void PluginInfoStore::loadPluginsIfNecessary()
{
if (m_pluginListIsUpToDate)
return;
PathHashSet uniquePluginPaths;
// First, load plug-ins from the additional plug-ins directories specified.
for (size_t i = 0; i < m_additionalPluginsDirectories.size(); ++i)
addFromVector(uniquePluginPaths, pluginPathsInDirectory(m_additionalPluginsDirectories[i]));
// Then load plug-ins from the standard plug-ins directories.
Vector<String> directories = pluginsDirectories();
for (size_t i = 0; i < directories.size(); ++i)
addFromVector(uniquePluginPaths, pluginPathsInDirectory(directories[i]));
// Then load plug-ins that are not in the standard plug-ins directories.
addFromVector(uniquePluginPaths, individualPluginPaths());
m_plugins.clear();
PathHashSet::const_iterator end = uniquePluginPaths.end();
for (PathHashSet::const_iterator it = uniquePluginPaths.begin(); it != end; ++it)
loadPlugin(m_plugins, *it);
m_pluginListIsUpToDate = true;
if (m_client)
m_client->pluginInfoStoreDidLoadPlugins(this);
}
void PluginInfoStore::loadPluginsIfNecessary()
{
if (m_pluginListIsUpToDate)
return;
PathHashSet uniquePluginPaths;
// First, load plug-ins from the additional plug-ins directories specified.
for (size_t i = 0; i < m_additionalPluginsDirectories.size(); ++i)
addFromVector(uniquePluginPaths, pluginPathsInDirectory(m_additionalPluginsDirectories[i]));
// Then load plug-ins from the standard plug-ins directories.
Vector<String> directories = pluginsDirectories();
for (size_t i = 0; i < directories.size(); ++i)
addFromVector(uniquePluginPaths, pluginPathsInDirectory(directories[i]));
// Then load plug-ins that are not in the standard plug-ins directories.
addFromVector(uniquePluginPaths, individualPluginPaths());
Vector<PluginModuleInfo> plugins;
PathHashSet::const_iterator end = uniquePluginPaths.end();
for (PathHashSet::const_iterator it = uniquePluginPaths.begin(); it != end; ++it)
loadPlugin(plugins, *it);
#if ENABLE(PEPPER_PLUGIN_API)
std::vector<PluginModuleInfo> pepperPlugins;
content::PepperPluginRegistry::GetInstance()->ComputeList(pepperPlugins);
std::vector<PluginModuleInfo>::iterator endPlugins = pepperPlugins.end();
for (std::vector<PluginModuleInfo>::iterator it = pepperPlugins.begin(); it != endPlugins; ++it)
plugins.append(*it);
#endif
m_plugins = deepIsolatedCopyPluginInfoVector(plugins);
m_pluginListIsUpToDate = true;
}
void SyscallPolicy::addDefaultWebProcessPolicy(const WebProcessCreationParameters& parameters)
{
// Directories settings coming from the UIProcess.
if (!parameters.applicationCacheDirectory.isEmpty())
addDirectoryPermission(removeTrailingSlash(parameters.applicationCacheDirectory), ReadAndWrite);
if (!parameters.webSQLDatabaseDirectory.isEmpty())
addDirectoryPermission(removeTrailingSlash(parameters.webSQLDatabaseDirectory), ReadAndWrite);
if (!parameters.diskCacheDirectory.isEmpty())
addDirectoryPermission(removeTrailingSlash(parameters.diskCacheDirectory), ReadAndWrite);
if (!parameters.cookieStorageDirectory.isEmpty())
addDirectoryPermission(removeTrailingSlash(parameters.cookieStorageDirectory), ReadAndWrite);
#if USE(SOUP)
if (!parameters.cookiePersistentStoragePath.isEmpty())
addDirectoryPermission(removeTrailingSlash(parameters.cookiePersistentStoragePath), ReadAndWrite);
#endif
// The root policy will block access to any directory or
// file unless white listed bellow or by platform.
addDirectoryPermission(ASCIILiteral("/"), NotAllowed);
// Shared libraries, plugins and fonts.
addDirectoryPermission(ASCIILiteral("/lib"), Read);
addDirectoryPermission(ASCIILiteral("/lib32"), Read);
addDirectoryPermission(ASCIILiteral("/lib64"), Read);
addDirectoryPermission(ASCIILiteral("/usr/lib"), Read);
addDirectoryPermission(ASCIILiteral("/usr/lib32"), Read);
addDirectoryPermission(ASCIILiteral("/usr/lib64"), Read);
addDirectoryPermission(ASCIILiteral("/usr/share"), Read);
// Support for alternative install prefixes, e.g. /usr/local.
addDirectoryPermission(ASCIILiteral(DATADIR), Read);
addDirectoryPermission(ASCIILiteral(LIBDIR), Read);
// Plugin search path
for (String& path : pluginsDirectories())
addDirectoryPermission(path, Read);
// SSL Certificates.
addDirectoryPermission(ASCIILiteral("/etc/ssl/certs"), Read);
// Fontconfig cache.
addDirectoryPermission(ASCIILiteral("/etc/fonts"), Read);
addDirectoryPermission(ASCIILiteral("/var/cache/fontconfig"), Read);
// Audio devices, random number generators, etc.
addDirectoryPermission(ASCIILiteral("/dev"), ReadAndWrite);
// Temporary files and process self information.
addDirectoryPermission(ASCIILiteral("/tmp"), ReadAndWrite);
addDirectoryPermission(ASCIILiteral("/proc/") + String::number(getpid()), ReadAndWrite);
// In some distros /dev/shm is a symbolic link to /run/shm, and in
// this case, the canonical path resolver will follow the link. If
// inside /dev, the policy is already set.
addDirectoryPermission(ASCIILiteral("/run/shm"), ReadAndWrite);
// Needed by glibc for networking and locale.
addFilePermission(ASCIILiteral("/etc/gai.conf"), Read);
addFilePermission(ASCIILiteral("/etc/host.conf"), Read);
addFilePermission(ASCIILiteral("/etc/hosts"), Read);
addFilePermission(ASCIILiteral("/etc/localtime"), Read);
addFilePermission(ASCIILiteral("/etc/nsswitch.conf"), Read);
// Needed for DNS resoltion. In some distros, the resolv.conf inside
// /etc is just a symbolic link.
addFilePermission(ASCIILiteral("/etc/resolv.conf"), Read);
addFilePermission(ASCIILiteral("/run/resolvconf/resolv.conf"), Read);
// Needed to convert uid and gid into names.
addFilePermission(ASCIILiteral("/etc/group"), Read);
addFilePermission(ASCIILiteral("/etc/passwd"), Read);
// Needed by the loader.
addFilePermission(ASCIILiteral("/etc/ld.so.cache"), Read);
// Needed by various, including toolkits, for optimizations based
// on the current amount of free system memory.
addFilePermission(ASCIILiteral("/proc/cpuinfo"), Read);
addFilePermission(ASCIILiteral("/proc/filesystems"), Read);
addFilePermission(ASCIILiteral("/proc/meminfo"), Read);
addFilePermission(ASCIILiteral("/proc/stat"), Read);
// Needed by D-Bus.
addFilePermission(ASCIILiteral("/var/lib/dbus/machine-id"), Read);
// Needed by at-spi2.
// FIXME This is too permissive: https://bugs.webkit.org/show_bug.cgi?id=143004
addDirectoryPermission("/run/user/" + String::number(getuid()), ReadAndWrite);
// Needed by WebKit's memory pressure handler
addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/memory.pressure_level"), Read);
addFilePermission(ASCIILiteral("/sys/fs/cgroup/memory/cgroup.event_control"), Read);
char* homeDir = getenv("HOME");
if (homeDir) {
// X11 connection token.
addFilePermission(String::fromUTF8(homeDir) + "/.Xauthority", Read);
}
// MIME type resolution.
char* dataHomeDir = getenv("XDG_DATA_HOME");
if (dataHomeDir)
addDirectoryPermission(String::fromUTF8(dataHomeDir) + "/mime", Read);
else if (homeDir)
addDirectoryPermission(String::fromUTF8(homeDir) + "/.local/share/mime", Read);
#if ENABLE(WEBGL) || ENABLE(ACCELERATED_2D_CANVAS)
// Needed on most non-Debian distros by libxshmfence <= 1.1, or newer
// libxshmfence with older kernels (linux <= 3.16), for DRI3 shared memory.
// FIXME Try removing this permission when we can rely on a newer libxshmfence.
// See http://code.google.com/p/chromium/issues/detail?id=415681
addDirectoryPermission(ASCIILiteral("/var/tmp"), ReadAndWrite);
// Optional Mesa DRI configuration file
addFilePermission(ASCIILiteral("/etc/drirc"), Read);
if (homeDir)
addFilePermission(String::fromUTF8(homeDir) + "/.drirc", Read);
// Mesa uses udev.
addDirectoryPermission(ASCIILiteral("/etc/udev"), Read);
addDirectoryPermission(ASCIILiteral("/run/udev"), Read);
addDirectoryPermission(ASCIILiteral("/sys/bus"), Read);
addDirectoryPermission(ASCIILiteral("/sys/class"), Read);
addDirectoryPermission(ASCIILiteral("/sys/devices"), Read);
#endif
// Needed by NVIDIA proprietary graphics driver
if (homeDir)
addDirectoryPermission(String::fromUTF8(homeDir) + "/.nv", ReadAndWrite);
#if ENABLE(DEVELOPER_MODE) && defined(SOURCE_DIR)
// Developers using build-webkit expect some libraries to be loaded
// from the build root directory and they also need access to layout test
// files.
char* sourceDir = canonicalize_file_name(SOURCE_DIR);
if (sourceDir) {
addDirectoryPermission(String::fromUTF8(sourceDir), SyscallPolicy::ReadAndWrite);
free(sourceDir);
}
#endif
}
