Diff
Modified: trunk/Source/WebKit2/ChangeLog (140925 => 140926)
--- trunk/Source/WebKit2/ChangeLog 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/ChangeLog 2013-01-27 07:02:45 UTC (rev 140926)
@@ -1,3 +1,36 @@
+2013-01-26 Alexey Proskuryakov <a...@apple.com>
+
+ Use shared ChildProcess code to enter plug-in sandbox.
+
+ Reviewed by Sam Weinig.
+
+ There is one known behavior change from this refactoring: getpwuid_r is used
+ instead of NSHomeDirectory for home directory, mathcing other client processes.
+
+ * PluginProcess/PluginProcess.cpp: (WebKit::PluginProcess::enterSandbox):
+ * PluginProcess/PluginProcess.h:
+ PluginProcess prevents ChildProcess attempt to enter the sandbox immediately on
+ launch for now, because we don't have a sandbox profile directory path yet.
+ It now keeps a copy of ChildProcessInitializationParameters, so that
+ ChildProcess::initializeSandbox() could be called later.
+
+ * PluginProcess/mac/PluginProcessMac.mm:
+ (WebKit::PluginProcess::platformInitializeProcess): Store a copy of ChildProcessInitializationParameters
+ for later.
+ (WebKit::loadSandboxProfile): Build a sandbox profile from a common prefix and
+ a plugin-specific part.
+ (WebKit::PluginProcess::platformInitializePluginProcess): We can enter the sandbox now.
+ (WebKit::PluginProcess::enterSandbox): Prepare SandboxInitializationParameters,
+ and call ChildProcess::initializeSandbox().
+
+ * Shared/mac/ChildProcessMac.mm:
+ (WebKit::ChildProcess::initializeSandbox): Actually handle system directory suffix
+ from parameters.
+
+ * WebKit2.xcodeproj/project.pbxproj:
+ * WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.h: Removed.
+ * WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.mm: Removed.
+
2013-01-26 Sam Weinig <s...@webkit.org>
Add support for running the networking process as an XPCService
Modified: trunk/Source/WebKit2/PluginProcess/PluginProcess.cpp (140925 => 140926)
--- trunk/Source/WebKit2/PluginProcess/PluginProcess.cpp 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/PluginProcess/PluginProcess.cpp 2013-01-27 07:02:45 UTC (rev 140926)
@@ -90,6 +90,12 @@
platformInitializeProcess(parameters);
}
+#if !PLATFORM(MAC)
+void PluginProcess::enterSandbox(const String&)
+{
+}
+#endif
+
void PluginProcess::removeWebProcessConnection(WebProcessConnection* webProcessConnection)
{
size_t vectorIndex = m_webProcessConnections.find(webProcessConnection);
Modified: trunk/Source/WebKit2/PluginProcess/PluginProcess.h (140925 => 140926)
--- trunk/Source/WebKit2/PluginProcess/PluginProcess.h 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/PluginProcess/PluginProcess.h 2013-01-27 07:02:45 UTC (rev 140926)
@@ -72,11 +72,14 @@
PluginProcess();
~PluginProcess();
+ void enterSandbox(const String& sandboxProfileDirectoryPath);
+
// ChildProcess
virtual void initializeProcess(const ChildProcessInitializationParameters&) OVERRIDE;
virtual bool shouldTerminate() OVERRIDE;
- // FIXME: PluginProcess should switch to common code for sandbox initialization.
+ // Prevent entering the sandbox during first stage of process initialization. We can't do enter the sandbox before receiving
+ // sandbox profile directory in initialization message.
virtual void initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&) OVERRIDE { }
void platformInitializeProcess(const ChildProcessInitializationParameters&);
@@ -98,6 +101,9 @@
void setMinimumLifetime(double);
void minimumLifetimeTimerFired();
+ // Stored for delayed sandbox initialization.
+ ChildProcessInitializationParameters m_childProcessInitializationParameters;
+
// Our web process connections.
Vector<RefPtr<WebProcessConnection> > m_webProcessConnections;
@@ -110,12 +116,11 @@
bool m_supportsAsynchronousPluginInitialization;
WebCore::RunLoop::Timer<PluginProcess> m_minimumLifetimeTimer;
-
+
#if USE(ACCELERATED_COMPOSITING) && PLATFORM(MAC)
// The Mach port used for accelerated compositing.
mach_port_t m_compositingRenderServerPort;
#endif
-
};
} // namespace WebKit
Modified: trunk/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm (140925 => 140926)
--- trunk/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm 2013-01-27 07:02:45 UTC (rev 140926)
@@ -33,15 +33,15 @@
#import "PluginProcessShim.h"
#import "PluginProcessProxyMessages.h"
#import "PluginProcessCreationParameters.h"
+#import "SandboxInitializationParameters.h"
#import <CoreAudio/AudioHardware.h>
#import <WebCore/LocalizedStrings.h>
#import <WebKitSystemInterface.h>
#import <dlfcn.h>
#import <objc/runtime.h>
+#import <sysexits.h>
#import <wtf/HashSet.h>
-#import "NetscapeSandboxFunctions.h"
-
using namespace WebCore;
namespace WebKit {
@@ -270,8 +270,10 @@
CFRetain(orderOffScreenObserver);
}
-void PluginProcess::platformInitializeProcess(const ChildProcessInitializationParameters&)
+void PluginProcess::platformInitializeProcess(const ChildProcessInitializationParameters& parameters)
{
+ m_childProcessInitializationParameters = parameters;
+
RunLoop::setUseApplicationRunLoopOnMainRunLoop();
#if defined(__i386__)
@@ -303,22 +305,22 @@
parentProcessConnection()->send(Messages::PluginProcessProxy::SetFullscreenWindowIsShowing(fullscreenWindowIsShowing), 0);
}
-static void initializeSandbox(const String& pluginPath, const String& sandboxProfileDirectoryPath)
+static String loadSandboxProfile(const String& pluginPath, const String& sandboxProfileDirectoryPath)
{
if (sandboxProfileDirectoryPath.isEmpty())
- return;
+ return String();
RetainPtr<CFURLRef> pluginURL = adoptCF(CFURLCreateWithFileSystemPath(0, pluginPath.createCFString().get(), kCFURLPOSIXPathStyle, false));
if (!pluginURL)
- return;
+ return String();
RetainPtr<CFBundleRef> pluginBundle = adoptCF(CFBundleCreate(kCFAllocatorDefault, pluginURL.get()));
if (!pluginBundle)
- return;
+ return String();
CFStringRef bundleIdentifier = CFBundleGetIdentifier(pluginBundle.get());
if (!bundleIdentifier)
- return;
+ return String();
RetainPtr<CFURLRef> sandboxProfileDirectory = adoptCF(CFURLCreateWithFileSystemPath(0, sandboxProfileDirectoryPath.createCFString().get(), kCFURLPOSIXPathStyle, TRUE));
@@ -327,17 +329,15 @@
RetainPtr<NSString> profileString = adoptNS([[NSString alloc] initWithContentsOfURL:(NSURL *)sandboxURL.get() encoding:NSUTF8StringEncoding error:NULL]);
if (!profileString)
- return;
+ return String();
sandboxURL = adoptCF(CFURLCreateWithFileSystemPathRelativeToBase(0, CFSTR("com.apple.WebKit.plugin-common.sb"), kCFURLPOSIXPathStyle, FALSE, sandboxProfileDirectory.get()));
RetainPtr<NSString> commonProfileString = adoptNS([[NSString alloc] initWithContentsOfURL:(NSURL *)sandboxURL.get() encoding:NSUTF8StringEncoding error:NULL]);
if (!commonProfileString)
- return;
+ return String();
- profileString = [commonProfileString.get() stringByAppendingString:profileString.get()];
-
- enterSandbox([profileString.get() UTF8String]);
+ return [commonProfileString.get() stringByAppendingString:profileString.get()];
}
static void muteAudio(void)
@@ -360,13 +360,52 @@
WKSetVisibleApplicationName((CFStringRef)applicationName);
- // FIXME: Use ChildProcess::initializeSandbox.
- WebKit::initializeSandbox(m_pluginPath, parameters.sandboxProfileDirectoryPath);
+ // FIXME: PluginProcess initializes sandbox later than normal for ChildProcesses, because it needs
+ // to know profile directory path. Switch to normal initialization scheme once the path can be determined earlier.
+ enterSandbox(parameters.sandboxProfileDirectoryPath);
if (parameters.processType == TypeSnapshotProcess)
muteAudio();
}
+void PluginProcess::enterSandbox(const String& sandboxProfileDirectoryPath)
+{
+ SandboxInitializationParameters sandboxParameters;
+
+ String sandboxProfile = loadSandboxProfile(m_pluginPath, sandboxProfileDirectoryPath);
+ if (sandboxProfile.isEmpty())
+ return;
+
+ sandboxParameters.setSandboxProfile(sandboxProfile);
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
+ // Use private temporary and cache directories.
+ char temporaryDirectory[PATH_MAX];
+ if (!confstr(_CS_DARWIN_USER_TEMP_DIR, temporaryDirectory, sizeof(temporaryDirectory))) {
+ WTFLogAlways("PluginProcess: couldn't retrieve system temporary directory path: %d\n", errno);
+ exit(EX_OSERR);
+ }
+
+ if (strlcpy(temporaryDirectory, [[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:temporaryDirectory length:strlen(temporaryDirectory)] stringByAppendingPathComponent:@"WebKitPlugin-XXXXXX"] fileSystemRepresentation], sizeof(temporaryDirectory)) >= sizeof(temporaryDirectory)
+ || !mkdtemp(temporaryDirectory)) {
+ WTFLogAlways("PluginProcess: couldn't create private temporary directory '%s'\n", temporaryDirectory);
+ exit(EX_OSERR);
+ }
+
+ sandboxParameters.setSystemDirectorySuffix([[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:temporaryDirectory length:strlen(temporaryDirectory)] lastPathComponent] fileSystemRepresentation]);
+#endif
+
+ sandboxParameters.addPathParameter("PLUGIN_PATH", m_pluginPath);
+
+ RetainPtr<CFStringRef> cachePath(AdoptCF, WKCopyFoundationCacheDirectory());
+ sandboxParameters.addPathParameter("NSURL_CACHE_DIR", (NSString *)cachePath.get());
+
+ RetainPtr<NSDictionary> defaults = adoptNS([[NSDictionary alloc] initWithObjectsAndKeys:[NSNumber numberWithBool:YES], @"NSUseRemoteSavePanel", nil]);
+ [[NSUserDefaults standardUserDefaults] registerDefaults:defaults.get()];
+
+ ChildProcess::initializeSandbox(m_childProcessInitializationParameters, sandboxParameters);
+}
+
} // namespace WebKit
#endif // ENABLE(PLUGIN_PROCESS)
Modified: trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm (140925 => 140926)
--- trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm 2013-01-27 07:02:45 UTC (rev 140926)
@@ -85,8 +85,10 @@
NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKView")];
String defaultProfilePath = [webkit2Bundle pathForResource:[[NSBundle mainBundle] bundleIdentifier] ofType:@"sb"];
- String defaultSystemDirectorySuffix = String([[NSBundle mainBundle] bundleIdentifier]) + "+" + parameters.clientIdentifier;
- sandboxParameters.setSystemDirectorySuffix(defaultSystemDirectorySuffix);
+ if (sandboxParameters.systemDirectorySuffix().isNull()) {
+ String defaultSystemDirectorySuffix = String([[NSBundle mainBundle] bundleIdentifier]) + "+" + parameters.clientIdentifier;
+ sandboxParameters.setSystemDirectorySuffix(defaultSystemDirectorySuffix);
+ }
sandboxParameters.addPathParameter("WEBKIT2_FRAMEWORK_DIR", [[webkit2Bundle bundlePath] stringByDeletingLastPathComponent]);
sandboxParameters.addConfDirectoryParameter("DARWIN_USER_TEMP_DIR", _CS_DARWIN_USER_TEMP_DIR);
Modified: trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj (140925 => 140926)
--- trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2013-01-27 07:02:45 UTC (rev 140926)
@@ -1041,8 +1041,6 @@
E1790901169BB4F9006904C7 /* SecItemShim.dylib in Copy Sec Item Shim */ = {isa = PBXBuildFile; fileRef = 510031F61379CACB00C8DFE4 /* SecItemShim.dylib */; };
E179FD9C134D38060015B883 /* ArgumentCodersMac.h in Headers */ = {isa = PBXBuildFile; fileRef = E179FD9B134D38060015B883 /* ArgumentCodersMac.h */; };
E179FD9F134D38250015B883 /* ArgumentCodersMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = E179FD9E134D38250015B883 /* ArgumentCodersMac.mm */; };
- E17BF99614D0A73E00A5A069 /* NetscapeSandboxFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = E17BF99514D0A73E00A5A069 /* NetscapeSandboxFunctions.h */; };
- E17BF99814D0AA8300A5A069 /* NetscapeSandboxFunctions.mm in Sources */ = {isa = PBXBuildFile; fileRef = E17BF99714D0AA8300A5A069 /* NetscapeSandboxFunctions.mm */; };
E18C92F412DB9E7100CF2AEB /* PrintInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E18C92F312DB9E7100CF2AEB /* PrintInfo.cpp */; };
E18E690B169B563F009B6670 /* SecItemShimProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E18E6909169B563F009B6670 /* SecItemShimProxy.cpp */; };
E18E690C169B563F009B6670 /* SecItemShimProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = E18E690A169B563F009B6670 /* SecItemShimProxy.h */; };
@@ -2386,8 +2384,6 @@
E1513C65166EABB200149FCB /* ChildProcessProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ChildProcessProxy.h; sourceTree = "<group>"; };
E179FD9B134D38060015B883 /* ArgumentCodersMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArgumentCodersMac.h; sourceTree = "<group>"; };
E179FD9E134D38250015B883 /* ArgumentCodersMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ArgumentCodersMac.mm; sourceTree = "<group>"; };
- E17BF99514D0A73E00A5A069 /* NetscapeSandboxFunctions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetscapeSandboxFunctions.h; sourceTree = "<group>"; };
- E17BF99714D0AA8300A5A069 /* NetscapeSandboxFunctions.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetscapeSandboxFunctions.mm; sourceTree = "<group>"; };
E18C92F312DB9E7100CF2AEB /* PrintInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PrintInfo.cpp; sourceTree = "<group>"; };
E18E6909169B563F009B6670 /* SecItemShimProxy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecItemShimProxy.cpp; sourceTree = "<group>"; };
E18E690A169B563F009B6670 /* SecItemShimProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecItemShimProxy.h; sourceTree = "<group>"; };
@@ -2764,8 +2760,6 @@
isa = PBXGroup;
children = (
1AE5B7F911E7AED200BA6767 /* NetscapePluginMac.mm */,
- E17BF99514D0A73E00A5A069 /* NetscapeSandboxFunctions.h */,
- E17BF99714D0AA8300A5A069 /* NetscapeSandboxFunctions.mm */,
1A2D92201281DC1B001EB962 /* PluginProxyMac.mm */,
);
path = mac;
@@ -4794,7 +4788,6 @@
1A6FBD2811E69BC200DB1371 /* NetscapePlugin.h in Headers */,
1A4A9C5612B816CF008FE984 /* NetscapePluginModule.h in Headers */,
1AA5889211EE70400061B882 /* NetscapePluginStream.h in Headers */,
- E17BF99614D0A73E00A5A069 /* NetscapeSandboxFunctions.h in Headers */,
513A164D1630A9BF005D7D22 /* NetworkConnectionToWebProcess.h in Headers */,
51DD9F2916367DA2001578E9 /* NetworkConnectionToWebProcessMessages.h in Headers */,
5179556A162876F300FA43B6 /* NetworkProcess.h in Headers */,
@@ -5825,7 +5818,6 @@
1A4A9C5512B816CF008FE984 /* NetscapePluginModule.cpp in Sources */,
1A4A9C9A12B821CD008FE984 /* NetscapePluginModuleMac.mm in Sources */,
1AA5889311EE70400061B882 /* NetscapePluginStream.cpp in Sources */,
- E17BF99814D0AA8300A5A069 /* NetscapeSandboxFunctions.mm in Sources */,
513A164C1630A9BF005D7D22 /* NetworkConnectionToWebProcess.cpp in Sources */,
51DD9F2816367DA2001578E9 /* NetworkConnectionToWebProcessMessageReceiver.cpp in Sources */,
51795568162876CF00FA43B6 /* NetworkProcess.cpp in Sources */,
Deleted: trunk/Source/WebKit2/WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.h (140925 => 140926)
--- trunk/Source/WebKit2/WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.h 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.h 2013-01-27 07:02:45 UTC (rev 140926)
@@ -1,35 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef NetscapeSandboxFunctions_h
-#define NetscapeSandboxFunctions_h
-
-#if ENABLE(PLUGIN_PROCESS)
-
-bool enterSandbox(const char* sandboxProfile);
-
-#endif // ENABLE(PLUGIN_PROCESS)
-
-#endif
Deleted: trunk/Source/WebKit2/WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.mm (140925 => 140926)
--- trunk/Source/WebKit2/WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.mm 2013-01-27 06:39:38 UTC (rev 140925)
+++ trunk/Source/WebKit2/WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.mm 2013-01-27 07:02:45 UTC (rev 140926)
@@ -1,140 +0,0 @@
-/*
- * Copyright (C) 2012 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#import "config.h"
-#import "NetscapeSandboxFunctions.h"
-
-#if ENABLE(PLUGIN_PROCESS)
-
-#import "PluginProcess.h"
-#import "WebKitSystemInterface.h"
-#import <WebCore/FileSystem.h>
-#import <sys/stat.h>
-#import <sysexits.h>
-#import <wtf/RetainPtr.h>
-#import <wtf/Vector.h>
-#import <wtf/text/CString.h>
-
-using namespace WebKit;
-using namespace WebCore;
-
-static bool enteredSandbox;
-
-bool enterSandbox(const char* sandboxProfile)
-{
- if (enteredSandbox)
- return false;
-
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
- // Use private temporary and cache directories.
- char temporaryDirectory[PATH_MAX];
- if (!confstr(_CS_DARWIN_USER_TEMP_DIR, temporaryDirectory, sizeof(temporaryDirectory))) {
- WTFLogAlways("PluginProcess: couldn't retrieve system temporary directory path: %d\n", errno);
- exit(EX_OSERR);
- }
-
- if (strlcpy(temporaryDirectory, [[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:temporaryDirectory length:strlen(temporaryDirectory)] stringByAppendingPathComponent:@"WebKitPlugin-XXXXXX"] fileSystemRepresentation], sizeof(temporaryDirectory)) >= sizeof(temporaryDirectory)
- || !mkdtemp(temporaryDirectory)) {
- WTFLogAlways("PluginProcess: couldn't create private temporary directory\n");
- exit(EX_OSERR);
- }
-
- char* systemDirectorySuffix = strdup([[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:temporaryDirectory length:strlen(temporaryDirectory)] lastPathComponent] fileSystemRepresentation]);
- setenv("DIRHELPER_USER_DIR_SUFFIX", systemDirectorySuffix, 0);
- free(systemDirectorySuffix);
-
- if (!confstr(_CS_DARWIN_USER_TEMP_DIR, temporaryDirectory, sizeof(temporaryDirectory))) {
- WTFLogAlways("PluginProcess: couldn't retrieve private temporary directory path: %d\n", errno);
- exit(EX_OSERR);
- }
- setenv("TMPDIR", temporaryDirectory, 1);
- if (chdir(temporaryDirectory) == -1) {
- WTFLogAlways("PluginProcess: couldn't change working directory to temporary path: %s, errno %d\n", temporaryDirectory, errno);
- exit(EX_OSERR);
- }
-#endif
-
- Vector<const char*> readOnlyPaths;
-
- CString pluginModulePath = fileSystemRepresentation(PluginProcess::shared().pluginPath());
- readOnlyPaths.append(pluginModulePath.data());
-
- // On-disk WebKit framework locations, to account for debug installations.
- // Allowing the whole directory containing WebKit2.framework for the sake of APIs that implicitly load other WebKit frameworks.
- // We don't want to load them now, and thus don't have any better idea of where they are located on disk.
- readOnlyPaths.append([[[[[NSBundle bundleWithIdentifier:@"com.apple.WebKit2"] bundleURL] URLByDeletingLastPathComponent] path] fileSystemRepresentation]);
-
- readOnlyPaths.append(static_cast<const char*>(0));
-
- Vector<const char*> readWritePaths;
-
- char darwinUserTempDirectory[PATH_MAX];
- if (confstr(_CS_DARWIN_USER_TEMP_DIR, darwinUserTempDirectory, PATH_MAX) > 0)
- readWritePaths.append(darwinUserTempDirectory);
- else
- exit(EX_OSERR);
-
- char darwinUserCacheDirectory[PATH_MAX];
- if (confstr(_CS_DARWIN_USER_CACHE_DIR, darwinUserCacheDirectory, PATH_MAX) > 0)
- readWritePaths.append(darwinUserCacheDirectory);
-
- RetainPtr<CFStringRef> cachePath(AdoptCF, WKCopyFoundationCacheDirectory());
- readWritePaths.append([(NSString *)cachePath.get() fileSystemRepresentation]);
-
- readWritePaths.append(static_cast<const char*>(0));
-
- // WKEnterPluginSandbox canonicalizes path arrays, but not parameters (because it cannot know if one is a path).
- char* homeDirectory = realpath([NSHomeDirectory() fileSystemRepresentation], 0);
- if (!homeDirectory)
- exit(EX_OSERR);
-
- // We already allow reading and writing to the private temp dir via extendedReadWritePaths above.
- // Pass it again as a parameter in case a specific plugin profile has to apply additional rules.
- char* tempDirectory = realpath(darwinUserTempDirectory, 0);
- if (!tempDirectory)
- exit(EX_OSERR);
-
- const char* sandboxParameters[] = { "HOME_DIR", homeDirectory, "TEMP_DIR", tempDirectory, 0, 0 };
- if (!WKEnterPluginSandbox(sandboxProfile, sandboxParameters, readOnlyPaths.data(), readWritePaths.data())) {
- WTFLogAlways("Couldn't initialize sandbox profile\n");
- exit(EX_NOPERM);
- }
-
- if (noErr != WKEnableSandboxStyleFileQuarantine()) {
- WTFLogAlways("Couldn't enable file quarantine\n");
- exit(EX_NOPERM);
- }
-
- free(homeDirectory);
- free(tempDirectory);
- enteredSandbox = true;
-
- RetainPtr<NSDictionary> defaults = adoptNS([[NSDictionary alloc] initWithObjectsAndKeys:[NSNumber numberWithBool:YES], @"NSUseRemoteSavePanel", nil]);
- [[NSUserDefaults standardUserDefaults] registerDefaults:defaults.get()];
-
- return true;
-}
-
-#endif // ENABLE(PLUGIN_PROCESS)
