Switch to entering the sandbox directly from main(), rather than waiting for the...
authorweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 9 Sep 2012 22:48:00 +0000 (22:48 +0000)
committerweinig@apple.com <weinig@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 9 Sep 2012 22:48:00 +0000 (22:48 +0000)
https://bugs.webkit.org/show_bug.cgi?id=96194

Reviewed by Dan Bernstein.

Source/WebKit2:

* UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::ProcessLauncher::launchProcess):
Pass a client identifier to WebProcess as a command line argument
so that it can be used to create private temporary and cache directories.

* WebProcess/WebProcess.h:
(WebProcess):
* WebProcess/mac/WebProcessMac.mm:
(WebKit::WebProcess::initializeSandbox):
(WebKit::WebProcess::platformInitializeWebProcess):
Expose the initializeSandbox() function and stop calling it from platformInitializeWebProcess()
since it is now going to be called from WebProcessMain.  Also, move changing the current working
directory to sandbox initialization function and replace use of creation parameters with just
the client identifier.

* WebProcess/com.apple.WebProcess.sb.in:
Add some new exceptions that come from entering the sandbox earlier in the AppKit
initialization process. Don't allow access to com.apple.coreservices.appleevents.

* WebProcess/mac/WebProcessMainMac.mm:
(WebKit::WebProcessMainXPC):
(WebKit::WebProcessMain):
Enter the sandbox explicitly, not waiting until the initialization message.  Also,
since we now have an extra parameter for the client identifier, make the WebProcess
launches the UIProcess code path work by extracting a client identifier from the
client executable path.

WebKitLibraries:

Update WKSI with SPI for getting the bundle URL from an executable URL.

* WebKitSystemInterface.h:
* libWebKitSystemInterfaceLion.a:
* libWebKitSystemInterfaceMountainLion.a:
* libWebKitSystemInterfaceSnowLeopard.a:
Adds WKCopyBundleURLForExecutableURL().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@128003 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
Source/WebKit2/ChangeLog
Source/WebKit2/UIProcess/Launcher/mac/ProcessLauncherMac.mm
Source/WebKit2/WebProcess/WebProcess.h
Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in
Source/WebKit2/WebProcess/mac/WebProcessMac.mm
Source/WebKit2/WebProcess/mac/WebProcessMainMac.mm
Tools/Scripts/run-test-webkit-api
WebKitLibraries/ChangeLog
WebKitLibraries/WebKitSystemInterface.h
WebKitLibraries/libWebKitSystemInterfaceLion.a
WebKitLibraries/libWebKitSystemInterfaceMountainLion.a
WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a

index b07d569..ff8d701 100644 (file)
@@ -1,3 +1,37 @@
+2012-09-08  Sam Weinig  <sam@webkit.org>
+
+        Switch to entering the sandbox directly from main(), rather than waiting for the initialization message
+        https://bugs.webkit.org/show_bug.cgi?id=96194
+
+        Reviewed by Dan Bernstein.
+
+        * UIProcess/Launcher/mac/ProcessLauncherMac.mm:
+        (WebKit::ProcessLauncher::launchProcess):
+        Pass a client identifier to WebProcess as a command line argument
+        so that it can be used to create private temporary and cache directories.
+
+        * WebProcess/WebProcess.h:
+        (WebProcess):
+        * WebProcess/mac/WebProcessMac.mm:
+        (WebKit::WebProcess::initializeSandbox):
+        (WebKit::WebProcess::platformInitializeWebProcess):
+        Expose the initializeSandbox() function and stop calling it from platformInitializeWebProcess()
+        since it is now going to be called from WebProcessMain.  Also, move changing the current working
+        directory to sandbox initialization function and replace use of creation parameters with just
+        the client identifier.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+        Add some new exceptions that come from entering the sandbox earlier in the AppKit
+        initialization process. Don't allow access to com.apple.coreservices.appleevents.
+
+        * WebProcess/mac/WebProcessMainMac.mm:
+        (WebKit::WebProcessMainXPC):
+        (WebKit::WebProcessMain):
+        Enter the sandbox explicitly, not waiting until the initialization message.  Also,
+        since we now have an extra parameter for the client identifier, make the WebProcess
+        launches the UIProcess code path work by extracting a client identifier from the 
+        client executable path.
+
 2012-09-09  Patrick Gansterer  <paroga@webkit.org>
 
         Make the String initialization on the function side of String::number()
index fddf850..f7ed79f 100644 (file)
@@ -222,11 +222,14 @@ void ProcessLauncher::launchProcess()
 
         RetainPtr<CFStringRef> cfLocalization(AdoptCF, WKCopyCFLocalizationPreferredName(NULL));
         CString localization = String(cfLocalization.get()).utf8();
-        
+
+        NSString *bundleIdentifier = [[NSBundle mainBundle] bundleIdentifier];
+        CString clientIdentifier = bundleIdentifier ? String([[NSBundle mainBundle] bundleIdentifier]).utf8() : *_NSGetProgname();
+
         // Make a unique, per pid, per process launcher web process service name.
         CString serviceName = String::format("com.apple.WebKit.WebProcess-%d-%p", getpid(), this).utf8();
 
-        const char* args[] = { [processAppExecutablePath fileSystemRepresentation], frameworkExecutablePath, "-type", processTypeAsString(m_launchOptions.processType), "-servicename", serviceName.data(), "-localization", localization.data(), 0 };
+        const char* args[] = { [processAppExecutablePath fileSystemRepresentation], frameworkExecutablePath, "-type", processTypeAsString(m_launchOptions.processType), "-servicename", serviceName.data(), "-localization", localization.data(), "-client-identifier", clientIdentifier.data(), 0 };
 
         // Register ourselves.
         kern_return_t kr = bootstrap_register2(bootstrap_port, const_cast<char*>(serviceName.data()), listeningPort, 0);
index fdbf809..953af29 100644 (file)
@@ -128,6 +128,7 @@ public:
 
 #if PLATFORM(MAC)
     void initializeShim();
+    void initializeSandbox(const String& clientIdentifier);
 
 #if USE(ACCELERATED_COMPOSITING)
     mach_port_t compositingRenderServerPort() const { return m_compositingRenderServerPort; }
index 6527ad4..84ff7ed 100644 (file)
@@ -51,6 +51,7 @@
        (home-literal "/Library/Preferences/com.apple.WebFoundation.plist")
        (home-literal "/Library/Preferences/com.apple.security.plist")
        (home-literal "/Library/Preferences/com.apple.security.revocation.plist")
+       (home-literal "/Library/Preferences/com.apple.speech.recognition.AppleSpeechRecognition.prefs.plist")
        (home-literal "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
        (home-regex #"/Library/Preferences/com\.apple\.driver\.(AppleBluetoothMultitouch\.mouse|AppleBluetoothMultitouch\.trackpad|AppleHIDMouse)\.plist$")
 
@@ -70,7 +71,9 @@
        (subpath "/Library/Video/Plug-Ins")
        (subpath "/Library/QuickTime")
 
-       (home-subpath "/Library/Dictionaries"))
+       (home-subpath "/Library/Dictionaries")
+       (home-subpath "/Library/Keyboard Layouts")
+       (home-subpath "/Library/Input Methods"))
 
 ;; This should be updated when <rdar://problem/9355830> is fixed.
 ;; Read-only extensions from UIProcess
        (global-name "com.apple.windowserver.active")
        (global-name "com.apple.cfnetwork.AuthBrokerAgent")
        (global-name "com.apple.PowerManagement.control")
+       (global-name "com.apple.speech.recognitionserver")
 
        ;; FIXME: This should be removed when <rdar://problem/9276393> is fixed.
        (global-name "com.apple.metadata.mds"))
        ;; FIXME: Should be removed after <rdar://problem/10463881> is fixed.
        (home-literal "/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2")
        (home-literal "/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2-journal"))
+
+(deny mach-lookup (with no-log)
+       (global-name "com.apple.coreservices.appleevents"))
index f840ee7..1ac69ce 100644 (file)
@@ -180,8 +180,10 @@ static void appendReadwriteSandboxDirectory(Vector<const char*>& vector, const c
 
 #endif
 
-static void initializeSandbox(const WebProcessCreationParameters& parameters)
+void WebProcess::initializeSandbox(const String& clientIdentifier)
 {
+    [[NSFileManager defaultManager] changeCurrentDirectoryPath:[[NSBundle mainBundle] bundlePath]];
+
 #if ENABLE(WEB_PROCESS_SANDBOX)
 
 #if DEBUG_BYPASS_SANDBOX
@@ -191,7 +193,7 @@ static void initializeSandbox(const WebProcessCreationParameters& parameters)
 
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
     // Use private temporary and cache directories.
-    String systemDirectorySuffix = "com.apple.WebProcess+" + parameters.uiProcessBundleIdentifier;
+    String systemDirectorySuffix = "com.apple.WebProcess+" + clientIdentifier;
     setenv("DIRHELPER_USER_DIR_SUFFIX", fileSystemRepresentation(systemDirectorySuffix).data(), 0);
     char temporaryDirectory[PATH_MAX];
     if (!confstr(_CS_DARWIN_USER_TEMP_DIR, temporaryDirectory, sizeof(temporaryDirectory))) {
@@ -248,10 +250,6 @@ static id NSApplicationAccessibilityFocusedUIElement(NSApplication*, SEL)
     
 void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, CoreIPC::ArgumentDecoder*)
 {
-    [[NSFileManager defaultManager] changeCurrentDirectoryPath:[[NSBundle mainBundle] bundlePath]];
-
-    initializeSandbox(parameters);
-
     SandboxExtension::consumePermanently(parameters.uiProcessBundleResourcePathExtensionHandle);
     SandboxExtension::consumePermanently(parameters.localStorageDirectoryExtensionHandle);
     SandboxExtension::consumePermanently(parameters.databaseDirectoryExtensionHandle);
index 35a85a7..bc623ed 100644 (file)
@@ -29,6 +29,7 @@
 #import "CommandLine.h"
 #import "EnvironmentUtilities.h"
 #import "EnvironmentVariables.h"
+#import "StringUtilities.h"
 #import "WebProcess.h"
 #import "WebSystemInterface.h"
 #import <WebCore/RunLoop.h>
@@ -93,11 +94,10 @@ int WebProcessMainXPC(xpc_connection_t xpcConnection, mach_port_t serverPort)
     WTF::initializeMainThread();
     RunLoop::initializeMainRunLoop();
 
-    // Initialize the shim.
     // FIXME: Make the shim work.
     WebProcess::shared().initializeShim();
-
-    // Create the connection.
+    // FIXME: Pass the client identifier here.
+    WebProcess::shared().initializeSandbox(String());
     WebProcess::shared().initialize(CoreIPC::Connection::Identifier(serverPort, xpcConnection), RunLoop::main());
 
     WKAXRegisterRemoteApp();
@@ -125,6 +125,8 @@ int WebProcessMain(const CommandLine& commandLine)
     if (serviceName.isEmpty() && clientExecutable.isEmpty())
         return EXIT_FAILURE;
 
+    String clientIdentifier;
+
     // Get the server port.
     mach_port_t serverPort;
     if (clientExecutable.isEmpty()) {
@@ -133,6 +135,12 @@ int WebProcessMain(const CommandLine& commandLine)
             WTFLogAlways("bootstrap_look_up result: %s (%x)\n", mach_error_string(kr), kr);
             return 2;
         }
+        
+        clientIdentifier = commandLine["client-identifier"];
+        if (!clientIdentifier) {
+            WTFLogAlways("No client identifier passed to the WebProcess");
+            return EXIT_FAILURE;
+        }
     }
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
     else {
@@ -185,6 +193,16 @@ int WebProcessMain(const CommandLine& commandLine)
             WTFLogAlways("Failed to obtain send right for port received from the UI process.\n");
             return EXIT_FAILURE;
         }
+
+        RetainPtr<NSURL> clientExecutableURL = adoptNS([[NSURL alloc] initFileURLWithPath:nsStringFromWebCoreString(clientExecutable)]);
+        RetainPtr<CFURLRef> clientBundleURL = adoptCF(WKCopyBundleURLForExecutableURL((CFURLRef)clientExecutableURL.get()));
+        RetainPtr<NSBundle> clientBundle = adoptNS([[NSBundle alloc] initWithURL:(NSURL *)clientBundleURL.get()]);
+        
+        clientIdentifier = [clientBundle.get() bundleIdentifier];
+        if (!clientIdentifier) {
+            WTFLogAlways("Failed to obtain bundle identifier from the client executable. .\n");
+            return EXIT_FAILURE;
+        }
     }
 #endif // __MAC_OS_X_VERSION_MIN_REQUIRED >= 1070
 
@@ -206,14 +224,6 @@ int WebProcessMain(const CommandLine& commandLine)
     WTF::initializeMainThread();
     RunLoop::initializeMainRunLoop();
 
-    // Initialize the shim.
-    WebProcess::shared().initializeShim();
-
-    // Create the connection.
-    WebProcess::shared().initialize(CoreIPC::Connection::Identifier(serverPort), RunLoop::main());
-
-    [pool drain];
-
 #if USE(APPKIT)
      // Initialize AppKit.
     [NSApplication sharedApplication];
@@ -223,8 +233,14 @@ int WebProcessMain(const CommandLine& commandLine)
     [[NSApplication sharedApplication] _installAutoreleasePoolsOnCurrentThreadIfNecessary];
 #endif
 
+    WebProcess::shared().initializeShim();
+    WebProcess::shared().initializeSandbox(clientIdentifier);
+    WebProcess::shared().initialize(CoreIPC::Connection::Identifier(serverPort), RunLoop::main());
+
     WKAXRegisterRemoteApp();
-    
+
+    [pool drain];
+
     RunLoop::run();
 
     // FIXME: Do more cleanup here.
index 71ff42d..90b27f7 100755 (executable)
@@ -26,7 +26,7 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-# Simplified "run" script for launching the WebKit2 estWebKitAPI.
+# Simplified "run" script for launching TestWebKitAPI.
 
 use strict;
 use FindBin;
index e6021fc..7368d48 100644 (file)
@@ -1,3 +1,18 @@
+2012-09-08  Sam Weinig  <sam@webkit.org>
+
+        Switch to entering the sandbox directly from main(), rather than waiting for the initialization message
+        https://bugs.webkit.org/show_bug.cgi?id=96194
+
+        Reviewed by Dan Bernstein.
+
+        Update WKSI with SPI for getting the bundle URL from an executable URL.
+
+        * WebKitSystemInterface.h:
+        * libWebKitSystemInterfaceLion.a:
+        * libWebKitSystemInterfaceMountainLion.a:
+        * libWebKitSystemInterfaceSnowLeopard.a:
+        Adds WKCopyBundleURLForExecutableURL().
+
 2012-08-29  Tony Chang  <tony@chromium.org>
 
         Remove ENABLE_CSS3_FLEXBOX compile time flag
index 6e99ca5..70b3b35 100644 (file)
@@ -249,6 +249,8 @@ void WKCFURLRequestSetHTTPRequestBodyParts(CFMutableURLRequestRef, CFArrayRef bo
 
 void WKSetVisibleApplicationName(CFStringRef);
 
+CFURLRef WKCopyBundleURLForExecutableURL(CFURLRef);
+
 typedef enum {
     WKMediaUIPartFullscreenButton   = 0,
     WKMediaUIPartMuteButton,
index 846cb2d..484978d 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceLion.a and b/WebKitLibraries/libWebKitSystemInterfaceLion.a differ
index 0c24ce0..0e7b3fd 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceMountainLion.a and b/WebKitLibraries/libWebKitSystemInterfaceMountainLion.a differ
index 875beef..c4e68fe 100644 (file)
Binary files a/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a and b/WebKitLibraries/libWebKitSystemInterfaceSnowLeopard.a differ