Changeset 239440 in webkit


Ignore:
Timestamp:
Dec 20, 2018 8:18:26 AM (5 years ago)
Author:
commit-queue@webkit.org
Message:

[GTK][WPE] Grant the sandbox read access to XDG_DATA_HOME/prgname
https://bugs.webkit.org/show_bug.cgi?id=192929

Patch by Patrick Griffis <Patrick Griffis> on 2018-12-20
Reviewed by Michael Catanzaro.

  • UIProcess/API/glib/WebKitWebContext.cpp:
  • UIProcess/Launcher/glib/BubblewrapLauncher.cpp:

(WebKit::bubblewrapSpawn):

Location:
trunk/Source/WebKit
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r239437 r239440  
     12018-12-20  Patrick Griffis  <pgriffis@igalia.com>
     2
     3        [GTK][WPE] Grant the sandbox read access to XDG_DATA_HOME/prgname
     4        https://bugs.webkit.org/show_bug.cgi?id=192929
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        * UIProcess/API/glib/WebKitWebContext.cpp:
     9        * UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
     10        (WebKit::bubblewrapSpawn):
     11
    1122018-12-20  Chris Dumez  <cdumez@apple.com>
    213

  • trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp

    r238900 r239440  
    11601160 * This is only implemented on Linux and is a no-op otherwise.
    11611161 *
    1162  * If you read from `$XDG_CONFIG_HOME/g_get_prgname()` or `$XDG_CACHE_HOME/g_get_prgname()`
    1163  * in your WebProcess you must ensure it exists before subprocesses are created.
    1164  * This behavior may change in the future.
     1162 * The web process is granted read-only access to the subdirectory matching g_get_prgname()
     1163 * in `$XDG_CONFIG_HOME`, `$XDG_CACHE_HOME`, and `$XDG_DATA_HOME` if it exists before the
     1164 * process is created. This behavior may change in the future.
    11651165 *
    11661166 * Since: 2.24

  • trunk/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp

    r238663 r239440  
    780780        GUniquePtr<char> configDir(g_build_filename(g_get_user_config_dir(), g_get_prgname(), nullptr));
    781781        GUniquePtr<char> cacheDir(g_build_filename(g_get_user_cache_dir(), g_get_prgname(), nullptr));
     782        GUniquePtr<char> dataDir(g_build_filename(g_get_user_data_dir(), g_get_prgname(), nullptr));
     783
     784        sandboxArgs.appendVector(Vector<CString>({
     785            "--ro-bind-try", cacheDir.get(), cacheDir.get(),
     786            "--ro-bind-try", configDir.get(), configDir.get(),
     787            "--ro-bind-try", dataDir.get(), dataDir.get(),
     788        }));
    782789
    783790        Vector<String> extraPaths = { "applicationCacheDirectory", "waylandSocket"};
     
    787794                sandboxArgs.appendVector(Vector<CString>({ "--bind-try", extraPath.utf8(), extraPath.utf8() }));
    788795        }
    789 
    790         sandboxArgs.appendVector(Vector<CString>({
    791             "--ro-bind-try", cacheDir.get(), cacheDir.get(),
    792             "--ro-bind-try", configDir.get(), configDir.get(),
    793         }));
    794796
    795797        bindDBusSession(sandboxArgs, proxy);
Note: See TracChangeset for help on using the changeset viewer.