Changeset 242354 in webkit
- Timestamp:
- Mar 4, 2019 7:25:43 AM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/ChangeLog
r242279 r242354 1 2019-03-04 Michael Catanzaro <mcatanzaro@igalia.com> 2 3 [WPE] Enable web process sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=195169 5 6 Reviewed by Daniel Bates. 7 8 * Source/cmake/BubblewrapSandboxChecks.cmake: Added. 9 * Source/cmake/OptionsGTK.cmake: 10 * Source/cmake/OptionsWPE.cmake: 11 1 12 2019-03-01 Don Olmstead <don.olmstead@sony.com> 2 13 -
trunk/Source/WebKit/ChangeLog
r242351 r242354 1 2019-03-04 Michael Catanzaro <mcatanzaro@igalia.com> 2 3 [WPE] Enable web process sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=195169 5 6 Reviewed by Daniel Bates. 7 8 * PlatformWPE.cmake: 9 * UIProcess/Launcher/glib/BubblewrapLauncher.cpp: 10 (WebKit::bubblewrapSpawn): 11 * UIProcess/glib/WebProcessPoolGLib.cpp: 12 (WebKit::WebProcessPool::platformInitialize): 13 1 14 2019-03-04 Adrian Perez de Castro <aperez@igalia.com> 2 15 -
trunk/Source/WebKit/PlatformWPE.cmake
r242346 r242354 17 17 add_definitions(-DWEBKIT2_COMPILATION) 18 18 19 add_definitions(-DLIBDIR="${LIB_INSTALL_DIR}") 19 20 add_definitions(-DPKGLIBDIR="${LIB_INSTALL_DIR}/wpe-webkit-${WPE_API_VERSION}") 20 21 add_definitions(-DPKGLIBEXECDIR="${LIBEXEC_INSTALL_DIR}") … … 280 281 ${GSTREAMER_INCLUDE_DIRS} 281 282 ${HARFBUZZ_INCLUDE_DIRS} 283 ${LIBSECCOMP_INCLUDE_DIRS} 282 284 ${LIBSOUP_INCLUDE_DIRS} 283 285 ${WPE_INCLUDE_DIRS} … … 292 294 ${GSTREAMER_LIBRARIES} 293 295 ${HARFBUZZ_LIBRARIES} 296 ${LIBSECCOMP_LIBRARIES} 294 297 ${LIBSOUP_LIBRARIES} 295 298 ${WPE_LIBRARIES} -
trunk/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
r241654 r242354 669 669 ASSERT(launcher); 670 670 671 #if ENABLE(NETSCAPE_PLUGIN_API) 671 672 // It is impossible to know what access arbitrary plugins need and since it is for legacy 672 673 // reasons lets just leave it unsandboxed. … … 674 675 || launchOptions.processType == ProcessLauncher::ProcessType::Plugin32) 675 676 return adoptGRef(g_subprocess_launcher_spawnv(launcher, argv, error)); 677 #endif 676 678 677 679 // For now we are just considering the network process trusted as it -
trunk/Source/WebKit/UIProcess/glib/WebProcessPoolGLib.cpp
r242055 r242354 74 74 void WebProcessPool::platformInitialize() 75 75 { 76 #if PLATFORM(WPE) 77 m_sandboxEnabled = true; 78 #endif 79 76 80 #if PLATFORM(GTK) 77 81 m_alwaysUsesComplexTextCodePath = true; -
trunk/Source/cmake/OptionsGTK.cmake
r242205 r242354 124 124 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC ON) 125 125 else () 126 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX P RIVATEOFF)126 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC OFF) 127 127 endif () 128 128 … … 214 214 message(FATAL_ERROR "CairoGL is needed for ENABLE_ACCELERATED_2D_CANVAS") 215 215 endif () 216 endif ()217 218 if (ENABLE_BUBBLEWRAP_SANDBOX)219 find_program(BWRAP_EXECUTABLE bwrap)220 if (NOT BWRAP_EXECUTABLE)221 message(FATAL_ERROR "bwrap executable is needed for ENABLE_BUBBLEWRAP_SANDBOX")222 endif ()223 add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}")224 225 execute_process(226 COMMAND "${BWRAP_EXECUTABLE}" --version227 RESULT_VARIABLE BWRAP_RET228 OUTPUT_VARIABLE BWRAP_OUTPUT229 )230 if (BWRAP_RET)231 message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}")232 endif ()233 string(REGEX MATCH "([0-9]+.[0-9]+.[0-9]+)" BWRAP_VERSION "${BWRAP_OUTPUT}")234 if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1")235 message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found")236 endif ()237 238 find_package(Libseccomp)239 if (NOT LIBSECCOMP_FOUND)240 message(FATAL_ERROR "libseccomp is needed for ENABLE_BUBBLEWRAP_SANDBOX")241 endif ()242 243 find_program(DBUS_PROXY_EXECUTABLE xdg-dbus-proxy)244 if (NOT DBUS_PROXY_EXECUTABLE)245 message(FATAL_ERROR "xdg-dbus-proxy not found and is needed for ENABLE_BUBBLEWRAP_SANDBOX")246 endif ()247 add_definitions(-DDBUS_PROXY_EXECUTABLE="${DBUS_PROXY_EXECUTABLE}")248 216 endif () 249 217 … … 471 439 endmacro() 472 440 441 include(BubblewrapSandboxChecks) 473 442 include(GStreamerChecks) -
trunk/Source/cmake/OptionsWPE.cmake
r242205 r242354 85 85 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_API_TESTS PRIVATE ON) 86 86 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_MINIBROWSER PUBLIC ON) 87 endif () 88 89 if (CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT EXISTS "/.flatpak-info") 90 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC ON) 91 else () 92 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC OFF) 87 93 endif () 88 94 … … 184 190 set(WPEWebExtension_PKGCONFIG_FILE ${CMAKE_BINARY_DIR}/wpe-web-extension-${WPE_API_VERSION}.pc) 185 191 192 include(BubblewrapSandboxChecks) 186 193 include(GStreamerChecks) -
trunk/Tools/ChangeLog
r242349 r242354 1 2019-03-04 Michael Catanzaro <mcatanzaro@igalia.com> 2 3 [WPE] Enable web process sandbox 4 https://bugs.webkit.org/show_bug.cgi?id=195169 5 6 Reviewed by Daniel Bates. 7 8 * wpe/install-dependencies: 9 * wpe/jhbuild.modules: 10 1 11 2019-03-04 Carlos Garcia Campos <cgarcia@igalia.com> 2 12 -
trunk/Tools/wpe/install-dependencies
r240978 r242354 59 59 autopoint \ 60 60 autotools-dev \ 61 bubblewrap \ 61 62 cmake \ 62 63 g++ \ … … 78 79 libfile-copy-recursive-perl \ 79 80 $(aptIfElse libpng-dev libpng12-dev) \ 81 libseccomp-dev \ 80 82 libsqlite3-dev \ 81 83 libtasn1-6-dev \ … … 149 151 autoconf \ 150 152 automake \ 153 bubblewrap \ 151 154 cmake \ 152 155 file \ … … 169 172 libjpeg-turbo \ 170 173 libpng \ 174 libseccomp \ 171 175 libtasn1 \ 172 176 libtool \ … … 248 252 automake \ 249 253 alsa-lib-devel \ 254 bubblewrap \ 250 255 cmake \ 251 256 gcc-c++ \ … … 262 267 libjpeg-turbo-devel \ 263 268 libpng-devel \ 269 libseccomp-devel \ 264 270 libtasn1-devel \ 265 271 libtool \ -
trunk/Tools/wpe/jhbuild.modules
r242055 r242354 27 27 <dep package="wayland-protocols"/> 28 28 <dep package="openjpeg"/> 29 <dep package="xdg-dbus-proxy"/> 29 30 </dependencies> 30 31 </metamodule> … … 266 267 </distutils> 267 268 269 <autotools id="xdg-dbus-proxy" autogen-sh="configure"> 270 <branch repo="github-tarball" 271 version="0.1.0" 272 module="flatpak/xdg-dbus-proxy/releases/download/${version}/xdg-dbus-proxy-${version}.tar.xz" 273 checkoutdir="xdg-dbus-proxy-${version}" 274 hash="sha256:9eefd30fe66940c8daf0e8ce6479307694814edb8b636caeb5aa6d6a46a4bc14"/> 275 <dependencies> 276 <dep package="glib"/> 277 </dependencies> 278 </autotools> 279 268 280 </moduleset>
Note: See TracChangeset
for help on using the changeset viewer.