RESOLVED FIXED Bug 170387
[Cocoa] Allow clients to specify in _WKProcessPoolConfiguration additional directory sandbox extensions 
https://bugs.webkit.org/show_bug.cgi?id=170387
Summary [Cocoa] Allow clients to specify in _WKProcessPoolConfiguration additional di...
mitz
Reported 2017-04-01 17:49:32 PDT
A client with a an injected bundle would like Web Content processes that load its bundle to have read access to additional directories which the bundle code needs. We can add _WKProcessPoolConfiguration API for specifying an array of file URLs of additional directories for which to grant a sandbox extension to the Web process.
Attachments
Add additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration (30.01 KB, patch)
2017-04-13 21:17 PDT, mitz 		sam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2017-04-13 21:17:02 PDT
Created attachment 307089 [details] Add additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration
Sam Weinig
Comment 2 2017-04-13 21:27:41 PDT
Comment on attachment 307089 [details] Add additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration View in context: https://bugs.webkit.org/attachment.cgi?id=307089&action=review > Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:121 > + paths.reserveCapacity(additionalReadAccessAllowedURLs.count); This can use reserveInitialCapacity for a little bit of a speed bump.
Sam Weinig
Comment 3 2017-04-13 21:28:46 PDT
Comment on attachment 307089 [details] Add additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration View in context: https://bugs.webkit.org/attachment.cgi?id=307089&action=review > Source/WebKit2/Shared/WebProcessCreationParameters.h:68 > + SandboxExtension::HandleArray additionalSandboxExtensionHandles; Unrelated, but we really should get rid of HandleArray since we now know how to deal with move-only types in Vector :).
mitz
Comment 4 2017-04-13 21:31:14 PDT
Comment on attachment 307089 [details] Add additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration View in context: https://bugs.webkit.org/attachment.cgi?id=307089&action=review >> Source/WebKit2/Shared/WebProcessCreationParameters.h:68 >> + SandboxExtension::HandleArray additionalSandboxExtensionHandles; > > Unrelated, but we really should get rid of HandleArray since we now know how to deal with move-only types in Vector :). I didn’t even know about HandleArray when I wrote this as a plain Vector<SandboxExtension::Handle>, but then things broke at runtime, so I switched to HandleArray. >> Source/WebKit2/UIProcess/API/Cocoa/_WKProcessPoolConfiguration.mm:121 >> + paths.reserveCapacity(additionalReadAccessAllowedURLs.count); > > This can use reserveInitialCapacity for a little bit of a speed bump. Will bump.
mitz
Comment 5 2017-04-13 21:33:20 PDT
Committed <https://trac.webkit.org/r215355>.
Sam Weinig
Comment 6 2017-04-13 21:37:38 PDT
(In reply to mitz from comment #4) > Comment on attachment 307089 [details] > Add additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration > > View in context: > https://bugs.webkit.org/attachment.cgi?id=307089&action=review > > >> Source/WebKit2/Shared/WebProcessCreationParameters.h:68 > >> + SandboxExtension::HandleArray additionalSandboxExtensionHandles; > > > > Unrelated, but we really should get rid of HandleArray since we now know how to deal with move-only types in Vector :). > > I didn’t even know about HandleArray when I wrote this as a plain > Vector<SandboxExtension::Handle>, but then things broke at runtime, so I > switched to HandleArray. Broke you say. I wonder if we need to teach Handle to move correctly. If you remember / know, what broke?
mitz
Comment 7 2017-04-13 21:39:18 PDT
(In reply to Sam Weinig from comment #6) > (In reply to mitz from comment #4) > > Comment on attachment 307089 [details] > > Add additionalReadAccessAllowedURLs property to _WKProcessPoolConfiguration > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=307089&action=review > > > > >> Source/WebKit2/Shared/WebProcessCreationParameters.h:68 > > >> + SandboxExtension::HandleArray additionalSandboxExtensionHandles; > > > > > > Unrelated, but we really should get rid of HandleArray since we now know how to deal with move-only types in Vector :). > > > > I didn’t even know about HandleArray when I wrote this as a plain > > Vector<SandboxExtension::Handle>, but then things broke at runtime, so I > > switched to HandleArray. > > Broke you say. I wonder if we need to teach Handle to move correctly. If you > remember / know, what broke? The underlying platform object was getting double-freed, probably meaning that the “move” didn’t clear the pointer in the donor handle?
mitz
Comment 8 2017-04-21 14:38:15 PDT
<rdar://problem/13191458>
Note You need to log in before you can comment on or make changes to this bug.