<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[170313] trunk/Source/WebKit2</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/170313">170313</a></dd>
<dt>Author</dt> <dd>oliver@apple.com</dd>
<dt>Date</dt> <dd>2014-06-23 13:19:35 -0700 (Mon, 23 Jun 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Ensure that we always use symlink free paths when specifying cache directories
https://bugs.webkit.org/show_bug.cgi?id=134206
Reviewed by Anders Carlsson.
Sandboxing will deny symlink based paths, so we use realpath to create extensions.
This leaves us in the position of an extension using a visually different path
from other parts of the process code. This patch simply makes sure that we always
use the realpath for cache directories, so making debugging easier and also ensuring
that we don't ever accidentally try to use a path with symlinks that will thus get
denied.
* Shared/SandboxExtension.h:
(WebKit::stringByResolvingSymlinksInPath):
* Shared/mac/SandboxExtensionMac.mm:
(WebKit::stringByResolvingSymlinksInPath):
* UIProcess/WebContext.cpp:
(WebKit::WebContext::ensureNetworkProcess):
* UIProcess/mac/WebContextMac.mm:
(WebKit::WebContext::platformDefaultApplicationCacheDirectory):
(WebKit::WebContext::platformDefaultDiskCacheDirectory):
(WebKit::WebContext::platformDefaultWebSQLDatabaseDirectory):
(WebKit::WebContext::platformDefaultIconDatabasePath):
(WebKit::WebContext::platformDefaultLocalStorageDirectory):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2SharedSandboxExtensionh">trunk/Source/WebKit2/Shared/SandboxExtension.h</a></li>
<li><a href="#trunkSourceWebKit2SharedmacSandboxExtensionMacmm">trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm</a></li>
<li><a href="#trunkSourceWebKit2UIProcessWebContextcpp">trunk/Source/WebKit2/UIProcess/WebContext.cpp</a></li>
<li><a href="#trunkSourceWebKit2UIProcessmacWebContextMacmm">trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (170312 => 170313)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2014-06-23 19:58:19 UTC (rev 170312)
+++ trunk/Source/WebKit2/ChangeLog 2014-06-23 20:19:35 UTC (rev 170313)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2014-06-23 Oliver Hunt <oliver@apple.com>
+
+ Ensure that we always use symlink free paths when specifying cache directories
+ https://bugs.webkit.org/show_bug.cgi?id=134206
+
+ Reviewed by Anders Carlsson.
+
+ Sandboxing will deny symlink based paths, so we use realpath to create extensions.
+ This leaves us in the position of an extension using a visually different path
+ from other parts of the process code. This patch simply makes sure that we always
+ use the realpath for cache directories, so making debugging easier and also ensuring
+ that we don't ever accidentally try to use a path with symlinks that will thus get
+ denied.
+
+ * Shared/SandboxExtension.h:
+ (WebKit::stringByResolvingSymlinksInPath):
+ * Shared/mac/SandboxExtensionMac.mm:
+ (WebKit::stringByResolvingSymlinksInPath):
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::ensureNetworkProcess):
+ * UIProcess/mac/WebContextMac.mm:
+ (WebKit::WebContext::platformDefaultApplicationCacheDirectory):
+ (WebKit::WebContext::platformDefaultDiskCacheDirectory):
+ (WebKit::WebContext::platformDefaultWebSQLDatabaseDirectory):
+ (WebKit::WebContext::platformDefaultIconDatabasePath):
+ (WebKit::WebContext::platformDefaultLocalStorageDirectory):
+
</ins><span class="cx"> 2014-06-23 Roger Fong <roger_fong@apple.com>
</span><span class="cx">
</span><span class="cx"> Unregister notification observer registered in r170156.
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedSandboxExtensionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/SandboxExtension.h (170312 => 170313)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/SandboxExtension.h 2014-06-23 19:58:19 UTC (rev 170312)
+++ trunk/Source/WebKit2/Shared/SandboxExtension.h 2014-06-23 20:19:35 UTC (rev 170313)
</span><span class="lines">@@ -132,6 +132,9 @@
</span><span class="cx"> inline bool SandboxExtension::consume() { return true; }
</span><span class="cx"> inline bool SandboxExtension::consumePermanently() { return true; }
</span><span class="cx"> inline bool SandboxExtension::consumePermanently(const Handle&) { return true; }
</span><ins>+inline String stringByResolvingSymlinksInPath(const String& path) { return path; }
+#else
+String stringByResolvingSymlinksInPath(const String& path);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> } // namespace WebKit
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedmacSandboxExtensionMacmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm (170312 => 170313)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2014-06-23 19:58:19 UTC (rev 170312)
+++ trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2014-06-23 20:19:35 UTC (rev 170313)
</span><span class="lines">@@ -207,6 +207,11 @@
</span><span class="cx"> return resolvedPath;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+String stringByResolvingSymlinksInPath(const String& path)
+{
+ return String::fromUTF8(resolveSymlinksInPath(path.utf8()));
+}
+
</ins><span class="cx"> void SandboxExtension::createHandle(const String& path, Type type, Handle& handle)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(!handle.m_sandboxExtension);
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessWebContextcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (170312 => 170313)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-06-23 19:58:19 UTC (rev 170312)
+++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2014-06-23 20:19:35 UTC (rev 170313)
</span><span class="lines">@@ -406,7 +406,7 @@
</span><span class="cx">
</span><span class="cx"> parameters.cacheModel = m_cacheModel;
</span><span class="cx">
</span><del>- parameters.diskCacheDirectory = diskCacheDirectory();
</del><ins>+ parameters.diskCacheDirectory = stringByResolvingSymlinksInPath(diskCacheDirectory());
</ins><span class="cx"> if (!parameters.diskCacheDirectory.isEmpty())
</span><span class="cx"> SandboxExtension::createHandleForReadWriteDirectory(parameters.diskCacheDirectory, parameters.diskCacheDirectoryExtensionHandle);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessmacWebContextMacmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm (170312 => 170313)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-06-23 19:58:19 UTC (rev 170312)
+++ trunk/Source/WebKit2/UIProcess/mac/WebContextMac.mm 2014-06-23 20:19:35 UTC (rev 170313)
</span><span class="lines">@@ -164,7 +164,8 @@
</span><span class="cx">
</span><span class="cx"> NSString *cacheDir = [[NSFileManager defaultManager] stringWithFileSystemRepresentation:cacheDirectory length:cacheDirectoryLen - 1];
</span><span class="cx"> #endif
</span><del>- return [cacheDir stringByAppendingPathComponent:appName];
</del><ins>+ NSString* cachePath = [cacheDir stringByAppendingPathComponent:appName];
+ return stringByResolvingSymlinksInPath([cachePath stringByStandardizingPath]);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void WebContext::platformInitializeWebProcess(WebProcessCreationParameters& parameters)
</span><span class="lines">@@ -263,8 +264,7 @@
</span><span class="cx"> RetainPtr<NSString> cachePath = adoptNS((NSString *)WKCopyFoundationCacheDirectory());
</span><span class="cx"> if (!cachePath)
</span><span class="cx"> cachePath = @"~/Library/Caches/com.apple.WebKit.WebProcess";
</span><del>-
- return [cachePath stringByStandardizingPath];
</del><ins>+ return stringByResolvingSymlinksInPath([cachePath stringByStandardizingPath]);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> String WebContext::platformDefaultCookieStorageDirectory() const
</span><span class="lines">@@ -278,7 +278,7 @@
</span><span class="cx"> NSString *databasesDirectory = [[NSUserDefaults standardUserDefaults] objectForKey:WebDatabaseDirectoryDefaultsKey];
</span><span class="cx"> if (!databasesDirectory || ![databasesDirectory isKindOfClass:[NSString class]])
</span><span class="cx"> databasesDirectory = @"~/Library/WebKit/Databases";
</span><del>- return [databasesDirectory stringByStandardizingPath];
</del><ins>+ return stringByResolvingSymlinksInPath([databasesDirectory stringByStandardizingPath]);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> String WebContext::platformDefaultIndexedDBDatabaseDirectory()
</span><span class="lines">@@ -296,7 +296,7 @@
</span><span class="cx"> NSString *databasesDirectory = [[NSUserDefaults standardUserDefaults] objectForKey:WebIconDatabaseDirectoryDefaultsKey];
</span><span class="cx"> if (!databasesDirectory || ![databasesDirectory isKindOfClass:[NSString class]])
</span><span class="cx"> databasesDirectory = @"~/Library/Icons/WebpageIcons.db";
</span><del>- return [databasesDirectory stringByStandardizingPath];
</del><ins>+ return stringByResolvingSymlinksInPath([databasesDirectory stringByStandardizingPath]);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> String WebContext::platformDefaultLocalStorageDirectory()
</span><span class="lines">@@ -304,7 +304,7 @@
</span><span class="cx"> NSString *localStorageDirectory = [[NSUserDefaults standardUserDefaults] objectForKey:WebStorageDirectoryDefaultsKey];
</span><span class="cx"> if (!localStorageDirectory || ![localStorageDirectory isKindOfClass:[NSString class]])
</span><span class="cx"> localStorageDirectory = @"~/Library/WebKit/LocalStorage";
</span><del>- return [localStorageDirectory stringByStandardizingPath];
</del><ins>+ return stringByResolvingSymlinksInPath([localStorageDirectory stringByStandardizingPath]);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool WebContext::omitPDFSupport()
</span></span></pre>
</div>
</div>
</body>
</html>