Diff
Modified: trunk/Source/WebKit2/ChangeLog (144385 => 144386)
--- trunk/Source/WebKit2/ChangeLog 2013-02-28 23:38:48 UTC (rev 144385)
+++ trunk/Source/WebKit2/ChangeLog 2013-02-28 23:43:02 UTC (rev 144386)
@@ -1,5 +1,56 @@
2013-02-28 Anders Carlsson <[email protected]>
+ Add the notion of an allowed connection to SessionStorageNamespace
+ https://bugs.webkit.org/show_bug.cgi?id=111122
+
+ Reviewed by Sam Weinig.
+
+ Group together each session storage namespace with an allowed connection.
+ This will help ensure that rouge web processes will not be able to access session storage
+ from pages in other processes.
+
+ * UIProcess/Storage/StorageManager.cpp:
+ (StorageManager::SessionStorageNamespace):
+ (WebKit::StorageManager::SessionStorageNamespace::allowedConnection):
+ (WebKit::StorageManager::SessionStorageNamespace::create):
+ (WebKit::StorageManager::SessionStorageNamespace::SessionStorageNamespace):
+ (WebKit::StorageManager::SessionStorageNamespace::setAllowedConnection):
+ Add an m_allowedConnection member variable, as well as setters and getters.
+
+ (WebKit::StorageManager::createSessionStorageNamespace):
+ Take an optional allowed connection. (It can be null if the process has not finished launching).
+
+ (WebKit::StorageManager::setAllowedSessionStorageNamespaceConnection):
+ New function to set the allowed connection for a session storage namespace.
+
+ (WebKit::StorageManager::createStorageArea):
+ Add another FIXME.
+
+ (WebKit::StorageManager::createSessionStorageNamespaceInternal):
+ Pass the connection to the SessionStorageNamespace constructor.
+
+ (WebKit::StorageManager::setAllowedSessionStorageNamespaceConnectionInternal):
+ Set the allowed connection.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::WebPageProxy):
+ Pass the connection to createSessionStorageNamespace.
+
+ (WebKit::WebPageProxy::connectionWillOpen):
+ Call setAllowedSessionStorageNamespaceConnection.
+
+ (WebKit::WebPageProxy::connectionWillClose):
+ Call setAllowedSessionStorageNamespaceConnection with a null connection.
+
+ * UIProcess/WebProcessProxy.cpp:
+ (WebKit::WebProcessProxy::connectionWillOpen):
+ Call connectionWillOpen on all pages.
+
+ (WebKit::WebProcessProxy::connectionWillClose):
+ Call connectionWillClose on all pages.
+
+2013-02-28 Anders Carlsson <[email protected]>
+
Implement more StorageAreaProxy member functions
https://bugs.webkit.org/show_bug.cgi?id=111103
Modified: trunk/Source/WebKit2/UIProcess/Storage/StorageManager.cpp (144385 => 144386)
--- trunk/Source/WebKit2/UIProcess/Storage/StorageManager.cpp 2013-02-28 23:38:48 UTC (rev 144385)
+++ trunk/Source/WebKit2/UIProcess/Storage/StorageManager.cpp 2013-02-28 23:43:02 UTC (rev 144386)
@@ -61,25 +61,30 @@
class StorageManager::SessionStorageNamespace : public ThreadSafeRefCounted<SessionStorageNamespace> {
public:
- static PassRefPtr<SessionStorageNamespace> create();
+ static PassRefPtr<SessionStorageNamespace> create(CoreIPC::Connection* allowedConnection);
~SessionStorageNamespace();
bool isEmpty() const { return m_storageAreaMap.isEmpty(); }
+ CoreIPC::Connection* allowedConnection() const { return m_allowedConnection.get(); }
+ void setAllowedConnection(CoreIPC::Connection*);
+
void cloneTo(SessionStorageNamespace& newSessionStorageNamespace);
private:
- SessionStorageNamespace();
+ explicit SessionStorageNamespace(CoreIPC::Connection* allowedConnection);
+ RefPtr<CoreIPC::Connection> m_allowedConnection;
HashMap<RefPtr<SecurityOrigin>, RefPtr<StorageArea> > m_storageAreaMap;
};
-PassRefPtr<StorageManager::SessionStorageNamespace> StorageManager::SessionStorageNamespace::create()
+PassRefPtr<StorageManager::SessionStorageNamespace> StorageManager::SessionStorageNamespace::create(CoreIPC::Connection* allowedConnection)
{
- return adoptRef(new SessionStorageNamespace());
+ return adoptRef(new SessionStorageNamespace(allowedConnection));
}
-StorageManager::SessionStorageNamespace::SessionStorageNamespace()
+StorageManager::SessionStorageNamespace::SessionStorageNamespace(CoreIPC::Connection* allowedConnection)
+ : m_allowedConnection(allowedConnection)
{
}
@@ -87,6 +92,13 @@
{
}
+void StorageManager::SessionStorageNamespace::setAllowedConnection(CoreIPC::Connection* allowedConnection)
+{
+ ASSERT(!allowedConnection || !m_allowedConnection);
+
+ m_allowedConnection = allowedConnection;
+}
+
void StorageManager::SessionStorageNamespace::cloneTo(SessionStorageNamespace& newSessionStorageNamespace)
{
ASSERT(newSessionStorageNamespace.isEmpty());
@@ -108,9 +120,9 @@
{
}
-void StorageManager::createSessionStorageNamespace(uint64_t storageNamespaceID)
+void StorageManager::createSessionStorageNamespace(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection)
{
- m_queue->dispatch(bind(&StorageManager::createSessionStorageNamespaceInternal, this, storageNamespaceID));
+ m_queue->dispatch(bind(&StorageManager::createSessionStorageNamespaceInternal, this, storageNamespaceID, RefPtr<CoreIPC::Connection>(allowedConnection)));
}
void StorageManager::destroySessionStorageNamespace(uint64_t storageNamespaceID)
@@ -118,6 +130,11 @@
m_queue->dispatch(bind(&StorageManager::destroySessionStorageNamespaceInternal, this, storageNamespaceID));
}
+void StorageManager::setAllowedSessionStorageNamespaceConnection(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection)
+{
+ m_queue->dispatch(bind(&StorageManager::setAllowedSessionStorageNamespaceConnectionInternal, this, storageNamespaceID, RefPtr<CoreIPC::Connection>(allowedConnection)));
+}
+
void StorageManager::cloneSessionStorageNamespace(uint64_t storageNamespaceID, uint64_t newStorageNamespaceID)
{
m_queue->dispatch(bind(&StorageManager::cloneSessionStorageNamespaceInternal, this, storageNamespaceID, newStorageNamespaceID));
@@ -133,12 +150,17 @@
webProcessProxy->connection()->removeWorkQueueMessageReceiver(Messages::StorageManager::messageReceiverName());
}
-void StorageManager::createStorageArea(CoreIPC::Connection*, uint64_t storageAreaID, uint64_t storageNamespaceID, const SecurityOriginData&)
+void StorageManager::createStorageArea(CoreIPC::Connection* connection, uint64_t storageAreaID, uint64_t storageNamespaceID, const SecurityOriginData& securityOriginData)
{
UNUSED_PARAM(storageAreaID);
UNUSED_PARAM(storageNamespaceID);
-}
+ if (!storageNamespaceID) {
+ // FIXME: This is a local storage namespace. Do something.
+ ASSERT_NOT_REACHED();
+ }
+}O
+
void StorageManager::destroyStorageArea(CoreIPC::Connection*, uint64_t)
{
}
@@ -157,11 +179,11 @@
connection->send(Messages::StorageAreaProxy::DidSetItem(key, quotaError), storageAreaID);
}
-void StorageManager::createSessionStorageNamespaceInternal(uint64_t storageNamespaceID)
+void StorageManager::createSessionStorageNamespaceInternal(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection)
{
ASSERT(!m_sessionStorageNamespaces.contains(storageNamespaceID));
- m_sessionStorageNamespaces.set(storageNamespaceID, SessionStorageNamespace::create());
+ m_sessionStorageNamespaces.set(storageNamespaceID, SessionStorageNamespace::create(allowedConnection));
}
void StorageManager::destroySessionStorageNamespaceInternal(uint64_t storageNamespaceID)
@@ -171,6 +193,13 @@
m_sessionStorageNamespaces.remove(storageNamespaceID);
}
+void StorageManager::setAllowedSessionStorageNamespaceConnectionInternal(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection)
+{
+ ASSERT(m_sessionStorageNamespaces.contains(storageNamespaceID));
+
+ m_sessionStorageNamespaces.get(storageNamespaceID)->setAllowedConnection(allowedConnection);
+}
+
void StorageManager::cloneSessionStorageNamespaceInternal(uint64_t storageNamespaceID, uint64_t newStorageNamespaceID)
{
SessionStorageNamespace* sessionStorageNamespace = m_sessionStorageNamespaces.get(storageNamespaceID).get();
Modified: trunk/Source/WebKit2/UIProcess/Storage/StorageManager.h (144385 => 144386)
--- trunk/Source/WebKit2/UIProcess/Storage/StorageManager.h 2013-02-28 23:38:48 UTC (rev 144385)
+++ trunk/Source/WebKit2/UIProcess/Storage/StorageManager.h 2013-02-28 23:43:02 UTC (rev 144386)
@@ -43,8 +43,9 @@
static PassRefPtr<StorageManager> create();
~StorageManager();
- void createSessionStorageNamespace(uint64_t storageNamespaceID);
+ void createSessionStorageNamespace(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection);
void destroySessionStorageNamespace(uint64_t storageNamespaceID);
+ void setAllowedSessionStorageNamespaceConnection(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection);
void cloneSessionStorageNamespace(uint64_t storageNamespaceID, uint64_t newStorageNamespaceID);
void processWillOpenConnection(WebProcessProxy*);
@@ -63,8 +64,9 @@
void getValues(CoreIPC::Connection*, uint64_t storageAreaID, HashMap<String, String>& values);
void setItem(CoreIPC::Connection*, uint64_t storageAreaID, const String& key, const String& value);
- void createSessionStorageNamespaceInternal(uint64_t storageNamespaceID);
+ void createSessionStorageNamespaceInternal(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection);
void destroySessionStorageNamespaceInternal(uint64_t storageNamespaceID);
+ void setAllowedSessionStorageNamespaceConnectionInternal(uint64_t storageNamespaceID, CoreIPC::Connection* allowedConnection);
void cloneSessionStorageNamespaceInternal(uint64_t storageNamespaceID, uint64_t newStorageNamespaceID);
RefPtr<WorkQueue> m_queue;
Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp (144385 => 144386)
--- trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2013-02-28 23:38:48 UTC (rev 144385)
+++ trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2013-02-28 23:43:02 UTC (rev 144386)
@@ -267,7 +267,7 @@
#endif
m_process->addMessageReceiver(Messages::WebPageProxy::messageReceiverName(), m_pageID, this);
- m_process->context()->storageManager().createSessionStorageNamespace(m_pageID);
+ m_process->context()->storageManager().createSessionStorageNamespace(m_pageID, m_process->isValid() ? m_process->connection() : 0);
}
WebPageProxy::~WebPageProxy()
@@ -2549,6 +2549,20 @@
m_uiClient.mouseDidMoveOverElement(this, hitTestResultData, modifiers, userData.get());
}
+void WebPageProxy::connectionWillOpen(CoreIPC::Connection* connection)
+{
+ ASSERT(connection == m_process->connection());
+
+ m_process->context()->storageManager().setAllowedSessionStorageNamespaceConnection(m_pageID, connection);
+}
+
+void WebPageProxy::connectionWillClose(CoreIPC::Connection* connection)
+{
+ ASSERT(connection == m_process->connection());
+
+ m_process->context()->storageManager().setAllowedSessionStorageNamespaceConnection(m_pageID, 0);
+}
+
String WebPageProxy::pluginInformationBundleIdentifierKey()
{
return ASCIILiteral("PluginInformationBundleIdentifier");
Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.h (144385 => 144386)
--- trunk/Source/WebKit2/UIProcess/WebPageProxy.h 2013-02-28 23:38:48 UTC (rev 144385)
+++ trunk/Source/WebKit2/UIProcess/WebPageProxy.h 2013-02-28 23:43:02 UTC (rev 144386)
@@ -753,6 +753,9 @@
void didReceiveAuthenticationChallengeProxy(uint64_t frameID, PassRefPtr<AuthenticationChallengeProxy>);
+ void connectionWillOpen(CoreIPC::Connection*);
+ void connectionWillClose(CoreIPC::Connection*);
+
static String pluginInformationBundleIdentifierKey();
static String pluginInformationBundleVersionKey();
static String pluginInformationDisplayNameKey();
Modified: trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp (144385 => 144386)
--- trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2013-02-28 23:38:48 UTC (rev 144385)
+++ trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp 2013-02-28 23:43:02 UTC (rev 144386)
@@ -121,6 +121,9 @@
SecItemShimProxy::shared().initializeConnection(connection);
#endif
+ for (WebPageProxyMap::iterator it = m_pageMap.begin(), end = m_pageMap.end(); it != end; ++it)
+ it->value->connectionWillOpen(connection);
+
m_context->processWillOpenConnection(this);
}
@@ -128,6 +131,9 @@
{
ASSERT(this->connection() == connection);
+ for (WebPageProxyMap::iterator it = m_pageMap.begin(), end = m_pageMap.end(); it != end; ++it)
+ it->value->connectionWillClose(connection);
+
m_context->processWillCloseConnection(this);
}
