Changeset 237107 in webkit
- Timestamp:
- Oct 15, 2018 8:02:59 AM (5 years ago)
- Location:
- trunk
- Files:
-
- 24 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/ChangeLog
r237097 r237107 1 2018-10-15 Patrick Griffis <pgriffis@igalia.com> 2 3 [GTK][WPE] Implement subprocess sandboxing 4 https://bugs.webkit.org/show_bug.cgi?id=188568 5 6 Reviewed by Michael Catanzaro. 7 8 Add ENABLE_BUBBLEWRAP_SANDBOX option for sandboxing. 9 10 * Source/cmake/FindLibseccomp.cmake: Added. 11 * Source/cmake/OptionsGTK.cmake: 12 * Source/cmake/WebKitFeatures.cmake: 13 1 14 2018-10-14 Yusuke Suzuki <yusukesuzuki@slowstart.org> 2 15 -
trunk/Source/WebCore/ChangeLog
r237106 r237107 1 2018-10-15 Patrick Griffis <pgriffis@igalia.com> 2 3 [GTK][WPE] Implement subprocess sandboxing 4 https://bugs.webkit.org/show_bug.cgi?id=188568 5 6 Reviewed by Michael Catanzaro. 7 8 Link against libseccomp. 9 10 * PlatformGTK.cmake: 11 1 12 2018-10-15 YUHAN WU <yuhan_wu@apple.com> 2 13 -
trunk/Source/WebCore/PlatformGTK.cmake
r234582 r237107 107 107 ${GLIB_GOBJECT_LIBRARIES} 108 108 ${GLIB_LIBRARIES} 109 ${LIBSECCOMP_LIBRARIES} 109 110 ${LIBSECRET_LIBRARIES} 110 111 ${LIBSOUP_LIBRARIES} … … 126 127 ${GIO_UNIX_INCLUDE_DIRS} 127 128 ${GLIB_INCLUDE_DIRS} 129 ${LIBSECCOMP_INCLUDE_DIRS} 128 130 ${LIBSECRET_INCLUDE_DIRS} 129 131 ${LIBSOUP_INCLUDE_DIRS} -
trunk/Source/WebKit/ChangeLog
r237104 r237107 1 2018-10-15 Patrick Griffis <pgriffis@igalia.com> 2 3 [GTK][WPE] Implement subprocess sandboxing 4 https://bugs.webkit.org/show_bug.cgi?id=188568 5 6 Reviewed by Michael Catanzaro. 7 8 This implements sandboxing of WebKitWebProcesses. 9 10 The sandbox is opt-in at runtime as it is a behavior change. 11 See webkit_web_context_set_sandbox_enabled() and the 12 WEBKIT_FORCE_SANDBOX env var for developers. 13 14 This is Linux specific using Namespaces, Seccomp, and a DBus proxy service. 15 This introduces three new dependencies: 16 17 - bwrap executable 18 - libseccomp library 19 - xdg-dbus-proxy executable 20 21 The use of xdg-dbus-proxy will ideally be replaced once upstream DBus 22 gains the same filtering abilities which is a work in progress. 23 24 Currently the sandbox is not completed and there are a few large holes: 25 26 - Pulseaudio: The Pipewire project will solve this. 27 - DRI device access: No immediate solutions planned. 28 - Webcam device access: Pipewire will also solve this. 29 - Webprocess network access: Will require GStreamer changes. 30 - DConf access: Custom proxy planned. 31 - X11 access: Wayland solves this. 32 33 That is not an exhaustive list but are the noteworthy ones. Filesystem access 34 is still an evolving list as problems are found as is specific DBus name access. 35 36 * PlatformGTK.cmake: 37 * PlatformWPE.cmake: 38 * SourcesGTK.txt: 39 * SourcesWPE.txt: 40 * UIProcess/API/glib/WebKitWebContext.cpp: 41 (webkit_web_context_set_sandbox_enabled): 42 (webkit_web_context_get_sandbox_enabled): 43 * UIProcess/API/gtk/WebKitWebContext.h: 44 * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt: 45 * UIProcess/API/wpe/WebKitWebContext.h: 46 * UIProcess/ChildProcessProxy.cpp: 47 (WebKit::ChildProcessProxy::getLaunchOptions): 48 * UIProcess/ChildProcessProxy.h: 49 (WebKit::ChildProcessProxy::platformGetLaunchOptions): 50 * UIProcess/Launcher/ProcessLauncher.h: 51 * UIProcess/Launcher/glib/BubblewrapLauncher.cpp: Added. 52 (WebKit::memfd_create): 53 (WebKit::argsToFd): 54 (WebKit::XDGDBusProxyLauncher::setAddress): 55 (WebKit::XDGDBusProxyLauncher::isRunning const): 56 (WebKit::XDGDBusProxyLauncher::path const): 57 (WebKit::XDGDBusProxyLauncher::proxyPath const): 58 (WebKit::XDGDBusProxyLauncher::setPermissions): 59 (WebKit::XDGDBusProxyLauncher::launch): 60 (WebKit::XDGDBusProxyLauncher::childSetupFunc): 61 (WebKit::XDGDBusProxyLauncher::makeProxyPath): 62 (WebKit::XDGDBusProxyLauncher::dbusAddressToPath): 63 (WebKit::bindIfExists): 64 (WebKit::bindDBusSession): 65 (WebKit::bindX11): 66 (WebKit::bindDconf): 67 (WebKit::bindWayland): 68 (WebKit::bindPulse): 69 (WebKit::bindFonts): 70 (WebKit::bindGtkData): 71 (WebKit::bindA11y): 72 (WebKit::bindPathVar): 73 (WebKit::bindGStreamerData): 74 (WebKit::bindOpenGL): 75 (WebKit::bindV4l): 76 (WebKit::bindSymlinksRealPath): 77 (WebKit::setupSeccomp): 78 (WebKit::bubblewrapSpawn): 79 * UIProcess/Launcher/glib/BubblewrapLauncher.h: Added. 80 * UIProcess/Launcher/glib/FlatpakLauncher.cpp: Added. 81 (WebKit::flatpakSpawn): 82 * UIProcess/Launcher/glib/FlatpakLauncher.h: Added. 83 * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp: 84 (WebKit::isInsideFlatpak): 85 (WebKit::ProcessLauncher::launchProcess): 86 * UIProcess/Plugins/PluginProcessProxy.cpp: 87 (WebKit::PluginProcessProxy::getLaunchOptions): 88 * UIProcess/Plugins/PluginProcessProxy.h: 89 * UIProcess/Plugins/mac/PluginProcessProxyMac.mm: 90 (WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes): 91 * UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp: 92 (WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes): 93 * UIProcess/WebProcessPool.h: 94 * UIProcess/WebProcessProxy.cpp: 95 (WebKit::WebProcessProxy::platformGetLaunchOptions): 96 * UIProcess/WebProcessProxy.h: 97 * UIProcess/glib/WebProcessProxyGLib.cpp: Added. 98 (WebKit::WebProcessProxy::platformGetLaunchOptions): 99 1 100 2018-10-15 Alex Christensen <achristensen@webkit.org> 2 101 -
trunk/Source/WebKit/PlatformGTK.cmake
r236690 r237107 20 20 add_definitions(-DPKGLIBEXECDIR="${LIBEXEC_INSTALL_DIR}") 21 21 add_definitions(-DLOCALEDIR="${CMAKE_INSTALL_FULL_LOCALEDIR}") 22 add_definitions(-DDATADIR="${CMAKE_INSTALL_FULL_DATADIR}") 22 23 add_definitions(-DLIBDIR="${LIB_INSTALL_DIR}") 23 24 … … 625 626 UIProcess/Launcher/ProcessLauncher.cpp 626 627 628 UIProcess/Launcher/glib/BubblewrapLauncher.cpp 629 UIProcess/Launcher/glib/FlatpakLauncher.cpp 627 630 UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 628 631 -
trunk/Source/WebKit/PlatformWPE.cmake
r236975 r237107 17 17 add_definitions(-DPKGLIBDIR="${LIB_INSTALL_DIR}/wpe-webkit-${WPE_API_VERSION}") 18 18 add_definitions(-DPKGLIBEXECDIR="${LIBEXEC_INSTALL_DIR}") 19 add_definitions(-DDATADIR="${CMAKE_INSTALL_FULL_DATADIR}") 19 20 add_definitions(-DLOCALEDIR="${CMAKE_INSTALL_FULL_LOCALEDIR}") 20 21 -
trunk/Source/WebKit/SourcesGTK.txt
r237031 r237107 204 204 205 205 UIProcess/Launcher/glib/ProcessLauncherGLib.cpp @no-unify 206 UIProcess/Launcher/glib/BubblewrapLauncher.cpp @no-unify 207 UIProcess/Launcher/glib/FlatpakLauncher.cpp @no-unify 206 208 207 209 UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp … … 221 223 222 224 UIProcess/glib/RemoteInspectorClient.cpp 225 UIProcess/glib/WebProcessProxyGLib.cpp 223 226 224 227 UIProcess/gstreamer/InstallMissingMediaPluginsPermissionRequest.cpp -
trunk/Source/WebKit/SourcesWPE.txt
r237031 r237107 178 178 UIProcess/Automation/wpe/WebAutomationSessionWPE.cpp 179 179 180 UIProcess/glib/WebProcessProxyGLib.cpp 181 180 182 UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 183 UIProcess/Launcher/glib/BubblewrapLauncher.cpp 184 UIProcess/Launcher/glib/FlatpakLauncher.cpp 181 185 182 186 UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp -
trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp
r235560 r237107 1149 1149 1150 1150 /** 1151 * webkit_web_context_set_sandbox_enabled: 1152 * @context: a #WebKitWebContext 1153 * @enabled: if %TRUE enable sandboxing 1154 * 1155 * Set whether WebKit subprocesses will be sandboxed, limiting access to the system. 1156 * 1157 * This method **must be called before any web process has been created**, 1158 * as early as possible in your application. Calling it later is a fatal error. 1159 * 1160 * This is only implemented on Linux and is a no-op otherwise. 1161 * 1162 * If you read from `$XDG_CONFIG_HOME/g_get_prgname()` or `$XDG_CACHE_HOME/g_get_prgname()` 1163 * in your WebProcess you must ensure it exists before subprocesses are created. 1164 * This behavior may change in the future. 1165 * 1166 * Since: 2.24 1167 */ 1168 void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean enabled) 1169 { 1170 g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context)); 1171 1172 if (context->priv->processPool->processes().size()) 1173 g_error("Sandboxing cannot be changed after subprocesses were spawned."); 1174 1175 context->priv->processPool->setSandboxEnabled(enabled); 1176 } 1177 1178 /** 1179 * webkit_web_context_get_sandbox_enabled: 1180 * @context: a #WebKitWebContext 1181 * 1182 * Get whether sandboxing is currently enabled. 1183 * 1184 * Returns: %TRUE if sandboxing is enabled, or %FALSE otherwise. 1185 * 1186 * Since: 2.24 1187 */ 1188 gboolean webkit_web_context_get_sandbox_enabled(WebKitWebContext* context) 1189 { 1190 g_return_val_if_fail(WEBKIT_IS_WEB_CONTEXT(context), FALSE); 1191 1192 return context->priv->processPool->sandboxEnabled(); 1193 } 1194 1195 /** 1151 1196 * webkit_web_context_get_spell_checking_enabled: 1152 1197 * @context: a #WebKitWebContext -
trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h
r220903 r237107 248 248 GDestroyNotify user_data_destroy_func); 249 249 250 WEBKIT_API void 251 webkit_web_context_set_sandbox_enabled (WebKitWebContext *context, 252 gboolean enabled); 253 254 WEBKIT_API gboolean 255 webkit_web_context_get_sandbox_enabled (WebKitWebContext *context); 256 250 257 WEBKIT_API gboolean 251 258 webkit_web_context_get_spell_checking_enabled (WebKitWebContext *context); -
trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt
r235969 r237107 52 52 webkit_web_context_get_plugins 53 53 webkit_web_context_get_plugins_finish 54 webkit_web_context_get_sandbox_enabled 55 webkit_web_context_set_sandbox_enabled 54 56 webkit_web_context_get_spell_checking_enabled 55 57 webkit_web_context_set_spell_checking_enabled -
trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h
r231004 r237107 298 298 299 299 WEBKIT_API void 300 webkit_web_context_set_sandbox_enabled (WebKitWebContext *context, 301 gboolean enabled); 302 303 WEBKIT_API gboolean 304 webkit_web_context_get_sandbox_enabled (WebKitWebContext *context); 305 306 WEBKIT_API void 300 307 webkit_web_context_initialize_notification_permissions 301 308 (WebKitWebContext *context, -
trunk/Source/WebKit/UIProcess/ChildProcessProxy.cpp
r233122 r237107 81 81 launchOptions.processCmdPrefix = String::fromUTF8(processCmdPrefix); 82 82 #endif // ENABLE(DEVELOPER_MODE) && (PLATFORM(GTK) || PLATFORM(WPE)) 83 84 platformGetLaunchOptions(launchOptions); 83 85 } 84 86 -
trunk/Source/WebKit/UIProcess/ChildProcessProxy.h
r236464 r237107 94 94 95 95 virtual void getLaunchOptions(ProcessLauncher::LaunchOptions&); 96 virtual void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&) { }; 96 97 97 98 private: -
trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
r236690 r237107 28 28 #include "ProcessLauncher.h" 29 29 30 #include "BubblewrapLauncher.h" 30 31 #include "Connection.h" 32 #include "FlatpakLauncher.h" 31 33 #include "ProcessExecutablePath.h" 32 34 #include <WebCore/FileSystem.h> … … 54 56 } 55 57 58 #if OS(LINUX) 59 static bool isInsideFlatpak() 60 { 61 static int ret = -1; 62 if (ret != -1) 63 return ret; 64 65 GUniquePtr<GKeyFile> infoFile(g_key_file_new()); 66 if (!g_key_file_load_from_file(infoFile.get(), "/.flatpak-info", G_KEY_FILE_NONE, nullptr)) { 67 ret = false; 68 return ret; 69 } 70 71 // If we are in a `flatpak build` session we cannot launch ourselves since we aren't installed. 72 ret = !g_key_file_get_boolean(infoFile.get(), "Instance", "build", nullptr); 73 return ret; 74 } 75 #endif 76 56 77 void ProcessLauncher::launchProcess() 57 78 { 58 GPid pid = 0;59 60 79 IPC::Connection::SocketPair socketPair = IPC::Connection::createPlatformConnection(IPC::Connection::ConnectionOptions::SetCloexecOnServer); 61 80 … … 141 160 argv[i++] = nullptr; 142 161 162 GRefPtr<GSubprocessLauncher> launcher = adoptGRef(g_subprocess_launcher_new(G_SUBPROCESS_FLAGS_INHERIT_FDS)); 163 g_subprocess_launcher_set_child_setup(launcher.get(), childSetupFunction, GINT_TO_POINTER(socketPair.server), nullptr); 164 g_subprocess_launcher_take_fd(launcher.get(), socketPair.client, socketPair.client); 165 143 166 GUniqueOutPtr<GError> error; 144 if (!g_spawn_async(nullptr, argv, nullptr, G_SPAWN_LEAVE_DESCRIPTORS_OPEN, childSetupFunction, GINT_TO_POINTER(socketPair.server), &pid, &error.outPtr())) 167 GRefPtr<GSubprocess> process; 168 #if OS(LINUX) 169 const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX"); 170 bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true"; 171 172 if (sandboxEnv) 173 sandboxEnabled = !strcmp(sandboxEnv, "1"); 174 175 if (sandboxEnabled && isInsideFlatpak()) 176 process = flatpakSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr()); 177 #if ENABLE(BUBBLEWRAP_SANDBOX) 178 else if (sandboxEnabled) 179 process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr()); 180 #endif 181 else 182 #endif 183 process = adoptGRef(g_subprocess_launcher_spawnv(launcher.get(), argv, &error.outPtr())); 184 185 if (!process.get()) 145 186 g_error("Unable to fork a new child process: %s", error->message); 187 188 const char* processIdStr = g_subprocess_get_identifier(process.get()); 189 m_processIdentifier = g_ascii_strtoll(processIdStr, nullptr, 0); 190 RELEASE_ASSERT(m_processIdentifier); 146 191 147 192 // Don't expose the parent socket to potential future children. 148 193 if (!setCloseOnExec(socketPair.client)) 149 194 RELEASE_ASSERT_NOT_REACHED(); 150 151 close(socketPair.client);152 m_processIdentifier = pid;153 195 154 196 // We've finished launching the process, message back to the main run loop. -
trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.cpp
r235521 r237107 88 88 void PluginProcessProxy::getLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions) 89 89 { 90 platformGetLaunchOptions (launchOptions, m_pluginProcessAttributes);90 platformGetLaunchOptionsWithAttributes(launchOptions, m_pluginProcessAttributes); 91 91 ChildProcessProxy::getLaunchOptions(launchOptions); 92 92 } -
trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h
r236464 r237107 97 97 98 98 void getLaunchOptions(ProcessLauncher::LaunchOptions&) override; 99 void platformGetLaunchOptions (ProcessLauncher::LaunchOptions&, const PluginProcessAttributes&);99 void platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions&, const PluginProcessAttributes&); 100 100 void processWillShutDown(IPC::Connection&) override; 101 101 -
trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm
r236762 r237107 61 61 62 62 63 void PluginProcessProxy::platformGetLaunchOptions (ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)63 void PluginProcessProxy::platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes) 64 64 { 65 65 if (pluginProcessAttributes.moduleInfo.pluginArchitecture == CPU_TYPE_X86) -
trunk/Source/WebKit/UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp
r234278 r237107 51 51 using namespace WebCore; 52 52 53 void PluginProcessProxy::platformGetLaunchOptions (ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)53 void PluginProcessProxy::platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes) 54 54 { 55 55 launchOptions.processType = ProcessLauncher::ProcessType::Plugin64; -
trunk/Source/WebKit/UIProcess/WebProcessPool.h
r237004 r237107 456 456 void sendDisplayConfigurationChangedMessageForTesting(); 457 457 458 #if PLATFORM(GTK) || PLATFORM(WPE) 459 void setSandboxEnabled(bool enabled) { m_sandboxEnabled = enabled; }; 460 bool sandboxEnabled() const { return m_sandboxEnabled; }; 461 #endif 462 458 463 private: 459 464 void platformInitialize(); … … 703 708 704 709 HashMap<String, std::unique_ptr<WebCore::PrewarmInformation>> m_prewarmInformationPerRegistrableDomain; 710 711 #if PLATFORM(GTK) || PLATFORM(WPE) 712 bool m_sandboxEnabled { false }; 713 #endif 705 714 }; 706 715 -
trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp
r237008 r237107 207 207 } 208 208 209 #if !PLATFORM(GTK) && !PLATFORM(WPE) 210 void WebProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions) 211 { 212 } 213 #endif 214 209 215 void WebProcessProxy::connectionWillOpen(IPC::Connection& connection) 210 216 { -
trunk/Source/WebKit/UIProcess/WebProcessProxy.h
r237008 r237107 240 240 // ChildProcessProxy 241 241 void getLaunchOptions(ProcessLauncher::LaunchOptions&) override; 242 void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&) override; 242 243 void connectionWillOpen(IPC::Connection&) override; 243 244 void processWillShutDown(IPC::Connection&) override; -
trunk/Source/cmake/OptionsGTK.cmake
r236246 r237107 119 119 endif () 120 120 121 if (CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT EXISTS "/.flatpak-info") 122 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC ON) 123 else () 124 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PRIVATE OFF) 125 endif () 126 121 127 # Public options shared with other WebKit ports. Do not add any options here 122 128 # without approval from a GTK+ reviewer. There must be strong reason to support … … 200 206 message(FATAL_ERROR "CairoGL is needed for ENABLE_ACCELERATED_2D_CANVAS") 201 207 endif () 208 endif () 209 210 if (ENABLE_BUBBLEWRAP_SANDBOX) 211 find_program(BWRAP_EXECUTABLE bwrap) 212 if (NOT BWRAP_EXECUTABLE) 213 message(FATAL_ERROR "bwrap executable is needed for ENABLE_BUBBLEWRAP_SANDBOX") 214 endif () 215 add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}") 216 217 execute_process( 218 COMMAND "${BWRAP_EXECUTABLE}" --version 219 RESULT_VARIABLE BWRAP_RET 220 OUTPUT_VARIABLE BWRAP_OUTPUT 221 ) 222 if (BWRAP_RET) 223 message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}") 224 endif () 225 string(REGEX MATCH "([0-9]+.[0-9]+.[0-9]+)" BWRAP_VERSION "${BWRAP_OUTPUT}") 226 if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1") 227 message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found") 228 endif () 229 230 find_package(Libseccomp) 231 if (NOT LIBSECCOMP_FOUND) 232 message(FATAL_ERROR "libseccomp is needed for ENABLE_BUBBLEWRAP_SANDBOX") 233 endif () 234 235 find_program(DBUS_PROXY_EXECUTABLE xdg-dbus-proxy) 236 if (NOT DBUS_PROXY_EXECUTABLE) 237 message(FATAL_ERROR "xdg-dbus-proxy not found and is needed for ENABLE_BUBBLEWRAP_SANDBOX") 238 endif () 239 add_definitions(-DDBUS_PROXY_EXECUTABLE="${DBUS_PROXY_EXECUTABLE}") 202 240 endif () 203 241 -
trunk/Source/cmake/WebKitFeatures.cmake
r237097 r237107 89 89 WEBKIT_OPTION_DEFINE(ENABLE_ATTACHMENT_ELEMENT "Toggle attachment element support" PRIVATE OFF) 90 90 WEBKIT_OPTION_DEFINE(ENABLE_AVF_CAPTIONS "Toggle AVFoundation caption support" PRIVATE OFF) 91 WEBKIT_OPTION_DEFINE(ENABLE_BUBBLEWRAP_SANDBOX "Toggle bubblewrap sandboxing support" PRIVATE OFF) 91 92 WEBKIT_OPTION_DEFINE(ENABLE_CACHE_PARTITIONING "Toggle cache partitioning support" PRIVATE OFF) 92 93 WEBKIT_OPTION_DEFINE(ENABLE_CHANNEL_MESSAGING "Toggle MessageChannel and MessagePort support" PRIVATE ON)
Note: See TracChangeset
for help on using the changeset viewer.