Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (256741 => 256742)
--- trunk/Source/_javascript_Core/ChangeLog 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-02-17 18:29:33 UTC (rev 256742)
@@ -1,3 +1,21 @@
+2020-02-17 Per Arne Vollan <pvol...@apple.com>
+
+ Mach lookup to com.apple.webinspector should not be allowed in WebKit's WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=203214
+
+ Reviewed by Brent Fulgham.
+
+ Add static flag in RemoteInspector to indicate whether a sandbox extension is needed. The remote inspector will only be
+ started if the sandbox extension is not needed. Only the WebContent process will need a sandbox extension, since this
+ patch removes mach access to 'com.apple.webinspector' for this process. Also add name and domain for the
+ 'Enable Remote Inspector' setting, since this will be used in the UI process.
+
+ * inspector/remote/RemoteInspector.cpp:
+ * inspector/remote/RemoteInspector.h:
+ * inspector/remote/RemoteInspectorConstants.h:
+ * inspector/remote/cocoa/RemoteInspectorCocoa.mm:
+ (Inspector::RemoteInspector::singleton):
+
2020-02-16 Fujii Hironori <hironori.fu...@sony.com>
Remove remaining WTF_EXPORT and WTF_IMPORT by replacing them with WTF_EXPORT_DECLARATION and WTF_IMPORT_DECLARATION
Modified: trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.cpp (256741 => 256742)
--- trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.cpp 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.cpp 2020-02-17 18:29:33 UTC (rev 256742)
@@ -38,6 +38,9 @@
namespace Inspector {
bool RemoteInspector::startEnabled = true;
+#if PLATFORM(COCOA)
+std::atomic<bool> RemoteInspector::needMachSandboxExtension = false;
+#endif
void RemoteInspector::startDisabled()
{
Modified: trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.h (256741 => 256742)
--- trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.h 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/_javascript_Core/inspector/remote/RemoteInspector.h 2020-02-17 18:29:33 UTC (rev 256742)
@@ -114,6 +114,9 @@
virtual void requestAutomationSession(const String& sessionIdentifier, const SessionCapabilities&) = 0;
};
+#if PLATFORM(COCOA)
+ static void setNeedMachSandboxExtension(bool needExtension) { needMachSandboxExtension = needExtension; }
+#endif
static void startDisabled();
static RemoteInspector& singleton();
friend class NeverDestroyed<RemoteInspector>;
@@ -236,6 +239,9 @@
String backendCommands() const;
#endif
static bool startEnabled;
+#if PLATFORM(COCOA)
+ static std::atomic<bool> needMachSandboxExtension;
+#endif
// Targets can be registered from any thread at any time.
// Any target can send messages over the XPC connection.
Modified: trunk/Source/_javascript_Core/inspector/remote/RemoteInspectorConstants.h (256741 => 256742)
--- trunk/Source/_javascript_Core/inspector/remote/RemoteInspectorConstants.h 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/_javascript_Core/inspector/remote/RemoteInspectorConstants.h 2020-02-17 18:29:33 UTC (rev 256742)
@@ -118,3 +118,6 @@
#define WIRProxyApplicationParentAuditDataKey @"WIRProxyApplicationParentAuditData"
#define WIRProxyApplicationSetupMessage @"WIRProxyApplicationSetupMessage"
#define WIRProxyApplicationSetupResponseMessage @"WIRProxyApplicationSetupResponseMessage"
+
+#define WIRRemoteInspectorEnabledKey CFSTR("RemoteInspectorEnabled")
+#define WIRRemoteInspectorDomainName CFSTR("com.apple.webinspectord")
Modified: trunk/Source/_javascript_Core/inspector/remote/cocoa/RemoteInspectorCocoa.mm (256741 => 256742)
--- trunk/Source/_javascript_Core/inspector/remote/cocoa/RemoteInspectorCocoa.mm 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/_javascript_Core/inspector/remote/cocoa/RemoteInspectorCocoa.mm 2020-02-17 18:29:33 UTC (rev 256742)
@@ -87,6 +87,11 @@
{
static NeverDestroyed<RemoteInspector> shared;
+#if PLATFORM(COCOA)
+ if (needMachSandboxExtension)
+ return shared;
+#endif
+
static dispatch_once_t once;
dispatch_once(&once, ^{
if (canAccessWebInspectorMachPort()) {
Modified: trunk/Source/WebKit/ChangeLog (256741 => 256742)
--- trunk/Source/WebKit/ChangeLog 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/ChangeLog 2020-02-17 18:29:33 UTC (rev 256742)
@@ -1,5 +1,40 @@
2020-02-17 Per Arne Vollan <pvol...@apple.com>
+ Mach lookup to com.apple.webinspector should not be allowed in WebKit's WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=203214
+
+ Reviewed by Brent Fulgham.
+
+ If the Web inspector is enabled when the WebContent process is started, a sandbox extension is created
+ for 'com.apple.webinspector' and a message is sent to the WebContent process, where the extension will
+ be consumed, and the remote Web inspector will be started. The same happens if Web inspector is enabled
+ by the user while Safari is running. When RemoteInspector::singleton() is called in the UI process there
+ is no need for an extension, since access to the Web inspector daemon is already allowed.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::backlightLevelDidChangeCallback):
+ (WebKit::WebProcessPool::remoteWebInspectorEnabledCallback):
+ (WebKit::WebProcessPool::registerNotificationObservers):
+ (WebKit::WebProcessPool::unregisterNotificationObservers):
+ * UIProcess/Cocoa/WebProcessProxyCocoa.mm:
+ (WebKit::WebProcessProxy::enableRemoteInspectorIfNeeded):
+ * UIProcess/WebProcessPool.cpp:
+ (WebKit::WebProcessPool::initializeNewWebProcess):
+ * UIProcess/WebProcessPool.h:
+ * UIProcess/WebProcessProxy.cpp:
+ (WebKit::WebProcessProxy::mayBecomeUnresponsive):
+ * UIProcess/WebProcessProxy.h:
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::initializeWebProcess):
+ * WebProcess/WebProcess.h:
+ * WebProcess/WebProcess.messages.in:
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::enableRemoteWebInspector):
+ * WebProcess/com.apple.WebProcess.sb.in:
+
+2020-02-17 Per Arne Vollan <pvol...@apple.com>
+
[iOS] Add telemetry with backtrace for specific rules
https://bugs.webkit.org/show_bug.cgi?id=207494
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (256741 => 256742)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-02-17 18:29:33 UTC (rev 256742)
@@ -825,7 +825,7 @@
(media-accessibility-support)
;; Remote Web Inspector
-(allow mach-lookup
+(allow mach-lookup (with report) (with telemetry)
(global-name "com.apple.webinspector"))
(allow mach-lookup (with telemetry-backtrace) (with telemetry)
@@ -847,7 +847,7 @@
(allow mach-lookup
(require-all
(extension "com.apple.webkit.extension.mach")
- (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices"
+ (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices" "com.apple.webinspector"
;;; FIXME(207716): The following should be removed when the GPU process is complete
"com.apple.airplay.apsynccontroller.xpc" "com.apple.audio.AURemoteIOServer" "com.apple.audio.AudioComponentRegistrar"
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (256741 => 256742)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-02-17 18:29:33 UTC (rev 256742)
@@ -64,6 +64,11 @@
#import <wtf/spi/darwin/SandboxSPI.h>
#import <wtf/spi/darwin/dyldSPI.h>
+#if ENABLE(REMOTE_INSPECTOR)
+#import <_javascript_Core/RemoteInspector.h>
+#import <_javascript_Core/RemoteInspectorConstants.h>
+#endif
+
#if PLATFORM(MAC)
#import <QuartzCore/CARemoteLayerServer.h>
#else
@@ -550,11 +555,22 @@
void WebProcessPool::backlightLevelDidChangeCallback(CFNotificationCenterRef center, void *observer, CFStringRef name, const void *object, CFDictionaryRef userInfo)
{
- WebProcessPool* pool = reinterpret_cast<WebProcessPool*>(observer);
+ auto* pool = reinterpret_cast<WebProcessPool*>(observer);
pool->sendToAllProcesses(Messages::WebProcess::BacklightLevelDidChange(BKSDisplayBrightnessGetCurrent()));
}
#endif
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
+void WebProcessPool::remoteWebInspectorEnabledCallback(CFNotificationCenterRef, void *observer, CFStringRef name, const void *, CFDictionaryRef userInfo)
+{
+ auto* pool = reinterpret_cast<WebProcessPool*>(observer);
+ for (size_t i = 0; i < pool->m_processes.size(); ++i) {
+ auto process = pool->m_processes[i];
+ process->enableRemoteInspectorIfNeeded();
+ }
+}
+#endif
+
void WebProcessPool::registerNotificationObservers()
{
#if !PLATFORM(IOS_FAMILY)
@@ -608,6 +624,9 @@
for (size_t i = 0; i < m_processes.size(); ++i)
m_processes[i]->unblockAccessibilityServerIfNeeded();
}];
+#if ENABLE(REMOTE_INSPECTOR)
+ CFNotificationCenterAddObserver(CFNotificationCenterGetDarwinNotifyCenter(), this, remoteWebInspectorEnabledCallback, static_cast<CFStringRef>(CFSTR(WIRServiceEnabledNotification)), nullptr, CFNotificationSuspensionBehaviorCoalesce);
+#endif
#endif // PLATFORM(IOS)
#endif // !PLATFORM(IOS_FAMILY)
}
@@ -630,6 +649,9 @@
CFNotificationCenterRemoveObserver(CFNotificationCenterGetDarwinNotifyCenter(), this, static_cast<CFStringRef>(UIBacklightLevelChangedNotification) , nullptr);
#if PLATFORM(IOS)
[[NSNotificationCenter defaultCenter] removeObserver:m_accessibilityEnabledObserver.get()];
+#if ENABLE(REMOTE_INSPECTOR)
+ CFNotificationCenterRemoveObserver(CFNotificationCenterGetDarwinNotifyCenter(), this, CFSTR(WIRServiceEnabledNotification), nullptr);
+#endif
#endif // PLATFORM(IOS)
#endif // !PLATFORM(IOS_FAMILY)
}
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm (256741 => 256742)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2020-02-17 18:29:33 UTC (rev 256742)
@@ -40,6 +40,10 @@
#import <wtf/Scope.h>
#import <wtf/spi/darwin/SandboxSPI.h>
+#if ENABLE(REMOTE_INSPECTOR)
+#import <_javascript_Core/RemoteInspectorConstants.h>
+#endif
+
namespace WebKit {
static const Seconds unexpectedActivityDuration = 10_s;
@@ -210,4 +214,15 @@
}
#endif
+#if ENABLE(REMOTE_INSPECTOR)
+void WebProcessProxy::enableRemoteInspectorIfNeeded()
+{
+ if (!CFPreferencesGetAppIntegerValue(WIRRemoteInspectorEnabledKey, WIRRemoteInspectorDomainName, nullptr))
+ return;
+ SandboxExtension::Handle handle;
+ auto auditToken = connection() ? connection()->getAuditToken() : WTF::nullopt;
+ if (SandboxExtension::createHandleForMachLookup("com.apple.webinspector", auditToken, handle))
+ send(Messages::WebProcess::EnableRemoteWebInspector(handle), 0);
}
+#endif
+}
Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.cpp (256741 => 256742)
--- trunk/Source/WebKit/UIProcess/WebProcessPool.cpp 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.cpp 2020-02-17 18:29:33 UTC (rev 256742)
@@ -1073,7 +1073,7 @@
#if ENABLE(REMOTE_INSPECTOR)
// Initialize remote inspector connection now that we have a sub-process that is hosting one of our web views.
- Inspector::RemoteInspector::singleton();
+ Inspector::RemoteInspector::singleton();
#endif
#if PLATFORM(MAC)
Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.h (256741 => 256742)
--- trunk/Source/WebKit/UIProcess/WebProcessPool.h 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.h 2020-02-17 18:29:33 UTC (rev 256742)
@@ -609,7 +609,10 @@
#if PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
static float displayBrightness();
static void backlightLevelDidChangeCallback(CFNotificationCenterRef, void *observer, CFStringRef name, const void *, CFDictionaryRef userInfo);
+#if ENABLE(REMOTE_INSPECTOR)
+ static void remoteWebInspectorEnabledCallback(CFNotificationCenterRef, void *observer, CFStringRef name, const void *, CFDictionaryRef userInfo);
#endif
+#endif
Ref<API::ProcessPoolConfiguration> m_configuration;
Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp (256741 => 256742)
--- trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp 2020-02-17 18:29:33 UTC (rev 256742)
@@ -885,6 +885,10 @@
return true;
#endif
+
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+ enableRemoteInspectorIfNeeded();
+#endif
}
void WebProcessProxy::didFinishLaunching(ProcessLauncher* launcher, IPC::Connection::Identifier connectionIdentifier)
Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.h (256741 => 256742)
--- trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2020-02-17 18:29:33 UTC (rev 256742)
@@ -325,6 +325,10 @@
void revokeAudioCaptureExtension() { m_mediaCaptureSandboxExtensions &= ~Audio; }
#endif
+#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+ void enableRemoteInspectorIfNeeded();
+#endif
+
#if PLATFORM(IOS_FAMILY)
void unblockAccessibilityServerIfNeeded();
#endif
Modified: trunk/Source/WebKit/WebProcess/WebProcess.cpp (256741 => 256742)
--- trunk/Source/WebKit/WebProcess/WebProcess.cpp 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/WebProcess/WebProcess.cpp 2020-02-17 18:29:33 UTC (rev 256742)
@@ -432,6 +432,9 @@
#endif
#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
+#if PLATFORM(IOS)
+ Inspector::RemoteInspector::setNeedMachSandboxExtension(true);
+#endif
if (Optional<audit_token_t> auditToken = parentProcessConnection()->getAuditToken()) {
RetainPtr<CFDataRef> auditData = adoptCF(CFDataCreate(nullptr, (const UInt8*)&*auditToken, sizeof(*auditToken)));
Inspector::RemoteInspector::singleton().setParentProcessInformation(WebCore::presentingApplicationPID(), auditData);
Modified: trunk/Source/WebKit/WebProcess/WebProcess.h (256741 => 256742)
--- trunk/Source/WebKit/WebProcess/WebProcess.h 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/WebProcess/WebProcess.h 2020-02-17 18:29:33 UTC (rev 256742)
@@ -307,7 +307,10 @@
#if PLATFORM(COCOA)
void setMediaMIMETypes(const Vector<String>);
+#if ENABLE(REMOTE_INSPECTOR)
+ void enableRemoteWebInspector(const SandboxExtension::Handle&);
#endif
+#endif
bool areAllPagesThrottleable() const;
Modified: trunk/Source/WebKit/WebProcess/WebProcess.messages.in (256741 => 256742)
--- trunk/Source/WebKit/WebProcess/WebProcess.messages.in 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/WebProcess/WebProcess.messages.in 2020-02-17 18:29:33 UTC (rev 256742)
@@ -132,7 +132,10 @@
#if PLATFORM(COCOA)
SetMediaMIMETypes(Vector<String> types)
+#if ENABLE(REMOTE_INSPECTOR)
+ EnableRemoteWebInspector(WebKit::SandboxExtension::Handle handle);
#endif
+#endif
#if ENABLE(MEDIA_STREAM)
AddMockMediaDevice(struct WebCore::MockMediaDevice device);
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (256741 => 256742)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-02-17 18:29:33 UTC (rev 256742)
@@ -82,6 +82,10 @@
#import <wtf/ProcessPrivilege.h>
#import <wtf/cocoa/NSURLExtras.h>
+#if ENABLE(REMOTE_INSPECTOR)
+#include <_javascript_Core/RemoteInspector.h>
+#endif
+
#if PLATFORM(IOS)
#import <WebCore/ParentalControlsContentFilter.h>
#endif
@@ -909,6 +913,15 @@
}
#endif
+#if ENABLE(REMOTE_INSPECTOR)
+void WebProcess::enableRemoteWebInspector(const SandboxExtension::Handle& handle)
+{
+ SandboxExtension::consumePermanently(handle);
+ Inspector::RemoteInspector::setNeedMachSandboxExtension(false);
+ Inspector::RemoteInspector::singleton();
+}
+#endif
+
void WebProcess::setMediaMIMETypes(const Vector<String> types)
{
auto& cache = AVAssetMIMETypeCache::singleton();
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (256741 => 256742)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-02-17 18:23:54 UTC (rev 256741)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-02-17 18:29:33 UTC (rev 256742)
@@ -845,6 +845,7 @@
#else
"com.apple.nesessionmanager"
#endif
+ "com.apple.webinspector"
;;; FIXME(207716): The following should be removed when the GPU process is complete
"com.apple.audio.AudioComponentRegistrar" "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.endpointstream.xpc"
