[GLIB] Don't require GApplication for bwrap sandbox

https://bugs.webkit.org/show_bug.cgi?id=255249 Reviewed by Adrian Perez de Castro and Carlos Garcia Campos. The app-id isn't that important to our usage in our bubblewrap sandbox so instead of erroring we can generate an id without any real downsides. * Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp: (WebKit::applicationId): (WebKit::createFlatpakInfo): Canonical link: https://commits.webkit.org/262947@main
WebKit · Apr 14, 2023 · 2bab2a5 · 2bab2a5
1 parent 1a1b5cf
commit 2bab2a5
Showing 1 changed file with 16 additions and 19 deletions.
diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
@@ -29,6 +29,7 @@
 #include <sys/mman.h>
 #include <wtf/FileSystem.h>
 #include <wtf/NeverDestroyed.h>
+#include <wtf/UUID.h>
 #include <wtf/UniStdExtras.h>
 #include <wtf/glib/GRefPtr.h>
 #include <wtf/glib/GUniquePtr.h>
@@ -124,20 +125,23 @@ int argumentsToFileDescriptor(const Vector<CString>& args, const char* name)
     return memfd;
 }
 
-static const char* applicationId(GError** error)
+static String effectiveApplicationId()
 {
-    GApplication* app = g_application_get_default();
-    if (!app) {
-        g_set_error_literal(error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "GApplication is required.");
-        return nullptr;
+    if (auto* app = g_application_get_default()) {
+        if (const char* appID = g_application_get_application_id(app))
+            return String::fromUTF8(appID);
     }
 
-    const char* appID = g_application_get_application_id(app);
-    if (!appID) {
-        g_set_error_literal(error, G_IO_ERROR, G_IO_ERROR_INVALID_DATA, "GApplication must have a valid ID.");
-        return nullptr;
-    }
-    return appID;
+    const char* programName = g_get_prgname();
+    if (programName && g_application_id_is_valid(programName))
+        return String::fromUTF8(programName);
+
+    // There must be some id for xdg-desktop-portal to function.
+    // xdg-desktop-portal uses this id for permissions. While we don't currently
+    // use any APIs that require permissions, we generate a random id to avoid
+    // interactions with other applications.
+    auto uuid = UUID::createVersion4Weak();
+    return makeString("org.webkit.app-", uuid.toString());
 }
 
 static int createFlatpakInfo()
@@ -146,15 +150,8 @@ static int createFlatpakInfo()
     static size_t size;
 
     if (!data.get()) {
-        // xdg-desktop-portal relates your name to certain permissions so we want
-        // them to be application unique which is best done via GApplication.
-        GUniqueOutPtr<GError> error;
-        const char* appID = applicationId(&error.outPtr());
-        if (!appID)
-            g_error("Unable to configure xdg-desktop-portal access in the WebKit sandbox: %s", error->message);
-
         GUniquePtr<GKeyFile> keyFile(g_key_file_new());
-        g_key_file_set_string(keyFile.get(), "Application", "name", appID);
+        g_key_file_set_string(keyFile.get(), "Application", "name", effectiveApplicationId().utf8().data());
         data->reset(g_key_file_to_data(keyFile.get(), &size, nullptr));
     }