Changeset 215355 in webkit
- Timestamp:
- Apr 13, 2017, 9:33:07 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 3 added
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r215329 r215355 1 2017-04-13 Dan Bernstein <mitz@apple.com> 2 3 [Cocoa] Allow clients to specify in _WKProcessPoolConfiguration additional directory sandbox extensions 4 https://bugs.webkit.org/show_bug.cgi?id=170387 5 6 Reviewed by Sam Weinig. 7 8 Test: TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLs.mm 9 10 Added an additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration. 11 12 * Shared/WebProcessCreationParameters.cpp: 13 (WebKit::WebProcessCreationParameters::encode): Encode the new 14 additionalSandboxExtensionHandles member. 15 (WebKit::WebProcessCreationParameters::decode): Decode it. 16 * Shared/WebProcessCreationParameters.h: Added additionalSandboxExtensionHandles member. 17 18 * UIProcess/API/APIProcessPoolConfiguration.cpp: 19 (API::ProcessPoolConfiguration::copy): Copy new m_additionalReadAccessAllowedPaths member. 20 * UIProcess/API/APIProcessPoolConfiguration.h: Added m_additionalReadAccessAllowedPaths 21 member and accessor functions. 22 23 * UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h: Declared new 24 additionalReadAccessAllowedURLs property whose value is an array of URLs to which the Web 25 Content process will be given read access. 26 * UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm: 27 (-[_WKProcessPoolConfiguration additionalReadAccessAllowedURLs]): New getter that returns 28 an array of file URLs from the ProcessPoolConfiguration’s additionalReadAccessAllowedPaths(). 29 (-[_WKProcessPoolConfiguration setAdditionalReadAccessAllowedURLs:]): New setter that checks 30 that the given URLs are file URLs and populates the ProcessPoolConfiguration’s 31 additionalReadAccessAllowedPaths with their paths. 32 33 * UIProcess/WebProcessPool.cpp: 34 (WebKit::WebProcessPool::resolvePathsForSandboxExtensions): Populate the new 35 m_resolvedPaths.additionalWebProcessSandboxExtensionPaths with resolved paths from the 36 ProcessPoolConfiguration’s additionalReadAccessAllowedPaths. 37 (WebKit::WebProcessPool::createNewWebProcess): Populate the WebProcessCreationParameters’s 38 additionalSandboxExtensionHandles member with read-only sandbox extensions created from 39 the resolved paths. 40 * UIProcess/WebProcessPool.h: Added additionalWebProcessSandboxExtensionPaths member to 41 the Paths struct. 42 43 * WebProcess/WebProcess.cpp: 44 (WebKit::WebProcess::initializeWebProcess): Consume the additional sandbox extensions. 45 1 46 2017-04-13 Alex Christensen <achristensen@webkit.org> 2 47 -
trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp
r214027 r215355 47 47 encoder << injectedBundlePath; 48 48 encoder << injectedBundlePathExtensionHandle; 49 encoder << additionalSandboxExtensionHandles; 49 50 encoder << initializationUserData; 50 51 encoder << applicationCacheDirectory; … … 152 153 if (!decoder.decode(parameters.injectedBundlePathExtensionHandle)) 153 154 return false; 155 if (!decoder.decode(parameters.additionalSandboxExtensionHandles)) 156 return false; 154 157 if (!decoder.decode(parameters.initializationUserData)) 155 158 return false; -
trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h
r215173 r215355 66 66 String injectedBundlePath; 67 67 SandboxExtension::Handle injectedBundlePathExtensionHandle; 68 SandboxExtension::HandleArray additionalSandboxExtensionHandles; 68 69 69 70 UserData initializationUserData; -
trunk/Source/WebKit2/UIProcess/API/APIProcessPoolConfiguration.cpp
r215297 r215355 112 112 copy->m_cachePartitionedURLSchemes = this->m_cachePartitionedURLSchemes; 113 113 copy->m_alwaysRevalidatedURLSchemes = this->m_alwaysRevalidatedURLSchemes; 114 copy->m_additionalReadAccessAllowedPaths = this->m_additionalReadAccessAllowedPaths; 114 115 copy->m_fullySynchronousModeIsAllowedForTesting = this->m_fullySynchronousModeIsAllowedForTesting; 115 116 copy->m_ignoreSynchronousMessagingTimeoutsForTesting = this->m_ignoreSynchronousMessagingTimeoutsForTesting; -
trunk/Source/WebKit2/UIProcess/API/APIProcessPoolConfiguration.h
r215297 r215355 97 97 void setAlwaysRevalidatedURLSchemes(Vector<WTF::String>&& alwaysRevalidatedURLSchemes) { m_alwaysRevalidatedURLSchemes = WTFMove(alwaysRevalidatedURLSchemes); } 98 98 99 const Vector<WTF::String>& additionalReadAccessAllowedPaths() { return m_additionalReadAccessAllowedPaths; } 100 void setAdditionalReadAccessAllowedPaths(Vector<WTF::String>&& additionalReadAccessAllowedPaths) { m_additionalReadAccessAllowedPaths = additionalReadAccessAllowedPaths; } 101 99 102 bool fullySynchronousModeIsAllowedForTesting() const { return m_fullySynchronousModeIsAllowedForTesting; } 100 103 void setFullySynchronousModeIsAllowedForTesting(bool allowed) { m_fullySynchronousModeIsAllowedForTesting = allowed; } … … 147 150 Vector<WTF::String> m_cachePartitionedURLSchemes; 148 151 Vector<WTF::String> m_alwaysRevalidatedURLSchemes; 152 Vector<WTF::String> m_additionalReadAccessAllowedPaths; 149 153 bool m_fullySynchronousModeIsAllowedForTesting { false }; 150 154 bool m_ignoreSynchronousMessagingTimeoutsForTesting { false }; -
trunk/Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.h
r215297 r215355 39 39 @property (nonatomic) BOOL ignoreSynchronousMessagingTimeoutsForTesting WK_API_AVAILABLE(macosx(10.12), ios(10.0)); 40 40 41 @property (nonatomic, copy) NSArray<NSURL *> *additionalReadAccessAllowedURLs WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA)); 42 41 43 // Network Process properties 42 44 // FIXME: These should be be per-session/data store when we support multiple non-persistent sessions/data stores. -
trunk/Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm
r215297 r215355 103 103 } 104 104 105 - (NSArray<NSURL *> *)additionalReadAccessAllowedURLs 106 { 107 auto paths = _processPoolConfiguration->additionalReadAccessAllowedPaths(); 108 if (paths.isEmpty()) 109 return @[ ]; 110 111 NSMutableArray *urls = [NSMutableArray arrayWithCapacity:paths.size()]; 112 for (const auto& path : paths) 113 [urls addObject:[NSURL fileURLWithPath:path]]; 114 115 return urls; 116 } 117 118 - (void)setAdditionalReadAccessAllowedURLs:(NSArray<NSURL *> *)additionalReadAccessAllowedURLs 119 { 120 Vector<String> paths; 121 paths.reserveInitialCapacity(additionalReadAccessAllowedURLs.count); 122 for (NSURL *url in additionalReadAccessAllowedURLs) { 123 if (!url.isFileURL) 124 [NSException raise:NSInvalidArgumentException format:@"%@ is not a file URL", url]; 125 126 paths.uncheckedAppend(url.fileSystemRepresentation); 127 } 128 129 _processPoolConfiguration->setAdditionalReadAccessAllowedPaths(WTFMove(paths)); 130 } 131 105 132 - (NSArray *)cachePartitionedURLSchemes 106 133 { -
trunk/Source/WebKit2/UIProcess/WebProcessPool.cpp
r215313 r215355 615 615 m_resolvedPaths.mediaKeyStorageDirectory = resolveAndCreateReadWriteDirectoryForSandboxExtension(m_configuration->mediaKeysStorageDirectory()); 616 616 617 m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.reserveCapacity(m_configuration->additionalReadAccessAllowedPaths().size()); 618 for (const auto& path : m_configuration->additionalReadAccessAllowedPaths()) 619 m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.uncheckedAppend(resolvePathForSandboxExtension(path)); 620 617 621 platformResolvePathsForSandboxExtensions(); 618 622 } … … 632 636 if (!parameters.injectedBundlePath.isEmpty()) 633 637 SandboxExtension::createHandleWithoutResolvingPath(parameters.injectedBundlePath, SandboxExtension::ReadOnly, parameters.injectedBundlePathExtensionHandle); 638 639 parameters.additionalSandboxExtensionHandles.allocate(m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.size()); 640 for (size_t i = 0, size = m_resolvedPaths.additionalWebProcessSandboxExtensionPaths.size(); i < size; ++i) 641 SandboxExtension::createHandleWithoutResolvingPath(m_resolvedPaths.additionalWebProcessSandboxExtensionPaths[i], SandboxExtension::ReadOnly, parameters.additionalSandboxExtensionHandles[i]); 634 642 635 643 parameters.applicationCacheDirectory = websiteDataStore ? websiteDataStore->resolvedApplicationCacheDirectory() : m_resolvedPaths.applicationCacheDirectory; -
trunk/Source/WebKit2/UIProcess/WebProcessPool.h
r214413 r215355 612 612 String containerTemporaryDirectory; 613 613 #endif 614 615 Vector<String> additionalWebProcessSandboxExtensionPaths; 614 616 }; 615 617 Paths m_resolvedPaths; -
trunk/Source/WebKit2/WebProcess/WebProcess.cpp
r215265 r215355 287 287 m_injectedBundle = InjectedBundle::create(parameters, transformHandlesToObjects(parameters.initializationUserData.object()).get()); 288 288 289 for (size_t i = 0, size = parameters.additionalSandboxExtensionHandles.size(); i < size; ++i) 290 SandboxExtension::consumePermanently(parameters.additionalSandboxExtensionHandles[i]); 291 289 292 for (auto& supplement : m_supplements.values()) 290 293 supplement->initialize(parameters); -
trunk/Tools/ChangeLog
r215346 r215355 1 2017-04-13 Dan Bernstein <mitz@apple.com> 2 3 [Cocoa] Allow clients to specify in _WKProcessPoolConfiguration additional directory sandbox extensions 4 https://bugs.webkit.org/show_bug.cgi?id=170387 5 6 Reviewed by Sam Weinig. 7 8 * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: 9 * TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLs.mm: Added. 10 (TEST): 11 * TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsPlugin.mm: Added. 12 (-[AdditionalReadAccessAllowedURLsPlugIn webProcessPlugIn:didCreateBrowserContextController:]): 13 (-[AdditionalReadAccessAllowedURLsPlugIn dealloc]): 14 (-[AdditionalReadAccessAllowedURLsPlugIn readStringFromURL:completionHandler:]): 15 * TestWebKitAPI/Tests/WebKit2Cocoa/AdditionalReadAccessAllowedURLsProtocol.h: Added. 16 1 17 2017-04-13 Jonathan Bedard <jbedard@apple.com> 2 18 -
trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
r215246 r215355 118 118 37DC6791140D7D7600ABCCDB /* DOMRangeOfString.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */; }; 119 119 37E1064C1697681800B78BD0 /* DOMHTMLTableCellElementCellAbove.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37E1064B169767F700B78BD0 /* DOMHTMLTableCellElementCellAbove.html */; }; 120 37E7DD641EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37E7DD631EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm */; }; 121 37E7DD671EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37E7DD661EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm */; }; 120 122 37FB72971DB2E82F00E41BE4 /* ContextMenuDefaultItemsHaveTags.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37FB72951DB2E82F00E41BE4 /* ContextMenuDefaultItemsHaveTags.mm */; }; 121 123 3FBD1B4A1D3D66AB00E6D6FA /* FullscreenLayoutConstraints.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 3FBD1B491D39D1DB00E6D6FA /* FullscreenLayoutConstraints.html */; }; … … 1019 1021 37E1064B169767F700B78BD0 /* DOMHTMLTableCellElementCellAbove.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = DOMHTMLTableCellElementCellAbove.html; sourceTree = "<group>"; }; 1020 1022 37E38C33169B7D010084C28C /* WebViewDidRemoveFrameFromHierarchy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewDidRemoveFrameFromHierarchy.mm; sourceTree = "<group>"; }; 1023 37E7DD631EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AdditionalReadAccessAllowedURLs.mm; sourceTree = "<group>"; }; 1024 37E7DD651EA0715B009B396D /* AdditionalReadAccessAllowedURLsProtocol.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AdditionalReadAccessAllowedURLsProtocol.h; sourceTree = "<group>"; }; 1025 37E7DD661EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AdditionalReadAccessAllowedURLsPlugin.mm; sourceTree = "<group>"; }; 1021 1026 37FB72951DB2E82F00E41BE4 /* ContextMenuDefaultItemsHaveTags.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ContextMenuDefaultItemsHaveTags.mm; sourceTree = "<group>"; }; 1022 1027 3F1B52681D3D7129008D60C4 /* FullscreenLayoutConstraints.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = FullscreenLayoutConstraints.mm; sourceTree = "<group>"; }; … … 1626 1631 A16F66B81C40E9E100BD4D24 /* Resources */, 1627 1632 7CEFA9641AC0B9E200B910FD /* _WKUserContentExtensionStore.mm */, 1633 37E7DD631EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm */, 1634 37E7DD661EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm */, 1635 37E7DD651EA0715B009B396D /* AdditionalReadAccessAllowedURLsProtocol.h */, 1628 1636 A1DF74301C41B65800A2F4D0 /* AlwaysRevalidatedURLSchemes.mm */, 1629 1637 2DE71AFD1D49C0BD00904094 /* AnimatedResize.mm */, … … 2774 2782 7CCE7EBC1A411A7E00447C4C /* DOMNodeFromJSObject.mm in Sources */, 2775 2783 7CCE7EBD1A411A7E00447C4C /* DOMRangeOfString.mm in Sources */, 2784 37E7DD641EA06FF2009B396D /* AdditionalReadAccessAllowedURLs.mm in Sources */, 2776 2785 7CCE7EEC1A411AE600447C4C /* DOMWindowExtensionBasic.cpp in Sources */, 2777 2786 7CCE7EED1A411AE600447C4C /* DOMWindowExtensionNoCache.cpp in Sources */, … … 3028 3037 1A4F81CF1BDFFD53004E672E /* RemoteObjectRegistryPlugIn.mm in Sources */, 3029 3038 A12DDC021E837C2400CF6CAE /* RenderedImageWithOptionsPlugIn.mm in Sources */, 3039 37E7DD671EA071F3009B396D /* AdditionalReadAccessAllowedURLsPlugin.mm in Sources */, 3030 3040 7C882E091C80C630006BF731 /* UserContentWorldPlugIn.mm in Sources */, 3031 3041 7C83E03D1D0A60D600FEBCF3 /* UtilitiesCocoa.mm in Sources */,
Note:
See TracChangeset
for help on using the changeset viewer.