ProcessLauncherGLib.cpp [plain text]
#include "config.h"
#include "ProcessLauncher.h"
#include "BubblewrapLauncher.h"
#include "Connection.h"
#include "FlatpakLauncher.h"
#include "ProcessExecutablePath.h"
#include <errno.h>
#include <fcntl.h>
#include <glib.h>
#include <wtf/FileSystem.h>
#include <wtf/RunLoop.h>
#include <wtf/UniStdExtras.h>
#include <wtf/glib/GLibUtilities.h>
#include <wtf/glib/GUniquePtr.h>
#include <wtf/text/CString.h>
#include <wtf/text/WTFString.h>
namespace WebKit {
static void childSetupFunction(gpointer userData)
{
int socket = GPOINTER_TO_INT(userData);
close(socket);
}
#if OS(LINUX)
static bool isFlatpakSpawnUsable()
{
static Optional<bool> ret;
if (ret)
return *ret;
GRefPtr<GSubprocess> process = adoptGRef(g_subprocess_new(static_cast<GSubprocessFlags>(G_SUBPROCESS_FLAGS_STDOUT_SILENCE | G_SUBPROCESS_FLAGS_STDERR_SILENCE),
nullptr, "flatpak-spawn", "--sandbox", "--sandbox-expose-path-ro-try=/this_path_doesnt_exist", "echo", nullptr));
if (!process.get())
ret = false;
else
ret = g_subprocess_wait_check(process.get(), nullptr, nullptr);
return *ret;
}
#endif
#if ENABLE(BUBBLEWRAP_SANDBOX)
static bool isInsideDocker()
{
static Optional<bool> ret;
if (ret)
return *ret;
ret = g_file_test("/.dockerenv", G_FILE_TEST_EXISTS);
return *ret;
}
static bool isInsideFlatpak()
{
static Optional<bool> ret;
if (ret)
return *ret;
ret = g_file_test("/.flatpak-info", G_FILE_TEST_EXISTS);
return *ret;
}
static bool isInsideSnap()
{
static Optional<bool> ret;
if (ret)
return *ret;
ret = g_getenv("SNAP") && g_getenv("SNAP_NAME") && g_getenv("SNAP_REVISION");
return *ret;
}
#endif
void ProcessLauncher::launchProcess()
{
IPC::Connection::SocketPair socketPair = IPC::Connection::createPlatformConnection(IPC::Connection::ConnectionOptions::SetCloexecOnServer);
String executablePath;
CString realExecutablePath;
switch (m_launchOptions.processType) {
case ProcessLauncher::ProcessType::Web:
executablePath = executablePathOfWebProcess();
break;
case ProcessLauncher::ProcessType::Network:
executablePath = executablePathOfNetworkProcess();
break;
#if ENABLE(GPU_PROCESS)
case ProcessLauncher::ProcessType::GPU:
executablePath = executablePathOfGPUProcess();
break;
#endif
default:
ASSERT_NOT_REACHED();
return;
}
realExecutablePath = FileSystem::fileSystemRepresentation(executablePath);
GUniquePtr<gchar> processIdentifier(g_strdup_printf("%" PRIu64, m_launchOptions.processIdentifier.toUInt64()));
GUniquePtr<gchar> webkitSocket(g_strdup_printf("%d", socketPair.client));
unsigned nargs = 5;
#if ENABLE(DEVELOPER_MODE)
Vector<CString> prefixArgs;
if (!m_launchOptions.processCmdPrefix.isNull()) {
for (auto& arg : m_launchOptions.processCmdPrefix.split(' '))
prefixArgs.append(arg.utf8());
nargs += prefixArgs.size();
}
bool configureJSCForTesting = false;
if (m_launchOptions.processType == ProcessLauncher::ProcessType::Web && m_client && m_client->shouldConfigureJSCForTesting()) {
configureJSCForTesting = true;
nargs++;
}
#endif
char** argv = g_newa(char*, nargs);
unsigned i = 0;
#if ENABLE(DEVELOPER_MODE)
for (auto& arg : prefixArgs)
argv[i++] = const_cast<char*>(arg.data());
#endif
argv[i++] = const_cast<char*>(realExecutablePath.data());
argv[i++] = processIdentifier.get();
argv[i++] = webkitSocket.get();
#if ENABLE(DEVELOPER_MODE)
if (configureJSCForTesting)
argv[i++] = const_cast<char*>("--configure-jsc-for-testing");
#endif
argv[i++] = nullptr;
argv[i++] = nullptr;
GRefPtr<GSubprocessLauncher> launcher = adoptGRef(g_subprocess_launcher_new(G_SUBPROCESS_FLAGS_INHERIT_FDS));
g_subprocess_launcher_set_child_setup(launcher.get(), childSetupFunction, GINT_TO_POINTER(socketPair.server), nullptr);
g_subprocess_launcher_take_fd(launcher.get(), socketPair.client, socketPair.client);
GUniqueOutPtr<GError> error;
GRefPtr<GSubprocess> process;
#if OS(LINUX)
const char* sandboxEnv = g_getenv("WEBKIT_FORCE_SANDBOX");
bool sandboxEnabled = m_launchOptions.extraInitializationData.get("enable-sandbox") == "true";
if (sandboxEnv)
sandboxEnabled = !strcmp(sandboxEnv, "1");
if (sandboxEnabled && isFlatpakSpawnUsable())
process = flatpakSpawn(launcher.get(), m_launchOptions, argv, socketPair.client, &error.outPtr());
#if ENABLE(BUBBLEWRAP_SANDBOX)
else if (sandboxEnabled && !isInsideFlatpak() && !isInsideSnap() && !isInsideDocker())
process = bubblewrapSpawn(launcher.get(), m_launchOptions, argv, &error.outPtr());
#endif // ENABLE(BUBBLEWRAP_SANDBOX)
else
#endif // OS(LINUX)
process = adoptGRef(g_subprocess_launcher_spawnv(launcher.get(), argv, &error.outPtr()));
if (!process.get())
g_error("Unable to fork a new child process: %s", error->message);
const char* processIdStr = g_subprocess_get_identifier(process.get());
m_processIdentifier = g_ascii_strtoll(processIdStr, nullptr, 0);
RELEASE_ASSERT(m_processIdentifier);
if (!setCloseOnExec(socketPair.client))
RELEASE_ASSERT_NOT_REACHED();
RunLoop::main().dispatch([protectedThis = makeRef(*this), this, serverSocket = socketPair.server] {
didFinishLaunchingProcess(m_processIdentifier, serverSocket);
});
}
void ProcessLauncher::terminateProcess()
{
if (m_isLaunching) {
invalidate();
return;
}
if (!m_processIdentifier)
return;
kill(m_processIdentifier, SIGKILL);
m_processIdentifier = 0;
}
void ProcessLauncher::platformInvalidate()
{
}
}