Changeset 233983 in webkit

Timestamp:

Jul 19, 2018 7:39:50 AM (6 years ago)

Author:

youenn@apple.com

Message:

Ensure experimentalPlugInSandboxProfilesEnabled is set on PluginProcess
​https://bugs.webkit.org/show_bug.cgi?id=187729

Reviewed by Ryosuke Niwa.

experimentalPlugInSandboxProfilesEnabled flag is used at initialization of the plugin process sandbox.
This flag value should be set according to the value of this flag in the UIProcess.
We set this value in the plugin process manager.
At launch of the plugin process, this flag will also be passed to it so that it is set properly.

• PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm:

(WebKit::PluginServiceInitializerDelegate::getExtraInitializationData):

• PluginProcess/mac/PluginProcessMac.mm:

(WebKit::PluginProcess::platformInitializeProcess):

• Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h:
• UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins):
(WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins):

• UIProcess/API/C/WKPreferencesRefPrivate.h:
• UIProcess/API/Cocoa/WKPreferences.mm:

(-[WKPreferences _setExperimentalPlugInSandboxProfilesEnabled:]):
(-[WKPreferences _experimentalPlugInSandboxProfilesEnabled]):

• UIProcess/API/Cocoa/WKPreferencesPrivate.h:
• UIProcess/Plugins/PluginProcessManager.h:

(WebKit::PluginProcessManager::experimentalPlugInSandboxProfilesEnabled const):

• UIProcess/Plugins/mac/PluginProcessManagerMac.mm:

(WebKit::PluginProcessManager::setExperimentalPlugInSandboxProfilesEnabled):

• UIProcess/Plugins/mac/PluginProcessProxyMac.mm:

(WebKit::PluginProcessProxy::platformGetLaunchOptions):

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm (modified) (1 diff)
• PluginProcess/mac/PluginProcessMac.mm (modified) (2 diffs)
• UIProcess/API/C/WKPreferences.cpp (modified) (2 diffs)
• UIProcess/API/C/WKPreferencesRefPrivate.h (modified) (1 diff)
• UIProcess/API/Cocoa/WKPreferences.mm (modified) (2 diffs)
• UIProcess/API/Cocoa/WKPreferencesPrivate.h (modified) (1 diff)
• UIProcess/Plugins/PluginProcessManager.h (modified) (2 diffs)
• UIProcess/Plugins/mac/PluginProcessManagerMac.mm (modified) (2 diffs)
• UIProcess/Plugins/mac/PluginProcessProxyMac.mm (modified) (2 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-07-19  Youenn Fablet  <youenn@apple.com>
+
+        Ensure experimentalPlugInSandboxProfilesEnabled is set on PluginProcess
+        https://bugs.webkit.org/show_bug.cgi?id=187729
+
+        Reviewed by Ryosuke Niwa.
+
+        experimentalPlugInSandboxProfilesEnabled flag is used at initialization of the plugin process sandbox.
+        This flag value should be set according to the value of this flag in the UIProcess.
+        We set this value in the plugin process manager.
+        At launch of the plugin process, this flag will also be passed to it so that it is set properly.
+
+        * PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm:
+        (WebKit::PluginServiceInitializerDelegate::getExtraInitializationData):
+        * PluginProcess/mac/PluginProcessMac.mm:
+        (WebKit::PluginProcess::platformInitializeProcess):
+        * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h:
+        * UIProcess/API/C/WKPreferences.cpp:
+        (WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins):
+        (WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins):
+        * UIProcess/API/C/WKPreferencesRefPrivate.h:
+        * UIProcess/API/Cocoa/WKPreferences.mm:
+        (-[WKPreferences _setExperimentalPlugInSandboxProfilesEnabled:]):
+        (-[WKPreferences _experimentalPlugInSandboxProfilesEnabled]):
+        * UIProcess/API/Cocoa/WKPreferencesPrivate.h:
+        * UIProcess/Plugins/PluginProcessManager.h:
+        (WebKit::PluginProcessManager::experimentalPlugInSandboxProfilesEnabled const):
+        * UIProcess/Plugins/mac/PluginProcessManagerMac.mm:
+        (WebKit::PluginProcessManager::setExperimentalPlugInSandboxProfilesEnabled):
+        * UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
+        (WebKit::PluginProcessProxy::platformGetLaunchOptions):
+
 2018-07-18  Ricky Mondello  <rmondello@apple.com>
 

trunk/Source/WebKit/PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm

@@ -56 +56 @@
             extraInitializationData.add("disable-sandbox", disableSandbox);
 
+        String experimentalSandboxPlugIn = xpc_dictionary_get_string(extraDataInitializationDataObject, "experimental-sandbox-plugin");
+        if (!experimentalSandboxPlugIn.isEmpty())
+            extraInitializationData.add("experimental-sandbox-plugin"_s, experimentalSandboxPlugIn);
+
         return true;
     }

trunk/Source/WebKit/PluginProcess/mac/PluginProcessMac.mm

@@ -41 +41 @@
 #import <CoreAudio/AudioHardware.h>
 #import <WebCore/LocalizedStrings.h>
+#import <WebCore/RuntimeEnabledFeatures.h>
 #import <dlfcn.h>
 #import <mach-o/dyld.h>
@@ -529 +530 @@
     initializeCocoaOverrides();
 
+    bool experimentalPlugInSandboxProfilesEnabled = parameters.extraInitializationData.get("experimental-sandbox-plugin") == "1";
+    RuntimeEnabledFeatures::sharedFeatures().setExperimentalPlugInSandboxProfilesEnabled(experimentalPlugInSandboxProfilesEnabled);
+
     // FIXME: It would be better to proxy SetCursor calls over to the UI process instead of
     // allowing plug-ins to change the mouse cursor at any time.

trunk/Source/WebKit/UIProcess/API/C/WKPreferences.cpp

@@ -26 +26 @@
 #include "config.h"
 
+#include "PluginProcessManager.h"
 #include "WKPreferencesRef.h"
 #include "WKPreferencesRefPrivate.h"
@@ -1154 +1155 @@
 }
 
+void WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef, bool enabled)
+{
+#if ENABLE(NETSCAPE_PLUGIN_API) && PLATFORM(MAC)
+    WebKit::PluginProcessManager::singleton().setExperimentalPlugInSandboxProfilesEnabled(enabled);
+#endif
+    toImpl(preferencesRef)->setExperimentalPlugInSandboxProfilesEnabled(enabled);
+}
+
+bool WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->experimentalPlugInSandboxProfilesEnabled();
+}
+
 void WKPreferencesSetSnapshotAllPlugIns(WKPreferencesRef preferencesRef, bool enabled)
 {

trunk/Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h

@@ -261 +261 @@
 
 // Defaults to false
+WK_EXPORT void WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef, bool enabled);
+WK_EXPORT bool WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef);
+
+// Defaults to false
 WK_EXPORT void WKPreferencesSetArtificialPluginInitializationDelayEnabled(WKPreferencesRef preferencesRef, bool enabled);
 WK_EXPORT bool WKPreferencesGetArtificialPluginInitializationDelayEnabled(WKPreferencesRef preferencesRef);

trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm

@@ -30 +30 @@
 
 #import "APIArray.h"
+#import "PluginProcessManager.h"
 #import "WKNSArray.h"
 #import "WebPreferences.h"
@@ -943 +944 @@
 }
 
+- (void)_setExperimentalPlugInSandboxProfilesEnabled:(BOOL)enabled
+{
+#if ENABLE(NETSCAPE_PLUGIN_API)
+    WebKit::PluginProcessManager::singleton().setExperimentalPlugInSandboxProfilesEnabled(enabled);
+#endif
+    _preferences->setExperimentalPlugInSandboxProfilesEnabled(enabled);
+}
+
+- (BOOL)_experimentalPlugInSandboxProfilesEnabled
+{
+    return _preferences->experimentalPlugInSandboxProfilesEnabled();
+}
+
 - (void)_setCookieEnabled:(BOOL)enabled
 {

trunk/Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h

@@ -160 +160 @@
 @property (nonatomic, setter=_setAsynchronousPluginInitializationEnabled:) BOOL _asynchronousPluginInitializationEnabled WK_API_AVAILABLE(macosx(10.13.4));
 @property (nonatomic, setter=_setArtificialPluginInitializationDelayEnabled:) BOOL _artificialPluginInitializationDelayEnabled WK_API_AVAILABLE(macosx(10.13.4));
+@property (nonatomic, setter=_setExperimentalPlugInSandboxProfilesEnabled:) BOOL _experimentalPlugInSandboxProfilesEnabled WK_API_AVAILABLE(macosx(WK_MAC_TBA));
 @property (nonatomic, setter=_setCookieEnabled:) BOOL _cookieEnabled WK_API_AVAILABLE(macosx(10.13.4));
 @property (nonatomic, setter=_setPlugInSnapshottingEnabled:) BOOL _plugInSnapshottingEnabled WK_API_AVAILABLE(macosx(10.13.4));

trunk/Source/WebKit/UIProcess/Plugins/PluginProcessManager.h

@@ -77 +77 @@
     const Vector<RefPtr<PluginProcessProxy>>& pluginProcesses() const { return m_pluginProcesses; }
 
+#if PLATFORM(MAC)
+    void setExperimentalPlugInSandboxProfilesEnabled(bool);
+    bool experimentalPlugInSandboxProfilesEnabled() const { return m_experimentalPlugInSandboxProfilesEnabled; }
+#endif
+
 private:
     PluginProcessManager();
@@ -90 +95 @@
 #if PLATFORM(COCOA)
     ProcessSuppressionDisabledCounter m_processSuppressionDisabledForPageCounter;
+#endif
+#if PLATFORM(MAC)
+    bool m_experimentalPlugInSandboxProfilesEnabled { false };
 #endif
 };

trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessManagerMac.mm

@@ -30 +30 @@
 
 #import "PluginProcessProxy.h"
+#import <WebCore/RuntimeEnabledFeatures.h>
 
 namespace WebKit {
@@ -48 +49 @@
 }
 
+void PluginProcessManager::setExperimentalPlugInSandboxProfilesEnabled(bool enabled)
+{
+    m_experimentalPlugInSandboxProfilesEnabled = enabled;
+    WebCore::RuntimeEnabledFeatures::sharedFeatures().setExperimentalPlugInSandboxProfilesEnabled(enabled);
+}
+
 } // namespace WebKit
 

trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm

@@ -30 +30 @@
 
 #import "PluginProcessCreationParameters.h"
+#import "PluginProcessManager.h"
 #import "PluginProcessMessages.h"
 #import "SandboxUtilities.h"
@@ -69 +70 @@
     launchOptions.extraInitializationData.add("plugin-path", pluginProcessAttributes.moduleInfo.path);
 
+    if (PluginProcessManager::singleton().experimentalPlugInSandboxProfilesEnabled())
+        launchOptions.extraInitializationData.add("experimental-sandbox-plugin", "1");
+
     if (pluginProcessAttributes.sandboxPolicy == PluginProcessSandboxPolicyUnsandboxed) {
         if (!currentProcessIsSandboxed())