[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
andersca at apple.com
andersca at apple.com
Wed Dec 22 16:13:19 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 59df1b46943bbe545672fa502234d6c5f8556dc2
Author: andersca at apple.com <andersca at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Nov 19 20:01:27 2010 +0000
Add SandboxExtension abstraction and use it for the injected bundle extension
https://bugs.webkit.org/show_bug.cgi?id=49817
Reviewed by Sam Weinig.
WebCore:
Export fileSystemRepresentation symbol needed by WebKit2.
* WebCore.exp.in:
WebKit2:
* Shared/SandboxExtension.h:
Add SandboxExtension abstraction.
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
Instead of encoding/decoding a token, encode/decode the sandbox extension handle.
* Shared/mac/SandboxExtensionMac.mm: Added.
Add Mac implementation of SandboxExtension.
* UIProcess/WebContext.cpp:
(WebKit::WebContext::ensureWebProcess):
Create a SandboxExtension::Handle object.
* WebKit2.xcodeproj/project.pbxproj:
Add new files.
* WebProcess/InjectedBundle/InjectedBundle.h:
(WebKit::InjectedBundle::setSandboxExtension):
Set the sandbox extension.
* WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp:
(WebKit::InjectedBundle::load):
Consume the sandbox extension.
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
Create a sandbox extension and set it on the injected bundle.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72422 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 90ee879..0dc7e6e 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,14 @@
+2010-11-19 Anders Carlsson <andersca at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Add SandboxExtension abstraction and use it for the injected bundle extension
+ https://bugs.webkit.org/show_bug.cgi?id=49817
+
+ Export fileSystemRepresentation symbol needed by WebKit2.
+
+ * WebCore.exp.in:
+
2010-11-19 Steve Falkenburg <sfalken at apple.com>
Windows build fix. Remove leftover Debug_Internal use.
diff --git a/WebCore/WebCore.exp.in b/WebCore/WebCore.exp.in
index 4862394..e418ede 100644
--- a/WebCore/WebCore.exp.in
+++ b/WebCore/WebCore.exp.in
@@ -514,6 +514,7 @@ __ZN7WebCore24contextMenuItemTagItalicEv
__ZN7WebCore24contextMenuItemTagStylesEv
__ZN7WebCore24createFragmentFromMarkupEPNS_8DocumentERKN3WTF6StringES5_NS_27FragmentScriptingPermissionE
__ZN7WebCore24decodeURLEscapeSequencesERKN3WTF6StringE
+__ZN7WebCore24fileSystemRepresentationERKN3WTF6StringE
__ZN7WebCore24notifyHistoryItemChangedE
__ZN7WebCore24rangeCompliantEquivalentERKNS_8PositionE
__ZN7WebCore25HistoryPropertyListWriter11releaseDataEv
diff --git a/WebKit2/ChangeLog b/WebKit2/ChangeLog
index 146df17..f5f8884 100644
--- a/WebKit2/ChangeLog
+++ b/WebKit2/ChangeLog
@@ -1,3 +1,41 @@
+2010-11-19 Anders Carlsson <andersca at apple.com>
+
+ Reviewed by Sam Weinig.
+
+ Add SandboxExtension abstraction and use it for the injected bundle extension
+ https://bugs.webkit.org/show_bug.cgi?id=49817
+
+ * Shared/SandboxExtension.h:
+ Add SandboxExtension abstraction.
+
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ Instead of encoding/decoding a token, encode/decode the sandbox extension handle.
+
+ * Shared/mac/SandboxExtensionMac.mm: Added.
+ Add Mac implementation of SandboxExtension.
+
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::ensureWebProcess):
+ Create a SandboxExtension::Handle object.
+
+ * WebKit2.xcodeproj/project.pbxproj:
+ Add new files.
+
+ * WebProcess/InjectedBundle/InjectedBundle.h:
+ (WebKit::InjectedBundle::setSandboxExtension):
+ Set the sandbox extension.
+
+ * WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp:
+ (WebKit::InjectedBundle::load):
+ Consume the sandbox extension.
+
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::initializeWebProcess):
+ Create a sandbox extension and set it on the injected bundle.
+
2010-11-18 Steve Falkenburg <sfalken at apple.com>
Reviewed by Adam Roben.
diff --git a/WebKit2/Shared/SandboxExtension.h b/WebKit2/Shared/SandboxExtension.h
new file mode 100644
index 0000000..f5fb576
--- /dev/null
+++ b/WebKit2/Shared/SandboxExtension.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SandboxExtension_h
+#define SandboxExtension_h
+
+#include <wtf/Forward.h>
+#include <wtf/Noncopyable.h>
+#include <wtf/PassRefPtr.h>
+#include <wtf/RefCounted.h>
+
+#if ENABLE(WEB_PROCESS_SANDBOX)
+typedef struct __WKSandboxExtension* WKSandboxExtensionRef;
+#endif
+
+namespace CoreIPC {
+ class ArgumentEncoder;
+ class ArgumentDecoder;
+}
+
+namespace WebKit {
+
+class SandboxExtension : public RefCounted<SandboxExtension> {
+public:
+ enum Type {
+ ReadOnly,
+ WriteOnly,
+ ReadWrite,
+ };
+
+ class Handle {
+ WTF_MAKE_NONCOPYABLE(Handle);
+
+ public:
+ Handle();
+ ~Handle();
+
+ void encode(CoreIPC::ArgumentEncoder*) const;
+ static bool decode(CoreIPC::ArgumentDecoder*, Handle&);
+
+ private:
+ friend class SandboxExtension;
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ mutable WKSandboxExtensionRef m_sandboxExtension;
+#endif
+ };
+
+ static PassRefPtr<SandboxExtension> create(const Handle&);
+ static void createHandle(const String& path, Type type, Handle&);
+ ~SandboxExtension();
+
+ bool invalidate();
+ bool consume();
+
+private:
+ explicit SandboxExtension(const Handle&);
+
+#if ENABLE(WEB_PROCESS_SANDBOX)
+ mutable WKSandboxExtensionRef m_sandboxExtension;
+#endif
+};
+
+#if !ENABLE(WEB_PROCESS_SANDBOX)
+inline SandboxExtension::Handle::Handle() { }
+inline SandboxExtension::Handle::~Handle() { }
+inline void SandboxExtension::Handle::encode(CoreIPC::ArgumentEncoder*) const { }
+inline bool SandboxExtension::Handle::decode(CoreIPC::ArgumentDecoder*, Handle&) { return true; }
+inline PassRefPtr<SandboxExtension> SandboxExtension::create(const Handle&) { return 0; }
+inline void SandboxExtension::createHandle(const String& path, Type type, Handle&) { }
+inline SandboxExtension::~SandboxExtension() { }
+inline bool SandboxExtension::invalidate() { return true; }
+inline bool SandboxExtension::consume() { return true; }
+#endif
+
+} // namespace WebKit
+
+
+#endif // SandboxExtension_h
diff --git a/WebKit2/Shared/WebProcessCreationParameters.cpp b/WebKit2/Shared/WebProcessCreationParameters.cpp
index ad30107..4a00106 100644
--- a/WebKit2/Shared/WebProcessCreationParameters.cpp
+++ b/WebKit2/Shared/WebProcessCreationParameters.cpp
@@ -40,9 +40,7 @@ WebProcessCreationParameters::WebProcessCreationParameters()
void WebProcessCreationParameters::encode(CoreIPC::ArgumentEncoder* encoder) const
{
encoder->encode(injectedBundlePath);
-#if ENABLE(WEB_PROCESS_SANDBOX)
- encoder->encode(injectedBundlePathToken);
-#endif
+ encoder->encode(injectedBundlePathExtensionHandle);
encoder->encode(applicationCacheDirectory);
encoder->encode(urlSchemesRegistererdAsEmptyDocument);
@@ -63,10 +61,8 @@ bool WebProcessCreationParameters::decode(CoreIPC::ArgumentDecoder* decoder, Web
{
if (!decoder->decode(parameters.injectedBundlePath))
return false;
-#if ENABLE(WEB_PROCESS_SANDBOX)
- if (!decoder->decode(parameters.injectedBundlePathToken))
+ if (!decoder->decode(parameters.injectedBundlePathExtensionHandle))
return false;
-#endif
if (!decoder->decode(parameters.applicationCacheDirectory))
return false;
diff --git a/WebKit2/Shared/WebProcessCreationParameters.h b/WebKit2/Shared/WebProcessCreationParameters.h
index bb15920..d4640b8 100644
--- a/WebKit2/Shared/WebProcessCreationParameters.h
+++ b/WebKit2/Shared/WebProcessCreationParameters.h
@@ -27,6 +27,7 @@
#define WebProcessCreationParameters_h
#include "CacheModel.h"
+#include "SandboxExtension.h"
#include <wtf/Vector.h>
#include <wtf/text/WTFString.h>
@@ -48,9 +49,7 @@ struct WebProcessCreationParameters {
static bool decode(CoreIPC::ArgumentDecoder*, WebProcessCreationParameters&);
String injectedBundlePath;
-#if ENABLE(WEB_PROCESS_SANDBOX)
- String injectedBundlePathToken;
-#endif
+ SandboxExtension::Handle injectedBundlePathExtensionHandle;
String applicationCacheDirectory;
Vector<String> urlSchemesRegistererdAsEmptyDocument;
diff --git a/WebKit2/Shared/mac/SandboxExtensionMac.mm b/WebKit2/Shared/mac/SandboxExtensionMac.mm
new file mode 100644
index 0000000..b2536af
--- /dev/null
+++ b/WebKit2/Shared/mac/SandboxExtensionMac.mm
@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) 2010 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if ENABLE(WEB_PROCESS_SANDBOX)
+
+#include "SandboxExtension.h"
+
+#include "ArgumentDecoder.h"
+#include "ArgumentEncoder.h"
+#include "DataReference.h"
+#include "WebKitSystemInterface.h"
+#include <WebCore/FileSystem.h>
+#include <wtf/text/CString.h>
+
+using namespace WebCore;
+
+namespace WebKit {
+
+SandboxExtension::Handle::Handle()
+ : m_sandboxExtension(0)
+{
+}
+
+SandboxExtension::Handle::~Handle()
+{
+ if (m_sandboxExtension) {
+ WKSandboxExtensionInvalidate(m_sandboxExtension);
+ WKSandboxExtensionDestroy(m_sandboxExtension);
+ }
+}
+
+void SandboxExtension::Handle::encode(CoreIPC::ArgumentEncoder* encoder) const
+{
+ ASSERT(m_sandboxExtension);
+
+ size_t length = 0;
+ const char *serializedFormat = WKSandboxExtensionGetSerializedFormat(m_sandboxExtension, &length);
+ ASSERT(serializedFormat);
+
+ encoder->encodeBytes(reinterpret_cast<const uint8_t*>(serializedFormat), length);
+
+ // Encoding will destroy the sandbox extension locally.
+ WKSandboxExtensionDestroy(m_sandboxExtension);
+ m_sandboxExtension = 0;
+}
+
+bool SandboxExtension::Handle::decode(CoreIPC::ArgumentDecoder* decoder, Handle& result)
+{
+ ASSERT(!result.m_sandboxExtension);
+
+ CoreIPC::DataReference dataReference;
+ if (!decoder->decodeBytes(dataReference))
+ return false;
+
+ result.m_sandboxExtension = WKSandboxExtensionCreateFromSerializedFormat(reinterpret_cast<const char*>(dataReference.data()), dataReference.size());
+ return true;
+}
+
+PassRefPtr<SandboxExtension> SandboxExtension::create(const Handle& handle)
+{
+ return adoptRef(new SandboxExtension(handle));
+}
+
+static WKSandboxExtensionType wkSandboxExtensionType(SandboxExtension::Type type)
+{
+ switch (type) {
+ case SandboxExtension::ReadOnly:
+ return WKSandboxExtensionTypeReadOnly;
+ case SandboxExtension::WriteOnly:
+ return WKSandboxExtensionTypeWriteOnly;
+ case SandboxExtension::ReadWrite:
+ return WKSandboxExtensionTypeReadWrite;
+ }
+
+ ASSERT_NOT_REACHED();
+ return WKSandboxExtensionTypeReadOnly;
+}
+
+void SandboxExtension::createHandle(const String& path, Type type, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+ handle.m_sandboxExtension = WKSandboxExtensionCreate(fileSystemRepresentation(path).data(), wkSandboxExtensionType(type));
+}
+
+SandboxExtension::SandboxExtension(const Handle& handle)
+ : m_sandboxExtension(handle.m_sandboxExtension)
+{
+ handle.m_sandboxExtension = 0;
+}
+
+SandboxExtension::~SandboxExtension()
+{
+ if (!m_sandboxExtension)
+ return;
+
+ WKSandboxExtensionInvalidate(m_sandboxExtension);
+ WKSandboxExtensionDestroy(m_sandboxExtension);
+}
+
+bool SandboxExtension::invalidate()
+{
+ ASSERT(m_sandboxExtension);
+
+ bool result = WKSandboxExtensionInvalidate(m_sandboxExtension);
+ WKSandboxExtensionDestroy(m_sandboxExtension);
+ m_sandboxExtension = 0;
+
+ return result;
+}
+
+bool SandboxExtension::consume()
+{
+ ASSERT(m_sandboxExtension);
+
+ bool result = WKSandboxExtensionConsume(m_sandboxExtension);
+ WKSandboxExtensionDestroy(m_sandboxExtension);
+ m_sandboxExtension = 0;
+
+ return result;
+}
+
+} // namespace WebKit
+
+#endif // ENABLE(WEB_PROCESS_SANDBOX)
diff --git a/WebKit2/UIProcess/WebContext.cpp b/WebKit2/UIProcess/WebContext.cpp
index 64b1057..585bd69 100644
--- a/WebKit2/UIProcess/WebContext.cpp
+++ b/WebKit2/UIProcess/WebContext.cpp
@@ -44,10 +44,6 @@
#include <wtf/OwnArrayPtr.h>
#include <wtf/PassOwnArrayPtr.h>
-#if ENABLE(WEB_PROCESS_SANDBOX)
-#include <sandbox.h>
-#endif
-
#ifndef NDEBUG
#include <wtf/RefCountedLeakCounter.h>
#endif
@@ -161,16 +157,7 @@ void WebContext::ensureWebProcess()
if (!injectedBundlePath().isEmpty()) {
parameters.injectedBundlePath = injectedBundlePath();
-#if ENABLE(WEB_PROCESS_SANDBOX)
- char* sandboxBundleTokenUTF8 = 0;
- CString injectedBundlePathUTF8 = injectedBundlePath().utf8();
- sandbox_issue_extension(injectedBundlePathUTF8.data(), &sandboxBundleTokenUTF8);
- String sandboxBundleToken = String::fromUTF8(sandboxBundleTokenUTF8);
- if (sandboxBundleTokenUTF8)
- free(sandboxBundleTokenUTF8);
-
- parameters.injectedBundlePathToken = sandboxBundleToken;
-#endif
+ SandboxExtension::createHandle(parameters.injectedBundlePath, SandboxExtension::ReadOnly, parameters.injectedBundlePathExtensionHandle);
}
parameters.shouldTrackVisitedLinks = m_historyClient.shouldTrackVisitedLinks();
diff --git a/WebKit2/WebKit2.xcodeproj/project.pbxproj b/WebKit2/WebKit2.xcodeproj/project.pbxproj
index b6281ac..3261170 100644
--- a/WebKit2/WebKit2.xcodeproj/project.pbxproj
+++ b/WebKit2/WebKit2.xcodeproj/project.pbxproj
@@ -154,6 +154,8 @@
1AA56F2911E92BC80061B882 /* PluginController.h in Headers */ = {isa = PBXBuildFile; fileRef = 1AA56F2811E92BC80061B882 /* PluginController.h */; };
1AA5889211EE70400061B882 /* NetscapePluginStream.h in Headers */ = {isa = PBXBuildFile; fileRef = 1AA5889011EE70400061B882 /* NetscapePluginStream.h */; };
1AA5889311EE70400061B882 /* NetscapePluginStream.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1AA5889111EE70400061B882 /* NetscapePluginStream.cpp */; };
+ 1AAB4A8D1296F0A20023952F /* SandboxExtension.h in Headers */ = {isa = PBXBuildFile; fileRef = 1AAB4A8C1296F0A20023952F /* SandboxExtension.h */; };
+ 1AAB4AAA1296F1540023952F /* SandboxExtensionMac.mm in Sources */ = {isa = PBXBuildFile; fileRef = 1AAB4AA91296F1540023952F /* SandboxExtensionMac.mm */; };
1AADE6FF10D855FC00D3D63D /* ApplicationServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1AADE6FE10D855FC00D3D63D /* ApplicationServices.framework */; };
1AB7D4CA1288AAA700CFD08C /* DownloadProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = 1AB7D4C81288AAA700CFD08C /* DownloadProxy.h */; };
1AB7D4CB1288AAA700CFD08C /* DownloadProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1AB7D4C91288AAA700CFD08C /* DownloadProxy.cpp */; };
@@ -714,6 +716,8 @@
1AA56F2811E92BC80061B882 /* PluginController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PluginController.h; sourceTree = "<group>"; };
1AA5889011EE70400061B882 /* NetscapePluginStream.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetscapePluginStream.h; sourceTree = "<group>"; };
1AA5889111EE70400061B882 /* NetscapePluginStream.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NetscapePluginStream.cpp; sourceTree = "<group>"; };
+ 1AAB4A8C1296F0A20023952F /* SandboxExtension.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SandboxExtension.h; sourceTree = "<group>"; };
+ 1AAB4AA91296F1540023952F /* SandboxExtensionMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = SandboxExtensionMac.mm; sourceTree = "<group>"; };
1AADE6FE10D855FC00D3D63D /* ApplicationServices.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ApplicationServices.framework; path = System/Library/Frameworks/ApplicationServices.framework; sourceTree = SDKROOT; };
1AB7D4C81288AAA700CFD08C /* DownloadProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DownloadProxy.h; sourceTree = "<group>"; };
1AB7D4C91288AAA700CFD08C /* DownloadProxy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DownloadProxy.cpp; sourceTree = "<group>"; };
@@ -1395,6 +1399,7 @@
BCC57161115ADB42001CCAF9 /* NotImplemented.h */,
BCC43AB8127B95DC00317F16 /* PlatformPopupMenuData.cpp */,
BCC43AB9127B95DC00317F16 /* PlatformPopupMenuData.h */,
+ 1AAB4A8C1296F0A20023952F /* SandboxExtension.h */,
BCBD3C3A125BFA7A00D2C29F /* StringPairVector.h */,
BCB0B0DF12305AB100B1341E /* UserMessageCoders.h */,
1A0F29C9120B37160053D1B9 /* VisitedLinkTable.cpp */,
@@ -1819,6 +1824,7 @@
BC111B5C112F629800337BAB /* WebEventFactory.mm */,
BCE231C0122C466E00D5C35A /* WebURLRequestMac.mm */,
BC90A1D5122DD66A00CC8C50 /* WebURLResponseMac.mm */,
+ 1AAB4AA91296F1540023952F /* SandboxExtensionMac.mm */,
);
path = mac;
sourceTree = "<group>";
@@ -2420,6 +2426,7 @@
ED82A7F2128C6FAF004477B3 /* WKBundlePageOverlay.h in Headers */,
1CA8B946127C882A00576C2B /* WebInspectorProxyMessages.h in Headers */,
5153569D1291B1D2000749DC /* WebPageContextMenuClient.h in Headers */,
+ 1AAB4A8D1296F0A20023952F /* SandboxExtension.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
@@ -2778,6 +2785,7 @@
1CA8B954127C891500576C2B /* WebInspectorMac.mm in Sources */,
EDCA71B7128DDA8C00201B26 /* WKBundlePageOverlay.cpp in Sources */,
5153569C1291B1D2000749DC /* WebPageContextMenuClient.cpp in Sources */,
+ 1AAB4AAA1296F1540023952F /* SandboxExtensionMac.mm in Sources */,
);
runOnlyForDeploymentPostprocessing = 0;
};
diff --git a/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h b/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
index 4fd7c0d..a074cb5 100644
--- a/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
+++ b/WebKit2/WebProcess/InjectedBundle/InjectedBundle.h
@@ -28,6 +28,7 @@
#include "APIObject.h"
#include "InjectedBundleClient.h"
+#include "SandboxExtension.h"
#include "WKBundle.h"
#include <WebCore/UserContentTypes.h>
#include <WebCore/UserScriptTypes.h>
@@ -71,10 +72,7 @@ public:
~InjectedBundle();
bool load(APIObject* initializationUserData);
-
-#if ENABLE(WEB_PROCESS_SANDBOX)
- void setSandboxToken(const String& sandboxToken) { m_sandboxToken = sandboxToken; }
-#endif
+ void setSandboxExtension(PassRefPtr<SandboxExtension> sandboxExtension) { m_sandboxExtension = sandboxExtension; }
// API
void initializeClient(WKBundleClient*);
@@ -118,9 +116,7 @@ private:
String m_path;
PlatformBundle m_platformBundle; // This is leaked right now, since we never unload the bundle/module.
-#if ENABLE(WEB_PROCESS_SANDBOX)
- String m_sandboxToken;
-#endif
+ RefPtr<SandboxExtension> m_sandboxExtension;
InjectedBundleClient m_client;
};
diff --git a/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp b/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp
index f126bce..f278ea9 100644
--- a/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp
+++ b/WebKit2/WebProcess/InjectedBundle/mac/InjectedBundleMac.cpp
@@ -31,27 +31,20 @@
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
-#if ENABLE(WEB_PROCESS_SANDBOX)
-#include <sandbox.h>
-#endif
-
using namespace WebCore;
namespace WebKit {
bool InjectedBundle::load(APIObject* initializationUserData)
{
-#if ENABLE(WEB_PROCESS_SANDBOX)
- if (!m_sandboxToken.isEmpty()) {
- CString bundlePath = m_path.utf8();
- CString sandboxToken = m_sandboxToken.utf8();
- int rv = sandbox_consume_extension(bundlePath.data(), sandboxToken.data());
- if (rv) {
- fprintf(stderr, "InjectedBundle::load failed - Could not consume (%d) bundle sandbox extension [%s] for [%s].\n", rv, sandboxToken.data(), bundlePath.data());
+ if (m_sandboxExtension) {
+ if (!m_sandboxExtension->consume()) {
+ fprintf(stderr, "InjectedBundle::load failed - Could not consume bundle sandbox extension for [%s].\n", m_path.utf8().data());
return false;
}
+
+ m_sandboxExtension = 0;
}
-#endif
RetainPtr<CFStringRef> injectedBundlePathStr(AdoptCF, CFStringCreateWithCharacters(0, reinterpret_cast<const UniChar*>(m_path.characters()), m_path.length()));
if (!injectedBundlePathStr) {
diff --git a/WebKit2/WebProcess/WebProcess.cpp b/WebKit2/WebProcess/WebProcess.cpp
index ef858c5..3a6d232 100644
--- a/WebKit2/WebProcess/WebProcess.cpp
+++ b/WebKit2/WebProcess/WebProcess.cpp
@@ -128,9 +128,8 @@ void WebProcess::initializeWebProcess(const WebProcessCreationParameters& parame
if (!parameters.injectedBundlePath.isEmpty()) {
m_injectedBundle = InjectedBundle::create(parameters.injectedBundlePath);
-#if ENABLE(WEB_PROCESS_SANDBOX)
- m_injectedBundle->setSandboxToken(parameters.injectedBundlePathToken);
-#endif
+ m_injectedBundle->setSandboxExtension(SandboxExtension::create(parameters.injectedBundlePathExtensionHandle));
+
if (!m_injectedBundle->load(injectedBundleInitializationUserData.get())) {
// Don't keep around the InjectedBundle reference if the load fails.
m_injectedBundle.clear();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list