HTTPSUpgradeList.db database should be opened in readonly mode
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Mar 2019 02:47:33 +0000 (02:47 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Mar 2019 02:47:33 +0000 (02:47 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195194
<rdar://problem/47103889>

Reviewed by Youenn Fablet.

Source/WebCore:

Add parameter to SQLiteDatabase::open() to specific the open flags.

* Modules/webdatabase/Database.cpp:
(WebCore::Database::performOpenAndVerify):
* platform/sql/SQLiteDatabase.cpp:
(WebCore::SQLiteDatabase::open):
* platform/sql/SQLiteDatabase.h:
* platform/sql/SQLiteFileSystem.cpp:
* platform/sql/SQLiteFileSystem.h:

Source/WebKit:

HTTPSUpgradeList.db database should be opened in readonly mode since it is not meant to be
modified by WebKit. Opening it in ReadWrite mode causes sandbox violations.

* NetworkProcess/NetworkHTTPSUpgradeChecker.cpp:
(WebKit::NetworkHTTPSUpgradeChecker::NetworkHTTPSUpgradeChecker):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242251 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/Modules/webdatabase/Database.cpp
Source/WebCore/platform/sql/SQLiteDatabase.cpp
Source/WebCore/platform/sql/SQLiteDatabase.h
Source/WebCore/platform/sql/SQLiteFileSystem.cpp
Source/WebCore/platform/sql/SQLiteFileSystem.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkHTTPSUpgradeChecker.cpp

index ee27da1..782e827 100644 (file)
@@ -1,3 +1,21 @@
+2019-02-28  Chris Dumez  <cdumez@apple.com>
+
+        HTTPSUpgradeList.db database should be opened in readonly mode
+        https://bugs.webkit.org/show_bug.cgi?id=195194
+        <rdar://problem/47103889>
+
+        Reviewed by Youenn Fablet.
+
+        Add parameter to SQLiteDatabase::open() to specific the open flags.
+
+        * Modules/webdatabase/Database.cpp:
+        (WebCore::Database::performOpenAndVerify):
+        * platform/sql/SQLiteDatabase.cpp:
+        (WebCore::SQLiteDatabase::open):
+        * platform/sql/SQLiteDatabase.h:
+        * platform/sql/SQLiteFileSystem.cpp:
+        * platform/sql/SQLiteFileSystem.h:
+
 2019-02-28  Brady Eidson  <beidson@apple.com>
 
         Followup to:
index 7a53fec..f3ccf3d 100644 (file)
@@ -348,7 +348,7 @@ ExceptionOr<void> Database::performOpenAndVerify(bool shouldSetVersionInNewDatab
 
     SQLiteTransactionInProgressAutoCounter transactionCounter;
 
-    if (!m_sqliteDatabase.open(m_filename, true))
+    if (!m_sqliteDatabase.open(m_filename))
         return Exception { InvalidStateError, formatErrorMessage("unable to open database", m_sqliteDatabase.lastError(), m_sqliteDatabase.lastErrorMsg()) };
     if (!m_sqliteDatabase.turnOnIncrementalAutoVacuum())
         LOG_ERROR("Unable to turn on incremental auto-vacuum (%d %s)", m_sqliteDatabase.lastError(), m_sqliteDatabase.lastErrorMsg());
index 70ac0b7..c6534b1 100644 (file)
@@ -35,6 +35,7 @@
 #include <mutex>
 #include <sqlite3.h>
 #include <thread>
+#include <wtf/FileSystem.h>
 #include <wtf/Threading.h>
 #include <wtf/text/CString.h>
 #include <wtf/text/StringConcatenateNumbers.h>
@@ -76,13 +77,26 @@ SQLiteDatabase::~SQLiteDatabase()
     close();
 }
 
-bool SQLiteDatabase::open(const String& filename, bool forWebSQLDatabase)
+bool SQLiteDatabase::open(const String& filename, OpenMode openMode)
 {
     initializeSQLiteIfNecessary();
 
     close();
 
-    m_openError = SQLiteFileSystem::openDatabase(filename, &m_db, forWebSQLDatabase);
+    int flags = SQLITE_OPEN_AUTOPROXY;
+    switch (openMode) {
+    case OpenMode::ReadOnly:
+        flags |= SQLITE_OPEN_READONLY;
+        break;
+    case OpenMode::ReadWrite:
+        flags |= SQLITE_OPEN_READWRITE;
+        break;
+    case OpenMode::ReadWriteCreate:
+        flags |= SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
+        break;
+    }
+
+    m_openError = sqlite3_open_v2(FileSystem::fileSystemRepresentation(filename).data(), &m_db, flags, nullptr);
     if (m_openError != SQLITE_OK) {
         m_openErrorMessage = m_db ? sqlite3_errmsg(m_db) : "sqlite_open returned null";
         LOG_ERROR("SQLite database failed to load from %s\nCause - %s", filename.ascii().data(),
index 57d2ad8..3e03824 100644 (file)
@@ -53,7 +53,8 @@ public:
     WEBCORE_EXPORT SQLiteDatabase();
     WEBCORE_EXPORT ~SQLiteDatabase();
 
-    WEBCORE_EXPORT bool open(const String& filename, bool forWebSQLDatabase = false);
+    enum class OpenMode { ReadOnly, ReadWrite, ReadWriteCreate };
+    WEBCORE_EXPORT bool open(const String& filename, OpenMode = OpenMode::ReadWriteCreate);
     bool isOpen() const { return m_db; }
     WEBCORE_EXPORT void close();
 
index 364bff7..6bd8b08 100644 (file)
@@ -46,11 +46,6 @@ SQLiteFileSystem::SQLiteFileSystem()
 {
 }
 
-int SQLiteFileSystem::openDatabase(const String& filename, sqlite3** database, bool)
-{
-    return sqlite3_open_v2(FileSystem::fileSystemRepresentation(filename).data(), database, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_AUTOPROXY, nullptr);
-}
-
 String SQLiteFileSystem::appendDatabaseFileNameToPath(const String& path, const String& fileName)
 {
     return FileSystem::pathByAppendingComponent(path, fileName);
index 9bb86e3..911e462 100644 (file)
@@ -44,16 +44,6 @@ class SQLiteDatabase;
 // by the WebKit database code.
 class SQLiteFileSystem {
 public:
-    // Opens a database file.
-    //
-    // filemame - The name of the database file.
-    // database - The SQLite structure that represents the database stored
-    //            in the given file.
-    // forWebSQLDatabase - True, if and only if we're opening a Web SQL Database file.
-    //                     Used by Chromium to determine if the DB file needs to be opened
-    //                     using a custom VFS.
-    static int openDatabase(const String& filename, sqlite3** database, bool forWebSQLDatabase);
-
     // Creates an absolute file path given a directory and a file name.
     //
     // path - The directory.
index e18e6a9..9ffaa49 100644 (file)
@@ -1,3 +1,17 @@
+2019-02-28  Chris Dumez  <cdumez@apple.com>
+
+        HTTPSUpgradeList.db database should be opened in readonly mode
+        https://bugs.webkit.org/show_bug.cgi?id=195194
+        <rdar://problem/47103889>
+
+        Reviewed by Youenn Fablet.
+
+        HTTPSUpgradeList.db database should be opened in readonly mode since it is not meant to be
+        modified by WebKit. Opening it in ReadWrite mode causes sandbox violations.
+
+        * NetworkProcess/NetworkHTTPSUpgradeChecker.cpp:
+        (WebKit::NetworkHTTPSUpgradeChecker::NetworkHTTPSUpgradeChecker):
+
 2019-02-28  David Quesada  <david_quesada@apple.com>
 
         Expose APINavigationAction.shouldPerformDownload() on WKNavigationAction
index 7931d61..f2fb5cd 100644 (file)
@@ -68,7 +68,7 @@ NetworkHTTPSUpgradeChecker::NetworkHTTPSUpgradeChecker()
             return;
         }
 
-        bool isDatabaseOpen = m_database->open(path);
+        bool isDatabaseOpen = m_database->open(path, WebCore::SQLiteDatabase::OpenMode::ReadOnly);
         if (!isDatabaseOpen) {
 #if PLATFORM(COCOA)
             RELEASE_LOG_ERROR(Network, "%p - NetworkHTTPSUpgradeChecker::open failed, error message: %{public}s, database path: %{public}s", this, m_database->lastErrorMsg(), path.utf8().data());