git://git.webkit.org / WebKit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2728343)
2011-02-03 Ivan Krstić <ike@apple.com>
authorike@apple.com <ike@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Feb 2011 07:00:58 +0000 (07:00 +0000)
committerike@apple.com <ike@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 4 Feb 2011 07:00:58 +0000 (07:00 +0000)
        Reviewed by Maciej Stachowiak.

        Make WebProcess pass explicit homedir parameter to the sandbox
        <rdar://problem/8405760>
        <https://webkit.org/b/53558>

        * WebProcess/com.apple.WebProcess.sb:
        * WebProcess/mac/WebProcessMac.mm:
        (WebKit::initializeSandbox):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@77610 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog patch | blob | history
Source/WebKit2/WebProcess/com.apple.WebProcess.sb patch | blob | history
Source/WebKit2/WebProcess/mac/WebProcessMac.mm patch | blob | history

diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index 6b9eb615cae5adfc82c32f898a0241a980e96431..5826a384bc3b39efd7ad6a7fec5254108fb41aa0 100644 (file)
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,3 +1,15 @@
+2011-02-03  Ivan Krstić  <ike@apple.com>
+
+        Reviewed by Maciej Stachowiak.
+
+        Make WebProcess pass explicit homedir parameter to the sandbox
+        <rdar://problem/8405760>
+        <https://webkit.org/b/53558>
+
+        * WebProcess/com.apple.WebProcess.sb:
+        * WebProcess/mac/WebProcessMac.mm:
+        (WebKit::initializeSandbox):
+
 2011-02-03  James Kozianski  <koz@chromium.org>
 
         Reviewed by Dimitri Glazkov.
diff --git a/Source/WebKit2/WebProcess/com.apple.WebProcess.sb b/Source/WebKit2/WebProcess/com.apple.WebProcess.sb
index dbbb4c9f0d2127bc5b0877ee59540426987d02ec..27fdb4db3891dfeceac0f1b9f1ff371ded5e0774 100644 (file)
--- a/Source/WebKit2/WebProcess/com.apple.WebProcess.sb
+++ b/Source/WebKit2/WebProcess/com.apple.WebProcess.sb
@@ -15,20 +15,20 @@
 
    ;; Plugins
    (subpath "/Library/Internet Plug-Ins")
-   (subpath (string-append (param "_HOME") "/Library/Internet Plug-Ins"))
+   (subpath (string-append (param "HOME_DIR") "/Library/Internet Plug-Ins"))
 
    ;; System and user preferences
    (literal "/Library/Preferences/.GlobalPreferences.plist")
    (literal "/Library/Preferences/com.apple.security.plist")
-   (literal (string-append (param "_HOME") "/Library/Preferences/.GlobalPreferences.plist"))
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.ATS.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.HIToolbox.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.LaunchServices.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.WebFoundation.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.plist"))
-   (literal (string-append (param "_HOME") "/Library/Preferences/com.apple.security.revocation.plist"))
-   (subpath (string-append (param "_HOME") "/Library/Keychains"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/.GlobalPreferences.plist"))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/\.GlobalPreferences\."))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.ATS.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.HIToolbox.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.LaunchServices.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.WebFoundation.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.plist"))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/com.apple.security.revocation.plist"))
+   (subpath (string-append (param "HOME_DIR") "/Library/Keychains"))
 
    ;; On-disk WebKit2 framework location, to account for debug installations
    ;; outside of /System/Library/Frameworks
@@ -45,9 +45,9 @@
 
 ;; Writable preferences and temporary files
 (allow file*
-   (subpath (string-append (param "_HOME") "/Library/Caches/com.apple.WebProcess"))
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/com\.apple\.WebProcess\."))
+   (subpath (string-append (param "HOME_DIR") "/Library/Caches/com.apple.WebProcess"))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.HIToolbox\."))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/com\.apple\.WebProcess\."))
 )
 
 ;; Darwin temporary files and caches, if present
@@ -111,8 +111,8 @@
 
 ;; FIXME: These rules are required until plug-ins are moved out of the web process.
 (allow file-read*
-   (regex (string-append "^" (param "_HOME") "/Library/Preferences/ByHost/com\.apple\.ist\."))
-   (literal (string-append (param "_HOME") "/Library/Preferences/edu.mit.Kerberos"))
+   (regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/ByHost/com\.apple\.ist\."))
+   (literal (string-append (param "HOME_DIR") "/Library/Preferences/edu.mit.Kerberos"))
    (literal "/Library/Preferences/edu.mit.Kerberos")
 )
 
diff --git a/Source/WebKit2/WebProcess/mac/WebProcessMac.mm b/Source/WebKit2/WebProcess/mac/WebProcessMac.mm
index 0c5e18c7dac0b32ef6291dc169fd698ed243cd34..54f03db6803cf49672efead096405dbbc137cb9c 100644 (file)
--- a/Source/WebKit2/WebProcess/mac/WebProcessMac.mm
+++ b/Source/WebKit2/WebProcess/mac/WebProcessMac.mm
@@ -121,11 +121,17 @@ static void initializeSandbox(const WebProcessCreationParameters& parameters)
     char* errorBuf;
     char tmpPath[PATH_MAX];
     char tmpRealPath[PATH_MAX];
+    char homeRealPath[PATH_MAX];
     char cachePath[PATH_MAX];
     char cacheRealPath[PATH_MAX];
     const char* frameworkPath = [[[[NSBundle bundleForClass:NSClassFromString(@"WKView")] bundlePath] stringByDeletingLastPathComponent] UTF8String];
     const char* profilePath = [[[NSBundle mainBundle] pathForResource:@"com.apple.WebProcess" ofType:@"sb"] UTF8String];
 
+    if (!realpath([NSHomeDirectory() UTF8String], homeRealPath)) {
+        fprintf(stderr, "WebProcess: couldn't determine home directory when initializing sandbox");
+        exit(EX_CONFIG);
+    }
+
     if (confstr(_CS_DARWIN_USER_TEMP_DIR, tmpPath, PATH_MAX) <= 0 || !realpath(tmpPath, tmpRealPath))
         tmpRealPath[0] = '\0';
 
@@ -133,6 +139,7 @@ static void initializeSandbox(const WebProcessCreationParameters& parameters)
         cacheRealPath[0] = '\0';
 
     const char* const sandboxParam[] = {
+        "HOME_DIR", (const char*)homeRealPath,
         "WEBKIT2_FRAMEWORK_DIR", frameworkPath,
         "DARWIN_USER_TEMP_DIR", (const char*)tmpRealPath,
         "DARWIN_USER_CACHE_DIR", (const char*)cacheRealPath,
Mirror of the WebKit open source project on svn.webkit.org.