<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[210599] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/210599">210599</a></dd>
<dt>Author</dt> <dd>bfulgham@apple.com</dd>
<dt>Date</dt> <dd>2017-01-11 13:55:20 -0800 (Wed, 11 Jan 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>File scheme should not allow access of a resource on a different volume.
https://bugs.webkit.org/show_bug.cgi?id=158552
<rdar://problem/15307582>
Reviewed by Alex Christensen.
Source/WebCore:
Revise SecurityOrigin to prevent files from one storage device (volume) from accessing content
on a different storage device (volume) unless universal access is enabled.
Pass the current file device as part of the NSURLRequest so that CFNetwork can reject loads
where the device changes in the midst of a load.
Also properly reflect that SecurityOrigin is never null by passing as a reference,
rather than as a pointer.
Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
* page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::canAccess): Pass argument as reference.
(WebCore::SecurityOrigin::canDisplay): Add check that files share the same volume.
(WebCore::SecurityOrigin::isSameSchemeHostPort): Pass argument as reference.
* page/SecurityOrigin.h:
* platform/FileSystem.cpp:
(WebCore::filesHaveSameVolume): Added.
* platform/FileSystem.h:
* platform/network/cocoa/ResourceRequestCocoa.mm:
(WebCore::ResourceRequest::doUpdatePlatformRequest): If loading a file URL, tell CFNetwork
the storage device at the time of the start of the load so we can trigger a failure if this
changes during the load operation.
* platform/posix/FileSystemPOSIX.cpp:
(WebCore::getFileDeviceId): Added.
* platform/win/FileSystemWin.cpp:
(WebCore::getFileDeviceId): Added.
Tools:
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add new files.
* TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html: Added.
* TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorepageSecurityOrigincpp">trunk/Source/WebCore/page/SecurityOrigin.cpp</a></li>
<li><a href="#trunkSourceWebCorepageSecurityOriginh">trunk/Source/WebCore/page/SecurityOrigin.h</a></li>
<li><a href="#trunkSourceWebCoreplatformFileSystemcpp">trunk/Source/WebCore/platform/FileSystem.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformFileSystemh">trunk/Source/WebCore/platform/FileSystem.h</a></li>
<li><a href="#trunkSourceWebCoreplatformnetworkcocoaResourceRequestCocoamm">trunk/Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm</a></li>
<li><a href="#trunkSourceWebCoreplatformposixFileSystemPOSIXcpp">trunk/Source/WebCore/platform/posix/FileSystemPOSIX.cpp</a></li>
<li><a href="#trunkSourceWebCoreplatformwinFileSystemWincpp">trunk/Source/WebCore/platform/win/FileSystemWin.cpp</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj">trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkToolsTestWebKitAPITestsWebKit2WKPageIsPlayingAudiocpp">trunk/Tools/TestWebKitAPI/Tests/WebKit2/WKPageIsPlayingAudio.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/ChangeLog 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,3 +1,39 @@
</span><ins>+2017-01-11 Brent Fulgham <bfulgham@apple.com>
+
+ File scheme should not allow access of a resource on a different volume.
+ https://bugs.webkit.org/show_bug.cgi?id=158552
+ <rdar://problem/15307582>
+
+ Reviewed by Alex Christensen.
+
+ Revise SecurityOrigin to prevent files from one storage device (volume) from accessing content
+ on a different storage device (volume) unless universal access is enabled.
+
+ Pass the current file device as part of the NSURLRequest so that CFNetwork can reject loads
+ where the device changes in the midst of a load.
+
+ Also properly reflect that SecurityOrigin is never null by passing as a reference,
+ rather than as a pointer.
+
+ Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
+
+ * page/SecurityOrigin.cpp:
+ (WebCore::SecurityOrigin::canAccess): Pass argument as reference.
+ (WebCore::SecurityOrigin::canDisplay): Add check that files share the same volume.
+ (WebCore::SecurityOrigin::isSameSchemeHostPort): Pass argument as reference.
+ * page/SecurityOrigin.h:
+ * platform/FileSystem.cpp:
+ (WebCore::filesHaveSameVolume): Added.
+ * platform/FileSystem.h:
+ * platform/network/cocoa/ResourceRequestCocoa.mm:
+ (WebCore::ResourceRequest::doUpdatePlatformRequest): If loading a file URL, tell CFNetwork
+ the storage device at the time of the start of the load so we can trigger a failure if this
+ changes during the load operation.
+ * platform/posix/FileSystemPOSIX.cpp:
+ (WebCore::getFileDeviceId): Added.
+ * platform/win/FileSystemWin.cpp:
+ (WebCore::getFileDeviceId): Added.
+
</ins><span class="cx"> 2017-01-11 Myles C. Maxfield <mmaxfield@apple.com>
</span><span class="cx">
</span><span class="cx"> [Cocoa] Testing fix after r210597
</span></span></pre></div>
<a id="trunkSourceWebCorepageSecurityOrigincpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SecurityOrigin.cpp (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/page/SecurityOrigin.cpp 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -229,19 +229,19 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (canAccess && isLocal())
</span><del>- canAccess = passesFileCheck(other);
</del><ins>+ canAccess = passesFileCheck(*other);
</ins><span class="cx">
</span><span class="cx"> return canAccess;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-bool SecurityOrigin::passesFileCheck(const SecurityOrigin* other) const
</del><ins>+bool SecurityOrigin::passesFileCheck(const SecurityOrigin& other) const
</ins><span class="cx"> {
</span><del>- ASSERT(isLocal() && other->isLocal());
</del><ins>+ ASSERT(isLocal() && other.isLocal());
</ins><span class="cx">
</span><del>- if (!m_enforceFilePathSeparation && !other->m_enforceFilePathSeparation)
</del><ins>+ if (!m_enforceFilePathSeparation && !other.m_enforceFilePathSeparation)
</ins><span class="cx"> return true;
</span><span class="cx">
</span><del>- return (m_filePath == other->m_filePath);
</del><ins>+ return (m_filePath == other.m_filePath);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool SecurityOrigin::canRequest(const URL& url) const
</span><span class="lines">@@ -304,6 +304,11 @@
</span><span class="cx"> if (m_universalAccess)
</span><span class="cx"> return true;
</span><span class="cx">
</span><ins>+ if (isLocal() && url.isLocalFile()) {
+ if (!filesHaveSameVolume(m_filePath, url.path()))
+ return false;
+ }
+
</ins><span class="cx"> if (isFeedWithNestedProtocolInHTTPFamily(url))
</span><span class="cx"> return true;
</span><span class="cx">
</span><span class="lines">@@ -523,7 +528,7 @@
</span><span class="cx"> if (m_port != other->m_port)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- if (isLocal() && !passesFileCheck(other))
</del><ins>+ if (isLocal() && !passesFileCheck(*other))
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> return true;
</span></span></pre></div>
<a id="trunkSourceWebCorepageSecurityOriginh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/page/SecurityOrigin.h (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/page/SecurityOrigin.h 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/page/SecurityOrigin.h 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -208,7 +208,7 @@
</span><span class="cx"> explicit SecurityOrigin(const SecurityOrigin*);
</span><span class="cx">
</span><span class="cx"> // FIXME: Rename this function to something more semantic.
</span><del>- bool passesFileCheck(const SecurityOrigin*) const;
</del><ins>+ bool passesFileCheck(const SecurityOrigin&) const;
</ins><span class="cx">
</span><span class="cx"> // This method checks that the scheme for this origin is an HTTP-family
</span><span class="cx"> // scheme, e.g. HTTP and HTTPS.
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformFileSystemcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/FileSystem.cpp (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/FileSystem.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/FileSystem.cpp 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007, 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2015 Canon Inc. All rights reserved.
</span><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -233,6 +233,26 @@
</span><span class="cx"> ASSERT_NOT_REACHED();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+
+bool filesHaveSameVolume(const String& fileA, const String& fileB)
+{
+ auto fsRepFileA = fileSystemRepresentation(fileA);
+ auto fsRepFileB = fileSystemRepresentation(fileB);
+
+ if (fsRepFileA.isNull() || fsRepFileB.isNull())
+ return false;
+
+ bool result = false;
+
+ auto fileADev = getFileDeviceId(fsRepFileA);
+ auto fileBDev = getFileDeviceId(fsRepFileB);
+
+ if (fileADev && fileBDev)
+ result = (fileADev == fileBDev);
+
+ return result;
+}
+
</ins><span class="cx"> #if !PLATFORM(MAC)
</span><span class="cx">
</span><span class="cx"> void setMetadataURL(String&, const String&, const String&)
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformFileSystemh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/FileSystem.h (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/FileSystem.h 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/FileSystem.h 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007, 2008, 2011 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2008 Collabora, Ltd. All rights reserved.
</span><span class="cx"> * Copyright (C) 2015 Canon Inc. All rights reserved.
</span><span class="cx"> *
</span><span class="lines">@@ -146,6 +146,7 @@
</span><span class="cx"> WEBCORE_EXPORT String pathGetFileName(const String&);
</span><span class="cx"> WEBCORE_EXPORT String directoryName(const String&);
</span><span class="cx"> WEBCORE_EXPORT bool getVolumeFreeSpace(const String&, uint64_t&);
</span><ins>+WEBCORE_EXPORT std::optional<int32_t> getFileDeviceId(const CString&);
</ins><span class="cx">
</span><span class="cx"> WEBCORE_EXPORT void setMetadataURL(String& URLString, const String& referrer, const String& path);
</span><span class="cx">
</span><span class="lines">@@ -193,6 +194,8 @@
</span><span class="cx"> WEBCORE_EXPORT String encodeForFileName(const String&);
</span><span class="cx"> String decodeFromFilename(const String&);
</span><span class="cx">
</span><ins>+bool filesHaveSameVolume(const String&, const String&);
+
</ins><span class="cx"> #if USE(CF)
</span><span class="cx"> RetainPtr<CFURLRef> pathAsURL(const String&);
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformnetworkcocoaResourceRequestCocoamm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/network/cocoa/ResourceRequestCocoa.mm 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014 Apple, Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014-2017 Apple, Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #if PLATFORM(COCOA)
</span><span class="cx">
</span><ins>+#import "FileSystem.h"
</ins><span class="cx"> #import "FormDataStreamMac.h"
</span><span class="cx"> #import "HTTPHeaderNames.h"
</span><span class="cx"> #import "ResourceRequestCFNet.h"
</span><span class="lines">@@ -203,6 +204,17 @@
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span><ins>+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)
+ if (m_url.isLocalFile()) {
+ auto fsRepFile = fileSystemRepresentation(m_url.fileSystemPath());
+ if (!fsRepFile.isNull()) {
+ auto fileDevice = getFileDeviceId(fsRepFile);
+ if (fileDevice && fileDevice.value())
+ [nsRequest _setProperty:[NSNumber numberWithInteger:fileDevice.value()] forKey:@"NSURLRequestFileProtocolExpectedDevice"];
+ }
+ }
+#endif
+
</ins><span class="cx"> m_nsRequest = adoptNS(nsRequest);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformposixFileSystemPOSIXcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/posix/FileSystemPOSIX.cpp (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/posix/FileSystemPOSIX.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/posix/FileSystemPOSIX.cpp 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -383,4 +383,13 @@
</span><span class="cx"> return appendResult;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+std::optional<int32_t> getFileDeviceId(const CString& fsFile)
+{
+ struct stat fileStat;
+ if (stat(fsFile.data(), &fileStat) == -1)
+ return std::nullopt;
+
+ return fileStat.st_dev;
+}
+
</ins><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="trunkSourceWebCoreplatformwinFileSystemWincpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/platform/win/FileSystemWin.cpp (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/platform/win/FileSystemWin.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Source/WebCore/platform/win/FileSystemWin.cpp 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2007, 2008 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2007-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> * Copyright (C) 2008 Collabora, Ltd. All rights reserved.
</span><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -33,13 +33,15 @@
</span><span class="cx"> #include "FileMetadata.h"
</span><span class="cx"> #include "NotImplemented.h"
</span><span class="cx"> #include "PathWalker.h"
</span><ins>+#include <io.h>
+#include <shlobj.h>
+#include <shlwapi.h>
+#include <sys/stat.h>
+#include <windows.h>
</ins><span class="cx"> #include <wtf/CryptographicallyRandomNumber.h>
</span><span class="cx"> #include <wtf/HashMap.h>
</span><span class="cx"> #include <wtf/text/CString.h>
</span><span class="cx">
</span><del>-#include <windows.h>
-#include <shlobj.h>
-#include <shlwapi.h>
</del><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="lines">@@ -452,4 +454,21 @@
</span><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+std::optional<int32_t> getFileDeviceId(const CString& fsFile)
+{
+ auto handle = openFile(fsFile.data(), OpenForRead);
+ if (!isHandleValid(handle))
+ return std::nullopt;
+
+ BY_HANDLE_FILE_INFORMATION fileInformation = { };
+ if (!::GetFileInformationByHandle(handle, &fileInformation)) {
+ closeFile(handle);
+ return std::nullopt;
+ }
+
+ closeFile(handle);
+
+ return fileInformation.dwVolumeSerialNumber;
+}
+
</ins><span class="cx"> } // namespace WebCore
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Tools/ChangeLog 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -1,3 +1,15 @@
</span><ins>+2017-01-11 Brent Fulgham <bfulgham@apple.com>
+
+ File scheme should not allow access of a resource on a different volume.
+ https://bugs.webkit.org/show_bug.cgi?id=158552
+ <rdar://problem/15307582>
+
+ Reviewed by Alex Christensen.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: Add new files.
+ * TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.html: Added.
+ * TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm: Added.
+
</ins><span class="cx"> 2017-01-11 Ryan Haddad <ryanhaddad@apple.com>
</span><span class="cx">
</span><span class="cx"> Unreviewed, rolling out r210571.
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPITestWebKitAPIxcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -197,6 +197,8 @@
</span><span class="cx"> 7A909A831D877480007E10F8 /* IntSize.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A909A751D877475007E10F8 /* IntSize.cpp */; };
</span><span class="cx"> 7AD3FE8E1D76131200B169A4 /* TransformationMatrix.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */; };
</span><span class="cx"> 7AE9E5091AE5AE8B00CF874B /* test.pdf in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7AE9E5081AE5AE8B00CF874B /* test.pdf */; };
</span><ins>+ 7AEAD47F1E20116C00416EFE /* CrossPartitionFileSchemeAccess.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7AEAD47C1E20113800416EFE /* CrossPartitionFileSchemeAccess.mm */; };
+ 7AEAD4811E20122700416EFE /* CrossPartitionFileSchemeAccess.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 7AEAD47D1E20114E00416EFE /* CrossPartitionFileSchemeAccess.html */; };
</ins><span class="cx"> 7C3965061CDD74F90094DBB8 /* Color.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7C3965051CDD74F90094DBB8 /* Color.cpp */; };
</span><span class="cx"> 7C3DB8E41D12129B00AE8CC3 /* CommandBackForward.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7C3DB8E21D12129B00AE8CC3 /* CommandBackForward.mm */; };
</span><span class="cx"> 7C417F331D19E14800B8EF53 /* WKWebViewDefaultNavigationDelegate.mm in Sources */ = {isa = PBXBuildFile; fileRef = 7C417F311D19E14800B8EF53 /* WKWebViewDefaultNavigationDelegate.mm */; };
</span><span class="lines">@@ -601,6 +603,7 @@
</span><span class="cx"> dstPath = TestWebKitAPI.resources;
</span><span class="cx"> dstSubfolderSpec = 7;
</span><span class="cx"> files = (
</span><ins>+ 7AEAD4811E20122700416EFE /* CrossPartitionFileSchemeAccess.html in Copy Resources */,
</ins><span class="cx"> CDB4115A1E0B00DB00EAD352 /* video-with-muted-audio.html in Copy Resources */,
</span><span class="cx"> 9BD4239C1E04C01C00200395 /* chinese-character-with-image.html in Copy Resources */,
</span><span class="cx"> A155022C1E050D0300A24C57 /* duplicate-completion-handler-calls.html in Copy Resources */,
</span><span class="lines">@@ -1040,6 +1043,8 @@
</span><span class="cx"> 7AA6A1511AAC0B31002B2ED3 /* WorkQueue.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WorkQueue.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 7AD3FE8D1D75FB8D00B169A4 /* TransformationMatrix.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TransformationMatrix.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 7AE9E5081AE5AE8B00CF874B /* test.pdf */ = {isa = PBXFileReference; lastKnownFileType = image.pdf; path = test.pdf; sourceTree = "<group>"; };
</span><ins>+ 7AEAD47C1E20113800416EFE /* CrossPartitionFileSchemeAccess.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CrossPartitionFileSchemeAccess.mm; sourceTree = "<group>"; };
+ 7AEAD47D1E20114E00416EFE /* CrossPartitionFileSchemeAccess.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; name = CrossPartitionFileSchemeAccess.html; path = Tests/mac/CrossPartitionFileSchemeAccess.html; sourceTree = SOURCE_ROOT; };
</ins><span class="cx"> 7C3965051CDD74F90094DBB8 /* Color.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Color.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 7C3DB8E21D12129B00AE8CC3 /* CommandBackForward.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CommandBackForward.mm; sourceTree = "<group>"; };
</span><span class="cx"> 7C417F311D19E14800B8EF53 /* WKWebViewDefaultNavigationDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WKWebViewDefaultNavigationDelegate.mm; sourceTree = "<group>"; };
</span><span class="lines">@@ -2029,6 +2034,7 @@
</span><span class="cx"> C07E6CAD13FD67650038B22B /* mac */ = {
</span><span class="cx"> isa = PBXGroup;
</span><span class="cx"> children = (
</span><ins>+ 7AEAD47C1E20113800416EFE /* CrossPartitionFileSchemeAccess.mm */,
</ins><span class="cx"> 5C0BF88F1DD5999B00B00328 /* WebViewCanPasteZeroPng.mm */,
</span><span class="cx"> 5C0BF88C1DD5957400B00328 /* MemoryPressureHandler.mm */,
</span><span class="cx"> C07E6CB013FD737C0038B22B /* Resources */,
</span><span class="lines">@@ -2093,6 +2099,7 @@
</span><span class="cx"> C07E6CB013FD737C0038B22B /* Resources */ = {
</span><span class="cx"> isa = PBXGroup;
</span><span class="cx"> children = (
</span><ins>+ 7AEAD47D1E20114E00416EFE /* CrossPartitionFileSchemeAccess.html */,
</ins><span class="cx"> F42DA5151D8CEFDB00336F40 /* large-input-field-focus-onload.html */,
</span><span class="cx"> 379028B814FABE49007E6B43 /* acceptsFirstMouse.html */,
</span><span class="cx"> B55F11B9151916E600915916 /* Ahem.ttf */,
</span><span class="lines">@@ -2497,6 +2504,7 @@
</span><span class="cx"> 2DC4CF771D2D9DD800ECCC94 /* DataDetection.mm in Sources */,
</span><span class="cx"> 2D1646E21D1862CD00015A1A /* DeferredViewInWindowStateChange.mm in Sources */,
</span><span class="cx"> 7CCE7EB91A411A7E00447C4C /* DeviceScaleFactorInDashboardRegions.mm in Sources */,
</span><ins>+ 7AEAD47F1E20116C00416EFE /* CrossPartitionFileSchemeAccess.mm in Sources */,
</ins><span class="cx"> 7CCE7EBA1A411A7E00447C4C /* DeviceScaleFactorOnBack.mm in Sources */,
</span><span class="cx"> 7C83E04D1D0A641800FEBCF3 /* DFACombiner.cpp in Sources */,
</span><span class="cx"> 7C83E04E1D0A641800FEBCF3 /* DFAMinimizer.cpp in Sources */,
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPITestsWebKit2WKPageIsPlayingAudiocpp"></a>
<div class="modfile"><h4>Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2/WKPageIsPlayingAudio.cpp (210598 => 210599)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/Tests/WebKit2/WKPageIsPlayingAudio.cpp 2017-01-11 21:46:43 UTC (rev 210598)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2/WKPageIsPlayingAudio.cpp 2017-01-11 21:55:20 UTC (rev 210599)
</span><span class="lines">@@ -118,6 +118,13 @@
</span><span class="cx"> {
</span><span class="cx"> WKRetainPtr<WKContextRef> context = adoptWK(WKContextCreate());
</span><span class="cx">
</span><ins>+ bool keepOnKeepingOn = true;
+ size_t i = 0;
+ while (keepOnKeepingOn) {
+ ++i;
+ sleep(1);
+ }
+
</ins><span class="cx"> WKRetainPtr<WKPageGroupRef> pageGroup(AdoptWK, WKPageGroupCreateWithIdentifier(Util::toWK("MSEIsPlayingAudioPageGroup").get()));
</span><span class="cx"> WKPreferencesRef preferences = WKPageGroupGetPreferences(pageGroup.get());
</span><span class="cx"> WKPreferencesSetMediaSourceEnabled(preferences, true);
</span></span></pre>
</div>
</div>
</body>
</html>