<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[200621] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/200621">200621</a></dd>
<dt>Author</dt> <dd>mcatanzaro@igalia.com</dd>
<dt>Date</dt> <dd>2016-05-10 07:56:00 -0700 (Tue, 10 May 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>[Linux] Remove seccomp filters support
https://bugs.webkit.org/show_bug.cgi?id=157380
Reviewed by Darin Adler.
.:
* Source/cmake/FindLibSeccomp.cmake: Removed.
* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsGTK.cmake:
* Source/cmake/WebKitFeatures.cmake:
Source/WebKit2:
* NetworkProcess/NetworkProcessCreationParameters.cpp:
(WebKit::NetworkProcessCreationParameters::encode): Deleted.
(WebKit::NetworkProcessCreationParameters::decode): Deleted.
* NetworkProcess/NetworkProcessCreationParameters.h:
* PlatformEfl.cmake:
* PlatformGTK.cmake:
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode): Deleted.
(WebKit::WebProcessCreationParameters::decode): Deleted.
* Shared/WebProcessCreationParameters.h:
* Shared/linux/SeccompFilters/OpenSyscall.cpp: Removed.
* Shared/linux/SeccompFilters/OpenSyscall.h: Removed.
* Shared/linux/SeccompFilters/SeccompBroker.cpp: Removed.
* Shared/linux/SeccompFilters/SeccompBroker.h: Removed.
* Shared/linux/SeccompFilters/SeccompFilters.cpp: Removed.
* Shared/linux/SeccompFilters/SeccompFilters.h: Removed.
* Shared/linux/SeccompFilters/SigactionSyscall.cpp: Removed.
* Shared/linux/SeccompFilters/SigactionSyscall.h: Removed.
* Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp: Removed.
* Shared/linux/SeccompFilters/SigprocmaskSyscall.h: Removed.
* Shared/linux/SeccompFilters/Syscall.cpp: Removed.
* Shared/linux/SeccompFilters/Syscall.h: Removed.
* Shared/linux/SeccompFilters/SyscallPolicy.cpp: Removed.
* Shared/linux/SeccompFilters/SyscallPolicy.h: Removed.
* Shared/linux/SeccompFilters/XDGBaseDirectory.h: Removed.
* Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp: Removed.
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::ensureNetworkProcess): Deleted.
(WebKit::WebProcessPool::createNewWebProcess): Deleted.
(WebKit::WebProcessPool::cookieStorageDirectory): Deleted.
* UIProcess/WebProcessPool.h:
* WebProcess/efl/SeccompFiltersWebProcessEfl.cpp: Removed.
* WebProcess/efl/SeccompFiltersWebProcessEfl.h: Removed.
* WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp: Removed.
* WebProcess/gtk/SeccompFiltersWebProcessGtk.h: Removed.
* WebProcess/soup/WebProcessSoup.cpp:
(WebKit::WebProcess::platformInitializeWebProcess): Deleted.
Tools:
* Scripts/webkitperl/FeatureList.pm:
* TestWebKitAPI/PlatformEfl.cmake:
* TestWebKitAPI/PlatformGTK.cmake:
* TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp: Removed.
* efl/jhbuild.modules:
* gtk/jhbuild.modules:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkChangeLog">trunk/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcessNetworkProcessCreationParameterscpp">trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.cpp</a></li>
<li><a href="#trunkSourceWebKit2NetworkProcessNetworkProcessCreationParametersh">trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.h</a></li>
<li><a href="#trunkSourceWebKit2PlatformEflcmake">trunk/Source/WebKit2/PlatformEfl.cmake</a></li>
<li><a href="#trunkSourceWebKit2PlatformGTKcmake">trunk/Source/WebKit2/PlatformGTK.cmake</a></li>
<li><a href="#trunkSourceWebKit2SharedWebProcessCreationParameterscpp">trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp</a></li>
<li><a href="#trunkSourceWebKit2SharedWebProcessCreationParametersh">trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h</a></li>
<li><a href="#trunkSourceWebKit2UIProcessWebProcessPoolcpp">trunk/Source/WebKit2/UIProcess/WebProcessPool.cpp</a></li>
<li><a href="#trunkSourceWebKit2UIProcessWebProcessPoolh">trunk/Source/WebKit2/UIProcess/WebProcessPool.h</a></li>
<li><a href="#trunkSourceWebKit2WebProcesssoupWebProcessSoupcpp">trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp</a></li>
<li><a href="#trunkSourcecmakeOptionsEflcmake">trunk/Source/cmake/OptionsEfl.cmake</a></li>
<li><a href="#trunkSourcecmakeOptionsGTKcmake">trunk/Source/cmake/OptionsGTK.cmake</a></li>
<li><a href="#trunkSourcecmakeWebKitFeaturescmake">trunk/Source/cmake/WebKitFeatures.cmake</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsScriptswebkitperlFeatureListpm">trunk/Tools/Scripts/webkitperl/FeatureList.pm</a></li>
<li><a href="#trunkToolsTestWebKitAPIPlatformEflcmake">trunk/Tools/TestWebKitAPI/PlatformEfl.cmake</a></li>
<li><a href="#trunkToolsTestWebKitAPIPlatformGTKcmake">trunk/Tools/TestWebKitAPI/PlatformGTK.cmake</a></li>
<li><a href="#trunkToolsefljhbuildmodules">trunk/Tools/efl/jhbuild.modules</a></li>
<li><a href="#trunkToolsgtkjhbuildmodules">trunk/Tools/gtk/jhbuild.modules</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li>trunk/Source/WebKit2/Shared/linux/SeccompFilters/</li>
<li><a href="#trunkSourceWebKit2WebProcesseflSeccompFiltersWebProcessEflcpp">trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.cpp</a></li>
<li><a href="#trunkSourceWebKit2WebProcesseflSeccompFiltersWebProcessEflh">trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.h</a></li>
<li><a href="#trunkSourceWebKit2WebProcessgtkSeccompFiltersWebProcessGtkcpp">trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp</a></li>
<li><a href="#trunkSourceWebKit2WebProcessgtkSeccompFiltersWebProcessGtkh">trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.h</a></li>
<li><a href="#trunkSourcecmakeFindLibSeccompcmake">trunk/Source/cmake/FindLibSeccomp.cmake</a></li>
<li><a href="#trunkToolsTestWebKitAPITestsWebKit2SeccompFilterscpp">trunk/Tools/TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/ChangeLog (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/ChangeLog 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/ChangeLog 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2016-05-10 Michael Catanzaro <mcatanzaro@igalia.com>
+
+ [Linux] Remove seccomp filters support
+ https://bugs.webkit.org/show_bug.cgi?id=157380
+
+ Reviewed by Darin Adler.
+
+ * Source/cmake/FindLibSeccomp.cmake: Removed.
+ * Source/cmake/OptionsEfl.cmake:
+ * Source/cmake/OptionsGTK.cmake:
+ * Source/cmake/WebKitFeatures.cmake:
+
</ins><span class="cx"> 2016-05-06 Manuel Rego Casasnovas <rego@igalia.com>
</span><span class="cx">
</span><span class="cx"> [css-grid] Unprefix CSS Grid Layout properties
</span></span></pre></div>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/ChangeLog 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,3 +1,48 @@
</span><ins>+2016-05-10 Michael Catanzaro <mcatanzaro@igalia.com>
+
+ [Linux] Remove seccomp filters support
+ https://bugs.webkit.org/show_bug.cgi?id=157380
+
+ Reviewed by Darin Adler.
+
+ * NetworkProcess/NetworkProcessCreationParameters.cpp:
+ (WebKit::NetworkProcessCreationParameters::encode): Deleted.
+ (WebKit::NetworkProcessCreationParameters::decode): Deleted.
+ * NetworkProcess/NetworkProcessCreationParameters.h:
+ * PlatformEfl.cmake:
+ * PlatformGTK.cmake:
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode): Deleted.
+ (WebKit::WebProcessCreationParameters::decode): Deleted.
+ * Shared/WebProcessCreationParameters.h:
+ * Shared/linux/SeccompFilters/OpenSyscall.cpp: Removed.
+ * Shared/linux/SeccompFilters/OpenSyscall.h: Removed.
+ * Shared/linux/SeccompFilters/SeccompBroker.cpp: Removed.
+ * Shared/linux/SeccompFilters/SeccompBroker.h: Removed.
+ * Shared/linux/SeccompFilters/SeccompFilters.cpp: Removed.
+ * Shared/linux/SeccompFilters/SeccompFilters.h: Removed.
+ * Shared/linux/SeccompFilters/SigactionSyscall.cpp: Removed.
+ * Shared/linux/SeccompFilters/SigactionSyscall.h: Removed.
+ * Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp: Removed.
+ * Shared/linux/SeccompFilters/SigprocmaskSyscall.h: Removed.
+ * Shared/linux/SeccompFilters/Syscall.cpp: Removed.
+ * Shared/linux/SeccompFilters/Syscall.h: Removed.
+ * Shared/linux/SeccompFilters/SyscallPolicy.cpp: Removed.
+ * Shared/linux/SeccompFilters/SyscallPolicy.h: Removed.
+ * Shared/linux/SeccompFilters/XDGBaseDirectory.h: Removed.
+ * Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp: Removed.
+ * UIProcess/WebProcessPool.cpp:
+ (WebKit::WebProcessPool::ensureNetworkProcess): Deleted.
+ (WebKit::WebProcessPool::createNewWebProcess): Deleted.
+ (WebKit::WebProcessPool::cookieStorageDirectory): Deleted.
+ * UIProcess/WebProcessPool.h:
+ * WebProcess/efl/SeccompFiltersWebProcessEfl.cpp: Removed.
+ * WebProcess/efl/SeccompFiltersWebProcessEfl.h: Removed.
+ * WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp: Removed.
+ * WebProcess/gtk/SeccompFiltersWebProcessGtk.h: Removed.
+ * WebProcess/soup/WebProcessSoup.cpp:
+ (WebKit::WebProcess::platformInitializeWebProcess): Deleted.
+
</ins><span class="cx"> 2016-05-09 Tim Horton <timothy_horton@apple.com>
</span><span class="cx">
</span><span class="cx"> REGRESSION (r191922): Zoom in/Zoom Out is not working for PDFs
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcessNetworkProcessCreationParameterscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.cpp (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.cpp 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.cpp 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -53,9 +53,6 @@
</span><span class="cx"> encoder << shouldEnableNetworkCacheSpeculativeRevalidation;
</span><span class="cx"> #endif
</span><span class="cx"> #endif
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- encoder << cookieStorageDirectory;
-#endif
</del><span class="cx"> #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
</span><span class="cx"> encoder << uiProcessCookieStorageIdentifier;
</span><span class="cx"> #endif
</span><span class="lines">@@ -111,10 +108,6 @@
</span><span class="cx"> return false;
</span><span class="cx"> #endif
</span><span class="cx"> #endif
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- if (!decoder.decode(result.cookieStorageDirectory))
- return false;
-#endif
</del><span class="cx"> #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
</span><span class="cx"> if (!decoder.decode(result.uiProcessCookieStorageIdentifier))
</span><span class="cx"> return false;
</span></span></pre></div>
<a id="trunkSourceWebKit2NetworkProcessNetworkProcessCreationParametersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.h (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.h 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkProcessCreationParameters.h 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -62,9 +62,6 @@
</span><span class="cx"> bool shouldEnableNetworkCacheSpeculativeRevalidation;
</span><span class="cx"> #endif
</span><span class="cx"> #endif
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- String cookieStorageDirectory;
-#endif
</del><span class="cx"> #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
</span><span class="cx"> Vector<uint8_t> uiProcessCookieStorageIdentifier;
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceWebKit2PlatformEflcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/PlatformEfl.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/PlatformEfl.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/PlatformEfl.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -50,15 +50,6 @@
</span><span class="cx">
</span><span class="cx"> Shared/linux/WebMemorySamplerLinux.cpp
</span><span class="cx">
</span><del>- Shared/linux/SeccompFilters/OpenSyscall.cpp
- Shared/linux/SeccompFilters/SeccompBroker.cpp
- Shared/linux/SeccompFilters/SeccompFilters.cpp
- Shared/linux/SeccompFilters/SigactionSyscall.cpp
- Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp
- Shared/linux/SeccompFilters/Syscall.cpp
- Shared/linux/SeccompFilters/SyscallPolicy.cpp
- Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp
-
</del><span class="cx"> Shared/soup/WebCoreArgumentCodersSoup.cpp
</span><span class="cx">
</span><span class="cx"> Shared/unix/ChildProcessMain.cpp
</span><span class="lines">@@ -219,7 +210,6 @@
</span><span class="cx"> WebProcess/WebPage/gstreamer/WebPageGStreamer.cpp
</span><span class="cx">
</span><span class="cx"> WebProcess/efl/ExtensionManagerEfl.cpp
</span><del>- WebProcess/efl/SeccompFiltersWebProcessEfl.cpp
</del><span class="cx"> WebProcess/efl/WebProcessMainEfl.cpp
</span><span class="cx">
</span><span class="cx"> WebProcess/soup/WebKitSoupRequestInputStream.cpp
</span><span class="lines">@@ -351,21 +341,6 @@
</span><span class="cx"> ${SQLITE_LIBRARIES}
</span><span class="cx"> )
</span><span class="cx">
</span><del>-if (ENABLE_SECCOMP_FILTERS)
- list(APPEND WebKit2_LIBRARIES
- ${LIBSECCOMP_LIBRARIES}
- )
- list(APPEND WebKit2_SYSTEM_INCLUDE_DIRECTORIES
- ${LIBSECCOMP_INCLUDE_DIRS}
- )
-
- # If building with jhbuild, add the root build directory to the
- # filesystem access policy.
- if (DEVELOPER_MODE AND IS_DIRECTORY ${CMAKE_SOURCE_DIR}/WebKitBuild/DependenciesEFL)
- add_definitions(-DSOURCE_DIR=\"${CMAKE_SOURCE_DIR}\")
- endif ()
-endif ()
-
</del><span class="cx"> if (ENABLE_ECORE_X)
</span><span class="cx"> list(APPEND WebProcess_LIBRARIES
</span><span class="cx"> ${ECORE_X_LIBRARIES}
</span></span></pre></div>
<a id="trunkSourceWebKit2PlatformGTKcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/PlatformGTK.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/PlatformGTK.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/PlatformGTK.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -76,15 +76,6 @@
</span><span class="cx">
</span><span class="cx"> Shared/linux/WebMemorySamplerLinux.cpp
</span><span class="cx">
</span><del>- Shared/linux/SeccompFilters/OpenSyscall.cpp
- Shared/linux/SeccompFilters/SeccompBroker.cpp
- Shared/linux/SeccompFilters/SeccompFilters.cpp
- Shared/linux/SeccompFilters/SigactionSyscall.cpp
- Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp
- Shared/linux/SeccompFilters/Syscall.cpp
- Shared/linux/SeccompFilters/SyscallPolicy.cpp
- Shared/linux/SeccompFilters/XDGBaseDirectoryGLib.cpp
-
</del><span class="cx"> Shared/soup/WebCoreArgumentCodersSoup.cpp
</span><span class="cx">
</span><span class="cx"> Shared/unix/ChildProcessMain.cpp
</span><span class="lines">@@ -359,8 +350,6 @@
</span><span class="cx"> WebProcess/WebPage/gtk/WebPageGtk.cpp
</span><span class="cx"> WebProcess/WebPage/gtk/WebPrintOperationGtk.cpp
</span><span class="cx">
</span><del>- WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp
- WebProcess/gtk/SeccompFiltersWebProcessGtk.h
</del><span class="cx"> WebProcess/gtk/WebGtkExtensionManager.cpp
</span><span class="cx"> WebProcess/gtk/WebGtkInjectedBundleMain.cpp
</span><span class="cx"> WebProcess/gtk/WebProcessMainGtk.cpp
</span><span class="lines">@@ -512,7 +501,6 @@
</span><span class="cx"> "${WEBKIT2_DIR}/Shared/glib"
</span><span class="cx"> "${WEBKIT2_DIR}/Shared/gtk"
</span><span class="cx"> "${WEBKIT2_DIR}/Shared/linux"
</span><del>- "${WEBKIT2_DIR}/Shared/linux/SeccompFilters"
</del><span class="cx"> "${WEBKIT2_DIR}/Shared/soup"
</span><span class="cx"> "${WEBKIT2_DIR}/Shared/unix"
</span><span class="cx"> "${WEBKIT2_DIR}/UIProcess/API/C/cairo"
</span><span class="lines">@@ -601,21 +589,6 @@
</span><span class="cx"> )
</span><span class="cx"> endif ()
</span><span class="cx">
</span><del>-if (ENABLE_SECCOMP_FILTERS)
- list(APPEND WebKit2_LIBRARIES
- ${LIBSECCOMP_LIBRARIES}
- )
- list(APPEND WebKit2_SYSTEM_INCLUDE_DIRECTORIES
- ${LIBSECCOMP_INCLUDE_DIRS}
- )
-
- # If building with WebKit jhbuild (not GNOME jhbuild), add the root build
- # directory to the filesystem access policy.
- if (DEVELOPER_MODE AND IS_DIRECTORY ${CMAKE_SOURCE_DIR}/WebKitBuild/DependenciesGTK)
- add_definitions(-DSOURCE_DIR=\"${CMAKE_SOURCE_DIR}\")
- endif ()
-endif ()
-
</del><span class="cx"> ADD_WHOLE_ARCHIVE_TO_LIBRARIES(WebKit2_LIBRARIES)
</span><span class="cx">
</span><span class="cx"> set(WebKit2_MARSHAL_LIST ${WEBKIT2_DIR}/UIProcess/API/gtk/webkit2marshal.list)
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedWebProcessCreationParameterscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.cpp 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -68,9 +68,6 @@
</span><span class="cx"> encoder << webSQLDatabaseDirectoryExtensionHandle;
</span><span class="cx"> encoder << mediaCacheDirectory;
</span><span class="cx"> encoder << mediaCacheDirectoryExtensionHandle;
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- encoder << cookieStorageDirectory;
-#endif
</del><span class="cx"> #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
</span><span class="cx"> encoder << uiProcessCookieStorageIdentifier;
</span><span class="cx"> #endif
</span><span class="lines">@@ -169,10 +166,6 @@
</span><span class="cx"> return false;
</span><span class="cx"> if (!decoder.decode(parameters.mediaCacheDirectoryExtensionHandle))
</span><span class="cx"> return false;
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- if (!decoder.decode(parameters.cookieStorageDirectory))
- return false;
-#endif
</del><span class="cx"> #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
</span><span class="cx"> if (!decoder.decode(parameters.uiProcessCookieStorageIdentifier))
</span><span class="cx"> return false;
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedWebProcessCreationParametersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/Shared/WebProcessCreationParameters.h 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -75,9 +75,6 @@
</span><span class="cx"> SandboxExtension::Handle webSQLDatabaseDirectoryExtensionHandle;
</span><span class="cx"> String mediaCacheDirectory;
</span><span class="cx"> SandboxExtension::Handle mediaCacheDirectoryExtensionHandle;
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- String cookieStorageDirectory;
-#endif
</del><span class="cx"> #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101100
</span><span class="cx"> Vector<uint8_t> uiProcessCookieStorageIdentifier;
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessWebProcessPoolcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/WebProcessPool.cpp (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/WebProcessPool.cpp 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/UIProcess/WebProcessPool.cpp 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -353,10 +353,6 @@
</span><span class="cx"> if (!parameters.diskCacheDirectory.isEmpty())
</span><span class="cx"> SandboxExtension::createHandleForReadWriteDirectory(parameters.diskCacheDirectory, parameters.diskCacheDirectoryExtensionHandle);
</span><span class="cx">
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- parameters.cookieStorageDirectory = this->cookieStorageDirectory();
-#endif
-
</del><span class="cx"> #if PLATFORM(IOS)
</span><span class="cx"> String cookieStorageDirectory = this->cookieStorageDirectory();
</span><span class="cx"> if (!cookieStorageDirectory.isEmpty())
</span><span class="lines">@@ -551,10 +547,6 @@
</span><span class="cx"> parameters.mediaCacheDirectory = m_configuration->mediaCacheDirectory();
</span><span class="cx"> if (!parameters.mediaCacheDirectory.isEmpty())
</span><span class="cx"> SandboxExtension::createHandleForReadWriteDirectory(parameters.mediaCacheDirectory, parameters.mediaCacheDirectoryExtensionHandle);
</span><del>-
-#if ENABLE(SECCOMP_FILTERS)
- parameters.cookieStorageDirectory = this->cookieStorageDirectory();
-#endif
</del><span class="cx">
</span><span class="cx"> #if PLATFORM(IOS)
</span><span class="cx"> String cookieStorageDirectory = this->cookieStorageDirectory();
</span><span class="lines">@@ -1082,17 +1074,6 @@
</span><span class="cx"> return platformDefaultIconDatabasePath();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-#if ENABLE(SECCOMP_FILTERS)
-String WebProcessPool::cookieStorageDirectory() const
-{
- if (!m_overrideCookieStorageDirectory.isEmpty())
- return m_overrideCookieStorageDirectory;
-
- // FIXME: This doesn't make much sense. Is this function used at all? We used to call platform code, but no existing platforms implemented that function.
- return emptyString();
-}
-#endif
-
</del><span class="cx"> void WebProcessPool::useTestingNetworkSession()
</span><span class="cx"> {
</span><span class="cx"> ASSERT(m_processes.isEmpty());
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessWebProcessPoolh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/WebProcessPool.h (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/WebProcessPool.h 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/UIProcess/WebProcessPool.h 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -401,7 +401,7 @@
</span><span class="cx">
</span><span class="cx"> String platformDefaultIconDatabasePath() const;
</span><span class="cx">
</span><del>-#if PLATFORM(IOS) || ENABLE(SECCOMP_FILTERS)
</del><ins>+#if PLATFORM(IOS)
</ins><span class="cx"> String cookieStorageDirectory() const;
</span><span class="cx"> #endif
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcesseflSeccompFiltersWebProcessEflcpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.cpp (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.cpp 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.cpp 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,79 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SeccompFiltersWebProcessEfl.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "WebProcessCreationParameters.h"
-#include <WebKit/SeccompBroker.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-namespace WebKit {
-
-SeccompFiltersWebProcessEfl::SeccompFiltersWebProcessEfl(const WebProcessCreationParameters& parameters)
- : SeccompFilters(Allow)
-{
- m_policy.addDefaultWebProcessPolicy(parameters);
-}
-
-void SeccompFiltersWebProcessEfl::platformInitialize()
-{
- // TODO: We should block all the syscalls and whitelist
- // what we need + trap what should be handled by the broker.
- addRule("open", Trap);
- addRule("openat", Trap);
- addRule("creat", Trap);
-
- // Needed by Eeze on NetworkStateNotifierEfl.
- m_policy.addDirectoryPermission(ASCIILiteral("/sys/bus"), SyscallPolicy::Read);
- m_policy.addDirectoryPermission(ASCIILiteral("/sys/class"), SyscallPolicy::Read);
- m_policy.addDirectoryPermission(ASCIILiteral("/sys/devices"), SyscallPolicy::Read);
- m_policy.addFilePermission(ASCIILiteral("/etc/udev/udev.conf"), SyscallPolicy::Read);
-
- // Place where the theme and icons are installed.
- char* dataDir = canonicalize_file_name(DATA_DIR);
- if (dataDir) {
- m_policy.addDirectoryPermission(String::fromUTF8(dataDir), SyscallPolicy::Read);
- free(dataDir);
- }
-
-#if USE(GSTREAMER)
- // Video playback requires access to the root of the user cache dir which
- // is not right. We need to check with these directories on gstreamer
- // can be configured.
- char* homeDir = getenv("HOME");
- if (homeDir)
- m_policy.addDirectoryPermission(String::fromUTF8(homeDir) + "/.cache", SyscallPolicy::ReadAndWrite);
-#endif
-
- SeccompBroker::launchProcess(this, m_policy);
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
</del></span></pre></div>
<a id="trunkSourceWebKit2WebProcesseflSeccompFiltersWebProcessEflh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.h (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.h 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/WebProcess/efl/SeccompFiltersWebProcessEfl.h 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,52 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SeccompFiltersWebProcessEfl_h
-#define SeccompFiltersWebProcessEfl_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include <WebKit/SeccompFilters.h>
-#include <WebKit/SyscallPolicy.h>
-
-namespace WebKit {
-
-class WebProcessCreationParameters;
-
-class SeccompFiltersWebProcessEfl : public SeccompFilters {
-public:
- SeccompFiltersWebProcessEfl(const WebProcessCreationParameters&);
-
-private:
- virtual void platformInitialize();
-
- SyscallPolicy m_policy;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SeccompFiltersWebProcessEfl_h
</del></span></pre></div>
<a id="trunkSourceWebKit2WebProcessgtkSeccompFiltersWebProcessGtkcpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.cpp 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,70 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- * Copyright (C) 2015 Igalia S.L.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "SeccompFiltersWebProcessGtk.h"
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "SeccompBroker.h"
-#include "WebProcessCreationParameters.h"
-#include <glib.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-namespace WebKit {
-
-SeccompFiltersWebProcessGtk::SeccompFiltersWebProcessGtk(const WebProcessCreationParameters& parameters)
- : SeccompFilters(Allow)
-{
- m_policy.addDefaultWebProcessPolicy(parameters);
-}
-
-void SeccompFiltersWebProcessGtk::platformInitialize()
-{
- // TODO: We should block all the syscalls and whitelist
- // what we need + trap what should be handled by the broker.
- addRule("open", Trap);
- addRule("openat", Trap);
- addRule("creat", Trap);
-
-#if USE(GSTREAMER)
- m_policy.addDirectoryPermission(String::fromUTF8(g_get_user_cache_dir()) + "/gstreamer-1.0", SyscallPolicy::ReadAndWrite);
- m_policy.addDirectoryPermission(String::fromUTF8(g_get_user_data_dir()) + "/gstreamer-1.0", SyscallPolicy::ReadAndWrite);
- m_policy.addDirectoryPermission(String::fromUTF8(LIBEXECDIR) + "/gstreamer-1.0", SyscallPolicy::Read);
-#endif
-
- m_policy.addDirectoryPermission(String::fromUTF8(g_get_user_data_dir()) + "/gvfs-metadata", SyscallPolicy::ReadAndWrite);
-
- // For libXau
- m_policy.addDirectoryPermission(ASCIILiteral("/run/gdm"), SyscallPolicy::Read);
-
- SeccompBroker::launchProcess(this, m_policy);
-}
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
</del></span></pre></div>
<a id="trunkSourceWebKit2WebProcessgtkSeccompFiltersWebProcessGtkh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.h (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.h 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/WebProcess/gtk/SeccompFiltersWebProcessGtk.h 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,52 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SeccompFiltersWebProcessGtk_h
-#define SeccompFiltersWebProcessGtk_h
-
-#if ENABLE(SECCOMP_FILTERS)
-
-#include "SeccompFilters.h"
-#include "SyscallPolicy.h"
-
-namespace WebKit {
-
-struct WebProcessCreationParameters;
-
-class SeccompFiltersWebProcessGtk : public SeccompFilters {
-public:
- SeccompFiltersWebProcessGtk(const WebProcessCreationParameters&);
-
-private:
- void platformInitialize() override;
-
- SyscallPolicy m_policy;
-};
-
-} // namespace WebKit
-
-#endif // ENABLE(SECCOMP_FILTERS)
-
-#endif // SeccompFiltersWebProcessGtk_h
</del></span></pre></div>
<a id="trunkSourceWebKit2WebProcesssoupWebProcessSoupcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/WebKit2/WebProcess/soup/WebProcessSoup.cpp 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -27,12 +27,6 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "WebProcess.h"
</span><span class="cx">
</span><del>-#if PLATFORM(EFL)
-#include "SeccompFiltersWebProcessEfl.h"
-#elif PLATFORM(GTK)
-#include "SeccompFiltersWebProcessGtk.h"
-#endif
-
</del><span class="cx"> #include "CertificateInfo.h"
</span><span class="cx"> #include "WebCookieManager.h"
</span><span class="cx"> #include "WebProcessCreationParameters.h"
</span><span class="lines">@@ -84,16 +78,6 @@
</span><span class="cx">
</span><span class="cx"> void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters&& parameters)
</span><span class="cx"> {
</span><del>-#if ENABLE(SECCOMP_FILTERS)
- {
-#if PLATFORM(EFL)
- SeccompFiltersWebProcessEfl seccompFilters(parameters);
-#elif PLATFORM(GTK)
- SeccompFiltersWebProcessGtk seccompFilters(parameters);
-#endif
- seccompFilters.initialize();
- }
-#endif
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void WebProcess::platformTerminate()
</span></span></pre></div>
<a id="trunkSourcecmakeFindLibSeccompcmake"></a>
<div class="delfile"><h4>Deleted: trunk/Source/cmake/FindLibSeccomp.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/cmake/FindLibSeccomp.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/cmake/FindLibSeccomp.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,46 +0,0 @@
</span><del>-# Copyright (c) 2013, Intel Corporation
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-#
-# * Redistributions of source code must retain the above copyright notice, this
-# list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright notice,
-# this list of conditions and the following disclaimer in the documentation
-# and/or other materials provided with the distribution.
-# * Neither the name of Intel Corporation nor the names of its contributors may
-# be used to endorse or promote products derived from this software without
-# specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# Try to find libseccomp include and library directories.
-#
-# After successful discovery, this will set for inclusion where needed:
-# LIBSECCOMP_INCLUDE_DIRS - containg the libseccomp headers
-# LIBSECCOMP_LIBRARIES - containg the libseccomp library
-
-include(FindPkgConfig)
-
-pkg_check_modules(PC_LIBSECCOMP libseccomp)
-
-find_path(LIBSECCOMP_INCLUDE_DIRS NAMES seccomp.h
- HINTS ${PC_LIBSECCOMP_INCLUDE_DIRS} ${PC_LIBSECCOMP_INCLUDEDIR}
-)
-
-find_library(LIBSECCOMP_LIBRARIES NAMES seccomp
- HINTS ${PC_LIBSECCOMP_LIBRARY_DIRS} ${PC_LIBSECCOMP_LIBDIR}
-)
-
-include(FindPackageHandleStandardArgs)
-FIND_PACKAGE_HANDLE_STANDARD_ARGS(seccomp DEFAULT_MSG LIBSECCOMP_INCLUDE_DIRS LIBSECCOMP_LIBRARIES)
</del></span></pre></div>
<a id="trunkSourcecmakeOptionsEflcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/cmake/OptionsEfl.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/cmake/OptionsEfl.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/cmake/OptionsEfl.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -122,7 +122,6 @@
</span><span class="cx"> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_RESOLUTION_MEDIA_QUERY PUBLIC ON)
</span><span class="cx"> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_REQUEST_ANIMATION_FRAME PUBLIC ON)
</span><span class="cx"> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SAMPLING_PROFILER PUBLIC ON)
</span><del>-WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SECCOMP_FILTERS PUBLIC OFF)
</del><span class="cx"> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SHADOW_DOM PRIVATE OFF)
</span><span class="cx"> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SPEECH_SYNTHESIS PUBLIC ON)
</span><span class="cx"> WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_SPELLCHECK PUBLIC ON)
</span><span class="lines">@@ -273,10 +272,6 @@
</span><span class="cx"> endif ()
</span><span class="cx"> endif ()
</span><span class="cx">
</span><del>-if (ENABLE_SECCOMP_FILTERS)
- find_package(LibSeccomp REQUIRED)
-endif ()
-
</del><span class="cx"> if (ENABLE_SPELLCHECK)
</span><span class="cx"> find_package(Enchant REQUIRED)
</span><span class="cx"> endif ()
</span></span></pre></div>
<a id="trunkSourcecmakeOptionsGTKcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/cmake/OptionsGTK.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/cmake/OptionsGTK.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/cmake/OptionsGTK.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -314,13 +314,6 @@
</span><span class="cx"> find_package(GDK2 2.24.10 REQUIRED)
</span><span class="cx"> endif ()
</span><span class="cx">
</span><del>-if (ENABLE_SECCOMP_FILTERS)
- find_package(LibSeccomp)
- if (NOT PC_LIBSECCOMP_FOUND)
- message(FATAL_ERROR "libseccomp is required for ENABLE_SECCOMP_FILTERS")
- endif ()
-endif ()
-
</del><span class="cx"> if (ENABLE_SPELLCHECK)
</span><span class="cx"> find_package(Enchant)
</span><span class="cx"> if (NOT PC_ENCHANT_FOUND)
</span></span></pre></div>
<a id="trunkSourcecmakeWebKitFeaturescmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/cmake/WebKitFeatures.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/cmake/WebKitFeatures.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Source/cmake/WebKitFeatures.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -169,7 +169,6 @@
</span><span class="cx"> WEBKIT_OPTION_DEFINE(ENABLE_RESOURCE_USAGE "Toggle resource usage support" PRIVATE OFF)
</span><span class="cx"> WEBKIT_OPTION_DEFINE(ENABLE_RUBBER_BANDING "Toggle rubber banding support" PRIVATE OFF)
</span><span class="cx"> WEBKIT_OPTION_DEFINE(ENABLE_SAMPLING_PROFILER "Toggle sampling profiler support" PRIVATE ON)
</span><del>- WEBKIT_OPTION_DEFINE(ENABLE_SECCOMP_FILTERS "Toggle Linux seccomp filters for the WebProcess support" PRIVATE OFF)
</del><span class="cx"> WEBKIT_OPTION_DEFINE(ENABLE_SERVICE_CONTROLS "Toggle service controls support" PRIVATE OFF)
</span><span class="cx"> WEBKIT_OPTION_DEFINE(ENABLE_SHADOW_DOM "Toggle shadow dom" PRIVATE OFF)
</span><span class="cx"> WEBKIT_OPTION_DEFINE(ENABLE_SMOOTH_SCROLLING "Toggle smooth scrolling" PRIVATE OFF)
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Tools/ChangeLog 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-05-10 Michael Catanzaro <mcatanzaro@igalia.com>
+
+ [Linux] Remove seccomp filters support
+ https://bugs.webkit.org/show_bug.cgi?id=157380
+
+ Reviewed by Darin Adler.
+
+ * Scripts/webkitperl/FeatureList.pm:
+ * TestWebKitAPI/PlatformEfl.cmake:
+ * TestWebKitAPI/PlatformGTK.cmake:
+ * TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp: Removed.
+ * efl/jhbuild.modules:
+ * gtk/jhbuild.modules:
+
</ins><span class="cx"> 2016-05-09 Simon Fraser <simon.fraser@apple.com>
</span><span class="cx">
</span><span class="cx"> [iOS] visibility:hidden -webkit-overflow-scrolling: touch divs can interfere with page scrolling
</span></span></pre></div>
<a id="trunkToolsScriptswebkitperlFeatureListpm"></a>
<div class="modfile"><h4>Modified: trunk/Tools/Scripts/webkitperl/FeatureList.pm (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/Scripts/webkitperl/FeatureList.pm 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Tools/Scripts/webkitperl/FeatureList.pm 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -125,7 +125,6 @@
</span><span class="cx"> $requestAnimationFrameSupport,
</span><span class="cx"> $resourceTimingSupport,
</span><span class="cx"> $scriptedSpeechSupport,
</span><del>- $seccompFiltersSupport,
</del><span class="cx"> $shadowDOMSupport,
</span><span class="cx"> $streamsAPISupport,
</span><span class="cx"> $styleScopedSupport,
</span><span class="lines">@@ -386,9 +385,6 @@
</span><span class="cx"> { option => "request-animation-frame", desc => "Toggle Request Animation Frame support",
</span><span class="cx"> define => "ENABLE_REQUEST_ANIMATION_FRAME", default => 1, value => \$requestAnimationFrameSupport },
</span><span class="cx">
</span><del>- { option => "seccomp-filters", desc => "Toggle Seccomp Filter sandbox",
- define => "ENABLE_SECCOMP_FILTERS", default => 0, value => \$seccompFiltersSupport },
-
</del><span class="cx"> { option => "scripted-speech", desc => "Toggle Scripted Speech support",
</span><span class="cx"> define => "ENABLE_SCRIPTED_SPEECH", default => 0, value => \$scriptedSpeechSupport },
</span><span class="cx">
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPIPlatformEflcmake"></a>
<div class="modfile"><h4>Modified: trunk/Tools/TestWebKitAPI/PlatformEfl.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/PlatformEfl.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Tools/TestWebKitAPI/PlatformEfl.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -132,12 +132,6 @@
</span><span class="cx"> WillLoad
</span><span class="cx"> )
</span><span class="cx">
</span><del>-if (ENABLE_SECCOMP_FILTERS)
- list(APPEND test_webkit2_api_fail_BINARIES
- SeccompFilters
- )
-endif ()
-
</del><span class="cx"> # Tests disabled because of missing features on the test harness:
</span><span class="cx"> #
</span><span class="cx"> # SpacebarScrolling
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPIPlatformGTKcmake"></a>
<div class="modfile"><h4>Modified: trunk/Tools/TestWebKitAPI/PlatformGTK.cmake (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/PlatformGTK.cmake 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Tools/TestWebKitAPI/PlatformGTK.cmake 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -124,20 +124,6 @@
</span><span class="cx"> set_tests_properties(TestWebKit2 PROPERTIES TIMEOUT 60)
</span><span class="cx"> set_target_properties(TestWebKit2 PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${TESTWEBKITAPI_RUNTIME_OUTPUT_DIRECTORY}/WebKit2)
</span><span class="cx">
</span><del>-if (ENABLE_SECCOMP_FILTERS)
- # This test needs to be in its own executable. It's a general test of the
- # seccomp filter mechanism, and the filters it sets are incompatible with
- # the correct operation of WebKit and the other tests.
- add_executable(TestSeccompFilters
- ${TESTWEBKITAPI_DIR}/Tests/WebKit2/SeccompFilters.cpp
- )
-
- target_link_libraries(TestSeccompFilters ${test_webkit2_api_LIBRARIES})
- add_test(TestSeccompFilters ${TESTWEBKITAPI_RUNTIME_OUTPUT_DIRECTORY}/WebKit2/TestWebKit2)
- set_tests_properties(TestSeccompFilters PROPERTIES TIMEOUT 5)
- set_target_properties(TestSeccompFilters PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${TESTWEBKITAPI_RUNTIME_OUTPUT_DIRECTORY}/WebKit2)
-endif ()
-
</del><span class="cx"> set(TestWebCoreGtk_SOURCES
</span><span class="cx"> ${TESTWEBKITAPI_DIR}/Tests/WebCore/gtk/UserAgentQuirks.cpp
</span><span class="cx"> )
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPITestsWebKit2SeccompFilterscpp"></a>
<div class="delfile"><h4>Deleted: trunk/Tools/TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -1,441 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#include <WebKit/SeccompBroker.h>
-#include <WebKit/SeccompFilters.h>
-#include <WebKit/SyscallPolicy.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <pthread.h>
-#include <signal.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <wtf/text/CString.h>
-#include <wtf/text/WTFString.h>
-
-using namespace WebKit;
-
-namespace TestWebKitAPI {
-
-DEPRECATED_DEFINE_STATIC_LOCAL(String, rootDir, (ASCIILiteral("/")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, homeDir, (String(getenv("HOME"))));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, usrDir, (ASCIILiteral("/usr")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, usrSbinDir, (ASCIILiteral("/usr/sbin")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirRead, (ASCIILiteral("/tmp/WebKitSeccompFilters/testRead")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirWrite, (ASCIILiteral("/tmp/WebKitSeccompFilters/testWrite")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirReadAndWrite, (ASCIILiteral("/tmp/WebKitSeccompFilters/testReadAndWrite")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testDirNotAllowed, (ASCIILiteral("/tmp/WebKitSeccompFilters/testNotAllowed")));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testFileNotAllowed, (testDirReadAndWrite + "/testFilePolicy"));
-DEPRECATED_DEFINE_STATIC_LOCAL(String, testFileReadAndWrite, (testDirNotAllowed + "/testFilePolicy"));
-
-static const mode_t defaultMode = S_IRUSR | S_IWUSR | S_IXUSR;
-
-class SeccompEnvironment : public testing::Environment {
-public:
- virtual void SetUp()
- {
- ASSERT_TRUE(!homeDir.isEmpty());
-
- mkdir("/tmp/WebKitSeccompFilters", defaultMode);
- mkdir(testDirRead.utf8().data(), defaultMode);
- mkdir(testDirWrite.utf8().data(), defaultMode);
- mkdir(testDirReadAndWrite.utf8().data(), defaultMode);
- mkdir(testDirNotAllowed.utf8().data(), defaultMode);
-
- // Create a file for the Read only and NotAllowed directory before
- // loading the filters.
- String file = testDirRead + "/testFile";
- int fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
- ASSERT_NE(close(fd), -1);
- file = testDirNotAllowed + "/testFile";
- fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
- ASSERT_NE(close(fd), -1);
-
- // Create files for the file policy tests. File policies precedes the
- // directory policy. In this case, we create a file with read and write
- // policies inside a directory that is not allowed, and vice versa.
- fd = open(testFileNotAllowed.utf8().data(), O_RDWR | O_CREAT, defaultMode);
- ASSERT_NE(close(fd), -1);
- fd = open(testFileReadAndWrite.utf8().data(), O_RDWR | O_CREAT, defaultMode);
- ASSERT_NE(close(fd), -1);
-
- SyscallPolicy policy;
- policy.addDirectoryPermission(rootDir, SyscallPolicy::NotAllowed);
- policy.addDirectoryPermission(usrDir, SyscallPolicy::Read);
- policy.addDirectoryPermission(usrSbinDir, SyscallPolicy::NotAllowed);
- policy.addDirectoryPermission(testDirRead, SyscallPolicy::Read);
- policy.addDirectoryPermission(testDirWrite, SyscallPolicy::Write);
- policy.addDirectoryPermission(testDirReadAndWrite, SyscallPolicy::ReadAndWrite);
- policy.addDirectoryPermission(testDirNotAllowed, SyscallPolicy::NotAllowed);
- policy.addFilePermission(testFileNotAllowed, SyscallPolicy::NotAllowed);
- policy.addFilePermission(testFileReadAndWrite, SyscallPolicy::ReadAndWrite);
-
- SeccompFilters seccompFilters(SeccompFilters::Allow);
- seccompFilters.addRule("open", SeccompFilters::Trap);
- seccompFilters.addRule("openat", SeccompFilters::Trap);
- seccompFilters.addRule("creat", SeccompFilters::Trap);
-
- SeccompBroker::launchProcess(&seccompFilters, policy);
- seccompFilters.initialize();
- }
-
- virtual void TearDown()
- {
- // This will have to move to a separated process created before loading
- // the filters when we put the rmdir/unlink policies in place.
- unlink("/tmp/WebKitSeccompFilters/testNotAllowed/testFile");
- unlink("/tmp/WebKitSeccompFilters/testNotAllowed/testFilePolicy");
- unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFile");
- unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFile2");
- unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFile3");
- unlink("/tmp/WebKitSeccompFilters/testReadAndWrite/testFilePolicy");
- unlink("/tmp/WebKitSeccompFilters/testWrite/testFile");
- unlink("/tmp/WebKitSeccompFilters/testWrite/testFile2");
- unlink("/tmp/WebKitSeccompFilters/testRead/testFile");
- rmdir("/tmp/WebKitSeccompFilters/testNotAllowed");
- rmdir("/tmp/WebKitSeccompFilters/testReadAndWrite");
- rmdir("/tmp/WebKitSeccompFilters/testWrite");
- rmdir("/tmp/WebKitSeccompFilters/testRead");
- rmdir("/tmp/WebKitSeccompFilters");
- }
-};
-
-::testing::Environment* const env = ::testing::AddGlobalTestEnvironment(new SeccompEnvironment);
-
-static void dummyHandler(int, siginfo_t*, void*)
-{
-}
-
-TEST(WebKit2, sigaction)
-{
- // Setting a handler should be enough to break any subsequent test if
- // not silently ignored by the sandbox.
- struct sigaction action;
- memset(&action, 0, sizeof(action));
- action.sa_sigaction = &dummyHandler;
- action.sa_flags = SA_SIGINFO;
-
- ASSERT_NE(sigaction(SIGSYS, &action, 0), -1);
-}
-
-TEST(WebKit2, sigprocmask)
-{
- // We test here the mechanism installed to prevent SIGSYS to be blocked. Any
- // attemp to add SIGSYS to the set of blocked signals will be silently
- // ignored (but other signals will be blocked just fine).
- sigset_t set, oldSet;
- sigemptyset(&set);
- sigaddset(&set, SIGSYS);
- sigaddset(&set, SIGUSR1);
-
- ASSERT_NE(sigprocmask(SIG_BLOCK, &set, 0), -1);
- ASSERT_NE(sigprocmask(SIG_BLOCK, 0, &oldSet), -1);
- ASSERT_FALSE(sigismember(&oldSet, SIGSYS)) << "SIGSYS should not be blocked.";
- ASSERT_TRUE(sigismember(&oldSet, SIGUSR1)) << "Other signals should be blocked normally.";
-
- sigemptyset(&set);
- sigaddset(&set, SIGSYS);
- sigaddset(&set, SIGUSR2);
-
- ASSERT_NE(sigprocmask(SIG_SETMASK, &set, &oldSet), -1);
- ASSERT_NE(sigprocmask(SIG_SETMASK, 0, &set), -1);
- ASSERT_FALSE(sigismember(&set, SIGSYS)) << "SIGSYS should not be blocked.";
- ASSERT_TRUE(sigismember(&set, SIGUSR2)) << "Other signals should be blocked normally.";
- ASSERT_FALSE(sigismember(&oldSet, SIGUSR2));
-
- ASSERT_NE(sigprocmask(SIG_SETMASK, &oldSet, 0), -1) << "Should restore the old signal set just fine.";
- ASSERT_NE(sigprocmask(SIG_SETMASK, 0, &set), -1);
- ASSERT_FALSE(sigismember(&set, SIGUSR2)) << "The restored set doesn't have SIGUSR2.";
-}
-
-TEST(WebKit2, open)
-{
- // Read only directory.
- String file = testDirRead + "/testFile";
- int fd = open(file.utf8().data(), O_RDWR);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_RDONLY | O_CREAT, defaultMode);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- file = testDirRead + "/ThisFileDoesNotExist";
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == ENOENT) << "Should return ENOENT when trying " \
- "to open a file that does not exit and the permissions are OK.";
-
- fd = open(file.utf8().data(), O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES) << "Should return EACCES when trying " \
- "to open a file that does not exit and the permissions are not OK.";
-
- // Write only directory.
- file = testDirWrite + "/testFile";
- fd = open(file.utf8().data(), O_WRONLY | O_CREAT, defaultMode);
- ASSERT_NE(fd, -1);
- close(fd);
-
- fd = open(file.utf8().data(), O_RDWR);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_WRONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- // Read an write directory.
- file = testDirReadAndWrite + "/testFile";
- fd = open(file.utf8().data(), O_WRONLY | O_CREAT, defaultMode);
- ASSERT_NE(fd, -1);
- close(fd);
-
- fd = open(file.utf8().data(), O_RDWR);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = open(file.utf8().data(), O_WRONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- // NotAllowed directory.
- file = testDirNotAllowed + "/testFile";
- fd = open(file.utf8().data(), O_WRONLY | O_CREAT, defaultMode);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_RDWR);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(file.utf8().data(), O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
-
- // The /usr directory here has read permissions, so it's subdirectories
- // should resolve to the /usr permissions unless explicitly specified.
- file = usrDir + "/bin/basename";
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_NE(fd, -1) << "Subdirectories should with no policy should " \
- "inherit the parent's policies.";
- close(fd);
-
- file = usrSbinDir + "/adduser";
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES) << "This directory should have " \
- "its own policy instead of the parent's.";
-
- // Access to the rest of the files system is blocked and should
- // never return anything else other than EACCES regardless if the
- // file exists or not. The reason is because it will fallback to the
- // policy of the Root directory, marked as NotAllowed.
- file = homeDir + "/testFile";
- fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open("/etc/passwd", O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- file = testDirReadAndWrite + "/../../../etc/passwd";
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- file = testDirReadAndWrite + "/../../.." + testDirReadAndWrite + "/../../../etc/passwd";
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- // Here we test file policies. The have precedence over directory policies.
- // The file bellow lives inside a directory with ReadAndWrite policy.
- fd = open(testFileNotAllowed.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(testFileNotAllowed.utf8().data(), O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open(testFileNotAllowed.utf8().data(), O_RDWR);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- file = testDirReadAndWrite + "/../../.." + testDirReadAndWrite + "/testFilePolicy";
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- // The next file is located inside a directory marked as NotAllowed, but
- // it has its own file policy that precedes the directory policy.
- fd = open(testFileReadAndWrite.utf8().data(), O_RDONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = open(testFileReadAndWrite.utf8().data(), O_WRONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = open(testFileReadAndWrite.utf8().data(), O_RDWR);
- EXPECT_NE(fd, -1);
- close(fd);
-
- file = testDirReadAndWrite + "/../../.." + testDirNotAllowed + "/testFilePolicy";
- fd = open(file.utf8().data(), O_RDONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-}
-
-TEST(WebKit2, creat)
-{
- // Read only directory.
- String file = testDirRead + "/testFile2";
- int fd = creat(file.utf8().data(), defaultMode);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- // Write only directory.
- file = testDirWrite + "/testFile2";
- fd = creat(file.utf8().data(), defaultMode);
- EXPECT_NE(fd, -1);
- close(fd);
-
- // Read an write directory.
- file = testDirReadAndWrite + "/testFile2";
- fd = creat(file.utf8().data(), defaultMode);
- EXPECT_NE(fd, -1);
- close(fd);
-
- // NotAllowed directory.
- file = testDirNotAllowed + "/testFile2";
- fd = creat(file.utf8().data(), defaultMode);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-}
-
-TEST(WebKit2, openat)
-{
- int dirFd = open(testDirReadAndWrite.utf8().data(), O_RDONLY);
- ASSERT_NE(dirFd, -1);
-
- int fd = openat(dirFd, "testFile3", O_RDWR | O_CREAT, defaultMode);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = openat(dirFd, "testFile3", O_RDWR);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = openat(dirFd, "testFile3", O_RDONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = openat(dirFd, "testFile3", O_WRONLY);
- EXPECT_NE(fd, -1);
-
- fd = openat(fd, "testFile3", O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == ENOTDIR) << "Should return ENOTDIR when the fd is a file.";
- close(fd);
-
- String file = "../../.." + testDirReadAndWrite + "/testFile3";
- fd = openat(dirFd, file.utf8().data(), O_WRONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- file = "../../.." + testDirRead + "/testFile3";
- fd = openat(dirFd, file.utf8().data(), O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- file = testDirReadAndWrite + "/testFile3";
- fd = openat(-1, file.utf8().data(), O_WRONLY);
- EXPECT_NE(fd, -1) << "Directory fd should be ignored when the path is absolute.";
- close(fd);
-
- fd = openat(-1, "testFile3", O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == EBADF) << "Should return EBADF when the fd is invalid.";
- close(dirFd);
-
- dirFd = open(testDirNotAllowed.utf8().data(), O_RDONLY);
- EXPECT_TRUE(dirFd == -1 && errno == EACCES);
-
- dirFd = open(testDirRead.utf8().data(), O_RDONLY);
- ASSERT_NE(dirFd, -1);
-
- fd = openat(dirFd, "testFile2", O_RDONLY | O_CREAT, defaultMode);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = openat(dirFd, "testFile", O_WRONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
- close(dirFd);
-}
-
-static void* stressTest(void*)
-{
- for (int i = 0; i < 500; ++i) {
- int fd = open("/tmp/WebKitSeccompFilters/testRead/testFile", O_RDWR);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = open("/tmp/WebKitSeccompFilters/testRead/testFile", O_RDONLY);
- EXPECT_NE(fd, -1);
- close(fd);
-
- fd = open("/tmp/WebKitSeccompFilters/testNotAllowed/testFile", O_RDONLY);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- fd = creat("/tmp/WebKitSeccompFilters/testNotAllowed/SholdNotBeAllowed", defaultMode);
- EXPECT_TRUE(fd == -1 && errno == EACCES);
-
- int dirFd = open("/tmp/WebKitSeccompFilters/testRead", O_RDONLY);
- EXPECT_NE(dirFd, -1);
-
- fd = openat(dirFd, "testFile", O_RDONLY);
- EXPECT_NE(fd, -1);
- close(fd);
- close(dirFd);
- }
-
- return 0;
-}
-
-TEST(WebKit2, threading)
-{
- // Tests if concurrent syscall execution works fine. It can be
- // also used for performance testing and leak detection. The test
- // is disabled on Debug mode because it can be way too verbose.
- pthread_t threads[5];
-
- for (int i = 0; i < sizeof(threads) / sizeof(pthread_t); ++i)
- pthread_create(&threads[i], 0, stressTest, 0);
-
- for (int i = 0; i < sizeof(threads) / sizeof(pthread_t); ++i)
- pthread_join(threads[i], 0);
-}
-
-} // namespace TestWebKitAPI
</del></span></pre></div>
<a id="trunkToolsefljhbuildmodules"></a>
<div class="modfile"><h4>Modified: trunk/Tools/efl/jhbuild.modules (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/efl/jhbuild.modules 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Tools/efl/jhbuild.modules 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -21,7 +21,6 @@
</span><span class="cx"> <dep package="gst-plugins-good"/>
</span><span class="cx"> <dep package="gst-plugins-bad"/>
</span><span class="cx"> <dep package="gst-libav"/>
</span><del>- <dep package="libseccomp"/>
</del><span class="cx"> <dep package="atk"/>
</span><span class="cx"> <dep package="openwebrtc"/>
</span><span class="cx"> </dependencies>
</span><span class="lines">@@ -267,13 +266,6 @@
</span><span class="cx"> </branch>
</span><span class="cx"> </autotools>
</span><span class="cx">
</span><del>- <autotools id="libseccomp" autogen-sh="configure">
- <branch module="seccomp/libseccomp/releases/download/v2.2.3/libseccomp-2.2.3.tar.gz" version="2.2.3"
- repo="github.com"
- hash="sha256:d9b400b703cab7bb04b84b9b6e52076a630b673819d7541757bcc16467b6d49e">
- </branch>
- </autotools>
-
</del><span class="cx"> <autotools id="atk"
</span><span class="cx"> autogen-sh="configure"
</span><span class="cx"> autogenargs="--disable-introspection">
</span></span></pre></div>
<a id="trunkToolsgtkjhbuildmodules"></a>
<div class="modfile"><h4>Modified: trunk/Tools/gtk/jhbuild.modules (200620 => 200621)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/gtk/jhbuild.modules 2016-05-10 11:41:26 UTC (rev 200620)
+++ trunk/Tools/gtk/jhbuild.modules 2016-05-10 14:56:00 UTC (rev 200621)
</span><span class="lines">@@ -33,7 +33,6 @@
</span><span class="cx"> <if condition-set="linux">
</span><span class="cx"> <dep package="xserver"/>
</span><span class="cx"> <dep package="mesa"/>
</span><del>- <dep package="libseccomp"/>
</del><span class="cx"> <dep package="at-spi2-core"/>
</span><span class="cx"> <dep package="at-spi2-atk"/>
</span><span class="cx"> </if>
</span><span class="lines">@@ -136,10 +135,6 @@
</span><span class="cx"> md5sum="f5898b29bbfd70502831a212d9249d10"/>
</span><span class="cx"> </autotools>
</span><span class="cx">
</span><del>- <autotools id="libseccomp" supports-non-srcdir-builds="no" autogen-sh="./autogen.sh; ./configure">
- <branch repo="github.com" module="seccomp/libseccomp.git" tag="v2.2.3"/>
- </autotools>
-
</del><span class="cx"> <autotools id="gdk-pixbuf" autogen-sh="configure"
</span><span class="cx"> autogenargs="--disable-introspection">
</span><span class="cx"> <dependencies>
</span></span></pre>
</div>
</div>
</body>
</html>