https://bugs.webkit.org/show_bug.cgi?id=89875

Reviewed by Maciej Stachowiak.

.:

Added the bits to EFL/CMake buildsystem to find the libseccomp
library.

* Source/cmake/FindLibSeccomp.cmake: Added.
* Source/cmake/OptionsEfl.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmakeconfig.h.cmake:

Source/WebCore:

Make the DATA_DIR global since it is now needed for WebCore and WebKit2.
It is now used to set a sandbox policy for the EFL port.

* PlatformEfl.cmake:

Source/WebKit2:

Introduce the foundations of the SeccompFilter-based sandbox. The
hardening of the WebProcess (and potentially PluginProcess, etc)
works by a combination of the two things:

- Blocking syscalls that are not used, reducing the size of the attack
surface.
- Trapping sensitive syscalls and delegating the execution of these
syscalls to a separated trusted process subject to a set of policies.

The initial implementation traps the open()-family of syscalls on WebKit
EFL's and Qt's WebProcess, but it could be easily used by any Linux port,
since the code is suppose to be Linux-compliant. The list of syscalls handled
by the broker process should definitely grow as we mature the
implementation. Other syscalls needs to be handled to get this sandbox
fully functional, like unlink(), mkdir(), etc.

The broker process should be initialized as early as possible on the
sandboxed process main() function, because it only does a fork(), which
is cheap on Linux. That also aims to minimize the resident memory footprint
of the broker process.

Opening of files for upload and saving downloads is not supported yet,
since it should be handled to the UIProcess in a similar fashion as
the Mac port does.

* PlatformEfl.cmake:
* Shared/linux/SeccompFilters/OpenSyscall.cpp: Added.
(WebKit):
(WebKit::OpenSyscall::createFromOpenatContext):
(WebKit::OpenSyscall::createFromCreatContext):
(WebKit::OpenSyscall::OpenSyscall):
(WebKit::OpenSyscall::setResult):
(WebKit::OpenSyscall::execute):
(WebKit::OpenSyscall::encode):
(WebKit::OpenSyscall::decode):
(WebKit::OpenSyscallResult::OpenSyscallResult):
(WebKit::OpenSyscallResult::~OpenSyscallResult):
(WebKit::OpenSyscallResult::encode):
(WebKit::OpenSyscallResult::decode):
* Shared/linux/SeccompFilters/OpenSyscall.h: Added.
(CoreIPC):
(WebKit):
(OpenSyscall):
(WebKit::OpenSyscall::setPath):
(WebKit::OpenSyscall::setFlags):
(WebKit::OpenSyscall::setMode):
(OpenSyscallResult):
(WebKit::OpenSyscallResult::fd):
(WebKit::OpenSyscallResult::errorNumber):
* Shared/linux/SeccompFilters/SeccompBroker.cpp: Added.
(WebKit):
(SeccompBrokerClient):
(WebKit::sendMessage):
(WebKit::receiveMessage):
(WebKit::SIGSYSHandler):
(WebKit::registerSIGSYSHandler):
(WebKit::SeccompBrokerClient::shared):
(WebKit::SeccompBrokerClient::SeccompBrokerClient):
(WebKit::SeccompBrokerClient::~SeccompBrokerClient):
(WebKit::SeccompBrokerClient::dispatch):
(WebKit::SeccompBrokerClient::handleIfOpeningOnlineCPUCount):
(WebKit::SeccompBroker::launchProcess):
(WebKit::SeccompBroker::initialize):
(WebKit::SeccompBroker::runLoop):
* Shared/linux/SeccompFilters/SeccompBroker.h: Added.
(WebKit):
(SeccompBroker):
(WebKit::SeccompBroker::setSyscallPolicy):
(WebKit::SeccompBroker::SeccompBroker):
* Shared/linux/SeccompFilters/SeccompFilters.cpp: Added.
(WebKit):
(WebKit::SeccompFilters::SeccompFilters):
(WebKit::SeccompFilters::~SeccompFilters):
(WebKit::SeccompFilters::addRule):
(WebKit::SeccompFilters::initialize):
* Shared/linux/SeccompFilters/SeccompFilters.h: Added.
(WebKit):
(SeccompFilters):
(WebKit::SeccompFilters::context):
(WebKit::SeccompFilters::platformInitialize):
* Shared/linux/SeccompFilters/SigactionSyscall.cpp: Added.
(WebKit):
(WebKit::SigactionSyscall::createFromContext):
* Shared/linux/SeccompFilters/SigactionSyscall.h: Added.
(WebKit):
(SigactionSyscall):
* Shared/linux/SeccompFilters/SigprocmaskSyscall.cpp: Added.
(WebKit):
(WebKit::SigprocmaskSyscall::createFromContext):
* Shared/linux/SeccompFilters/SigprocmaskSyscall.h: Added.
(WebKit):
(SigprocmaskSyscall):
* Shared/linux/SeccompFilters/Syscall.cpp: Added.
(WebKit):
(WebKit::Syscall::createFromContext):
(WebKit::Syscall::createFromDecoder):
(WebKit::Syscall::Syscall):
(WebKit::SyscallResult::createFromDecoder):
(WebKit::SyscallResult::SyscallResult):
* Shared/linux/SeccompFilters/Syscall.h: Added.
(CoreIPC):
(WebKit):
(Syscall):
(WebKit::Syscall::~Syscall):
(WebKit::Syscall::type):
(WebKit::Syscall::setContext):
(WebKit::Syscall::context):
(SyscallResult):
(WebKit::SyscallResult::~SyscallResult):
(WebKit::SyscallResult::type):
* Shared/linux/SeccompFilters/SyscallPolicy.cpp: Added.
(WebKit):
(WebKit::removeTrailingSlash):
(WebKit::SyscallPolicy::hasPermissionForPath):
(WebKit::SyscallPolicy::addFilePermission):
(WebKit::SyscallPolicy::addDirectoryPermission):
(WebKit::SyscallPolicy::addDefaultWebProcessPolicy):
* Shared/linux/SeccompFilters/SyscallPolicy.h: Added.
(WebKit):
(SyscallPolicy):
* Target.pri:
* WebKit2.pri:
* WebProcess/efl/SeccompFiltersWebProcessEfl.cpp: Added.
(WebKit):
(WebKit::SeccompFiltersWebProcessEfl::SeccompFiltersWebProcessEfl):
(WebKit::SeccompFiltersWebProcessEfl::platformInitialize):
* WebProcess/efl/SeccompFiltersWebProcessEfl.h: Added.
(WebKit):
(SeccompFiltersWebProcessEfl):
* WebProcess/qt/SeccompFiltersWebProcessQt.cpp: Added.
(WebKit):
(WebKit::SeccompFiltersWebProcessQt::SeccompFiltersWebProcessQt):
(WebKit::SeccompFiltersWebProcessQt::platformInitialize):
* WebProcess/qt/SeccompFiltersWebProcessQt.h: Added.
(WebKit):
(SeccompFiltersWebProcessQt):
* WebProcess/qt/WebProcessQt.cpp:
(WebKit::WebProcess::platformInitializeWebProcess):
* WebProcess/soup/WebProcessSoup.cpp:
(WebKit::WebProcess::platformInitializeWebProcess):

Tools:

Add unit tests to verify if the handling of the open, openat, creat syscall
is being done right. We check if the Read/Write/ReadAndWrite permissions
are respected, if the canonical path is being resolved and if
the permissions are falling back to the topmost parent directory with a
policy set when the directory being opened has no policy.

We also test if any attempt of blocking SIGSYS is silently ignored.
SIGSYS cannot be blocked because in it's handler is where we hook
syscalls to the broker process.

Also added libseccomp to EFL's jhbuild to make the life of developers
willing to help easier.

* Scripts/webkitperl/FeatureList.pm:
* TestWebKitAPI/PlatformEfl.cmake:
* TestWebKitAPI/Tests/WebKit2/SeccompFilters.cpp: Added.
(TestWebKitAPI):
(SeccompEnvironment):
(TestWebKitAPI::SeccompEnvironment::SetUp):
(TestWebKitAPI::SeccompEnvironment::TearDown):
(TestWebKitAPI::dummyHandler):
(TestWebKitAPI::TEST):
(TestWebKitAPI::stressTest):
* efl/jhbuild.modules:
* qmake/mkspecs/features/features.pri:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@147998 268f45cc-cd09-0410-ab3c-d52691b4dbfc

.:

* Source/autotools/FindDependencies.m4:
* Source/autotools/Versions.m4:
* Source/cmake/FindHarfBuzz.cmake:

Bump gtk and efl dependencies on harfbuzz
to 0.9.7. See bug 110145.

Tools:

* efl/jhbuild.modules:
* gtk/jhbuild.modules:

Bump harfbuzz module to 0.9.7. See related bug 110145.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143345 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=103605

Patch by Halton Huo <halton.huo@intel.com> on 2012-12-05
Reviewed by Laszlo Gombos.

Update cmake files(.cmake, CMakeLists.txt) with following style rules:
1. Indentation
1.1 Use spaces, not tabs.
1.2 Four spaces as indent.
2. Spacing
2.1 Place one space between control statements and their parentheses.
    For eg, if (), else (), elseif (), endif (), foreach (),
    endforeach (), while (), endwhile (), break ().
2.2 Do not place spaces between function and macro statements and
    their parentheses. For eg, macro(), endmacro(), function(),
    endfunction().
2.3 Do not place spaces between a command or function or macro and its
    parentheses, or between a parenthesis and its content. For eg,
    message("testing") not message( "testing") or message ("testing" )
2.4 No space at line ending.
3. Lowercase when call commands macros and functions. For eg,
   add_executable() not ADD_EXECUTABLE(), set() not SET().

.:

* CMakeLists.txt:
* Source/CMakeLists.txt:
* Source/PlatformEfl.cmake:
* Source/cmake/EFLHelpers.cmake:
* Source/cmake/FindATK.cmake:
* Source/cmake/FindCFLite.cmake:
* Source/cmake/FindCairo.cmake:
* Source/cmake/FindDBus.cmake:
* Source/cmake/FindDirectX.cmake:
* Source/cmake/FindE_DBus.cmake:
* Source/cmake/FindEcore.cmake:
* Source/cmake/FindEdje.cmake:
* Source/cmake/FindEet.cmake:
* Source/cmake/FindEeze.cmake:
* Source/cmake/FindEfreet.cmake:
* Source/cmake/FindEina.cmake:
* Source/cmake/FindElementary.cmake:
* Source/cmake/FindEnchant.cmake:
* Source/cmake/FindEvas.cmake:
* Source/cmake/FindFontconfig.cmake:
* Source/cmake/FindGLIB.cmake:
* Source/cmake/FindGStreamer.cmake:
* Source/cmake/FindGperf.cmake:
* Source/cmake/FindHarfBuzz.cmake:
* Source/cmake/FindICU.cmake:
* Source/cmake/FindLibSoup.cmake:
* Source/cmake/FindQuickTimeSDK.cmake:
* Source/cmake/FindSqlite.cmake:
* Source/cmake/OptionsBlackBerry.cmake:
* Source/cmake/OptionsCommon.cmake:
* Source/cmake/OptionsEfl.cmake:
* Source/cmake/OptionsWinCE.cmake:
* Source/cmake/OptionsWindows.cmake:
* Source/cmake/WebKitFS.cmake:
* Source/cmake/WebKitFeatures.cmake:
* Source/cmake/WebKitHelpers.cmake:
* Source/cmake/WebKitMacros.cmake:
* Source/cmake/WebKitPackaging.cmake:
* Source/cmake/gtest/CMakeLists.txt:

Source/JavaScriptCore:

* CMakeLists.txt:
* PlatformBlackBerry.cmake:
* PlatformEfl.cmake:
* PlatformWinCE.cmake:
* shell/CMakeLists.txt:
* shell/PlatformBlackBerry.cmake:
* shell/PlatformEfl.cmake:
* shell/PlatformWinCE.cmake:

Source/WebCore:

* CMakeLists.txt:
* PlatformBlackBerry.cmake:
* PlatformEfl.cmake:
* PlatformWinCE.cmake:
* UseJSC.cmake:
* UseV8.cmake:

Source/WebKit:

* CMakeLists.txt:
* PlatformBlackBerry.cmake:
* PlatformEfl.cmake:
* PlatformWinCE.cmake:

Source/WebKit/efl:

* DefaultTheme/CMakeLists.txt:

Source/WebKit2:

* CMakeLists.txt:
* PlatformEfl.cmake:
* win/WebKit2ExportGenerator.vcproj:
* win/WebKit2ExportGeneratorCommon.vsprops:

Source/WTF:

* CMakeLists.txt:
* wtf/CMakeLists.txt:
* wtf/PlatformBlackBerry.cmake:
* wtf/PlatformEfl.cmake:
* wtf/PlatformWinCE.cmake:

Tools:

* CMakeLists.txt:
* DumpRenderTree/TestNetscapePlugIn/CMakeLists.txt:
* DumpRenderTree/efl/CMakeLists.txt:
* EWebLauncher/CMakeLists.txt:
* EWebLauncher/ControlTheme/CMakeLists.txt:
* MiniBrowser/efl/CMakeLists.txt:
* TestWebKitAPI/CMakeLists.txt:
* TestWebKitAPI/PlatformEfl.cmake:
* WebKitTestRunner/CMakeLists.txt:
* WebKitTestRunner/PlatformEfl.cmake:
* WinCELauncher/CMakeLists.txt:
* clang/ReportMemoryUsagePlugin/CMakeLists.txt:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@136790 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=92984

Patch by Dominik Röttsches <dominik.rottsches@intel.com> on 2012-08-03
Reviewed by Hajime Morita.

Cleanup which didn't make it into my previous ptch.

* Source/cmake/FindHarfBuzz.cmake: Remove duplicate line, add a bit of documentation.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124587 268f45cc-cd09-0410-ab3c-d52691b4dbfc

https://bugs.webkit.org/show_bug.cgi?id=91864

Patch by Dominik Röttsches <dominik.rottsches@intel.com> on 2012-07-27
Reviewed by Simon Hausmann and Martin Robinson.

.:

Configuring Freetype backend to use HarfBuzz by default.

* Source/cmake/FindHarfBuzz.cmake: Added pkgconfig based discovery of HarfBuzz.
* Source/cmake/OptionsEfl.cmake: Adding Harfbuzz configuration.

Source/WebCore:

Adding Harfbuzz support to EFL by implementing it with the help of cairo and cairo-ft.
Reusing Chromium's Harfbuzz-NG support.

No new tests, complex font support is covered by existing tests.

* CMakeLists.txt: Adding new cairo based implementations, removing emtpy FontEfl.cpp
* WebCore.gypi: Removing FontEfl.cpp
* platform/graphics/cairo/FontCairoHarfbuzzNG.cpp: Added. New implementation that implements cairo & harfbuzz-ng based complex font drawing.
(WebCore):
(WebCore::Font::drawComplexText):
(WebCore::Font::drawEmphasisMarksForComplexText):
(WebCore::Font::canReturnFallbackFontsForComplexText):
(WebCore::Font::canExpandAroundIdeographsInComplexText):
(WebCore::Font::floatWidthForComplexText):
(WebCore::Font::offsetForPositionForComplexText):
(WebCore::Font::selectionRectForComplexText):
* platform/graphics/efl/FontEfl.cpp: Removed.
* platform/graphics/freetype/FontPlatformData.h: Adding a getter that retrieves a harfbuzz face.
(FontPlatformData):
* platform/graphics/freetype/FontPlatformDataFreeType.cpp: Adding a getter that retrieves a harfbuzz face.
(WebCore::FontPlatformData::operator=):
(WebCore::FontPlatformData::FontPlatformData):
(WebCore):
(WebCore::FontPlatformData::harfbuzzFace):
* platform/graphics/harfbuzz/ng/HarfBuzzNGFaceCairo.cpp: Added. Cairo-freetype based approach to get complex font metrics.
(WebCore):
(CairoFtFaceLocker):
(WebCore::CairoFtFaceLocker::CairoFtFaceLocker):
(WebCore::CairoFtFaceLocker::lock):
(WebCore::CairoFtFaceLocker::~CairoFtFaceLocker):
(WebCore::floatToHarfBuzzPosition):
(WebCore::doubleToHarfBuzzPosition):
(WebCore::CairoGetGlyphWidthAndExtents):
(WebCore::harfbuzzGetGlyph):
(WebCore::harfbuzzGetGlyphHorizontalAdvance):
(WebCore::harfbuzzGetGlyphHorizontalOrigin):
(WebCore::harfbuzzGetGlyphExtents):
(WebCore::harfbuzzCairoTextGetFontFuncs):
(WebCore::harfbuzzCairoGetTable):
(WebCore::HarfBuzzNGFace::createFace):
(WebCore::HarfBuzzNGFace::createFont):
(WebCore::HarfBuzzShaper::createGlyphBufferAdvance):

Source/WebKit:

Adding includes for harfbuzz folders.

* CMakeLists.txt:

Source/WebKit2:

Adding includes for harfbuzz folders.

* CMakeLists.txt:

Tools:

Bringing Harfbuzz support to EFL with this patch, so we need HarfBuzz in the pulled in jhbuild dependencies.

* WebKitTestRunner/CMakeLists.txt: Adding additional header include directories.
* efl/jhbuild.modules: Adding source for HarfBuzz release version 0.9.0.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@123864 268f45cc-cd09-0410-ab3c-d52691b4dbfc