bool PhDocumentWindow::openDocument(const QString &fileName) { if(fileName != _settings->currentDocument()) resetDocument(); if(_watcher.addPath(fileName)) PHDEBUG << "now watching " << fileName; _settings->setCurrentDocument(fileName); if(!fileName.isEmpty()) _settings->setLastDocumentFolder(QFileInfo(fileName).absolutePath()); this->setWindowTitle(fileName); QStringList recentDocList = _settings->recentDocumentList(); recentDocList.removeAll(fileName); recentDocList.insert(0, fileName); while(recentDocList.size() > _settings->maxRecentDocument()) recentDocList.removeLast(); _settings->setRecentDocumentList(recentDocList); updateRecentDocumentMenu(); addFilePermission(fileName); return true; }
void SyscallPolicy::addDefaultWebProcessPolicy(const WebProcessCreationParameters& parameters) { // Directories settings coming from the UIProcess. if (!parameters.applicationCacheDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.applicationCacheDirectory), ReadAndWrite); if (!parameters.webSQLDatabaseDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.webSQLDatabaseDirectory), ReadAndWrite); if (!parameters.diskCacheDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.diskCacheDirectory), ReadAndWrite); if (!parameters.cookieStorageDirectory.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.cookieStorageDirectory), ReadAndWrite); #if USE(SOUP) if (!parameters.cookiePersistentStoragePath.isEmpty()) addDirectoryPermission(removeTrailingSlash(parameters.cookiePersistentStoragePath), ReadAndWrite); #endif // The root policy will block access to any directory or // file unless white listed bellow or by platform. addDirectoryPermission(ASCIILiteral("/"), NotAllowed); // Shared libraries, plugins and fonts. addDirectoryPermission(ASCIILiteral("/lib"), Read); addDirectoryPermission(ASCIILiteral("/lib32"), Read); addDirectoryPermission(ASCIILiteral("/lib64"), Read); addDirectoryPermission(ASCIILiteral("/usr/lib"), Read); addDirectoryPermission(ASCIILiteral("/usr/lib32"), Read); addDirectoryPermission(ASCIILiteral("/usr/lib64"), Read); addDirectoryPermission(ASCIILiteral("/usr/share"), Read); // Support for alternative install prefixes, e.g. /usr/local. addDirectoryPermission(ASCIILiteral(DATADIR), Read); addDirectoryPermission(ASCIILiteral(LIBDIR), Read); // Plugin search path for (String& path : pluginsDirectories()) addDirectoryPermission(path, Read); // SSL Certificates. addDirectoryPermission(ASCIILiteral("/etc/ssl/certs"), Read); // Fontconfig cache. addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read); addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read); // Audio devices, random number generators, etc. addDirectoryPermission(ASCIILiteral("/dev"), ReadAndWrite); // Temporary files and process self information. addDirectoryPermission(ASCIILiteral("/tmp"), ReadAndWrite); addDirectoryPermission(ASCIILiteral("/proc/") + String::number(getpid()), ReadAndWrite); // In some distros /dev/shm is a symbolic link to /run/shm, and in // this case, the canonical path resolver will follow the link. If // inside /dev, the policy is already set. addDirectoryPermission(ASCIILiteral("/run/shm"), ReadAndWrite); // Needed by glibc for networking and locale. addFilePermission(ASCIILiteral("/etc/gai.conf"), Read); addFilePermission(ASCIILiteral("/etc/host.conf"), Read); addFilePermission(ASCIILiteral("/etc/hosts"), Read); addFilePermission(ASCIILiteral("/etc/localtime"), Read); addFilePermission(ASCIILiteral("/etc/nsswitch.conf"), Read); // Needed for DNS resoltion. In some distros, the resolv.conf inside // /etc is just a symbolic link. addFilePermission(ASCIILiteral("/etc/resolv.conf"), Read); addFilePermission(ASCIILiteral("/run/resolvconf/resolv.conf"), Read); // Needed to convert uid and gid into names. addFilePermission(ASCIILiteral("/etc/group"), Read); addFilePermission(ASCIILiteral("/etc/passwd"), Read); // Needed by the loader. addFilePermission(ASCIILiteral("/etc/ld.so.cache"), Read); // Needed by various, including toolkits, for optimizations based // on the current amount of free system memory. addFilePermission(ASCIILiteral("/proc/cpuinfo"), Read); addFilePermission(ASCIILiteral("/proc/filesystems"), Read); addFilePermission(ASCIILiteral("/proc/meminfo"), Read); addFilePermission(ASCIILiteral("/proc/stat"), Read); // Needed by D-Bus. addFilePermission(ASCIILiteral("/var/lib/dbus/machine-id"), Read); // Needed by at-spi2. // FIXME This is too permissive: https://bugs.webkit.org/show_bug.cgi?id=143004 addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite); // Needed by WebKit's memory pressure handler addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/memory.pressure_level"), Read); addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/cgroup.event_control"), Read); char* homeDir = getenv("HOME"); if (homeDir) { // X11 connection token. addFilePermission(String::fromUTF8(homeDir) + "/.Xauthority", Read); } // MIME type resolution. char* dataHomeDir = getenv("XDG_DATA_HOME"); if (dataHomeDir) addDirectoryPermission(String::fromUTF8(dataHomeDir) + "/mime", Read); else if (homeDir) addDirectoryPermission(String::fromUTF8(homeDir) + "/.local/share/mime", Read); #if ENABLE(WEBGL) || ENABLE(ACCELERATED_2D_CANVAS) // Needed on most non-Debian distros by libxshmfence <= 1.1, or newer // libxshmfence with older kernels (linux <= 3.16), for DRI3 shared memory. // FIXME Try removing this permission when we can rely on a newer libxshmfence. // See http://code.google.com/p/chromium/issues/detail?id=415681 addDirectoryPermission(ASCIILiteral("/var/tmp"), ReadAndWrite); // Optional Mesa DRI configuration file addFilePermission(ASCIILiteral("/etc/drirc"), Read); if (homeDir) addFilePermission(String::fromUTF8(homeDir) + "/.drirc", Read); // Mesa uses udev. addDirectoryPermission(ASCIILiteral("/etc/udev"), Read); addDirectoryPermission(ASCIILiteral("/run/udev"), Read); addDirectoryPermission(ASCIILiteral("/sys/bus"), Read); addDirectoryPermission(ASCIILiteral("/sys/class"), Read); addDirectoryPermission(ASCIILiteral("/sys/devices"), Read); #endif // Needed by NVIDIA proprietary graphics driver if (homeDir) addDirectoryPermission(String::fromUTF8(homeDir) + "/.nv", ReadAndWrite); #if ENABLE(DEVELOPER_MODE) && defined(SOURCE_DIR) // Developers using build-webkit expect some libraries to be loaded // from the build root directory and they also need access to layout test // files. char* sourceDir = canonicalize_file_name(SOURCE_DIR); if (sourceDir) { addDirectoryPermission(String::fromUTF8(sourceDir), SyscallPolicy::ReadAndWrite); free(sourceDir); } #endif }