[webkit-changes] [WebKit/WebKit] 67cda4: [GTK] D-Bus proxy quietly fails if host bus addres...

Michael Catanzaro noreply at github.com
Fri Oct 14 06:10:11 PDT 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 67cda4acff9b343c48a2b24c326a2be08642ccee
      https://github.com/WebKit/WebKit/commit/67cda4acff9b343c48a2b24c326a2be08642ccee
  Author: Michael Catanzaro <mcatanzaro at redhat.com>
  Date:   2022-10-14 (Fri, 14 Oct 2022)

  Changed paths:
    M Source/WTF/wtf/glib/Sandbox.cpp
    M Source/WTF/wtf/glib/Sandbox.h
    M Source/WebCore/platform/graphics/PlatformDisplay.h
    M Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
    M Source/WebKit/UIProcess/Launcher/glib/XDGDBusProxy.cpp
    M Source/WebKit/UIProcess/Launcher/glib/XDGDBusProxy.h
    M Source/WebKit/UIProcess/glib/WebProcessPoolGLib.cpp

  Log Message:
  -----------
  [GTK] D-Bus proxy quietly fails if host bus address is not mounted in xdg-dbus-proxy's sandbox
https://bugs.webkit.org/show_bug.cgi?id=246159

Reviewed by Carlos Garcia Campos.

D-Bus 1.15.2 has changed the default session bus address to a filesystem
socket that lives under /tmp. However, our xdg-dbus-proxy cannot access
this location because we assume the session bus socket will always be
mounted under /run, since that's where all major distros put it. It's OK
to be flexible and mount absolutely any directory, whatever it may be,
since we're not actually trying to create a sandbox that the
xdg-dbus-proxy cannot break out of. It's a trusted process, and the
sandbox exists solely so that portals can verify the app ID of the
process that is using the proxy, which is done by inspecting
/.flatpak-info in its mount namespace's filesystem root. So let's mount
whatever directory is in use and move on. Credit to oreo639 for
investigating the problem and proposing a fix in WebKit#5011.

The a11y bus has the same theoretical problem, although it's not an
issue today because currently it will always be under /run in
practice. Still, we should fix it. There is one complication:
PlatformDisplay currently uses just one variable for both the host a11y
bus address and the proxy bus address, relying on XDGDBusProxy to change
it from the host address to the proxy address. This is fragile and it's
easier to fix it than to work around it by caching the value before it
changes, so at Carlos's suggestion, I have removed the ability to
overwrite the value in PlatformDisplay, and added a separate variable to
track the proxy address in WTF's Sandbox helpers.

I have snuck in a drive-by cleanup to avoid duplicating BASE_DIRECTORY
between two files, a problem that I introduced in 255218 at main.
Additionally, I remove a stale declaration for XDGDBusProxy::makePath,
which I forgot to delete after removing the function in the same commit.

Finally, always add the extra sandbox paths to the sandbox. These were
originally extra paths for the web process only, but changed to be extra
paths for both web process and D-Bus proxy. It's no longer needed except
for the web process, but there's no particular reason to limit it
either. I'm changing this here only because it's right next to the code
I'm editing anyway, and it's odd to be adding extra sandbox paths
specifically for the D-Bus proxy process.

Canonical link: https://commits.webkit.org/255530@main

More information about the webkit-changes mailing list