[epiphany/wip/sandbox: 2/2] Add important paths to the sandbox

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/wip/sandbox: 2/2] Add important paths to the sandbox
Date: Wed, 12 Jun 2019 01:37:56 +0000 (UTC)

commit 0bd3f1933ba3988cb9f7135e7d5b5b723cd0a1c1
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Tue Jun 11 20:33:21 2019 -0500

    Add important paths to the sandbox
    
    The web process needs to be able to load internal Epiphany libraries,
    which are stored in pkglibdir. These will normally be under /lib or
    /lib64 and therefore already whitelisted by WebKit, but not if we're
    using a custom build prefix, e.g. if Epiphany is built in JHBuild and
    WebKit is not.
    
    Similarly, in DEVELOPER_MODE where we load from the builddir, we want to
    be able to access the builddir.

 embed/ephy-embed-shell.c | 6 ++++++
 meson.build              | 1 +
 2 files changed, 7 insertions(+)
---
diff --git a/embed/ephy-embed-shell.c b/embed/ephy-embed-shell.c
index 81016244c..7c838239c 100644
--- a/embed/ephy-embed-shell.c
+++ b/embed/ephy-embed-shell.c
@@ -1202,7 +1202,13 @@ ephy_embed_shell_startup (GApplication *application)
                     shell);
 
   webkit_web_context_set_process_model (priv->web_context, 
WEBKIT_PROCESS_MODEL_MULTIPLE_SECONDARY_PROCESSES);
+
   webkit_web_context_set_sandbox_enabled (priv->web_context, TRUE);
+  webkit_web_context_add_path_to_sandbox (priv->web_context, PKGLIBDIR, TRUE);
+
+#if DEVELOPER_MODE
+  webkit_web_context_add_path_to_sandbox (priv->web_context, BUILD_ROOT, TRUE);
+#endif
 
   g_signal_connect_object (priv->web_context, "initialize-web-extensions",
                            G_CALLBACK (initialize_web_process_extensions),
diff --git a/meson.build b/meson.build
index f77d8bbe9..ba8c5f301 100644
--- a/meson.build
+++ b/meson.build
@@ -51,6 +51,7 @@ conf.set_quoted('ISO_CODES_PREFIX', iso_codes_prefix)
 conf.set_quoted('LIBLOCALEDIR', liblocaledir)
 conf.set_quoted('LOCALEDIR', localedir)
 conf.set_quoted('PKGDATADIR', pkgdatadir)
+conf.set_quoted('PKGLIBDIR', pkglibdir)
 conf.set_quoted('PKGLIBEXECDIR', pkglibexecdir)
 conf.set_quoted('PROFILE', profile)
 conf.set_quoted('SOURCE_ROOT', meson.source_root())

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]