Diff
Modified: trunk/Source/WebCore/ChangeLog (253350 => 253351)
--- trunk/Source/WebCore/ChangeLog 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebCore/ChangeLog 2019-12-10 23:21:41 UTC (rev 253351)
@@ -1,3 +1,22 @@
+2019-12-10 Per Arne Vollan <[email protected]>
+
+ [iOS] Deny mach lookup access to network extension services in the WebContent sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=203929
+
+ Reviewed by Brent Fulgham.
+
+ Add a global flag to NetworkExtensionContentFilter to indicate whether network extension sandbox extensions have
+ been consumed. If the flag has been set, there is no need to check NEFilterSource.filterRequired, since the flag
+ will tell if filtering is required. Checking NEFilterSource.filterRequired will lead to other mach lookups which
+ we are trying to avoid.
+
+ The test ContentFiltering.LazilyLoadPlatformFrameworks has been modified.
+
+ * WebCore.xcodeproj/project.pbxproj:
+ * platform/cocoa/NetworkExtensionContentFilter.h:
+ * platform/cocoa/NetworkExtensionContentFilter.mm:
+ (WebCore::NetworkExtensionContentFilter::enabled):
+
2019-12-10 Commit Queue <[email protected]>
Unreviewed, rolling out r253321.
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (253350 => 253351)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2019-12-10 23:21:41 UTC (rev 253351)
@@ -2972,7 +2972,7 @@
A14832CF187F684700DA63A6 /* WebCoreThreadSystemInterface.h in Headers */ = {isa = PBXBuildFile; fileRef = A14832A1187F508700DA63A6 /* WebCoreThreadSystemInterface.h */; settings = {ATTRIBUTES = (Private, ); }; };
A1491DA31F859D870095F5D4 /* PaymentSession.h in Headers */ = {isa = PBXBuildFile; fileRef = A1491DA21F859D870095F5D4 /* PaymentSession.h */; };
A149786F1ABAF33800CEF7E4 /* ContentFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = A149786D1ABAF33800CEF7E4 /* ContentFilter.h */; };
- A14978711ABAF3A500CEF7E4 /* PlatformContentFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = A14978701ABAF3A500CEF7E4 /* PlatformContentFilter.h */; };
+ A14978711ABAF3A500CEF7E4 /* PlatformContentFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = A14978701ABAF3A500CEF7E4 /* PlatformContentFilter.h */; settings = {ATTRIBUTES = (Private, ); }; };
A14BB0A01F9813B800605A35 /* MockPayment.h in Headers */ = {isa = PBXBuildFile; fileRef = A14BB09E1F9813B800605A35 /* MockPayment.h */; };
A15D75161E68F7C800A35FBC /* BlobCallback.h in Headers */ = {isa = PBXBuildFile; fileRef = A15D75131E68F7B100A35FBC /* BlobCallback.h */; };
A15D751B1E68F8A300A35FBC /* JSBlobCallback.h in Headers */ = {isa = PBXBuildFile; fileRef = A15D75181E68F83600A35FBC /* JSBlobCallback.h */; };
@@ -3001,7 +3001,7 @@
A1956F252331AD530057E9D2 /* WHLSLFunctionDefinition.h in Headers */ = {isa = PBXBuildFile; fileRef = C21BF6F421CD89B300227979 /* WHLSLFunctionDefinition.h */; };
A19AEA211AAA808600B52B25 /* JSMockContentFilterSettings.h in Headers */ = {isa = PBXBuildFile; fileRef = A19AEA1E1AAA806E00B52B25 /* JSMockContentFilterSettings.h */; };
A19AEA221AAA808A00B52B25 /* JSMockContentFilterSettings.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A19AEA1D1AAA806E00B52B25 /* JSMockContentFilterSettings.cpp */; };
- A19D934B1AA11B1E00B46C24 /* NetworkExtensionContentFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = A19D93491AA11B1E00B46C24 /* NetworkExtensionContentFilter.h */; };
+ A19D934B1AA11B1E00B46C24 /* NetworkExtensionContentFilter.h in Headers */ = {isa = PBXBuildFile; fileRef = A19D93491AA11B1E00B46C24 /* NetworkExtensionContentFilter.h */; settings = {ATTRIBUTES = (Private, ); }; };
A1AA9AB91D23911500FEADB3 /* ContentFilterBlockedPage.html in Resources */ = {isa = PBXBuildFile; fileRef = A1AA9AB81D23911500FEADB3 /* ContentFilterBlockedPage.html */; };
A1ADAF7D2360FD3E009CB776 /* PreviewConverterClient.h in Headers */ = {isa = PBXBuildFile; fileRef = A1ADAF7B2360FD3D009CB776 /* PreviewConverterClient.h */; };
A1ADAF7E2360FD3E009CB776 /* PreviewConverterProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = A1ADAF7C2360FD3E009CB776 /* PreviewConverterProvider.h */; };
@@ -16747,11 +16747,11 @@
1199FA59208E3C7F002358CC /* DisplayBox.h */,
E4FB4B35239BEB10003C336A /* DisplayInlineContent.cpp */,
E451C6332394058E00993190 /* DisplayInlineContent.h */,
+ 112FB350239C23C40087054A /* DisplayInlineRect.h */,
6FB47E612277425A00C7BCB0 /* DisplayLineBox.h */,
6F77868523491AC6004D9636 /* DisplayPainter.cpp */,
6F77868723491AD7004D9636 /* DisplayPainter.h */,
6FD9CD52227E21C800E53957 /* DisplayRect.h */,
- 112FB350239C23C40087054A /* DisplayInlineRect.h */,
6FCE1A1822618AB3004F0343 /* DisplayRun.h */,
);
path = displaytree;
@@ -29606,6 +29606,8 @@
7EDAAFC919A2CCDC0034DFD1 /* DiskCacheMonitorCocoa.h in Headers */,
1199FA5B208E3C7F002358CC /* DisplayBox.h in Headers */,
E451C6342394058F00993190 /* DisplayInlineContent.h in Headers */,
+ 112FB352239C23C40087054A /* DisplayInlineRect.h in Headers */,
+ 6FB47E632277425A00C7BCB0 /* DisplayLineBox.h in Headers */,
0FE5FBD31C3DD51E0007A2CA /* DisplayList.h in Headers */,
0FE5FBD51C3DD51E0007A2CA /* DisplayListItems.h in Headers */,
0FE5FBD71C3DD51E0007A2CA /* DisplayListRecorder.h in Headers */,
@@ -30265,7 +30267,6 @@
115CFA7E208B8E10001E6991 /* InlineFormattingState.h in Headers */,
6FE7CFA22177EEF2005B1573 /* InlineItem.h in Headers */,
BCE789161120D6080060ECE5 /* InlineIterator.h in Headers */,
- 6FB47E632277425A00C7BCB0 /* DisplayLineBox.h in Headers */,
6FE198172178397C00446F08 /* InlineLineBreaker.h in Headers */,
6F0CD695229ED32700C5994E /* InlineLineBuilder.h in Headers */,
6F360E5023999421001512A7 /* InlineSoftLineBreakItem.h in Headers */,
@@ -31927,7 +31928,6 @@
BC5EB6680E81CB7100B25965 /* RenderStyleConstants.h in Headers */,
436708C112D9CA4B00044234 /* RenderSVGBlock.h in Headers */,
436708C312D9CA4B00044234 /* RenderSVGContainer.h in Headers */,
- 112FB352239C23C40087054A /* DisplayInlineRect.h in Headers */,
2B365C841525119E0091D27B /* RenderSVGEllipse.h in Headers */,
43C092BC12D9E4EE00A989C3 /* RenderSVGForeignObject.h in Headers */,
436708C512D9CA4B00044234 /* RenderSVGGradientStop.h in Headers */,
Modified: trunk/Source/WebCore/platform/cocoa/NetworkExtensionContentFilter.h (253350 => 253351)
--- trunk/Source/WebCore/platform/cocoa/NetworkExtensionContentFilter.h 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebCore/platform/cocoa/NetworkExtensionContentFilter.h 2019-12-10 23:21:41 UTC (rev 253351)
@@ -53,6 +53,8 @@
ContentFilterUnblockHandler unblockHandler() const override;
#endif
+ WEBCORE_EXPORT static void setHasConsumedSandboxExtensions(bool);
+
private:
static bool enabled();
@@ -60,6 +62,14 @@
void initialize(const URL* = nullptr);
void handleDecision(NEFilterSourceStatus, NSData *replacementData);
+ enum class SandboxExtensionsState : uint8_t {
+ Consumed,
+ NotConsumed,
+ NotSet
+ };
+
+ WEBCORE_EXPORT static SandboxExtensionsState m_sandboxExtensionsState;
+
OSObjectPtr<dispatch_queue_t> m_queue;
RetainPtr<NSData> m_replacementData;
RetainPtr<NEFilterSource> m_neFilterSource;
Modified: trunk/Source/WebCore/platform/cocoa/NetworkExtensionContentFilter.mm (253350 => 253351)
--- trunk/Source/WebCore/platform/cocoa/NetworkExtensionContentFilter.mm 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebCore/platform/cocoa/NetworkExtensionContentFilter.mm 2019-12-10 23:21:41 UTC (rev 253351)
@@ -51,9 +51,22 @@
namespace WebCore {
+NetworkExtensionContentFilter::SandboxExtensionsState NetworkExtensionContentFilter::m_sandboxExtensionsState = SandboxExtensionsState::NotSet;
+
bool NetworkExtensionContentFilter::enabled()
{
- bool enabled = [getNEFilterSourceClass() filterRequired];
+ bool enabled = false;
+ switch (m_sandboxExtensionsState) {
+ case SandboxExtensionsState::Consumed:
+ enabled = true;
+ break;
+ case SandboxExtensionsState::NotConsumed:
+ enabled = false;
+ break;
+ case SandboxExtensionsState::NotSet:
+ enabled = [getNEFilterSourceClass() filterRequired];
+ break;
+ }
LOG(ContentFiltering, "NetworkExtensionContentFilter is %s.\n", enabled ? "enabled" : "not enabled");
return enabled;
}
@@ -215,6 +228,11 @@
#endif
}
+void NetworkExtensionContentFilter::setHasConsumedSandboxExtensions(bool hasConsumedSandboxExtensions)
+{
+ m_sandboxExtensionsState = (hasConsumedSandboxExtensions ? SandboxExtensionsState::Consumed : SandboxExtensionsState::NotConsumed);
+}
+
} // namespace WebCore
#endif // HAVE(NETWORK_EXTENSION)
Modified: trunk/Source/WebKit/ChangeLog (253350 => 253351)
--- trunk/Source/WebKit/ChangeLog 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebKit/ChangeLog 2019-12-10 23:21:41 UTC (rev 253351)
@@ -1,3 +1,27 @@
+2019-12-10 Per Arne Vollan <[email protected]>
+
+ [iOS] Deny mach lookup access to network extension services in the WebContent sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=203929
+
+ Reviewed by Brent Fulgham.
+
+ Mach lookup access to network extension services in the WebContent process is only needed if
+ NEFilterSource.filterRequired is true. If this is the case, issue the needed mach lookup
+ sandbox extensions to the WebContent process, where they will be consumed. Eventually, all
+ the content filtering code should be moved to the Networking process, but since this is a
+ bigger undertaking, we can issue extensions in the meantime to strengthen the sandbox.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode const):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2019-12-10 Chris Dumez <[email protected]>
Leverage the fact that WebPageProxy subclasses IPC::MessageSender to simplify IPC sending code
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (253350 => 253351)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2019-12-10 23:21:41 UTC (rev 253351)
@@ -477,7 +477,7 @@
(define-once (network-extensions-support)
;; Network Extensions / VPN helper.
- (allow mach-lookup
+ (allow mach-lookup (with report) (with telemetry)
(global-name "com.apple.nehelper")
(global-name "com.apple.nesessionmanager.content-filter")) ;; <rdar://problem/48442387>
)
@@ -966,7 +966,7 @@
(allow mach-lookup
(require-all
(extension "com.apple.webkit.extension.mach")
- (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService")))
+ (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.AGXCompilerService" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter")))
(media-capture-support)
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (253350 => 253351)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2019-12-10 23:21:41 UTC (rev 253351)
@@ -163,6 +163,11 @@
#if PLATFORM(IOS)
encoder << compilerServiceExtensionHandle;
#endif
+
+#if PLATFORM(COCOA)
+ encoder << neHelperExtensionHandle;
+ encoder << neSessionManagerExtensionHandle;
+#endif
}
bool WebProcessCreationParameters::decode(IPC::Decoder& decoder, WebProcessCreationParameters& parameters)
@@ -403,6 +408,20 @@
parameters.compilerServiceExtensionHandle = WTFMove(*compilerServiceExtensionHandle);
#endif
+#if PLATFORM(COCOA)
+ Optional<Optional<SandboxExtension::Handle>> neHelperExtensionHandle;
+ decoder >> neHelperExtensionHandle;
+ if (!neHelperExtensionHandle)
+ return false;
+ parameters.neHelperExtensionHandle = WTFMove(*neHelperExtensionHandle);
+
+ Optional<Optional<SandboxExtension::Handle>> neSessionManagerExtensionHandle;
+ decoder >> neSessionManagerExtensionHandle;
+ if (!neSessionManagerExtensionHandle)
+ return false;
+ parameters.neSessionManagerExtensionHandle = WTFMove(*neSessionManagerExtensionHandle);
+#endif
+
return true;
}
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (253350 => 253351)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2019-12-10 23:21:41 UTC (rev 253351)
@@ -201,6 +201,11 @@
#if PLATFORM(IOS)
Optional<SandboxExtension::Handle> compilerServiceExtensionHandle;
#endif
+
+#if PLATFORM(COCOA)
+ Optional<SandboxExtension::Handle> neHelperExtensionHandle;
+ Optional<SandboxExtension::Handle> neSessionManagerExtensionHandle;
+#endif
};
} // namespace WebKit
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (253350 => 253351)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2019-12-10 23:21:41 UTC (rev 253351)
@@ -72,6 +72,13 @@
#import <sys/utsname.h>
#endif
+#if PLATFORM(COCOA)
+#import <pal/spi/cocoa/NEFilterSourceSPI.h>
+
+SOFT_LINK_FRAMEWORK_OPTIONAL(NetworkExtension);
+SOFT_LINK_CLASS_OPTIONAL(NetworkExtension, NEFilterSource);
+#endif
+
NSString *WebServiceWorkerRegistrationDirectoryDefaultsKey = @"WebServiceWorkerRegistrationDirectory";
NSString *WebKitLocalCacheDefaultsKey = @"WebKitLocalCache";
NSString *WebKitJSCJITEnabledDefaultsKey = @"WebKitJSCJITEnabledDefaultsKey";
@@ -295,6 +302,16 @@
parameters.compilerServiceExtensionHandle = WTFMove(compilerServiceExtensionHandle);
}
#endif
+
+#if PLATFORM(COCOA)
+ if ([getNEFilterSourceClass() filterRequired]) {
+ SandboxExtension::Handle handle;
+ SandboxExtension::createHandleForMachLookup("com.apple.nehelper", WTF::nullopt, handle);
+ parameters.neHelperExtensionHandle = WTFMove(handle);
+ SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter", WTF::nullopt, handle);
+ parameters.neSessionManagerExtensionHandle = WTFMove(handle);
+ }
+#endif
}
void WebProcessPool::platformInitializeNetworkProcess(NetworkProcessCreationParameters& parameters)
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (253350 => 253351)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2019-12-10 23:21:41 UTC (rev 253351)
@@ -116,6 +116,10 @@
#import <os/state_private.h>
#endif
+#if PLATFORM(COCOA)
+#import <WebCore/NetworkExtensionContentFilter.h>
+#endif
+
#if HAVE(CSCHECKFIXDISABLE)
extern "C" void _CSCheckFixDisable();
#endif
@@ -226,6 +230,14 @@
if (parameters.compilerServiceExtensionHandle)
SandboxExtension::consumePermanently(*parameters.compilerServiceExtensionHandle);
#endif
+
+#if PLATFORM(COCOA)
+ if (parameters.neHelperExtensionHandle)
+ SandboxExtension::consumePermanently(*parameters.neHelperExtensionHandle);
+ if (parameters.neSessionManagerExtensionHandle)
+ SandboxExtension::consumePermanently(*parameters.neSessionManagerExtensionHandle);
+ NetworkExtensionContentFilter::setHasConsumedSandboxExtensions(parameters.neHelperExtensionHandle.hasValue() && parameters.neSessionManagerExtensionHandle.hasValue());
+#endif
}
void WebProcess::platformSetWebsiteDataStoreParameters(WebProcessDataStoreParameters&& parameters)
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (253350 => 253351)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2019-12-10 23:08:04 UTC (rev 253350)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2019-12-10 23:21:41 UTC (rev 253351)
@@ -833,6 +833,11 @@
(allow device-camera))
#endif // PLATFORM(MAC)
+(allow mach-lookup
+ (require-all
+ (extension "com.apple.webkit.extension.mach")
+ (global-name "com.apple.nehelper" "com.apple.nesessionmanager.content-filter")))
+
(when (defined? 'syscall-unix)
(deny syscall-unix (with send-signal SIGKILL))
(allow syscall-unix
