[Webkit-unassigned] [Bug 193571] [GTK][WPE] Add API to add paths to sandbox

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 24 07:31:28 PST 2019


--- Comment #28 from youenn fablet <youennf at gmail.com> ---
Comment on attachment 360011
  --> https://bugs.webkit.org/attachment.cgi?id=360011

View in context: https://bugs.webkit.org/attachment.cgi?id=360011&action=review

> Source/WebKit/ChangeLog:4
> +        https://bugs.webkit.org/show_bug.cgi?id=193571

Can you describe the use cases for this API?
Which folders are to be sandboxed?

> Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp:763
> +            sandboxArgs.appendVector(Vector<CString>({

Do you need "({" or just one of these.

> Source/WebKit/UIProcess/WebProcessPool.h:474
> +    void appendSandboxPath(const CString& path, SandboxPermission permission) { m_extraSandboxPaths.set(path, permission); };

One usually append to a vector, not a map.
I would rename it to addSandboxPath and use 'add' instead of 'set' which is slightly cheaper.

> Source/WebKit/UIProcess/WebProcessPool.h:475
> +    const HashMap<CString, SandboxPermission>& sandboxPaths() { return m_extraSandboxPaths; };

Should be a const method.

> Source/WebKit/UIProcess/glib/WebProcessProxyGLib.cpp:47
> +    launchOptions.extraSandboxPaths = m_processPool->sandboxPaths();

The extra sandbox paths seem specific to web processes.
Should the name be made explicit with that regards?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190124/5bfc5bdf/attachment.html>

More information about the webkit-unassigned mailing list