void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters&& parameters) { #if ENABLE(SECCOMP_FILTERS) { #if PLATFORM(EFL) SeccompFiltersWebProcessEfl seccompFilters(parameters); #elif PLATFORM(GTK) SeccompFiltersWebProcessGtk seccompFilters(parameters); #endif seccompFilters.initialize(); } #endif }
void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters&& parameters) { #if ENABLE(SECCOMP_FILTERS) { #if PLATFORM(EFL) SeccompFiltersWebProcessEfl seccompFilters(parameters); #elif PLATFORM(GTK) SeccompFiltersWebProcessGtk seccompFilters(parameters); #endif seccompFilters.initialize(); } #endif if (usesNetworkProcess()) return; ASSERT(!parameters.diskCacheDirectory.isEmpty()); // We used to use the given cache directory for the soup cache, but now we use a subdirectory to avoid // conflicts with other cache files in the same directory. Remove the old cache files if they still exist. WebCore::SoupNetworkSession::defaultSession().clearCache(WebCore::directoryName(parameters.diskCacheDirectory)); #if ENABLE(NETWORK_CACHE) // When network cache is enabled, the disk cache directory is the network process one. CString diskCachePath = WebCore::pathByAppendingComponent(WebCore::directoryName(parameters.diskCacheDirectory), "webkit").utf8(); #else CString diskCachePath = parameters.diskCacheDirectory.utf8(); #endif GRefPtr<SoupCache> soupCache = adoptGRef(soup_cache_new(diskCachePath.data(), SOUP_CACHE_SINGLE_USER)); WebCore::SoupNetworkSession::defaultSession().setCache(soupCache.get()); // Set an initial huge max_size for the SoupCache so the call to soup_cache_load() won't evict any cached // resource. The final size of the cache will be set by NetworkProcess::platformSetCacheModel(). unsigned initialMaxSize = soup_cache_get_max_size(soupCache.get()); soup_cache_set_max_size(soupCache.get(), G_MAXUINT); soup_cache_load(soupCache.get()); soup_cache_set_max_size(soupCache.get(), initialMaxSize); if (!parameters.cookiePersistentStoragePath.isEmpty()) { supplement<WebCookieManager>()->setCookiePersistentStorage(parameters.cookiePersistentStoragePath, parameters.cookiePersistentStorageType); } supplement<WebCookieManager>()->setHTTPCookieAcceptPolicy(parameters.cookieAcceptPolicy); if (!parameters.languages.isEmpty()) setSoupSessionAcceptLanguage(parameters.languages); setIgnoreTLSErrors(parameters.ignoreTLSErrors); WebCore::addLanguageChangeObserver(this, languageChanged); }
void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, CoreIPC::MessageDecoder&) { #if ENABLE(SECCOMP_FILTERS) { #if PLATFORM(EFL) SeccompFiltersWebProcessEfl seccompFilters(parameters); #endif seccompFilters.initialize(); } #endif if (!parameters.languages.isEmpty()) setSoupSessionAcceptLanguage(parameters.languages); for (size_t i = 0; i < parameters.urlSchemesRegistered.size(); i++) m_soupRequestManager.registerURIScheme(parameters.urlSchemesRegistered[i]); if (!parameters.cookiePersistentStoragePath.isEmpty()) { supplement<WebCookieManager>()->setCookiePersistentStorage(parameters.cookiePersistentStoragePath, parameters.cookiePersistentStorageType); } supplement<WebCookieManager>()->setHTTPCookieAcceptPolicy(parameters.cookieAcceptPolicy); setIgnoreTLSErrors(parameters.ignoreTLSErrors); WebCore::addLanguageChangeObserver(this, languageChanged); }
void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, IPC::MessageDecoder&) { #if ENABLE(SECCOMP_FILTERS) { #if PLATFORM(EFL) SeccompFiltersWebProcessEfl seccompFilters(parameters); #endif seccompFilters.initialize(); } #endif if (usesNetworkProcess()) return; ASSERT(!parameters.diskCacheDirectory.isEmpty()); GRefPtr<SoupCache> soupCache = adoptGRef(soup_cache_new(parameters.diskCacheDirectory.utf8().data(), SOUP_CACHE_SINGLE_USER)); soup_session_add_feature(WebCore::ResourceHandle::defaultSession(), SOUP_SESSION_FEATURE(soupCache.get())); soup_cache_load(soupCache.get()); if (!parameters.cookiePersistentStoragePath.isEmpty()) { supplement<WebCookieManager>()->setCookiePersistentStorage(parameters.cookiePersistentStoragePath, parameters.cookiePersistentStorageType); } supplement<WebCookieManager>()->setHTTPCookieAcceptPolicy(parameters.cookieAcceptPolicy); if (!parameters.languages.isEmpty()) setSoupSessionAcceptLanguage(parameters.languages); for (size_t i = 0; i < parameters.urlSchemesRegistered.size(); i++) supplement<WebSoupRequestManager>()->registerURIScheme(parameters.urlSchemesRegistered[i]); setIgnoreTLSErrors(parameters.ignoreTLSErrors); WebCore::addLanguageChangeObserver(this, languageChanged); }
virtual void SetUp() { ASSERT_TRUE(!homeDir.isEmpty()); mkdir("/tmp/WebKitSeccompFilters", defaultMode); mkdir(testDirRead.utf8().data(), defaultMode); mkdir(testDirWrite.utf8().data(), defaultMode); mkdir(testDirReadAndWrite.utf8().data(), defaultMode); mkdir(testDirNotAllowed.utf8().data(), defaultMode); // Create a file for the Read only and NotAllowed directory before // loading the filters. String file = testDirRead + "/testFile"; int fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode); ASSERT_NE(close(fd), -1); file = testDirNotAllowed + "/testFile"; fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode); ASSERT_NE(close(fd), -1); // Create files for the file policy tests. File policies precedes the // directory policy. In this case, we create a file with read and write // policies inside a directory that is not allowed, and vice versa. fd = open(testFileNotAllowed.utf8().data(), O_RDWR | O_CREAT, defaultMode); ASSERT_NE(close(fd), -1); fd = open(testFileReadAndWrite.utf8().data(), O_RDWR | O_CREAT, defaultMode); ASSERT_NE(close(fd), -1); SyscallPolicy policy; policy.addDirectoryPermission(rootDir, SyscallPolicy::NotAllowed); policy.addDirectoryPermission(usrDir, SyscallPolicy::Read); policy.addDirectoryPermission(usrSbinDir, SyscallPolicy::NotAllowed); policy.addDirectoryPermission(testDirRead, SyscallPolicy::Read); policy.addDirectoryPermission(testDirWrite, SyscallPolicy::Write); policy.addDirectoryPermission(testDirReadAndWrite, SyscallPolicy::ReadAndWrite); policy.addDirectoryPermission(testDirNotAllowed, SyscallPolicy::NotAllowed); policy.addFilePermission(testFileNotAllowed, SyscallPolicy::NotAllowed); policy.addFilePermission(testFileReadAndWrite, SyscallPolicy::ReadAndWrite); SeccompFilters seccompFilters(SeccompFilters::Allow); seccompFilters.addRule("open", SeccompFilters::Trap); seccompFilters.addRule("openat", SeccompFilters::Trap); seccompFilters.addRule("creat", SeccompFilters::Trap); SeccompBroker::launchProcess(&seccompFilters, policy); seccompFilters.initialize(); }
void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, CoreIPC::MessageDecoder&) { #if ENABLE(SECCOMP_FILTERS) { WebKit::SeccompFiltersWebProcessQt seccompFilters(parameters); seccompFilters.initialize(); } #endif m_networkAccessManager = new QtNetworkAccessManager(this); if (!parameters.cookieStorageDirectory.isEmpty()) { WebCore::SharedCookieJarQt* jar = WebCore::SharedCookieJarQt::create(parameters.cookieStorageDirectory); m_networkAccessManager->setCookieJar(jar); // Do not let QNetworkAccessManager delete the jar. jar->setParent(0); } if (!parameters.diskCacheDirectory.isEmpty()) { QNetworkDiskCache* diskCache = new QNetworkDiskCache(); diskCache->setCacheDirectory(parameters.diskCacheDirectory); // The m_networkAccessManager takes ownership of the diskCache object upon the following call. m_networkAccessManager->setCache(diskCache); } #if defined(Q_OS_MACX) pid_t ppid = getppid(); dispatch_queue_t queue = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0); dispatch_source_t source = dispatch_source_create(DISPATCH_SOURCE_TYPE_PROC, ppid, DISPATCH_PROC_EXIT, queue); if (source) { dispatch_source_set_event_handler_f(source, parentProcessDiedCallback); dispatch_resume(source); } #endif WebCore::RuntimeEnabledFeatures::setSpeechInputEnabled(false); // We'll only install the Qt builtin bundle if we don't have one given by the UI process. // Currently only WTR provides its own bundle. if (parameters.injectedBundlePath.isEmpty()) { m_injectedBundle = InjectedBundle::create(String()); m_injectedBundle->setSandboxExtension(SandboxExtension::create(parameters.injectedBundlePathExtensionHandle)); QtBuiltinBundle::shared().initialize(toAPI(m_injectedBundle.get())); } }