[gnome-shell/mcatanzaro/sandbox-portal-helper] Sandbox the portal helper

[Michael Catanzaro <mcatanzaro src gnome org>]

commit f63268a0557b8abf9548463105ea1e1410f8ecc0
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Wed Feb 5 22:18:11 2020 +0000

    Sandbox the portal helper
    
    The portal helper is rather sensitive because potentially-hostile Wi-Fi
    networks can decide to launch it whenever they want (by blocking the
    user's connection to the nmcheck domain) and load whatever web content
    they want into it. So having this unsandboxed is really extraordinarily
    risky. Previously it was a risk we had to accept, because WebKit did not
    have a web process sandbox, but now it does. So let's bubblewrap all the
    things!

 js/portalHelper/main.js | 4 ++++
 1 file changed, 4 insertions(+)
---
diff --git a/js/portalHelper/main.js b/js/portalHelper/main.js
index b0e568dacb..3f8587d543 100644
--- a/js/portalHelper/main.js
+++ b/js/portalHelper/main.js
@@ -118,6 +118,10 @@ class PortalWindow extends Gtk.ApplicationWindow {
         this._webContext = WebKit.WebContext.new_ephemeral();
         this._webContext.set_cache_model(WebKit.CacheModel.DOCUMENT_VIEWER);
         this._webContext.set_network_proxy_settings(WebKit.NetworkProxyMode.NO_PROXY, null);
+        if (WebKit.WebContext.set_sandbox_enabled) {
+            // We have WebKitGTK 2.26 or newer.
+            this._webContext.set_sandbox_enabled(true);
+        }
 
         this._webView = WebKit.WebView.new_with_context(this._webContext);
         this._webView.connect('decide-policy', this._onDecidePolicy.bind(this));