Diff
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (256120 => 256121)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-10 13:22:55 UTC (rev 256120)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-10 13:23:00 UTC (rev 256121)
@@ -1,3 +1,23 @@
+2020-02-06 Patrick Griffis <pgrif...@igalia.com>
+
+ [GTK][WPE] Re-add flatpak sandbox support
+ https://bugs.webkit.org/show_bug.cgi?id=204732
+
+ Reviewed by Michael Catanzaro.
+
+ This brings back the Flatpak based sandbox now that upstream has added
+ features to their spawn portal to accomodate our needs.
+
+ * SourcesGTK.txt:
+ * SourcesWPE.txt:
+ * UIProcess/Launcher/glib/FlatpakLauncher.cpp: Added.
+ (WebKit::flatpakSpawn):
+ * UIProcess/Launcher/glib/FlatpakLauncher.h: Added.
+ * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
+ (WebKit::isFlatpakSpawnUsable):
+ (WebKit::isInsideFlatpak):
+ (WebKit::ProcessLauncher::launchProcess):
+
2020-02-09 Lauro Moura <lmo...@igalia.com>
[GTK][WPE] Expose allowTopNavigationToDataURL
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/SourcesGTK.txt (256120 => 256121)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/SourcesGTK.txt 2020-02-10 13:22:55 UTC (rev 256120)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/SourcesGTK.txt 2020-02-10 13:23:00 UTC (rev 256121)
@@ -223,6 +223,7 @@
UIProcess/Launcher/glib/ProcessLauncherGLib.cpp @no-unify
UIProcess/Launcher/glib/BubblewrapLauncher.cpp @no-unify
+UIProcess/Launcher/glib/FlatpakLauncher.cpp @no-unify
UIProcess/linux/MemoryPressureMonitor.cpp
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/SourcesWPE.txt (256120 => 256121)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/SourcesWPE.txt 2020-02-10 13:22:55 UTC (rev 256120)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/SourcesWPE.txt 2020-02-10 13:23:00 UTC (rev 256121)
@@ -200,6 +200,7 @@
UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+UIProcess/Launcher/glib/FlatpakLauncher.cpp
UIProcess/Plugins/unix/PluginInfoStoreUnix.cpp
UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp
Added: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp (0 => 256121)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp (rev 0)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.cpp 2020-02-10 13:23:00 UTC (rev 256121)
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2020 Igalia S.L.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "FlatpakLauncher.h"
+
+#if OS(LINUX)
+
+#include <gio/gio.h>
+#include <wtf/glib/GUniquePtr.h>
+
+namespace WebKit {
+
+GRefPtr<GSubprocess> flatpakSpawn(GSubprocessLauncher* launcher, const WebKit::ProcessLauncher::LaunchOptions& launchOptions, char** argv, int childProcessSocket, GError** error)
+{
+ ASSERT(launcher);
+
+ // When we are running inside of flatpak's sandbox we do not have permissions to use the same
+ // bubblewrap sandbox we do outside but flatpak offers the ability to create new sandboxes
+ // for us using flatpak-spawn.
+
+ GUniquePtr<gchar> childProcessSocketArg(g_strdup_printf("--forward-fd=%d", childProcessSocket));
+ Vector<CString> flatpakArgs = {
+ "flatpak-spawn",
+ childProcessSocketArg.get(),
+ "--watch-bus"
+ };
+
+ if (launchOptions.processType == ProcessLauncher::ProcessType::Web) {
+ flatpakArgs.appendVector(Vector<CString>({
+ "--sandbox",
+ "--no-network",
+ "--sandbox-flag=share-gpu",
+ "--sandbox-flag=share-display",
+ "--sandbox-flag=share-sound",
+ "--sandbox-flag=allow-a11y",
+ "--sandbox-flag=allow-dbus", // Note that this only allows portals and $appid.Sandbox.* access
+ }));
+
+ for (const auto& pathAndPermission : launchOptions.extraWebProcessSandboxPaths) {
+ const char* formatString = pathAndPermission.value == SandboxPermission::ReadOnly ? "--sandbox-expose-path-ro=%s": "--sandbox-expose-path=%s";
+ GUniquePtr<gchar> pathArg(g_strdup_printf(formatString, pathAndPermission.key.data()));
+ flatpakArgs.append(pathArg.get());
+ }
+ }
+
+ char** newArgv = g_newa(char*, g_strv_length(argv) + flatpakArgs.size() + 1);
+ size_t i = 0;
+
+ for (const auto& arg : flatpakArgs)
+ newArgv[i++] = const_cast<char*>(arg.data());
+ for (size_t x = 0; argv[x]; x++)
+ newArgv[i++] = argv[x];
+ newArgv[i++] = nullptr;
+
+ return adoptGRef(g_subprocess_launcher_spawnv(launcher, newArgv, error));
+}
+
+};
+
+#endif // OS(LINUX)
Added: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h (0 => 256121)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h (rev 0)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/FlatpakLauncher.h 2020-02-10 13:23:00 UTC (rev 256121)
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2020 Igalia S.L.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#if OS(LINUX)
+
+#include "ProcessLauncher.h"
+
+#include <wtf/glib/GRefPtr.h>
+
+typedef struct _GSubprocess GSubprocess;
+typedef struct _GSubprocessLauncher GSubprocessLauncher;
+
+namespace WebKit {
+
+GRefPtr<GSubprocess> flatpakSpawn(GSubprocessLauncher*, const WebKit::ProcessLauncher::LaunchOptions&, char** argv, int childProcessSocket, GError**);
+
+};
+
+#endif
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (256120 => 256121)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2020-02-10 13:22:55 UTC (rev 256120)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2020-02-10 13:23:00 UTC (rev 256121)
@@ -29,6 +29,7 @@
#include "BubblewrapLauncher.h"
#include "Connection.h"
+#include "FlatpakLauncher.h"
#include "ProcessExecutablePath.h"
#include <errno.h>
#include <fcntl.h>
@@ -49,6 +50,26 @@
close(socket);
}
+#if OS(LINUX)
+static bool isFlatpakSpawnUsable()
+{
+ static Optional<bool> ret;
+ if (ret)
+ return *ret;
+
+ // For our usage to work we need flatpak >= 1.5.2 on the host and flatpak-xdg-utils > 1.0.1 in the sandbox
+ GRefPtr<GSubprocess> process = adoptGRef(g_subprocess_new(static_cast<GSubprocessFlags>(G_SUBPROCESS_FLAGS_STDOUT_SILENCE | G_SUBPROCESS_FLAGS_STDERR_SILENCE),
+ nullptr, "flatpak-spawn", "--sandbox", "--sandbox-expose-path-ro-try=/this_path_doesnt_exist", "echo", nullptr));
+
+ if (!process.get())
+ ret = false;
+ else
+ ret = g_subprocess_wait_check(process.get(), nullptr, nullptr);
+
+ return *ret;
+}
+#endif
+
#if ENABLE(BUBBLEWRAP_SANDBOX)
static bool isInsideDocker()
{
@@ -162,7 +183,7 @@
GUniqueOutPtr<GError> error;
GRefPtr<GSubprocess> process;
-#if ENABLE(BUBBLEWRAP_SANDBOX)
+#if OS(LINUX)
const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX");
bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true";
@@ -169,12 +190,16 @@
if (sandboxEnv)
sandboxEnabled = !strcmp(sandboxEnv, "1");
+ if (sandboxEnabled && isFlatpakSpawnUsable())
+ process = flatpakSpawn(launcher.get(), m_launchOptions, argv, socketPair.client, &error.outPtr());
+#if ENABLE(BUBBLEWRAP_SANDBOX)
// You cannot use bubblewrap within Flatpak or Docker so lets ensure it never happens.
// Snap can allow it but has its own limitations that require workarounds.
- if (sandboxEnabled && !isInsideFlatpak() && !isInsideSnap() && !isInsideDocker())
+ else if (sandboxEnabled && !isInsideFlatpak() && !isInsideSnap() && !isInsideDocker())
process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
+#endif // ENABLE(BUBBLEWRAP_SANDBOX)
else
-#endif
+#endif // OS(LINUX)
process = adoptGRef(g_subprocess_launcher_spawnv(launcher.get(), argv, &error.outPtr()));
if (!process.get())
