[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
andersca at apple.com
andersca at apple.com
Wed Dec 22 11:23:21 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 131d93ee49d97ca586677fb3217e8e0cacdbccdd
Author: andersca at apple.com <andersca at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Jul 21 15:53:31 2010 +0000
Reviewed and tweaked by Anders Carlsson and Sam Weinig.
Patch by Ivan Krstić <ike at apple.com> on 2010-07-20
Put WebProcess in a sandbox. All of the following changes are
Mac-only.
<rdar://problem/7865269>
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::WebProcessProxy):
Send Sandbox extension for injected bundle to WebProcess.
* WebKit2.xcodeproj/project.pbxproj:
Add Sandbox profile to Resources for WebProcess.
* WebProcess/InjectedBundle/InjectedBundle.h:
New function InjectedBundle::setSandboxToken.
* WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp:
(WebKit::InjectedBundle::load):
Consume Sandbox token for the bundle if present.
(WebKit::InjectedBundle::setSandboxToken):
Set Sandbox token for the bundle.
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::loadInjectedBundle):
Extra function parameter for Sandbox token.
(WebKit::WebProcess::didReceiveMessage):
Pass Sandbox token to loadInjectedBundle().
* WebProcess/WebProcess.h:
Extra function parameter for Sandbox token in loadInjectedBundle().
* WebProcess/com.apple.WebProcess.sb: Added.
Sandbox profile for WebProcess.
* WebProcess/mac/WebProcessMainMac.mm:
(WebKit::WebProcessMain):
Initialize Sandbox, exit on failure.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63825 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 55e8357..75a6e48 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,45 @@
+2010-07-20 Ivan Krstić <ike at apple.com>
+
+ Reviewed and tweaked by Anders Carlsson and Sam Weinig.
+
+ Put WebProcess in a sandbox. All of the following changes are
+ Mac-only.
+ <rdar://problem/7865269>
+
+ * UIProcess/WebProcessProxy.cpp:
+ (WebKit::WebProcessProxy::WebProcessProxy):
+ Send Sandbox extension for injected bundle to WebProcess.
+
+ * WebKit2.xcodeproj/project.pbxproj:
+ Add Sandbox profile to Resources for WebProcess.
+
+ * WebProcess/InjectedBundle/InjectedBundle.h:
+ New function InjectedBundle::setSandboxToken.
+
+ * WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp:
+ (WebKit::InjectedBundle::load):
+ Consume Sandbox token for the bundle if present.
+
+ (WebKit::InjectedBundle::setSandboxToken):
+ Set Sandbox token for the bundle.
+
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::loadInjectedBundle):
+ Extra function parameter for Sandbox token.
+
+ (WebKit::WebProcess::didReceiveMessage):
+ Pass Sandbox token to loadInjectedBundle().
+
+ * WebProcess/WebProcess.h:
+ Extra function parameter for Sandbox token in loadInjectedBundle().
+
+ * WebProcess/com.apple.WebProcess.sb: Added.
+ Sandbox profile for WebProcess.
+
+ * WebProcess/mac/WebProcessMainMac.mm:
+ (WebKit::WebProcessMain):
+ Initialize Sandbox, exit on failure.
+
2010-07-20 Sam Weinig <sam at webkit.org>
Reviewed by Brady Eidson.
diff --git a/WebKit2/UIProcess/WebProcessProxy.cpp b/WebKit2/UIProcess/WebProcessProxy.cpp
index 61c9cca..5db2776 100644
--- a/WebKit2/UIProcess/WebProcessProxy.cpp
+++ b/WebKit2/UIProcess/WebProcessProxy.cpp
@@ -36,6 +36,11 @@
#include "WebProcessProxyMessageKinds.h"
#include <WebCore/KURL.h>
#include <WebCore/PlatformString.h>
+#include <wtf/text/CString.h>
+
+#if ENABLE(WEB_PROCESS_SANDBOX)
+#include <sandbox.h>
+#endif
using namespace WebCore;
@@ -64,8 +69,18 @@ WebProcessProxy::WebProcessProxy(WebContext* context)
// FIXME: We could instead send the bundle path as part of the arguments to process creation?
// Would that be better than sending a connection?
- if (!context->injectedBundlePath().isEmpty())
+ if (!context->injectedBundlePath().isEmpty()) {
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ char *sandboxBundleToken = NULL;
+ CString injectedBundlePath = context->injectedBundlePath().utf8();
+ sandbox_issue_extension(injectedBundlePath.data(), &sandboxBundleToken);
+ send(WebProcessMessage::LoadInjectedBundle, 0, CoreIPC::In(context->injectedBundlePath(), String::fromUTF8(sandboxBundleToken)));
+ if (sandboxBundleToken)
+ free(sandboxBundleToken);
+#else
send(WebProcessMessage::LoadInjectedBundle, 0, CoreIPC::In(context->injectedBundlePath()));
+#endif
+ }
#if USE(ACCELERATED_COMPOSITING)
setUpAcceleratedCompositing();
diff --git a/WebKit2/WebKit2.xcodeproj/project.pbxproj b/WebKit2/WebKit2.xcodeproj/project.pbxproj
index 0dc1375..d1babc7 100644
--- a/WebKit2/WebKit2.xcodeproj/project.pbxproj
+++ b/WebKit2/WebKit2.xcodeproj/project.pbxproj
@@ -81,6 +81,7 @@
1AEFD2F711D1807B008219D3 /* ArgumentCoders.h in Headers */ = {isa = PBXBuildFile; fileRef = 1AEFD2F611D1807B008219D3 /* ArgumentCoders.h */; };
1AF3060A111B599E00F96436 /* WebKit2.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 8DC2EF5B0486A6940098B216 /* WebKit2.framework */; };
5DAD729C116FF86200EE5396 /* AppKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 0867D6A5FE840307C02AAC07 /* AppKit.framework */; };
+ 6D8A91A611F0EFD100DD01FE /* com.apple.WebProcess.sb in Resources */ = {isa = PBXBuildFile; fileRef = 6D8A91A511F0EFD100DD01FE /* com.apple.WebProcess.sb */; };
8DC2EF530486A6940098B216 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = 089C1666FE841158C02AAC07 /* InfoPlist.strings */; };
8DC2EF570486A6940098B216 /* Cocoa.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1058C7B1FEA5585E11CA2CBB /* Cocoa.framework */; };
BC0092F7115837A300E0AE2A /* RunLoopMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = BC0092F5115837A300E0AE2A /* RunLoopMac.mm */; };
@@ -360,6 +361,7 @@
32DBCF5E0370ADEE00C91783 /* WebKit2Prefix.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebKit2Prefix.h; sourceTree = "<group>"; };
5DAD7294116FF70B00EE5396 /* WebProcess.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = WebProcess.xcconfig; sourceTree = "<group>"; };
5DAD73F1116FF90C00EE5396 /* BaseTarget.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = BaseTarget.xcconfig; sourceTree = "<group>"; };
+ 6D8A91A511F0EFD100DD01FE /* com.apple.WebProcess.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.WebProcess.sb; sourceTree = "<group>"; };
8DC2EF5A0486A6940098B216 /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
8DC2EF5B0486A6940098B216 /* WebKit2.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = WebKit2.framework; sourceTree = BUILT_PRODUCTS_DIR; };
BC0092F5115837A300E0AE2A /* RunLoopMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = RunLoopMac.mm; sourceTree = "<group>"; };
@@ -782,6 +784,7 @@
BC032D5C10F436D50058C15A /* WebProcess */ = {
isa = PBXGroup;
children = (
+ 6D8A91A511F0EFD100DD01FE /* com.apple.WebProcess.sb */,
BC204EDF11C83E72008F3375 /* InjectedBundle */,
1A6FA01C11E1526300DB1371 /* mac */,
1A6FB7AA11E64B4900DB1371 /* Plugins */,
@@ -1326,6 +1329,7 @@
isa = PBXResourcesBuildPhase;
buildActionMask = 2147483647;
files = (
+ 6D8A91A611F0EFD100DD01FE /* com.apple.WebProcess.sb in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff --git a/WebKit2/WebKit2Prefix.h b/WebKit2/WebKit2Prefix.h
index 18d86e4..6685438 100644
--- a/WebKit2/WebKit2Prefix.h
+++ b/WebKit2/WebKit2Prefix.h
@@ -36,6 +36,10 @@
#elif defined(__APPLE__)
+#if !defined(BUILDING_ON_LEOPARD) && !defined(BUILDING_ON_SNOW_LEOPARD)
+#define ENABLE_WEB_PROCESS_SANDBOX 1
+#endif
+
#import <CoreGraphics/CoreGraphics.h>
#ifdef __OBJC__
diff --git a/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h b/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
index 6d23f4b..f61ba56 100644
--- a/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
+++ b/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
@@ -53,6 +53,10 @@ public:
bool load();
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ void setSandboxToken(const WebCore::String& sandboxToken) { m_sandboxToken = sandboxToken; }
+#endif
+
// API
void initializeClient(WKBundleClient*);
void postMessage(WebCore::StringImpl*);
@@ -68,6 +72,10 @@ private:
WebCore::String m_path;
PlatformBundle m_platformBundle; // This is leaked right now, since we never unload the bundle/module.
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ WebCore::String m_sandboxToken;
+#endif
+
WKBundleClient m_client;
};
diff --git a/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp b/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp
index 1df08e2..7fb55f0 100644
--- a/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp
+++ b/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp
@@ -27,14 +27,32 @@
#include "WKBundleAPICast.h"
#include "WKBundleInitialize.h"
+#include <WebCore/PlatformString.h>
+#include <wtf/text/CString.h>
#include <wtf/RetainPtr.h>
+#if ENABLE(WEB_PROCESS_SANDBOX)
+#include <sandbox.h>
+#endif
+
using namespace WebCore;
namespace WebKit {
bool InjectedBundle::load()
{
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ if (!m_sandboxToken.isEmpty()) {
+ CString bundlePath = m_path.utf8();
+ CString sandboxToken = m_sandboxToken.utf8();
+ int rv = sandbox_consume_extension(bundlePath.data(), sandboxToken.data());
+ if (rv) {
+ fprintf(stderr, "InjectedBundle::load failed - Could not consume (%d) bundle sandbox extension [%s] for [%s].\n", rv, sandboxToken.data(), bundlePath.data());
+ return false;
+ }
+ }
+#endif
+
RetainPtr<CFStringRef> injectedBundlePathStr(AdoptCF, CFStringCreateWithCharacters(0, reinterpret_cast<const UniChar*>(m_path.characters()), m_path.length()));
if (!injectedBundlePathStr) {
fprintf(stderr, "InjectedBundle::load failed - Could not create the path string.\n");
diff --git a/WebKit2/WebProcess/WebProcess.cpp b/WebKit2/WebProcess/WebProcess.cpp
index 142f20b..6c8fb63 100644
--- a/WebKit2/WebProcess/WebProcess.cpp
+++ b/WebKit2/WebProcess/WebProcess.cpp
@@ -76,12 +76,20 @@ void WebProcess::initialize(CoreIPC::Connection::Identifier serverIdentifier, Ru
m_runLoop = runLoop;
}
+#if ENABLE(WEB_PROCESS_SANDBOX)
+void WebProcess::loadInjectedBundle(const String& path, const String& token)
+#else
void WebProcess::loadInjectedBundle(const String& path)
+#endif
{
ASSERT(m_pageMap.isEmpty());
ASSERT(!path.isEmpty());
m_injectedBundle = InjectedBundle::create(path);
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ m_injectedBundle->setSandboxToken(token);
+#endif
+
if (!m_injectedBundle->load()) {
// Don't keep around the InjectedBundle reference if the load fails.
m_injectedBundle.clear();
@@ -159,11 +167,21 @@ void WebProcess::didReceiveMessage(CoreIPC::Connection* connection, CoreIPC::Mes
switch (messageID.get<WebProcessMessage::Kind>()) {
case WebProcessMessage::LoadInjectedBundle: {
String path;
+
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ String token;
+ if (!arguments->decode(CoreIPC::Out(path, token)))
+ return;
+
+ loadInjectedBundle(path, token);
+ return;
+#else
if (!arguments->decode(CoreIPC::Out(path)))
return;
loadInjectedBundle(path);
return;
+#endif
}
case WebProcessMessage::SetApplicationCacheDirectory: {
String directory;
diff --git a/WebKit2/WebProcess/WebProcess.h b/WebKit2/WebProcess/WebProcess.h
index cb54625..8867851 100644
--- a/WebKit2/WebProcess/WebProcess.h
+++ b/WebKit2/WebProcess/WebProcess.h
@@ -66,7 +66,11 @@ private:
WebProcess();
void shutdown();
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ void loadInjectedBundle(const WebCore::String&, const WebCore::String&);
+#else
void loadInjectedBundle(const WebCore::String&);
+#endif
void setApplicationCacheDirectory(const WebCore::String&);
void forwardMessageToInjectedBundle(const WebCore::String&);
diff --git a/WebKit2/WebProcess/mac/WebProcessMainMac.mm b/WebKit2/WebProcess/mac/WebProcessMainMac.mm
index 7e540a3..3d3a8ce 100644
--- a/WebKit2/WebProcess/mac/WebProcessMainMac.mm
+++ b/WebKit2/WebProcess/mac/WebProcessMainMac.mm
@@ -29,13 +29,20 @@
#import "RunLoop.h"
#import "WebProcess.h"
#import "WebSystemInterface.h"
+#import <WebKit2/WKView.h>
#import <objc/objc-auto.h>
#import <runtime/InitializeThreading.h>
#import <servers/bootstrap.h>
#import <signal.h>
+#import <stdio.h>
+#import <sysexits.h>
#import <unistd.h>
#import <wtf/Threading.h>
+#if ENABLE(WEB_PROCESS_SANDBOX)
+#import <sandbox.h>
+#endif
+
// FIXME: We should be doing this another way.
extern "C" kern_return_t bootstrap_look_up2(mach_port_t, const name_t, mach_port_t*, pid_t, uint64_t);
@@ -47,6 +54,20 @@ namespace WebKit {
int WebProcessMain(CommandLine*)
{
+ NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
+
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ char* errorBuf;
+ const char* frameworkPath = [[[NSBundle bundleForClass:[WKView class]] bundlePath] UTF8String];
+ const char* profilePath = [[[NSBundle mainBundle] pathForResource:@"com.apple.WebProcess" ofType:@"sb"] UTF8String];
+ const char* const sandboxParam[] = { "webkit2_framework_path", frameworkPath, NULL };
+
+ if (sandbox_init_with_parameters(profilePath, SANDBOX_NAMED_EXTERNAL, sandboxParam, &errorBuf)) {
+ fprintf(stderr, "WebProcess: couldn't initialize sandbox profile [%s] with framework path [%s]: %s\n", profilePath, frameworkPath, errorBuf);
+ exit(EX_NOPERM);
+ }
+#endif
+
mach_port_t serverPort;
kern_return_t kr = bootstrap_look_up2(bootstrap_port, "com.apple.WebKit.WebProcess", &serverPort, getppid(), /* BOOTSTRAP_PER_PID_SERVICE */ 1);
if (kr) {
@@ -54,7 +75,6 @@ int WebProcessMain(CommandLine*)
return 2;
}
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
#if !SHOW_CRASH_REPORTER
// Installs signal handlers that exit on a crash so that CrashReporter does not show up.
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list