Diff
Modified: branches/safari-600.1-branch/Source/WebKit2/ChangeLog (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/ChangeLog 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/ChangeLog 2014-08-05 23:32:32 UTC (rev 172105)
@@ -1,5 +1,38 @@
2014-08-05 Lucas Forschler <lforsch...@apple.com>
+ Merge r172031
+
+ 2014-08-05 Oliver Hunt <oli...@apple.com>
+
+ SSO expects to be able to walk parent application's bundle
+ https://bugs.webkit.org/show_bug.cgi?id=135581
+ <rdar://problem/17864079>
+
+ Reviewed by Alexey Proskuryakov.
+
+ SSO expects to be able to walk the parent application's
+ bundle looking for Info plists. To allow this to actually
+ work we provide an extension from the ui process that
+ covers the bundle directory, and then in the profile
+ restrict access to the ability to read directories and
+ files named Info.plist.
+
+ * NetworkProcess/cocoa/NetworkProcessCocoa.mm:
+ (WebKit::NetworkProcess::platformInitializeNetworkProcessCocoa):
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+ * Shared/Network/NetworkProcessCreationParameters.cpp:
+ (WebKit::NetworkProcessCreationParameters::encode):
+ (WebKit::NetworkProcessCreationParameters::decode):
+ * Shared/Network/NetworkProcessCreationParameters.h:
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::ensureNetworkProcess):
+ (WebKit::WebContext::parentBundleDirectory):
+ * UIProcess/WebContext.h:
+ * UIProcess/mac/WebContextMac.mm:
+ (WebKit::WebContext::parentBundleDirectory):
+
+2014-08-05 Lucas Forschler <lforsch...@apple.com>
+
Merge r172016
2014-08-04 Benjamin Poulain <bpoul...@apple.com>
Modified: branches/safari-600.1-branch/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2014-08-05 23:32:32 UTC (rev 172105)
@@ -63,6 +63,7 @@
SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle);
#if PLATFORM(IOS)
SandboxExtension::consumePermanently(parameters.hstsDatabasePathExtensionHandle);
+ SandboxExtension::consumePermanently(parameters.parentBundleDirectoryExtensionHandle);
#endif
m_diskCacheDirectory = parameters.diskCacheDirectory;
Modified: branches/safari-600.1-branch/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2014-08-05 23:32:32 UTC (rev 172105)
@@ -29,7 +29,7 @@
(import "removed-dev-nodes.sb")
;; Access to client's cache folder & re-vending to CFNetwork.
-;; FIXME: Remove the webkti specific extension classes <rdar://problem/17755931>
+;; FIXME: Remove the webkit specific extension classes <rdar://problem/17755931>
(allow file-issue-extension (require-all
(extension "com.apple.app-sandbox.read-write")
(extension-class "com.apple.nsurlstorage.extension-cache")))
@@ -38,6 +38,27 @@
(allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
(allow file-read* (extension "com.apple.app-sandbox.read"))
+;; FIXME: <rdar://problem/17909681> SSO expects to be able to walk the parent
+;; bundle to find Info plists, so we jump through a few hoops here to provide
+;; enough access to make it possible.
+
+;; Disallow networking process from reading any bundles, even with the read extension
+(deny file-read* (subpath "/Applications") (extension "com.apple.app-sandbox.read"))
+(deny file-read* (subpath "/private/var/mobile/Containers/Bundle/Application") (extension "com.apple.app-sandbox.read"))
+
+;; Allow the networking process to read directories inside the bundle directories
+;; that we may have killed off above
+(allow file-read*
+ (require-all
+ (extension "com.apple.app-sandbox.read")
+ (vnode-type DIRECTORY)))
+
+;; Allow the networking process to read the Info.plist files
+(allow file-read*
+ (require-all
+ (extension "com.apple.app-sandbox.read")
+ (regex #"/Info\.plist$")))
+
;; IOKit user clients
(allow iokit-open
(iokit-user-client-class "RootDomainUserClient"))
Modified: branches/safari-600.1-branch/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.cpp 2014-08-05 23:32:32 UTC (rev 172105)
@@ -47,6 +47,8 @@
#if PLATFORM(IOS)
encoder << hstsDatabasePath;
encoder << hstsDatabasePathExtensionHandle;
+ encoder << parentBundleDirectory;
+ encoder << parentBundleDirectoryExtensionHandle;
#endif
encoder << shouldUseTestingNetworkSession;
#if ENABLE(CUSTOM_PROTOCOLS)
@@ -88,6 +90,10 @@
return false;
if (!decoder.decode(result.hstsDatabasePathExtensionHandle))
return false;
+ if (!decoder.decode(result.parentBundleDirectory))
+ return false;
+ if (!decoder.decode(result.parentBundleDirectoryExtensionHandle))
+ return false;
#endif
if (!decoder.decode(result.shouldUseTestingNetworkSession))
return false;
Modified: branches/safari-600.1-branch/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h 2014-08-05 23:32:32 UTC (rev 172105)
@@ -63,6 +63,9 @@
// FIXME: Remove this once <rdar://problem/17726660> is fixed.
String hstsDatabasePath;
SandboxExtension::Handle hstsDatabasePathExtensionHandle;
+
+ String parentBundleDirectory;
+ SandboxExtension::Handle parentBundleDirectoryExtensionHandle;
#endif
bool shouldUseTestingNetworkSession;
Modified: branches/safari-600.1-branch/Source/WebKit2/UIProcess/WebContext.cpp (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/UIProcess/WebContext.cpp 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/UIProcess/WebContext.cpp 2014-08-05 23:32:32 UTC (rev 172105)
@@ -428,6 +428,10 @@
parameters.hstsDatabasePath = networkingHSTSDatabasePath();
if (!parameters.hstsDatabasePath.isEmpty())
SandboxExtension::createHandle(parameters.hstsDatabasePath, SandboxExtension::ReadWrite, parameters.hstsDatabasePathExtensionHandle);
+
+ parameters.parentBundleDirectory = parentBundleDirectory();
+ if (!parameters.parentBundleDirectory.isEmpty())
+ SandboxExtension::createHandle(parameters.parentBundleDirectory, SandboxExtension::ReadOnly, parameters.parentBundleDirectoryExtensionHandle);
#endif
parameters.shouldUseTestingNetworkSession = m_shouldUseTestingNetworkSession;
Modified: branches/safari-600.1-branch/Source/WebKit2/UIProcess/WebContext.h (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/UIProcess/WebContext.h 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/UIProcess/WebContext.h 2014-08-05 23:32:32 UTC (rev 172105)
@@ -431,6 +431,10 @@
String networkingHSTSDatabasePath() const;
String platformDefaultNetworkingHSTSDatabasePath() const;
+#if PLTFORM(IOS)
+ String parentBundleDirectory() const;
+#endif
+
String containerTemporaryDirectory() const;
#if PLATFORM(COCOA)
Modified: branches/safari-600.1-branch/Source/WebKit2/UIProcess/mac/WebContextMac.mm (172104 => 172105)
--- branches/safari-600.1-branch/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-08-05 23:32:24 UTC (rev 172104)
+++ branches/safari-600.1-branch/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-08-05 23:32:32 UTC (rev 172105)
@@ -323,6 +323,13 @@
#endif
}
+#if PLATFORM(IOS)
+String WebContext::parentBundleDirectory() const
+{
+ return [[[NSBundle mainBundle] bundlePath] stringByStandardizingPath];
+}
+#endif
+
String WebContext::containerTemporaryDirectory() const
{
String path = NSTemporaryDirectory();
