Changeset 187547 in webkit

Timestamp:

Jul 29, 2015, 8:52:27 AM (10 years ago)

Author:

Michael Catanzaro

Message:

[Seccomp] Further improvements to default web process policy
​https://bugs.webkit.org/show_bug.cgi?id=142987

Provide various helper functions to allow more flexible construction of
filesystem access policies.

Reviewed by Žan Doberšek.

Improve the policy. Also, remove ifdefs to reduce potential for breakage in non-default
configurations.

• Shared/linux/SeccompFilters/SyscallPolicy.cpp:

(WebKit::SyscallPolicy::addDefaultWebProcessPolicy):

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• Shared/linux/SeccompFilters/SyscallPolicy.cpp (modified) (7 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2015-07-29  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        [Seccomp] Further improvements to default web process policy
+        https://bugs.webkit.org/show_bug.cgi?id=142987
+
+        Provide various helper functions to allow more flexible construction of
+        filesystem access policies.
+
+        Reviewed by Žan Doberšek.
+
+        Improve the policy. Also, remove ifdefs to reduce potential for breakage in non-default
+        configurations.
+
+        * Shared/linux/SeccompFilters/SyscallPolicy.cpp:
+        (WebKit::SyscallPolicy::addDefaultWebProcessPolicy):
+
 2015-07-29  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp

@@ -31 +31 @@
 #include "PluginSearchPath.h"
 #include "WebProcessCreationParameters.h"
+#include "XDGBaseDirectory.h"
 #include <libgen.h>
 #include <string.h>
@@ -152 +153 @@
     addDirectoryPermission(ASCIILiteral("/"), NotAllowed);
 
-    // Shared libraries, plugins and fonts.
+    // System library directories
     addDirectoryPermission(ASCIILiteral("/lib"), Read);
     addDirectoryPermission(ASCIILiteral("/lib32"), Read);
@@ -159 +160 @@
     addDirectoryPermission(ASCIILiteral("/usr/lib32"), Read);
     addDirectoryPermission(ASCIILiteral("/usr/lib64"), Read);
+    addDirectoryPermission(ASCIILiteral("/usr/local/lib"), Read);
+    addDirectoryPermission(ASCIILiteral("/usr/local/lib32"), Read);
+    addDirectoryPermission(ASCIILiteral("/usr/local/lib64"), Read);
+    addDirectoryPermission(ASCIILiteral(LIBDIR), Read);
+
+    // System data directories
     addDirectoryPermission(ASCIILiteral("/usr/share"), Read);
-
-    // Support for alternative install prefixes, e.g. /usr/local.
+    addDirectoryPermission(ASCIILiteral("/usr/local/share"), Read);
     addDirectoryPermission(ASCIILiteral(DATADIR), Read);
-    addDirectoryPermission(ASCIILiteral(LIBDIR), Read);
-
-    // Plugin search path
+
+    // NPAPI plugins
     for (String& path : pluginsDirectories())
         addDirectoryPermission(path, Read);
@@ -171 +176 @@
     // SSL Certificates.
     addDirectoryPermission(ASCIILiteral("/etc/ssl/certs"), Read);
-
-    // Fontconfig cache.
-    addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read);
-    addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read);
 
     // Audio devices, random number generators, etc.
@@ -221 +222 @@
     addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite);
 
-    // Needed by WebKit's memory pressure handler
+    // Needed by WebKit's memory pressure handler.
     addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/memory.pressure_level"), Read);
     addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/cgroup.event_control"), Read);
 
-    char* homeDir = getenv("HOME");
-    if (homeDir) {
-        // X11 connection token.
-        addFilePermission(String::fromUTF8(homeDir) + "/.Xauthority", Read);
-    }
+    // X11 connection token.
+    addFilePermission(userHomeDirectory() + "/.Xauthority", Read);
 
     // MIME type resolution.
-    char* dataHomeDir = getenv("XDG_DATA_HOME");
-    if (dataHomeDir)
-        addDirectoryPermission(String::fromUTF8(dataHomeDir) + "/mime", Read);
-    else if (homeDir)
-        addDirectoryPermission(String::fromUTF8(homeDir) + "/.local/share/mime", Read);
-
-#if ENABLE(WEBGL) || ENABLE(ACCELERATED_2D_CANVAS)
-    // Needed on most non-Debian distros by libxshmfence <= 1.1, or newer
-    // libxshmfence with older kernels (linux <= 3.16), for DRI3 shared memory.
-    // FIXME Try removing this permission when we can rely on a newer libxshmfence.
-    // See http://code.google.com/p/chromium/issues/detail?id=415681
-    addDirectoryPermission(ASCIILiteral("/var/tmp"), ReadAndWrite);
-
-    // Optional Mesa DRI configuration file
-    addFilePermission(ASCIILiteral("/etc/drirc"), Read);
-    if (homeDir)
-        addFilePermission(String::fromUTF8(homeDir) + "/.drirc", Read);
-
-    // Mesa uses udev.
+    addDirectoryPermission(userDataDirectory() + "/mime", Read);
+
+    // Needed by NVIDIA proprietary graphics driver.
+    addDirectoryPermission(userHomeDirectory() + "/.nv", ReadAndWrite);
+
+    // Needed by udev.
     addDirectoryPermission(ASCIILiteral("/etc/udev"), Read);
     addDirectoryPermission(ASCIILiteral("/run/udev"), Read);
@@ -256 +241 @@
     addDirectoryPermission(ASCIILiteral("/sys/class"), Read);
     addDirectoryPermission(ASCIILiteral("/sys/devices"), Read);
-#endif
-
-    // Needed by NVIDIA proprietary graphics driver
-    if (homeDir)
-        addDirectoryPermission(String::fromUTF8(homeDir) + "/.nv", ReadAndWrite);
+
+    // PulseAudio
+    addFilePermission(ASCIILiteral("/etc/asound.conf"), Read);
+    addDirectoryPermission(userConfigDirectory() + "/.pulse", Read);
+    addDirectoryPermission(userHomeDirectory() + "/.pulse", Read);
+
+    // Mesa
+    addFilePermission(ASCIILiteral("/etc/drirc"), Read);
+    addFilePermission(userHomeDirectory() + "/.drirc", Read);
+    addFilePermission(ASCIILiteral("/sys/fs/selinux/booleans/allow_execmem"), Read);
+
+    // GStreamer
+    addDirectoryPermission(String::fromUTF8(LIBEXECDIR) + "/gstreamer-1.0", Read);
+    addDirectoryPermission(userDataDirectory() + "/gstreamer-1.0", Read);
+    addDirectoryPermission(userCacheDirectory() + "/gstreamer-1.0", ReadAndWrite);
+    addDirectoryPermission(userHomeDirectory() + "/.frei0r-1", ReadAndWrite);
+    if (char* gstreamerPluginDirectory = getenv("GST_PLUGIN_PATH_1_0"))
+        addDirectoryPermission(gstreamerPluginDirectory, Read);
+    if (char* gstreamerRegistryFile = getenv("GST_REGISTRY_1_0"))
+        addFilePermission(gstreamerRegistryFile, ReadAndWrite);
+
+    // Fontconfig
+    addDirectoryPermission(userCacheDirectory() + "/fontconfig", ReadAndWrite);
+    addDirectoryPermission(userConfigDirectory() + "/fontconfig", Read);
+    addDirectoryPermission(userConfigDirectory() + "/fonts", Read);
+    addDirectoryPermission(userDataDirectory() + "/fonts", Read);
+    addDirectoryPermission(userHomeDirectory() + "/fontconfig", Read);
+    addDirectoryPermission(userHomeDirectory() + "/.fonts", Read);
+    addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read);
+    addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read);
 
 #if ENABLE(DEVELOPER_MODE) && defined(SOURCE_DIR)
@@ -266 +276 @@
     // from the build root directory and they also need access to layout test
     // files.
-    char* sourceDir = canonicalize_file_name(SOURCE_DIR);
-    if (sourceDir) {
-        addDirectoryPermission(String::fromUTF8(sourceDir), SyscallPolicy::ReadAndWrite);
-        free(sourceDir);
-    }
+    addDirectoryPermission(String::fromUTF8(SOURCE_DIR), SyscallPolicy::ReadAndWrite);
 #endif
 }