[GTK][WPE] Remove DConf permissions from sandbox
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Jan 2019 18:13:16 +0000 (18:13 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Jan 2019 18:13:16 +0000 (18:13 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193021

Patch by Patrick Griffis <pgriffis@igalia.com> on 2019-01-08
Reviewed by Michael Catanzaro.

The latest development releases of xdg-desktop-portal and gtk3 use a
new portal for settings on Wayland org.freedesktop.portal.Settings.

* UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
(WebKit::bubblewrapSpawn):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239728 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp

index 6adbf6b..cd36cfd 100644 (file)
@@ -1,3 +1,16 @@
+2019-01-08  Patrick Griffis  <pgriffis@igalia.com>
+
+        [GTK][WPE] Remove DConf permissions from sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=193021
+
+        Reviewed by Michael Catanzaro.
+
+        The latest development releases of xdg-desktop-portal and gtk3 use a
+        new portal for settings on Wayland org.freedesktop.portal.Settings.
+
+        * UIProcess/Launcher/glib/BubblewrapLauncher.cpp:
+        (WebKit::bubblewrapSpawn):
+
 2019-01-08  Alex Christensen  <achristensen@webkit.org>
 
         Stop using NetworkStorageSession in WebProcess
index f234bb7..e434e03 100644 (file)
@@ -308,22 +308,6 @@ static void bindX11(Vector<CString>& args)
         bindIfExists(args, xauth);
 }
 
-static void bindDconf(Vector<CString>& args)
-{
-    const char* runtimeDir = g_get_user_runtime_dir();
-    GUniquePtr<char> dconfRuntimeDir(g_build_filename(runtimeDir, "dconf", nullptr));
-    args.appendVector(Vector<CString>({ "--bind", dconfRuntimeDir.get(), dconfRuntimeDir.get() }));
-
-    const char* dconfDir = g_getenv("DCONF_USER_CONFIG_DIR");
-    if (dconfDir)
-        bindIfExists(args, dconfDir);
-    else {
-        const char* configDir = g_get_user_config_dir();
-        GUniquePtr<char> dconfConfigDir(g_build_filename(configDir, "dconf", nullptr));
-        bindIfExists(args, dconfConfigDir.get(), BindFlags::ReadWrite);
-    }
-}
-
 #if PLATFORM(WAYLAND) && USE(EGL)
 static void bindWayland(Vector<CString>& args)
 {
@@ -795,8 +779,6 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
         }
 
         bindDBusSession(sandboxArgs, proxy);
-        // FIXME: This needs to be restricted, upstream is working on it.
-        bindDconf(sandboxArgs);
         // FIXME: We should move to Pipewire as soon as viable, Pulse doesn't restrict clients atm.
         bindPulse(sandboxArgs);
         bindFonts(sandboxArgs);
@@ -811,8 +793,6 @@ GRefPtr<GSubprocess> bubblewrapSpawn(GSubprocessLauncher* launcher, const Proces
 
         if (!proxy.isRunning()) {
             Vector<CString> permissions = {
-                // FIXME: Used by GTK on Wayland.
-                "--talk=ca.desrt.dconf",
                 // GStreamers plugin install helper.
                 "--call=org.freedesktop.PackageKit=org.freedesktop.PackageKit.Modify2.InstallGStreamerResources@/org/freedesktop/PackageKit"
             };