Delay initializing the sandbox until we get the InitializeWebProcess message.
authorandersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Jan 2011 21:51:53 +0000 (21:51 +0000)
committerandersca@apple.com <andersca@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 14 Jan 2011 21:51:53 +0000 (21:51 +0000)
Reviewed by Sam Weinig.

* WebProcess/mac/WebProcessMac.mm:
(WebKit::initializeSandbox):
(WebKit::WebProcess::platformInitializeWebProcess):
* WebProcess/mac/WebProcessMainMac.mm:
(WebKit::WebProcessMain):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@75814 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebKit2/ChangeLog
WebKit2/WebProcess/mac/WebProcessMac.mm
WebKit2/WebProcess/mac/WebProcessMainMac.mm

index f65dac9..dd18486 100644 (file)
@@ -1,3 +1,15 @@
+2011-01-14  Anders Carlsson  <andersca@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Delay initializing the sandbox until we get the InitializeWebProcess message.
+
+        * WebProcess/mac/WebProcessMac.mm:
+        (WebKit::initializeSandbox):
+        (WebKit::WebProcess::platformInitializeWebProcess):
+        * WebProcess/mac/WebProcessMainMac.mm:
+        (WebKit::WebProcessMain):
+
 2011-01-14  Laszlo Gombos  <laszlo.1.gombos@nokia.com>
 
         Reviewed by Kenneth Rohde Christiansen.
index a049a39..092e5da 100644 (file)
 #include <mach/mach.h>
 #include <mach/mach_error.h>
 
+#if ENABLE(WEB_PROCESS_SANDBOX)
+#include <sandbox.h>
+#include <stdlib.h>
+#include <sysexits.h>
+#endif
+
 using namespace WebCore;
 using namespace std;
 
@@ -103,8 +109,46 @@ void WebProcess::platformClearResourceCaches()
     [[NSURLCache sharedURLCache] removeAllCachedResponses];
 }
 
+static void initializeSandbox(const WebProcessCreationParameters& parameters)
+{
+#if ENABLE(WEB_PROCESS_SANDBOX)
+    if ([[NSUserDefaults standardUserDefaults] boolForKey:@"DisableSandbox"]) {
+        fprintf(stderr, "Bypassing sandbox due to DisableSandbox user default.\n");
+        return;
+    }
+
+    char* errorBuf;
+    char tmpPath[PATH_MAX];
+    char tmpRealPath[PATH_MAX];
+    char cachePath[PATH_MAX];
+    char cacheRealPath[PATH_MAX];
+    const char* frameworkPath = [[[[NSBundle bundleForClass:NSClassFromString(@"WKView")] bundlePath] stringByDeletingLastPathComponent] UTF8String];
+    const char* profilePath = [[[NSBundle mainBundle] pathForResource:@"com.apple.WebProcess" ofType:@"sb"] UTF8String];
+
+    if (confstr(_CS_DARWIN_USER_TEMP_DIR, tmpPath, PATH_MAX) <= 0 || !realpath(tmpPath, tmpRealPath))
+        tmpRealPath[0] = '\0';
+
+    if (confstr(_CS_DARWIN_USER_CACHE_DIR, cachePath, PATH_MAX) <= 0 || !realpath(cachePath, cacheRealPath))
+        cacheRealPath[0] = '\0';
+
+    const char* const sandboxParam[] = {
+        "WEBKIT2_FRAMEWORK_DIR", frameworkPath,
+        "DARWIN_USER_TEMP_DIR", (const char*)tmpRealPath,
+        "DARWIN_USER_CACHE_DIR", (const char*)cacheRealPath,
+        NULL
+    };
+
+    if (sandbox_init_with_parameters(profilePath, SANDBOX_NAMED_EXTERNAL, sandboxParam, &errorBuf)) {
+        fprintf(stderr, "WebProcess: couldn't initialize sandbox profile [%s] with framework path [%s], tmp path [%s], cache path [%s]: %s\n", profilePath, frameworkPath, tmpRealPath, cacheRealPath, errorBuf);
+        exit(EX_NOPERM);
+    }
+#endif
+}
+
 void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, CoreIPC::ArgumentDecoder*)
 {
+    initializeSandbox(parameters);
+
     if (!parameters.nsURLCachePath.isNull()) {
         NSUInteger cacheMemoryCapacity = parameters.nsURLCacheMemoryCapacity;
         NSUInteger cacheDiskCapacity = parameters.nsURLCacheDiskCapacity;
index c44e1ef..5cefb59 100644 (file)
 #import <wtf/Threading.h>
 #import <wtf/text/CString.h>
 
-#if ENABLE(WEB_PROCESS_SANDBOX)
-#import <sandbox.h>
-#import <stdlib.h>
-#endif
-
 // FIXME: We should be doing this another way.
 extern "C" kern_return_t bootstrap_look_up2(mach_port_t, const name_t, mach_port_t*, pid_t, uint64_t);
 
@@ -60,38 +55,6 @@ int WebProcessMain(const CommandLine& commandLine)
 {
     NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
 
-#if ENABLE(WEB_PROCESS_SANDBOX)
-    if (![[NSUserDefaults standardUserDefaults] boolForKey:@"DisableSandbox"]) {
-        char* errorBuf;
-        char tmpPath[PATH_MAX];
-        char tmpRealPath[PATH_MAX];
-        char cachePath[PATH_MAX];
-        char cacheRealPath[PATH_MAX];
-        const char* frameworkPath = [[[[NSBundle bundleForClass:[WKView class]] bundlePath] stringByDeletingLastPathComponent] UTF8String];
-        const char* profilePath = [[[NSBundle mainBundle] pathForResource:@"com.apple.WebProcess" ofType:@"sb"] UTF8String];
-
-        if (confstr(_CS_DARWIN_USER_TEMP_DIR, tmpPath, PATH_MAX) <= 0 || !realpath(tmpPath, tmpRealPath))
-            tmpRealPath[0] = '\0';
-
-        if (confstr(_CS_DARWIN_USER_CACHE_DIR, cachePath, PATH_MAX) <= 0 || !realpath(cachePath, cacheRealPath))
-            cacheRealPath[0] = '\0';
-
-        const char* const sandboxParam[] = {
-            "WEBKIT2_FRAMEWORK_DIR", frameworkPath,
-            "DARWIN_USER_TEMP_DIR", (const char*)tmpRealPath,
-            "DARWIN_USER_CACHE_DIR", (const char*)cacheRealPath,
-            NULL
-        };
-
-        if (sandbox_init_with_parameters(profilePath, SANDBOX_NAMED_EXTERNAL, sandboxParam, &errorBuf)) {
-            fprintf(stderr, "WebProcess: couldn't initialize sandbox profile [%s] with framework path [%s], tmp path [%s], cache path [%s]: %s\n", profilePath, frameworkPath, tmpRealPath, cacheRealPath, errorBuf);
-            exit(EX_NOPERM);
-        }
-    } else
-        fprintf(stderr, "Bypassing sandbox due to DisableSandbox user default.\n");
-
-#endif
-
     String serviceName = commandLine["servicename"];
     if (serviceName.isEmpty())
         return EXIT_FAILURE;