[GStreamer] BubblewrapLauncher sandbox lacks directory for the gstrea…

…mer user registry cache directory https://bugs.webkit.org/show_bug.cgi?id=268759 Reviewed by Michael Catanzaro. Grant read-write access in the default GStreamer registry path within the WebProcess sandbox. This is safe because the GStreamer registry file format is binary and the file is not executable. The internal GStreamer code responsible for loading this file is able to handle parsing errors. For additional context, the registry file stores informations about the plugins available on the system, so that the plugin scanner doesn't need to rescan plugins every time GStreamer is initialized. * Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp: (WebKit::bindGStreamerData): Canonical link: https://commits.webkit.org/274144@main
WebKit · Feb 6, 2024 · cafc9b1 · cafc9b1
1 parent b2a19bd
commit cafc9b1
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp
@@ -423,10 +423,10 @@ static void bindGStreamerData(Vector<CString>& args)
 
     // The plugin scanner needs write permissions in the parent directory of GST_REGISTRY in order to
     // write the registry file.
-    if (const char* registryPath = g_getenv("GST_REGISTRY")) {
-        auto registryDir = FileSystem::parentPath(FileSystem::stringFromFileSystemRepresentation(registryPath));
-        bindIfExists(args, registryDir.utf8().data(), BindFlags::ReadWrite);
-    }
+    GUniquePtr<char> defaultRegistryPath(g_build_filename(g_get_user_cache_dir(), "gstreamer-1.0", nullptr));
+    const char* registryPath = environmentVariableValue("GST_REGISTRY", defaultRegistryPath.get());
+    auto registryDir = FileSystem::parentPath(FileSystem::stringFromFileSystemRepresentation(registryPath));
+    bindIfExists(args, registryDir.utf8().data(), BindFlags::ReadWrite);
 
     bindPathVar(args, "GST_PRESET_PATH");