- Revision
- 257575
- Author
- pvol...@apple.com
- Date
- 2020-02-27 10:48:36 -0800 (Thu, 27 Feb 2020)
Log Message
[iOS] Issue mach sandbox extensions to the WebContent process for a set of specific services
https://bugs.webkit.org/show_bug.cgi?id=208146
Reviewed by Brent Fulgham.
Source/WebKit:
We are still seeing some accesses from the WebContent process to a small set of services. Since we do not currently have
backtraces for these accesses, make a speculative patch, where we issue these extension for all apps except Safari.
Test: fast/sandbox/ios/sandbox-mach-lookup-mail.html
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
LayoutTests:
* fast/sandbox/ios/sandbox-mach-lookup-mail-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup-mail.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (257574 => 257575)
--- trunk/LayoutTests/ChangeLog 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/LayoutTests/ChangeLog 2020-02-27 18:48:36 UTC (rev 257575)
@@ -1,3 +1,13 @@
+2020-02-27 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Issue mach sandbox extensions to the WebContent process for a set of specific services
+ https://bugs.webkit.org/show_bug.cgi?id=208146
+
+ Reviewed by Brent Fulgham.
+
+ * fast/sandbox/ios/sandbox-mach-lookup-mail-expected.txt:
+ * fast/sandbox/ios/sandbox-mach-lookup-mail.html:
+
2020-02-27 Carlos Alberto Lopez Perez <clo...@igalia.com>
[CSS Backgrounds] Skip WPT tests always crashing in Debug.
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-mail-expected.txt (257574 => 257575)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-mail-expected.txt 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-mail-expected.txt 2020-02-27 18:48:36 UTC (rev 257575)
@@ -4,4 +4,7 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.lsd.open") is true
-
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.mobileassetd") is true
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is true
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.PowerManagement.control") is true
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", ""com.apple.frontboard.systemappservices"") is true
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-mail.html (257574 => 257575)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-mail.html 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-mail.html 2020-02-27 18:48:36 UTC (rev 257575)
@@ -7,6 +7,10 @@
if (window.internals) {
shouldBeTrue("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.lsd.open\")");
+ shouldBeTrue("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.mobileassetd\")");
+ shouldBeTrue("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices\")");
+ shouldBeTrue("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.PowerManagement.control\")");
+ shouldBeTrue("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.frontboard.systemappservices\")");
}
</script>
</head>
Modified: trunk/Source/WebKit/ChangeLog (257574 => 257575)
--- trunk/Source/WebKit/ChangeLog 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/Source/WebKit/ChangeLog 2020-02-27 18:48:36 UTC (rev 257575)
@@ -1,3 +1,25 @@
+2020-02-27 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Issue mach sandbox extensions to the WebContent process for a set of specific services
+ https://bugs.webkit.org/show_bug.cgi?id=208146
+
+ Reviewed by Brent Fulgham.
+
+ We are still seeing some accesses from the WebContent process to a small set of services. Since we do not currently have
+ backtraces for these accesses, make a speculative patch, where we issue these extension for all apps except Safari.
+
+ Test: fast/sandbox/ios/sandbox-mach-lookup-mail.html
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode const):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+
2020-02-27 Alex Christensen <achristen...@webkit.org>
Add SPI to query WKFrameInfos in a WKWebView
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (257574 => 257575)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-02-27 18:48:36 UTC (rev 257575)
@@ -847,7 +847,7 @@
(allow mach-lookup
(require-all
(extension "com.apple.webkit.extension.mach")
- (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices" "com.apple.webinspector"
+ (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices" "com.apple.webinspector" "com.apple.PowerManagement.control"
;;; FIXME(207716): The following should be removed when the GPU process is complete
"com.apple.airplay.apsynccontroller.xpc" "com.apple.audio.AURemoteIOServer" "com.apple.audio.AudioComponentRegistrar"
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (257574 => 257575)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2020-02-27 18:48:36 UTC (rev 257575)
@@ -159,10 +159,13 @@
#if PLATFORM(IOS)
encoder << compilerServiceExtensionHandle;
encoder << contentFilterExtensionHandle;
- encoder << launchServicesOpenExtensionHandle;
+#endif
+
+#if PLATFORM(IOS_FAMILY)
encoder << diagnosticsExtensionHandle;
+ encoder << dynamicMachExtensionHandles;
#endif
-
+
#if PLATFORM(COCOA)
encoder << neHelperExtensionHandle;
encoder << neSessionManagerExtensionHandle;
@@ -417,18 +420,20 @@
if (!contentFilterExtensionHandle)
return false;
parameters.contentFilterExtensionHandle = WTFMove(*contentFilterExtensionHandle);
+#endif
- Optional<Optional<SandboxExtension::Handle>> launchServicesOpenExtensionHandle;
- decoder >> launchServicesOpenExtensionHandle;
- if (!launchServicesOpenExtensionHandle)
- return false;
- parameters.launchServicesOpenExtensionHandle = WTFMove(*launchServicesOpenExtensionHandle);
-
+#if PLATFORM(IOS_FAMILY)
Optional<Optional<SandboxExtension::Handle>> diagnosticsExtensionHandle;
decoder >> diagnosticsExtensionHandle;
if (!diagnosticsExtensionHandle)
return false;
parameters.diagnosticsExtensionHandle = WTFMove(*diagnosticsExtensionHandle);
+
+ Optional<SandboxExtension::HandleArray> dynamicMachExtensionHandles;
+ decoder >> dynamicMachExtensionHandles;
+ if (!dynamicMachExtensionHandles)
+ return false;
+ parameters.dynamicMachExtensionHandles = WTFMove(*dynamicMachExtensionHandles);
#endif
#if PLATFORM(COCOA)
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (257574 => 257575)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2020-02-27 18:48:36 UTC (rev 257575)
@@ -201,8 +201,11 @@
#if PLATFORM(IOS)
Optional<SandboxExtension::Handle> compilerServiceExtensionHandle;
Optional<SandboxExtension::Handle> contentFilterExtensionHandle;
- Optional<SandboxExtension::Handle> launchServicesOpenExtensionHandle;
+#endif
+
+#if PLATFORM(IOS_FAMILY)
Optional<SandboxExtension::Handle> diagnosticsExtensionHandle;
+ SandboxExtension::HandleArray dynamicMachExtensionHandles;
#endif
#if PLATFORM(COCOA)
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (257574 => 257575)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-02-27 18:48:36 UTC (rev 257575)
@@ -366,11 +366,21 @@
SandboxExtension::createHandleForMachLookup("com.apple.AGXCompilerService", WTF::nullopt, compilerServiceExtensionHandle);
parameters.compilerServiceExtensionHandle = WTFMove(compilerServiceExtensionHandle);
}
+#endif
- if (WebCore::IOSApplication::isMobileMail()) {
- SandboxExtension::Handle launchServicesOpenExtensionHandle;
- SandboxExtension::createHandleForMachLookup("com.apple.lsd.open", WTF::nullopt, launchServicesOpenExtensionHandle);
- parameters.launchServicesOpenExtensionHandle = WTFMove(launchServicesOpenExtensionHandle);
+#if PLATFORM(IOS_FAMILY)
+ if (!WebCore::IOSApplication::isMobileSafari()) {
+ static const char* services[] = {
+ "com.apple.lsd.open",
+ "com.apple.mobileassetd",
+ "com.apple.iconservices",
+ "com.apple.PowerManagement.control",
+ "com.apple.frontboard.systemappservices"
+ };
+ auto size = WTF_ARRAY_LENGTH(services);
+ parameters.dynamicMachExtensionHandles.allocate(size);
+ for (size_t i = 0; i < size; ++i)
+ SandboxExtension::createHandleForMachLookup(services[i], WTF::nullopt, parameters.dynamicMachExtensionHandles[i]);
}
if (isInternalInstall()) {
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (257574 => 257575)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-02-27 18:18:46 UTC (rev 257574)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-02-27 18:48:36 UTC (rev 257575)
@@ -251,15 +251,17 @@
if (parameters.compilerServiceExtensionHandle)
SandboxExtension::consumePermanently(*parameters.compilerServiceExtensionHandle);
- if (parameters.launchServicesOpenExtensionHandle)
- SandboxExtension::consumePermanently(*parameters.launchServicesOpenExtensionHandle);
+ if (parameters.contentFilterExtensionHandle)
+ SandboxExtension::consumePermanently(*parameters.contentFilterExtensionHandle);
+ ParentalControlsContentFilter::setHasConsumedSandboxExtension(parameters.contentFilterExtensionHandle.hasValue());
+#endif
+#if PLATFORM(IOS_FAMILY)
if (parameters.diagnosticsExtensionHandle)
SandboxExtension::consumePermanently(*parameters.diagnosticsExtensionHandle);
- if (parameters.contentFilterExtensionHandle)
- SandboxExtension::consumePermanently(*parameters.contentFilterExtensionHandle);
- ParentalControlsContentFilter::setHasConsumedSandboxExtension(parameters.contentFilterExtensionHandle.hasValue());
+ for (size_t i = 0, size = parameters.dynamicMachExtensionHandles.size(); i < size; ++i)
+ SandboxExtension::consumePermanently(parameters.dynamicMachExtensionHandles[i]);
#endif
#if PLATFORM(COCOA)