void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters&& parameters)
{
#if ENABLE(SECCOMP_FILTERS)
{
#if PLATFORM(EFL)
SeccompFiltersWebProcessEfl seccompFilters(parameters);
#elif PLATFORM(GTK)
SeccompFiltersWebProcessGtk seccompFilters(parameters);
#endif
seccompFilters.initialize();
}
#endif
}
void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters&& parameters)
{
#if ENABLE(SECCOMP_FILTERS)
{
#if PLATFORM(EFL)
SeccompFiltersWebProcessEfl seccompFilters(parameters);
#elif PLATFORM(GTK)
SeccompFiltersWebProcessGtk seccompFilters(parameters);
#endif
seccompFilters.initialize();
}
#endif
if (usesNetworkProcess())
return;
ASSERT(!parameters.diskCacheDirectory.isEmpty());
// We used to use the given cache directory for the soup cache, but now we use a subdirectory to avoid
// conflicts with other cache files in the same directory. Remove the old cache files if they still exist.
WebCore::SoupNetworkSession::defaultSession().clearCache(WebCore::directoryName(parameters.diskCacheDirectory));
#if ENABLE(NETWORK_CACHE)
// When network cache is enabled, the disk cache directory is the network process one.
CString diskCachePath = WebCore::pathByAppendingComponent(WebCore::directoryName(parameters.diskCacheDirectory), "webkit").utf8();
#else
CString diskCachePath = parameters.diskCacheDirectory.utf8();
#endif
GRefPtr<SoupCache> soupCache = adoptGRef(soup_cache_new(diskCachePath.data(), SOUP_CACHE_SINGLE_USER));
WebCore::SoupNetworkSession::defaultSession().setCache(soupCache.get());
// Set an initial huge max_size for the SoupCache so the call to soup_cache_load() won't evict any cached
// resource. The final size of the cache will be set by NetworkProcess::platformSetCacheModel().
unsigned initialMaxSize = soup_cache_get_max_size(soupCache.get());
soup_cache_set_max_size(soupCache.get(), G_MAXUINT);
soup_cache_load(soupCache.get());
soup_cache_set_max_size(soupCache.get(), initialMaxSize);
if (!parameters.cookiePersistentStoragePath.isEmpty()) {
supplement<WebCookieManager>()->setCookiePersistentStorage(parameters.cookiePersistentStoragePath,
parameters.cookiePersistentStorageType);
}
supplement<WebCookieManager>()->setHTTPCookieAcceptPolicy(parameters.cookieAcceptPolicy);
if (!parameters.languages.isEmpty())
setSoupSessionAcceptLanguage(parameters.languages);
setIgnoreTLSErrors(parameters.ignoreTLSErrors);
WebCore::addLanguageChangeObserver(this, languageChanged);
}
void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, CoreIPC::MessageDecoder&)
{
#if ENABLE(SECCOMP_FILTERS)
{
#if PLATFORM(EFL)
SeccompFiltersWebProcessEfl seccompFilters(parameters);
#endif
seccompFilters.initialize();
}
#endif
if (!parameters.languages.isEmpty())
setSoupSessionAcceptLanguage(parameters.languages);
for (size_t i = 0; i < parameters.urlSchemesRegistered.size(); i++)
m_soupRequestManager.registerURIScheme(parameters.urlSchemesRegistered[i]);
if (!parameters.cookiePersistentStoragePath.isEmpty()) {
supplement<WebCookieManager>()->setCookiePersistentStorage(parameters.cookiePersistentStoragePath,
parameters.cookiePersistentStorageType);
}
supplement<WebCookieManager>()->setHTTPCookieAcceptPolicy(parameters.cookieAcceptPolicy);
setIgnoreTLSErrors(parameters.ignoreTLSErrors);
WebCore::addLanguageChangeObserver(this, languageChanged);
}
void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, IPC::MessageDecoder&)
{
#if ENABLE(SECCOMP_FILTERS)
{
#if PLATFORM(EFL)
SeccompFiltersWebProcessEfl seccompFilters(parameters);
#endif
seccompFilters.initialize();
}
#endif
if (usesNetworkProcess())
return;
ASSERT(!parameters.diskCacheDirectory.isEmpty());
GRefPtr<SoupCache> soupCache = adoptGRef(soup_cache_new(parameters.diskCacheDirectory.utf8().data(), SOUP_CACHE_SINGLE_USER));
soup_session_add_feature(WebCore::ResourceHandle::defaultSession(), SOUP_SESSION_FEATURE(soupCache.get()));
soup_cache_load(soupCache.get());
if (!parameters.cookiePersistentStoragePath.isEmpty()) {
supplement<WebCookieManager>()->setCookiePersistentStorage(parameters.cookiePersistentStoragePath,
parameters.cookiePersistentStorageType);
}
supplement<WebCookieManager>()->setHTTPCookieAcceptPolicy(parameters.cookieAcceptPolicy);
if (!parameters.languages.isEmpty())
setSoupSessionAcceptLanguage(parameters.languages);
for (size_t i = 0; i < parameters.urlSchemesRegistered.size(); i++)
supplement<WebSoupRequestManager>()->registerURIScheme(parameters.urlSchemesRegistered[i]);
setIgnoreTLSErrors(parameters.ignoreTLSErrors);
WebCore::addLanguageChangeObserver(this, languageChanged);
}
virtual void SetUp()
{
ASSERT_TRUE(!homeDir.isEmpty());
mkdir("/tmp/WebKitSeccompFilters", defaultMode);
mkdir(testDirRead.utf8().data(), defaultMode);
mkdir(testDirWrite.utf8().data(), defaultMode);
mkdir(testDirReadAndWrite.utf8().data(), defaultMode);
mkdir(testDirNotAllowed.utf8().data(), defaultMode);
// Create a file for the Read only and NotAllowed directory before
// loading the filters.
String file = testDirRead + "/testFile";
int fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
ASSERT_NE(close(fd), -1);
file = testDirNotAllowed + "/testFile";
fd = open(file.utf8().data(), O_RDWR | O_CREAT, defaultMode);
ASSERT_NE(close(fd), -1);
// Create files for the file policy tests. File policies precedes the
// directory policy. In this case, we create a file with read and write
// policies inside a directory that is not allowed, and vice versa.
fd = open(testFileNotAllowed.utf8().data(), O_RDWR | O_CREAT, defaultMode);
ASSERT_NE(close(fd), -1);
fd = open(testFileReadAndWrite.utf8().data(), O_RDWR | O_CREAT, defaultMode);
ASSERT_NE(close(fd), -1);
SyscallPolicy policy;
policy.addDirectoryPermission(rootDir, SyscallPolicy::NotAllowed);
policy.addDirectoryPermission(usrDir, SyscallPolicy::Read);
policy.addDirectoryPermission(usrSbinDir, SyscallPolicy::NotAllowed);
policy.addDirectoryPermission(testDirRead, SyscallPolicy::Read);
policy.addDirectoryPermission(testDirWrite, SyscallPolicy::Write);
policy.addDirectoryPermission(testDirReadAndWrite, SyscallPolicy::ReadAndWrite);
policy.addDirectoryPermission(testDirNotAllowed, SyscallPolicy::NotAllowed);
policy.addFilePermission(testFileNotAllowed, SyscallPolicy::NotAllowed);
policy.addFilePermission(testFileReadAndWrite, SyscallPolicy::ReadAndWrite);
SeccompFilters seccompFilters(SeccompFilters::Allow);
seccompFilters.addRule("open", SeccompFilters::Trap);
seccompFilters.addRule("openat", SeccompFilters::Trap);
seccompFilters.addRule("creat", SeccompFilters::Trap);
SeccompBroker::launchProcess(&seccompFilters, policy);
seccompFilters.initialize();
}
void WebProcess::platformInitializeWebProcess(const WebProcessCreationParameters& parameters, CoreIPC::MessageDecoder&)
{
#if ENABLE(SECCOMP_FILTERS)
{
WebKit::SeccompFiltersWebProcessQt seccompFilters(parameters);
seccompFilters.initialize();
}
#endif
m_networkAccessManager = new QtNetworkAccessManager(this);
if (!parameters.cookieStorageDirectory.isEmpty()) {
WebCore::SharedCookieJarQt* jar = WebCore::SharedCookieJarQt::create(parameters.cookieStorageDirectory);
m_networkAccessManager->setCookieJar(jar);
// Do not let QNetworkAccessManager delete the jar.
jar->setParent(0);
}
if (!parameters.diskCacheDirectory.isEmpty()) {
QNetworkDiskCache* diskCache = new QNetworkDiskCache();
diskCache->setCacheDirectory(parameters.diskCacheDirectory);
// The m_networkAccessManager takes ownership of the diskCache object upon the following call.
m_networkAccessManager->setCache(diskCache);
}
#if defined(Q_OS_MACX)
pid_t ppid = getppid();
dispatch_queue_t queue = dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0);
dispatch_source_t source = dispatch_source_create(DISPATCH_SOURCE_TYPE_PROC, ppid, DISPATCH_PROC_EXIT, queue);
if (source) {
dispatch_source_set_event_handler_f(source, parentProcessDiedCallback);
dispatch_resume(source);
}
#endif
WebCore::RuntimeEnabledFeatures::setSpeechInputEnabled(false);
// We'll only install the Qt builtin bundle if we don't have one given by the UI process.
// Currently only WTR provides its own bundle.
if (parameters.injectedBundlePath.isEmpty()) {
m_injectedBundle = InjectedBundle::create(String());
m_injectedBundle->setSandboxExtension(SandboxExtension::create(parameters.injectedBundlePathExtensionHandle));
QtBuiltinBundle::shared().initialize(toAPI(m_injectedBundle.get()));
}
}
