Changeset 215355 in webkit

Timestamp:

Apr 13, 2017, 9:33:07 PM (7 years ago)

Author:

mitz@apple.com

Message:

[Cocoa] Allow clients to specify in _WKProcessPoolConfiguration additional directory sandbox extensions
​https://bugs.webkit.org/show_bug.cgi?id=170387

Reviewed by Sam Weinig.

Source/WebKit2:

Test: TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLs.mm

Added an additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration.

• Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode): Encode the new

additionalSandboxExtensionHandles member.

(WebKit::WebProcessCreationParameters::decode): Decode it.

• Shared/WebProcessCreationParameters.h: Added additionalSandboxExtensionHandles member.

• UIProcess/API/APIProcessPoolConfiguration.cpp:

(API::ProcessPoolConfiguration::copy): Copy new m_additionalReadAccessAllowedPaths member.

• UIProcess/API/APIProcessPoolConfiguration.h: Added m_additionalReadAccessAllowedPaths member and accessor functions.

• UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h: Declared new additionalReadAccessAllowedURLs property whose value is an array of URLs to which the Web Content process will be given read access.
• UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:

(-[_WKProcessPoolConfiguration additionalReadAccessAllowedURLs]): New getter that returns

an array of file URLs from the ProcessPoolConfiguration's additionalReadAccessAllowedPaths().

(-[_WKProcessPoolConfiguration setAdditionalReadAccessAllowedURLs:]): New setter that checks

that the given URLs are file URLs and populates the ProcessPoolConfiguration's
additionalReadAccessAllowedPaths with their paths.

• UIProcess/WebProcessPool.cpp:

(WebKit::WebProcessPool::resolvePathsForSandboxExtensions): Populate the new

m_resolvedPaths.additionalWebProcessSandboxExtensionPaths with resolved paths from the
ProcessPoolConfiguration's additionalReadAccessAllowedPaths.

(WebKit::WebProcessPool::createNewWebProcess): Populate the WebProcessCreationParameters's

additionalSandboxExtensionHandles member with read-only sandbox extensions created from
the resolved paths.

• UIProcess/WebProcessPool.h: Added additionalWebProcessSandboxExtensionPaths member to the Paths struct.

• WebProcess/WebProcess.cpp:

(WebKit::WebProcess::initializeWebProcess): Consume the additional sandbox extensions.

Tools:

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLs.mm: Added.

(TEST):

• TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsPlugin.mm: Added.

(-[AdditionalReadAccessAllowedURLsPlugIn webProcessPlugIn:didCreateBrowserContextController:]):
(-[AdditionalReadAccessAllowedURLsPlugIn dealloc]):
(-[AdditionalReadAccessAllowedURLsPlugIn readStringFromURL:completionHandler:]):

• TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsProtocol.h: Added.

Location:

trunk

Files:

• Source/WebKit2/ChangeLog (modified) (1 diff)
• Source/WebKit2/Shared/WebProcessCreationParameters.cpp (modified) (2 diffs)
• Source/WebKit2/Shared/WebProcessCreationParameters.h (modified) (1 diff)
• Source/WebKit2/UIProcess/API/APIProcessPoolConfiguration.cpp (modified) (1 diff)
• Source/WebKit2/UIProcess/API/APIProcessPoolConfiguration.h (modified) (2 diffs)
• Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h (modified) (1 diff)
• Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm (modified) (1 diff)
• Source/WebKit2/UIProcess/WebProcessPool.cpp (modified) (2 diffs)
• Source/WebKit2/UIProcess/WebProcessPool.h (modified) (1 diff)
• Source/WebKit2/WebProcess/WebProcess.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (modified) (5 diffs)
• Tools/TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLs.mm (added)
• Tools/TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsPlugin.mm (added)
• Tools/TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsProtocol.h (added)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2017-04-13  Dan Bernstein  <mitz@apple.com>
+
+        [Cocoa] Allow clients to specify in _WKProcessPoolConfiguration additional directory sandbox extensions
+        https://bugs.webkit.org/show_bug.cgi?id=170387
+
+        Reviewed by Sam Weinig.
+
+        Test: TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLs.mm
+
+        Added an additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration.
+
+        * Shared/WebProcessCreationParameters.cpp:
+        (WebKit::WebProcessCreationParameters::encode): Encode the new
+          additionalSandboxExtensionHandles member.
+        (WebKit::WebProcessCreationParameters::decode): Decode it.
+        * Shared/WebProcessCreationParameters.h: Added additionalSandboxExtensionHandles member.
+
+        * UIProcess/API/APIProcessPoolConfiguration.cpp:
+        (API::ProcessPoolConfiguration::copy): Copy new m_additionalReadAccessAllowedPaths member.
+        * UIProcess/API/APIProcessPoolConfiguration.h: Added m_additionalReadAccessAllowedPaths
+          member and accessor functions.
+
+        * UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h: Declared new
+          additionalReadAccessAllowedURLs property whose value is an array of URLs to which the Web
+          Content process will be given read access.
+        * UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:
+        (-[_WKProcessPoolConfiguration additionalReadAccessAllowedURLs]): New getter that returns
+          an array of file URLs from the ProcessPoolConfiguration’s additionalReadAccessAllowedPaths().
+        (-[_WKProcessPoolConfiguration setAdditionalReadAccessAllowedURLs:]): New setter that checks
+          that the given URLs are file URLs and populates the ProcessPoolConfiguration’s
+          additionalReadAccessAllowedPaths with their paths.
+
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::resolvePathsForSandboxExtensions): Populate the new
+          m_resolvedPaths.additionalWebProcessSandboxExtensionPaths with resolved paths from the
+          ProcessPoolConfiguration’s additionalReadAccessAllowedPaths.
+        (WebKit::WebProcessPool::createNewWebProcess): Populate the WebProcessCreationParameters’s
+          additionalSandboxExtensionHandles member with read-only sandbox extensions created from
+          the resolved paths.
+        * UIProcess/WebProcessPool.h: Added additionalWebProcessSandboxExtensionPaths member to
+          the Paths struct.
+
+        * WebProcess/WebProcess.cpp:
+        (WebKit::WebProcess::initializeWebProcess): Consume the additional sandbox extensions.
+
 2017-04-13  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp

@@ -47 +47 @@
     encoder << injectedBundlePath;
     encoder << injectedBundlePathExtensionHandle;
+    encoder << additionalSandboxExtensionHandles;
     encoder << initializationUserData;
     encoder << applicationCacheDirectory;
@@ -152 +153 @@
     if (!decoder.decode(parameters.injectedBundlePathExtensionHandle))
         return false;
+    if (!decoder.decode(parameters.additionalSandboxExtensionHandles))
+        return false;
     if (!decoder.decode(parameters.initializationUserData))
         return false;

trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h

@@ -66 +66 @@
     String injectedBundlePath;
     SandboxExtension::Handle injectedBundlePathExtensionHandle;
+    SandboxExtension::HandleArray additionalSandboxExtensionHandles;
 
     UserData initializationUserData;

trunk/Source/WebKit2/UIProcess/API/APIProcessPoolConfiguration.cpp

@@ -112 +112 @@
     copy->m_cachePartitionedURLSchemes = this->m_cachePartitionedURLSchemes;
     copy->m_alwaysRevalidatedURLSchemes = this->m_alwaysRevalidatedURLSchemes;
+    copy->m_additionalReadAccessAllowedPaths = this->m_additionalReadAccessAllowedPaths;
     copy->m_fullySynchronousModeIsAllowedForTesting = this->m_fullySynchronousModeIsAllowedForTesting;
     copy->m_ignoreSynchronousMessagingTimeoutsForTesting = this->m_ignoreSynchronousMessagingTimeoutsForTesting;

trunk/Source/WebKit2/UIProcess/API/APIProcessPoolConfiguration.h

@@ -97 +97 @@
     void setAlwaysRevalidatedURLSchemes(Vector<WTF::String>&& alwaysRevalidatedURLSchemes) { m_alwaysRevalidatedURLSchemes = WTFMove(alwaysRevalidatedURLSchemes); }
 
+    const Vector<WTF::String>& additionalReadAccessAllowedPaths() { return m_additionalReadAccessAllowedPaths; }
+    void setAdditionalReadAccessAllowedPaths(Vector<WTF::String>&& additionalReadAccessAllowedPaths) { m_additionalReadAccessAllowedPaths = additionalReadAccessAllowedPaths; }
+
     bool fullySynchronousModeIsAllowedForTesting() const { return m_fullySynchronousModeIsAllowedForTesting; }
     void setFullySynchronousModeIsAllowedForTesting(bool allowed) { m_fullySynchronousModeIsAllowedForTesting = allowed; }
@@ -147 +150 @@
     Vector<WTF::String> m_cachePartitionedURLSchemes;
     Vector<WTF::String> m_alwaysRevalidatedURLSchemes;
+    Vector<WTF::String> m_additionalReadAccessAllowedPaths;
     bool m_fullySynchronousModeIsAllowedForTesting { false };
     bool m_ignoreSynchronousMessagingTimeoutsForTesting { false };

trunk/Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h

@@ -39 +39 @@
 @property (nonatomic) BOOL ignoreSynchronousMessagingTimeoutsForTesting WK_API_AVAILABLE(macosx(10.12), ios(10.0));
 
+@property (nonatomic, copy) NSArray<NSURL *> *additionalReadAccessAllowedURLs WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
+
 // Network Process properties
 // FIXME: These should be be per-session/data store when we support multiple non-persistent sessions/data stores.

trunk/Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm

@@ -103 +103 @@
 }
 
+- (NSArray<NSURL *> *)additionalReadAccessAllowedURLs
+{
+    auto paths = _processPoolConfiguration->additionalReadAccessAllowedPaths();
+    if (paths.isEmpty())
+        return @[ ];
+
+    NSMutableArray *urls = [NSMutableArray arrayWithCapacity:paths.size()];
+    for (const auto& path : paths)
+        [urls addObject:[NSURL fileURLWithPath:path]];
+
+    return urls;
+}
+
+- (void)setAdditionalReadAccessAllowedURLs:(NSArray<NSURL *> *)additionalReadAccessAllowedURLs
+{
+    Vector<String> paths;
+    paths.reserveInitialCapacity(additionalReadAccessAllowedURLs.count);
+    for (NSURL *url in additionalReadAccessAllowedURLs) {
+        if (!url.isFileURL)
+            [NSException raise:NSInvalidArgumentException format:@"%@ is not a file URL", url];
+
+        paths.uncheckedAppend(url.fileSystemRepresentation);
+    }
+
+    _processPoolConfiguration->setAdditionalReadAccessAllowedPaths(WTFMove(paths));
+}
+
 - (NSArray *)cachePartitionedURLSchemes
 {

trunk/Source/WebKit2/UIProcess/WebProcessPool.cpp

@@ -615 +615 @@
     m_resolvedPaths.mediaKeyStorageDirectory = resolveAndCreateReadWriteDirectoryForSandboxExtension(m_configuration->mediaKeysStorageDirectory());
 
+    m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.reserveCapacity(m_configuration->additionalReadAccessAllowedPaths().size());
+    for (const auto& path : m_configuration->additionalReadAccessAllowedPaths())
+        m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.uncheckedAppend(resolvePathForSandboxExtension(path));
+
     platformResolvePathsForSandboxExtensions();
 }
@@ -632 +636 @@
     if (!parameters.injectedBundlePath.isEmpty())
         SandboxExtension::createHandleWithoutResolvingPath(parameters.injectedBundlePath, SandboxExtension::ReadOnly, parameters.injectedBundlePathExtensionHandle);
+
+    parameters.additionalSandboxExtensionHandles.allocate(m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.size());
+    for (size_t i = 0, size = m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.size(); i < size; ++i)
+        SandboxExtension::createHandleWithoutResolvingPath(m_resolvedPaths.additionalWebProcessSandboxExtensionPaths[i], SandboxExtension::ReadOnly, parameters.additionalSandboxExtensionHandles[i]);
 
     parameters.applicationCacheDirectory = websiteDataStore ? websiteDataStore->resolvedApplicationCacheDirectory() : m_resolvedPaths.applicationCacheDirectory;

trunk/Source/WebKit2/UIProcess/WebProcessPool.h

@@ -612 +612 @@
         String containerTemporaryDirectory;
 #endif
+
+        Vector<String> additionalWebProcessSandboxExtensionPaths;
     };
     Paths m_resolvedPaths;

trunk/Source/WebKit2/WebProcess/WebProcess.cpp

@@ -287 +287 @@
         m_injectedBundle = InjectedBundle::create(parameters, transformHandlesToObjects(parameters.initializationUserData.object()).get());
 
+    for (size_t i = 0, size = parameters.additionalSandboxExtensionHandles.size(); i < size; ++i)
+        SandboxExtension::consumePermanently(parameters.additionalSandboxExtensionHandles[i]);
+
     for (auto& supplement : m_supplements.values())
         supplement->initialize(parameters);

trunk/Tools/ChangeLog

@@ +1 @@
+2017-04-13  Dan Bernstein  <mitz@apple.com>
+
+        [Cocoa] Allow clients to specify in _WKProcessPoolConfiguration additional directory sandbox extensions
+        https://bugs.webkit.org/show_bug.cgi?id=170387
+
+        Reviewed by Sam Weinig.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLs.mm: Added.
+        (TEST):
+        * TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsPlugin.mm: Added.
+        (-[AdditionalReadAccessAllowedURLsPlugIn webProcessPlugIn:didCreateBrowserContextController:]):
+        (-[AdditionalReadAccessAllowedURLsPlugIn dealloc]):
+        (-[AdditionalReadAccessAllowedURLsPlugIn readStringFromURL:completionHandler:]):
+        * TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsProtocol.h: Added.
+
 2017-04-13  Jonathan Bedard  <jbedard@apple.com>
 

trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

@@ -118 +118 @@
                 37DC6791140D7D7600ABCCDB /* DOMRangeOfString.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */; };
                 37E1064C1697681800B78BD0 /* DOMHTMLTableCellElementCellAbove.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37E1064B169767F700B78BD0 /* DOMHTMLTableCellElementCellAbove.html */; };
+                37E7DD641EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37E7DD631EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm */; };
+                37E7DD671EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37E7DD661EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm */; };
                 37FB72971DB2E82F00E41BE4 /* ContextMenuDefaultItemsHaveTags.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37FB72951DB2E82F00E41BE4 /* ContextMenuDefaultItemsHaveTags.mm */; };
                 3FBD1B4A1D3D66AB00E6D6FA /* FullscreenLayoutConstraints.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 3FBD1B491D39D1DB00E6D6FA /* FullscreenLayoutConstraints.html */; };
@@ -1019 +1021 @@
                 37E1064B169767F700B78BD0 /* DOMHTMLTableCellElementCellAbove.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DOMHTMLTableCellElementCellAbove.html; sourceTree = "<group>"; };
                 37E38C33169B7D010084C28C /* WebViewDidRemoveFrameFromHierarchy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewDidRemoveFrameFromHierarchy.mm; sourceTree = "<group>"; };
+                37E7DD631EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AdditionalReadAccessAllowedURLs.mm; sourceTree = "<group>"; };
+                37E7DD651EA0715B009B396D /* AdditionalReadAccessAllowedURLsProtocol.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AdditionalReadAccessAllowedURLsProtocol.h; sourceTree = "<group>"; };
+                37E7DD661EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AdditionalReadAccessAllowedURLsPlugin.mm; sourceTree = "<group>"; };
                 37FB72951DB2E82F00E41BE4 /* ContextMenuDefaultItemsHaveTags.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ContextMenuDefaultItemsHaveTags.mm; sourceTree = "<group>"; };
                 3F1B52681D3D7129008D60C4 /* FullscreenLayoutConstraints.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = FullscreenLayoutConstraints.mm; sourceTree = "<group>"; };
@@ -1626 +1631 @@
                                 A16F66B81C40E9E100BD4D24 /* Resources */,
                                 7CEFA9641AC0B9E200B910FD /* _WKUserContentExtensionStore.mm */,
+                                37E7DD631EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm */,
+                                37E7DD661EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm */,
+                                37E7DD651EA0715B009B396D /* AdditionalReadAccessAllowedURLsProtocol.h */,
                                 A1DF74301C41B65800A2F4D0 /* AlwaysRevalidatedURLSchemes.mm */,
                                 2DE71AFD1D49C0BD00904094 /* AnimatedResize.mm */,
@@ -2774 +2782 @@
                                 7CCE7EBC1A411A7E00447C4C /* DOMNodeFromJSObject.mm in Sources */,
                                 7CCE7EBD1A411A7E00447C4C /* DOMRangeOfString.mm in Sources */,
+                                37E7DD641EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm in Sources */,
                                 7CCE7EEC1A411AE600447C4C /* DOMWindowExtensionBasic.cpp in Sources */,
                                 7CCE7EED1A411AE600447C4C /* DOMWindowExtensionNoCache.cpp in Sources */,
@@ -3028 +3037 @@
                                 1A4F81CF1BDFFD53004E672E /* RemoteObjectRegistryPlugIn.mm in Sources */,
                                 A12DDC021E837C2400CF6CAE /* RenderedImageWithOptionsPlugIn.mm in Sources */,
+                                37E7DD671EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm in Sources */,
                                 7C882E091C80C630006BF731 /* UserContentWorldPlugIn.mm in Sources */,
                                 7C83E03D1D0A60D600FEBCF3 /* UtilitiesCocoa.mm in Sources */,