Ensure experimentalPlugInSandboxProfilesEnabled is set on PluginProcess
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Jul 2018 14:39:50 +0000 (14:39 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Jul 2018 14:39:50 +0000 (14:39 +0000)
https://bugs.webkit.org/show_bug.cgi?id=187729

Reviewed by Ryosuke Niwa.

experimentalPlugInSandboxProfilesEnabled flag is used at initialization of the plugin process sandbox.
This flag value should be set according to the value of this flag in the UIProcess.
We set this value in the plugin process manager.
At launch of the plugin process, this flag will also be passed to it so that it is set properly.

* PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm:
(WebKit::PluginServiceInitializerDelegate::getExtraInitializationData):
* PluginProcess/mac/PluginProcessMac.mm:
(WebKit::PluginProcess::platformInitializeProcess):
* Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h:
* UIProcess/API/C/WKPreferences.cpp:
(WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins):
(WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins):
* UIProcess/API/C/WKPreferencesRefPrivate.h:
* UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences _setExperimentalPlugInSandboxProfilesEnabled:]):
(-[WKPreferences _experimentalPlugInSandboxProfilesEnabled]):
* UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* UIProcess/Plugins/PluginProcessManager.h:
(WebKit::PluginProcessManager::experimentalPlugInSandboxProfilesEnabled const):
* UIProcess/Plugins/mac/PluginProcessManagerMac.mm:
(WebKit::PluginProcessManager::setExperimentalPlugInSandboxProfilesEnabled):
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::platformGetLaunchOptions):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233983 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm
Source/WebKit/PluginProcess/mac/PluginProcessMac.mm
Source/WebKit/UIProcess/API/C/WKPreferences.cpp
Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
Source/WebKit/UIProcess/Plugins/PluginProcessManager.h
Source/WebKit/UIProcess/Plugins/mac/PluginProcessManagerMac.mm
Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm

index 0c91fa0..fb0aa64 100644 (file)
@@ -1,3 +1,35 @@
+2018-07-19  Youenn Fablet  <youenn@apple.com>
+
+        Ensure experimentalPlugInSandboxProfilesEnabled is set on PluginProcess
+        https://bugs.webkit.org/show_bug.cgi?id=187729
+
+        Reviewed by Ryosuke Niwa.
+
+        experimentalPlugInSandboxProfilesEnabled flag is used at initialization of the plugin process sandbox.
+        This flag value should be set according to the value of this flag in the UIProcess.
+        We set this value in the plugin process manager.
+        At launch of the plugin process, this flag will also be passed to it so that it is set properly.
+
+        * PluginProcess/EntryPoint/mac/XPCService/PluginServiceEntryPoint.mm:
+        (WebKit::PluginServiceInitializerDelegate::getExtraInitializationData):
+        * PluginProcess/mac/PluginProcessMac.mm:
+        (WebKit::PluginProcess::platformInitializeProcess):
+        * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h:
+        * UIProcess/API/C/WKPreferences.cpp:
+        (WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins):
+        (WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins):
+        * UIProcess/API/C/WKPreferencesRefPrivate.h:
+        * UIProcess/API/Cocoa/WKPreferences.mm:
+        (-[WKPreferences _setExperimentalPlugInSandboxProfilesEnabled:]):
+        (-[WKPreferences _experimentalPlugInSandboxProfilesEnabled]):
+        * UIProcess/API/Cocoa/WKPreferencesPrivate.h:
+        * UIProcess/Plugins/PluginProcessManager.h:
+        (WebKit::PluginProcessManager::experimentalPlugInSandboxProfilesEnabled const):
+        * UIProcess/Plugins/mac/PluginProcessManagerMac.mm:
+        (WebKit::PluginProcessManager::setExperimentalPlugInSandboxProfilesEnabled):
+        * UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
+        (WebKit::PluginProcessProxy::platformGetLaunchOptions):
+
 2018-07-18  Ricky Mondello  <rmondello@apple.com>
 
         Let clients override _WKThumbnailView's background color
index 7a1dd0a..a1fe527 100644 (file)
@@ -55,6 +55,10 @@ public:
         if (!disableSandbox.isEmpty())
             extraInitializationData.add("disable-sandbox", disableSandbox);
 
+        String experimentalSandboxPlugIn = xpc_dictionary_get_string(extraDataInitializationDataObject, "experimental-sandbox-plugin");
+        if (!experimentalSandboxPlugIn.isEmpty())
+            extraInitializationData.add("experimental-sandbox-plugin"_s, experimentalSandboxPlugIn);
+
         return true;
     }
 };
index 9bb621b..b1c3173 100644 (file)
@@ -40,6 +40,7 @@
 #import "SandboxUtilities.h"
 #import <CoreAudio/AudioHardware.h>
 #import <WebCore/LocalizedStrings.h>
+#import <WebCore/RuntimeEnabledFeatures.h>
 #import <dlfcn.h>
 #import <mach-o/dyld.h>
 #import <mach-o/getsect.h>
@@ -528,6 +529,9 @@ void PluginProcess::platformInitializeProcess(const ChildProcessInitializationPa
 
     initializeCocoaOverrides();
 
+    bool experimentalPlugInSandboxProfilesEnabled = parameters.extraInitializationData.get("experimental-sandbox-plugin") == "1";
+    RuntimeEnabledFeatures::sharedFeatures().setExperimentalPlugInSandboxProfilesEnabled(experimentalPlugInSandboxProfilesEnabled);
+
     // FIXME: It would be better to proxy SetCursor calls over to the UI process instead of
     // allowing plug-ins to change the mouse cursor at any time.
     // FIXME: SetsCursorInBackground connection property is deprecated in favor of kCGSSetsCursorInBackgroundTagBit window tag bit.
index d45619f..6b68c64 100644 (file)
@@ -25,6 +25,7 @@
 
 #include "config.h"
 
+#include "PluginProcessManager.h"
 #include "WKPreferencesRef.h"
 #include "WKPreferencesRefPrivate.h"
 #include "WKAPICast.h"
@@ -1153,6 +1154,19 @@ bool WKPreferencesGetPlugInSnapshottingEnabled(WKPreferencesRef preferencesRef)
     return toImpl(preferencesRef)->plugInSnapshottingEnabled();
 }
 
+void WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef, bool enabled)
+{
+#if ENABLE(NETSCAPE_PLUGIN_API) && PLATFORM(MAC)
+    WebKit::PluginProcessManager::singleton().setExperimentalPlugInSandboxProfilesEnabled(enabled);
+#endif
+    toImpl(preferencesRef)->setExperimentalPlugInSandboxProfilesEnabled(enabled);
+}
+
+bool WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->experimentalPlugInSandboxProfilesEnabled();
+}
+
 void WKPreferencesSetSnapshotAllPlugIns(WKPreferencesRef preferencesRef, bool enabled)
 {
     toImpl(preferencesRef)->setSnapshotAllPlugIns(enabled);
index 8d0f79b..246de43 100644 (file)
@@ -260,6 +260,10 @@ WK_EXPORT void WKPreferencesSetAsynchronousPluginInitializationEnabledForAllPlug
 WK_EXPORT bool WKPreferencesGetAsynchronousPluginInitializationEnabledForAllPlugins(WKPreferencesRef preferencesRef);
 
 // Defaults to false
+WK_EXPORT void WKPreferencesSetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef, bool enabled);
+WK_EXPORT bool WKPreferencesGetPluginSandboxProfilesEnabledForAllPlugins(WKPreferencesRef preferencesRef);
+
+// Defaults to false
 WK_EXPORT void WKPreferencesSetArtificialPluginInitializationDelayEnabled(WKPreferencesRef preferencesRef, bool enabled);
 WK_EXPORT bool WKPreferencesGetArtificialPluginInitializationDelayEnabled(WKPreferencesRef preferencesRef);
 
index 9e3b9c3..aeffa3d 100644 (file)
@@ -29,6 +29,7 @@
 #if WK_API_ENABLED
 
 #import "APIArray.h"
+#import "PluginProcessManager.h"
 #import "WKNSArray.h"
 #import "WebPreferences.h"
 #import "_WKExperimentalFeature.h"
@@ -942,6 +943,19 @@ static WebCore::EditableLinkBehavior toEditableLinkBehavior(_WKEditableLinkBehav
     return _preferences->artificialPluginInitializationDelayEnabled();
 }
 
+- (void)_setExperimentalPlugInSandboxProfilesEnabled:(BOOL)enabled
+{
+#if ENABLE(NETSCAPE_PLUGIN_API)
+    WebKit::PluginProcessManager::singleton().setExperimentalPlugInSandboxProfilesEnabled(enabled);
+#endif
+    _preferences->setExperimentalPlugInSandboxProfilesEnabled(enabled);
+}
+
+- (BOOL)_experimentalPlugInSandboxProfilesEnabled
+{
+    return _preferences->experimentalPlugInSandboxProfilesEnabled();
+}
+
 - (void)_setCookieEnabled:(BOOL)enabled
 {
     _preferences->setCookieEnabled(enabled);
index f68829e..edc96ad 100644 (file)
@@ -159,6 +159,7 @@ typedef NS_ENUM(NSInteger, _WKEditableLinkBehavior) {
 @property (nonatomic, setter=_setSuppressesIncrementalRendering:) BOOL _suppressesIncrementalRendering WK_API_AVAILABLE(macosx(10.13.4));
 @property (nonatomic, setter=_setAsynchronousPluginInitializationEnabled:) BOOL _asynchronousPluginInitializationEnabled WK_API_AVAILABLE(macosx(10.13.4));
 @property (nonatomic, setter=_setArtificialPluginInitializationDelayEnabled:) BOOL _artificialPluginInitializationDelayEnabled WK_API_AVAILABLE(macosx(10.13.4));
+@property (nonatomic, setter=_setExperimentalPlugInSandboxProfilesEnabled:) BOOL _experimentalPlugInSandboxProfilesEnabled WK_API_AVAILABLE(macosx(WK_MAC_TBA));
 @property (nonatomic, setter=_setCookieEnabled:) BOOL _cookieEnabled WK_API_AVAILABLE(macosx(10.13.4));
 @property (nonatomic, setter=_setPlugInSnapshottingEnabled:) BOOL _plugInSnapshottingEnabled WK_API_AVAILABLE(macosx(10.13.4));
 @property (nonatomic, setter=_setSubpixelCSSOMElementMetricsEnabled:) BOOL _subpixelCSSOMElementMetricsEnabled WK_API_AVAILABLE(macosx(10.13.4));
index a5c3fbe..965cb22 100644 (file)
@@ -76,6 +76,11 @@ public:
 
     const Vector<RefPtr<PluginProcessProxy>>& pluginProcesses() const { return m_pluginProcesses; }
 
+#if PLATFORM(MAC)
+    void setExperimentalPlugInSandboxProfilesEnabled(bool);
+    bool experimentalPlugInSandboxProfilesEnabled() const { return m_experimentalPlugInSandboxProfilesEnabled; }
+#endif
+
 private:
     PluginProcessManager();
 
@@ -90,6 +95,9 @@ private:
 #if PLATFORM(COCOA)
     ProcessSuppressionDisabledCounter m_processSuppressionDisabledForPageCounter;
 #endif
+#if PLATFORM(MAC)
+    bool m_experimentalPlugInSandboxProfilesEnabled { false };
+#endif
 };
 
 #if PLATFORM(COCOA)
index 801abd2..b90a314 100644 (file)
@@ -29,6 +29,7 @@
 #if ENABLE(NETSCAPE_PLUGIN_API)
 
 #import "PluginProcessProxy.h"
+#import <WebCore/RuntimeEnabledFeatures.h>
 
 namespace WebKit {
 
@@ -47,6 +48,12 @@ void PluginProcessManager::updateProcessSuppressionDisabled(RefCounterEvent even
         pluginProcess->setProcessSuppressionEnabled(enabled);
 }
 
+void PluginProcessManager::setExperimentalPlugInSandboxProfilesEnabled(bool enabled)
+{
+    m_experimentalPlugInSandboxProfilesEnabled = enabled;
+    WebCore::RuntimeEnabledFeatures::sharedFeatures().setExperimentalPlugInSandboxProfilesEnabled(enabled);
+}
+
 } // namespace WebKit
 
 #endif // ENABLE(NETSCAPE_PLUGIN_API)
index 25ace26..5b0d525 100644 (file)
@@ -29,6 +29,7 @@
 #if ENABLE(NETSCAPE_PLUGIN_API)
 
 #import "PluginProcessCreationParameters.h"
+#import "PluginProcessManager.h"
 #import "PluginProcessMessages.h"
 #import "SandboxUtilities.h"
 #import <QuartzCore/CARemoteLayerServer.h>
@@ -68,6 +69,9 @@ void PluginProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions
 
     launchOptions.extraInitializationData.add("plugin-path", pluginProcessAttributes.moduleInfo.path);
 
+    if (PluginProcessManager::singleton().experimentalPlugInSandboxProfilesEnabled())
+        launchOptions.extraInitializationData.add("experimental-sandbox-plugin", "1");
+
     if (pluginProcessAttributes.sandboxPolicy == PluginProcessSandboxPolicyUnsandboxed) {
         if (!currentProcessIsSandboxed())
             launchOptions.extraInitializationData.add("disable-sandbox", "1");