Enforce cache_path requirements for NetworkService (see issue #2622).

This change adds a new CefSettings.root_cache_path value that must be either
equal to or a parent directory of all CefSettings.cache_path and
CefRequestContextSettings.cache_path values. The sandbox may block read/write
access from the NetworkService to directories that do not meet this requirement.

To test: Run cefclient with a combination of the following flags:

--cache-path=c:\temp\cache
  Cache data should be persisted to the specified directory.

--request-context-per-browser
  A separate numbered cache directory should be created underneath the
  cache-path directory for each new browser instance.

--enable-network-service --disable-extensions
  Same tests, but with NetworkService enabled.

Known issues:
- When NetworkService is enabled a C:\temp\cache\cache\Cache directory is
  created (should be C:\temp\cache\Cache).
This commit is contained in:
Marshall Greenblatt
2019-03-24 14:41:42 -04:00
parent 9b43d265c3
commit b65f336f81
10 changed files with 120 additions and 57 deletions

View File

@@ -7,6 +7,7 @@
#include "libcef/browser/browser_context.h"
#include "libcef/browser/chrome_profile_manager_stub.h"
#include "libcef/browser/context.h"
#include "libcef/browser/prefs/browser_prefs.h"
#include "libcef/browser/thread_util.h"
#include "libcef/common/cef_switches.h"
@@ -39,11 +40,13 @@ void ChromeBrowserProcessStub::Initialize() {
DCHECK(!context_initialized_);
DCHECK(!shutdown_);
const CefSettings& settings = CefContext::Get()->settings();
const base::FilePath& cache_path =
base::FilePath(CefString(&settings.cache_path));
// Used for very early NetworkService initialization.
// TODO(cef): These preferences could be persisted in the DIR_USER_DATA
// directory.
local_state_ =
browser_prefs::CreatePrefService(nullptr, base::FilePath(), false);
local_state_ = browser_prefs::CreatePrefService(
nullptr, cache_path, !!settings.persist_user_preferences);
initialized_ = true;
}