Context Navigation

Changeset 171024 in webkit

Timestamp:

Jul 12, 2014, 11:33:43 AM (11 years ago)

Author:

oliver@apple.com

Message:

Extend WebContent sandbox to allow some extra access for frameworks
https://bugs.webkit.org/show_bug.cgi?id=134844

Reviewed by Sam Weinig.

Open up the webcontent sandbox a bit so that some external frameworks
can work correctly.

(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):

(WebKit::WebContext::createNewWebProcess):
(WebKit::WebContext::mediaCacheDirectory):

(WebKit::WebContext::platformMediaCacheDirectory):

(WebKit::WebProcess::platformInitializeWebProcess):

Location:

trunk/Source/WebKit2

Files:

-              r171023
+              r171024
+-07-12  Oliver Hunt  <oliver@apple.com>
+        Extend WebContent sandbox to allow some extra access for frameworks
+        https://bugs.webkit.org/show_bug.cgi?id=134844
+        Reviewed by Sam Weinig.
+        Open up the webcontent sandbox a bit so that some external frameworks
+        can work correctly.
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+        * Shared/WebProcessCreationParameters.cpp:
+        (WebKit::WebProcessCreationParameters::encode):
+        (WebKit::WebProcessCreationParameters::decode):
+        * Shared/WebProcessCreationParameters.h:
+        * UIProcess/WebContext.cpp:
+        (WebKit::WebContext::createNewWebProcess):
+        (WebKit::WebContext::mediaCacheDirectory):
+        * UIProcess/WebContext.h:
+        * UIProcess/mac/WebContextMac.mm:
+        (WebKit::WebContext::platformMediaCacheDirectory):
+        * WebProcess/cocoa/WebProcessCocoa.mm:
+        (WebKit::WebProcess::platformInitializeWebProcess):
 -07-12  Oliver Hunt  <oliver@apple.com>

-              r171003
+              r171024
        (global-name "com.apple.webinspector"))
+;; Various services required by CFNetwork and other frameworks
+(allow mach-lookup
+       (global-name "com.apple.PowerManagement.control"))
 (deny file-write-create (vnode-type SYMLINK))
 (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))

-              r170970
+              r171024
     encoder << openGLCacheDirectory;
     encoder << openGLCacheDirectoryExtensionHandle;
+    encoder << mediaCacheDirectory;
+    encoder << mediaCacheDirectoryExtensionHandle;
     encoder << shouldUseTestingNetworkSession;
     encoder << urlSchemesRegistererdAsEmptyDocument;
 …
     if (!decoder.decode(parameters.openGLCacheDirectoryExtensionHandle))
         return false;
+    if (!decoder.decode(parameters.mediaCacheDirectory))
+        return false;
+    if (!decoder.decode(parameters.mediaCacheDirectoryExtensionHandle))
+        return false;
     if (!decoder.decode(parameters.shouldUseTestingNetworkSession))
         return false;

r170970	r171024
75	75	String openGLCacheDirectory;
76	76	SandboxExtension::Handle openGLCacheDirectoryExtensionHandle;
	77	String mediaCacheDirectory;
	78	SandboxExtension::Handle mediaCacheDirectoryExtensionHandle;
77	79
78	80	bool shouldUseTestingNetworkSession;

-              r170970
+              r171024
         SandboxExtension::createHandleForReadWriteDirectory(parameters.openGLCacheDirectory, parameters.openGLCacheDirectoryExtensionHandle);
+    parameters.mediaCacheDirectory = mediaCacheDirectory();
+    if (!parameters.mediaCacheDirectory.isEmpty())
+        SandboxExtension::createHandleForReadWriteDirectory(parameters.mediaCacheDirectory, parameters.mediaCacheDirectoryExtensionHandle);
     parameters.shouldUseTestingNetworkSession = m_shouldUseTestingNetworkSession;
 …
+}
+String WebContext::mediaCacheDirectory() const
+{
+    if (!m_overrideMediaCacheDirectory.isEmpty())
+        return m_overrideMediaCacheDirectory;
+    return platformMediaCacheDirectory();
+}
 void WebContext::useTestingNetworkSession()
+{

-              r170970
+              r171024
     String platformDefaultOpenGLCacheDirectory() const;
+    String mediaCacheDirectory() const;
+    String platformMediaCacheDirectory() const;
 #if PLATFORM(COCOA)
     void registerNotificationObservers();
 …
     String m_overrideCookieStorageDirectory;
     String m_overrideOpenGLCacheDirectory;
+    String m_overrideMediaCacheDirectory;
     String m_webSQLDatabaseDirectory;

-              r171023
+              r171024
+}
+String WebContext::platformMediaCacheDirectory() const
+{
+#if PLATFORM(IOS)
+    String path = NSTemporaryDirectory();
+    path = path + "/MediaCache";
+    return stringByResolvingSymlinksInPath(path);
+#else
+    notImplemented();
+    return [@"" stringByStandardizingPath];
+#endif
+}
 String WebContext::platformDefaultWebSQLDatabaseDirectory()
+{

r170970	r171024
170	170	SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle);
171	171	SandboxExtension::consumePermanently(parameters.openGLCacheDirectoryExtensionHandle);
	172	SandboxExtension::consumePermanently(parameters.mediaCacheDirectoryExtensionHandle);
172	173	#endif
173	174

Note: See TracChangeset for help on using the changeset viewer.