Fix sandbox on framework builds

On framework build we use bundle to get qt path. If build time bundle is picked than build path should be allowed file access. Moreover we really should be able only to access bundle path and not prefix path as resources and locales are in the webenginecore bundle. Pick-to: 6.3 6.2 Change-Id: Ic7d49ddf9c31dce52f59b38a75d558c875f15dae Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
author: Michal Klocek <michal.klocek@qt.io> 2022-04-06 15:34:47 +0200
committer: Michal Klocek <michal.klocek@qt.io> 2022-05-09 11:25:09 +0200
commit: 62484d2b18eaec382b68b64d89e9b1bfea34321c (patch)
tree: aaf9c4c56234263bd3855b8120c2a612c020b5c2 /src/core
parent: 87b75e346fd89c3233706bc9d3ea889516bb02ff (diff)
3 files changed, 22 insertions, 10 deletions
diff --git a/src/core/chromium_overrides.cpp b/src/core/chromium_overrides.cpp
index 512b142a0..4ba6f25fd 100644
--- a/src/core/chromium_overrides.cpp
+++ b/src/core/chromium_overrides.cpp
@@ -37,10 +37,11 @@
 **
 ****************************************************************************/
 
+#include "type_conversion.h"
 #include "ozone/gl_context_qt.h"
 #include "qtwebenginecoreglobal_p.h"
 #include "web_contents_view_qt.h"
-
+#include "web_engine_library_info.h"
 #include "base/values.h"
 #include "content/browser/renderer_host/render_widget_host_view_base.h"
 #include "content/browser/web_contents/web_contents_impl.h"
@@ -92,14 +93,20 @@ WebContentsView* CreateWebContentsView(WebContentsImpl *web_contents,
     return rv;
 }
 
-#if defined(Q_OS_MACOS)
-std::string getQtPrefix()
+#if defined(OS_MAC)
+#if defined(QT_MAC_FRAMEWORK_BUILD)
+base::FilePath getSandboxPath()
+{
+    return WebEngineLibraryInfo::getPath(QT_FRAMEWORK_BUNDLE);
+}
+#else
+base::FilePath getSandboxPath()
 {
     const QString prefix = QLibraryInfo::location(QLibraryInfo::PrefixPath);
-    return prefix.toStdString();
+    return QtWebEngineCore::toFilePath(prefix);
 }
 #endif
-
+#endif
 } // namespace content
 
 #if defined(USE_AURA) || defined(USE_OZONE)
diff --git a/src/core/web_engine_library_info.cpp b/src/core/web_engine_library_info.cpp
index 8f580e53a..6d6543272 100644
--- a/src/core/web_engine_library_info.cpp
+++ b/src/core/web_engine_library_info.cpp
@@ -84,7 +84,7 @@ static inline CFBundleRef frameworkBundle()
     return CFBundleGetBundleWithIdentifier(CFSTR("org.qt-project.QtWebEngineCore"));
 }
 
-static QString getPath(CFBundleRef frameworkBundle)
+static QString getBundlePath(CFBundleRef frameworkBundle)
 {
     QString path;
     // The following is a fix for QtWebEngineProcess crashes on OS X 10.7 and before.
@@ -109,11 +109,11 @@ static QString getResourcesPath(CFBundleRef frameworkBundle)
     // We use it for the other OS X versions as well to make sure it works and because
     // the directory structure should be the same.
     if (qApp->applicationName() == QLatin1String(QTWEBENGINEPROCESS_NAME)) {
-        path = getPath(frameworkBundle) % QLatin1String("/Resources");
+        path = getBundlePath(frameworkBundle) % QLatin1String("/Resources");
     } else if (frameworkBundle) {
         CFURLRef resourcesRelativeUrl = CFBundleCopyResourcesDirectoryURL(frameworkBundle);
         CFStringRef resourcesRelativePath = CFURLCopyFileSystemPath(resourcesRelativeUrl, kCFURLPOSIXPathStyle);
-        path = getPath(frameworkBundle) % QLatin1Char('/') % QString::fromCFString(resourcesRelativePath);
+        path = getBundlePath(frameworkBundle) % QLatin1Char('/') % QString::fromCFString(resourcesRelativePath);
         CFRelease(resourcesRelativePath);
         CFRelease(resourcesRelativeUrl);
     }
@@ -166,7 +166,7 @@ QString subProcessPath()
             candidatePaths << fromEnv;
         } else {
 #if defined(OS_MAC) && defined(QT_MAC_FRAMEWORK_BUILD)
-            candidatePaths << getPath(frameworkBundle())
+            candidatePaths << getBundlePath(frameworkBundle())
                               % QStringLiteral("/Helpers/" QTWEBENGINEPROCESS_NAME ".app/Contents/MacOS/" QTWEBENGINEPROCESS_NAME);
 #else
             candidatePaths << QLibraryInfo::path(QLibraryInfo::LibraryExecutablesPath)
@@ -315,6 +315,10 @@ base::FilePath WebEngineLibraryInfo::getPath(int key)
         return toFilePath(resourcesDataPath() % QLatin1String("/qtwebengine_resources_200p.pak"));
     case QT_RESOURCES_DEVTOOLS_PAK:
         return toFilePath(resourcesDataPath() % QLatin1String("/qtwebengine_devtools_resources.pak"));
+#if defined(OS_MAC) && defined(QT_MAC_FRAMEWORK_BUILD)
+    case QT_FRAMEWORK_BUNDLE:
+        return toFilePath(getBundlePath(frameworkBundle()));
+#endif
     case base::FILE_EXE:
     case content::CHILD_PROCESS_EXE:
         return toFilePath(subProcessPath());
diff --git a/src/core/web_engine_library_info.h b/src/core/web_engine_library_info.h
index 2926365bf..10542a99e 100644
--- a/src/core/web_engine_library_info.h
+++ b/src/core/web_engine_library_info.h
@@ -48,7 +48,8 @@ enum {
     QT_RESOURCES_PAK = 5000,
     QT_RESOURCES_100P_PAK = 5001,
     QT_RESOURCES_200P_PAK = 5002,
-    QT_RESOURCES_DEVTOOLS_PAK = 5003
+    QT_RESOURCES_DEVTOOLS_PAK = 5003,
+    QT_FRAMEWORK_BUNDLE = 5004
 };
 
 class WebEngineLibraryInfo {
author	Michal Klocek <michal.klocek@qt.io>	2022-04-06 15:34:47 +0200
committer	Michal Klocek <michal.klocek@qt.io>	2022-05-09 11:25:09 +0200
commit	62484d2b18eaec382b68b64d89e9b1bfea34321c (patch)
tree	aaf9c4c56234263bd3855b8120c2a612c020b5c2 /src/core
parent	87b75e346fd89c3233706bc9d3ea889516bb02ff (diff)