#define ENABLE_TIZEN_UPDATE_TIMEZONE_INFO 1 /* Hojong Han(hojong.han@samsung.com) : Sync timezone before getting local time */
#define ENABLE_TIZEN_WRT_LAUNCHING_PERFORMANCE 1 /* Byungwoo Lee(bw80.lee@samsung.com) : Local patches to enhance web app launching performance */
-#define ENABLE_TIZEN_PROCESS_PERMISSION_CONTROL 1 /* Yunchan Cho(yunchan.cho@samsung.com), Ryuan Choi(ryuan.choi@samsung.com) : Change smack label of launched webkit processes */
+#define ENABLE_TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH 1 /* Yunchan Cho(yunchan.cho@samsung.com) : Support to set path of web process executable file */
+
#define ENABLE_TIZEN_REDUCE_KEY_LAGGING 1 /* Soon-Young Lee(sy5002.lee@samsung.com) : Temporary solution for a keylagging problem. FIXME */
#define ENABLE_TIZEN_TEXT_CODEC_MEMORY_REDUCTION 1 /*KyungTae Kim(ktf.kim@samsung.com) : Share Encode & Decode buffer for TextCodecUTF8 for memory reduction */
#define ENABLE_TIZEN_ADJUST_CONTENTS_SIZE_FOR_MINUS_X_WORKAROUND 1 /*KyungTae Kim(ktf.kim@samsung.com) : Workaround patch that adjusts contents size of minus x position contents */
${Tizen-Location-Manager_INCLUDE_DIRS}
${UIGadget_INCLUDE_DIRS}
${EFL_ASSIST_INCLUDE_DIRS}
- ${LIBSMACK_INCLUDE_DIRS}
)
LIST(APPEND WebKit2_LIBRARIES
${TTS_LIBRARIES}
${Tizen-Location-Manager_LIBRARIES}
${UIGadget_LIBRARY}
- ${LIBSMACK_LIBRARIES}
)
ADD_DEFINITIONS(-DWTF_USE_CROSS_PLATFORM_CONTEXT_MENUS=0)
Shared/tizen/NativeWebKeyboardEventTizen.cpp
Shared/tizen/WebURLRequestTizen.cpp
Shared/tizen/WebURLResponseTizen.cpp
- Shared/tizen/ProcessSmackLabel.cpp
UIProcess/API/C/efl/tizen/WKLocalFileSystemManager.cpp
UIProcess/API/C/efl/tizen/WKContextTizen.cpp
#include "NetscapePlugin.h"
#endif // ENABLE(TIZEN_SCAN_PLUGIN)
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
-#include "ProcessSmackLabel.h"
-#endif
-
using namespace WebCore;
namespace WebKit {
ASSERT(argc == 2);
#endif // ENABLE(TIZEN_SCAN_PLUGIN)
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- // check process smack label
- if (!changeProcessSmackLabel("/usr/bin/PluginProcess", argv[0])) {
- TIZEN_LOGI("failed to change smack label");
- return 1;
- }
-
- // drop CAP_MAC_ADMIN capability
- if (!dropProcessCapability()) {
- TIZEN_LOGI("failed to drop CAP_MAC_ADMIN");
- return 1;
- }
-#endif
if (!eina_init())
return 1;
#elif PLATFORM(WIN)
uint64_t fileVersion;
#endif
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- String executablePath;
-#endif
PluginModuleInfo isolatedCopy() const
{
+++ /dev/null
-/*
- * Copyright (C) 2013 Samsung Electronics. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
-
-#include <string>
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/smack.h>
-#include <sys/capability.h>
-#include <wtf/Assertions.h>
-
-namespace WebKit {
-
-bool changeProcessSmackLabel(const char* defaultExecutablePath, const char* currentExecutablePath)
-{
- ASSERT(defaultExecutablePath && currentExecutablePath);
-
- // this case needs not to change smack label
- if (!strcmp(defaultExecutablePath, currentExecutablePath))
- return true;
-
- // check if this process is launched as abnormal way
- char* newLabel;
- if (smack_lgetlabel(currentExecutablePath, &newLabel, SMACK_LABEL_EXEC) < 0)
- return false;
-
- if (smack_set_label_for_self(newLabel) < 0) {
- free(newLabel);
- return false;
- }
-
- free(newLabel);
- return true;
-}
-
-bool dropProcessCapability()
-{
- // in case of root user, any capabilities aren't dropped
- if (getuid() == 0)
- return true;
-
- cap_user_header_t header;
- cap_user_data_t data;
-
- header = static_cast<cap_user_header_t>(malloc(sizeof(*header)));
- data = static_cast<cap_user_data_t>(calloc(sizeof(*data), _LINUX_CAPABILITY_U32S_3));
-
- // check if header and data is allocated normally
- ASSERT(header && data);
-
- header->pid = getpid();
- header->version = _LINUX_CAPABILITY_VERSION_3;
-
- // read already granted capabilities of this process
- if (capget(header, data) < 0) {
- free(header);
- free(data);
- return false;
- }
-
- // remove process capability for CAP_MAC_ADMIN
- data[CAP_TO_INDEX(CAP_MAC_ADMIN)].inheritable &= ~CAP_TO_MASK(CAP_MAC_ADMIN);
- data[CAP_TO_INDEX(CAP_MAC_ADMIN)].permitted &= ~CAP_TO_MASK(CAP_MAC_ADMIN);
- data[CAP_TO_INDEX(CAP_MAC_ADMIN)].effective &= ~CAP_TO_MASK(CAP_MAC_ADMIN);
-
- bool ret = true;
- if (capset(header, data) < 0)
- ret = false;
-
- free(header);
- free(data);
-
- return ret;
-}
-
-} // namespace WebKit
-#endif
-
+++ /dev/null
-/*
- * Copyright (C) 2013 Samsung Electronics. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef ProcessSmackLabel_h
-#define ProcessSmackLabel_h
-
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
-namespace WebKit {
-
-bool changeProcessSmackLabel(const char* defaultExecutablePath, const char* currentExecutablePath);
-bool dropProcessCapability();
-
-} // namespace WebKit
-#endif
-
-#endif
-
#if OS(TIZEN)
Ewk_Context* ewkContext = Ewk_Context::create().leakRef();
ewkContextInjectedBundleClientAttachClient(ewkContext);
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
const char* webProcessExecutablePath = getenv("WEB_PROCESS_EXECUTABLE_PATH");
if (webProcessExecutablePath) {
WKContextRef contextRef = ewkContext->wkContext();
toImpl(contextRef)->setWebProcessExecutablePath(String::fromUTF8(webProcessExecutablePath));
}
-
- const char* pluginProcessExecutablePath = getenv("PLUGIN_PROCESS_EXECUTABLE_PATH");
- if (pluginProcessExecutablePath) {
- WKContextRef contextRef = ewkContext->wkContext();
- toImpl(contextRef)->pluginInfoStore().setExecutablePath(String::fromUTF8(pluginProcessExecutablePath));
- }
#endif
return ewkContext;
#else
#if OS(TIZEN)
Ewk_Context* ewkContext = Ewk_Context::create(String::fromUTF8(path)).leakRef();
ewkContextInjectedBundleClientAttachClient(ewkContext);
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
const char* webProcessExecutablePath = getenv("WEB_PROCESS_EXECUTABLE_PATH");
if (webProcessExecutablePath) {
WKContextRef contextRef = ewkContext->wkContext();
toImpl(contextRef)->setWebProcessExecutablePath(String::fromUTF8(webProcessExecutablePath));
}
-
- const char* pluginProcessExecutablePath = getenv("PLUGIN_PROCESS_EXECUTABLE_PATH");
- if (pluginProcessExecutablePath) {
- WKContextRef contextRef = ewkContext->wkContext();
- toImpl(contextRef)->pluginInfoStore().setExecutablePath(String::fromUTF8(pluginProcessExecutablePath));
- }
#endif
return ewkContext;
#else
cpu_type_t architecture;
bool executableHeap;
#endif
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- String customExecutablePath;
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
+ String webProcessExecutablePath;
#endif
#ifndef NDEBUG
String processCmdPrefix;
String executablePath;
switch (m_launchOptions.processType) {
case WebProcess:
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- if (!m_launchOptions.customExecutablePath.isEmpty()) {
- executablePath = m_launchOptions.customExecutablePath;
- TIZEN_LOGI("web process executable path: %s", executablePath.utf8().data());
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
+ if (!m_launchOptions.webProcessExecutablePath.isEmpty()) {
+ executablePath = m_launchOptions.webProcessExecutablePath;
+ TIZEN_LOGI("executable path: %s", executablePath.utf8().data());
} else
#endif
executablePath = executablePathOfWebProcess();
break;
case PluginProcess:
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- {
- // this env is used for tizen wrt process pool, and has highest priority for use.
- const char* pathForProcessPool = getenv("PLUGIN_PROCESS_EXECUTABLE_PATH_FOR_PROCESS_POOL");
- if (pathForProcessPool) {
- executablePath = String::fromUTF8(pathForProcessPool);
- TIZEN_LOGI("plugin process executable path: %s", executablePath.utf8().data());
- break;
- }
- }
-
- if (!m_launchOptions.customExecutablePath.isEmpty()) {
- executablePath = m_launchOptions.customExecutablePath;
- TIZEN_LOGI("plugin process executable path: %s", executablePath.utf8().data());
- } else
-#endif
- executablePath = executablePathOfPluginProcess();
+ executablePath = executablePathOfPluginProcess();
break;
default:
ASSERT_NOT_REACHED();
// Note that the plug-in will still be seen by e.g. navigator.plugins
bool shouldBlockPlugin(const PluginModuleInfo&) const;
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- void setExecutablePath(const String& path) { m_executablePath = path; };
- const String& executablePath() const { return m_executablePath; };
-#endif
-
private:
PluginModuleInfo findPluginForMIMEType(const String& mimeType) const;
PluginModuleInfo findPluginForExtension(const String& extension, String& mimeType) const;
Vector<String> m_additionalPluginsDirectories;
Vector<PluginModuleInfo> m_plugins;
bool m_pluginListIsUpToDate;
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- String m_executablePath;
-#endif
+
mutable Mutex m_pluginsLock;
};
ASSERT(!pluginPath.isNull());
PluginModuleInfo plugin = pluginInfoStore.infoForPluginWithPath(pluginPath);
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- plugin.executablePath = pluginInfoStore.executablePath();
-#endif
PluginProcessProxy* pluginProcess = getOrCreatePluginProcess(plugin);
pluginProcess->getPluginProcessConnection(reply);
}
launchOptions.executableHeap = PluginProcessProxy::pluginNeedsExecutableHeap(pluginInfo);
#endif
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- launchOptions.customExecutablePath = pluginInfo.executablePath;
-#endif
-
m_processLauncher = ProcessLauncher::create(this, launchOptions);
}
#endif
, m_processTerminationEnabled(true)
, m_pluginWorkQueue("com.apple.CoreIPC.PluginQueue")
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- , m_webProcessExecutablePath()
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
+ , m_webProcessExecutablePath(String())
#endif
{
#if !LOG_DISABLED
#if PLATFORM(EFL)
void notifyLowMemory();
#endif
-
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- void setWebProcessExecutablePath(const String& path) { m_webProcessExecutablePath = path; };
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
+ void setWebProcessExecutablePath(const String);
const String& webProcessExecutablePath() const { return m_webProcessExecutablePath; };
#endif
-
#if ENABLE(TIZEN_WEBKIT2_MEMORY_SAVING_MODE)
void setMemorySavingMode(bool memorySavingMode);
#endif
String m_soupDataDirectory;
#endif
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
String m_webProcessExecutablePath;
#endif
launchOptions.architecture = ProcessLauncher::LaunchOptions::MatchCurrentArchitecture;
launchOptions.executableHeap = false;
#endif
-
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- launchOptions.customExecutablePath = m_context->webProcessExecutablePath();
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
+ launchOptions.webProcessExecutablePath = m_context->webProcessExecutablePath();
#endif
#ifndef NDEBUG
}
#endif
+#if ENABLE(TIZEN_SET_WEB_PROCESS_EXECUTABLE_PATH)
+void WebContext::setWebProcessExecutablePath(const String webProcessExecutablePath)
+{
+ m_webProcessExecutablePath = webProcessExecutablePath;
+}
+#endif
+
#if ENABLE(TIZEN_SESSION_REQUEST_CANCEL)
void WebContext::abortSession()
{
#endif
#endif
}
-
#if ENABLE(TIZEN_SOUP_COOKIE_CACHE_FOR_WEBKIT2)
String WebContext::soupDataDirectory()
{
#include "wtf/WTFThreadData.h"
#endif
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
-#include "ProcessSmackLabel.h"
-#endif
-
using namespace WebCore;
namespace WebKit {
if (argc != 2)
return 1;
-#if ENABLE(TIZEN_PROCESS_PERMISSION_CONTROL)
- // change process smack label
- if (!changeProcessSmackLabel("/usr/bin/WebProcess", argv[0])) {
- TIZEN_LOGI("failed to change smack label");
- return 1;
- }
- // drop CAP_MAC_ADMIN capability
- if (!dropProcessCapability()) {
- TIZEN_LOGI("failed to drop CAP_MAC_ADMIN");
- return 1;
- }
-#endif
-
if (!eina_init())
return 1;
+++ /dev/null
-# - Try to find smack
-# Once done, this will define
-#
-# LIBSMACK_FOUND - system has libsmack
-# LIBSMACK_INCLUDE_DIRS - the libsmack include directories
-# LIBSMACK_LIBRARIES - link these to use libsmack
-
-INCLUDE(FindPkgConfig)
-
-PKG_CHECK_MODULES(PC_LIBSMACK libsmack)
-
-FIND_PATH(LIBSMACK_INCLUDE_DIRS NAMES sys/smack.h
- HINTS ${PC_LIBSMACK_INCLUDE_DIRS} ${PC_LIBSMACK_INCLUDEDIR}
-)
-
-FIND_LIBRARY(LIBSMACK_LIBRARIES NAMES smack
- HINTS ${PC_LIBSMACK_LIBRARY_DIRS} ${PC_LIBSMACK_LIBDIR}
-)
-
-INCLUDE(FindPackageHandleStandardArgs)
-FIND_PACKAGE_HANDLE_STANDARD_ARGS(LIBSMACK DEFAULT_MSG LIBSMACK_INCLUDE_DIRS LIBSMACK_LIBRARIES)
FIND_PACKAGE(VConf REQUIRED)
FIND_PACKAGE(feedback REQUIRED)
FIND_PACKAGE(EFL_ASSIST REQUIRED)
-FIND_PACKAGE(LIBSMACK REQUIRED)
ADD_DEFINITIONS(-DENABLE_GESTURE_EVENTS=1)
BuildRequires: pkgconfig(tts)
BuildRequires: pkgconfig(capi-system-power)
BuildRequires: pkgconfig(capi-system-info)
-BuildRequires: pkgconfig(libsmack)
-BuildRequires: libcap, libcap-devel
%description
# 2. Resources
chmod 644 /usr/share/edje/webkit.edj
# 3. executables
-setfattr -n security.capability -v 0sAQAAAgAAAAAAAAAAAAAAAAIAAAA= %{_bindir}/WebProcess
-setfattr -n security.capability -v 0sAQAAAgAAAAAAAAAAAAAAAAIAAAA= %{_bindir}/PluginProcess
+if [ `grep -c smack /proc/filesystems` -eq 1 ]
+then
+ setcap cap_mac_admin=ie %{_bindir}/WebProcess
+fi
%postun