Diff
Modified: trunk/Source/WebKit2/ChangeLog (170685 => 170686)
--- trunk/Source/WebKit2/ChangeLog 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/ChangeLog 2014-07-02 01:24:17 UTC (rev 170686)
@@ -1,3 +1,17 @@
+2014-07-01 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, rolling out r170608.
+ https://bugs.webkit.org/show_bug.cgi?id=134533
+
+ Safari keeps crashing on device due to sandbox violation.
+ (Requested by enrica on #webkit).
+
+ Reverted changeset:
+
+ "Restrict network process sandbox"
+ https://bugs.webkit.org/show_bug.cgi?id=134360
+ http://trac.webkit.org/changeset/170608
+
2014-07-01 Pratik Solanki <psola...@apple.com>
Encode/decode CFURLRequestRefs when USE(CFNETWORK) is enabled
Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm (170685 => 170686)
--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-07-02 01:24:17 UTC (rev 170686)
@@ -60,23 +60,24 @@
void NetworkProcess::platformInitializeNetworkProcessCocoa(const NetworkProcessCreationParameters& parameters)
{
- SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle);
- m_diskCacheDirectory = parameters.diskCacheDirectory;
-
- if (!m_diskCacheDirectory.isNull()) {
- SandboxExtension::consumePermanently(parameters.diskCacheDirectoryExtensionHandle);
#if PLATFORM(IOS)
+ if (!parameters.uiProcessBundleIdentifier.isNull()) {
[NSURLCache setSharedURLCache:adoptNS([[NSURLCache alloc]
_initWithMemoryCapacity:parameters.nsURLCacheMemoryCapacity
diskCapacity:parameters.nsURLCacheDiskCapacity
relativePath:parameters.uiProcessBundleIdentifier]).get()];
+ }
#else
+ m_diskCacheDirectory = parameters.diskCacheDirectory;
+
+ if (!m_diskCacheDirectory.isNull()) {
+ SandboxExtension::consumePermanently(parameters.diskCacheDirectoryExtensionHandle);
[NSURLCache setSharedURLCache:adoptNS([[NSURLCache alloc]
initWithMemoryCapacity:parameters.nsURLCacheMemoryCapacity
diskCapacity:parameters.nsURLCacheDiskCapacity
diskPath:parameters.diskCacheDirectory]).get()];
+ }
#endif
- }
#if PLATFORM(IOS) || __MAC_OS_X_VERSION_MIN_REQUIRED >= 1090
RetainPtr<CFURLCacheRef> cache = adoptCF(CFURLCacheCopySharedURLCache());
Modified: trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (170685 => 170686)
--- trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-07-02 01:24:17 UTC (rev 170686)
@@ -22,48 +22,7 @@
; THE POSSIBILITY OF SUCH DAMAGE.
(version 1)
-(deny default (with partial-symbolication))
-(allow system-audit file-read-metadata)
+(allow default)
(import "common.sb")
(import "removed-dev-nodes.sb")
-
-;; Access CFNetwork shared cookies
-;; This is too generous -- <rdar://problem/17496756>
-(apple-cookie-access 'with-read-write)
-
-;; Sandbox extensions
-(allow file-read* (container-subpath "Library/")
- (extension "com.apple.webkit.read"))
-
-;; Access to client's cache folder & re-vending to CFNetwork.
-(allow file-read* file-write* (container-subpath "Library/")
- (extension "com.apple.nsurlstorage.extension-cache"))
-(allow file-issue-extension (container-subpath "Library/")
- (extension-class "com.apple.nsurlstorage.extension-cache"))
-
-;; App sandbox extensions
-(allow file-read* file-write* (container-subpath "Library/")
- (extension "com.apple.app-sandbox.read-write"))
-
-;; Access to own cache & temp folders.
-(allow file-read* file-write* (container-subpath "")
- (extension "com.apple.webkit.read-write"))
-
-;; IOKit user clients
-(allow iokit-open
- (iokit-user-client-class "RootDomainUserClient"))
-
-;; Various services required by CFNetwork and other frameworks
-(allow mach-lookup
- (global-name "com.apple.PowerManagement.control"))
-
-(network-client)
-
-;; Security framework
-(allow mach-lookup
- (global-name "com.apple.ocspd")
- (global-name "com.apple.securityd"))
-
-(deny file-write-create
- (vnode-type SYMLINK))
Modified: trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp (170685 => 170686)
--- trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp 2014-07-02 01:24:17 UTC (rev 170686)
@@ -42,8 +42,6 @@
encoder.encodeEnum(cacheModel);
encoder << diskCacheDirectory;
encoder << diskCacheDirectoryExtensionHandle;
- encoder << cookieStorageDirectory;
- encoder << cookieStorageDirectoryExtensionHandle;
encoder << shouldUseTestingNetworkSession;
#if ENABLE(CUSTOM_PROTOCOLS)
encoder << urlSchemesRegisteredForCustomProtocols;
@@ -75,10 +73,6 @@
return false;
if (!decoder.decode(result.diskCacheDirectoryExtensionHandle))
return false;
- if (!decoder.decode(result.cookieStorageDirectory))
- return false;
- if (!decoder.decode(result.cookieStorageDirectoryExtensionHandle))
- return false;
if (!decoder.decode(result.shouldUseTestingNetworkSession))
return false;
#if ENABLE(CUSTOM_PROTOCOLS)
Modified: trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h (170685 => 170686)
--- trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h 2014-07-02 01:24:17 UTC (rev 170686)
@@ -56,9 +56,6 @@
String diskCacheDirectory;
SandboxExtension::Handle diskCacheDirectoryExtensionHandle;
- String cookieStorageDirectory;
- SandboxExtension::Handle cookieStorageDirectoryExtensionHandle;
-
bool shouldUseTestingNetworkSession;
#if ENABLE(CUSTOM_PROTOCOLS)
Modified: trunk/Source/WebKit2/Shared/mac/SandboxUtilities.cpp (170685 => 170686)
--- trunk/Source/WebKit2/Shared/mac/SandboxUtilities.cpp 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/Shared/mac/SandboxUtilities.cpp 2014-07-02 01:24:17 UTC (rev 170686)
@@ -27,7 +27,6 @@
#include "SandboxUtilities.h"
#include <array>
-#include <wtf/text/WTFString.h>
#if __has_include(<sandbox/private.h>)
#import <sandbox/private.h>
@@ -68,13 +67,4 @@
return hasContainer;
}
-String pathForProcessContainer()
-{
- std::array<char, MAXPATHLEN> path;
- path[0] = 0;
- sandbox_container_path_for_pid(getpid(), path.data(), path.size());
-
- return String::fromUTF8(path.data());
}
-
-}
Modified: trunk/Source/WebKit2/Shared/mac/SandboxUtilities.h (170685 => 170686)
--- trunk/Source/WebKit2/Shared/mac/SandboxUtilities.h 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/Shared/mac/SandboxUtilities.h 2014-07-02 01:24:17 UTC (rev 170686)
@@ -27,16 +27,12 @@
#define SandboxUtilities_h
#include <sys/types.h>
-#include <wtf/Forward.h>
namespace WebKit {
bool processIsSandboxed(pid_t);
bool processHasContainer();
-// Returns an empty string if the process is not in a container.
-String pathForProcessContainer();
-
}
#endif // SandboxUtilities_h
Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (170685 => 170686)
--- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-07-02 01:24:17 UTC (rev 170686)
@@ -411,10 +411,6 @@
if (!parameters.diskCacheDirectory.isEmpty())
SandboxExtension::createHandleForReadWriteDirectory(parameters.diskCacheDirectory, parameters.diskCacheDirectoryExtensionHandle);
- parameters.cookieStorageDirectory = cookieStorageDirectory();
- if (!parameters.cookieStorageDirectory.isEmpty())
- SandboxExtension::createHandleForReadWriteDirectory(parameters.cookieStorageDirectory, parameters.cookieStorageDirectoryExtensionHandle);
-
parameters.shouldUseTestingNetworkSession = m_shouldUseTestingNetworkSession;
// Add any platform specific parameters
Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (170685 => 170686)
--- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-07-02 01:24:17 UTC (rev 170686)
@@ -27,7 +27,6 @@
#import "WebContext.h"
#import "PluginProcessManager.h"
-#import "SandboxUtilities.h"
#import "TextChecker.h"
#import "WKBrowsingContextControllerInternal.h"
#import "WKBrowsingContextControllerInternal.h"
@@ -270,17 +269,8 @@
String WebContext::platformDefaultCookieStorageDirectory() const
{
-#if PLATFORM(IOS)
- String path = pathForProcessContainer();
- if (path.isEmpty())
- path = NSHomeDirectory();
-
- path = path + "/Library/Cookies";
- return stringByResolvingSymlinksInPath(path);
-#else
notImplemented();
return [@"" stringByStandardizingPath];
-#endif
}
String WebContext::platformDefaultWebSQLDatabaseDirectory()
Modified: trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm (170685 => 170686)
--- trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-07-02 00:57:52 UTC (rev 170685)
+++ trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm 2014-07-02 01:24:17 UTC (rev 170686)
@@ -167,7 +167,6 @@
SandboxExtension::consumePermanently(parameters.webSQLDatabaseDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.applicationCacheDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.diskCacheDirectoryExtensionHandle);
- SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle);
#endif
// When the network process is enabled, each web process wants a stand-alone