[Linux] Remove seccomp filters support
authormcatanzaro@igalia.com <mcatanzaro@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 10 May 2016 14:56:00 +0000 (14:56 +0000)
committermcatanzaro@igalia.com <mcatanzaro@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 10 May 2016 14:56:00 +0000 (14:56 +0000)
https://bugs.webkit.org/show_bug.cgi?id=157380

Reviewed by Darin Adler.

.:

* Source/cmake/FindLibSeccomp.cmake: Removed.
* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsGTK.cmake:
* Source/cmake/WebKitFeatures.cmake:

Source/WebKit2:

* NetworkProcess/NetworkProcessCreationParameters.cpp:
(WebKit::NetworkProcessCreationParameters::encode): Deleted.
(WebKit::NetworkProcessCreationParameters::decode): Deleted.
* NetworkProcess/NetworkProcessCreationParameters.h:
* PlatformEfl.cmake:
* PlatformGTK.cmake:
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode): Deleted.
(WebKit::WebProcessCreationParameters::decode): Deleted.
* Shared/WebProcessCreationParameters.h:
* Shared/linux/SeccompFilters/OpenSyscall.cpp: Removed.
* Shared/linux/SeccompFilters/OpenSyscall.h: Removed.
* Shared/linux/SeccompFilters/SeccompBroker.cpp: Removed.
* Shared/linux/SeccompFilters/SeccompBroker.h: Removed.
* Shared/linux/SeccompFilters/SeccompFilters.cpp: Removed.
* Shared/linux/SeccompFilters/SeccompFilters.h: Removed.
* Shared/linux/SeccompFilters/SigactionSyscall.cpp: Removed.
* Shared/linux/SeccompFilters/SigactionSyscall.h: Removed.
* Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp: Removed.
* Shared/linux/SeccompFilters/SigprocmaskSyscall.h: Removed.
* Shared/linux/SeccompFilters/Syscall.cpp: Removed.
* Shared/linux/SeccompFilters/Syscall.h: Removed.
* Shared/linux/SeccompFilters/SyscallPolicy.cpp: Removed.
* Shared/linux/SeccompFilters/SyscallPolicy.h: Removed.
* Shared/linux/SeccompFilters/XDGBaseDirectory.h: Removed.
* Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp: Removed.
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::ensureNetworkProcess): Deleted.
(WebKit::WebProcessPool::createNewWebProcess): Deleted.
(WebKit::WebProcessPool::cookieStorageDirectory): Deleted.
* UIProcess/WebProcessPool.h:
* WebProcess/efl/SeccompFiltersWebProcessEfl.cpp: Removed.
* WebProcess/efl/SeccompFiltersWebProcessEfl.h: Removed.
* WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp: Removed.
* WebProcess/gtk/SeccompFiltersWebProcessGtk.h: Removed.
* WebProcess/soup/WebProcessSoup.cpp:
(WebKit::WebProcess::platformInitializeWebProcess): Deleted.

Tools:

* Scripts/webkitperl/FeatureList.pm:
* TestWebKitAPI/PlatformEfl.cmake:
* TestWebKitAPI/PlatformGTK.cmake:
* TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp: Removed.
* efl/jhbuild.modules:
* gtk/jhbuild.modules:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200621 268f45cc-cd09-0410-ab3c-d52691b4dbfc

42 files changed:
ChangeLog
Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.cpp
Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.h
Source/WebKit2/PlatformEfl.cmake
Source/WebKit2/PlatformGTK.cmake
Source/WebKit2/Shared/WebProcessCreationParameters.cpp
Source/WebKit2/Shared/WebProcessCreationParameters.h
Source/WebKit2/Shared/linux/SeccompFilters/OpenSyscall.cpp [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/OpenSyscall.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SeccompBroker.cpp [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SeccompBroker.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SigactionSyscall.cpp [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SigactionSyscall.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SigprocmaskSyscall.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/Syscall.cpp [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/Syscall.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/XDGBaseDirectory.h [deleted file]
Source/WebKit2/Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp [deleted file]
Source/WebKit2/UIProcess/WebProcessPool.cpp
Source/WebKit2/UIProcess/WebProcessPool.h
Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.cpp [deleted file]
Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.h [deleted file]
Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp [deleted file]
Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.h [deleted file]
Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp
Source/cmake/FindLibSeccomp.cmake [deleted file]
Source/cmake/OptionsEfl.cmake
Source/cmake/OptionsGTK.cmake
Source/cmake/WebKitFeatures.cmake
Tools/ChangeLog
Tools/Scripts/webkitperl/FeatureList.pm
Tools/TestWebKitAPI/PlatformEfl.cmake
Tools/TestWebKitAPI/PlatformGTK.cmake
Tools/TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp [deleted file]
Tools/efl/jhbuild.modules
Tools/gtk/jhbuild.modules

index 0047561..50ab852 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2016-05-10  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        [Linux] Remove seccomp filters support
+        https://bugs.webkit.org/show_bug.cgi?id=157380
+
+        Reviewed by Darin Adler.
+
+        * Source/cmake/FindLibSeccomp.cmake: Removed.
+        * Source/cmake/OptionsEfl.cmake:
+        * Source/cmake/OptionsGTK.cmake:
+        * Source/cmake/WebKitFeatures.cmake:
+
 2016-05-06  Manuel Rego Casasnovas  <rego@igalia.com>
 
         [css-grid] Unprefix CSS Grid Layout properties
index 7cab0ec..3c6b1b8 100644 (file)
@@ -1,3 +1,48 @@
+2016-05-10  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        [Linux] Remove seccomp filters support
+        https://bugs.webkit.org/show_bug.cgi?id=157380
+
+        Reviewed by Darin Adler.
+
+        * NetworkProcess/NetworkProcessCreationParameters.cpp:
+        (WebKit::NetworkProcessCreationParameters::encode): Deleted.
+        (WebKit::NetworkProcessCreationParameters::decode): Deleted.
+        * NetworkProcess/NetworkProcessCreationParameters.h:
+        * PlatformEfl.cmake:
+        * PlatformGTK.cmake:
+        * Shared/WebProcessCreationParameters.cpp:
+        (WebKit::WebProcessCreationParameters::encode): Deleted.
+        (WebKit::WebProcessCreationParameters::decode): Deleted.
+        * Shared/WebProcessCreationParameters.h:
+        * Shared/linux/SeccompFilters/OpenSyscall.cpp: Removed.
+        * Shared/linux/SeccompFilters/OpenSyscall.h: Removed.
+        * Shared/linux/SeccompFilters/SeccompBroker.cpp: Removed.
+        * Shared/linux/SeccompFilters/SeccompBroker.h: Removed.
+        * Shared/linux/SeccompFilters/SeccompFilters.cpp: Removed.
+        * Shared/linux/SeccompFilters/SeccompFilters.h: Removed.
+        * Shared/linux/SeccompFilters/SigactionSyscall.cpp: Removed.
+        * Shared/linux/SeccompFilters/SigactionSyscall.h: Removed.
+        * Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp: Removed.
+        * Shared/linux/SeccompFilters/SigprocmaskSyscall.h: Removed.
+        * Shared/linux/SeccompFilters/Syscall.cpp: Removed.
+        * Shared/linux/SeccompFilters/Syscall.h: Removed.
+        * Shared/linux/SeccompFilters/SyscallPolicy.cpp: Removed.
+        * Shared/linux/SeccompFilters/SyscallPolicy.h: Removed.
+        * Shared/linux/SeccompFilters/XDGBaseDirectory.h: Removed.
+        * Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp: Removed.
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::ensureNetworkProcess): Deleted.
+        (WebKit::WebProcessPool::createNewWebProcess): Deleted.
+        (WebKit::WebProcessPool::cookieStorageDirectory): Deleted.
+        * UIProcess/WebProcessPool.h:
+        * WebProcess/efl/SeccompFiltersWebProcessEfl.cpp: Removed.
+        * WebProcess/efl/SeccompFiltersWebProcessEfl.h: Removed.
+        * WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp: Removed.
+        * WebProcess/gtk/SeccompFiltersWebProcessGtk.h: Removed.
+        * WebProcess/soup/WebProcessSoup.cpp:
+        (WebKit::WebProcess::platformInitializeWebProcess): Deleted.
+
 2016-05-09  Tim Horton  <timothy_horton@apple.com>
 
         REGRESSION (r191922): Zoom in/Zoom Out is not working for PDFs
index 8ad57c4..b48fd00 100644 (file)
@@ -53,9 +53,6 @@ void NetworkProcessCreationParameters::encode(IPC::ArgumentEncoder& encoder) con
     encoder << shouldEnableNetworkCacheSpeculativeRevalidation;
 #endif
 #endif
-#if ENABLE(SECCOMP_FILTERS)
-    encoder << cookieStorageDirectory;
-#endif
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
     encoder << uiProcessCookieStorageIdentifier;
 #endif
@@ -111,10 +108,6 @@ bool NetworkProcessCreationParameters::decode(IPC::ArgumentDecoder& decoder, Net
         return false;
 #endif
 #endif
-#if ENABLE(SECCOMP_FILTERS)
-    if (!decoder.decode(result.cookieStorageDirectory))
-        return false;
-#endif
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
     if (!decoder.decode(result.uiProcessCookieStorageIdentifier))
         return false;
index 58e3b18..4a58e4a 100644 (file)
@@ -62,9 +62,6 @@ struct NetworkProcessCreationParameters {
     bool shouldEnableNetworkCacheSpeculativeRevalidation;
 #endif
 #endif
-#if ENABLE(SECCOMP_FILTERS)
-    String cookieStorageDirectory;
-#endif
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
     Vector<uint8_t> uiProcessCookieStorageIdentifier;
 #endif
index 0d6a99f..242081c 100644 (file)
@@ -50,15 +50,6 @@ list(APPEND WebKit2_SOURCES
 
     Shared/linux/WebMemorySamplerLinux.cpp
 
-    Shared/linux/SeccompFilters/OpenSyscall.cpp
-    Shared/linux/SeccompFilters/SeccompBroker.cpp
-    Shared/linux/SeccompFilters/SeccompFilters.cpp
-    Shared/linux/SeccompFilters/SigactionSyscall.cpp
-    Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp
-    Shared/linux/SeccompFilters/Syscall.cpp
-    Shared/linux/SeccompFilters/SyscallPolicy.cpp
-    Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp
-
     Shared/soup/WebCoreArgumentCodersSoup.cpp
 
     Shared/unix/ChildProcessMain.cpp
@@ -219,7 +210,6 @@ list(APPEND WebKit2_SOURCES
     WebProcess/WebPage/gstreamer/WebPageGStreamer.cpp
 
     WebProcess/efl/ExtensionManagerEfl.cpp
-    WebProcess/efl/SeccompFiltersWebProcessEfl.cpp
     WebProcess/efl/WebProcessMainEfl.cpp
 
     WebProcess/soup/WebKitSoupRequestInputStream.cpp
@@ -351,21 +341,6 @@ list(APPEND WebProcess_LIBRARIES
     ${SQLITE_LIBRARIES}
 )
 
-if (ENABLE_SECCOMP_FILTERS)
-    list(APPEND WebKit2_LIBRARIES
-        ${LIBSECCOMP_LIBRARIES}
-    )
-    list(APPEND WebKit2_SYSTEM_INCLUDE_DIRECTORIES
-        ${LIBSECCOMP_INCLUDE_DIRS}
-    )
-
-    # If building with jhbuild, add the root build directory to the
-    # filesystem access policy.
-    if (DEVELOPER_MODE AND IS_DIRECTORY ${CMAKE_SOURCE_DIR}/WebKitBuild/DependenciesEFL)
-        add_definitions(-DSOURCE_DIR=\"${CMAKE_SOURCE_DIR}\")
-    endif ()
-endif ()
-
 if (ENABLE_ECORE_X)
     list(APPEND WebProcess_LIBRARIES
         ${ECORE_X_LIBRARIES}
index 3476934..ac02e4c 100644 (file)
@@ -76,15 +76,6 @@ list(APPEND WebKit2_SOURCES
 
     Shared/linux/WebMemorySamplerLinux.cpp
 
-    Shared/linux/SeccompFilters/OpenSyscall.cpp
-    Shared/linux/SeccompFilters/SeccompBroker.cpp
-    Shared/linux/SeccompFilters/SeccompFilters.cpp
-    Shared/linux/SeccompFilters/SigactionSyscall.cpp
-    Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp
-    Shared/linux/SeccompFilters/Syscall.cpp
-    Shared/linux/SeccompFilters/SyscallPolicy.cpp
-    Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp
-
     Shared/soup/WebCoreArgumentCodersSoup.cpp
 
     Shared/unix/ChildProcessMain.cpp
@@ -359,8 +350,6 @@ list(APPEND WebKit2_SOURCES
     WebProcess/WebPage/gtk/WebPageGtk.cpp
     WebProcess/WebPage/gtk/WebPrintOperationGtk.cpp
 
-    WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp
-    WebProcess/gtk/SeccompFiltersWebProcessGtk.h
     WebProcess/gtk/WebGtkExtensionManager.cpp
     WebProcess/gtk/WebGtkInjectedBundleMain.cpp
     WebProcess/gtk/WebProcessMainGtk.cpp
@@ -512,7 +501,6 @@ list(APPEND WebKit2_INCLUDE_DIRECTORIES
     "${WEBKIT2_DIR}/Shared/glib"
     "${WEBKIT2_DIR}/Shared/gtk"
     "${WEBKIT2_DIR}/Shared/linux"
-    "${WEBKIT2_DIR}/Shared/linux/SeccompFilters"
     "${WEBKIT2_DIR}/Shared/soup"
     "${WEBKIT2_DIR}/Shared/unix"
     "${WEBKIT2_DIR}/UIProcess/API/C/cairo"
@@ -601,21 +589,6 @@ list(APPEND WebKit2_LIBRARIES
 )
 endif ()
 
-if (ENABLE_SECCOMP_FILTERS)
-    list(APPEND WebKit2_LIBRARIES
-        ${LIBSECCOMP_LIBRARIES}
-    )
-    list(APPEND WebKit2_SYSTEM_INCLUDE_DIRECTORIES
-        ${LIBSECCOMP_INCLUDE_DIRS}
-    )
-
-    # If building with WebKit jhbuild (not GNOME jhbuild), add the root build
-    # directory to the filesystem access policy.
-    if (DEVELOPER_MODE AND IS_DIRECTORY ${CMAKE_SOURCE_DIR}/WebKitBuild/DependenciesGTK)
-        add_definitions(-DSOURCE_DIR=\"${CMAKE_SOURCE_DIR}\")
-    endif ()
-endif ()
-
 ADD_WHOLE_ARCHIVE_TO_LIBRARIES(WebKit2_LIBRARIES)
 
 set(WebKit2_MARSHAL_LIST ${WEBKIT2_DIR}/UIProcess/API/gtk/webkit2marshal.list)
index e11425d..e5ca1fb 100644 (file)
@@ -68,9 +68,6 @@ void WebProcessCreationParameters::encode(IPC::ArgumentEncoder& encoder) const
     encoder << webSQLDatabaseDirectoryExtensionHandle;
     encoder << mediaCacheDirectory;
     encoder << mediaCacheDirectoryExtensionHandle;
-#if ENABLE(SECCOMP_FILTERS)
-    encoder << cookieStorageDirectory;
-#endif
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
     encoder << uiProcessCookieStorageIdentifier;
 #endif
@@ -169,10 +166,6 @@ bool WebProcessCreationParameters::decode(IPC::ArgumentDecoder& decoder, WebProc
         return false;
     if (!decoder.decode(parameters.mediaCacheDirectoryExtensionHandle))
         return false;
-#if ENABLE(SECCOMP_FILTERS)
-    if (!decoder.decode(parameters.cookieStorageDirectory))
-        return false;
-#endif
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
     if (!decoder.decode(parameters.uiProcessCookieStorageIdentifier))
         return false;
index c3106da..a70ce62 100644 (file)
@@ -75,9 +75,6 @@ struct WebProcessCreationParameters {
     SandboxExtension::Handle webSQLDatabaseDirectoryExtensionHandle;
     String mediaCacheDirectory;
     SandboxExtension::Handle mediaCacheDirectoryExtensionHandle;
-#if ENABLE(SECCOMP_FILTERS)
-    String cookieStorageDirectory;
-#endif
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
     Vector<uint8_t> uiProcessCookieStorageIdentifier;
 #endif
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/OpenSyscall.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/OpenSyscall.cpp
deleted file mode 100644 (file)
index 18df508..0000000
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "OpenSyscall.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "ArgumentCoders.h"
-#include "SyscallPolicy.h"
-#include <errno.h>
-#include <fcntl.h>
-#include <seccomp.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <wtf/text/WTFString.h>
-
-namespace WebKit {
-
-COMPILE_ASSERT(!O_RDONLY, O_RDONLY);
-COMPILE_ASSERT(O_WRONLY == 1, O_WRONLY);
-COMPILE_ASSERT(O_RDWR == 2, O_RDWR);
-
-std::unique_ptr<Syscall> OpenSyscall::createFromOpenatContext(mcontext_t* context)
-{
-    auto open = std::make_unique<OpenSyscall>(nullptr);
-
-    open->setFlags(context->gregs[REG_ARG2]);
-    open->setMode(context->gregs[REG_ARG3]);
-    open->setContext(context);
-
-    int fd = context->gregs[REG_ARG0];
-    char* path = reinterpret_cast<char*>(context->gregs[REG_ARG1]);
-
-    if (path[0] == '/') {
-        open->setPath(path);
-        return WTFMove(open);
-    }
-
-    struct stat pathStat;
-    if (fstat(fd, &pathStat) == -1) {
-        context->gregs[REG_SYSCALL] = -errno;
-        return nullptr;
-    }
-
-    if (!S_ISDIR(pathStat.st_mode)) {
-        context->gregs[REG_SYSCALL] = -ENOTDIR;
-        return nullptr;
-    }
-
-    char fdLinkPath[32];
-    snprintf(fdLinkPath, sizeof(fdLinkPath), "/proc/self/fd/%d", fd);
-
-    char fdPath[PATH_MAX];
-    ssize_t size = readlink(fdLinkPath, fdPath, sizeof(fdPath) - 1);
-    if (size == -1) {
-        context->gregs[REG_SYSCALL] = -errno;
-        return nullptr;
-    }
-
-    // The "+ 2" here stands for the '/' and null terminator.
-    if (size + strlen(path) + 2 > PATH_MAX) {
-        context->gregs[REG_SYSCALL] = -ENAMETOOLONG;
-        return nullptr;
-    }
-
-    sprintf(&fdPath[size], "/%s", path);
-    open->setPath(fdPath);
-
-    return WTFMove(open);
-}
-
-std::unique_ptr<Syscall> OpenSyscall::createFromCreatContext(mcontext_t* context)
-{
-    auto open = std::make_unique<OpenSyscall>(nullptr);
-
-    open->setPath(CString(reinterpret_cast<char*>(context->gregs[REG_ARG0])));
-    open->setFlags(O_CREAT | O_WRONLY | O_TRUNC);
-    open->setMode(context->gregs[REG_ARG1]);
-    open->setContext(context);
-
-    return WTFMove(open);
-}
-
-OpenSyscall::OpenSyscall(mcontext_t* context)
-    : Syscall(__NR_open, context)
-    , m_flags(0)
-    , m_mode(0)
-{
-    if (!context)
-        return;
-
-    m_path = CString(reinterpret_cast<char*>(context->gregs[REG_ARG0]));
-    m_flags = context->gregs[REG_ARG1];
-    m_mode = context->gregs[REG_ARG2];
-}
-
-void OpenSyscall::setResult(const SyscallResult* result)
-{
-    ASSERT(context() && result->type() == type());
-
-    const OpenSyscallResult* openResult = static_cast<const OpenSyscallResult*>(result);
-
-    if (openResult->fd() >= 0)
-        context()->gregs[REG_SYSCALL] = dup(openResult->fd());
-    else
-        context()->gregs[REG_SYSCALL] = -openResult->errorNumber();
-}
-
-std::unique_ptr<SyscallResult> OpenSyscall::execute(const SyscallPolicy& policy)
-{
-    if (!strncmp("/proc/self/", m_path.data(), 11)) {
-        String resolvedSelfPath = ASCIILiteral("/proc/") + String::number(getppid()) + &m_path.data()[10];
-        m_path = resolvedSelfPath.utf8().data();
-    }
-
-    SyscallPolicy::Permission permission = SyscallPolicy::NotAllowed;
-    if (m_flags & O_RDWR)
-        permission = static_cast<SyscallPolicy::Permission>(permission | SyscallPolicy::ReadAndWrite);
-    else if (m_flags & O_WRONLY)
-        permission = static_cast<SyscallPolicy::Permission>(permission | SyscallPolicy::Write);
-    else
-        permission = static_cast<SyscallPolicy::Permission>(permission | SyscallPolicy::Read);
-
-    // Create a file implies write permission on the directory.
-    if (m_flags & O_CREAT || m_flags & O_EXCL)
-        permission = static_cast<SyscallPolicy::Permission>(permission | SyscallPolicy::Write);
-
-    if (!policy.hasPermissionForPath(m_path.data(), permission))
-        return std::make_unique<OpenSyscallResult>(-1, EACCES);
-
-    // Permission granted, execute the syscall. The syscall might still
-    // fail because of hard permissions enforced by the filesystem and
-    // things like if the entry does not exist.
-    int fd = open(m_path.data(), m_flags, m_mode);
-    int errorNumber = fd == -1 ? errno : 0;
-
-    return std::make_unique<OpenSyscallResult>(fd, errorNumber);
-}
-
-void OpenSyscall::encode(IPC::ArgumentEncoder& encoder) const
-{
-    encoder << type();
-    encoder << m_path;
-    encoder << m_flags;
-    encoder << m_mode;
-}
-
-bool OpenSyscall::decode(IPC::ArgumentDecoder* decoder)
-{
-    // m_type already decoded by the parent class.
-
-    if (!decoder->decode(m_path))
-        return false;
-    if (!decoder->decode(m_flags))
-        return false;
-
-    return decoder->decode(m_mode);
-}
-
-OpenSyscallResult::OpenSyscallResult(int fd, int errorNumber)
-    : SyscallResult(__NR_open)
-    , m_fd(fd)
-    , m_errorNumber(errorNumber)
-{
-}
-
-OpenSyscallResult::~OpenSyscallResult()
-{
-    if (m_fd >= 0)
-        close(m_fd);
-}
-
-void OpenSyscallResult::encode(IPC::ArgumentEncoder& encoder) const
-{
-    encoder << type();
-
-    if (m_fd >= 0) {
-        IPC::Attachment attachment(m_fd);
-        encoder.addAttachment(WTFMove(attachment));
-    }
-
-    encoder << m_errorNumber;
-}
-
-bool OpenSyscallResult::decode(IPC::ArgumentDecoder* decoder, int fd)
-{
-    if (fd >= 0)
-        m_fd = fd;
-
-    return decoder->decode(m_errorNumber);
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/OpenSyscall.h b/Source/WebKit2/Shared/linux/SeccompFilters/OpenSyscall.h
deleted file mode 100644 (file)
index 66e5292..0000000
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef OpenSyscall_h
-#define OpenSyscall_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "Syscall.h"
-#include <wtf/text/CString.h>
-
-namespace IPC {
-class ArgumentDecoder;
-class ArgumentEncoder;
-}
-
-namespace WebKit {
-
-class OpenSyscall : public Syscall {
-public:
-    static std::unique_ptr<Syscall> createFromOpenatContext(mcontext_t*);
-    static std::unique_ptr<Syscall> createFromCreatContext(mcontext_t*);
-
-    explicit OpenSyscall(mcontext_t*);
-
-    void setPath(const CString& path) { m_path = path; };
-    void setFlags(const int flags) { m_flags = flags; };
-    void setMode(const mode_t mode) { m_mode = mode; };
-
-    // Syscall implementation.
-    virtual void setResult(const SyscallResult*);
-    virtual std::unique_ptr<SyscallResult> execute(const SyscallPolicy&);
-    virtual void encode(IPC::ArgumentEncoder&) const;
-    virtual bool decode(IPC::ArgumentDecoder*);
-
-private:
-    CString m_path;
-    int m_flags;
-    mode_t m_mode;
-};
-
-class OpenSyscallResult : public SyscallResult {
-public:
-    OpenSyscallResult(int fd, int errorNumber);
-    ~OpenSyscallResult();
-
-    int fd() const { return m_fd; }
-    int errorNumber() const { return m_errorNumber; }
-
-    // SyscallResult implementation.
-    virtual void encode(IPC::ArgumentEncoder&) const;
-    virtual bool decode(IPC::ArgumentDecoder*, int fd);
-
-private:
-    int m_fd;
-    int m_errorNumber;
-};
-
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // OpenSyscall_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SeccompBroker.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/SeccompBroker.cpp
deleted file mode 100644 (file)
index cbccf53..0000000
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
- * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
- * Copyright (C) 2011 Igalia S.L.
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SeccompBroker.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "ArgumentCoders.h"
-#include "Syscall.h"
-#include <errno.h>
-#include <fcntl.h>
-#include <seccomp.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#ifndef SYS_SECCOMP
-#define SYS_SECCOMP 1
-#endif
-
-static const size_t messageMaxSize = 4096;
-
-namespace WebKit {
-
-class SeccompBrokerClient {
-public:
-    static SeccompBrokerClient& singleton(int socket = -1);
-    ~SeccompBrokerClient();
-
-    void dispatch(Syscall*) const;
-
-    bool handleIfOpeningCachedFile(mcontext_t*) const;
-
-private:
-    SeccompBrokerClient(int socket);
-
-    void cacheFile(const char* path);
-
-    int m_socket;
-
-    mutable Lock m_socketLock;
-
-    // Maps files that may be read by malloc() to open file descriptors.
-    HashMap<String, int> m_fileDescriptorCache;
-};
-
-static ssize_t sendMessage(int socket, void* data, size_t size, int fd = -1)
-{
-    ASSERT(size <= messageMaxSize);
-
-    struct msghdr message;
-    memset(&message, 0, sizeof(message));
-
-    struct iovec iov;
-    memset(&iov, 0, sizeof(iov));
-    iov.iov_base = data;
-    iov.iov_len = size;
-
-    message.msg_iov = &iov;
-    message.msg_iovlen = 1;
-
-    char control[CMSG_SPACE(sizeof(fd))];
-    if (fd >= 0) {
-        message.msg_control = control;
-        message.msg_controllen = sizeof(control);
-        memset(message.msg_control, 0, message.msg_controllen);
-
-        struct cmsghdr* cmsg = CMSG_FIRSTHDR(&message);
-        cmsg->cmsg_level = SOL_SOCKET;
-        cmsg->cmsg_type = SCM_RIGHTS;
-        cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
-
-        memmove(CMSG_DATA(cmsg), &fd, sizeof(fd));
-    }
-
-    return sendmsg(socket, &message, 0);
-}
-
-static ssize_t receiveMessage(int socket, void* data, size_t size, int* fd = 0)
-{
-    struct msghdr message;
-    memset(&message, 0, sizeof(message));
-
-    struct iovec iov;
-    memset(&iov, 0, sizeof(iov));
-    iov.iov_base = data;
-    iov.iov_len = size;
-
-    message.msg_iov = &iov;
-    message.msg_iovlen = 1;
-
-    char control[CMSG_SPACE(sizeof(fd))];
-    message.msg_control = control;
-    message.msg_controllen = sizeof(control);
-    memset(message.msg_control, 0, message.msg_controllen);
-
-    ssize_t receivedBytes = recvmsg(socket, &message, 0);
-
-    if (fd && receivedBytes > 0) {
-        struct cmsghdr* cmsg = CMSG_FIRSTHDR(&message);
-        if (cmsg && cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
-            memcpy(fd, CMSG_DATA(cmsg), sizeof(*fd));
-        else
-            *fd = -1;
-    }
-
-    return receivedBytes >= 0 ? receivedBytes : -errno;
-}
-
-static void SIGSYSHandler(int signal, siginfo_t* info, void* data)
-{
-    if (signal != SIGSYS || info->si_code != SYS_SECCOMP)
-        CRASH();
-
-    ucontext_t* ucontext = static_cast<ucontext_t*>(data);
-    if (!ucontext)
-        CRASH();
-
-    SeccompBrokerClient* client = &SeccompBrokerClient::singleton();
-
-    if (client->handleIfOpeningCachedFile(&ucontext->uc_mcontext))
-        return;
-
-    // createFromContext might return a nullptr if it is able to resolve the
-    // syscall locally without sending it to the broker process. In this case,
-    // we just return. Examples of locally resolved syscalls are the ones
-    // with cached resources and invalid arguments.
-    std::unique_ptr<Syscall> syscall = Syscall::createFromContext(ucontext);
-    if (!syscall)
-        return;
-
-    client->dispatch(syscall.get());
-}
-
-static void registerSIGSYSHandler()
-{
-    struct sigaction action;
-    memset(&action, 0, sizeof(action));
-    action.sa_sigaction = &SIGSYSHandler;
-    action.sa_flags = SA_SIGINFO | SA_NODEFER;
-
-    if (sigaction(SIGSYS, &action, 0) < 0)
-        CRASH();
-
-    sigset_t mask;
-    sigemptyset(&mask);
-    sigaddset(&mask, SIGSYS);
-
-    if (sigprocmask(SIG_UNBLOCK, &mask, 0) < 0)
-        CRASH();
-}
-
-SeccompBrokerClient& SeccompBrokerClient::singleton(int socket)
-{
-    DEPRECATED_DEFINE_STATIC_LOCAL(SeccompBrokerClient, brokerClient, (socket));
-
-    return brokerClient;
-}
-
-SeccompBrokerClient::SeccompBrokerClient(int socket)
-    : m_socket(socket)
-{
-    ASSERT(m_socket >= 0);
-
-    cacheFile("/proc/sys/vm/overcommit_memory");
-    cacheFile("/sys/devices/system/cpu/online");
-}
-
-SeccompBrokerClient::~SeccompBrokerClient()
-{
-    for (int fd : m_fileDescriptorCache.values())
-        close(fd);
-    close(m_socket);
-}
-
-void SeccompBrokerClient::dispatch(Syscall* syscall) const
-{
-    auto encoder = std::make_unique<IPC::ArgumentEncoder>();
-    encoder->encode(*syscall);
-
-    char buffer[messageMaxSize];
-    ssize_t receivedBytes = 0;
-    int fd = -1;
-
-    m_socketLock.lock();
-
-    if (sendMessage(m_socket, encoder->buffer(), encoder->bufferSize()) < 0)
-        CRASH();
-
-    while (true) {
-        receivedBytes = receiveMessage(m_socket, &buffer, sizeof(buffer), &fd);
-        if (receivedBytes > 0)
-            break;
-
-        if (receivedBytes != -EINTR)
-            CRASH();
-    }
-
-    m_socketLock.unlock();
-
-    auto decoder = std::make_unique<IPC::ArgumentDecoder>((const uint8_t*) buffer, receivedBytes);
-    std::unique_ptr<SyscallResult> result = SyscallResult::createFromDecoder(decoder.get(), fd);
-    if (!result)
-        CRASH();
-
-    syscall->setResult(result.get());
-}
-
-bool SeccompBrokerClient::handleIfOpeningCachedFile(mcontext_t* context) const
-{
-    if (context->gregs[REG_SYSCALL] != __NR_open)
-        return false;
-
-    const char *path = reinterpret_cast<char*>(context->gregs[REG_ARG0]);
-
-    auto iter = m_fileDescriptorCache.find(path);
-    if (iter == m_fileDescriptorCache.end())
-        return false;
-
-    // Malloc will eventually check the number of online CPUs (i.e being
-    // scheduled) present on the system by opening a special file. If it does
-    // that in the middle of the SIGSYS signal handler, it might trigger a
-    // recursive attempt of proxying the open() syscall to the broker. The same
-    // problem occurs if malloc() checks the memory overcommit policy. Because
-    // of that, we cache these resources.
-    context->gregs[REG_SYSCALL] = dup(iter->value);
-
-    return true;
-}
-
-void SeccompBrokerClient::cacheFile(const char* path)
-{
-    int fd = open(path, O_RDONLY);
-    ASSERT(fd >= 0);
-    m_fileDescriptorCache.set(path, fd);
-}
-
-void SeccompBroker::launchProcess(SeccompFilters* filters, const SyscallPolicy& policy)
-{
-    static bool initialized = false;
-    if (initialized)
-        return;
-
-    if (filters->defaultAction() == SeccompFilters::Allow) {
-        // The sigprocmask filters bellow are needed to trap sigprocmask()
-        // so we can prevent the running processes from blocking SIGSYS.
-        filters->addRule("sigprocmask", SeccompFilters::Trap,
-            0, SeccompFilters::Equal, SIG_BLOCK,
-            1, SeccompFilters::NotEqual, 0);
-        filters->addRule("sigprocmask", SeccompFilters::Trap,
-            0, SeccompFilters::Equal, SIG_SETMASK,
-            1, SeccompFilters::NotEqual, 0);
-        filters->addRule("rt_sigprocmask", SeccompFilters::Trap,
-            0, SeccompFilters::Equal, SIG_BLOCK,
-            1, SeccompFilters::NotEqual, 0);
-        filters->addRule("rt_sigprocmask", SeccompFilters::Trap,
-            0, SeccompFilters::Equal, SIG_SETMASK,
-            1, SeccompFilters::NotEqual, 0);
-
-        // The sigaction filters bellow are needed to trap sigaction()
-        // so we can prevent the running processes from handling SIGSYS.
-        filters->addRule("sigaction", SeccompFilters::Trap,
-            0, SeccompFilters::Equal, SIGSYS);
-        filters->addRule("rt_sigaction", SeccompFilters::Trap,
-            0, SeccompFilters::Equal, SIGSYS);
-    }
-
-    if (filters->defaultAction() != SeccompFilters::Allow) {
-        // Needed for the SIGSYS handler to work.
-        filters->addRule("sigreturn", SeccompFilters::Allow);
-        filters->addRule("rt_sigreturn", SeccompFilters::Allow);
-
-        // Needed by malloc and free. We must never trap a syscall inside either
-        // because we need them in our SIGSYS handler and they are nonreentrant.
-        filters->addRule("brk", SeccompFilters::Allow);
-    }
-
-    SeccompBroker seccompBroker;
-    seccompBroker.setSyscallPolicy(policy);
-    seccompBroker.initialize();
-
-    initialized = true;
-}
-
-void SeccompBroker::initialize()
-{
-    int sockets[2];
-    if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockets) < 0)
-        CRASH();
-
-    pid_t pid = fork();
-    if (pid) { // Sandboxed process.
-        close(sockets[1]);
-        SeccompBrokerClient::singleton(sockets[0]);
-        registerSIGSYSHandler();
-    } else { // Broker.
-        // TODO: The broker should setup seccomp filters
-        // for itself and block everything else other than
-        // the minimal set of syscalls needed to execute the
-        // syscalls it is suppose to proxy.
-        close(sockets[0]);
-        runLoop(sockets[1]);
-    }
-}
-
-NO_RETURN void SeccompBroker::runLoop(int socket)
-{
-    // Close unnecessary inherited file descriptors.
-    for (int i = STDERR_FILENO + 1; i < FD_SETSIZE; ++i) {
-        if (i != socket)
-            close(i);
-    }
-
-    while (true) {
-        char buffer[messageMaxSize];
-        ssize_t receivedBytes = receiveMessage(socket, &buffer, sizeof(buffer));
-        if (receivedBytes == -EINTR)
-            continue;
-
-        if (receivedBytes <= 0)
-            exit(receivedBytes ? EXIT_FAILURE : EXIT_SUCCESS);
-
-        auto decoder = std::make_unique<IPC::ArgumentDecoder>((const uint8_t*) buffer, receivedBytes);
-        std::unique_ptr<Syscall> syscall = Syscall::createFromDecoder(decoder.get());
-        if (!syscall)
-            exit(EXIT_FAILURE);
-
-        std::unique_ptr<SyscallResult> result = syscall->execute(m_policy);
-        if (!result)
-            exit(EXIT_FAILURE);
-
-        auto encoder = std::make_unique<IPC::ArgumentEncoder>();
-        encoder->encode(*result);
-
-        Vector<IPC::Attachment> attachments = encoder->releaseAttachments();
-        int fd = attachments.size() == 1 ? attachments[0].fileDescriptor() : -1;
-
-        // The client is down, the broker should go away.
-        if (sendMessage(socket, encoder->buffer(), encoder->bufferSize(), fd) < 0)
-            exit(EXIT_SUCCESS);
-    }
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SeccompBroker.h b/Source/WebKit2/Shared/linux/SeccompFilters/SeccompBroker.h
deleted file mode 100644 (file)
index a75c86b..0000000
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SeccompBroker_h
-#define SeccompBroker_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "SeccompFilters.h"
-#include "Syscall.h"
-#include "SyscallPolicy.h"
-#include <signal.h>
-#include <wtf/Noncopyable.h>
-#include <wtf/Threading.h>
-#include <wtf/Vector.h>
-
-namespace WebKit {
-
-class SeccompBroker {
-    WTF_MAKE_NONCOPYABLE(SeccompBroker);
-
-public:
-    static void launchProcess(SeccompFilters*, const SyscallPolicy&);
-
-    void initialize();
-    void setSyscallPolicy(const SyscallPolicy& policy) { m_policy = policy; }
-
-private:
-    SeccompBroker() { }
-
-    void runLoop(int socket);
-
-    SyscallPolicy m_policy;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SeccompBroker_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.cpp
deleted file mode 100644 (file)
index 6216dfd..0000000
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SeccompFilters.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "SeccompBroker.h"
-#include <seccomp.h>
-#include <wtf/Assertions.h>
-
-namespace WebKit {
-
-COMPILE_ASSERT(SeccompFilters::Allow == SCMP_ACT_ALLOW, Allow);
-COMPILE_ASSERT(SeccompFilters::Kill == SCMP_ACT_KILL, Kill);
-COMPILE_ASSERT(SeccompFilters::Trap == SCMP_ACT_TRAP, Trap);
-
-COMPILE_ASSERT(SeccompFilters::NotSet == static_cast<SeccompFilters::Operator>(_SCMP_CMP_MIN), NotSet);
-COMPILE_ASSERT(SeccompFilters::NotEqual == static_cast<SeccompFilters::Operator>(SCMP_CMP_NE), NotEqual);
-COMPILE_ASSERT(SeccompFilters::Equal == static_cast<SeccompFilters::Operator>(SCMP_CMP_EQ), Equal);
-
-COMPILE_ASSERT(sizeof(scmp_datum_t) == sizeof(uint64_t), scmp_datum_t);
-
-SeccompFilters::SeccompFilters(Action defaultAction)
-    : m_context(seccomp_init(defaultAction))
-    , m_initialized(false)
-{
-    if (!m_context)
-        CRASH();
-}
-
-SeccompFilters::~SeccompFilters()
-{
-    seccomp_release(m_context);
-}
-
-void SeccompFilters::addRule(const char* syscallName, Action action,
-    unsigned argNum1, Operator operator1, uint64_t data1,
-    unsigned argNum2, Operator operator2, uint64_t data2)
-{
-    int syscall = seccomp_syscall_resolve_name(syscallName);
-    if (syscall == __NR_SCMP_ERROR)
-        CRASH();
-
-    int result;
-    if (operator2 != NotSet)
-        result = seccomp_rule_add(m_context, action, syscall, 2,
-            SCMP_CMP(argNum1, static_cast<scmp_compare>(operator1), data1, 0),
-            SCMP_CMP(argNum2, static_cast<scmp_compare>(operator2), data2, 0));
-    else if (operator1 != NotSet)
-        result = seccomp_rule_add(m_context, action, syscall, 1,
-            SCMP_CMP(argNum1, static_cast<scmp_compare>(operator1), data1, 0));
-    else
-        result = seccomp_rule_add(m_context, action, syscall, 0);
-
-    if (result < 0)
-        CRASH();
-}
-
-void SeccompFilters::initialize()
-{
-    if (m_initialized)
-        return;
-
-    // Implement this is not required in case we are just
-    // setting filters. This is a good place to create the
-    // broker and syscall policy otherwise.
-    platformInitialize();
-
-    if (seccomp_load(m_context) < 0)
-        CRASH();
-
-    m_initialized = true;
-}
-
-SeccompFilters::Action SeccompFilters::defaultAction() const
-{
-    uint32_t value;
-    if (seccomp_attr_get(m_context, SCMP_FLTATR_ACT_DEFAULT, &value) == -1)
-        CRASH();
-
-    Action result = static_cast<Action>(value);
-    switch (result) {
-    case Allow:
-    case Kill:
-    case Trap:
-        return result;
-    }
-
-    CRASH();
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.h b/Source/WebKit2/Shared/linux/SeccompFilters/SeccompFilters.h
deleted file mode 100644 (file)
index f7dfe9f..0000000
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SeccompFilters_h
-#define SeccompFilters_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <wtf/Noncopyable.h>
-
-namespace WebKit {
-
-class SeccompFilters {
-    WTF_MAKE_NONCOPYABLE(SeccompFilters);
-
-public:
-    enum Action {
-        Allow = 0x7fff0000U,
-        Kill  = 0x00000000U,
-        Trap  = 0x00030000U
-    };
-
-    enum Operator {
-        NotSet   = 0,
-        NotEqual = 1,
-        Equal    = 4
-    };
-
-    explicit SeccompFilters(Action defaultAction);
-    virtual ~SeccompFilters();
-
-    void* context() { return m_context; };
-
-    void addRule(const char* syscallName, Action,
-        unsigned argNum1 = 0, Operator operator1 = NotSet, uint64_t data1 = 0,
-        unsigned argNum2 = 0, Operator operator2 = NotSet, uint64_t data2 = 0);
-
-    void initialize();
-
-    Action defaultAction() const;
-
-private:
-    virtual void platformInitialize() { }
-
-    typedef void *HANDLE;
-
-    HANDLE m_context;
-    bool m_initialized;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SeccompFilters_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SigactionSyscall.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/SigactionSyscall.cpp
deleted file mode 100644 (file)
index 0b2e9cd..0000000
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SigactionSyscall.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <signal.h>
-
-namespace WebKit {
-
-std::unique_ptr<Syscall> SigactionSyscall::createFromContext(mcontext_t* context)
-{
-    // We just ignore any attempt of installing a handler for SIGSYS since this
-    // signal is necessary for the sandbox to work.
-    ASSERT(context && context->gregs[REG_ARG0] == SIGSYS);
-
-    context->gregs[REG_SYSCALL] = 0;
-
-    return nullptr;
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SigactionSyscall.h b/Source/WebKit2/Shared/linux/SeccompFilters/SigactionSyscall.h
deleted file mode 100644 (file)
index ed52e3f..0000000
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SigactionSyscall_h
-#define SigactionSyscall_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "Syscall.h"
-
-namespace WebKit {
-
-struct SigactionSyscall {
-    static std::unique_ptr<Syscall> createFromContext(mcontext_t*);
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SigactionSyscall_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp
deleted file mode 100644 (file)
index 879ff9d..0000000
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SigprocmaskSyscall.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <signal.h>
-#include <string.h>
-
-namespace WebKit {
-
-std::unique_ptr<Syscall> SigprocmaskSyscall::createFromContext(ucontext_t* ucontext)
-{
-    // This syscall is never proxied to the broker process and resolved locally.
-    // What we do here is silently remove SIGSYS from the signal set so no
-    // thread will ever be able to block it.
-    ASSERT(ucontext);
-
-    mcontext_t mcontext = ucontext->uc_mcontext;
-    int how = mcontext.gregs[REG_ARG0];
-    sigset_t* set = reinterpret_cast<sigset_t*>(mcontext.gregs[REG_ARG1]);
-    sigset_t* oldSet = reinterpret_cast<sigset_t*>(mcontext.gregs[REG_ARG2]);
-
-    if (oldSet)
-        memcpy(oldSet, &ucontext->uc_sigmask, sizeof(sigset_t));
-
-    if (how == SIG_SETMASK)
-        memcpy(&ucontext->uc_sigmask, set, sizeof(sigset_t));
-    else
-        sigorset(&ucontext->uc_sigmask, set, &ucontext->uc_sigmask);
-
-    sigdelset(&ucontext->uc_sigmask, SIGSYS);
-    mcontext.gregs[REG_SYSCALL] = 0;
-
-    return nullptr;
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SigprocmaskSyscall.h b/Source/WebKit2/Shared/linux/SeccompFilters/SigprocmaskSyscall.h
deleted file mode 100644 (file)
index 00f0227..0000000
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SigprocmaskSyscall_h
-#define SigprocmaskSyscall_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "Syscall.h"
-
-namespace WebKit {
-
-struct SigprocmaskSyscall {
-    static std::unique_ptr<Syscall> createFromContext(ucontext_t*);
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SigprocmaskSyscall_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/Syscall.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/Syscall.cpp
deleted file mode 100644 (file)
index 25dac83..0000000
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- * Copyright (C) 2015 Igalia S.L.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "Syscall.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "ArgumentCoders.h"
-#include "OpenSyscall.h"
-#include "SigactionSyscall.h"
-#include "SigprocmaskSyscall.h"
-#include <limits>
-#include <seccomp.h>
-#include <string.h>
-#include <unistd.h>
-
-namespace WebKit {
-
-// The redundant "constexpr const" is to placate Clang's -Wwritable-strings.
-static constexpr const char* const message = "Blocked unexpected syscall: ";
-
-// Since "sprintf" is not signal-safe, reimplement %d here. Based on code from
-// http://outflux.net/teach-seccomp by Will Drewry and Kees Cook, released under
-// the Chromium BSD license.
-static void writeUnsignedInt(char* buf, unsigned val)
-{
-    int width = 0;
-    unsigned tens;
-
-    if (!val) {
-        strcpy(buf, "0");
-        return;
-    }
-    for (tens = val; tens; tens /= 10)
-        ++width;
-    buf[width] = '\0';
-    for (tens = val; tens; tens /= 10)
-        buf[--width] = '0' + (tens % 10);
-}
-
-static void reportUnexpectedSyscall(unsigned syscall)
-{
-    char buf[128];
-#if defined(__has_builtin)
-#if __has_builtin(__builtin_strlen)
-    // Buffer must be big enough for the literal, plus the number of digits in the largest possible
-    // unsigned int, plus one for the newline, plus one more for the trailing null.
-    static_assert(__builtin_strlen(message) + std::numeric_limits<unsigned>::digits10 + 2 < sizeof(buf), "Buffer too small");
-#endif
-#endif
-    strcpy(buf, message);
-    writeUnsignedInt(buf + strlen(buf), syscall);
-    strcat(buf, "\n");
-    int unused __attribute__((unused));
-    unused = write(STDERR_FILENO, buf, strlen(buf));
-}
-
-std::unique_ptr<Syscall> Syscall::createFromContext(ucontext_t* ucontext)
-{
-    mcontext_t* mcontext = &ucontext->uc_mcontext;
-
-    switch (mcontext->gregs[REG_SYSCALL]) {
-    case __NR_open:
-        return std::make_unique<OpenSyscall>(mcontext);
-    case __NR_openat:
-        return OpenSyscall::createFromOpenatContext(mcontext);
-    case __NR_creat:
-        return OpenSyscall::createFromCreatContext(mcontext);
-    case __NR_sigprocmask:
-    case __NR_rt_sigprocmask:
-        return SigprocmaskSyscall::createFromContext(ucontext);
-    case __NR_sigaction:
-    case __NR_rt_sigaction:
-        return SigactionSyscall::createFromContext(mcontext);
-    default:
-        reportUnexpectedSyscall(mcontext->gregs[REG_SYSCALL]);
-        ASSERT_NOT_REACHED();
-    }
-
-    return nullptr;
-}
-
-std::unique_ptr<Syscall> Syscall::createFromDecoder(IPC::ArgumentDecoder* decoder)
-{
-    int type;
-    if (!decoder->decode(type))
-        return nullptr;
-
-    std::unique_ptr<Syscall> syscall;
-    if (type == __NR_open)
-        syscall = std::make_unique<OpenSyscall>(nullptr);
-
-    if (!syscall->decode(decoder))
-        return nullptr;
-
-    return syscall;
-}
-
-Syscall::Syscall(int type, mcontext_t* context)
-    : m_type(type)
-    , m_context(context)
-{
-}
-
-std::unique_ptr<SyscallResult> SyscallResult::createFromDecoder(IPC::ArgumentDecoder* decoder, int fd)
-{
-    int type;
-    if (!decoder->decode(type))
-        return nullptr;
-
-    std::unique_ptr<SyscallResult> result;
-    if (type == __NR_open)
-        result = std::make_unique<OpenSyscallResult>(-1, 0);
-
-    if (!result->decode(decoder, fd))
-        return nullptr;
-
-    return result;
-}
-
-SyscallResult::SyscallResult(int type)
-    : m_type(type)
-{
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/Syscall.h b/Source/WebKit2/Shared/linux/SeccompFilters/Syscall.h
deleted file mode 100644 (file)
index 5fe176a..0000000
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef Syscall_h
-#define Syscall_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#if CPU(X86_64)
-#define REG_SYSCALL REG_RAX
-#define REG_ARG0    REG_RDI
-#define REG_ARG1    REG_RSI
-#define REG_ARG2    REG_RDX
-#define REG_ARG3    REG_R10
-#elif CPU(X86)
-#define REG_SYSCALL REG_EAX
-#define REG_ARG0    REG_EBX
-#define REG_ARG1    REG_ECX
-#define REG_ARG2    REG_EDX
-#define REG_ARG3    REG_ESI
-#else
-#error "CPU not supported."
-#endif
-
-#include <signal.h>
-#include <sys/types.h>
-#include <wtf/Noncopyable.h>
-#include <wtf/StdLibExtras.h>
-
-namespace IPC {
-class ArgumentDecoder;
-class ArgumentEncoder;
-}
-
-namespace WebKit {
-
-class SyscallResult;
-class SyscallPolicy;
-
-class Syscall {
-    WTF_MAKE_NONCOPYABLE(Syscall);
-
-public:
-    virtual ~Syscall() { }
-
-    static std::unique_ptr<Syscall> createFromContext(ucontext_t*);
-    static std::unique_ptr<Syscall> createFromDecoder(IPC::ArgumentDecoder*);
-
-    int type() const { return m_type; }
-
-    void setContext(mcontext_t* context) { m_context = context; }
-    mcontext_t* context() const { return m_context; }
-
-    virtual void setResult(const SyscallResult*) = 0;
-    virtual std::unique_ptr<SyscallResult> execute(const SyscallPolicy&) = 0;
-    virtual void encode(IPC::ArgumentEncoder&) const = 0;
-    virtual bool decode(IPC::ArgumentDecoder*) = 0;
-
-protected:
-    Syscall(int type, mcontext_t*);
-
-private:
-    int m_type;
-    mcontext_t* m_context;
-};
-
-class SyscallResult {
-    WTF_MAKE_NONCOPYABLE(SyscallResult);
-
-public:
-    virtual ~SyscallResult() { }
-
-    static std::unique_ptr<SyscallResult> createFromDecoder(IPC::ArgumentDecoder*, int fd);
-
-    int type() const { return m_type; }
-
-    virtual void encode(IPC::ArgumentEncoder&) const = 0;
-    virtual bool decode(IPC::ArgumentDecoder*, int fd=-1) = 0;
-
-protected:
-    SyscallResult(int type);
-
-private:
-    int m_type;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // Syscall_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp
deleted file mode 100644 (file)
index f61bc86..0000000
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SyscallPolicy.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "PluginSearchPath.h"
-#include "WebProcessCreationParameters.h"
-#include "XDGBaseDirectory.h"
-#include <libgen.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-namespace WebKit {
-
-static String removeTrailingSlash(const String& path)
-{
-    if (path.endsWith('/'))
-        return path.left(path.length() - 1);
-
-    return path;
-}
-
-bool SyscallPolicy::hasPermissionForPath(const char* path, Permission permission) const
-{
-    // The root directory policy needs to be set because it is the
-    // ultimate fallback when rewinding directories.
-    ASSERT(m_directoryPermission.contains("/"));
-
-    if (permission == NotAllowed)
-        return false;
-
-    char* basePath = strdup(path);
-    char* canonicalPath = canonicalize_file_name(basePath);
-
-    while (canonicalPath) {
-        struct stat pathStat;
-        if (stat(canonicalPath, &pathStat) == -1) {
-            free(basePath);
-            free(canonicalPath);
-            return false;
-        }
-
-        if (S_ISDIR(pathStat.st_mode))
-            break;
-
-        PermissionMap::const_iterator policy = m_filePermission.find(String(canonicalPath));
-        if (policy != m_filePermission.end()) {
-            free(basePath);
-            free(canonicalPath);
-            return (permission & policy->value) == permission;
-        }
-
-        // If not a directory neither a file with a policy defined,
-        // we set canonicalPath to zero to force a rewind to the parent
-        // directory.
-        free(canonicalPath);
-        canonicalPath = 0;
-    }
-
-    while (!canonicalPath) {
-        char* currentBaseDirectory = dirname(basePath);
-        canonicalPath = canonicalize_file_name(currentBaseDirectory);
-    }
-
-    PermissionMap::const_iterator policy = m_directoryPermission.find(String(canonicalPath));
-    while (policy == m_directoryPermission.end()) {
-        char* currentBaseDirectory = dirname(canonicalPath);
-        policy = m_directoryPermission.find(String(currentBaseDirectory));
-    }
-
-    free(basePath);
-    free(canonicalPath);
-
-    if ((permission & policy->value) == permission)
-        return true;
-
-    // Don't warn if the file doesn't exist at all.
-    if (!access(path, F_OK) || errno != ENOENT)
-        fprintf(stderr, "Blocked impermissible %s access to %s\n", SyscallPolicy::permissionToString(permission), path);
-    return false;
-}
-
-static String canonicalizeFileName(const String& path)
-{
-    char* canonicalizedPath = canonicalize_file_name(path.utf8().data());
-    if (canonicalizedPath) {
-        String result = String::fromUTF8(canonicalizedPath);
-        free(canonicalizedPath);
-        return result;
-    }
-    return path;
-}
-
-void SyscallPolicy::addFilePermission(const String& path, Permission permission)
-{
-    ASSERT(!path.isEmpty() && path.startsWith('/')  && !path.endsWith('/') && !path.contains("//"));
-
-    m_filePermission.set(canonicalizeFileName(path), permission);
-}
-
-void SyscallPolicy::addDirectoryPermission(const String& path, Permission permission)
-{
-    ASSERT(path.startsWith('/') && !path.contains("//") && (path.length() == 1 || !path.endsWith('/')));
-
-    m_directoryPermission.set(canonicalizeFileName(path), permission);
-}
-
-void SyscallPolicy::addDefaultWebProcessPolicy(const WebProcessCreationParameters& parameters)
-{
-    // Directories settings coming from the UIProcess.
-    if (!parameters.applicationCacheDirectory.isEmpty())
-        addDirectoryPermission(removeTrailingSlash(parameters.applicationCacheDirectory), ReadAndWrite);
-    if (!parameters.webSQLDatabaseDirectory.isEmpty())
-        addDirectoryPermission(removeTrailingSlash(parameters.webSQLDatabaseDirectory), ReadAndWrite);
-    if (!parameters.cookieStorageDirectory.isEmpty())
-        addDirectoryPermission(removeTrailingSlash(parameters.cookieStorageDirectory), ReadAndWrite);
-
-    // The root policy will block access to any directory or
-    // file unless white listed bellow or by platform.
-    addDirectoryPermission(ASCIILiteral("/"), NotAllowed);
-
-    // System library directories
-    addDirectoryPermission(ASCIILiteral("/lib"), Read);
-    addDirectoryPermission(ASCIILiteral("/lib32"), Read);
-    addDirectoryPermission(ASCIILiteral("/lib64"), Read);
-    addDirectoryPermission(ASCIILiteral("/usr/lib"), Read);
-    addDirectoryPermission(ASCIILiteral("/usr/lib32"), Read);
-    addDirectoryPermission(ASCIILiteral("/usr/lib64"), Read);
-    addDirectoryPermission(ASCIILiteral("/usr/local/lib"), Read);
-    addDirectoryPermission(ASCIILiteral("/usr/local/lib32"), Read);
-    addDirectoryPermission(ASCIILiteral("/usr/local/lib64"), Read);
-    addDirectoryPermission(ASCIILiteral(LIBDIR), Read);
-
-    // System data directories
-    addDirectoryPermission(ASCIILiteral("/usr/share"), Read);
-    addDirectoryPermission(ASCIILiteral("/usr/local/share"), Read);
-    addDirectoryPermission(ASCIILiteral(DATADIR), Read);
-
-    // NPAPI plugins
-    for (String& path : pluginsDirectories())
-        addDirectoryPermission(path, Read);
-
-    // SSL Certificates.
-    addDirectoryPermission(ASCIILiteral("/etc/ssl/certs"), Read);
-
-    // Audio devices, random number generators, etc.
-    addDirectoryPermission(ASCIILiteral("/dev"), ReadAndWrite);
-
-    // Temporary files and process self information.
-    addDirectoryPermission(ASCIILiteral("/tmp"), ReadAndWrite);
-    addDirectoryPermission(ASCIILiteral("/proc/") + String::number(getpid()), ReadAndWrite);
-
-    // In some distros /dev/shm is a symbolic link to /run/shm, and in
-    // this case, the canonical path resolver will follow the link. If
-    // inside /dev, the policy is already set.
-    addDirectoryPermission(ASCIILiteral("/run/shm"), ReadAndWrite);
-
-    // Needed by glibc for networking and locale.
-    addFilePermission(ASCIILiteral("/etc/gai.conf"), Read);
-    addFilePermission(ASCIILiteral("/etc/host.conf"), Read);
-    addFilePermission(ASCIILiteral("/etc/hosts"), Read);
-    addFilePermission(ASCIILiteral("/etc/localtime"), Read);
-    addFilePermission(ASCIILiteral("/etc/nsswitch.conf"), Read);
-
-    // Needed for DNS resoltion. In some distros, the resolv.conf inside
-    // /etc is just a symbolic link.
-    addFilePermission(ASCIILiteral("/etc/resolv.conf"), Read);
-    addFilePermission(ASCIILiteral("/run/resolvconf/resolv.conf"), Read);
-
-    // Needed to convert uid and gid into names.
-    addFilePermission(ASCIILiteral("/etc/group"), Read);
-    addFilePermission(ASCIILiteral("/etc/passwd"), Read);
-
-    // Needed by the loader.
-    addFilePermission(ASCIILiteral("/etc/ld.so.cache"), Read);
-
-    // Needed by various, including toolkits, for optimizations based
-    // on the current amount of free system memory.
-    addFilePermission(ASCIILiteral("/proc/cpuinfo"), Read);
-    addFilePermission(ASCIILiteral("/proc/filesystems"), Read);
-    addFilePermission(ASCIILiteral("/proc/meminfo"), Read);
-    addFilePermission(ASCIILiteral("/proc/stat"), Read);
-
-    // Needed by D-Bus.
-    addFilePermission(ASCIILiteral("/var/lib/dbus/machine-id"), Read);
-
-    // Needed by at-spi2.
-    // FIXME This is too permissive: https://bugs.webkit.org/show_bug.cgi?id=143004
-    addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite);
-
-    // Needed by WebKit's memory pressure handler.
-    addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/memory.pressure_level"), Read);
-    addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/cgroup.event_control"), Read);
-
-    // X11 connection token.
-    addFilePermission(userHomeDirectory() + "/.Xauthority", Read);
-
-    // MIME type resolution.
-    addDirectoryPermission(userDataDirectory() + "/mime", Read);
-
-    // Needed by NVIDIA proprietary graphics driver.
-    addDirectoryPermission(userHomeDirectory() + "/.nv", ReadAndWrite);
-
-    // Needed by udev.
-    addDirectoryPermission(ASCIILiteral("/etc/udev"), Read);
-    addDirectoryPermission(ASCIILiteral("/run/udev"), Read);
-    addDirectoryPermission(ASCIILiteral("/sys/bus"), Read);
-    addDirectoryPermission(ASCIILiteral("/sys/class"), Read);
-    addDirectoryPermission(ASCIILiteral("/sys/devices"), Read);
-
-    // PulseAudio
-    addFilePermission(ASCIILiteral("/etc/asound.conf"), Read);
-    addDirectoryPermission(userConfigDirectory() + "/.pulse", Read);
-    addDirectoryPermission(userHomeDirectory() + "/.pulse", Read);
-
-    // Mesa
-    addFilePermission(ASCIILiteral("/etc/drirc"), Read);
-    addFilePermission(userHomeDirectory() + "/.drirc", Read);
-    addFilePermission(ASCIILiteral("/sys/fs/selinux/booleans/allow_execmem"), Read);
-
-    // GStreamer
-    addDirectoryPermission(String::fromUTF8(LIBEXECDIR) + "/gstreamer-1.0", Read);
-    addDirectoryPermission(userDataDirectory() + "/gstreamer-1.0", Read);
-    addDirectoryPermission(userCacheDirectory() + "/gstreamer-1.0", ReadAndWrite);
-    addDirectoryPermission(userHomeDirectory() + "/.frei0r-1", ReadAndWrite);
-    if (char* gstreamerPluginDirectory = getenv("GST_PLUGIN_PATH_1_0"))
-        addDirectoryPermission(gstreamerPluginDirectory, Read);
-    if (char* gstreamerRegistryFile = getenv("GST_REGISTRY_1_0"))
-        addFilePermission(gstreamerRegistryFile, ReadAndWrite);
-
-    // Fontconfig
-    addDirectoryPermission(userCacheDirectory() + "/fontconfig", ReadAndWrite);
-    addDirectoryPermission(userConfigDirectory() + "/fontconfig", Read);
-    addDirectoryPermission(userConfigDirectory() + "/fonts", Read);
-    addDirectoryPermission(userDataDirectory() + "/fonts", Read);
-    addDirectoryPermission(userHomeDirectory() + "/fontconfig", Read);
-    addDirectoryPermission(userHomeDirectory() + "/.fonts", Read);
-    addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read);
-    addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read);
-
-#if ENABLE(DEVELOPER_MODE) && defined(SOURCE_DIR)
-    // Developers using build-webkit expect some libraries to be loaded
-    // from the build root directory and they also need access to layout test
-    // files.
-    addDirectoryPermission(String::fromUTF8(SOURCE_DIR), SyscallPolicy::ReadAndWrite);
-#endif
-}
-
-const char* SyscallPolicy::permissionToString(Permission permission)
-{
-    switch (permission) {
-    case Read:
-        return "read";
-    case Write:
-        return "write";
-    case ReadAndWrite:
-        return "read/write";
-    case NotAllowed:
-        return "disallowed";
-    }
-
-    ASSERT_NOT_REACHED();
-    return "unknown action";
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.h b/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.h
deleted file mode 100644 (file)
index b2680dc..0000000
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SyscallPolicy_h
-#define SyscallPolicy_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <wtf/HashMap.h>
-#include <wtf/text/StringHash.h>
-#include <wtf/text/WTFString.h>
-
-namespace WebKit {
-
-struct WebProcessCreationParameters;
-
-class SyscallPolicy {
-public:
-    enum Permission {
-        NotAllowed   = 0,
-        Read         = 1,
-        Write        = 1 << 1,
-        ReadAndWrite = Read | Write
-    };
-
-    bool hasPermissionForPath(const char* path, Permission) const;
-
-    void addFilePermission(const String& path, Permission);
-    void addDirectoryPermission(const String& path, Permission);
-
-    void addDefaultWebProcessPolicy(const WebProcessCreationParameters&);
-
-    static const char* permissionToString(Permission);
-
-private:
-    typedef HashMap<String, int> PermissionMap;
-    PermissionMap m_filePermission;
-    PermissionMap m_directoryPermission;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SyscallPolicy_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/XDGBaseDirectory.h b/Source/WebKit2/Shared/linux/SeccompFilters/XDGBaseDirectory.h
deleted file mode 100644 (file)
index 7e68c5a..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2015 Igalia S.L.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef XDGBaseDirectory_h
-#define XDGBaseDirectory_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <wtf/text/WTFString.h>
-
-namespace WebKit {
-
-String userCacheDirectory();
-String userConfigDirectory();
-String userDataDirectory();
-String userHomeDirectory();
-String userRuntimeDirectory();
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // XDGBaseDirectory_h
diff --git a/Source/WebKit2/Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp b/Source/WebKit2/Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp
deleted file mode 100644 (file)
index 06dafed..0000000
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2015 Igalia S.L.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "XDGBaseDirectory.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <glib.h>
-
-namespace WebKit {
-
-String userHomeDirectory()
-{
-    return String::fromUTF8(g_get_home_dir());
-}
-
-String userCacheDirectory()
-{
-    return String::fromUTF8(g_get_user_cache_dir());
-}
-
-String userConfigDirectory()
-{
-    return String::fromUTF8(g_get_user_config_dir());
-}
-
-String userDataDirectory()
-{
-    return String::fromUTF8(g_get_user_data_dir());
-}
-
-String userRuntimeDirectory()
-{
-    return String::fromUTF8(g_get_user_runtime_dir());
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
index eb9c2fd..bdae5f2 100644 (file)
@@ -353,10 +353,6 @@ NetworkProcessProxy& WebProcessPool::ensureNetworkProcess()
     if (!parameters.diskCacheDirectory.isEmpty())
         SandboxExtension::createHandleForReadWriteDirectory(parameters.diskCacheDirectory, parameters.diskCacheDirectoryExtensionHandle);
 
-#if ENABLE(SECCOMP_FILTERS)
-    parameters.cookieStorageDirectory = this->cookieStorageDirectory();
-#endif
-
 #if PLATFORM(IOS)
     String cookieStorageDirectory = this->cookieStorageDirectory();
     if (!cookieStorageDirectory.isEmpty())
@@ -551,10 +547,6 @@ WebProcessProxy& WebProcessPool::createNewWebProcess()
     parameters.mediaCacheDirectory = m_configuration->mediaCacheDirectory();
     if (!parameters.mediaCacheDirectory.isEmpty())
         SandboxExtension::createHandleForReadWriteDirectory(parameters.mediaCacheDirectory, parameters.mediaCacheDirectoryExtensionHandle);
-    
-#if ENABLE(SECCOMP_FILTERS)
-    parameters.cookieStorageDirectory = this->cookieStorageDirectory();
-#endif
 
 #if PLATFORM(IOS)
     String cookieStorageDirectory = this->cookieStorageDirectory();
@@ -1082,17 +1074,6 @@ String WebProcessPool::iconDatabasePath() const
     return platformDefaultIconDatabasePath();
 }
 
-#if ENABLE(SECCOMP_FILTERS)
-String WebProcessPool::cookieStorageDirectory() const
-{
-    if (!m_overrideCookieStorageDirectory.isEmpty())
-        return m_overrideCookieStorageDirectory;
-
-    // FIXME: This doesn't make much sense. Is this function used at all? We used to call platform code, but no existing platforms implemented that function.
-    return emptyString();
-}
-#endif
-
 void WebProcessPool::useTestingNetworkSession()
 {
     ASSERT(m_processes.isEmpty());
index a788f72..9fd1433 100644 (file)
@@ -401,7 +401,7 @@ private:
 
     String platformDefaultIconDatabasePath() const;
 
-#if PLATFORM(IOS) || ENABLE(SECCOMP_FILTERS)
+#if PLATFORM(IOS)
     String cookieStorageDirectory() const;
 #endif
 
diff --git a/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.cpp b/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.cpp
deleted file mode 100644 (file)
index d93c0b1..0000000
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SeccompFiltersWebProcessEfl.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "WebProcessCreationParameters.h"
-#include <WebKit/SeccompBroker.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-namespace WebKit {
-
-SeccompFiltersWebProcessEfl::SeccompFiltersWebProcessEfl(const WebProcessCreationParameters& parameters)
-    : SeccompFilters(Allow)
-{
-    m_policy.addDefaultWebProcessPolicy(parameters);
-}
-
-void SeccompFiltersWebProcessEfl::platformInitialize()
-{
-    // TODO: We should block all the syscalls and whitelist
-    // what we need + trap what should be handled by the broker.
-    addRule("open", Trap);
-    addRule("openat", Trap);
-    addRule("creat", Trap);
-
-    // Needed by Eeze on NetworkStateNotifierEfl.
-    m_policy.addDirectoryPermission(ASCIILiteral("/sys/bus"), SyscallPolicy::Read);
-    m_policy.addDirectoryPermission(ASCIILiteral("/sys/class"), SyscallPolicy::Read);
-    m_policy.addDirectoryPermission(ASCIILiteral("/sys/devices"), SyscallPolicy::Read);
-    m_policy.addFilePermission(ASCIILiteral("/etc/udev/udev.conf"), SyscallPolicy::Read);
-
-    // Place where the theme and icons are installed.
-    char* dataDir = canonicalize_file_name(DATA_DIR);
-    if (dataDir) {
-        m_policy.addDirectoryPermission(String::fromUTF8(dataDir), SyscallPolicy::Read);
-        free(dataDir);
-    }
-
-#if USE(GSTREAMER)
-    // Video playback requires access to the root of the user cache dir which
-    // is not right. We need to check with these directories on gstreamer
-    // can be configured.
-    char* homeDir = getenv("HOME");
-    if (homeDir)
-        m_policy.addDirectoryPermission(String::fromUTF8(homeDir) + "/.cache", SyscallPolicy::ReadAndWrite);
-#endif
-
-    SeccompBroker::launchProcess(this, m_policy);
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.h b/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.h
deleted file mode 100644 (file)
index db40dc4..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SeccompFiltersWebProcessEfl_h
-#define SeccompFiltersWebProcessEfl_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <WebKit/SeccompFilters.h>
-#include <WebKit/SyscallPolicy.h>
-
-namespace WebKit {
-
-class WebProcessCreationParameters;
-
-class SeccompFiltersWebProcessEfl : public SeccompFilters {
-public:
-    SeccompFiltersWebProcessEfl(const WebProcessCreationParameters&);
-
-private:
-    virtual void platformInitialize();
-
-    SyscallPolicy m_policy;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SeccompFiltersWebProcessEfl_h
diff --git a/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp b/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp
deleted file mode 100644 (file)
index 3f986f8..0000000
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- * Copyright (C) 2015 Igalia S.L.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SeccompFiltersWebProcessGtk.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "SeccompBroker.h"
-#include "WebProcessCreationParameters.h"
-#include <glib.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-namespace WebKit {
-
-SeccompFiltersWebProcessGtk::SeccompFiltersWebProcessGtk(const WebProcessCreationParameters& parameters)
-    : SeccompFilters(Allow)
-{
-    m_policy.addDefaultWebProcessPolicy(parameters);
-}
-
-void SeccompFiltersWebProcessGtk::platformInitialize()
-{
-    // TODO: We should block all the syscalls and whitelist
-    // what we need + trap what should be handled by the broker.
-    addRule("open", Trap);
-    addRule("openat", Trap);
-    addRule("creat", Trap);
-
-#if USE(GSTREAMER)
-    m_policy.addDirectoryPermission(String::fromUTF8(g_get_user_cache_dir()) + "/gstreamer-1.0", SyscallPolicy::ReadAndWrite);
-    m_policy.addDirectoryPermission(String::fromUTF8(g_get_user_data_dir()) + "/gstreamer-1.0", SyscallPolicy::ReadAndWrite);
-    m_policy.addDirectoryPermission(String::fromUTF8(LIBEXECDIR) + "/gstreamer-1.0", SyscallPolicy::Read);
-#endif
-
-    m_policy.addDirectoryPermission(String::fromUTF8(g_get_user_data_dir()) + "/gvfs-metadata", SyscallPolicy::ReadAndWrite);
-
-    // For libXau
-    m_policy.addDirectoryPermission(ASCIILiteral("/run/gdm"), SyscallPolicy::Read);
-
-    SeccompBroker::launchProcess(this, m_policy);
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
diff --git a/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.h b/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.h
deleted file mode 100644 (file)
index 139f1f7..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SeccompFiltersWebProcessGtk_h
-#define SeccompFiltersWebProcessGtk_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "SeccompFilters.h"
-#include "SyscallPolicy.h"
-
-namespace WebKit {
-
-struct WebProcessCreationParameters;
-
-class SeccompFiltersWebProcessGtk : public SeccompFilters {
-public:
-    SeccompFiltersWebProcessGtk(const WebProcessCreationParameters&);
-
-private:
-    void platformInitialize() override;
-
-    SyscallPolicy m_policy;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SeccompFiltersWebProcessGtk_h
index b1b93cc..5fda21b 100644 (file)
 #include "config.h"
 #include "WebProcess.h"
 
-#if PLATFORM(EFL)
-#include "SeccompFiltersWebProcessEfl.h"
-#elif PLATFORM(GTK)
-#include "SeccompFiltersWebProcessGtk.h"
-#endif
-
 #include "CertificateInfo.h"
 #include "WebCookieManager.h"
 #include "WebProcessCreationParameters.h"
@@ -84,16 +78,6 @@ void WebProcess::platformClearResourceCaches(ResourceCachesToClear cachesToClear
 
 void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters&& parameters)
 {
-#if ENABLE(SECCOMP_FILTERS)
-    {
-#if PLATFORM(EFL)
-        SeccompFiltersWebProcessEfl seccompFilters(parameters);
-#elif PLATFORM(GTK)
-        SeccompFiltersWebProcessGtk seccompFilters(parameters);
-#endif
-        seccompFilters.initialize();
-    }
-#endif
 }
 
 void WebProcess::platformTerminate()
diff --git a/Source/cmake/FindLibSeccomp.cmake b/Source/cmake/FindLibSeccomp.cmake
deleted file mode 100644 (file)
index 2129c8b..0000000
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright (c) 2013, Intel Corporation
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice, this
-#   list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright notice,
-#   this list of conditions and the following disclaimer in the documentation
-#   and/or other materials provided with the distribution.
-# * Neither the name of Intel Corporation nor the names of its contributors may
-#   be used to endorse or promote products derived from this software without
-#   specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# Try to find libseccomp include and library directories.
-#
-# After successful discovery, this will set for inclusion where needed:
-# LIBSECCOMP_INCLUDE_DIRS - containg the libseccomp headers
-# LIBSECCOMP_LIBRARIES - containg the libseccomp library
-
-include(FindPkgConfig)
-
-pkg_check_modules(PC_LIBSECCOMP libseccomp)
-
-find_path(LIBSECCOMP_INCLUDE_DIRS NAMES seccomp.h
-    HINTS ${PC_LIBSECCOMP_INCLUDE_DIRS} ${PC_LIBSECCOMP_INCLUDEDIR}
-)
-
-find_library(LIBSECCOMP_LIBRARIES NAMES seccomp
-    HINTS ${PC_LIBSECCOMP_LIBRARY_DIRS} ${PC_LIBSECCOMP_LIBDIR}
-)
-
-include(FindPackageHandleStandardArgs)
-FIND_PACKAGE_HANDLE_STANDARD_ARGS(seccomp DEFAULT_MSG LIBSECCOMP_INCLUDE_DIRS LIBSECCOMP_LIBRARIES)
index 96db2ff..40c088a 100644 (file)
@@ -122,7 +122,6 @@ WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_PUBLIC_SUFFIX_LIST PRIVATE ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_RESOLUTION_MEDIA_QUERY PUBLIC ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_REQUEST_ANIMATION_FRAME PUBLIC ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SAMPLING_PROFILER PUBLIC ON)
-WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SECCOMP_FILTERS PUBLIC OFF)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SHADOW_DOM PRIVATE OFF)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SPEECH_SYNTHESIS PUBLIC ON)
 WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SPELLCHECK PUBLIC ON)
@@ -273,10 +272,6 @@ if (ENABLE_WEBGL AND OPENGLX_FOUND)
     endif ()
 endif ()
 
-if (ENABLE_SECCOMP_FILTERS)
-    find_package(LibSeccomp REQUIRED)
-endif ()
-
 if (ENABLE_SPELLCHECK)
     find_package(Enchant REQUIRED)
 endif ()
index 2702608..8cd872b 100644 (file)
@@ -314,13 +314,6 @@ if (ENABLE_PLUGIN_PROCESS_GTK2)
     find_package(GDK2 2.24.10 REQUIRED)
 endif ()
 
-if (ENABLE_SECCOMP_FILTERS)
-    find_package(LibSeccomp)
-    if (NOT PC_LIBSECCOMP_FOUND)
-        message(FATAL_ERROR "libseccomp is required for ENABLE_SECCOMP_FILTERS")
-    endif ()
-endif ()
-
 if (ENABLE_SPELLCHECK)
     find_package(Enchant)
     if (NOT PC_ENCHANT_FOUND)
index 768e3e5..53837d8 100644 (file)
@@ -169,7 +169,6 @@ macro(WEBKIT_OPTION_BEGIN)
     WEBKIT_OPTION_DEFINE(ENABLE_RESOURCE_USAGE "Toggle resource usage support" PRIVATE OFF)
     WEBKIT_OPTION_DEFINE(ENABLE_RUBBER_BANDING "Toggle rubber banding support" PRIVATE OFF)
     WEBKIT_OPTION_DEFINE(ENABLE_SAMPLING_PROFILER "Toggle sampling profiler support" PRIVATE ON)
-    WEBKIT_OPTION_DEFINE(ENABLE_SECCOMP_FILTERS "Toggle Linux seccomp filters for the WebProcess support" PRIVATE OFF)
     WEBKIT_OPTION_DEFINE(ENABLE_SERVICE_CONTROLS "Toggle service controls support" PRIVATE OFF)
     WEBKIT_OPTION_DEFINE(ENABLE_SHADOW_DOM "Toggle shadow dom" PRIVATE OFF)
     WEBKIT_OPTION_DEFINE(ENABLE_SMOOTH_SCROLLING "Toggle smooth scrolling" PRIVATE OFF)
index 6f5ad13..b267073 100644 (file)
@@ -1,3 +1,17 @@
+2016-05-10  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        [Linux] Remove seccomp filters support
+        https://bugs.webkit.org/show_bug.cgi?id=157380
+
+        Reviewed by Darin Adler.
+
+        * Scripts/webkitperl/FeatureList.pm:
+        * TestWebKitAPI/PlatformEfl.cmake:
+        * TestWebKitAPI/PlatformGTK.cmake:
+        * TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp: Removed.
+        * efl/jhbuild.modules:
+        * gtk/jhbuild.modules:
+
 2016-05-09  Simon Fraser  <simon.fraser@apple.com>
 
         [iOS] visibility:hidden -webkit-overflow-scrolling: touch divs can interfere with page scrolling
index 60d8933..eb852b7 100644 (file)
@@ -125,7 +125,6 @@ my (
     $requestAnimationFrameSupport,
     $resourceTimingSupport,
     $scriptedSpeechSupport,
-    $seccompFiltersSupport,
     $shadowDOMSupport,
     $streamsAPISupport,
     $styleScopedSupport,
@@ -386,9 +385,6 @@ my @features = (
     { option => "request-animation-frame", desc => "Toggle Request Animation Frame support",
       define => "ENABLE_REQUEST_ANIMATION_FRAME", default => 1, value => \$requestAnimationFrameSupport },
 
-    { option => "seccomp-filters", desc => "Toggle Seccomp Filter sandbox",
-      define => "ENABLE_SECCOMP_FILTERS", default => 0, value => \$seccompFiltersSupport },
-
     { option => "scripted-speech", desc => "Toggle Scripted Speech support",
       define => "ENABLE_SCRIPTED_SPEECH", default => 0, value => \$scriptedSpeechSupport },
 
index 67e25e7..e72c065 100644 (file)
@@ -132,12 +132,6 @@ set(test_webkit2_api_fail_BINARIES
     WillLoad
 )
 
-if (ENABLE_SECCOMP_FILTERS)
-    list(APPEND test_webkit2_api_fail_BINARIES
-        SeccompFilters
-    )
-endif ()
-
 # Tests disabled because of missing features on the test harness:
 #
 #   SpacebarScrolling
index f4a6a3a..609e879 100644 (file)
@@ -124,20 +124,6 @@ add_test(TestWebKit2 ${TESTWEBKITAPI_RUNTIME_OUTPUT_DIRECTORY}/WebKit2/TestWebKi
 set_tests_properties(TestWebKit2 PROPERTIES TIMEOUT 60)
 set_target_properties(TestWebKit2 PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${TESTWEBKITAPI_RUNTIME_OUTPUT_DIRECTORY}/WebKit2)
 
-if (ENABLE_SECCOMP_FILTERS)
-    # This test needs to be in its own executable. It's a general test of the
-    # seccomp filter mechanism, and the filters it sets are incompatible with
-    # the correct operation of WebKit and the other tests.
-    add_executable(TestSeccompFilters
-        ${TESTWEBKITAPI_DIR}/Tests/WebKit2/SeccompFilters.cpp
-    )
-
-    target_link_libraries(TestSeccompFilters ${test_webkit2_api_LIBRARIES})
-    add_test(TestSeccompFilters ${TESTWEBKITAPI_RUNTIME_OUTPUT_DIRECTORY}/WebKit2/TestWebKit2)
-    set_tests_properties(TestSeccompFilters PROPERTIES TIMEOUT 5)
-    set_target_properties(TestSeccompFilters PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${TESTWEBKITAPI_RUNTIME_OUTPUT_DIRECTORY}/WebKit2)
-endif ()
-
 set(TestWebCoreGtk_SOURCES
     ${TESTWEBKITAPI_DIR}/Tests/WebCore/gtk/UserAgentQuirks.cpp
 )
diff --git a/Tools/TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp b/Tools/TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp
deleted file mode 100644 (file)
index 9ca6080..0000000
+++ /dev/null
@@ -1,441 +0,0 @@
-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <WebKit/SeccompBroker.h>
-#include <WebKit/SeccompFilters.h>
-#include <WebKit/SyscallPolicy.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <pthread.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <wtf/text/CString.h>
-#include <wtf/text/WTFString.h>
-
-using namespace WebKit;
-
-namespace TestWebKitAPI {
-
-DEPRECATED_DEFINE_STATIC_LOCAL(String, rootDir, (ASCIILiteral("/")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, homeDir, (String(getenv("HOME"))));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, usrDir, (ASCIILiteral("/usr")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, usrSbinDir, (ASCIILiteral("/usr/sbin")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirRead, (ASCIILiteral("/tmp/WebKitSeccompFilters/testRead")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirWrite, (ASCIILiteral("/tmp/WebKitSeccompFilters/testWrite")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirReadAndWrite, (ASCIILiteral("/tmp/WebKitSeccompFilters/testReadAndWrite")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirNotAllowed, (ASCIILiteral("/tmp/WebKitSeccompFilters/testNotAllowed")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testFileNotAllowed, (testDirReadAndWrite + "/testFilePolicy"));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testFileReadAndWrite, (testDirNotAllowed + "/testFilePolicy"));
-
-static const mode_t defaultMode = S_IRUSR | S_IWUSR | S_IXUSR;
-
-class SeccompEnvironment : public testing::Environment {
-public:
-    virtual void SetUp()
-    {
-        ASSERT_TRUE(!homeDir.isEmpty());
-
-        mkdir("/tmp/WebKitSeccompFilters", defaultMode);
-        mkdir(testDirRead.utf8().data(), defaultMode);
-        mkdir(testDirWrite.utf8().data(), defaultMode);
-        mkdir(testDirReadAndWrite.utf8().data(), defaultMode);
-        mkdir(testDirNotAllowed.utf8().data(), defaultMode);
-
-        // Create a file for the Read only and NotAllowed directory before
-        // loading the filters.
-        String file = testDirRead + "/testFile";
-        int fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
-        ASSERT_NE(close(fd), -1);
-        file = testDirNotAllowed + "/testFile";
-        fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
-        ASSERT_NE(close(fd), -1);
-
-        // Create files for the file policy tests. File policies precedes the
-        // directory policy. In this case, we create a file with read and write
-        // policies inside a directory that is not allowed, and vice versa. 
-        fd = open(testFileNotAllowed.utf8().data(), O_RDWR | O_CREAT, defaultMode);
-        ASSERT_NE(close(fd), -1);
-        fd = open(testFileReadAndWrite.utf8().data(), O_RDWR | O_CREAT, defaultMode);
-        ASSERT_NE(close(fd), -1);
-
-        SyscallPolicy policy;
-        policy.addDirectoryPermission(rootDir, SyscallPolicy::NotAllowed);
-        policy.addDirectoryPermission(usrDir, SyscallPolicy::Read);
-        policy.addDirectoryPermission(usrSbinDir, SyscallPolicy::NotAllowed);
-        policy.addDirectoryPermission(testDirRead, SyscallPolicy::Read);
-        policy.addDirectoryPermission(testDirWrite, SyscallPolicy::Write);
-        policy.addDirectoryPermission(testDirReadAndWrite, SyscallPolicy::ReadAndWrite);
-        policy.addDirectoryPermission(testDirNotAllowed, SyscallPolicy::NotAllowed);
-        policy.addFilePermission(testFileNotAllowed, SyscallPolicy::NotAllowed);
-        policy.addFilePermission(testFileReadAndWrite, SyscallPolicy::ReadAndWrite);
-
-        SeccompFilters seccompFilters(SeccompFilters::Allow);
-        seccompFilters.addRule("open", SeccompFilters::Trap);
-        seccompFilters.addRule("openat", SeccompFilters::Trap);
-        seccompFilters.addRule("creat", SeccompFilters::Trap);
-
-        SeccompBroker::launchProcess(&seccompFilters, policy);
-        seccompFilters.initialize();
-    }
-
-    virtual void TearDown()
-    {
-        // This will have to move to a separated process created before loading
-        // the filters when we put the rmdir/unlink policies in place.
-        unlink("/tmp/WebKitSeccompFilters/testNotAllowed/testFile");
-        unlink("/tmp/WebKitSeccompFilters/testNotAllowed/testFilePolicy");
-        unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFile");
-        unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFile2");
-        unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFile3");
-        unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFilePolicy");
-        unlink("/tmp/WebKitSeccompFilters/testWrite/testFile");
-        unlink("/tmp/WebKitSeccompFilters/testWrite/testFile2");
-        unlink("/tmp/WebKitSeccompFilters/testRead/testFile");
-        rmdir("/tmp/WebKitSeccompFilters/testNotAllowed");
-        rmdir("/tmp/WebKitSeccompFilters/testReadAndWrite");
-        rmdir("/tmp/WebKitSeccompFilters/testWrite");
-        rmdir("/tmp/WebKitSeccompFilters/testRead");
-        rmdir("/tmp/WebKitSeccompFilters");
-    }
-};
-
-::testing::Environment* const env = ::testing::AddGlobalTestEnvironment(new SeccompEnvironment);
-
-static void dummyHandler(int, siginfo_t*, void*)
-{
-}
-
-TEST(WebKit2, sigaction)
-{
-    // Setting a handler should be enough to break any subsequent test if
-    // not silently ignored by the sandbox.
-    struct sigaction action;
-    memset(&action, 0, sizeof(action));
-    action.sa_sigaction = &dummyHandler;
-    action.sa_flags = SA_SIGINFO;
-
-    ASSERT_NE(sigaction(SIGSYS, &action, 0), -1);
-}
-
-TEST(WebKit2, sigprocmask)
-{
-    // We test here the mechanism installed to prevent SIGSYS to be blocked. Any
-    // attemp to add SIGSYS to the set of blocked signals will be silently
-    // ignored (but other signals will be blocked just fine).
-    sigset_t set, oldSet;
-    sigemptyset(&set);
-    sigaddset(&set, SIGSYS);
-    sigaddset(&set, SIGUSR1);
-
-    ASSERT_NE(sigprocmask(SIG_BLOCK, &set, 0), -1);
-    ASSERT_NE(sigprocmask(SIG_BLOCK, 0, &oldSet), -1);
-    ASSERT_FALSE(sigismember(&oldSet, SIGSYS)) << "SIGSYS should not be blocked.";
-    ASSERT_TRUE(sigismember(&oldSet, SIGUSR1)) << "Other signals should be blocked normally.";
-
-    sigemptyset(&set);
-    sigaddset(&set, SIGSYS);
-    sigaddset(&set, SIGUSR2);
-
-    ASSERT_NE(sigprocmask(SIG_SETMASK, &set, &oldSet), -1);
-    ASSERT_NE(sigprocmask(SIG_SETMASK, 0, &set), -1);
-    ASSERT_FALSE(sigismember(&set, SIGSYS)) << "SIGSYS should not be blocked.";
-    ASSERT_TRUE(sigismember(&set, SIGUSR2)) << "Other signals should be blocked normally.";
-    ASSERT_FALSE(sigismember(&oldSet, SIGUSR2));
-
-    ASSERT_NE(sigprocmask(SIG_SETMASK, &oldSet, 0), -1) << "Should restore the old signal set just fine.";
-    ASSERT_NE(sigprocmask(SIG_SETMASK, 0, &set), -1);
-    ASSERT_FALSE(sigismember(&set, SIGUSR2)) << "The restored set doesn't have SIGUSR2.";
-}
-
-TEST(WebKit2, open)
-{
-    // Read only directory.
-    String file = testDirRead + "/testFile";
-    int fd = open(file.utf8().data(), O_RDWR);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_RDONLY | O_CREAT, defaultMode);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    file = testDirRead + "/ThisFileDoesNotExist";
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == ENOENT) << "Should return ENOENT when trying " \
-        "to open a file that does not exit and the permissions are OK.";
-
-    fd = open(file.utf8().data(), O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES) << "Should return EACCES when trying " \
-        "to open a file that does not exit and the permissions are not OK.";
-
-    // Write only directory.
-    file = testDirWrite + "/testFile";
-    fd = open(file.utf8().data(), O_WRONLY | O_CREAT, defaultMode);
-    ASSERT_NE(fd, -1);
-    close(fd);
-
-    fd = open(file.utf8().data(), O_RDWR);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_WRONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    // Read an write directory.
-    file = testDirReadAndWrite + "/testFile";
-    fd = open(file.utf8().data(), O_WRONLY | O_CREAT, defaultMode);
-    ASSERT_NE(fd, -1);
-    close(fd);
-
-    fd = open(file.utf8().data(), O_RDWR);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    fd = open(file.utf8().data(), O_WRONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    // NotAllowed directory.
-    file = testDirNotAllowed + "/testFile";
-    fd = open(file.utf8().data(), O_WRONLY | O_CREAT, defaultMode);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_RDWR);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(file.utf8().data(), O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-
-    // The /usr directory here has read permissions, so it's subdirectories
-    // should resolve to the /usr permissions unless explicitly specified.
-    file = usrDir + "/bin/basename";
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_NE(fd, -1) << "Subdirectories should with no policy should " \
-        "inherit the parent's policies.";
-    close(fd);
-
-    file = usrSbinDir + "/adduser";
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES) << "This directory should have " \
-        "its own policy instead of the parent's.";
-
-    // Access to the rest of the files system is blocked and should
-    // never return anything else other than EACCES regardless if the
-    // file exists or not. The reason is because it will fallback to the
-    // policy of the Root directory, marked as NotAllowed.
-    file = homeDir + "/testFile";
-    fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open("/etc/passwd", O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    file = testDirReadAndWrite + "/../../../etc/passwd";
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    file = testDirReadAndWrite + "/../../.." + testDirReadAndWrite + "/../../../etc/passwd";
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    // Here we test file policies. The have precedence over directory policies.
-    // The file bellow lives inside a directory with ReadAndWrite policy.
-    fd = open(testFileNotAllowed.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(testFileNotAllowed.utf8().data(), O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = open(testFileNotAllowed.utf8().data(), O_RDWR);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    file = testDirReadAndWrite + "/../../.." + testDirReadAndWrite + "/testFilePolicy";
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    // The next file is located inside a directory marked as NotAllowed, but
-    // it has its own file policy that precedes the directory policy.
-    fd = open(testFileReadAndWrite.utf8().data(), O_RDONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    fd = open(testFileReadAndWrite.utf8().data(), O_WRONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    fd = open(testFileReadAndWrite.utf8().data(), O_RDWR);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    file = testDirReadAndWrite + "/../../.." + testDirNotAllowed + "/testFilePolicy";
-    fd = open(file.utf8().data(), O_RDONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-}
-
-TEST(WebKit2, creat)
-{
-    // Read only directory.
-    String file = testDirRead + "/testFile2";
-    int fd = creat(file.utf8().data(), defaultMode);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    // Write only directory.
-    file = testDirWrite + "/testFile2";
-    fd = creat(file.utf8().data(), defaultMode);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    // Read an write directory.
-    file = testDirReadAndWrite + "/testFile2";
-    fd = creat(file.utf8().data(), defaultMode);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    // NotAllowed directory.
-    file = testDirNotAllowed + "/testFile2";
-    fd = creat(file.utf8().data(), defaultMode);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-}
-
-TEST(WebKit2, openat)
-{
-    int dirFd = open(testDirReadAndWrite.utf8().data(), O_RDONLY);
-    ASSERT_NE(dirFd, -1);
-
-    int fd = openat(dirFd, "testFile3", O_RDWR | O_CREAT, defaultMode);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    fd = openat(dirFd, "testFile3", O_RDWR);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    fd = openat(dirFd, "testFile3", O_RDONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    fd = openat(dirFd, "testFile3", O_WRONLY);
-    EXPECT_NE(fd, -1);
-
-    fd = openat(fd, "testFile3", O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == ENOTDIR) << "Should return ENOTDIR when the fd is a file.";
-    close(fd);
-
-    String file = "../../.." + testDirReadAndWrite + "/testFile3";
-    fd = openat(dirFd, file.utf8().data(), O_WRONLY);
-    EXPECT_NE(fd, -1);
-    close(fd);
-
-    file = "../../.." + testDirRead + "/testFile3";
-    fd = openat(dirFd, file.utf8().data(), O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    file = testDirReadAndWrite + "/testFile3";
-    fd = openat(-1, file.utf8().data(), O_WRONLY);
-    EXPECT_NE(fd, -1) << "Directory fd should be ignored when the path is absolute.";
-    close(fd);
-
-    fd = openat(-1, "testFile3", O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == EBADF) << "Should return EBADF when the fd is invalid.";
-    close(dirFd);
-
-    dirFd = open(testDirNotAllowed.utf8().data(), O_RDONLY);
-    EXPECT_TRUE(dirFd == -1 && errno == EACCES);
-
-    dirFd = open(testDirRead.utf8().data(), O_RDONLY);
-    ASSERT_NE(dirFd, -1);
-
-    fd = openat(dirFd, "testFile2", O_RDONLY | O_CREAT, defaultMode);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-    fd = openat(dirFd, "testFile", O_WRONLY);
-    EXPECT_TRUE(fd == -1 && errno == EACCES);
-    close(dirFd);
-}
-
-static void* stressTest(void*)
-{
-    for (int i = 0; i < 500; ++i) {
-        int fd = open("/tmp/WebKitSeccompFilters/testRead/testFile", O_RDWR);
-        EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-        fd = open("/tmp/WebKitSeccompFilters/testRead/testFile", O_RDONLY);
-        EXPECT_NE(fd, -1);
-        close(fd);
-
-        fd = open("/tmp/WebKitSeccompFilters/testNotAllowed/testFile", O_RDONLY);
-        EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-        fd = creat("/tmp/WebKitSeccompFilters/testNotAllowed/SholdNotBeAllowed", defaultMode);
-        EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-        int dirFd = open("/tmp/WebKitSeccompFilters/testRead", O_RDONLY);
-        EXPECT_NE(dirFd, -1);
-
-        fd = openat(dirFd, "testFile", O_RDONLY);
-        EXPECT_NE(fd, -1);
-        close(fd);
-        close(dirFd);
-    }
-
-    return 0;
-}
-
-TEST(WebKit2, threading)
-{
-    // Tests if concurrent syscall execution works fine. It can be
-    // also used for performance testing and leak detection. The test
-    // is disabled on Debug mode because it can be way too verbose.
-    pthread_t threads[5];
-
-    for (int i = 0; i < sizeof(threads) / sizeof(pthread_t); ++i)
-        pthread_create(&threads[i], 0, stressTest, 0);
-
-    for (int i = 0; i < sizeof(threads) / sizeof(pthread_t); ++i)
-        pthread_join(threads[i], 0);
-}
-
-} // namespace TestWebKitAPI
index 0982ca7..b09fb44 100644 (file)
@@ -21,7 +21,6 @@
       <dep package="gst-plugins-good"/>
       <dep package="gst-plugins-bad"/>
       <dep package="gst-libav"/>
-      <dep package="libseccomp"/>
       <dep package="atk"/>
       <dep package="openwebrtc"/>
     </dependencies>
     </branch>
   </autotools>
 
-  <autotools id="libseccomp" autogen-sh="configure">
-      <branch module="seccomp/libseccomp/releases/download/v2.2.3/libseccomp-2.2.3.tar.gz" version="2.2.3"
-          repo="github.com"
-          hash="sha256:d9b400b703cab7bb04b84b9b6e52076a630b673819d7541757bcc16467b6d49e">
-      </branch>
-  </autotools>
-
   <autotools id="atk"
              autogen-sh="configure"
              autogenargs="--disable-introspection">
index 4ee990f..fca865a 100644 (file)
@@ -33,7 +33,6 @@
       <if condition-set="linux">
           <dep package="xserver"/>
           <dep package="mesa"/>
-          <dep package="libseccomp"/>
           <dep package="at-spi2-core"/>
           <dep package="at-spi2-atk"/>
       </if>
              md5sum="f5898b29bbfd70502831a212d9249d10"/>
   </autotools>
 
-  <autotools id="libseccomp" supports-non-srcdir-builds="no" autogen-sh="./autogen.sh; ./configure">
-    <branch repo="github.com" module="seccomp/libseccomp.git" tag="v2.2.3"/>
-  </autotools>
-
   <autotools id="gdk-pixbuf" autogen-sh="configure"
              autogenargs="--disable-introspection">
     <dependencies>