WebKit Bugzilla
Attachment 339519 Details for
Bug 184991
: We should cache the compiled sandbox profile in a data vault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP
a-backup.diff (text/plain), 26.02 KB, created by
Saam Barati
on 2018-05-03 21:43:45 PDT
(
hide
)
Description:
WIP
Filename:
MIME Type:
Creator:
Saam Barati
Created:
2018-05-03 21:43:45 PDT
Size:
26.02 KB
patch
obsolete
>Index: Source/WebKit/Configurations/WebContent-OSX.entitlements >=================================================================== >--- Source/WebKit/Configurations/WebContent-OSX.entitlements (revision 231324) >+++ Source/WebKit/Configurations/WebContent-OSX.entitlements (working copy) >@@ -9,5 +9,7 @@ > </array> > <key>com.apple.private.xpc.domain-extension</key> > <true/> >+ <key>com.apple.rootless.storage.WebKitSandbox</key> >+ <true/> > </dict> > </plist> >Index: Source/WebKit/Configurations/WebContent.Development.entitlements >=================================================================== >--- Source/WebKit/Configurations/WebContent.Development.entitlements (revision 231324) >+++ Source/WebKit/Configurations/WebContent.Development.entitlements (working copy) >@@ -4,5 +4,9 @@ > <dict> > <key>com.apple.security.cs.disable-library-validation</key> > <true/> >+ <key>com.apple.rootless.storage.WebKitSandbox</key> >+ <true/> >+ <key>com.apple.rootless.storage.SafariFamily</key> >+ <true/> > </dict> > </plist> >Index: Source/WebKit/Configurations/WebKit.xcconfig >=================================================================== >--- Source/WebKit/Configurations/WebKit.xcconfig (revision 231324) >+++ Source/WebKit/Configurations/WebKit.xcconfig (working copy) >@@ -82,6 +82,9 @@ WK_MOBILE_CORE_SERVICES_LDFLAGS_cocoatou > WK_MOBILE_GESTALT_LDFLAGS = $(WK_MOBILE_GESTALT_LDFLAGS_$(WK_COCOA_TOUCH)); > WK_MOBILE_GESTALT_LDFLAGS_cocoatouch = -lMobileGestalt; > >+WK_LIBSANDBOX_LDFLAGS = $(WK_LIBSANDBOX_LDFLAGS_$(WK_PLATFORM_NAME)); >+WK_LIBSANDBOX_LDFLAGS_macosx = -lsandbox; >+ > WK_OPENGL_LDFLAGS = $(WK_OPENGL_LDFLAGS_$(WK_PLATFORM_NAME)); > WK_OPENGL_LDFLAGS_iphoneos = -framework OpenGLES; > WK_OPENGL_LDFLAGS_iphoneminimalsimulator = -framework OpenGL; >@@ -109,7 +112,7 @@ WK_SAFE_BROWSING_LDFLAGS_MACOS_SINCE_101 > WK_UIKIT_LDFLAGS = $(WK_UIKIT_LDFLAGS_$(WK_COCOA_TOUCH)); > WK_UIKIT_LDFLAGS_cocoatouch = -framework UIKit; > >-FRAMEWORK_AND_LIBRARY_LDFLAGS = -lobjc -framework CFNetwork -framework CoreAudio -framework CoreFoundation -framework CoreGraphics -framework CoreText -framework Foundation -framework ImageIO -framework IOKit -framework WebKitLegacy -lnetwork $(WK_ACCESSIBILITY_LDFLAGS) $(WK_APPKIT_LDFLAGS) $(WK_ASSERTION_SERVICES_LDFLAGS) $(WK_CARBON_LDFLAGS) $(WK_CORE_PDF_LDFLAGS) $(WK_CORE_PREDICTION_LDFLAGS) $(WK_CORE_SERVICES_LDFLAGS) $(WK_GRAPHICS_SERVICES_LDFLAGS) $(WK_IOSURFACE_LDFLAGS) $(WK_LIBWEBRTC_LDFLAGS) $(WK_MOBILE_CORE_SERVICES_LDFLAGS) $(WK_MOBILE_GESTALT_LDFLAGS) $(WK_OPENGL_LDFLAGS) $(WK_PDFKIT_LDFLAGS) $(WK_SAFE_BROWSING_LDFLAGS) $(WK_UIKIT_LDFLAGS); >+FRAMEWORK_AND_LIBRARY_LDFLAGS = -lobjc -framework CFNetwork -framework CoreAudio -framework CoreFoundation -framework CoreGraphics -framework CoreText -framework Foundation -framework ImageIO -framework IOKit -framework WebKitLegacy -lnetwork $(WK_ACCESSIBILITY_LDFLAGS) $(WK_APPKIT_LDFLAGS) $(WK_ASSERTION_SERVICES_LDFLAGS) $(WK_CARBON_LDFLAGS) $(WK_CORE_PDF_LDFLAGS) $(WK_CORE_PREDICTION_LDFLAGS) $(WK_CORE_SERVICES_LDFLAGS) $(WK_GRAPHICS_SERVICES_LDFLAGS) $(WK_IOSURFACE_LDFLAGS) $(WK_LIBWEBRTC_LDFLAGS) $(WK_MOBILE_CORE_SERVICES_LDFLAGS) $(WK_MOBILE_GESTALT_LDFLAGS) $(WK_OPENGL_LDFLAGS) $(WK_PDFKIT_LDFLAGS) $(WK_SAFE_BROWSING_LDFLAGS) $(WK_UIKIT_LDFLAGS) $(WK_LIBSANDBOX_LDFLAGS); > > // Prevent C++ standard library operator new, delete and their related exception types from being exported as weak symbols. > UNEXPORTED_SYMBOL_LDFLAGS = -Wl,-unexported_symbol -Wl,__ZTISt9bad_alloc -Wl,-unexported_symbol -Wl,__ZTISt9exception -Wl,-unexported_symbol -Wl,__ZTSSt9bad_alloc -Wl,-unexported_symbol -Wl,__ZTSSt9exception -Wl,-unexported_symbol -Wl,__ZdlPvS_ -Wl,-unexported_symbol -Wl,__ZnwmPv -Wl,-unexported_symbol -Wl,__Znwm -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC2EOS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC1EOS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEaSEDn -Wl,-unexported_symbol, -Wl,__ZNKSt3__18functionIFvN7WebCore12PolicyActionEEEclES2_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEE4swapERS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC1ERKS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC2ERKS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEED1Ev -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEED2Ev -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEaSERKS4_ -Wl,-unexported_symbol, -Wl,__ZTVNSt3__117bad_function_callE; >Index: Source/WebKit/Shared/mac/ChildProcessMac.mm >=================================================================== >--- Source/WebKit/Shared/mac/ChildProcessMac.mm (revision 231324) >+++ Source/WebKit/Shared/mac/ChildProcessMac.mm (working copy) >@@ -42,11 +42,21 @@ > #import <sysexits.h> > #import <wtf/Scope.h> > #import <wtf/spi/darwin/SandboxSPI.h> >+#import <wtf/DataLog.h> >+#import <pal/crypto/CryptoDigest.h> > > #if USE(APPLE_INTERNAL_SDK) > #include <HIServices/ProcessesPriv.h> > #endif > >+extern "C" { >+#import <sandbox/libsandbox.h> >+} >+#import <rootless.h> >+ >+#import "SandboxUtilities.h" >+#import <wtf/WallTime.h> >+ > typedef bool (^LSServerConnectionAllowedBlock) ( CFDictionaryRef optionsRef ); > extern "C" void _LSSetApplicationLaunchServicesServerConnectionStatus(uint64_t flags, LSServerConnectionAllowedBlock block); > extern "C" CFDictionaryRef _LSApplicationCheckIn(int sessionID, CFDictionaryRef applicationInfo); >@@ -110,6 +120,13 @@ static OSStatus enableSandboxStyleFileQu > #endif > } > >+static bool verbose = false; >+template<typename... Types> >+void verboseLog(const Types&... values) >+{ >+ dataLogLnIf(verbose, values...); >+} >+ > void ChildProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters) > { > #if WK_API_ENABLED >@@ -142,6 +159,17 @@ void ChildProcess::initializeSandbox(con > String osVersion = osVersionParts[0] + '.' + osVersionParts[1]; > sandboxParameters.addParameter("_OS_VERSION", osVersion.utf8().data()); > >+ char darwinUserCacheDir[PATH_MAX]; >+ { >+ char temp[PATH_MAX]; >+ if (!confstr(_CS_DARWIN_USER_CACHE_DIR, temp, sizeof(temp))) { >+ WTFLogAlways("%s: couldn't retrieve private cache directory path: %d\n", getprogname(), errno); >+ exit(EX_NOPERM); >+ } >+ if (!realpath(temp, darwinUserCacheDir)) >+ CRASH(); >+ } >+ > // Use private temporary and cache directories. > setenv("DIRHELPER_USER_DIR_SUFFIX", FileSystem::fileSystemRepresentation(sandboxParameters.userDirectorySuffix()).data(), 1); > char temporaryDirectory[PATH_MAX]; >@@ -169,46 +197,403 @@ void ChildProcess::initializeSandbox(con > String path = String::fromUTF8(pwd.pw_dir); > path.append("/Library"); > >+ String libraryPath = path; >+ > sandboxParameters.addPathParameter("HOME_LIBRARY_DIR", FileSystem::fileSystemRepresentation(path).data()); > > path.append("/Preferences"); > > sandboxParameters.addPathParameter("HOME_LIBRARY_PREFERENCES_DIR", FileSystem::fileSystemRepresentation(path).data()); > >- switch (sandboxParameters.mode()) { >- case SandboxInitializationParameters::UseDefaultSandboxProfilePath: >- case SandboxInitializationParameters::UseOverrideSandboxProfilePath: { >+ auto startTime = WallTime::now(); >+ bool didApplySandbox = [&] { >+ using SandboxProfile = typename std::remove_pointer<sandbox_profile_t>::type; >+ >+ static constexpr uint32_t versionNumber = 0; >+ struct CachedFileHeader { >+ uint32_t versionNumber; >+ uint32_t sandboxHeaderSize; >+ uint32_t sandboxBuiltinSize; // If a builtin doesn't exist, this is UINT_MAX >+ uint32_t sandboxDataSize; >+ // OOPS: build in versioning based on webkit binary. >+ }; >+ // The file is layed out on disk like: >+ // byte 0 >+ // CachedFileHeader <- sizeof(CachedFileHeader) bytes >+ // SandboxHeader <- sandboxHeaderSize bytes >+ // [SandboxBuiltin] optional. Present if sanboxBuiltinSize is not UINT_MAX. If present, sandboxBuiltinSize bytes. >+ // SandboxData <- sandboxDataSize bytes >+ // byte N >+ >+ auto getFileContents = [] (const String& path) -> std::optional<Vector<char>> { >+ FileSystem::PlatformFileHandle handle = openFile(path, FileSystem::FileOpenMode::Read); >+ >+ if (handle == FileSystem::invalidPlatformFileHandle) { >+ verboseLog("Can't get file handle for path: ", path); >+ return std::nullopt; >+ } >+ >+ auto closeFileOnExit = makeScopeExit([&] { >+ FileSystem::closeFile(handle); >+ }); >+ >+ long long fileSize; >+ if (!FileSystem::getFileSize(handle, fileSize)) { >+ verboseLog("Could not get size for file: ", path); >+ return std::nullopt; >+ } >+ RELEASE_ASSERT(fileSize >= 0); >+ >+ Vector<char> contents(safeCast<size_t>(fileSize)); >+ int bytesRead = FileSystem::readFromFile(handle, contents.data(), safeCast<size_t>(fileSize)); >+ if (safeCast<int>(fileSize) != bytesRead) { >+ verboseLog("Could not read the file: ", path); >+ return std::nullopt; >+ } >+ >+ return WTFMove(contents); >+ }; >+ >+ if (sandboxParameters.mode() != SandboxInitializationParameters::UseDefaultSandboxProfilePath >+ && sandboxParameters.mode() != SandboxInitializationParameters::UseOverrideSandboxProfilePath) >+ return false; >+ > String sandboxProfilePath = sandboxParameters.mode() == SandboxInitializationParameters::UseDefaultSandboxProfilePath ? defaultProfilePath : sandboxParameters.overrideSandboxProfilePath(); >- if (!sandboxProfilePath.isEmpty()) { >- CString profilePath = FileSystem::fileSystemRepresentation(sandboxProfilePath); >+ if (sandboxProfilePath.isEmpty()) >+ return false; >+ >+ sandbox_params_t sandboxParams = sandbox_create_params(); >+ auto freeParamsOnExit = makeScopeExit([&] { >+ sandbox_free_params(sandboxParams); >+ }); >+ >+ Vector<uint8_t> sandboxHeader; >+ Vector<char> sandboxSBFileContents; >+ // Compute the sandbox header size. >+ { >+ Checked<size_t> headerSize = 0; >+ for (size_t i = 0; i < sandboxParameters.count(); ++i) { >+ const char* name = sandboxParameters.name(i); >+ const char* value = sandboxParameters.value(i); >+ if (sandbox_set_param(sandboxParams, name, value)) >+ CRASH(); >+ headerSize += strlen(name) + 1; >+ headerSize += strlen(value) + 1; >+ } >+ >+ >+ if (auto fileContents = getFileContents(sandboxProfilePath)) >+ sandboxSBFileContents = WTFMove(*fileContents); >+ else >+ return false; >+ >+ headerSize += sandboxSBFileContents.size(); >+ sandboxHeader = Vector<uint8_t>(headerSize.unsafeGet()); >+ } >+ >+ // Write out the sandbox header. >+ { >+ size_t cursor = 0; >+ for (size_t i = 0; i < sandboxParameters.count(); ++i) { >+ auto appendCString = [&] (const char* value) { >+ size_t length = strlen(value); >+ RELEASE_ASSERT(cursor + length < sandboxHeader.size()); >+ memcpy(sandboxHeader.data() + cursor, value, length); >+ cursor += length; >+ RELEASE_ASSERT(cursor + 1 <= sandboxHeader.size()); >+ sandboxHeader[cursor] = bitwise_cast<uint8_t>(':'); >+ ++cursor; >+ }; >+ >+ const char* name = sandboxParameters.name(i); >+ appendCString(name); >+ const char* value = sandboxParameters.value(i); >+ appendCString(value); >+ } >+ >+ memcpy(sandboxHeader.data() + cursor, sandboxSBFileContents.data(), sandboxSBFileContents.size()); >+ cursor += sandboxSBFileContents.size(); >+ RELEASE_ASSERT(cursor == sandboxHeader.size()); >+ } >+ >+ >+ String sandboxDirectory = darwinUserCacheDir; // OOPS: Do we want to just use the one w/ client identifier appended to it? >+#if USE(APPLE_INTERNAL_SDK) >+ sandboxDirectory.append("/com.apple.WebKit.WebKitSandboxDataVault"); >+#else >+ sandboxDirectory.append("/com.apple.WebKit.WebKitSandbox"); >+#endif >+ >+ String sandboxFile = sandboxDirectory; >+ sandboxFile.append("/CompiledSandbox+"); >+ sandboxFile.append(sandboxParameters.userDirectorySuffix()); >+ sandboxFile.append('+'); >+ { >+ auto crypto = PAL::CryptoDigest::create(PAL::CryptoDigest::Algorithm::SHA_1); >+ crypto->addBytes(sandboxHeader.data(), sandboxHeader.size()); >+ Vector<uint8_t> hash = crypto->computeHash(); >+ char* hashAsString = static_cast<char*>(fastMalloc(hash.size() * 2 + 1)); >+ char* ptr = hashAsString; >+ for (uint8_t byte : hash) { >+ sprintf(ptr, "%02x", byte); >+ ptr += 2; >+ } >+ *ptr = '\0'; >+ RELEASE_ASSERT(static_cast<uintptr_t>(ptr - hashAsString) == hash.size() * 2); >+ dataLogLn("hashAsString extension: ", hashAsString); >+ sandboxFile.append(hashAsString); >+ } >+ >+ //verboseLog("web proc Has entitlement 'com.apple.rootless.storage.WebKitSandbox': ", processHasEntitlement(@"com.apple.rootless.storage.WebKitSandbox")); >+ //verboseLog("web proc Has entitlement 'com.apple.rootless.storage.SafariFamily': ", processHasEntitlement(@"com.apple.rootless.storage.SafariFamily")); >+ >+ bool didApplyCachedSandbox = [&] { >+ Vector<char> compiledFile; >+ if (auto maybeCompiledFile = getFileContents(sandboxFile)) >+ compiledFile = WTFMove(*maybeCompiledFile); >+ else >+ return false; >+ >+ size_t cursor = 0; >+ auto readHeader = [&] (CachedFileHeader& value) { >+ if (cursor + sizeof(CachedFileHeader) > compiledFile.size()) >+ return false; >+ memcpy(&value, compiledFile.data() + cursor, sizeof(CachedFileHeader)); >+ cursor += sizeof(CachedFileHeader); >+ return true; >+ }; >+ >+ CachedFileHeader header; >+ if (!readHeader(header)) { >+ verboseLog("Cached file is smaller than sizeof(CachedFileHeader)"); >+ return false; >+ } >+ >+ if (header.versionNumber != versionNumber) { >+ verboseLog("cached file has old version number: ", header.versionNumber); >+ return false; >+ } >+ >+ size_t expectedFileSize = sizeof(CachedFileHeader) + header.sandboxHeaderSize + header.sandboxDataSize; >+ bool haveBuiltin = header.sandboxBuiltinSize != std::numeric_limits<uint32_t>::max(); >+ if (haveBuiltin) >+ expectedFileSize += header.sandboxBuiltinSize; >+ >+ if (compiledFile.size() != expectedFileSize) { >+ verboseLog("Cached file has wrong file size."); >+ return false; >+ } >+ >+ if (header.sandboxHeaderSize != sandboxHeader.size()) { >+ verboseLog("header size different from cached header size"); >+ return false; >+ } >+ >+ if (memcmp(sandboxHeader.data(), compiledFile.data() + cursor, sandboxHeader.size())) { >+ verboseLog("Header and cached header do not have the same contents."); >+ return false; >+ } >+ cursor += sandboxHeader.size(); >+ >+ SandboxProfile profile; >+ profile.builtin = nullptr; >+ profile.size = header.sandboxDataSize; >+ if (haveBuiltin) { >+ profile.builtin = static_cast<char*>(fastMalloc(header.sandboxBuiltinSize + 1)); >+ memcpy(profile.builtin, compiledFile.data() + cursor, header.sandboxBuiltinSize); >+ profile.builtin[header.sandboxBuiltinSize] = '\0'; >+ cursor += header.sandboxBuiltinSize; >+ } >+ auto freeBuiltinOnExit = makeScopeExit([&] { >+ if (profile.builtin) >+ fastFree(profile.builtin); >+ }); >+ profile.data = bitwise_cast<unsigned char*>(compiledFile.data()) + cursor; >+ RELEASE_ASSERT(cursor + profile.size == compiledFile.size()); >+ >+ if (sandbox_apply(&profile)) { >+ verboseLog("could not apply cached sandbox"); >+ // OOPS: should we return false here, so we can fallback perhaps? >+ CRASH(); >+ } >+ >+ verboseLog("Applied cached sandbox successfully"); >+ return true; >+ }(); >+ >+ if (didApplyCachedSandbox) >+ return true; >+ >+ bool hasSandboxDirectory = FileSystem::fileIsDirectory(sandboxDirectory, FileSystem::ShouldFollowSymbolicLinks::Yes); >+ if (!hasSandboxDirectory) { >+#if USE(APPLE_INTERNAL_SDK) >+ CString sandboxPath = FileSystem::fileSystemRepresentation(sandboxDirectory); >+ bool madeDirectory = rootless_mkdir_datavault(sandboxPath.data(), 0700, "WebKitSandbox") == 0; >+ if (madeDirectory) >+ verboseLog("Made rootless directory: ", sandboxPath); >+ else >+ verboseLog("Could not make rootless directory, errno: ", errno); >+#else >+ bool madeDirectory = FileSystem::makeAllDirectories(sandboxDirectory); >+#endif >+ if (madeDirectory) { >+ ASSERT(FileSystem::fileIsDirectory(sandboxDirectory, FileSystem::ShouldFollowSymbolicLinks::Yes)); >+ verboseLog("Created sandbox directory: ", sandboxDirectory); >+ hasSandboxDirectory = true; >+ } else { >+ // We may have raced with someone else making it. That's ok. >+ hasSandboxDirectory = FileSystem::fileIsDirectory(sandboxDirectory, FileSystem::ShouldFollowSymbolicLinks::Yes); >+ } >+ } >+ >+ if (!hasSandboxDirectory) { >+ verboseLog("Bailing because we don't have a sandbox directory"); >+ return false; >+ } >+ >+ char* error = nullptr; >+ CString profilePath = FileSystem::fileSystemRepresentation(sandboxProfilePath); >+ SandboxProfile* sandboxProfile = sandbox_compile_file(profilePath.data(), sandboxParams, &error); >+ if (!sandboxProfile) { >+ WTFLogAlways("%s: Couldn't compile WebContent sandbox %s\n", getprogname(), error); >+ CRASH(); >+ } >+ auto freeSandboxOnExit = makeScopeExit([&] { >+ sandbox_free_profile(sandboxProfile); >+ }); >+ >+ Checked<size_t> fileSize = 0; >+ fileSize += sizeof(CachedFileHeader); >+ fileSize += sandboxHeader.size(); >+ if (sandboxProfile->builtin) >+ fileSize += strlen(sandboxProfile->builtin); >+ fileSize += sandboxProfile->size; >+ >+ CachedFileHeader header { >+ versionNumber, >+ safeCast<uint32_t>(sandboxHeader.size()), >+ sandboxProfile->builtin ? safeCast<uint32_t>(strlen(sandboxProfile->builtin)) : std::numeric_limits<uint32_t>::max(), >+ safeCast<uint32_t>(sandboxProfile->size) >+ }; >+ >+ Vector<char> fileContents(fileSize.unsafeGet()); >+ >+ // Write out our file content into a temporary vector. >+ { >+ size_t cursor = 0; >+ >+ RELEASE_ASSERT(cursor + sizeof(CachedFileHeader) <= fileContents.size()); >+ memcpy(fileContents.data() + cursor, &header, sizeof(CachedFileHeader)); >+ cursor += sizeof(CachedFileHeader); >+ >+ RELEASE_ASSERT(cursor + sandboxHeader.size() <= fileContents.size()); >+ memcpy(fileContents.data() + cursor, sandboxHeader.data(), sandboxHeader.size()); >+ cursor += sandboxHeader.size(); >+ >+ if (sandboxProfile->builtin) { >+ size_t length = strlen(sandboxProfile->builtin); >+ RELEASE_ASSERT(cursor + length <= fileContents.size()); >+ memcpy(fileContents.data() + cursor, sandboxProfile->builtin, length); >+ cursor += length; >+ } >+ >+ RELEASE_ASSERT(cursor + sandboxProfile->size == fileContents.size()); >+ memcpy(fileContents.data() + cursor, sandboxProfile->data, sandboxProfile->size); >+ } >+ >+ FileSystem::PlatformFileHandle tempHandle; >+ String tempFileString; >+ CString tempFilePath; >+ for (unsigned i = 0; true; ++i) { >+ tempFileString = sandboxDirectory; >+ tempFileString.append("/tempfile"); >+ if (i) >+ tempFileString.append(String::number(i)); >+ tempFilePath = FileSystem::fileSystemRepresentation(tempFileString); >+ if (tempFilePath.isNull()) >+ return false; >+ tempHandle = open(tempFilePath.data(), (O_WRONLY | O_CREAT | O_EXCL), 0666); >+ if (tempHandle != FileSystem::invalidPlatformFileHandle) >+ break; >+ if (errno != EEXIST) >+ return false; >+ verboseLog("errno is EEXIST, looping back and trying again: ", tempFileString); >+ } >+ >+ bool didRenameFile = false; >+ ASSERT(tempHandle != FileSystem::invalidPlatformFileHandle); >+ int writeSize = FileSystem::writeToFile(tempHandle, bitwise_cast<const char*>(fileContents.data()), safeCast<int>(fileContents.size())); >+ if (writeSize == safeCast<int>(fileContents.size())) { >+ // Rename the temp file to the expected file. We do it this way because this is an atomic operation. >+ // OOPS: What is the behavior if this happens concurrently to read when the file already exists? >+ CString sandboxFilePath = FileSystem::fileSystemRepresentation(sandboxFile); >+ if (!sandboxFilePath.isNull()) { >+ verboseLog("Renaming from: '", tempFilePath, "' to: '", sandboxFile, "'"); >+ if (!rename(tempFilePath.data(), sandboxFilePath.data())) { >+ didRenameFile = true; >+ verboseLog("Rename succeeded"); >+ } else >+ verboseLog("Rename failed: ", errno); >+ } >+ } else { >+ verboseLog("Did not successfully write file temp file: ", tempFilePath); >+ } >+ >+ FileSystem::closeFile(tempHandle); >+ >+ if (!didRenameFile) >+ FileSystem::deleteFile(tempFileString); >+ >+ if (sandbox_apply(sandboxProfile)) { >+ verboseLog("could not apply compiled sandbox!"); >+ WTFLogAlways("%s: Couldn't apply compiled sandbox profile, errno: %d\n", getprogname(), errno); >+ exit(EX_NOPERM); >+ } >+ >+ return true; >+ }(); >+ >+ if (didApplySandbox) { >+ auto endTime = WallTime::now(); >+ dataLogLn("Apply time: ", (endTime - startTime).milliseconds()); >+ } >+ >+ if (!didApplySandbox) { >+ switch (sandboxParameters.mode()) { >+ case SandboxInitializationParameters::UseDefaultSandboxProfilePath: >+ case SandboxInitializationParameters::UseOverrideSandboxProfilePath: { >+ String sandboxProfilePath = sandboxParameters.mode() == SandboxInitializationParameters::UseDefaultSandboxProfilePath ? defaultProfilePath : sandboxParameters.overrideSandboxProfilePath(); >+ if (!sandboxProfilePath.isEmpty()) { >+ CString profilePath = FileSystem::fileSystemRepresentation(sandboxProfilePath); >+ char* errorBuf; >+#pragma clang diagnostic push >+#pragma clang diagnostic ignored "-Wdeprecated-declarations" >+ if (sandbox_init_with_parameters(profilePath.data(), SANDBOX_NAMED_EXTERNAL, sandboxParameters.namedParameterArray(), &errorBuf)) { >+#pragma clang diagnostic pop >+ WTFLogAlways("%s: Couldn't initialize sandbox profile [%s], error '%s'\n", getprogname(), profilePath.data(), errorBuf); >+ for (size_t i = 0, count = sandboxParameters.count(); i != count; ++i) >+ WTFLogAlways("%s=%s\n", sandboxParameters.name(i), sandboxParameters.value(i)); >+ exit(EX_NOPERM); >+ } >+ } >+ >+ break; >+ } >+ case SandboxInitializationParameters::UseSandboxProfile: { > char* errorBuf; > #pragma clang diagnostic push > #pragma clang diagnostic ignored "-Wdeprecated-declarations" >- if (sandbox_init_with_parameters(profilePath.data(), SANDBOX_NAMED_EXTERNAL, sandboxParameters.namedParameterArray(), &errorBuf)) { >+ if (sandbox_init_with_parameters(sandboxParameters.sandboxProfile().utf8().data(), 0, sandboxParameters.namedParameterArray(), &errorBuf)) { > #pragma clang diagnostic pop >- WTFLogAlways("%s: Couldn't initialize sandbox profile [%s], error '%s'\n", getprogname(), profilePath.data(), errorBuf); >+ WTFLogAlways("%s: Couldn't initialize sandbox profile, error '%s'\n", getprogname(), errorBuf); > for (size_t i = 0, count = sandboxParameters.count(); i != count; ++i) > WTFLogAlways("%s=%s\n", sandboxParameters.name(i), sandboxParameters.value(i)); > exit(EX_NOPERM); > } >- } > >- break; >- } >- case SandboxInitializationParameters::UseSandboxProfile: { >- char* errorBuf; >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wdeprecated-declarations" >- if (sandbox_init_with_parameters(sandboxParameters.sandboxProfile().utf8().data(), 0, sandboxParameters.namedParameterArray(), &errorBuf)) { >-#pragma clang diagnostic pop >- WTFLogAlways("%s: Couldn't initialize sandbox profile, error '%s'\n", getprogname(), errorBuf); >- for (size_t i = 0, count = sandboxParameters.count(); i != count; ++i) >- WTFLogAlways("%s=%s\n", sandboxParameters.name(i), sandboxParameters.value(i)); >- exit(EX_NOPERM); >+ break; >+ } > } >- >- break; >- } > } > > // This will override LSFileQuarantineEnabled from Info.plist unless sandbox quarantine is globally disabled.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=339519">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 184991
:
338858
|
338915
|
338951
|
338955
|
338963
|
338968
|
339519
|
342768
|
342781
|
342796
|
342947
|
342973
|
342997
|
343006
|
343012
|
343014
|
343025
|
343051
|
343063
|
343073
|
343094
|
343110
|
343126
|
343354
|
343356
|
343456
|
343554
|
343574
|
343651
|
343655
|
343771
|
343774
|
343776
|
343804
|
344130
|
344805
|
344832
|
345206
|
345287
|
345311
|
345327
|
345377
|
345392
|
345405
|
345588
|
345598
|
346440
|
346558
|
346743
|
346810
|
346841
|
347144
|
347170