Extend WebContent sandbox to allow some extra access for frameworks
https://bugs.webkit.org/show_bug.cgi?id=134844
Reviewed by Sam Weinig.
Open up the webcontent sandbox a bit so that some external frameworks
can work correctly.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
* UIProcess/WebContext.cpp:
(WebKit::WebContext::createNewWebProcess):
(WebKit::WebContext::mediaCacheDirectory):
* UIProcess/WebContext.h:
* UIProcess/mac/WebContextMac.mm:
(WebKit::WebContext::platformMediaCacheDirectory):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@171024 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index 0efe8b7..10ab3a1 100644
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,5 +1,29 @@
2014-07-12 Oliver Hunt <oliver@apple.com>
+ Extend WebContent sandbox to allow some extra access for frameworks
+ https://bugs.webkit.org/show_bug.cgi?id=134844
+
+ Reviewed by Sam Weinig.
+
+ Open up the webcontent sandbox a bit so that some external frameworks
+ can work correctly.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::createNewWebProcess):
+ (WebKit::WebContext::mediaCacheDirectory):
+ * UIProcess/WebContext.h:
+ * UIProcess/mac/WebContextMac.mm:
+ (WebKit::WebContext::platformMediaCacheDirectory):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+
+2014-07-12 Oliver Hunt <oliver@apple.com>
+
Temporary work around for <rdar://<rdar://problem/17513375>
https://bugs.webkit.org/show_bug.cgi?id=134848
diff --git a/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb b/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
index c9ec346..ceb0ef3 100644
--- a/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
+++ b/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
@@ -85,5 +85,9 @@
(allow mach-lookup
(global-name "com.apple.webinspector"))
+;; Various services required by CFNetwork and other frameworks
+(allow mach-lookup
+ (global-name "com.apple.PowerManagement.control"))
+
(deny file-write-create (vnode-type SYMLINK))
(deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
diff --git a/Source/WebKit2/Shared/WebProcessCreationParameters.cpp b/Source/WebKit2/Shared/WebProcessCreationParameters.cpp
index 7ad1930..1d6df38 100644
--- a/Source/WebKit2/Shared/WebProcessCreationParameters.cpp
+++ b/Source/WebKit2/Shared/WebProcessCreationParameters.cpp
@@ -69,6 +69,8 @@
encoder << cookieStorageDirectoryExtensionHandle;
encoder << openGLCacheDirectory;
encoder << openGLCacheDirectoryExtensionHandle;
+ encoder << mediaCacheDirectory;
+ encoder << mediaCacheDirectoryExtensionHandle;
encoder << shouldUseTestingNetworkSession;
encoder << urlSchemesRegistererdAsEmptyDocument;
encoder << urlSchemesRegisteredAsSecure;
@@ -166,6 +168,10 @@
return false;
if (!decoder.decode(parameters.openGLCacheDirectoryExtensionHandle))
return false;
+ if (!decoder.decode(parameters.mediaCacheDirectory))
+ return false;
+ if (!decoder.decode(parameters.mediaCacheDirectoryExtensionHandle))
+ return false;
if (!decoder.decode(parameters.shouldUseTestingNetworkSession))
return false;
if (!decoder.decode(parameters.urlSchemesRegistererdAsEmptyDocument))
diff --git a/Source/WebKit2/Shared/WebProcessCreationParameters.h b/Source/WebKit2/Shared/WebProcessCreationParameters.h
index 0738632..a83adbe 100644
--- a/Source/WebKit2/Shared/WebProcessCreationParameters.h
+++ b/Source/WebKit2/Shared/WebProcessCreationParameters.h
@@ -74,6 +74,8 @@
SandboxExtension::Handle cookieStorageDirectoryExtensionHandle;
String openGLCacheDirectory;
SandboxExtension::Handle openGLCacheDirectoryExtensionHandle;
+ String mediaCacheDirectory;
+ SandboxExtension::Handle mediaCacheDirectoryExtensionHandle;
bool shouldUseTestingNetworkSession;
diff --git a/Source/WebKit2/UIProcess/WebContext.cpp b/Source/WebKit2/UIProcess/WebContext.cpp
index 545ab5d..7a4a8f0 100644
--- a/Source/WebKit2/UIProcess/WebContext.cpp
+++ b/Source/WebKit2/UIProcess/WebContext.cpp
@@ -594,6 +594,10 @@
if (!parameters.openGLCacheDirectory.isEmpty())
SandboxExtension::createHandleForReadWriteDirectory(parameters.openGLCacheDirectory, parameters.openGLCacheDirectoryExtensionHandle);
+ parameters.mediaCacheDirectory = mediaCacheDirectory();
+ if (!parameters.mediaCacheDirectory.isEmpty())
+ SandboxExtension::createHandleForReadWriteDirectory(parameters.mediaCacheDirectory, parameters.mediaCacheDirectoryExtensionHandle);
+
parameters.shouldUseTestingNetworkSession = m_shouldUseTestingNetworkSession;
parameters.cacheModel = m_cacheModel;
@@ -1187,6 +1191,14 @@
return platformDefaultOpenGLCacheDirectory();
}
+String WebContext::mediaCacheDirectory() const
+{
+ if (!m_overrideMediaCacheDirectory.isEmpty())
+ return m_overrideMediaCacheDirectory;
+
+ return platformMediaCacheDirectory();
+}
+
void WebContext::useTestingNetworkSession()
{
ASSERT(m_processes.isEmpty());
diff --git a/Source/WebKit2/UIProcess/WebContext.h b/Source/WebKit2/UIProcess/WebContext.h
index b2baa3f..d60edee 100644
--- a/Source/WebKit2/UIProcess/WebContext.h
+++ b/Source/WebKit2/UIProcess/WebContext.h
@@ -426,6 +426,9 @@
String openGLCacheDirectory() const;
String platformDefaultOpenGLCacheDirectory() const;
+ String mediaCacheDirectory() const;
+ String platformMediaCacheDirectory() const;
+
#if PLATFORM(COCOA)
void registerNotificationObservers();
void unregisterNotificationObservers();
@@ -522,6 +525,7 @@
String m_overrideDiskCacheDirectory;
String m_overrideCookieStorageDirectory;
String m_overrideOpenGLCacheDirectory;
+ String m_overrideMediaCacheDirectory;
String m_webSQLDatabaseDirectory;
String m_indexedDBDatabaseDirectory;
diff --git a/Source/WebKit2/UIProcess/mac/WebContextMac.mm b/Source/WebKit2/UIProcess/mac/WebContextMac.mm
index 76a75cc..b87f6b7 100644
--- a/Source/WebKit2/UIProcess/mac/WebContextMac.mm
+++ b/Source/WebKit2/UIProcess/mac/WebContextMac.mm
@@ -303,6 +303,18 @@
#endif
}
+String WebContext::platformMediaCacheDirectory() const
+{
+#if PLATFORM(IOS)
+ String path = NSTemporaryDirectory();
+ path = path + "/MediaCache";
+ return stringByResolvingSymlinksInPath(path);
+#else
+ notImplemented();
+ return [@"" stringByStandardizingPath];
+#endif
+}
+
String WebContext::platformDefaultWebSQLDatabaseDirectory()
{
NSString *databasesDirectory = [[NSUserDefaults standardUserDefaults] objectForKey:WebDatabaseDirectoryDefaultsKey];
diff --git a/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm b/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm
index 4b2743f..0a138cc 100644
--- a/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm
+++ b/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm
@@ -169,6 +169,7 @@
SandboxExtension::consumePermanently(parameters.diskCacheDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.openGLCacheDirectoryExtensionHandle);
+ SandboxExtension::consumePermanently(parameters.mediaCacheDirectoryExtensionHandle);
#endif
// When the network process is enabled, each web process wants a stand-alone
