Regression(macOS Catalina): Cannot quick look html documents in Mail
https://bugs.webkit.org/show_bug.cgi?id=199754
<rdar://problem/51304961>
Reviewed by Geoff Garen.
If the client asks us to load a file URL but does not provide a resource path, WebKit
would fallback to issuing a sandbox extension for /. This no longer works on mac OS
Catalina and it would thus fail to load the file.
To address the issue, if the attempt to create a sandbox extension for / fails, we now
fall back to issuing one for the file's baseURL (path of containing folder).
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@247400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 0669b3b..cf8de6c 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,3 +1,21 @@
+2019-07-12 Chris Dumez <cdumez@apple.com>
+
+ Regression(macOS Catalina): Cannot quick look html documents in Mail
+ https://bugs.webkit.org/show_bug.cgi?id=199754
+ <rdar://problem/51304961>
+
+ Reviewed by Geoff Garen.
+
+ If the client asks us to load a file URL but does not provide a resource path, WebKit
+ would fallback to issuing a sandbox extension for /. This no longer works on mac OS
+ Catalina and it would thus fail to load the file.
+
+ To address the issue, if the attempt to create a sandbox extension for / fails, we now
+ fall back to issuing one for the file's baseURL (path of containing folder).
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
+
2019-07-12 Michael Catanzaro <mcatanzaro@igalia.com>
WebBackForwardListItem::setPageState should receive pageState by rvalue reference
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
index 24f1e60..2af0e81 100644
--- a/Source/WebKit/UIProcess/WebPageProxy.cpp
+++ b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -1058,9 +1058,16 @@
// Inspector resources are in a directory with assumed access.
ASSERT_WITH_SECURITY_IMPLICATION(!WebKit::isInspectorPage(*this));
- // FIXME: universal file read access should be set if the sandbox extension is successfully created: rdar://problem/52357508.
- SandboxExtension::createHandle("/", SandboxExtension::Type::ReadOnly, sandboxExtensionHandle);
- willAcquireUniversalFileReadSandboxExtension(process);
+ if (SandboxExtension::createHandle("/", SandboxExtension::Type::ReadOnly, sandboxExtensionHandle)) {
+ willAcquireUniversalFileReadSandboxExtension(process);
+ return;
+ }
+
+ // We failed to issue an universal file read access sandbox, fall back to issuing one for the base URL instead.
+ auto baseURL = URL(URL(), url.baseAsString());
+ auto basePath = baseURL.fileSystemPath();
+ if (!basePath.isNull() && SandboxExtension::createHandle(basePath, SandboxExtension::Type::ReadOnly, sandboxExtensionHandle))
+ m_process->assumeReadAccessToBaseURL(*this, baseURL);
}
#if !PLATFORM(COCOA)