portalHelper: Enable WebKit sandbox if available

The portal helper is rather sensitive because potentially-hostile Wi-Fi
networks can decide to launch it whenever they want (by blocking the
user's connection to the nmcheck domain) and load whatever web content
they want into it. So having this unsandboxed is really extraordinarily
risky. Previously it was a risk we had to accept, because WebKit did not
have a web process sandbox, but now it does. So let's bubblewrap all the
things!

https://gitlab.gnome.org/GNOME/gnome-shell/merge_requests/983
This commit is contained in:
Michael Catanzaro 2020-02-05 22:18:11 +00:00 committed by Florian Müllner
parent ded4586781
commit 35063c9e7c

View File

@ -118,6 +118,10 @@ class PortalWindow extends Gtk.ApplicationWindow {
this._webContext = WebKit.WebContext.new_ephemeral(); this._webContext = WebKit.WebContext.new_ephemeral();
this._webContext.set_cache_model(WebKit.CacheModel.DOCUMENT_VIEWER); this._webContext.set_cache_model(WebKit.CacheModel.DOCUMENT_VIEWER);
this._webContext.set_network_proxy_settings(WebKit.NetworkProxyMode.NO_PROXY, null); this._webContext.set_network_proxy_settings(WebKit.NetworkProxyMode.NO_PROXY, null);
if (this._webContext.set_sandbox_enabled) {
// We have WebKitGTK 2.26 or newer.
this._webContext.set_sandbox_enabled(true);
}
this._webView = WebKit.WebView.new_with_context(this._webContext); this._webView = WebKit.WebView.new_with_context(this._webContext);
this._webView.connect('decide-policy', this._onDecidePolicy.bind(this)); this._webView.connect('decide-policy', this._onDecidePolicy.bind(this));