Bug 79709 - [Mac] Add an experimental SPI for plug-ins to enter sandbox
Summary: [Mac] Add an experimental SPI for plug-ins to enter sandbox
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alexey Proskuryakov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-27 15:36 PST by Alexey Proskuryakov
Modified: 2012-02-28 15:18 PST (History)
5 users (show)

See Also:


Attachments
proposed patch (27.32 KB, patch)
2012-02-27 15:42 PST, Alexey Proskuryakov
no flags Details | Formatted Diff | Diff
style fix, and added a comment (27.44 KB, patch)
2012-02-27 17:12 PST, Alexey Proskuryakov
andersca: review+
gustavo.noronha: commit-queue-
Details | Formatted Diff | Diff
patch for landing (27.71 KB, patch)
2012-02-28 12:48 PST, Alexey Proskuryakov
webkit.review.bot: commit-queue-
Details | Formatted Diff | Diff
patch for landing (27.71 KB, patch)
2012-02-28 12:58 PST, Alexey Proskuryakov
no flags Details | Formatted Diff | Diff
Patch (2.08 KB, patch)
2012-02-28 14:21 PST, Rafael Brandao
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Proskuryakov 2012-02-27 15:36:46 PST
...
Comment 1 Alexey Proskuryakov 2012-02-27 15:42:25 PST
Created attachment 129116 [details]
proposed patch

This has been previously discussed on plugin-futures, adding an experimental implementation to validate the approach.
Comment 2 WebKit Review Bot 2012-02-27 15:49:28 PST
Attachment 129116 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/WebKit2/ChangeLog', u'Source/WebKit..." exit_code: 1
Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:32:  Alphabetical sorting problem.  [build/include_order] [4]
Total errors found: 1 in 7 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Alexey Proskuryakov 2012-02-27 17:12:52 PST
Created attachment 129141 [details]
style fix, and added a comment
Comment 4 WebKit Review Bot 2012-02-27 17:17:19 PST
Attachment 129141 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/WebKit2/ChangeLog', u'Source/WebKit..." exit_code: 1
Source/WebKit2/WebProcess/Plugins/Netscape/NetscapeBrowserFuncs.cpp:32:  Alphabetical sorting problem.  [build/include_order] [4]
Total errors found: 1 in 7 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 5 Collabora GTK+ EWS bot 2012-02-27 17:29:09 PST
Comment on attachment 129141 [details]
style fix, and added a comment

Attachment 129141 [details] did not pass gtk-ews (gtk):
Output: http://queues.webkit.org/results/11645287
Comment 6 Sam Weinig 2012-02-27 17:50:26 PST
Comment on attachment 129141 [details]
style fix, and added a comment

View in context: https://bugs.webkit.org/attachment.cgi?id=129141&action=review

This seems to have problems building.

> Source/WebKit2/ChangeLog:10
> +        * PluginProcess/mac/plugin.sb: Added.

The sandbox profile for the WebProcess is called, com.apple.WebProcess.sb. Should we match the naming convention?  Also, is it possible/a good idea to extract a set of both profiles that are common and share them?
Comment 7 Alexey Proskuryakov 2012-02-27 18:01:11 PST
> This seems to have problems building.

Fixed a non-Mac issue locally, but mostly it depends on WKSI changes that are yet to be landed.

> The sandbox profile for the WebProcess is called, com.apple.WebProcess.sb. Should we match the naming convention?

I don't really care, I liked plugin.sb.

>  Also, is it possible/a good idea to extract a set of both profiles that are common and share them?

I think that at this stage, it's easier to maintain them separately.
Comment 8 Anders Carlsson 2012-02-28 11:22:41 PST
Comment on attachment 129141 [details]
style fix, and added a comment

I think plugin.sb should be com.apple.PluginProcess.sb to match the WebProcess name.
Comment 9 Alexey Proskuryakov 2012-02-28 12:48:57 PST
Created attachment 129311 [details]
patch for landing
Comment 10 WebKit Review Bot 2012-02-28 12:53:05 PST
Comment on attachment 129311 [details]
patch for landing

Rejecting attachment 129311 [details] from commit-queue.

Failed to run "['/mnt/git/webkit-commit-queue/Tools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '-..." exit_code: 1

Ander Carlsson found in /mnt/git/webkit-commit-queue/Source/WebKit2/ChangeLog does not appear to be a valid reviewer according to committers.py.
ERROR: /mnt/git/webkit-commit-queue/Source/WebKit2/ChangeLog neither lists a valid reviewer nor contains the string "Unreviewed" or "Rubber stamp" (case insensitive).

Full output: http://queues.webkit.org/results/11714047
Comment 11 Alexey Proskuryakov 2012-02-28 12:58:23 PST
Created attachment 129313 [details]
patch for landing
Comment 12 WebKit Review Bot 2012-02-28 13:16:18 PST
Comment on attachment 129313 [details]
patch for landing

Clearing flags on attachment: 129313

Committed r109143: <http://trac.webkit.org/changeset/109143>
Comment 13 WebKit Review Bot 2012-02-28 13:16:25 PST
All reviewed patches have been landed.  Closing bug.
Comment 14 Alexey Proskuryakov 2012-02-28 14:21:25 PST
Build fix in <http://trac.webkit.org/changeset/109148>.
Comment 15 Rafael Brandao 2012-02-28 14:21:41 PST
Reopening to attach new patch.
Comment 16 Rafael Brandao 2012-02-28 14:21:46 PST
Created attachment 129330 [details]
Patch

It looks like this has broken qt buildbots. The following patch is a build fix, please double check it before landing.
Comment 17 Alexey Proskuryakov 2012-02-28 14:26:23 PST
Build fix has already been landed, please see above.
Comment 18 Alexey Proskuryakov 2012-02-28 14:27:41 PST
Comment on attachment 129330 [details]
Patch

-#if PLATFORM(MAC) && !defined(BUILDING_ON_LEOPARD) || !defined(BUILDING_ON_SNOW_LEOPARD)
+#if PLATFORM(MAC) && (!defined(BUILDING_ON_LEOPARD) || !defined(BUILDING_ON_SNOW_LEOPARD))

Also, this is insufficient, there are two instances of this in this file.
Comment 19 Alexey Proskuryakov 2012-02-28 15:18:12 PST
Mac build fix of same kind in <http://trac.webkit.org/changeset/109159>.