<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[187547] trunk/Source/WebKit2</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/187547">187547</a></dd>
<dt>Author</dt> <dd>mcatanzaro@igalia.com</dd>
<dt>Date</dt> <dd>2015-07-29 08:52:27 -0700 (Wed, 29 Jul 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>[Seccomp] Further improvements to default web process policy
https://bugs.webkit.org/show_bug.cgi?id=142987
Provide various helper functions to allow more flexible construction of
filesystem access policies.
Reviewed by Žan Doberšek.
Improve the policy. Also, remove ifdefs to reduce potential for breakage in non-default
configurations.
* Shared/linux/SeccompFilters/SyscallPolicy.cpp:
(WebKit::SyscallPolicy::addDefaultWebProcessPolicy):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2SharedlinuxSeccompFiltersSyscallPolicycpp">trunk/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (187546 => 187547)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2015-07-29 14:30:50 UTC (rev 187546)
+++ trunk/Source/WebKit2/ChangeLog 2015-07-29 15:52:27 UTC (rev 187547)
</span><span class="lines">@@ -1,3 +1,19 @@
</span><ins>+2015-07-29 Michael Catanzaro <mcatanzaro@igalia.com>
+
+ [Seccomp] Further improvements to default web process policy
+ https://bugs.webkit.org/show_bug.cgi?id=142987
+
+ Provide various helper functions to allow more flexible construction of
+ filesystem access policies.
+
+ Reviewed by Žan Doberšek.
+
+ Improve the policy. Also, remove ifdefs to reduce potential for breakage in non-default
+ configurations.
+
+ * Shared/linux/SeccompFilters/SyscallPolicy.cpp:
+ (WebKit::SyscallPolicy::addDefaultWebProcessPolicy):
+
</ins><span class="cx"> 2015-07-29 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Avoid unnecessarily constructing PlatformMediaSessionManager on Document destruction
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedlinuxSeccompFiltersSyscallPolicycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp (187546 => 187547)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp 2015-07-29 14:30:50 UTC (rev 187546)
+++ trunk/Source/WebKit2/Shared/linux/SeccompFilters/SyscallPolicy.cpp 2015-07-29 15:52:27 UTC (rev 187547)
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx">
</span><span class="cx"> #include "PluginSearchPath.h"
</span><span class="cx"> #include "WebProcessCreationParameters.h"
</span><ins>+#include "XDGBaseDirectory.h"
</ins><span class="cx"> #include <libgen.h>
</span><span class="cx"> #include <string.h>
</span><span class="cx"> #include <sys/stat.h>
</span><span class="lines">@@ -151,30 +152,30 @@
</span><span class="cx"> // file unless white listed bellow or by platform.
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/"), NotAllowed);
</span><span class="cx">
</span><del>- // Shared libraries, plugins and fonts.
</del><ins>+ // System library directories
</ins><span class="cx"> addDirectoryPermission(ASCIILiteral("/lib"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/lib32"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/lib64"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/usr/lib"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/usr/lib32"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/usr/lib64"), Read);
</span><ins>+ addDirectoryPermission(ASCIILiteral("/usr/local/lib"), Read);
+ addDirectoryPermission(ASCIILiteral("/usr/local/lib32"), Read);
+ addDirectoryPermission(ASCIILiteral("/usr/local/lib64"), Read);
+ addDirectoryPermission(ASCIILiteral(LIBDIR), Read);
+
+ // System data directories
</ins><span class="cx"> addDirectoryPermission(ASCIILiteral("/usr/share"), Read);
</span><del>-
- // Support for alternative install prefixes, e.g. /usr/local.
</del><ins>+ addDirectoryPermission(ASCIILiteral("/usr/local/share"), Read);
</ins><span class="cx"> addDirectoryPermission(ASCIILiteral(DATADIR), Read);
</span><del>- addDirectoryPermission(ASCIILiteral(LIBDIR), Read);
</del><span class="cx">
</span><del>- // Plugin search path
</del><ins>+ // NPAPI plugins
</ins><span class="cx"> for (String& path : pluginsDirectories())
</span><span class="cx"> addDirectoryPermission(path, Read);
</span><span class="cx">
</span><span class="cx"> // SSL Certificates.
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/etc/ssl/certs"), Read);
</span><span class="cx">
</span><del>- // Fontconfig cache.
- addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read);
- addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read);
-
</del><span class="cx"> // Audio devices, random number generators, etc.
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/dev"), ReadAndWrite);
</span><span class="cx">
</span><span class="lines">@@ -220,56 +221,61 @@
</span><span class="cx"> // FIXME This is too permissive: https://bugs.webkit.org/show_bug.cgi?id=143004
</span><span class="cx"> addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite);
</span><span class="cx">
</span><del>- // Needed by WebKit's memory pressure handler
</del><ins>+ // Needed by WebKit's memory pressure handler.
</ins><span class="cx"> addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/memory.pressure_level"), Read);
</span><span class="cx"> addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/cgroup.event_control"), Read);
</span><span class="cx">
</span><del>- char* homeDir = getenv("HOME");
- if (homeDir) {
- // X11 connection token.
- addFilePermission(String::fromUTF8(homeDir) + "/.Xauthority", Read);
- }
</del><ins>+ // X11 connection token.
+ addFilePermission(userHomeDirectory() + "/.Xauthority", Read);
</ins><span class="cx">
</span><span class="cx"> // MIME type resolution.
</span><del>- char* dataHomeDir = getenv("XDG_DATA_HOME");
- if (dataHomeDir)
- addDirectoryPermission(String::fromUTF8(dataHomeDir) + "/mime", Read);
- else if (homeDir)
- addDirectoryPermission(String::fromUTF8(homeDir) + "/.local/share/mime", Read);
</del><ins>+ addDirectoryPermission(userDataDirectory() + "/mime", Read);
</ins><span class="cx">
</span><del>-#if ENABLE(WEBGL) || ENABLE(ACCELERATED_2D_CANVAS)
- // Needed on most non-Debian distros by libxshmfence <= 1.1, or newer
- // libxshmfence with older kernels (linux <= 3.16), for DRI3 shared memory.
- // FIXME Try removing this permission when we can rely on a newer libxshmfence.
- // See http://code.google.com/p/chromium/issues/detail?id=415681
- addDirectoryPermission(ASCIILiteral("/var/tmp"), ReadAndWrite);
</del><ins>+ // Needed by NVIDIA proprietary graphics driver.
+ addDirectoryPermission(userHomeDirectory() + "/.nv", ReadAndWrite);
</ins><span class="cx">
</span><del>- // Optional Mesa DRI configuration file
- addFilePermission(ASCIILiteral("/etc/drirc"), Read);
- if (homeDir)
- addFilePermission(String::fromUTF8(homeDir) + "/.drirc", Read);
-
- // Mesa uses udev.
</del><ins>+ // Needed by udev.
</ins><span class="cx"> addDirectoryPermission(ASCIILiteral("/etc/udev"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/run/udev"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/sys/bus"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/sys/class"), Read);
</span><span class="cx"> addDirectoryPermission(ASCIILiteral("/sys/devices"), Read);
</span><del>-#endif
</del><span class="cx">
</span><del>- // Needed by NVIDIA proprietary graphics driver
- if (homeDir)
- addDirectoryPermission(String::fromUTF8(homeDir) + "/.nv", ReadAndWrite);
</del><ins>+ // PulseAudio
+ addFilePermission(ASCIILiteral("/etc/asound.conf"), Read);
+ addDirectoryPermission(userConfigDirectory() + "/.pulse", Read);
+ addDirectoryPermission(userHomeDirectory() + "/.pulse", Read);
</ins><span class="cx">
</span><ins>+ // Mesa
+ addFilePermission(ASCIILiteral("/etc/drirc"), Read);
+ addFilePermission(userHomeDirectory() + "/.drirc", Read);
+ addFilePermission(ASCIILiteral("/sys/fs/selinux/booleans/allow_execmem"), Read);
+
+ // GStreamer
+ addDirectoryPermission(String::fromUTF8(LIBEXECDIR) + "/gstreamer-1.0", Read);
+ addDirectoryPermission(userDataDirectory() + "/gstreamer-1.0", Read);
+ addDirectoryPermission(userCacheDirectory() + "/gstreamer-1.0", ReadAndWrite);
+ addDirectoryPermission(userHomeDirectory() + "/.frei0r-1", ReadAndWrite);
+ if (char* gstreamerPluginDirectory = getenv("GST_PLUGIN_PATH_1_0"))
+ addDirectoryPermission(gstreamerPluginDirectory, Read);
+ if (char* gstreamerRegistryFile = getenv("GST_REGISTRY_1_0"))
+ addFilePermission(gstreamerRegistryFile, ReadAndWrite);
+
+ // Fontconfig
+ addDirectoryPermission(userCacheDirectory() + "/fontconfig", ReadAndWrite);
+ addDirectoryPermission(userConfigDirectory() + "/fontconfig", Read);
+ addDirectoryPermission(userConfigDirectory() + "/fonts", Read);
+ addDirectoryPermission(userDataDirectory() + "/fonts", Read);
+ addDirectoryPermission(userHomeDirectory() + "/fontconfig", Read);
+ addDirectoryPermission(userHomeDirectory() + "/.fonts", Read);
+ addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read);
+ addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read);
+
</ins><span class="cx"> #if ENABLE(DEVELOPER_MODE) && defined(SOURCE_DIR)
</span><span class="cx"> // Developers using build-webkit expect some libraries to be loaded
</span><span class="cx"> // from the build root directory and they also need access to layout test
</span><span class="cx"> // files.
</span><del>- char* sourceDir = canonicalize_file_name(SOURCE_DIR);
- if (sourceDir) {
- addDirectoryPermission(String::fromUTF8(sourceDir), SyscallPolicy::ReadAndWrite);
- free(sourceDir);
- }
</del><ins>+ addDirectoryPermission(String::fromUTF8(SOURCE_DIR), SyscallPolicy::ReadAndWrite);
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>