Changeset 140926 in webkit

Timestamp:

Jan 26, 2013, 11:02:45 PM (12 years ago)

Author:

ap@apple.com

Message:

Use shared ChildProcess code to enter plug-in sandbox.

Reviewed by Sam Weinig.

There is one known behavior change from this refactoring: getpwuid_r is used
instead of NSHomeDirectory for home directory, mathcing other client processes.

• PluginProcess/PluginProcess.cpp: (WebKit::PluginProcess::enterSandbox):
• PluginProcess/PluginProcess.h: PluginProcess prevents ChildProcess attempt to enter the sandbox immediately on launch for now, because we don't have a sandbox profile directory path yet. It now keeps a copy of ChildProcessInitializationParameters, so that ChildProcess::initializeSandbox() could be called later.

• PluginProcess/mac/PluginProcessMac.mm: (WebKit::PluginProcess::platformInitializeProcess): Store a copy of ChildProcessInitializationParameters for later. (WebKit::loadSandboxProfile): Build a sandbox profile from a common prefix and a plugin-specific part. (WebKit::PluginProcess::platformInitializePluginProcess): We can enter the sandbox now. (WebKit::PluginProcess::enterSandbox): Prepare SandboxInitializationParameters, and call ChildProcess::initializeSandbox().

• Shared/mac/ChildProcessMac.mm: (WebKit::ChildProcess::initializeSandbox): Actually handle system directory suffix from parameters.

• WebKit2.xcodeproj/project.pbxproj:
• WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.h: Removed.
• WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.mm: Removed.

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• PluginProcess/PluginProcess.cpp (modified) (1 diff)
• PluginProcess/PluginProcess.h (modified) (3 diffs)
• PluginProcess/mac/PluginProcessMac.mm (modified) (8 diffs)
• Shared/mac/ChildProcessMac.mm (modified) (1 diff)
• WebKit2.xcodeproj/project.pbxproj (modified) (5 diffs)
• WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.h (deleted)
• WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.mm (deleted)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2013-01-26  Alexey Proskuryakov  <ap@apple.com>
+
+        Use shared ChildProcess code to enter plug-in sandbox.
+
+        Reviewed by Sam Weinig.
+
+        There is one known behavior change from this refactoring: getpwuid_r is used
+        instead of NSHomeDirectory for home directory, mathcing other client processes.
+
+        * PluginProcess/PluginProcess.cpp: (WebKit::PluginProcess::enterSandbox):
+        * PluginProcess/PluginProcess.h:
+        PluginProcess prevents ChildProcess attempt to enter the sandbox immediately on
+        launch for now, because we don't have a sandbox profile directory path yet.
+        It now keeps a copy of ChildProcessInitializationParameters, so that
+        ChildProcess::initializeSandbox() could be called later.
+
+        * PluginProcess/mac/PluginProcessMac.mm:
+        (WebKit::PluginProcess::platformInitializeProcess): Store a copy of ChildProcessInitializationParameters
+        for later.
+        (WebKit::loadSandboxProfile): Build a sandbox profile from a common prefix and
+        a plugin-specific part.
+        (WebKit::PluginProcess::platformInitializePluginProcess): We can enter the sandbox now.
+        (WebKit::PluginProcess::enterSandbox): Prepare SandboxInitializationParameters,
+        and call ChildProcess::initializeSandbox().
+
+        * Shared/mac/ChildProcessMac.mm:
+        (WebKit::ChildProcess::initializeSandbox): Actually handle system directory suffix
+        from parameters.
+
+        * WebKit2.xcodeproj/project.pbxproj:
+        * WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.h: Removed.
+        * WebProcess/Plugins/Netscape/mac/NetscapeSandboxFunctions.mm: Removed.
+
 2013-01-26  Sam Weinig  <sam@webkit.org>
 

trunk/Source/WebKit2/PluginProcess/PluginProcess.cpp

@@ -91 +91 @@
 }
 
+#if !PLATFORM(MAC)
+void PluginProcess::enterSandbox(const String&)
+{
+}
+#endif
+
 void PluginProcess::removeWebProcessConnection(WebProcessConnection* webProcessConnection)
 {

trunk/Source/WebKit2/PluginProcess/PluginProcess.h

@@ -73 +73 @@
     ~PluginProcess();
 
+    void enterSandbox(const String& sandboxProfileDirectoryPath);
+
     // ChildProcess
     virtual void initializeProcess(const ChildProcessInitializationParameters&) OVERRIDE;
     virtual bool shouldTerminate() OVERRIDE;
 
-    // FIXME: PluginProcess should switch to common code for sandbox initialization.
+    // Prevent entering the sandbox during first stage of process initialization. We can't do enter the sandbox before receiving
+    // sandbox profile directory in initialization message.
     virtual void initializeSandbox(const ChildProcessInitializationParameters&, SandboxInitializationParameters&) OVERRIDE { }
 
@@ -99 +102 @@
     void minimumLifetimeTimerFired();
 
+    // Stored for delayed sandbox initialization.
+    ChildProcessInitializationParameters m_childProcessInitializationParameters;
+
     // Our web process connections.
     Vector<RefPtr<WebProcessConnection> > m_webProcessConnections;
@@ -111 +117 @@
 
     WebCore::RunLoop::Timer<PluginProcess> m_minimumLifetimeTimer;
-    
+
 #if USE(ACCELERATED_COMPOSITING) && PLATFORM(MAC)
     // The Mach port used for accelerated compositing.
     mach_port_t m_compositingRenderServerPort;
 #endif
-
 };
 

trunk/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm

@@ -34 +34 @@
 #import "PluginProcessProxyMessages.h"
 #import "PluginProcessCreationParameters.h"
+#import "SandboxInitializationParameters.h"
 #import <CoreAudio/AudioHardware.h>
 #import <WebCore/LocalizedStrings.h>
@@ -39 +40 @@
 #import <dlfcn.h>
 #import <objc/runtime.h>
+#import <sysexits.h>
 #import <wtf/HashSet.h>
-
-#import "NetscapeSandboxFunctions.h"
 
 using namespace WebCore;
@@ -271 +271 @@
 }
 
-void PluginProcess::platformInitializeProcess(const ChildProcessInitializationParameters&)
-{
+void PluginProcess::platformInitializeProcess(const ChildProcessInitializationParameters& parameters)
+{
+    m_childProcessInitializationParameters = parameters;
+
     RunLoop::setUseApplicationRunLoopOnMainRunLoop();
 
@@ -304 +306 @@
 }
 
-static void initializeSandbox(const String& pluginPath, const String& sandboxProfileDirectoryPath)
+static String loadSandboxProfile(const String& pluginPath, const String& sandboxProfileDirectoryPath)
 {
     if (sandboxProfileDirectoryPath.isEmpty())
-        return;
+        return String();
 
     RetainPtr<CFURLRef> pluginURL = adoptCF(CFURLCreateWithFileSystemPath(0, pluginPath.createCFString().get(), kCFURLPOSIXPathStyle, false));
     if (!pluginURL)
-        return;
+        return String();
 
     RetainPtr<CFBundleRef> pluginBundle = adoptCF(CFBundleCreate(kCFAllocatorDefault, pluginURL.get()));
     if (!pluginBundle)
-        return;
+        return String();
     
     CFStringRef bundleIdentifier = CFBundleGetIdentifier(pluginBundle.get());
     if (!bundleIdentifier)
-        return;
+        return String();
 
     RetainPtr<CFURLRef> sandboxProfileDirectory = adoptCF(CFURLCreateWithFileSystemPath(0, sandboxProfileDirectoryPath.createCFString().get(), kCFURLPOSIXPathStyle, TRUE));
@@ -328 +330 @@
     RetainPtr<NSString> profileString = adoptNS([[NSString alloc] initWithContentsOfURL:(NSURL *)sandboxURL.get() encoding:NSUTF8StringEncoding error:NULL]);
     if (!profileString)
-        return;
+        return String();
 
     sandboxURL = adoptCF(CFURLCreateWithFileSystemPathRelativeToBase(0, CFSTR("com.apple.WebKit.plugin-common.sb"), kCFURLPOSIXPathStyle, FALSE, sandboxProfileDirectory.get()));
@@ -334 +336 @@
     RetainPtr<NSString> commonProfileString = adoptNS([[NSString alloc] initWithContentsOfURL:(NSURL *)sandboxURL.get() encoding:NSUTF8StringEncoding error:NULL]);
     if (!commonProfileString)
-        return;
-
-    profileString = [commonProfileString.get() stringByAppendingString:profileString.get()];
-
-    enterSandbox([profileString.get() UTF8String]);
+        return String();
+
+    return [commonProfileString.get() stringByAppendingString:profileString.get()];
 }
 
@@ -361 +361 @@
     WKSetVisibleApplicationName((CFStringRef)applicationName);
 
-    // FIXME: Use ChildProcess::initializeSandbox.
-    WebKit::initializeSandbox(m_pluginPath, parameters.sandboxProfileDirectoryPath);
+    // FIXME: PluginProcess initializes sandbox later than normal for ChildProcesses, because it needs
+    // to know profile directory path. Switch to normal initialization scheme once the path can be determined earlier.
+    enterSandbox(parameters.sandboxProfileDirectoryPath);
 
     if (parameters.processType == TypeSnapshotProcess)
@@ -368 +369 @@
 }
 
+void PluginProcess::enterSandbox(const String& sandboxProfileDirectoryPath)
+{
+    SandboxInitializationParameters sandboxParameters;
+
+    String sandboxProfile = loadSandboxProfile(m_pluginPath, sandboxProfileDirectoryPath);
+    if (sandboxProfile.isEmpty())
+        return;
+
+    sandboxParameters.setSandboxProfile(sandboxProfile);
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
+    // Use private temporary and cache directories.
+    char temporaryDirectory[PATH_MAX];
+    if (!confstr(_CS_DARWIN_USER_TEMP_DIR, temporaryDirectory, sizeof(temporaryDirectory))) {
+        WTFLogAlways("PluginProcess: couldn't retrieve system temporary directory path: %d\n", errno);
+        exit(EX_OSERR);
+    }
+
+    if (strlcpy(temporaryDirectory, [[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:temporaryDirectory length:strlen(temporaryDirectory)] stringByAppendingPathComponent:@"WebKitPlugin-XXXXXX"] fileSystemRepresentation], sizeof(temporaryDirectory)) >= sizeof(temporaryDirectory)
+        || !mkdtemp(temporaryDirectory)) {
+        WTFLogAlways("PluginProcess: couldn't create private temporary directory '%s'\n", temporaryDirectory);
+        exit(EX_OSERR);
+    }
+
+    sandboxParameters.setSystemDirectorySuffix([[[[NSFileManager defaultManager] stringWithFileSystemRepresentation:temporaryDirectory length:strlen(temporaryDirectory)] lastPathComponent] fileSystemRepresentation]);
+#endif
+
+    sandboxParameters.addPathParameter("PLUGIN_PATH", m_pluginPath);
+
+    RetainPtr<CFStringRef> cachePath(AdoptCF, WKCopyFoundationCacheDirectory());
+    sandboxParameters.addPathParameter("NSURL_CACHE_DIR", (NSString *)cachePath.get());
+
+    RetainPtr<NSDictionary> defaults = adoptNS([[NSDictionary alloc] initWithObjectsAndKeys:[NSNumber numberWithBool:YES], @"NSUseRemoteSavePanel", nil]);
+    [[NSUserDefaults standardUserDefaults] registerDefaults:defaults.get()];
+
+    ChildProcess::initializeSandbox(m_childProcessInitializationParameters, sandboxParameters);
+}
+
 } // namespace WebKit
 

trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm

@@ -86 +86 @@
     String defaultProfilePath = [webkit2Bundle pathForResource:[[NSBundle mainBundle] bundleIdentifier] ofType:@"sb"];
 
-    String defaultSystemDirectorySuffix = String([[NSBundle mainBundle] bundleIdentifier]) + "+" + parameters.clientIdentifier;
-    sandboxParameters.setSystemDirectorySuffix(defaultSystemDirectorySuffix);
+    if (sandboxParameters.systemDirectorySuffix().isNull()) {
+        String defaultSystemDirectorySuffix = String([[NSBundle mainBundle] bundleIdentifier]) + "+" + parameters.clientIdentifier;
+        sandboxParameters.setSystemDirectorySuffix(defaultSystemDirectorySuffix);
+    }
 
     sandboxParameters.addPathParameter("WEBKIT2_FRAMEWORK_DIR", [[webkit2Bundle bundlePath] stringByDeletingLastPathComponent]);

trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj

@@ -1042 +1042 @@
                 E179FD9C134D38060015B883 /* ArgumentCodersMac.h in Headers */ = {isa = PBXBuildFile; fileRef = E179FD9B134D38060015B883 /* ArgumentCodersMac.h */; };
                 E179FD9F134D38250015B883 /* ArgumentCodersMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = E179FD9E134D38250015B883 /* ArgumentCodersMac.mm */; };
-                E17BF99614D0A73E00A5A069 /* NetscapeSandboxFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = E17BF99514D0A73E00A5A069 /* NetscapeSandboxFunctions.h */; };
-                E17BF99814D0AA8300A5A069 /* NetscapeSandboxFunctions.mm in Sources */ = {isa = PBXBuildFile; fileRef = E17BF99714D0AA8300A5A069 /* NetscapeSandboxFunctions.mm */; };
                 E18C92F412DB9E7100CF2AEB /* PrintInfo.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E18C92F312DB9E7100CF2AEB /* PrintInfo.cpp */; };
                 E18E690B169B563F009B6670 /* SecItemShimProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E18E6909169B563F009B6670 /* SecItemShimProxy.cpp */; };
@@ -2387 +2385 @@
                 E179FD9B134D38060015B883 /* ArgumentCodersMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArgumentCodersMac.h; sourceTree = "<group>"; };
                 E179FD9E134D38250015B883 /* ArgumentCodersMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ArgumentCodersMac.mm; sourceTree = "<group>"; };
-                E17BF99514D0A73E00A5A069 /* NetscapeSandboxFunctions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetscapeSandboxFunctions.h; sourceTree = "<group>"; };
-                E17BF99714D0AA8300A5A069 /* NetscapeSandboxFunctions.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetscapeSandboxFunctions.mm; sourceTree = "<group>"; };
                 E18C92F312DB9E7100CF2AEB /* PrintInfo.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PrintInfo.cpp; sourceTree = "<group>"; };
                 E18E6909169B563F009B6670 /* SecItemShimProxy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SecItemShimProxy.cpp; sourceTree = "<group>"; };
@@ -2765 +2761 @@
                         children = (
                                 1AE5B7F911E7AED200BA6767 /* NetscapePluginMac.mm */,
-                                E17BF99514D0A73E00A5A069 /* NetscapeSandboxFunctions.h */,
-                                E17BF99714D0AA8300A5A069 /* NetscapeSandboxFunctions.mm */,
                                 1A2D92201281DC1B001EB962 /* PluginProxyMac.mm */,
                         );
@@ -4795 +4789 @@
                                 1A4A9C5612B816CF008FE984 /* NetscapePluginModule.h in Headers */,
                                 1AA5889211EE70400061B882 /* NetscapePluginStream.h in Headers */,
-                                E17BF99614D0A73E00A5A069 /* NetscapeSandboxFunctions.h in Headers */,
                                 513A164D1630A9BF005D7D22 /* NetworkConnectionToWebProcess.h in Headers */,
                                 51DD9F2916367DA2001578E9 /* NetworkConnectionToWebProcessMessages.h in Headers */,
@@ -5826 +5819 @@
                                 1A4A9C9A12B821CD008FE984 /* NetscapePluginModuleMac.mm in Sources */,
                                 1AA5889311EE70400061B882 /* NetscapePluginStream.cpp in Sources */,
-                                E17BF99814D0AA8300A5A069 /* NetscapeSandboxFunctions.mm in Sources */,
                                 513A164C1630A9BF005D7D22 /* NetworkConnectionToWebProcess.cpp in Sources */,
                                 51DD9F2816367DA2001578E9 /* NetworkConnectionToWebProcessMessageReceiver.cpp in Sources */,