Created attachment 352457 [details] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox

Comment on attachment 352457 [details] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox View in context: https://bugs.webkit.org/attachment.cgi?id=352457&action=review > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:43 > +static int createSealedMemFdWithData(const char *name, gconstpointer data, size_t size) const char* name > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:129 > + void setPermissions(Vector<CString>& permissions) Vector<CString>&& > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:132 > + m_permissions = permissions; WTFMove(permissions) > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:651 > + g_warning("GApplication is required for portal access"); This warning message should be a bit more detailed, so users understand what is actually wrong: "GApplication is required for xdg-desktop-portal access in the WebKit sandbox. Actions that require xdg-desktop-portal will be broken. To fix this, create a GApplication." or something along those lines. > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:738 > + // xdg-desktop-portal defaults to assuming you are host application with > + // full permissions unless it can identify you as a snap or flatpak. > + // The easiest method is for us to pretend to be a flatpak and if that > + // fails just blocking portals entirely as it just becomes a sandbox escape. Is Alex OK with supporting this hackery? It's OK for now, but seems like not a great long-term solution.

Comment on attachment 352457 [details] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox View in context: https://bugs.webkit.org/attachment.cgi?id=352457&action=review > Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:805 > + proxy.setPermissions(permissions); WTFMove() here as well. Basically, whenever you are sinking a value into a caller such that the callee doesn't need it anymore, consider WTFMove() and &&.

Created attachment 352478 [details] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox

Comment on attachment 352478 [details] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox View in context: https://bugs.webkit.org/attachment.cgi?id=352478&action=review > Source/WebKit/ChangeLog:14 > + (WebKit::XDGDBusProxyLauncher::setPermissions): Umm this hunk of the patch disappeared, what happened to it? How does it build?

(In reply to Michael Catanzaro from comment #5) > > Source/WebKit/ChangeLog:14 > > + (WebKit::XDGDBusProxyLauncher::setPermissions): > > Umm this hunk of the patch disappeared, what happened to it? How does it > build? Already had a version that took `Vector<CString>&&`. Was just missing `WTFMove()` which makes sense.

Comment on attachment 352478 [details] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox Clearing flags on attachment: 352478 Committed r237213: <https://trac.webkit.org/changeset/237213>

All reviewed patches have been landed. Closing bug.

<rdar://problem/45326563>