Title: [243784] trunk/Source/WebKit
- Revision
- 243784
- Author
- gga...@apple.com
- Date
- 2019-04-02 20:24:29 -0700 (Tue, 02 Apr 2019)
Log Message
Eliminate plugin sandbox exceptions
https://bugs.webkit.org/show_bug.cgi?id=196510
Reviewed by Chris Dumez.
* PluginProcess/mac/PluginProcessMac.mm:
(WebKit::PluginProcess::initializeSandbox):
* UIProcess/Plugins/PluginInfoStore.cpp:
(WebKit::PluginInfoStore::shouldAllowPluginToRunUnsandboxed): Deleted.
* UIProcess/Plugins/PluginInfoStore.h:
* UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
(WebKit::PluginInfoStore::shouldUsePlugin):
(WebKit::PluginInfoStore::shouldAllowPluginToRunUnsandboxed): Deleted.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (243783 => 243784)
--- trunk/Source/WebKit/ChangeLog 2019-04-03 01:56:58 UTC (rev 243783)
+++ trunk/Source/WebKit/ChangeLog 2019-04-03 03:24:29 UTC (rev 243784)
@@ -1,3 +1,19 @@
+2019-04-02 Geoffrey Garen <gga...@apple.com>
+
+ Eliminate plugin sandbox exceptions
+ https://bugs.webkit.org/show_bug.cgi?id=196510
+
+ Reviewed by Chris Dumez.
+
+ * PluginProcess/mac/PluginProcessMac.mm:
+ (WebKit::PluginProcess::initializeSandbox):
+ * UIProcess/Plugins/PluginInfoStore.cpp:
+ (WebKit::PluginInfoStore::shouldAllowPluginToRunUnsandboxed): Deleted.
+ * UIProcess/Plugins/PluginInfoStore.h:
+ * UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
+ (WebKit::PluginInfoStore::shouldUsePlugin):
+ (WebKit::PluginInfoStore::shouldAllowPluginToRunUnsandboxed): Deleted.
+
2019-04-02 Alex Christensen <achristen...@webkit.org>
Fix assertion in http/tests/adClickAttribution/store-ad-click-attribution.html
Modified: trunk/Source/WebKit/PluginProcess/mac/PluginProcessMac.mm (243783 => 243784)
--- trunk/Source/WebKit/PluginProcess/mac/PluginProcessMac.mm 2019-04-03 01:56:58 UTC (rev 243783)
+++ trunk/Source/WebKit/PluginProcess/mac/PluginProcessMac.mm 2019-04-03 03:24:29 UTC (rev 243784)
@@ -474,9 +474,6 @@
exit(EX_OSERR);
}
- if (PluginInfoStore::shouldAllowPluginToRunUnsandboxed(m_pluginBundleIdentifier))
- return;
-
bool parentIsSandboxed = parameters.connectionIdentifier.xpcConnection && connectedProcessIsSandboxed(parameters.connectionIdentifier.xpcConnection.get());
if (parameters.extraInitializationData.get("disable-sandbox") == "1") {
Modified: trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.cpp (243783 => 243784)
--- trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.cpp 2019-04-03 01:56:58 UTC (rev 243783)
+++ trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.cpp 2019-04-03 03:24:29 UTC (rev 243784)
@@ -159,12 +159,6 @@
#if !PLATFORM(COCOA)
-bool PluginInfoStore::shouldAllowPluginToRunUnsandboxed(const String& pluginBundleIdentifier)
-{
- UNUSED_PARAM(pluginBundleIdentifier);
- return false;
-}
-
PluginModuleLoadPolicy PluginInfoStore::defaultLoadPolicyForPlugin(const PluginModuleInfo&)
{
return PluginModuleLoadNormally;
Modified: trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.h (243783 => 243784)
--- trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.h 2019-04-03 01:56:58 UTC (rev 243783)
+++ trunk/Source/WebKit/UIProcess/Plugins/PluginInfoStore.h 2019-04-03 03:24:29 UTC (rev 243784)
@@ -64,8 +64,6 @@
void addSupportedPlugin(String&& matchingDomain, String&& identifier, HashSet<String>&& mimeTypes, HashSet<String> extensions);
void clearSupportedPlugins() { m_supportedPlugins = WTF::nullopt; }
- static bool shouldAllowPluginToRunUnsandboxed(const String& pluginBundleIdentifier);
-
private:
PluginModuleInfo findPluginForMIMEType(const String& mimeType, WebCore::PluginData::AllowedPluginTypes) const;
PluginModuleInfo findPluginForExtension(const String& extension, String& mimeType, WebCore::PluginData::AllowedPluginTypes) const;
Modified: trunk/Source/WebKit/UIProcess/Plugins/mac/PluginInfoStoreMac.mm (243783 => 243784)
--- trunk/Source/WebKit/UIProcess/Plugins/mac/PluginInfoStoreMac.mm 2019-04-03 01:56:58 UTC (rev 243783)
+++ trunk/Source/WebKit/UIProcess/Plugins/mac/PluginInfoStoreMac.mm 2019-04-03 03:24:29 UTC (rev 243784)
@@ -83,29 +83,6 @@
return loadPolicy == PluginModuleBlockedForSecurity || loadPolicy == PluginModuleBlockedForCompatibility;
}
-bool PluginInfoStore::shouldAllowPluginToRunUnsandboxed(const String& pluginBundleIdentifier)
-{
- if (RuntimeEnabledFeatures::sharedFeatures().experimentalPlugInSandboxProfilesEnabled())
- return false;
-
- return pluginBundleIdentifier == "com.cisco.webex.plugin.gpc64"_s
- || pluginBundleIdentifier == "com.google.googletalkbrowserplugin"_s
- || pluginBundleIdentifier == "com.google.o1dbrowserplugin"_s
- || pluginBundleIdentifier == "com.apple.NPSafeInput"_s
- || pluginBundleIdentifier == "com.apple.BocomSubmitCtrl"_s
- || pluginBundleIdentifier == "com.ftsafe.NPAPI-Core-Safe-SoftKeybaord.plugin.rfc1034identifier"_s
- || pluginBundleIdentifier == "com.cfca.npSecEditCtl.MAC.BOC.plugin"_s
- || pluginBundleIdentifier == "com.cfca.npSecEditCtl.MAC.BOCO"_s
- || pluginBundleIdentifier == "cfca.com.npCryptoKit.MAC.BOC"_s
- || pluginBundleIdentifier == "cfca.com.npP11CertEnroll.MAC.BOC"_s
- || pluginBundleIdentifier == "cfca.com.npCryptoKit.UnionPay.MAC"_s
- || pluginBundleIdentifier == "cfca.com.npP11CertEnroll.MAC.UnionPay"_s
- || pluginBundleIdentifier == "Bocom.netsignplugin"_s
- || pluginBundleIdentifier == "cfca.com.npP11CertEnroll.MAC.CGB"_s
- || pluginBundleIdentifier == "cfca.com.npCryptoKit.CGB.MAC"_s
- || pluginBundleIdentifier == "mw.icbc-safari-MW"_s;
-}
-
bool PluginInfoStore::shouldUsePlugin(Vector<PluginModuleInfo>& alreadyLoadedPlugins, const PluginModuleInfo& plugin)
{
for (size_t i = 0; i < alreadyLoadedPlugins.size(); ++i) {
@@ -127,7 +104,7 @@
return false;
}
- if (currentProcessIsSandboxed() && !plugin.hasSandboxProfile && !shouldAllowPluginToRunUnsandboxed(plugin.bundleIdentifier)) {
+ if (currentProcessIsSandboxed() && !plugin.hasSandboxProfile) {
LOG(Plugins, "Ignoring unsandboxed plug-in %s", plugin.bundleIdentifier.utf8().data());
return false;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes