[webkit-reviews] review granted: [Bug 190619] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox : [Attachment 352457] [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 16 09:18:04 PDT 2018
Michael Catanzaro <mcatanzaro at igalia.com> has granted Patrick Griffis
<pgriffis at igalia.com>'s request for review:
Bug 190619: [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox
https://bugs.webkit.org/show_bug.cgi?id=190619
Attachment 352457: [GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox
https://bugs.webkit.org/attachment.cgi?id=352457&action=review
--- Comment #2 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Comment on attachment 352457
--> https://bugs.webkit.org/attachment.cgi?id=352457
[GTK][WPE] Fix xdg-desktop-portal permissions from a sandbox
View in context: https://bugs.webkit.org/attachment.cgi?id=352457&action=review
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:43
> +static int createSealedMemFdWithData(const char *name, gconstpointer data,
size_t size)
const char* name
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:129
> + void setPermissions(Vector<CString>& permissions)
Vector<CString>&&
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:132
> + m_permissions = permissions;
WTFMove(permissions)
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:651
> + g_warning("GApplication is required for portal access");
This warning message should be a bit more detailed, so users understand what is
actually wrong:
"GApplication is required for xdg-desktop-portal access in the WebKit sandbox.
Actions that require xdg-desktop-portal will be broken. To fix this, create a
GApplication."
or something along those lines.
> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:738
> + // xdg-desktop-portal defaults to assuming you are host application with
> + // full permissions unless it can identify you as a snap or flatpak.
> + // The easiest method is for us to pretend to be a flatpak and if that
> + // fails just blocking portals entirely as it just becomes a sandbox
escape.
Is Alex OK with supporting this hackery? It's OK for now, but seems like not a
great long-term solution.
More information about the webkit-reviews
mailing list