diff options
author | Michal Klocek <michal.klocek@qt.io> | 2022-04-06 15:34:47 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2022-06-07 18:13:51 +0000 |
commit | a117c0a13cb666c972d25ce0e5413e7fe0880ef6 (patch) | |
tree | 8d10a7165a6f8d6dc98d8d2e249d2c1969ad9f43 | |
parent | 88a91f8b30df1b95cf9adebacb13a8c0fc3f06c9 (diff) |
Fix sandbox on framework builds
On framework build we use bundle to get qt path.
If build time bundle is picked than build path
should be allowed file access. Moreover we really should
be able only to access bundle path and not prefix path
as resources and locales are in the webenginecore bundle.
Fixes: QTBUG-104049
Change-Id: Ic7d49ddf9c31dce52f59b38a75d558c875f15dae
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
(cherry picked from commit 62484d2b18eaec382b68b64d89e9b1bfea34321c)
Reviewed-by: Jani Heikkinen <jani.heikkinen@qt.io>
-rw-r--r-- | src/core/chromium_overrides.cpp | 17 | ||||
-rw-r--r-- | src/core/web_engine_library_info.cpp | 12 | ||||
-rw-r--r-- | src/core/web_engine_library_info.h | 3 |
3 files changed, 22 insertions, 10 deletions
diff --git a/src/core/chromium_overrides.cpp b/src/core/chromium_overrides.cpp index 4be528f58..7a5ea3737 100644 --- a/src/core/chromium_overrides.cpp +++ b/src/core/chromium_overrides.cpp @@ -37,10 +37,11 @@ ** ****************************************************************************/ +#include "type_conversion.h" #include "ozone/gl_context_qt.h" #include "qtwebenginecoreglobal_p.h" #include "web_contents_view_qt.h" - +#include "web_engine_library_info.h" #include "base/values.h" #include "content/browser/renderer_host/render_widget_host_view_base.h" #include "content/browser/web_contents/web_contents_impl.h" @@ -92,14 +93,20 @@ WebContentsView* CreateWebContentsView(WebContentsImpl *web_contents, return rv; } -#if defined(Q_OS_MACOS) -std::string getQtPrefix() +#if defined(OS_MAC) +#if defined(QT_MAC_FRAMEWORK_BUILD) +base::FilePath getSandboxPath() +{ + return WebEngineLibraryInfo::getPath(QT_FRAMEWORK_BUNDLE); +} +#else +base::FilePath getSandboxPath() { const QString prefix = QLibraryInfo::location(QLibraryInfo::PrefixPath); - return prefix.toStdString(); + return QtWebEngineCore::toFilePath(prefix); } #endif - +#endif } // namespace content #if defined(USE_AURA) || defined(USE_OZONE) diff --git a/src/core/web_engine_library_info.cpp b/src/core/web_engine_library_info.cpp index 8f580e53a..6d6543272 100644 --- a/src/core/web_engine_library_info.cpp +++ b/src/core/web_engine_library_info.cpp @@ -84,7 +84,7 @@ static inline CFBundleRef frameworkBundle() return CFBundleGetBundleWithIdentifier(CFSTR("org.qt-project.QtWebEngineCore")); } -static QString getPath(CFBundleRef frameworkBundle) +static QString getBundlePath(CFBundleRef frameworkBundle) { QString path; // The following is a fix for QtWebEngineProcess crashes on OS X 10.7 and before. @@ -109,11 +109,11 @@ static QString getResourcesPath(CFBundleRef frameworkBundle) // We use it for the other OS X versions as well to make sure it works and because // the directory structure should be the same. if (qApp->applicationName() == QLatin1String(QTWEBENGINEPROCESS_NAME)) { - path = getPath(frameworkBundle) % QLatin1String("/Resources"); + path = getBundlePath(frameworkBundle) % QLatin1String("/Resources"); } else if (frameworkBundle) { CFURLRef resourcesRelativeUrl = CFBundleCopyResourcesDirectoryURL(frameworkBundle); CFStringRef resourcesRelativePath = CFURLCopyFileSystemPath(resourcesRelativeUrl, kCFURLPOSIXPathStyle); - path = getPath(frameworkBundle) % QLatin1Char('/') % QString::fromCFString(resourcesRelativePath); + path = getBundlePath(frameworkBundle) % QLatin1Char('/') % QString::fromCFString(resourcesRelativePath); CFRelease(resourcesRelativePath); CFRelease(resourcesRelativeUrl); } @@ -166,7 +166,7 @@ QString subProcessPath() candidatePaths << fromEnv; } else { #if defined(OS_MAC) && defined(QT_MAC_FRAMEWORK_BUILD) - candidatePaths << getPath(frameworkBundle()) + candidatePaths << getBundlePath(frameworkBundle()) % QStringLiteral("/Helpers/" QTWEBENGINEPROCESS_NAME ".app/Contents/MacOS/" QTWEBENGINEPROCESS_NAME); #else candidatePaths << QLibraryInfo::path(QLibraryInfo::LibraryExecutablesPath) @@ -315,6 +315,10 @@ base::FilePath WebEngineLibraryInfo::getPath(int key) return toFilePath(resourcesDataPath() % QLatin1String("/qtwebengine_resources_200p.pak")); case QT_RESOURCES_DEVTOOLS_PAK: return toFilePath(resourcesDataPath() % QLatin1String("/qtwebengine_devtools_resources.pak")); +#if defined(OS_MAC) && defined(QT_MAC_FRAMEWORK_BUILD) + case QT_FRAMEWORK_BUNDLE: + return toFilePath(getBundlePath(frameworkBundle())); +#endif case base::FILE_EXE: case content::CHILD_PROCESS_EXE: return toFilePath(subProcessPath()); diff --git a/src/core/web_engine_library_info.h b/src/core/web_engine_library_info.h index 2926365bf..10542a99e 100644 --- a/src/core/web_engine_library_info.h +++ b/src/core/web_engine_library_info.h @@ -48,7 +48,8 @@ enum { QT_RESOURCES_PAK = 5000, QT_RESOURCES_100P_PAK = 5001, QT_RESOURCES_200P_PAK = 5002, - QT_RESOURCES_DEVTOOLS_PAK = 5003 + QT_RESOURCES_DEVTOOLS_PAK = 5003, + QT_FRAMEWORK_BUNDLE = 5004 }; class WebEngineLibraryInfo { |