void PluginInfoStore::loadPluginsIfNecessary() { if (m_pluginListIsUpToDate) return; PathHashSet uniquePluginPaths; // First, load plug-ins from the additional plug-ins directories specified. for (size_t i = 0; i < m_additionalPluginsDirectories.size(); ++i) addFromVector(uniquePluginPaths, pluginPathsInDirectory(m_additionalPluginsDirectories[i])); // Then load plug-ins from the standard plug-ins directories. Vector<String> directories = pluginsDirectories(); for (size_t i = 0; i < directories.size(); ++i) addFromVector(uniquePluginPaths, pluginPathsInDirectory(directories[i])); // Then load plug-ins that are not in the standard plug-ins directories. addFromVector(uniquePluginPaths, individualPluginPaths()); m_plugins.clear(); PathHashSet::const_iterator end = uniquePluginPaths.end(); for (PathHashSet::const_iterator it = uniquePluginPaths.begin(); it != end; ++it) loadPlugin(m_plugins, *it); m_pluginListIsUpToDate = true; if (m_client) m_client->pluginInfoStoreDidLoadPlugins(this); }
void PluginInfoStore::loadPluginsIfNecessary() { if (m_pluginListIsUpToDate) return; PathHashSet uniquePluginPaths; // First, load plug-ins from the additional plug-ins directories specified. for (size_t i = 0; i < m_additionalPluginsDirectories.size(); ++i) addFromVector(uniquePluginPaths, pluginPathsInDirectory(m_additionalPluginsDirectories[i])); // Then load plug-ins from the standard plug-ins directories. Vector<String> directories = pluginsDirectories(); for (size_t i = 0; i < directories.size(); ++i) addFromVector(uniquePluginPaths, pluginPathsInDirectory(directories[i])); // Then load plug-ins that are not in the standard plug-ins directories. addFromVector(uniquePluginPaths, individualPluginPaths()); Vector<PluginModuleInfo> plugins; PathHashSet::const_iterator end = uniquePluginPaths.end(); for (PathHashSet::const_iterator it = uniquePluginPaths.begin(); it != end; ++it) loadPlugin(plugins, *it); #if ENABLE(PEPPER_PLUGIN_API) std::vector<PluginModuleInfo> pepperPlugins; content::PepperPluginRegistry::GetInstance()->ComputeList(pepperPlugins); std::vector<PluginModuleInfo>::iterator endPlugins = pepperPlugins.end(); for (std::vector<PluginModuleInfo>::iterator it = pepperPlugins.begin(); it != endPlugins; ++it) plugins.append(*it); #endif m_plugins = deepIsolatedCopyPluginInfoVector(plugins); m_pluginListIsUpToDate = true; }
void SyscallPolicy::addDefaultWebProcessPolicy(const WebProcessCreationParameters& parameters) { // Directories settings coming from the UIProcess. if (!parameters.applicationCacheDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.applicationCacheDirectory), ReadAndWrite); if (!parameters.webSQLDatabaseDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.webSQLDatabaseDirectory), ReadAndWrite); if (!parameters.diskCacheDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.diskCacheDirectory), ReadAndWrite); if (!parameters.cookieStorageDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.cookieStorageDirectory), ReadAndWrite); #if USE(SOUP) if (!parameters.cookiePersistentStoragePath.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.cookiePersistentStoragePath), ReadAndWrite); #endif // The root policy will block access to any directory or // file unless white listed bellow or by platform. addDirectoryPermission(ASCIILiteral("/"), NotAllowed); // Shared libraries, plugins and fonts. addDirectoryPermission(ASCIILiteral("/lib"), Read); addDirectoryPermission(ASCIILiteral("/lib32"), Read); addDirectoryPermission(ASCIILiteral("/lib64"), Read); addDirectoryPermission(ASCIILiteral("/usr/lib"), Read); addDirectoryPermission(ASCIILiteral("/usr/lib32"), Read); addDirectoryPermission(ASCIILiteral("/usr/lib64"), Read); addDirectoryPermission(ASCIILiteral("/usr/share"), Read); // Support for alternative install prefixes, e.g. /usr/local. addDirectoryPermission(ASCIILiteral(DATADIR), Read); addDirectoryPermission(ASCIILiteral(LIBDIR), Read); // Plugin search path for (String& path : pluginsDirectories()) addDirectoryPermission(path, Read); // SSL Certificates. addDirectoryPermission(ASCIILiteral("/etc/ssl/certs"), Read); // Fontconfig cache. addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read); addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read); // Audio devices, random number generators, etc. addDirectoryPermission(ASCIILiteral("/dev"), ReadAndWrite); // Temporary files and process self information. addDirectoryPermission(ASCIILiteral("/tmp"), ReadAndWrite); addDirectoryPermission(ASCIILiteral("/proc/") + String::number(getpid()), ReadAndWrite); // In some distros /dev/shm is a symbolic link to /run/shm, and in // this case, the canonical path resolver will follow the link. If // inside /dev, the policy is already set. addDirectoryPermission(ASCIILiteral("/run/shm"), ReadAndWrite); // Needed by glibc for networking and locale. addFilePermission(ASCIILiteral("/etc/gai.conf"), Read); addFilePermission(ASCIILiteral("/etc/host.conf"), Read); addFilePermission(ASCIILiteral("/etc/hosts"), Read); addFilePermission(ASCIILiteral("/etc/localtime"), Read); addFilePermission(ASCIILiteral("/etc/nsswitch.conf"), Read); // Needed for DNS resoltion. In some distros, the resolv.conf inside // /etc is just a symbolic link. addFilePermission(ASCIILiteral("/etc/resolv.conf"), Read); addFilePermission(ASCIILiteral("/run/resolvconf/resolv.conf"), Read); // Needed to convert uid and gid into names. addFilePermission(ASCIILiteral("/etc/group"), Read); addFilePermission(ASCIILiteral("/etc/passwd"), Read); // Needed by the loader. addFilePermission(ASCIILiteral("/etc/ld.so.cache"), Read); // Needed by various, including toolkits, for optimizations based // on the current amount of free system memory. addFilePermission(ASCIILiteral("/proc/cpuinfo"), Read); addFilePermission(ASCIILiteral("/proc/filesystems"), Read); addFilePermission(ASCIILiteral("/proc/meminfo"), Read); addFilePermission(ASCIILiteral("/proc/stat"), Read); // Needed by D-Bus. addFilePermission(ASCIILiteral("/var/lib/dbus/machine-id"), Read); // Needed by at-spi2. // FIXME This is too permissive: https://bugs.webkit.org/show_bug.cgi?id=143004 addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite); // Needed by WebKit's memory pressure handler addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/memory.pressure_level"), Read); addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/cgroup.event_control"), Read); char* homeDir = getenv("HOME"); if (homeDir) { // X11 connection token. addFilePermission(String::fromUTF8(homeDir) + "/.Xauthority", Read); } // MIME type resolution. char* dataHomeDir = getenv("XDG_DATA_HOME"); if (dataHomeDir) addDirectoryPermission(String::fromUTF8(dataHomeDir) + "/mime", Read); else if (homeDir) addDirectoryPermission(String::fromUTF8(homeDir) + "/.local/share/mime", Read); #if ENABLE(WEBGL) || ENABLE(ACCELERATED_2D_CANVAS) // Needed on most non-Debian distros by libxshmfence <= 1.1, or newer // libxshmfence with older kernels (linux <= 3.16), for DRI3 shared memory. // FIXME Try removing this permission when we can rely on a newer libxshmfence. // See http://code.google.com/p/chromium/issues/detail?id=415681 addDirectoryPermission(ASCIILiteral("/var/tmp"), ReadAndWrite); // Optional Mesa DRI configuration file addFilePermission(ASCIILiteral("/etc/drirc"), Read); if (homeDir) addFilePermission(String::fromUTF8(homeDir) + "/.drirc", Read); // Mesa uses udev. addDirectoryPermission(ASCIILiteral("/etc/udev"), Read); addDirectoryPermission(ASCIILiteral("/run/udev"), Read); addDirectoryPermission(ASCIILiteral("/sys/bus"), Read); addDirectoryPermission(ASCIILiteral("/sys/class"), Read); addDirectoryPermission(ASCIILiteral("/sys/devices"), Read); #endif // Needed by NVIDIA proprietary graphics driver if (homeDir) addDirectoryPermission(String::fromUTF8(homeDir) + "/.nv", ReadAndWrite); #if ENABLE(DEVELOPER_MODE) && defined(SOURCE_DIR) // Developers using build-webkit expect some libraries to be loaded // from the build root directory and they also need access to layout test // files. char* sourceDir = canonicalize_file_name(SOURCE_DIR); if (sourceDir) { addDirectoryPermission(String::fromUTF8(sourceDir), SyscallPolicy::ReadAndWrite); free(sourceDir); } #endif }