RESOLVED FIXED135121
Provide networking process with access to its HSTS db 
https://bugs.webkit.org/show_bug.cgi?id=135121
Summary Provide networking process with access to its HSTS db
Oliver Hunt
Reported 2014-07-21 11:11:01 PDT
Provide networking process with access to its parent app relative cache directory
Attachments
Patch (7.74 KB, patch)
2014-07-21 11:14 PDT, Oliver Hunt 		no flags
DetailsFormatted DiffDiff
Patch (7.78 KB, patch)
2014-07-22 11:21 PDT, Oliver Hunt 		no flags
DetailsFormatted DiffDiff
Patch (7.57 KB, patch)
2014-07-22 11:42 PDT, Oliver Hunt 		ap: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2014-07-21 11:14:05 PDT
Created attachment 235230 [details] Patch
Alexey Proskuryakov
Comment 2 2014-07-21 12:10:14 PDT
Comment on attachment 235230 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235230&action=review > Source/WebKit2/ChangeLog:14 > + Long term we will probably want to restrict this somewhat, but we obviously > + can't control the exact files the CFNetwork may wish to use and create so > + I'm not sure how feasible this would be. Having discussed this, hopefully we only need to allow HSTS.plist in this location.
Oliver Hunt
Comment 3 2014-07-22 11:00:46 PDT
Comment on attachment 235230 [details] Patch Where trying a much more restrictive approach
Oliver Hunt
Comment 4 2014-07-22 11:21:30 PDT
Created attachment 235300 [details] Patch
Alexey Proskuryakov
Comment 5 2014-07-22 11:27:42 PDT
Comment on attachment 235300 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235300&action=review r=me conditional on adding a FIXME with radar number to make this unnecessary. Please don't land without one. > Source/WebKit2/ChangeLog:10 > + directory in the network process, as the network sandbox s/network process/UI process/ > Source/WebKit2/NetworkProcess/cocoa/NetworkProcessCocoa.mm:64 > + SandboxExtension::consumePermanently(parameters.hstsDatabasePathExtensionHandle); Do we need to do this on OS X? I don't think that we do, so it's confusing to have this code run on both platforms. Confusion in security sensitive code is worse than #ifs. > Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h:63 > + SandboxExtension::Handle hstsDatabasePathExtensionHandle; Can we have a FIXME here with a bug tracking making this unnecessary please? > Source/WebKit2/UIProcess/WebContext.cpp:1218 > + if (!m_overrideNetworkingHSTSDatabasePath.isEmpty()) > + return m_overrideNetworkingHSTSDatabasePath; There is no code anywhere to set m_overrideNetworkingHSTSDatabasePath. Please remove it.
Oliver Hunt
Comment 6 2014-07-22 11:42:34 PDT
Created attachment 235301 [details] Patch
Alexey Proskuryakov
Comment 7 2014-07-22 12:02:06 PDT
Comment on attachment 235301 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=235301&action=review Looks good to me, but still breaking builds. > Source/WebKit2/Shared/Network/NetworkProcessCreationParameters.h:63 > + // Remove this once <rdar://problem/17726660> is fixed. "FIXME: "
Oliver Hunt
Comment 8 2014-07-22 12:59:28 PDT
Committed r171356: <http://trac.webkit.org/changeset/171356>
Note You need to log in before you can comment on or make changes to this bug.