<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[237107] trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/237107">237107</a></dd>
<dt>Author</dt> <dd>mcatanzaro@igalia.com</dd>
<dt>Date</dt> <dd>2018-10-15 08:02:59 -0700 (Mon, 15 Oct 2018)</dd>
</dl>

<h3>Log Message</h3>
<pre>[GTK][WPE] Implement subprocess sandboxing
https://bugs.webkit.org/show_bug.cgi?id=188568

Patch by Patrick Griffis <pgriffis@igalia.com> on 2018-10-15
Reviewed by Michael Catanzaro.

.:

Add ENABLE_BUBBLEWRAP_SANDBOX option for sandboxing.

* Source/cmake/FindLibseccomp.cmake: Added.
* Source/cmake/OptionsGTK.cmake:
* Source/cmake/WebKitFeatures.cmake:

Source/WebCore:

Link against libseccomp.

* PlatformGTK.cmake:

Source/WebKit:

This implements sandboxing of WebKitWebProcesses.

The sandbox is opt-in at runtime as it is a behavior change.
See webkit_web_context_set_sandbox_enabled() and the
WEBKIT_FORCE_SANDBOX env var for developers.

This is Linux specific using Namespaces, Seccomp, and a DBus proxy service.
This introduces three new dependencies:

- bwrap executable
- libseccomp library
- xdg-dbus-proxy executable

The use of xdg-dbus-proxy will ideally be replaced once upstream DBus
gains the same filtering abilities which is a work in progress.

Currently the sandbox is not completed and there are a few large holes:

- Pulseaudio: The Pipewire project will solve this.
- DRI device access: No immediate solutions planned.
- Webcam device access: Pipewire will also solve this.
- Webprocess network access: Will require GStreamer changes.
- DConf access: Custom proxy planned.
- X11 access: Wayland solves this.

That is not an exhaustive list but are the noteworthy ones. Filesystem access
is still an evolving list as problems are found as is specific DBus name access.

* PlatformGTK.cmake:
* PlatformWPE.cmake:
* SourcesGTK.txt:
* SourcesWPE.txt:
* UIProcess/API/glib/WebKitWebContext.cpp:
(webkit_web_context_set_sandbox_enabled):
(webkit_web_context_get_sandbox_enabled):
* UIProcess/API/gtk/WebKitWebContext.h:
* UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
* UIProcess/API/wpe/WebKitWebContext.h:
* UIProcess/ChildProcessProxy.cpp:
(WebKit::ChildProcessProxy::getLaunchOptions):
* UIProcess/ChildProcessProxy.h:
(WebKit::ChildProcessProxy::platformGetLaunchOptions):
* UIProcess/Launcher/ProcessLauncher.h:
* UIProcess/Launcher/glib/BubblewrapLauncher.cpp: Added.
(WebKit::memfd_create):
(WebKit::argsToFd):
(WebKit::XDGDBusProxyLauncher::setAddress):
(WebKit::XDGDBusProxyLauncher::isRunning const):
(WebKit::XDGDBusProxyLauncher::path const):
(WebKit::XDGDBusProxyLauncher::proxyPath const):
(WebKit::XDGDBusProxyLauncher::setPermissions):
(WebKit::XDGDBusProxyLauncher::launch):
(WebKit::XDGDBusProxyLauncher::childSetupFunc):
(WebKit::XDGDBusProxyLauncher::makeProxyPath):
(WebKit::XDGDBusProxyLauncher::dbusAddressToPath):
(WebKit::bindIfExists):
(WebKit::bindDBusSession):
(WebKit::bindX11):
(WebKit::bindDconf):
(WebKit::bindWayland):
(WebKit::bindPulse):
(WebKit::bindFonts):
(WebKit::bindGtkData):
(WebKit::bindA11y):
(WebKit::bindPathVar):
(WebKit::bindGStreamerData):
(WebKit::bindOpenGL):
(WebKit::bindV4l):
(WebKit::bindSymlinksRealPath):
(WebKit::setupSeccomp):
(WebKit::bubblewrapSpawn):
* UIProcess/Launcher/glib/BubblewrapLauncher.h: Added.
* UIProcess/Launcher/glib/FlatpakLauncher.cpp: Added.
(WebKit::flatpakSpawn):
* UIProcess/Launcher/glib/FlatpakLauncher.h: Added.
* UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
(WebKit::isInsideFlatpak):
(WebKit::ProcessLauncher::launchProcess):
* UIProcess/Plugins/PluginProcessProxy.cpp:
(WebKit::PluginProcessProxy::getLaunchOptions):
* UIProcess/Plugins/PluginProcessProxy.h:
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):
* UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp:
(WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):
* UIProcess/WebProcessPool.h:
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::platformGetLaunchOptions):
* UIProcess/WebProcessProxy.h:
* UIProcess/glib/WebProcessProxyGLib.cpp: Added.
(WebKit::WebProcessProxy::platformGetLaunchOptions):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkChangeLog">trunk/ChangeLog</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorePlatformGTKcmake">trunk/Source/WebCore/PlatformGTK.cmake</a></li>
<li><a href="#trunkSourceWebKitChangeLog">trunk/Source/WebKit/ChangeLog</a></li>
<li><a href="#trunkSourceWebKitPlatformGTKcmake">trunk/Source/WebKit/PlatformGTK.cmake</a></li>
<li><a href="#trunkSourceWebKitPlatformWPEcmake">trunk/Source/WebKit/PlatformWPE.cmake</a></li>
<li><a href="#trunkSourceWebKitSourcesGTKtxt">trunk/Source/WebKit/SourcesGTK.txt</a></li>
<li><a href="#trunkSourceWebKitSourcesWPEtxt">trunk/Source/WebKit/SourcesWPE.txt</a></li>
<li><a href="#trunkSourceWebKitUIProcessAPIglibWebKitWebContextcpp">trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp</a></li>
<li><a href="#trunkSourceWebKitUIProcessAPIgtkWebKitWebContexth">trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h</a></li>
<li><a href="#trunkSourceWebKitUIProcessAPIgtkdocswebkit2gtk40sectionstxt">trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt</a></li>
<li><a href="#trunkSourceWebKitUIProcessAPIwpeWebKitWebContexth">trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h</a></li>
<li><a href="#trunkSourceWebKitUIProcessChildProcessProxycpp">trunk/Source/WebKit/UIProcess/ChildProcessProxy.cpp</a></li>
<li><a href="#trunkSourceWebKitUIProcessChildProcessProxyh">trunk/Source/WebKit/UIProcess/ChildProcessProxy.h</a></li>
<li><a href="#trunkSourceWebKitUIProcessLauncherglibProcessLauncherGLibcpp">trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp</a></li>
<li><a href="#trunkSourceWebKitUIProcessPluginsPluginProcessProxycpp">trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.cpp</a></li>
<li><a href="#trunkSourceWebKitUIProcessPluginsPluginProcessProxyh">trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h</a></li>
<li><a href="#trunkSourceWebKitUIProcessPluginsmacPluginProcessProxyMacmm">trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm</a></li>
<li><a href="#trunkSourceWebKitUIProcessPluginsunixPluginProcessProxyUnixcpp">trunk/Source/WebKit/UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp</a></li>
<li><a href="#trunkSourceWebKitUIProcessWebProcessPoolh">trunk/Source/WebKit/UIProcess/WebProcessPool.h</a></li>
<li><a href="#trunkSourceWebKitUIProcessWebProcessProxycpp">trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp</a></li>
<li><a href="#trunkSourceWebKitUIProcessWebProcessProxyh">trunk/Source/WebKit/UIProcess/WebProcessProxy.h</a></li>
<li><a href="#trunkSourcecmakeOptionsGTKcmake">trunk/Source/cmake/OptionsGTK.cmake</a></li>
<li><a href="#trunkSourcecmakeWebKitFeaturescmake">trunk/Source/cmake/WebKitFeatures.cmake</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/ChangeLog (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/ChangeLog  2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/ChangeLog     2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2018-10-15  Patrick Griffis  <pgriffis@igalia.com>
+
+        [GTK][WPE] Implement subprocess sandboxing
+        https://bugs.webkit.org/show_bug.cgi?id=188568
+
+        Reviewed by Michael Catanzaro.
+
+        Add ENABLE_BUBBLEWRAP_SANDBOX option for sandboxing.
+
+        * Source/cmake/FindLibseccomp.cmake: Added.
+        * Source/cmake/OptionsGTK.cmake:
+        * Source/cmake/WebKitFeatures.cmake:
+
</ins><span class="cx"> 2018-10-14  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
</span><span class="cx"> 
</span><span class="cx">         [JSC] Remove Option::useAsyncIterator
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog   2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebCore/ChangeLog      2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -1,3 +1,14 @@
</span><ins>+2018-10-15  Patrick Griffis  <pgriffis@igalia.com>
+
+        [GTK][WPE] Implement subprocess sandboxing
+        https://bugs.webkit.org/show_bug.cgi?id=188568
+
+        Reviewed by Michael Catanzaro.
+
+        Link against libseccomp.
+
+        * PlatformGTK.cmake:
+
</ins><span class="cx"> 2018-10-15  YUHAN WU  <yuhan_wu@apple.com>
</span><span class="cx"> 
</span><span class="cx">         Implement error handler of MediaRecorder
</span></span></pre></div>
<a id="trunkSourceWebCorePlatformGTKcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/PlatformGTK.cmake (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/PlatformGTK.cmake   2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebCore/PlatformGTK.cmake      2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -106,6 +106,7 @@
</span><span class="cx">     ${GLIB_GMODULE_LIBRARIES}
</span><span class="cx">     ${GLIB_GOBJECT_LIBRARIES}
</span><span class="cx">     ${GLIB_LIBRARIES}
</span><ins>+    ${LIBSECCOMP_LIBRARIES}
</ins><span class="cx">     ${LIBSECRET_LIBRARIES}
</span><span class="cx">     ${LIBSOUP_LIBRARIES}
</span><span class="cx">     ${LIBTASN1_LIBRARIES}
</span><span class="lines">@@ -125,6 +126,7 @@
</span><span class="cx">     ${ENCHANT_INCLUDE_DIRS}
</span><span class="cx">     ${GIO_UNIX_INCLUDE_DIRS}
</span><span class="cx">     ${GLIB_INCLUDE_DIRS}
</span><ins>+    ${LIBSECCOMP_INCLUDE_DIRS}
</ins><span class="cx">     ${LIBSECRET_INCLUDE_DIRS}
</span><span class="cx">     ${LIBSOUP_INCLUDE_DIRS}
</span><span class="cx">     ${LIBTASN1_INCLUDE_DIRS}
</span></span></pre></div>
<a id="trunkSourceWebKitChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/ChangeLog (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/ChangeLog    2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/ChangeLog       2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -1,3 +1,102 @@
</span><ins>+2018-10-15  Patrick Griffis  <pgriffis@igalia.com>
+
+        [GTK][WPE] Implement subprocess sandboxing
+        https://bugs.webkit.org/show_bug.cgi?id=188568
+
+        Reviewed by Michael Catanzaro.
+
+        This implements sandboxing of WebKitWebProcesses.
+
+        The sandbox is opt-in at runtime as it is a behavior change.
+        See webkit_web_context_set_sandbox_enabled() and the
+        WEBKIT_FORCE_SANDBOX env var for developers.
+
+        This is Linux specific using Namespaces, Seccomp, and a DBus proxy service.
+        This introduces three new dependencies:
+
+        - bwrap executable
+        - libseccomp library
+        - xdg-dbus-proxy executable
+
+        The use of xdg-dbus-proxy will ideally be replaced once upstream DBus
+        gains the same filtering abilities which is a work in progress.
+
+        Currently the sandbox is not completed and there are a few large holes:
+
+        - Pulseaudio: The Pipewire project will solve this.
+        - DRI device access: No immediate solutions planned.
+        - Webcam device access: Pipewire will also solve this.
+        - Webprocess network access: Will require GStreamer changes.
+        - DConf access: Custom proxy planned.
+        - X11 access: Wayland solves this.
+
+        That is not an exhaustive list but are the noteworthy ones. Filesystem access
+        is still an evolving list as problems are found as is specific DBus name access.
+
+        * PlatformGTK.cmake:
+        * PlatformWPE.cmake:
+        * SourcesGTK.txt:
+        * SourcesWPE.txt:
+        * UIProcess/API/glib/WebKitWebContext.cpp:
+        (webkit_web_context_set_sandbox_enabled):
+        (webkit_web_context_get_sandbox_enabled):
+        * UIProcess/API/gtk/WebKitWebContext.h:
+        * UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt:
+        * UIProcess/API/wpe/WebKitWebContext.h:
+        * UIProcess/ChildProcessProxy.cpp:
+        (WebKit::ChildProcessProxy::getLaunchOptions):
+        * UIProcess/ChildProcessProxy.h:
+        (WebKit::ChildProcessProxy::platformGetLaunchOptions):
+        * UIProcess/Launcher/ProcessLauncher.h:
+        * UIProcess/Launcher/glib/BubblewrapLauncher.cpp: Added.
+        (WebKit::memfd_create):
+        (WebKit::argsToFd):
+        (WebKit::XDGDBusProxyLauncher::setAddress):
+        (WebKit::XDGDBusProxyLauncher::isRunning const):
+        (WebKit::XDGDBusProxyLauncher::path const):
+        (WebKit::XDGDBusProxyLauncher::proxyPath const):
+        (WebKit::XDGDBusProxyLauncher::setPermissions):
+        (WebKit::XDGDBusProxyLauncher::launch):
+        (WebKit::XDGDBusProxyLauncher::childSetupFunc):
+        (WebKit::XDGDBusProxyLauncher::makeProxyPath):
+        (WebKit::XDGDBusProxyLauncher::dbusAddressToPath):
+        (WebKit::bindIfExists):
+        (WebKit::bindDBusSession):
+        (WebKit::bindX11):
+        (WebKit::bindDconf):
+        (WebKit::bindWayland):
+        (WebKit::bindPulse):
+        (WebKit::bindFonts):
+        (WebKit::bindGtkData):
+        (WebKit::bindA11y):
+        (WebKit::bindPathVar):
+        (WebKit::bindGStreamerData):
+        (WebKit::bindOpenGL):
+        (WebKit::bindV4l):
+        (WebKit::bindSymlinksRealPath):
+        (WebKit::setupSeccomp):
+        (WebKit::bubblewrapSpawn):
+        * UIProcess/Launcher/glib/BubblewrapLauncher.h: Added.
+        * UIProcess/Launcher/glib/FlatpakLauncher.cpp: Added.
+        (WebKit::flatpakSpawn):
+        * UIProcess/Launcher/glib/FlatpakLauncher.h: Added.
+        * UIProcess/Launcher/glib/ProcessLauncherGLib.cpp:
+        (WebKit::isInsideFlatpak):
+        (WebKit::ProcessLauncher::launchProcess):
+        * UIProcess/Plugins/PluginProcessProxy.cpp:
+        (WebKit::PluginProcessProxy::getLaunchOptions):
+        * UIProcess/Plugins/PluginProcessProxy.h:
+        * UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
+        (WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):
+        * UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp:
+        (WebKit::PluginProcessProxy::platformGetLaunchOptionsWithAttributes):
+        * UIProcess/WebProcessPool.h:
+        * UIProcess/WebProcessProxy.cpp:
+        (WebKit::WebProcessProxy::platformGetLaunchOptions):
+        * UIProcess/WebProcessProxy.h:
+        * UIProcess/glib/WebProcessProxyGLib.cpp: Added.
+        (WebKit::WebProcessProxy::platformGetLaunchOptions):
+
</ins><span class="cx"> 2018-10-15  Alex Christensen  <achristensen@webkit.org>
</span><span class="cx"> 
</span><span class="cx">         Add a temporarily off by default preference for doing safe browsing checks
</span></span></pre></div>
<a id="trunkSourceWebKitPlatformGTKcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/PlatformGTK.cmake (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/PlatformGTK.cmake    2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/PlatformGTK.cmake       2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -19,6 +19,7 @@
</span><span class="cx"> 
</span><span class="cx"> add_definitions(-DPKGLIBEXECDIR="${LIBEXEC_INSTALL_DIR}")
</span><span class="cx"> add_definitions(-DLOCALEDIR="${CMAKE_INSTALL_FULL_LOCALEDIR}")
</span><ins>+add_definitions(-DDATADIR="${CMAKE_INSTALL_FULL_DATADIR}")
</ins><span class="cx"> add_definitions(-DLIBDIR="${LIB_INSTALL_DIR}")
</span><span class="cx"> 
</span><span class="cx"> if (NOT DEVELOPER_MODE AND NOT CMAKE_SYSTEM_NAME MATCHES "Darwin")
</span><span class="lines">@@ -624,6 +625,8 @@
</span><span class="cx"> 
</span><span class="cx">         UIProcess/Launcher/ProcessLauncher.cpp
</span><span class="cx"> 
</span><ins>+        UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+        UIProcess/Launcher/glib/FlatpakLauncher.cpp
</ins><span class="cx">         UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
</span><span class="cx"> 
</span><span class="cx">         UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp
</span></span></pre></div>
<a id="trunkSourceWebKitPlatformWPEcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/PlatformWPE.cmake (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/PlatformWPE.cmake    2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/PlatformWPE.cmake       2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -16,6 +16,7 @@
</span><span class="cx"> 
</span><span class="cx"> add_definitions(-DPKGLIBDIR="${LIB_INSTALL_DIR}/wpe-webkit-${WPE_API_VERSION}")
</span><span class="cx"> add_definitions(-DPKGLIBEXECDIR="${LIBEXEC_INSTALL_DIR}")
</span><ins>+add_definitions(-DDATADIR="${CMAKE_INSTALL_FULL_DATADIR}")
</ins><span class="cx"> add_definitions(-DLOCALEDIR="${CMAKE_INSTALL_FULL_LOCALEDIR}")
</span><span class="cx"> 
</span><span class="cx"> if (NOT DEVELOPER_MODE AND NOT CMAKE_SYSTEM_NAME MATCHES "Darwin")
</span></span></pre></div>
<a id="trunkSourceWebKitSourcesGTKtxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/SourcesGTK.txt (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/SourcesGTK.txt       2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/SourcesGTK.txt  2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -203,6 +203,8 @@
</span><span class="cx"> UIProcess/Automation/gtk/WebAutomationSessionGtk.cpp
</span><span class="cx"> 
</span><span class="cx"> UIProcess/Launcher/glib/ProcessLauncherGLib.cpp @no-unify
</span><ins>+UIProcess/Launcher/glib/BubblewrapLauncher.cpp @no-unify
+UIProcess/Launcher/glib/FlatpakLauncher.cpp @no-unify
</ins><span class="cx"> 
</span><span class="cx"> UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
</span><span class="cx"> 
</span><span class="lines">@@ -220,6 +222,7 @@
</span><span class="cx"> UIProcess/cairo/BackingStoreCairo.cpp @no-unify
</span><span class="cx"> 
</span><span class="cx"> UIProcess/glib/RemoteInspectorClient.cpp
</span><ins>+UIProcess/glib/WebProcessProxyGLib.cpp
</ins><span class="cx"> 
</span><span class="cx"> UIProcess/gstreamer/InstallMissingMediaPluginsPermissionRequest.cpp
</span><span class="cx"> UIProcess/gstreamer/WebPageProxyGStreamer.cpp
</span></span></pre></div>
<a id="trunkSourceWebKitSourcesWPEtxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/SourcesWPE.txt (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/SourcesWPE.txt       2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/SourcesWPE.txt  2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -177,7 +177,11 @@
</span><span class="cx"> 
</span><span class="cx"> UIProcess/Automation/wpe/WebAutomationSessionWPE.cpp
</span><span class="cx"> 
</span><ins>+UIProcess/glib/WebProcessProxyGLib.cpp
+
</ins><span class="cx"> UIProcess/Launcher/glib/ProcessLauncherGLib.cpp
</span><ins>+UIProcess/Launcher/glib/BubblewrapLauncher.cpp
+UIProcess/Launcher/glib/FlatpakLauncher.cpp
</ins><span class="cx"> 
</span><span class="cx"> UIProcess/Network/CustomProtocols/LegacyCustomProtocolManagerProxy.cpp
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessAPIglibWebKitWebContextcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp      2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/API/glib/WebKitWebContext.cpp 2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -1148,6 +1148,51 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> /**
</span><ins>+ * webkit_web_context_set_sandbox_enabled:
+ * @context: a #WebKitWebContext
+ * @enabled: if %TRUE enable sandboxing
+ *
+ * Set whether WebKit subprocesses will be sandboxed, limiting access to the system.
+ *
+ * This method **must be called before any web process has been created**,
+ * as early as possible in your application. Calling it later is a fatal error.
+ *
+ * This is only implemented on Linux and is a no-op otherwise.
+ *
+ * If you read from `$XDG_CONFIG_HOME/g_get_prgname()` or `$XDG_CACHE_HOME/g_get_prgname()`
+ * in your WebProcess you must ensure it exists before subprocesses are created.
+ * This behavior may change in the future.
+ *
+ * Since: 2.24
+ */
+void webkit_web_context_set_sandbox_enabled(WebKitWebContext* context, gboolean enabled)
+{
+    g_return_if_fail(WEBKIT_IS_WEB_CONTEXT(context));
+
+    if (context->priv->processPool->processes().size())
+        g_error("Sandboxing cannot be changed after subprocesses were spawned.");
+
+    context->priv->processPool->setSandboxEnabled(enabled);
+}
+
+/**
+ * webkit_web_context_get_sandbox_enabled:
+ * @context: a #WebKitWebContext
+ *
+ * Get whether sandboxing is currently enabled.
+ *
+ * Returns: %TRUE if sandboxing is enabled, or %FALSE otherwise.
+ *
+ * Since: 2.24
+ */
+gboolean webkit_web_context_get_sandbox_enabled(WebKitWebContext* context)
+{
+    g_return_val_if_fail(WEBKIT_IS_WEB_CONTEXT(context), FALSE);
+
+    return context->priv->processPool->sandboxEnabled();
+}
+
+/**
</ins><span class="cx">  * webkit_web_context_get_spell_checking_enabled:
</span><span class="cx">  * @context: a #WebKitWebContext
</span><span class="cx">  *
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessAPIgtkWebKitWebContexth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h 2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/API/gtk/WebKitWebContext.h    2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -247,7 +247,14 @@
</span><span class="cx">                                                      gpointer                       user_data,
</span><span class="cx">                                                      GDestroyNotify                 user_data_destroy_func);
</span><span class="cx"> 
</span><ins>+WEBKIT_API void
+webkit_web_context_set_sandbox_enabled              (WebKitWebContext              *context,
+                                                     gboolean                       enabled);
+
</ins><span class="cx"> WEBKIT_API gboolean
</span><ins>+webkit_web_context_get_sandbox_enabled              (WebKitWebContext              *context);
+
+WEBKIT_API gboolean
</ins><span class="cx"> webkit_web_context_get_spell_checking_enabled       (WebKitWebContext              *context);
</span><span class="cx"> 
</span><span class="cx"> WEBKIT_API void
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessAPIgtkdocswebkit2gtk40sectionstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt   2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/API/gtk/docs/webkit2gtk-4.0-sections.txt      2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -51,6 +51,8 @@
</span><span class="cx"> webkit_web_context_set_additional_plugins_directory
</span><span class="cx"> webkit_web_context_get_plugins
</span><span class="cx"> webkit_web_context_get_plugins_finish
</span><ins>+webkit_web_context_get_sandbox_enabled
+webkit_web_context_set_sandbox_enabled
</ins><span class="cx"> webkit_web_context_get_spell_checking_enabled
</span><span class="cx"> webkit_web_context_set_spell_checking_enabled
</span><span class="cx"> webkit_web_context_get_spell_checking_languages
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessAPIwpeWebKitWebContexth"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h 2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/API/wpe/WebKitWebContext.h    2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -297,6 +297,13 @@
</span><span class="cx"> webkit_web_context_get_process_model                (WebKitWebContext              *context);
</span><span class="cx"> 
</span><span class="cx"> WEBKIT_API void
</span><ins>+webkit_web_context_set_sandbox_enabled              (WebKitWebContext              *context,
+                                                     gboolean                       enabled);
+
+WEBKIT_API gboolean
+webkit_web_context_get_sandbox_enabled              (WebKitWebContext              *context);
+
+WEBKIT_API void
</ins><span class="cx"> webkit_web_context_initialize_notification_permissions
</span><span class="cx">                                                     (WebKitWebContext              *context,
</span><span class="cx">                                                      GList                         *allowed_origins,
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessChildProcessProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/ChildProcessProxy.cpp (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/ChildProcessProxy.cpp      2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/ChildProcessProxy.cpp 2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -80,6 +80,8 @@
</span><span class="cx">     if (processCmdPrefix && *processCmdPrefix)
</span><span class="cx">         launchOptions.processCmdPrefix = String::fromUTF8(processCmdPrefix);
</span><span class="cx"> #endif // ENABLE(DEVELOPER_MODE) && (PLATFORM(GTK) || PLATFORM(WPE))
</span><ins>+
+    platformGetLaunchOptions(launchOptions);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void ChildProcessProxy::connect()
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessChildProcessProxyh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/ChildProcessProxy.h (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/ChildProcessProxy.h        2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/ChildProcessProxy.h   2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -93,6 +93,7 @@
</span><span class="cx">     bool dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder>&);
</span><span class="cx">     
</span><span class="cx">     virtual void getLaunchOptions(ProcessLauncher::LaunchOptions&);
</span><ins>+    virtual void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&) { };
</ins><span class="cx"> 
</span><span class="cx"> private:
</span><span class="cx">     virtual void connectionWillOpen(IPC::Connection&);
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessLauncherglibProcessLauncherGLibcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp      2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/Launcher/glib/ProcessLauncherGLib.cpp 2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -27,7 +27,9 @@
</span><span class="cx"> #include "config.h"
</span><span class="cx"> #include "ProcessLauncher.h"
</span><span class="cx"> 
</span><ins>+#include "BubblewrapLauncher.h"
</ins><span class="cx"> #include "Connection.h"
</span><ins>+#include "FlatpakLauncher.h"
</ins><span class="cx"> #include "ProcessExecutablePath.h"
</span><span class="cx"> #include <WebCore/FileSystem.h>
</span><span class="cx"> #include <errno.h>
</span><span class="lines">@@ -53,10 +55,27 @@
</span><span class="cx">     close(socket);
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+#if OS(LINUX)
+static bool isInsideFlatpak()
+{
+    static int ret = -1;
+    if (ret != -1)
+        return ret;
+
+    GUniquePtr<GKeyFile> infoFile(g_key_file_new());
+    if (!g_key_file_load_from_file(infoFile.get(), "/.flatpak-info", G_KEY_FILE_NONE, nullptr)) {
+        ret = false;
+        return ret;
+    }
+
+    // If we are in a `flatpak build` session we cannot launch ourselves since we aren't installed.
+    ret = !g_key_file_get_boolean(infoFile.get(), "Instance", "build", nullptr);
+    return ret;
+}
+#endif
+
</ins><span class="cx"> void ProcessLauncher::launchProcess()
</span><span class="cx"> {
</span><del>-    GPid pid = 0;
-
</del><span class="cx">     IPC::Connection::SocketPair socketPair = IPC::Connection::createPlatformConnection(IPC::Connection::ConnectionOptions::SetCloexecOnServer);
</span><span class="cx"> 
</span><span class="cx">     String executablePath;
</span><span class="lines">@@ -140,17 +159,40 @@
</span><span class="cx"> #endif
</span><span class="cx">     argv[i++] = nullptr;
</span><span class="cx"> 
</span><ins>+    GRefPtr<GSubprocessLauncher> launcher = adoptGRef(g_subprocess_launcher_new(G_SUBPROCESS_FLAGS_INHERIT_FDS));
+    g_subprocess_launcher_set_child_setup(launcher.get(), childSetupFunction, GINT_TO_POINTER(socketPair.server), nullptr);
+    g_subprocess_launcher_take_fd(launcher.get(), socketPair.client, socketPair.client);
+
</ins><span class="cx">     GUniqueOutPtr<GError> error;
</span><del>-    if (!g_spawn_async(nullptr, argv, nullptr, G_SPAWN_LEAVE_DESCRIPTORS_OPEN, childSetupFunction, GINT_TO_POINTER(socketPair.server), &pid, &error.outPtr()))
</del><ins>+    GRefPtr<GSubprocess> process;
+#if OS(LINUX)
+    const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX");
+    bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true";
+
+    if (sandboxEnv)
+        sandboxEnabled = !strcmp(sandboxEnv, "1");
+
+    if (sandboxEnabled && isInsideFlatpak())
+        process = flatpakSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
+#if ENABLE(BUBBLEWRAP_SANDBOX)
+    else if (sandboxEnabled)
+        process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
+#endif
+    else
+#endif
+        process = adoptGRef(g_subprocess_launcher_spawnv(launcher.get(), argv, &error.outPtr()));
+
+    if (!process.get())
</ins><span class="cx">         g_error("Unable to fork a new child process: %s", error->message);
</span><span class="cx"> 
</span><ins>+    const char* processIdStr = g_subprocess_get_identifier(process.get());
+    m_processIdentifier = g_ascii_strtoll(processIdStr, nullptr, 0);
+    RELEASE_ASSERT(m_processIdentifier);
+
</ins><span class="cx">     // Don't expose the parent socket to potential future children.
</span><span class="cx">     if (!setCloseOnExec(socketPair.client))
</span><span class="cx">         RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> 
</span><del>-    close(socketPair.client);
-    m_processIdentifier = pid;
-
</del><span class="cx">     // We've finished launching the process, message back to the main run loop.
</span><span class="cx">     RunLoop::main().dispatch([protectedThis = makeRef(*this), this, serverSocket = socketPair.server] {
</span><span class="cx">         didFinishLaunchingProcess(m_processIdentifier, serverSocket);
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessPluginsPluginProcessProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.cpp (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.cpp     2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.cpp        2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -87,7 +87,7 @@
</span><span class="cx"> 
</span><span class="cx"> void PluginProcessProxy::getLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions)
</span><span class="cx"> {
</span><del>-    platformGetLaunchOptions(launchOptions, m_pluginProcessAttributes);
</del><ins>+    platformGetLaunchOptionsWithAttributes(launchOptions, m_pluginProcessAttributes);
</ins><span class="cx">     ChildProcessProxy::getLaunchOptions(launchOptions);
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessPluginsPluginProcessProxyh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h       2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h  2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -96,7 +96,7 @@
</span><span class="cx">     PluginProcessProxy(PluginProcessManager*, const PluginProcessAttributes&, uint64_t pluginProcessToken);
</span><span class="cx"> 
</span><span class="cx">     void getLaunchOptions(ProcessLauncher::LaunchOptions&) override;
</span><del>-    void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&, const PluginProcessAttributes&);
</del><ins>+    void platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions&, const PluginProcessAttributes&);
</ins><span class="cx">     void processWillShutDown(IPC::Connection&) override;
</span><span class="cx"> 
</span><span class="cx">     void pluginProcessCrashedOrFailedToLaunch();
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessPluginsmacPluginProcessProxyMacmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm       2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm  2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -60,7 +60,7 @@
</span><span class="cx"> using namespace WebCore;
</span><span class="cx"> 
</span><span class="cx">     
</span><del>-void PluginProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
</del><ins>+void PluginProcessProxy::platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
</ins><span class="cx"> {
</span><span class="cx">     if (pluginProcessAttributes.moduleInfo.pluginArchitecture == CPU_TYPE_X86)
</span><span class="cx">         launchOptions.processType = ProcessLauncher::ProcessType::Plugin32;
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessPluginsunixPluginProcessProxyUnixcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp    2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/Plugins/unix/PluginProcessProxyUnix.cpp       2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -50,7 +50,7 @@
</span><span class="cx"> namespace WebKit {
</span><span class="cx"> using namespace WebCore;
</span><span class="cx"> 
</span><del>-void PluginProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
</del><ins>+void PluginProcessProxy::platformGetLaunchOptionsWithAttributes(ProcessLauncher::LaunchOptions& launchOptions, const PluginProcessAttributes& pluginProcessAttributes)
</ins><span class="cx"> {
</span><span class="cx">     launchOptions.processType = ProcessLauncher::ProcessType::Plugin64;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessWebProcessPoolh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.h (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/WebProcessPool.h   2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.h      2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -455,6 +455,11 @@
</span><span class="cx"> 
</span><span class="cx">     void sendDisplayConfigurationChangedMessageForTesting();
</span><span class="cx"> 
</span><ins>+#if PLATFORM(GTK) || PLATFORM(WPE)
+    void setSandboxEnabled(bool enabled) { m_sandboxEnabled = enabled; };
+    bool sandboxEnabled() const { return m_sandboxEnabled; };
+#endif
+
</ins><span class="cx"> private:
</span><span class="cx">     void platformInitialize();
</span><span class="cx"> 
</span><span class="lines">@@ -702,6 +707,10 @@
</span><span class="cx">     HashMap<String, RefPtr<WebProcessProxy>> m_swappedProcessesPerRegistrableDomain;
</span><span class="cx"> 
</span><span class="cx">     HashMap<String, std::unique_ptr<WebCore::PrewarmInformation>> m_prewarmInformationPerRegistrableDomain;
</span><ins>+
+#if PLATFORM(GTK) || PLATFORM(WPE)
+    bool m_sandboxEnabled { false };
+#endif
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> template<typename T>
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessWebProcessProxycpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp        2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp   2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -206,6 +206,12 @@
</span><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+#if !PLATFORM(GTK) && !PLATFORM(WPE)
+void WebProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions& launchOptions)
+{
+}
+#endif
+
</ins><span class="cx"> void WebProcessProxy::connectionWillOpen(IPC::Connection& connection)
</span><span class="cx"> {
</span><span class="cx">     ASSERT(this->connection() == &connection);
</span></span></pre></div>
<a id="trunkSourceWebKitUIProcessWebProcessProxyh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.h (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit/UIProcess/WebProcessProxy.h  2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.h     2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -239,6 +239,7 @@
</span><span class="cx"> 
</span><span class="cx">     // ChildProcessProxy
</span><span class="cx">     void getLaunchOptions(ProcessLauncher::LaunchOptions&) override;
</span><ins>+    void platformGetLaunchOptions(ProcessLauncher::LaunchOptions&) override;
</ins><span class="cx">     void connectionWillOpen(IPC::Connection&) override;
</span><span class="cx">     void processWillShutDown(IPC::Connection&) override;
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkSourcecmakeOptionsGTKcmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/cmake/OptionsGTK.cmake (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/cmake/OptionsGTK.cmake      2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/cmake/OptionsGTK.cmake 2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -118,6 +118,12 @@
</span><span class="cx">     WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_RESOURCE_USAGE PRIVATE OFF)
</span><span class="cx"> endif ()
</span><span class="cx"> 
</span><ins>+if (CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT EXISTS "/.flatpak-info")
+    WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PUBLIC ON)
+else ()
+    WEBKIT_OPTION_DEFAULT_PORT_VALUE(ENABLE_BUBBLEWRAP_SANDBOX PRIVATE OFF)
+endif ()
+
</ins><span class="cx"> # Public options shared with other WebKit ports. Do not add any options here
</span><span class="cx"> # without approval from a GTK+ reviewer. There must be strong reason to support
</span><span class="cx"> # changing the value of the option.
</span><span class="lines">@@ -201,6 +207,38 @@
</span><span class="cx">     endif ()
</span><span class="cx"> endif ()
</span><span class="cx"> 
</span><ins>+if (ENABLE_BUBBLEWRAP_SANDBOX)
+    find_program(BWRAP_EXECUTABLE bwrap)
+    if (NOT BWRAP_EXECUTABLE)
+        message(FATAL_ERROR "bwrap executable is needed for ENABLE_BUBBLEWRAP_SANDBOX")
+    endif ()
+    add_definitions(-DBWRAP_EXECUTABLE="${BWRAP_EXECUTABLE}")
+
+    execute_process(
+        COMMAND "${BWRAP_EXECUTABLE}" --version
+        RESULT_VARIABLE BWRAP_RET
+        OUTPUT_VARIABLE BWRAP_OUTPUT
+    )
+    if (BWRAP_RET)
+        message(FATAL_ERROR "Failed to run ${BWRAP_EXECUTABLE}")
+    endif ()
+    string(REGEX MATCH "([0-9]+.[0-9]+.[0-9]+)" BWRAP_VERSION "${BWRAP_OUTPUT}")
+    if (NOT "${BWRAP_VERSION}" VERSION_GREATER_EQUAL "0.3.1")
+        message(FATAL_ERROR "bwrap must be >= 0.3.1 but ${BWRAP_VERSION} found")
+    endif ()
+
+    find_package(Libseccomp)
+    if (NOT LIBSECCOMP_FOUND)
+        message(FATAL_ERROR "libseccomp is needed for ENABLE_BUBBLEWRAP_SANDBOX")
+    endif ()
+
+    find_program(DBUS_PROXY_EXECUTABLE xdg-dbus-proxy)
+    if (NOT DBUS_PROXY_EXECUTABLE)
+        message(FATAL_ERROR "xdg-dbus-proxy not found and is needed for ENABLE_BUBBLEWRAP_SANDBOX")
+    endif ()
+    add_definitions(-DDBUS_PROXY_EXECUTABLE="${DBUS_PROXY_EXECUTABLE}")
+endif ()
+
</ins><span class="cx"> if (USE_LIBSECRET)
</span><span class="cx">     find_package(Libsecret)
</span><span class="cx">     if (NOT LIBSECRET_FOUND)
</span></span></pre></div>
<a id="trunkSourcecmakeWebKitFeaturescmake"></a>
<div class="modfile"><h4>Modified: trunk/Source/cmake/WebKitFeatures.cmake (237106 => 237107)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/cmake/WebKitFeatures.cmake  2018-10-15 14:56:03 UTC (rev 237106)
+++ trunk/Source/cmake/WebKitFeatures.cmake     2018-10-15 15:02:59 UTC (rev 237107)
</span><span class="lines">@@ -88,6 +88,7 @@
</span><span class="cx">     WEBKIT_OPTION_DEFINE(ENABLE_ASYNC_SCROLLING "Enable asynchronouse scrolling" PRIVATE OFF)
</span><span class="cx">     WEBKIT_OPTION_DEFINE(ENABLE_ATTACHMENT_ELEMENT "Toggle attachment element support" PRIVATE OFF)
</span><span class="cx">     WEBKIT_OPTION_DEFINE(ENABLE_AVF_CAPTIONS "Toggle AVFoundation caption support" PRIVATE OFF)
</span><ins>+    WEBKIT_OPTION_DEFINE(ENABLE_BUBBLEWRAP_SANDBOX "Toggle bubblewrap sandboxing support" PRIVATE OFF)
</ins><span class="cx">     WEBKIT_OPTION_DEFINE(ENABLE_CACHE_PARTITIONING "Toggle cache partitioning support" PRIVATE OFF)
</span><span class="cx">     WEBKIT_OPTION_DEFINE(ENABLE_CHANNEL_MESSAGING "Toggle MessageChannel and MessagePort support" PRIVATE ON)
</span><span class="cx">     WEBKIT_OPTION_DEFINE(ENABLE_CONTENT_FILTERING "Toggle content filtering support" PRIVATE OFF)
</span></span></pre>
</div>
</div>

</body>
</html>