Bug 189967

Summary: [WPE][GTK] Remove network access from WebProcess in sandbox
Product: WebKit Reporter: Patrick Griffis <pgriffis>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: aboya, bugs-noreply, calvaris, commit-queue, cturner, mcatanzaro, pnormand, tsaunier
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 195631, 195948    
Bug Blocks: 189956    
Attachments:
Description Flags
WiP patch
none
Patch none

Description Patrick Griffis 2018-09-25 11:54:33 PDT
Currently the WebProcess requires network access because GStreamer requires it for HLS (HTTP Live Streaming)
possibly among other features.

This is a hole that shouldn't exist since that is the purpose of a separate NetworkProcess. We need
to figure out some way to proxy data through that to GStreamer.
Comment 1 Philippe Normand 2018-09-26 08:01:07 PDT
Our internal httpsrc element was used in the past for HLS/etc fragments downloading, when the URI scheme it exposes was http(s), without the webkit+ prefix.

This had bad side effects for multimedia applications depending on WebKit...

Ideally I think the gst adaptivedemux and its uridownloader element should try to reuse the src element initially used for the manifest download.
Comment 2 Philippe Normand 2018-09-26 08:02:30 PDT
(In reply to Philippe Normand from comment #1)
> Ideally I think the gst adaptivedemux and its uridownloader element should
> try to reuse the src element initially used for the manifest download.

I hit "save changes" too early. :)
What I meant was the uridownloader should instantiate the same element type that was used for the manifest download, if possible.
Comment 3 Philippe Normand 2019-03-05 05:29:53 PST
Created attachment 363638 [details]
WiP patch

With this webkitwebsrc is used to download HLS/etc fragments and it works if the webprocess has no network access as well. The patch breaks 2 HLS cookie checking layout tests though, so needs some more investigation.
Comment 4 Philippe Normand 2019-03-12 11:08:21 PDT
*** Bug 181377 has been marked as a duplicate of this bug. ***
Comment 5 Michael Catanzaro 2019-03-18 07:18:46 PDT
(In reply to Patrick Griffis from comment #0)
> Currently the WebProcess requires network access because GStreamer requires
> it for HLS (HTTP Live Streaming)
> possibly among other features.
> 
> This is a hole that shouldn't exist since that is the purpose of a separate
> NetworkProcess. We need
> to figure out some way to proxy data through that to GStreamer.

Should be possible to try this now that Phil has handled HLS.
Comment 6 Philippe Normand 2019-03-18 07:23:32 PDT
HLS is not handled yet, the WiP patch attached here needs to be finished.
Comment 7 Philippe Normand 2019-03-18 10:29:41 PDT
*** Bug 169964 has been marked as a duplicate of this bug. ***
Comment 8 Philippe Normand 2019-03-19 08:59:59 PDT
Comment on attachment 363638 [details]
WiP patch

See bug #195948 ... I'll leave this one open for the BubbleWrap changes, not specific to GStreamer.
Comment 9 Philippe Normand 2019-03-20 07:19:38 PDT
(In reply to Michael Catanzaro from comment #5)
> (In reply to Patrick Griffis from comment #0)
> > Currently the WebProcess requires network access because GStreamer requires
> > it for HLS (HTTP Live Streaming)
> > possibly among other features.
> > 
> > This is a hole that shouldn't exist since that is the purpose of a separate
> > NetworkProcess. We need
> > to figure out some way to proxy data through that to GStreamer.
> 
> Should be possible to try this now that Phil has handled HLS.

Now it is handled, there's no remaining blocker for this issue. Feel free to close the network hole from the WebProcess \o/
Comment 10 Patrick Griffis 2019-03-25 12:45:47 PDT
Created attachment 365882 [details]
Patch
Comment 11 WebKit Commit Bot 2019-03-25 13:38:22 PDT
Comment on attachment 365882 [details]
Patch

Clearing flags on attachment: 365882

Committed r243449: <https://trac.webkit.org/changeset/243449>
Comment 12 WebKit Commit Bot 2019-03-25 13:38:24 PDT
All reviewed patches have been landed.  Closing bug.