Changeset 77610 in webkit

Timestamp:

Feb 3, 2011 11:00:58 PM (13 years ago)

Author:

ike@apple.com

Message:

2011-02-03 Ivan Krstić <​ike@apple.com>

Reviewed by Maciej Stachowiak.

Make WebProcess pass explicit homedir parameter to the sandbox
<rdar://problem/8405760>
<​https://webkit.org/b/53558>

• WebProcess/com.apple.WebProcess.sb:
• WebProcess/mac/WebProcessMac.mm: (WebKit::initializeSandbox):

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/com.apple.WebProcess.sb (modified) (3 diffs)
• WebProcess/mac/WebProcessMac.mm (modified) (2 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2011-02-03  Ivan Krstić  <ike@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Make WebProcess pass explicit homedir parameter to the sandbox
+        <rdar://problem/8405760>
+        <https://webkit.org/b/53558>
+
+        * WebProcess/com.apple.WebProcess.sb:
+        * WebProcess/mac/WebProcessMac.mm:
+        (WebKit::initializeSandbox):
+
 2011-02-03  James Kozianski  <koz@chromium.org>
 

trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb

@@ -16 +16 @@
    ;; Plugins
    (subpath "/Library/Internet Plug-Ins")
-   (subpath (string-append (param "_HOME") "/Library/Internet Plug-Ins"))
+   (subpath (string-append (param "HOME_DIR") "/Library/Internet Plug-Ins"))
 
    ;; System and user preferences
    (literal "/Library/Preferences/.GlobalPreferences.plist")
    (literal "/Library/Preferences/com.apple.security.plist")
-   (literal (string-append (param "_HOME") "/Library/Preferences/.GlobalPreferences.plist"))
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.ATS.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.HIToolbox.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.LaunchServices.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.WebFoundation.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.revocation.plist"))
-   (subpath (string-append (param "_HOME") "/Library/Keychains"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/.GlobalPreferences.plist"))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.ATS.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.HIToolbox.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.WebFoundation.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.revocation.plist"))
+   (subpath (string-append (param "HOME_DIR") "/Library/Keychains"))
 
    ;; On-disk WebKit2 framework location, to account for debug installations
@@ -46 +46 @@
 ;; Writable preferences and temporary files
 (allow file*
-   (subpath (string-append (param "_HOME") "/Library/Caches/com.apple.WebProcess"))
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/com\.apple\.WebProcess\."))
+   (subpath (string-append (param "HOME_DIR") "/Library/Caches/com.apple.WebProcess"))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.WebProcess\."))
 )
 
@@ -112 +112 @@
 ;; FIXME: These rules are required until plug-ins are moved out of the web process.
 (allow file-read*
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.ist\."))
-   (literal (string-append (param "_HOME") "/Library/Preferences/edu.mit.Kerberos"))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.ist\."))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/edu.mit.Kerberos"))
    (literal "/Library/Preferences/edu.mit.Kerberos")
 )

trunk/Source/WebKit2/WebProcess/mac/WebProcessMac.mm

@@ -122 +122 @@
     char tmpPath[PATH_MAX];
     char tmpRealPath[PATH_MAX];
+    char homeRealPath[PATH_MAX];
     char cachePath[PATH_MAX];
     char cacheRealPath[PATH_MAX];
     const char* frameworkPath = [[[[NSBundle bundleForClass:NSClassFromString(@"WKView")] bundlePath] stringByDeletingLastPathComponent] UTF8String];
     const char* profilePath = [[[NSBundle mainBundle] pathForResource:@"com.apple.WebProcess" ofType:@"sb"] UTF8String];
+
+    if (!realpath([NSHomeDirectory() UTF8String], homeRealPath)) {
+        fprintf(stderr, "WebProcess: couldn't determine home directory when initializing sandbox");
+        exit(EX_CONFIG);
+    }
 
     if (confstr(_CS_DARWIN_USER_TEMP_DIR, tmpPath, PATH_MAX) <= 0 || !realpath(tmpPath, tmpRealPath))
@@ -134 +140 @@
 
     const char* const sandboxParam[] = {
+        "HOME_DIR", (const char*)homeRealPath,
         "WEBKIT2_FRAMEWORK_DIR", frameworkPath,
         "DARWIN_USER_TEMP_DIR", (const char*)tmpRealPath,