationParameters.h 2013-01-24 22:59:38 UTC (rev 140730)
@@ -29,16 +29,19 @@
#include <wtf/Vector.h>
#include <wtf/text/WTFString.h>
+#if PLATFORM(MAC)
+OBJC_CLASS NSString;
+#endif
+
namespace WebKit {
class SandboxInitializationParameters {
-WTF_MAKE_NONCOPYABLE(SandboxInitializationParameters);
+ WTF_MAKE_NONCOPYABLE(SandboxInitializationParameters);
public:
-
-#if PLATFORM(MAC)
SandboxInitializationParameters();
~SandboxInitializationParameters();
+#if PLATFORM(MAC)
// Name must be a literal.
void addConfDirectoryParameter(const char* name, int confID);
void addPathParameter(const char* name, NSString *path);
@@ -50,12 +53,38 @@
const char* name(size_t index) const;
const char* value(size_t index) const;
- void setSandboxProfilePath(const String& path) { m_sandboxProfilePath = path; m_sandboxProfile = String(); }
- const String& sandboxProfilePath() const { return m_sandboxProfilePath; }
+ enum ProfileSelectionMode {
+ UseDefaultSandboxProfilePath,
+ UseOverrideSandboxProfilePath,
+ UseSandboxProfile
+ };
- void setSandboxProfile(const String& profile) { m_sandboxProfilePath = String(); m_sandboxProfile = profile; }
- const String& sandboxProfile() const { return m_sandboxProfile; }
+ ProfileSelectionMode mode() const { return m_profileSelectionMode; }
+ void setOverrideSandboxProfilePath(const String& path)
+ {
+ m_profileSelectionMode = UseOverrideSandboxProfilePath;
+ m_overrideSandboxProfilePathOrSandboxProfile = path;
+ }
+
+ const String& overrideSandboxProfilePath() const
+ {
+ ASSERT(m_profileSelectionMode == UseOverrideSandboxProfilePath);
+ return m_overrideSandboxProfilePathOrSandboxProfile;
+ }
+
+ void setSandboxProfile(const String& profile)
+ {
+ m_profileSelectionMode = UseSandboxProfile;
+ m_overrideSandboxProfilePathOrSandboxProfile = profile;
+ }
+
+ const String& sandboxProfile() const
+ {
+ ASSERT(m_profileSelectionMode == UseSandboxProfile);
+ return m_overrideSandboxProfilePathOrSandboxProfile;
+ }
+
void setSystemDirectorySuffix(const String& suffix) { m_systemDirectorySuffix = suffix; }
const String& systemDirectorySuffix() const { return m_systemDirectorySuffix; }
#endif
@@ -67,11 +96,21 @@
mutable Vector<const char*> m_namedParameters;
String m_systemDirectorySuffix;
- String m_sandboxProfilePath;
- String m_sandboxProfile;
+ ProfileSelectionMode m_profileSelectionMode;
+ String m_overrideSandboxProfilePathOrSandboxProfile;
#endif
};
+#if !PLATFORM(MAC)
+SandboxInitializationParameters::SandboxInitializationParameters()
+{
}
+SandboxInitializationParameters::~SandboxInitializationParameters()
+{
+}
+#endif
+
+} // namespace WebKit
+
#endif // SandboxInitializationParameters_h
Modified: trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm (140729 => 140730)
--- trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm 2013-01-24 22:59:38 UTC (rev 140730)
@@ -76,19 +76,15 @@
#endif
// Starting as unoccluded. The proxy for this process will set the actual value from didFinishLaunching().
setApplicationIsOccluded(false);
+
+ [[NSFileManager defaultManager] changeCurrentDirectoryPath:[[NSBundle mainBundle] bundlePath]];
}
-void ChildProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters)
+void ChildProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
{
- [[NSFileManager defaultManager] changeCurrentDirectoryPath:[[NSBundle mainBundle] bundlePath]];
-
- SandboxInitializationParameters sandboxParameters;
-
NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKView")];
- NSString *defaultProfilePath = [webkit2Bundle pathForResource:[[NSBundle mainBundle] bundleIdentifier] ofType:@"sb"];
+ String defaultProfilePath = [webkit2Bundle pathForResource:[[NSBundle mainBundle] bundleIdentifier] ofType:@"sb"];
- sandboxParameters.setSandboxProfilePath(defaultProfilePath);
-
String defaultSystemDirectorySuffix = [[NSBundle mainBundle] bundleIdentifier] + parameters.clientIdentifier;
sandboxParameters.setSystemDirectorySuffix(defaultSystemDirectorySuffix);
@@ -107,8 +103,6 @@
sandboxParameters.addPathParameter("HOME_DIR", pwd.pw_dir);
- processUpdateSandboxInitializationParameters(parameters, sandboxParameters);
-
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
// Use private temporary and cache directories.
setenv("DIRHELPER_USER_DIR_SUFFIX", fileSystemRepresentation(sandboxParameters.systemDirectorySuffix()).data(), 0);
@@ -120,8 +114,11 @@
setenv("TMPDIR", temporaryDirectory, 1);
#endif
- if (!sandboxParameters.sandboxProfilePath().isEmpty()) {
- CString profilePath = fileSystemRepresentation(sandboxParameters.sandboxProfilePath());
+ switch (sandboxParameters.mode()) {
+ case SandboxInitializationParameters::UseDefaultSandboxProfilePath:
+ case SandboxInitializationParameters::UseOverrideSandboxProfilePath: {
+ String sandboxProfilePath = sandboxParameters.mode() == SandboxInitializationParameters::UseDefaultSandboxProfilePath ? defaultProfilePath : sandboxParameters.overrideSandboxProfilePath();
+ CString profilePath = fileSystemRepresentation(sandboxProfilePath);
char* errorBuf;
if (sandbox_init_with_parameters(profilePath.data(), SANDBOX_NAMED_EXTERNAL, sandboxParameters.namedParameterArray(), &errorBuf)) {
WTFLogAlways("%s: Couldn't initialize sandbox profile [%s], error '%s'\n", getprogname(), profilePath.data(), errorBuf);
@@ -129,7 +126,10 @@
WTFLogAlways("%s=%s\n", sandboxParameters.name(i), sandboxParameters.value(i));
exit(EX_NOPERM);
}
- } else if (!sandboxParameters.sandboxProfile().isEmpty()) {
+
+ break;
+ }
+ case SandboxInitializationParameters::UseSandboxProfile: {
char* errorBuf;
if (sandbox_init_with_parameters(sandboxParameters.sandboxProfile().utf8().data(), 0, sandboxParameters.namedParameterArray(), &errorBuf)) {
WTFLogAlways("%s: Couldn't initialize sandbox profile, error '%s'\n", getprogname(), errorBuf);
@@ -137,7 +137,10 @@
WTFLogAlways("%s=%s\n", sandboxParameters.name(i), sandboxParameters.value(i));
exit(EX_NOPERM);
}
+
+ break;
}
+ }
// This will override LSFileQuarantineEnabled from Info.plist unless sandbox quarantine is globally disabled.
OSStatus error = WKEnableSandboxStyleFileQuarantine();
Modified: trunk/Source/WebKit2/Shared/mac/SandboxInitialiationParametersMac.mm (140729 => 140730)
--- trunk/Source/WebKit2/Shared/mac/SandboxInitialiationParametersMac.mm 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/Shared/mac/SandboxInitialiationParametersMac.mm 2013-01-24 22:59:38 UTC (rev 140730)
@@ -29,6 +29,7 @@
namespace WebKit {
SandboxInitializationParameters::SandboxInitializationParameters()
+ : m_profileSelectionMode(UseDefaultSandboxProfilePath)
{
}
@@ -93,4 +94,4 @@
return m_namedParameters[index * 2 + 1];
}
-}
+} // namespace WebKit
Modified: trunk/Source/WebKit2/WebProcess/WebProcess.cpp (140729 => 140730)
--- trunk/Source/WebKit2/WebProcess/WebProcess.cpp 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/WebProcess/WebProcess.cpp 2013-01-24 22:59:38 UTC (rev 140730)
@@ -1079,7 +1079,7 @@
{
}
-void WebProcess::processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters&)
+void WebProcess::initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&)
{
}
Modified: trunk/Source/WebKit2/WebProcess/WebProcess.h (140729 => 140730)
--- trunk/Source/WebKit2/WebProcess/WebProcess.h 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/WebProcess/WebProcess.h 2013-01-24 22:59:38 UTC (rev 140730)
@@ -206,6 +206,7 @@
void initializeWebProcess(const WebProcessCreationParameters&, CoreIPC::MessageDecoder&);
void platformInitializeWebProcess(const WebProcessCreationParameters&, CoreIPC::MessageDecoder&);
+
void platformTerminate();
void registerURLSchemeAsEmptyDocument(const String&);
void registerURLSchemeAsSecure(const String&) const;
@@ -266,10 +267,10 @@
// ChildProcess
virtual void initializeProcess(const ChildProcessInitializationParameters&) OVERRIDE;
virtual void initializeProcessName(const ChildProcessInitializationParameters&) OVERRIDE;
+ virtual void initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&) OVERRIDE;
virtual void initializeConnection(CoreIPC::Connection*) OVERRIDE;
virtual bool shouldTerminate() OVERRIDE;
virtual void terminate() OVERRIDE;
- virtual void processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters&) OVERRIDE;
void platformInitializeProcess(const ChildProcessInitializationParameters&);
Modified: trunk/Source/WebKit2/WebProcess/mac/WebProcessMac.mm (140729 => 140730)
--- trunk/Source/WebKit2/WebProcess/mac/WebProcessMac.mm 2013-01-24 22:57:57 UTC (rev 140729)
+++ trunk/Source/WebKit2/WebProcess/mac/WebProcessMac.mm 2013-01-24 22:59:38 UTC (rev 140730)
@@ -146,7 +146,7 @@
return [page->accessibilityRemoteObject() accessibilityFocusedUIElement];
}
-
+
void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, CoreIPC::MessageDecoder&)
{
SandboxExtension::consumePermanently(parameters.uiProcessBundleResourcePathExtensionHandle);
@@ -203,11 +203,13 @@
}
}
-void WebProcess::processUpdateSandboxInitializationParameters(const ChildProcessInitializationParameters&, SandboxInitializationParameters& parameters)
+void WebProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
{
// Need to overide the default, because service has a different bundle ID.
NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKView")];
- parameters.setSandboxProfilePath([webkit2Bundle pathForResource:@"com.apple.WebProcess" ofType:@"sb"]);
+ sandboxParameters.setOverrideSandboxProfilePath([webkit2Bundle pathForResource:@"com.apple.WebProcess" ofType:@"sb"]);
+
+ ChildProcess::initializeSandbox(parameters, sandboxParameters);
}
} // namespace WebKit
