Changeset 237107 in webkit


Ignore:
Timestamp:
Oct 15, 2018 8:02:59 AM (5 years ago)
Author:
Michael Catanzaro
Message:

[GTK][WPE] Implement subprocess sandboxing
https://bugs.webkit.org/show_bug.cgi?id=188568

Patch by Patrick Griffis <Patrick Griffis> on 2018-10-15
Reviewed by Michael Catanzaro.

.:

Add ENABLE_BUBBLEWRAP_SANDBOX option for sandboxing.

  • Source/cmake/FindLibseccomp.cmake: Added.
  • Source/cmake/OptionsGTK.cmake:
  • Source/cmake/WebKitFeatures.cmake:

Source/WebCore:

Link against libseccomp.

  • PlatformGTK.cmake:

Source/WebKit:

This implements sandboxing of WebKitWebProcesses.

The sandbox is opt-in at runtime as it is a behavior change.
See webkit_web_context_set_sandbox_enabled() and the
WEBKIT_FORCE_SANDBOX env var for developers.

This is Linux specific using Namespaces, Seccomp, and a DBus proxy service.
This introduces three new dependencies:

  • bwrap executable
  • libseccomp library
  • xdg-dbus-proxy executable

The use of xdg-dbus-proxy will ideally be replaced once upstream DBus
gains the same filtering abilities which is a work in progress.

Currently the sandbox is not completed and there are a few large holes:

  • Pulseaudio: The Pipewire project will solve this.
  • DRI device access: No immediate solutions planned.
  • Webcam device access: Pipewire will also solve this.
  • Webprocess network access: Will require GStreamer changes.
  • DConf access: Custom proxy planned.
  • X11 access: Wayland solves this.

That is not an exhaustive list but are the noteworthy ones. Filesystem access
is still an evolving list as problems are found as is specific DBus name access.

  • PlatformGTK.cmake:
  • PlatformWPE.cmake:
  • SourcesGTK.txt:
  • SourcesWPE.txt:
  • UIProcess/API/glib/WebKitWebContext.cpp:

(webkit_web_context_set_sandbox_enabled):
(webkit_web_context_get_sandbox_enabled):

  • UIProcess/API/gtk/WebKitWebContext.h:
  • UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
  • UIProcess/API/wpe/WebKitWebContext.h:
  • UIProcess/ChildProcessProxy.cpp:

(WebKit::ChildProcessProxy::getLaunchOptions):

  • UIProcess/ChildProcessProxy.h:

(WebKit::ChildProcessProxy::platformGetLaunchOptions):

  • UIProcess/Launcher/ProcessLauncher.h:
  • UIProcess/Launcher/glib/BubblewrapLauncher.cpp: Added.

(WebKit::memfd_create):
(WebKit::argsToFd):
(WebKit::XDGDBusProxyLauncher::setAddress):
(WebKit::XDGDBusProxyLauncher::isRunning const):
(WebKit::XDGDBusProxyLauncher::path const):
(WebKit::XDGDBusProxyLauncher::proxyPath const):
(WebKit::XDGDBusProxyLauncher::setPermissions):
(WebKit::XDGDBusProxyLauncher::launch):
(WebKit::XDGDBusProxyLauncher::childSetupFunc):
(WebKit::XDGDBusProxyLauncher::makeProxyPath):
(WebKit::XDGDBusProxyLauncher::dbusAddressToPath):
(WebKit::bindIfExists):
(WebKit::bindDBusSession):
(WebKit::bindX11):
(WebKit::bindDconf):
(WebKit::bindWayland):
(WebKit::bindPulse):
(WebKit::bindFonts):
(WebKit::bindGtkData):
(WebKit::bindA11y):
(WebKit::bindPathVar):
(WebKit::bindGStreamerData):
(WebKit::bindOpenGL):
(WebKit::bindV4l):
(WebKit::bindSymlinksRealPath):
(WebKit::setupSeccomp):
(WebKit::bubblewrapSpawn):

  • UIProcess/Launcher/glib/BubblewrapLauncher.h: Added.
  • UIProcess/Launcher/glib/FlatpakLauncher.cpp: Added.

(WebKit::flatpakSpawn):

  • UIProcess/Launcher/glib/FlatpakLauncher.h: Added.
  • UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:

(WebKit::isInsideFlatpak):
(WebKit::ProcessLauncher::launchProcess):

  • UIProcess/Plugins/PluginProcessProxy.cpp:

(WebKit::PluginProcessProxy::getLaunchOptions):

  • UIProcess/Plugins/PluginProcessProxy.h:
  • UIProcess/Plugins/mac/PluginProcessProxyMac.mm:

(WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):

  • UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp:

(WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):

  • UIProcess/WebProcessPool.h:
  • UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::platformGetLaunchOptions):

  • UIProcess/WebProcessProxy.h:
  • UIProcess/glib/WebProcessProxyGLib.cpp: Added.

(WebKit::WebProcessProxy::platformGetLaunchOptions):

Location:
trunk
Files:
24 edited

Legend:

Unmodified
Added
Removed
  • trunk/ChangeLog

    r237097 r237107  
     12018-10-15  Patrick Griffis  <pgriffis@igalia.com>
     2
     3        [GTK][WPE] Implement subprocess sandboxing
     4        https://bugs.webkit.org/show_bug.cgi?id=188568
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        Add ENABLE_BUBBLEWRAP_SANDBOX option for sandboxing.
     9
     10        * Source/cmake/FindLibseccomp.cmake: Added.
     11        * Source/cmake/OptionsGTK.cmake:
     12        * Source/cmake/WebKitFeatures.cmake:
     13
    1142018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
    215
  • trunk/Source/WebCore/ChangeLog

    r237106 r237107  
     12018-10-15  Patrick Griffis  <pgriffis@igalia.com>
     2
     3        [GTK][WPE] Implement subprocess sandboxing
     4        https://bugs.webkit.org/show_bug.cgi?id=188568
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        Link against libseccomp.
     9
     10        * PlatformGTK.cmake:
     11
    1122018-10-15  YUHAN WU  <yuhan_wu@apple.com>
    213
  • trunk/Source/WebCore/PlatformGTK.cmake

    r234582 r237107  
    107107    ${GLIB_GOBJECT_LIBRARIES}
    108108    ${GLIB_LIBRARIES}
     109    ${LIBSECCOMP_LIBRARIES}
    109110    ${LIBSECRET_LIBRARIES}
    110111    ${LIBSOUP_LIBRARIES}
     
    126127    ${GIO_UNIX_INCLUDE_DIRS}
    127128    ${GLIB_INCLUDE_DIRS}
     129    ${LIBSECCOMP_INCLUDE_DIRS}
    128130    ${LIBSECRET_INCLUDE_DIRS}
    129131    ${LIBSOUP_INCLUDE_DIRS}
  • trunk/Source/WebKit/ChangeLog

    r237104 r237107  
     12018-10-15  Patrick Griffis  <pgriffis@igalia.com>
     2
     3        [GTK][WPE] Implement subprocess sandboxing
     4        https://bugs.webkit.org/show_bug.cgi?id=188568
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        This implements sandboxing of WebKitWebProcesses.
     9
     10        The sandbox is opt-in at runtime as it is a behavior change.
     11        See webkit_web_context_set_sandbox_enabled() and the
     12        WEBKIT_FORCE_SANDBOX env var for developers.
     13
     14        This is Linux specific using Namespaces, Seccomp, and a DBus proxy service.
     15        This introduces three new dependencies:
     16
     17        - bwrap executable
     18        - libseccomp library
     19        - xdg-dbus-proxy executable
     20
     21        The use of xdg-dbus-proxy will ideally be replaced once upstream DBus
     22        gains the same filtering abilities which is a work in progress.
     23
     24        Currently the sandbox is not completed and there are a few large holes:
     25
     26        - Pulseaudio: The Pipewire project will solve this.
     27        - DRI device access: No immediate solutions planned.
     28        - Webcam device access: Pipewire will also solve this.
     29        - Webprocess network access: Will require GStreamer changes.
     30        - DConf access: Custom proxy planned.
     31        - X11 access: Wayland solves this.
     32
     33        That is not an exhaustive list but are the noteworthy ones. Filesystem access
     34        is still an evolving list as problems are found as is specific DBus name access.
     35
     36        * PlatformGTK.cmake:
     37        * PlatformWPE.cmake:
     38        * SourcesGTK.txt:
     39        * SourcesWPE.txt:
     40        * UIProcess/API/glib/WebKitWebContext.cpp:
     41        (webkit_web_context_set_sandbox_enabled):
     42        (webkit_web_context_get_sandbox_enabled):
     43        * UIProcess/API/gtk/WebKitWebContext.h:
     44        * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
     45        * UIProcess/API/wpe/WebKitWebContext.h:
     46        * UIProcess/ChildProcessProxy.cpp:
     47        (WebKit::ChildProcessProxy::getLaunchOptions):
     48        * UIProcess/ChildProcessProxy.h:
     49        (WebKit::ChildProcessProxy::platformGetLaunchOptions):
     50        * UIProcess/Launcher/ProcessLauncher.h:
     51        * UIProcess/Launcher/glib/BubblewrapLauncher.cpp: Added.
     52        (WebKit::memfd_create):
     53        (WebKit::argsToFd):
     54        (WebKit::XDGDBusProxyLauncher::setAddress):
     55        (WebKit::XDGDBusProxyLauncher::isRunning const):
     56        (WebKit::XDGDBusProxyLauncher::path const):
     57        (WebKit::XDGDBusProxyLauncher::proxyPath const):
     58        (WebKit::XDGDBusProxyLauncher::setPermissions):
     59        (WebKit::XDGDBusProxyLauncher::launch):
     60        (WebKit::XDGDBusProxyLauncher::childSetupFunc):
     61        (WebKit::XDGDBusProxyLauncher::makeProxyPath):
     62        (WebKit::XDGDBusProxyLauncher::dbusAddressToPath):
     63        (WebKit::bindIfExists):
     64        (WebKit::bindDBusSession):
     65        (WebKit::bindX11):
     66        (WebKit::bindDconf):
     67        (WebKit::bindWayland):
     68        (WebKit::bindPulse):
     69        (WebKit::bindFonts):
     70        (WebKit::bindGtkData):
     71        (WebKit::bindA11y):
     72        (WebKit::bindPathVar):
     73        (WebKit::bindGStreamerData):
     74        (WebKit::bindOpenGL):
     75        (WebKit::bindV4l):
     76        (WebKit::bindSymlinksRealPath):
     77        (WebKit::setupSeccomp):
     78        (WebKit::bubblewrapSpawn):
     79        * UIProcess/Launcher/glib/BubblewrapLauncher.h: Added.
     80        * UIProcess/Launcher/glib/FlatpakLauncher.cpp: Added.
     81        (WebKit::flatpakSpawn):
     82        * UIProcess/Launcher/glib/FlatpakLauncher.h: Added.
     83        * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
     84        (WebKit::isInsideFlatpak):
     85        (WebKit::ProcessLauncher::launchProcess):
     86        * UIProcess/Plugins/PluginProcessProxy.cpp:
     87        (WebKit::PluginProcessProxy::getLaunchOptions):
     88        * UIProcess/Plugins/PluginProcessProxy.h:
     89        * UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
     90        (WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):
     91        * UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp:
     92        (WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):
     93        * UIProcess/WebProcessPool.h:
     94        * UIProcess/WebProcessProxy.cpp:
     95        (WebKit::WebProcessProxy::platformGetLaunchOptions):
     96        * UIProcess/WebProcessProxy.h:
     97        * UIProcess/glib/WebProcessProxyGLib.cpp: Added.
     98        (WebKit::WebProcessProxy::platformGetLaunchOptions):
     99
    11002018-10-15  Alex Christensen  <achristensen@webkit.org>
    2101
  • trunk/Source/WebKit/PlatformGTK.cmake

    r236690 r237107  
    2020add_definitions(-DPKGLIBEXECDIR="${LIBEXEC_INSTALL_DIR}")
    2121add_definitions(-DLOCALEDIR="${CMAKE_INSTALL_FULL_LOCALEDIR}")
     22add_definitions(-DDATADIR="${CMAKE_INSTALL_FULL_DATADIR}")
    2223add_definitions(-DLIBDIR="${LIB_INSTALL_DIR}")
    2324
     
    625626        UIProcess/Launcher/ProcessLauncher.cpp
    626627
     628        UIProcess/Launcher/glib/BubblewrapLauncher.cpp
     629        UIProcess/Launcher/glib/FlatpakLauncher.cpp
    627630        UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
    628631
  • trunk/Source/WebKit/PlatformWPE.cmake

    r236975 r237107  
    1717add_definitions(-DPKGLIBDIR="${LIB_INSTALL_DIR}/wpe-webkit-${WPE_API_VERSION}")
    1818add_definitions(-DPKGLIBEXECDIR="${LIBEXEC_INSTALL_DIR}")
     19add_definitions(-DDATADIR="${CMAKE_INSTALL_FULL_DATADIR}")
    1920add_definitions(-DLOCALEDIR="${CMAKE_INSTALL_FULL_LOCALEDIR}")
    2021
  • trunk/Source/WebKit/SourcesGTK.txt

    r237031 r237107  
    204204
    205205UIProcess/Launcher/glib/ProcessLauncherGLib.cpp @no-unify
     206UIProcess/Launcher/glib/BubblewrapLauncher.cpp @no-unify
     207UIProcess/Launcher/glib/FlatpakLauncher.cpp @no-unify
    206208
    207209UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
     
    221223
    222224UIProcess/glib/RemoteInspectorClient.cpp
     225UIProcess/glib/WebProcessProxyGLib.cpp
    223226
    224227UIProcess/gstreamer/InstallMissingMediaPluginsPermissionRequest.cpp
  • trunk/Source/WebKit/SourcesWPE.txt

    r237031 r237107  
    178178UIProcess/Automation/wpe/WebAutomationSessionWPE.cpp
    179179
     180UIProcess/glib/WebProcessProxyGLib.cpp
     181
    180182UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
     183UIProcess/Launcher/glib/BubblewrapLauncher.cpp
     184UIProcess/Launcher/glib/FlatpakLauncher.cpp
    181185
    182186UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
  • trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp

    r235560 r237107  
    11491149
    11501150/**
     1151 * webkit_web_context_set_sandbox_enabled:
     1152 * @context: a #WebKitWebContext
     1153 * @enabled: if %TRUE enable sandboxing
     1154 *
     1155 * Set whether WebKit subprocesses will be sandboxed, limiting access to the system.
     1156 *
     1157 * This method **must be called before any web process has been created**,
     1158 * as early as possible in your application. Calling it later is a fatal error.
     1159 *
     1160 * This is only implemented on Linux and is a no-op otherwise.
     1161 *
     1162 * If you read from `$XDG_CONFIG_HOME/g_get_prgname()` or `$XDG_CACHE_HOME/g_get_prgname()`
     1163 * in your WebProcess you must ensure it exists before subprocesses are created.
     1164 * This behavior may change in the future.
     1165 *
     1166 * Since: 2.24
     1167 */
     1168void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean enabled)
     1169{
     1170    g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context));
     1171
     1172    if (context->priv->processPool->processes().size())
     1173        g_error("Sandboxing cannot be changed after subprocesses were spawned.");
     1174
     1175    context->priv->processPool->setSandboxEnabled(enabled);
     1176}
     1177
     1178/**
     1179 * webkit_web_context_get_sandbox_enabled:
     1180 * @context: a #WebKitWebContext
     1181 *
     1182 * Get whether sandboxing is currently enabled.
     1183 *
     1184 * Returns: %TRUE if sandboxing is enabled, or %FALSE otherwise.
     1185 *
     1186 * Since: 2.24
     1187 */
     1188gboolean webkit_web_context_get_sandbox_enabled(WebKitWebContext* context)
     1189{
     1190    g_return_val_if_fail(WEBKIT_IS_WEB_CONTEXT(context), FALSE);
     1191
     1192    return context->priv->processPool->sandboxEnabled();
     1193}
     1194
     1195/**
    11511196 * webkit_web_context_get_spell_checking_enabled:
    11521197 * @context: a #WebKitWebContext
  • trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h

    r220903 r237107  
    248248                                                     GDestroyNotify                 user_data_destroy_func);
    249249
     250WEBKIT_API void
     251webkit_web_context_set_sandbox_enabled              (WebKitWebContext              *context,
     252                                                     gboolean                       enabled);
     253
     254WEBKIT_API gboolean
     255webkit_web_context_get_sandbox_enabled              (WebKitWebContext              *context);
     256
    250257WEBKIT_API gboolean
    251258webkit_web_context_get_spell_checking_enabled       (WebKitWebContext              *context);
  • trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt

    r235969 r237107  
    5252webkit_web_context_get_plugins
    5353webkit_web_context_get_plugins_finish
     54webkit_web_context_get_sandbox_enabled
     55webkit_web_context_set_sandbox_enabled
    5456webkit_web_context_get_spell_checking_enabled
    5557webkit_web_context_set_spell_checking_enabled
  • trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h

    r231004 r237107  
    298298
    299299WEBKIT_API void
     300webkit_web_context_set_sandbox_enabled              (WebKitWebContext              *context,
     301                                                     gboolean                       enabled);
     302
     303WEBKIT_API gboolean
     304webkit_web_context_get_sandbox_enabled              (WebKitWebContext              *context);
     305
     306WEBKIT_API void
    300307webkit_web_context_initialize_notification_permissions
    301308                                                    (WebKitWebContext              *context,
  • trunk/Source/WebKit/UIProcess/ChildProcessProxy.cpp

    r233122 r237107  
    8181        launchOptions.processCmdPrefix = String::fromUTF8(processCmdPrefix);
    8282#endif // ENABLE(DEVELOPER_MODE) && (PLATFORM(GTK) || PLATFORM(WPE))
     83
     84    platformGetLaunchOptions(launchOptions);
    8385}
    8486
  • trunk/Source/WebKit/UIProcess/ChildProcessProxy.h

    r236464 r237107  
    9494   
    9595    virtual void getLaunchOptions(ProcessLauncher::LaunchOptions&);
     96    virtual void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&) { };
    9697
    9798private:
  • trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp

    r236690 r237107  
    2828#include "ProcessLauncher.h"
    2929
     30#include "BubblewrapLauncher.h"
    3031#include "Connection.h"
     32#include "FlatpakLauncher.h"
    3133#include "ProcessExecutablePath.h"
    3234#include <WebCore/FileSystem.h>
     
    5456}
    5557
     58#if OS(LINUX)
     59static bool isInsideFlatpak()
     60{
     61    static int ret = -1;
     62    if (ret != -1)
     63        return ret;
     64
     65    GUniquePtr<GKeyFile> infoFile(g_key_file_new());
     66    if (!g_key_file_load_from_file(infoFile.get(), "/.flatpak-info", G_KEY_FILE_NONE, nullptr)) {
     67        ret = false;
     68        return ret;
     69    }
     70
     71    // If we are in a `flatpak build` session we cannot launch ourselves since we aren't installed.
     72    ret = !g_key_file_get_boolean(infoFile.get(), "Instance", "build", nullptr);
     73    return ret;
     74}
     75#endif
     76
    5677void ProcessLauncher::launchProcess()
    5778{
    58     GPid pid = 0;
    59 
    6079    IPC::Connection::SocketPair socketPair = IPC::Connection::createPlatformConnection(IPC::Connection::ConnectionOptions::SetCloexecOnServer);
    6180
     
    141160    argv[i++] = nullptr;
    142161
     162    GRefPtr<GSubprocessLauncher> launcher = adoptGRef(g_subprocess_launcher_new(G_SUBPROCESS_FLAGS_INHERIT_FDS));
     163    g_subprocess_launcher_set_child_setup(launcher.get(), childSetupFunction, GINT_TO_POINTER(socketPair.server), nullptr);
     164    g_subprocess_launcher_take_fd(launcher.get(), socketPair.client, socketPair.client);
     165
    143166    GUniqueOutPtr<GError> error;
    144     if (!g_spawn_async(nullptr, argv, nullptr, G_SPAWN_LEAVE_DESCRIPTORS_OPEN, childSetupFunction, GINT_TO_POINTER(socketPair.server), &pid, &error.outPtr()))
     167    GRefPtr<GSubprocess> process;
     168#if OS(LINUX)
     169    const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX");
     170    bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true";
     171
     172    if (sandboxEnv)
     173        sandboxEnabled = !strcmp(sandboxEnv, "1");
     174
     175    if (sandboxEnabled && isInsideFlatpak())
     176        process = flatpakSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
     177#if ENABLE(BUBBLEWRAP_SANDBOX)
     178    else if (sandboxEnabled)
     179        process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
     180#endif
     181    else
     182#endif
     183        process = adoptGRef(g_subprocess_launcher_spawnv(launcher.get(), argv, &error.outPtr()));
     184
     185    if (!process.get())
    145186        g_error("Unable to fork a new child process: %s", error->message);
     187
     188    const char* processIdStr = g_subprocess_get_identifier(process.get());
     189    m_processIdentifier = g_ascii_strtoll(processIdStr, nullptr, 0);
     190    RELEASE_ASSERT(m_processIdentifier);
    146191
    147192    // Don't expose the parent socket to potential future children.
    148193    if (!setCloseOnExec(socketPair.client))
    149194        RELEASE_ASSERT_NOT_REACHED();
    150 
    151     close(socketPair.client);
    152     m_processIdentifier = pid;
    153195
    154196    // We've finished launching the process, message back to the main run loop.
  • trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.cpp

    r235521 r237107  
    8888void PluginProcessProxy::getLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions)
    8989{
    90     platformGetLaunchOptions(launchOptions, m_pluginProcessAttributes);
     90    platformGetLaunchOptionsWithAttributes(launchOptions, m_pluginProcessAttributes);
    9191    ChildProcessProxy::getLaunchOptions(launchOptions);
    9292}
  • trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h

    r236464 r237107  
    9797
    9898    void getLaunchOptions(ProcessLauncher::LaunchOptions&) override;
    99     void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&, const PluginProcessAttributes&);
     99    void platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions&, const PluginProcessAttributes&);
    100100    void processWillShutDown(IPC::Connection&) override;
    101101
  • trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm

    r236762 r237107  
    6161
    6262   
    63 void PluginProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
     63void PluginProcessProxy::platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
    6464{
    6565    if (pluginProcessAttributes.moduleInfo.pluginArchitecture == CPU_TYPE_X86)
  • trunk/Source/WebKit/UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp

    r234278 r237107  
    5151using namespace WebCore;
    5252
    53 void PluginProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
     53void PluginProcessProxy::platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
    5454{
    5555    launchOptions.processType = ProcessLauncher::ProcessType::Plugin64;
  • trunk/Source/WebKit/UIProcess/WebProcessPool.h

    r237004 r237107  
    456456    void sendDisplayConfigurationChangedMessageForTesting();
    457457
     458#if PLATFORM(GTK) || PLATFORM(WPE)
     459    void setSandboxEnabled(bool enabled) { m_sandboxEnabled = enabled; };
     460    bool sandboxEnabled() const { return m_sandboxEnabled; };
     461#endif
     462
    458463private:
    459464    void platformInitialize();
     
    703708
    704709    HashMap<String, std::unique_ptr<WebCore::PrewarmInformation>> m_prewarmInformationPerRegistrableDomain;
     710
     711#if PLATFORM(GTK) || PLATFORM(WPE)
     712    bool m_sandboxEnabled { false };
     713#endif
    705714};
    706715
  • trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp

    r237008 r237107  
    207207}
    208208
     209#if !PLATFORM(GTK) && !PLATFORM(WPE)
     210void WebProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions)
     211{
     212}
     213#endif
     214
    209215void WebProcessProxy::connectionWillOpen(IPC::Connection& connection)
    210216{
  • trunk/Source/WebKit/UIProcess/WebProcessProxy.h

    r237008 r237107  
    240240    // ChildProcessProxy
    241241    void getLaunchOptions(ProcessLauncher::LaunchOptions&) override;
     242    void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&) override;
    242243    void connectionWillOpen(IPC::Connection&) override;
    243244    void processWillShutDown(IPC::Connection&) override;
  • trunk/Source/cmake/OptionsGTK.cmake

    r236246 r237107  
    119119endif ()
    120120
     121if (CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT EXISTS "/.flatpak-info")
     122    WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC ON)
     123else ()
     124    WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PRIVATE OFF)
     125endif ()
     126
    121127# Public options shared with other WebKit ports. Do not add any options here
    122128# without approval from a GTK+ reviewer. There must be strong reason to support
     
    200206        message(FATAL_ERROR "CairoGL is needed for ENABLE_ACCELERATED_2D_CANVAS")
    201207    endif ()
     208endif ()
     209
     210if (ENABLE_BUBBLEWRAP_SANDBOX)
     211    find_program(BWRAP_EXECUTABLE bwrap)
     212    if (NOT BWRAP_EXECUTABLE)
     213        message(FATAL_ERROR "bwrap executable is needed for ENABLE_BUBBLEWRAP_SANDBOX")
     214    endif ()
     215    add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}")
     216
     217    execute_process(
     218        COMMAND "${BWRAP_EXECUTABLE}" --version
     219        RESULT_VARIABLE BWRAP_RET
     220        OUTPUT_VARIABLE BWRAP_OUTPUT
     221    )
     222    if (BWRAP_RET)
     223        message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}")
     224    endif ()
     225    string(REGEX MATCH "([0-9]+.[0-9]+.[0-9]+)" BWRAP_VERSION "${BWRAP_OUTPUT}")
     226    if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1")
     227        message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found")
     228    endif ()
     229
     230    find_package(Libseccomp)
     231    if (NOT LIBSECCOMP_FOUND)
     232        message(FATAL_ERROR "libseccomp is needed for ENABLE_BUBBLEWRAP_SANDBOX")
     233    endif ()
     234
     235    find_program(DBUS_PROXY_EXECUTABLE xdg-dbus-proxy)
     236    if (NOT DBUS_PROXY_EXECUTABLE)
     237        message(FATAL_ERROR "xdg-dbus-proxy not found and is needed for ENABLE_BUBBLEWRAP_SANDBOX")
     238    endif ()
     239    add_definitions(-DDBUS_PROXY_EXECUTABLE="${DBUS_PROXY_EXECUTABLE}")
    202240endif ()
    203241
  • trunk/Source/cmake/WebKitFeatures.cmake

    r237097 r237107  
    8989    WEBKIT_OPTION_DEFINE(ENABLE_ATTACHMENT_ELEMENT "Toggle attachment element support" PRIVATE OFF)
    9090    WEBKIT_OPTION_DEFINE(ENABLE_AVF_CAPTIONS "Toggle AVFoundation caption support" PRIVATE OFF)
     91    WEBKIT_OPTION_DEFINE(ENABLE_BUBBLEWRAP_SANDBOX "Toggle bubblewrap sandboxing support" PRIVATE OFF)
    9192    WEBKIT_OPTION_DEFINE(ENABLE_CACHE_PARTITIONING "Toggle cache partitioning support" PRIVATE OFF)
    9293    WEBKIT_OPTION_DEFINE(ENABLE_CHANNEL_MESSAGING "Toggle MessageChannel and MessagePort support" PRIVATE ON)
Note: See TracChangeset for help on using the changeset viewer.