Fix sandbox on framework builds

On framework build we use bundle to get qt path. If build time bundle is picked than build path should be allowed file access. Moreover we really should be able only to access bundle path and not prefix path as resources and locales are in the webenginecore bundle. Change-Id: Ic7d49ddf9c31dce52f59b38a75d558c875f15dae Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io> (cherry picked from commit 62484d2b18eaec382b68b64d89e9b1bfea34321c) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
author: Michal Klocek <michal.klocek@qt.io> 2022-04-06 15:34:47 +0200
committer: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> 2022-06-02 13:29:40 +0000
commit: 2d871ea9b757813d4fcaddd21a5cb58989905a21 (patch)
tree: 43e21da6a6418871020fba846baf1f3c1ec5947a /src/core
parent: 46130024188003bd6bbf4ec4d1ba96e097f830cf (diff)
3 files changed, 22 insertions, 10 deletions
diff --git a/src/core/chromium_overrides.cpp b/src/core/chromium_overrides.cpp
index 4be528f58..7a5ea3737 100644
--- a/src/core/chromium_overrides.cpp
+++ b/src/core/chromium_overrides.cpp
@@ -37,10 +37,11 @@
 **
 ****************************************************************************/
 
+#include "type_conversion.h"
 #include "ozone/gl_context_qt.h"
 #include "qtwebenginecoreglobal_p.h"
 #include "web_contents_view_qt.h"
-
+#include "web_engine_library_info.h"
 #include "base/values.h"
 #include "content/browser/renderer_host/render_widget_host_view_base.h"
 #include "content/browser/web_contents/web_contents_impl.h"
@@ -92,14 +93,20 @@ WebContentsView* CreateWebContentsView(WebContentsImpl *web_contents,
     return rv;
 }
 
-#if defined(Q_OS_MACOS)
-std::string getQtPrefix()
+#if defined(OS_MAC)
+#if defined(QT_MAC_FRAMEWORK_BUILD)
+base::FilePath getSandboxPath()
+{
+    return WebEngineLibraryInfo::getPath(QT_FRAMEWORK_BUNDLE);
+}
+#else
+base::FilePath getSandboxPath()
 {
     const QString prefix = QLibraryInfo::location(QLibraryInfo::PrefixPath);
-    return prefix.toStdString();
+    return QtWebEngineCore::toFilePath(prefix);
 }
 #endif
-
+#endif
 } // namespace content
 
 #if defined(USE_AURA) || defined(USE_OZONE)
diff --git a/src/core/web_engine_library_info.cpp b/src/core/web_engine_library_info.cpp
index 8f580e53a..6d6543272 100644
--- a/src/core/web_engine_library_info.cpp
+++ b/src/core/web_engine_library_info.cpp
@@ -84,7 +84,7 @@ static inline CFBundleRef frameworkBundle()
     return CFBundleGetBundleWithIdentifier(CFSTR("org.qt-project.QtWebEngineCore"));
 }
 
-static QString getPath(CFBundleRef frameworkBundle)
+static QString getBundlePath(CFBundleRef frameworkBundle)
 {
     QString path;
     // The following is a fix for QtWebEngineProcess crashes on OS X 10.7 and before.
@@ -109,11 +109,11 @@ static QString getResourcesPath(CFBundleRef frameworkBundle)
     // We use it for the other OS X versions as well to make sure it works and because
     // the directory structure should be the same.
     if (qApp->applicationName() == QLatin1String(QTWEBENGINEPROCESS_NAME)) {
-        path = getPath(frameworkBundle) % QLatin1String("/Resources");
+        path = getBundlePath(frameworkBundle) % QLatin1String("/Resources");
     } else if (frameworkBundle) {
         CFURLRef resourcesRelativeUrl = CFBundleCopyResourcesDirectoryURL(frameworkBundle);
         CFStringRef resourcesRelativePath = CFURLCopyFileSystemPath(resourcesRelativeUrl, kCFURLPOSIXPathStyle);
-        path = getPath(frameworkBundle) % QLatin1Char('/') % QString::fromCFString(resourcesRelativePath);
+        path = getBundlePath(frameworkBundle) % QLatin1Char('/') % QString::fromCFString(resourcesRelativePath);
         CFRelease(resourcesRelativePath);
         CFRelease(resourcesRelativeUrl);
     }
@@ -166,7 +166,7 @@ QString subProcessPath()
             candidatePaths << fromEnv;
         } else {
 #if defined(OS_MAC) && defined(QT_MAC_FRAMEWORK_BUILD)
-            candidatePaths << getPath(frameworkBundle())
+            candidatePaths << getBundlePath(frameworkBundle())
                               % QStringLiteral("/Helpers/" QTWEBENGINEPROCESS_NAME ".app/Contents/MacOS/" QTWEBENGINEPROCESS_NAME);
 #else
             candidatePaths << QLibraryInfo::path(QLibraryInfo::LibraryExecutablesPath)
@@ -315,6 +315,10 @@ base::FilePath WebEngineLibraryInfo::getPath(int key)
         return toFilePath(resourcesDataPath() % QLatin1String("/qtwebengine_resources_200p.pak"));
     case QT_RESOURCES_DEVTOOLS_PAK:
         return toFilePath(resourcesDataPath() % QLatin1String("/qtwebengine_devtools_resources.pak"));
+#if defined(OS_MAC) && defined(QT_MAC_FRAMEWORK_BUILD)
+    case QT_FRAMEWORK_BUNDLE:
+        return toFilePath(getBundlePath(frameworkBundle()));
+#endif
     case base::FILE_EXE:
     case content::CHILD_PROCESS_EXE:
         return toFilePath(subProcessPath());
diff --git a/src/core/web_engine_library_info.h b/src/core/web_engine_library_info.h
index 2926365bf..10542a99e 100644
--- a/src/core/web_engine_library_info.h
+++ b/src/core/web_engine_library_info.h
@@ -48,7 +48,8 @@ enum {
     QT_RESOURCES_PAK = 5000,
     QT_RESOURCES_100P_PAK = 5001,
     QT_RESOURCES_200P_PAK = 5002,
-    QT_RESOURCES_DEVTOOLS_PAK = 5003
+    QT_RESOURCES_DEVTOOLS_PAK = 5003,
+    QT_FRAMEWORK_BUNDLE = 5004
 };
 
 class WebEngineLibraryInfo {
author	Michal Klocek <michal.klocek@qt.io>	2022-04-06 15:34:47 +0200
committer	Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>	2022-06-02 13:29:40 +0000
commit	2d871ea9b757813d4fcaddd21a5cb58989905a21 (patch)
tree	43e21da6a6418871020fba846baf1f3c1ec5947a /src/core
parent	46130024188003bd6bbf4ec4d1ba96e097f830cf (diff)