summaryrefslogtreecommitdiff
path: root/Source/WebKit2/WebProcess/mac/WebProcessMac.mm
diff options
context:
space:
mode:
Diffstat (limited to 'Source/WebKit2/WebProcess/mac/WebProcessMac.mm')
-rw-r--r--Source/WebKit2/WebProcess/mac/WebProcessMac.mm26
1 files changed, 15 insertions, 11 deletions
diff --git a/Source/WebKit2/WebProcess/mac/WebProcessMac.mm b/Source/WebKit2/WebProcess/mac/WebProcessMac.mm
index 10766d2cc..001deb4c8 100644
--- a/Source/WebKit2/WebProcess/mac/WebProcessMac.mm
+++ b/Source/WebKit2/WebProcess/mac/WebProcessMac.mm
@@ -53,6 +53,7 @@
#endif
#if ENABLE(WEB_PROCESS_SANDBOX)
+#import <pwd.h>
#import <stdlib.h>
#import <sysexits.h>
@@ -168,15 +169,9 @@ static void appendReadonlySandboxDirectory(Vector<const char*>& vector, const ch
appendSandboxParameterPathInternal(vector, name, [path length] ? [(NSString *)path fileSystemRepresentation] : "");
}
-static void appendReadwriteSandboxDirectory(Vector<const char*>& vector, const char* name, NSString *path)
+static void appendReadwriteSandboxDirectory(Vector<const char*>& vector, const char* name, const char* path)
{
- NSError *error = nil;
-
- // This is very unlikely to fail, but in case it actually happens, we'd like some sort of output in the console.
- if (![[NSFileManager defaultManager] createDirectoryAtPath:path withIntermediateDirectories:YES attributes:nil error:&error])
- NSLog(@"could not create \"%@\", error %@", path, error);
-
- appendSandboxParameterPathInternal(vector, name, [(NSString *)path fileSystemRepresentation]);
+ appendSandboxParameterPathInternal(vector, name, path);
}
#endif
@@ -215,8 +210,17 @@ void WebProcess::initializeSandbox(const String& clientIdentifier)
appendReadwriteConfDirectory(sandboxParameters, "DARWIN_USER_TEMP_DIR", _CS_DARWIN_USER_TEMP_DIR);
appendReadwriteConfDirectory(sandboxParameters, "DARWIN_USER_CACHE_DIR", _CS_DARWIN_USER_CACHE_DIR);
+ char buffer[4096];
+ int bufferSize = sizeof(buffer);
+ struct passwd pwd;
+ struct passwd* result = 0;
+ if (getpwuid_r(getuid(), &pwd, buffer, bufferSize, &result) || !result) {
+ WTFLogAlways("WebProcess: Couldn't find home directory\n");
+ exit(EX_NOPERM);
+ }
+
// These are read-write paths.
- appendReadwriteSandboxDirectory(sandboxParameters, "HOME_DIR", NSHomeDirectory());
+ appendReadwriteSandboxDirectory(sandboxParameters, "HOME_DIR", pwd.pw_dir);
sandboxParameters.append(static_cast<const char*>(0));
@@ -224,7 +228,7 @@ void WebProcess::initializeSandbox(const String& clientIdentifier)
char* errorBuf;
if (sandbox_init_with_parameters(profilePath, SANDBOX_NAMED_EXTERNAL, sandboxParameters.data(), &errorBuf)) {
- WTFLogAlways("WebProcess: couldn't initialize sandbox profile [%s] error '%s'\n", profilePath, errorBuf);
+ WTFLogAlways("WebProcess: Couldn't initialize sandbox profile [%s] error '%s'\n", profilePath, errorBuf);
for (size_t i = 0; sandboxParameters[i]; i += 2)
WTFLogAlways("%s=%s\n", sandboxParameters[i], sandboxParameters[i + 1]);
exit(EX_NOPERM);
@@ -236,7 +240,7 @@ void WebProcess::initializeSandbox(const String& clientIdentifier)
// This will override LSFileQuarantineEnabled from Info.plist unless sandbox quarantine is globally disabled.
OSStatus error = WKEnableSandboxStyleFileQuarantine();
if (error) {
- WTFLogAlways("WebProcess: couldn't enable sandbox style file quarantine: %ld\n", (long)error);
+ WTFLogAlways("WebProcess: Couldn't enable sandbox style file quarantine: %ld\n", (long)error);
exit(EX_NOPERM);
}
#endif
View Lorry Controller Status