Changeset 247400 in webkit


Ignore:
Timestamp:
Jul 12, 2019 3:03:27 PM (5 years ago)
Author:
Chris Dumez
Message:

Regression(macOS Catalina): Cannot quick look html documents in Mail
https://bugs.webkit.org/show_bug.cgi?id=199754
<rdar://problem/51304961>

Reviewed by Geoff Garen.

If the client asks us to load a file URL but does not provide a resource path, WebKit
would fallback to issuing a sandbox extension for /. This no longer works on mac OS
Catalina and it would thus fail to load the file.

To address the issue, if the attempt to create a sandbox extension for / fails, we now
fall back to issuing one for the file's baseURL (path of containing folder).

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r247398 r247400  
     12019-07-12  Chris Dumez  <cdumez@apple.com>
     2
     3        Regression(macOS Catalina): Cannot quick look html documents in Mail
     4        https://bugs.webkit.org/show_bug.cgi?id=199754
     5        <rdar://problem/51304961>
     6
     7        Reviewed by Geoff Garen.
     8
     9        If the client asks us to load a file URL but does not provide a resource path, WebKit
     10        would fallback to issuing a sandbox extension for /. This no longer works on mac OS
     11        Catalina and it would thus fail to load the file.
     12
     13        To address the issue, if the attempt to create a sandbox extension for / fails, we now
     14        fall back to issuing one for the file's baseURL (path of containing folder).
     15
     16        * UIProcess/WebPageProxy.cpp:
     17        (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
     18
    1192019-07-12  Michael Catanzaro  <mcatanzaro@igalia.com>
    220

  • trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

    r247395 r247400  
    10591059    ASSERT_WITH_SECURITY_IMPLICATION(!WebKit::isInspectorPage(*this));
    10601060
    1061     // FIXME: universal file read access should be set if the sandbox extension is successfully created: rdar://problem/52357508.
    1062     SandboxExtension::createHandle("/", SandboxExtension::Type::ReadOnly, sandboxExtensionHandle);
    1063     willAcquireUniversalFileReadSandboxExtension(process);
     1061    if (SandboxExtension::createHandle("/", SandboxExtension::Type::ReadOnly, sandboxExtensionHandle)) {
     1062        willAcquireUniversalFileReadSandboxExtension(process);
     1063        return;
     1064    }
     1065
     1066    // We failed to issue an universal file read access sandbox, fall back to issuing one for the base URL instead.
     1067    auto baseURL = URL(URL(), url.baseAsString());
     1068    auto basePath = baseURL.fileSystemPath();
     1069    if (!basePath.isNull() && SandboxExtension::createHandle(basePath, SandboxExtension::Type::ReadOnly, sandboxExtensionHandle))
     1070        m_process->assumeReadAccessToBaseURL(*this, baseURL);
    10641071}
    10651072
Note: See TracChangeset for help on using the changeset viewer.