[webkit-changes] [255874] trunk/Source

[pvollan]

Title: [255874] trunk/Source

Revision

255874

Author

pvol...@apple.com

Date

2020-02-05 16:06:20 -0800 (Wed, 05 Feb 2020)

Log Message

[iOS] Do not create sandbox reports when the UI process cannot issue extensions to diagnostics service
https://bugs.webkit.org/show_bug.cgi?id=207279
<rdar://problem/59030957>
Source/WebKit:

Reviewed by Brent Fulgham.

Do not create sandbox reports when the UI process cannot issue mach extensions to the diagnostics service.
The majority of clients are capable of doing this.

No new tests, since it is not trivial to test if no sandbox reports are generated for a violation.

* Shared/Cocoa/SandboxExtensionCocoa.mm:
(WebKit::SandboxExtensionImpl::create):
(WebKit::SandboxExtensionImpl::sandboxExtensionForType):
(WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
(WebKit::SandboxExtension::createHandleForMachLookup):
* Shared/SandboxExtension.h:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):

Source/WTF:

Reviewed by Brent Fulgham.

Add flag which avoids generating sandbox reports.

* wtf/spi/darwin/SandboxSPI.h:

Modified Paths

• trunk/Source/WTF/ChangeLog
• trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
• trunk/Source/WebKit/Shared/SandboxExtension.h
• trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm

Diff

Modified: trunk/Source/WTF/ChangeLog (255873 => 255874)

--- trunk/Source/WTF/ChangeLog	2020-02-05 23:57:44 UTC (rev 255873)
+++ trunk/Source/WTF/ChangeLog	2020-02-06 00:06:20 UTC (rev 255874)
@@ -1,3 +1,15 @@
+2020-02-05  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Do not create sandbox reports when the UI process cannot issue extensions to diagnostics service
+        https://bugs.webkit.org/show_bug.cgi?id=207279
+        <rdar://problem/59030957>
+
+        Reviewed by Brent Fulgham.
+
+        Add flag which avoids generating sandbox reports.
+
+        * wtf/spi/darwin/SandboxSPI.h:
+
 2020-02-05  Alex Christensen  <achristen...@webkit.org>
 
         Make WKWebView._negotiatedLegacyTLS accurate when loading main resouorce from network or cache

Modified: trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h (255873 => 255874)

--- trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h	2020-02-05 23:57:44 UTC (rev 255873)
+++ trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h	2020-02-06 00:06:20 UTC (rev 255874)
@@ -59,6 +59,8 @@
 extern const char *const APP_SANDBOX_READ_WRITE;
 extern const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT;
 
+extern const uint32_t SANDBOX_EXTENSION_NO_REPORT;
+
 char *sandbox_extension_issue_file(const char *extension_class, const char *path, uint32_t flags);
 char *sandbox_extension_issue_generic(const char *extension_class, uint32_t flags);
 #if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)

Modified: trunk/Source/WebKit/ChangeLog (255873 => 255874)

--- trunk/Source/WebKit/ChangeLog	2020-02-05 23:57:44 UTC (rev 255873)
+++ trunk/Source/WebKit/ChangeLog	2020-02-06 00:06:20 UTC (rev 255874)
@@ -1,3 +1,25 @@
+2020-02-05  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Do not create sandbox reports when the UI process cannot issue extensions to diagnostics service
+        https://bugs.webkit.org/show_bug.cgi?id=207279
+        <rdar://problem/59030957>
+        
+        Reviewed by Brent Fulgham.
+
+        Do not create sandbox reports when the UI process cannot issue mach extensions to the diagnostics service.
+        The majority of clients are capable of doing this.
+
+        No new tests, since it is not trivial to test if no sandbox reports are generated for a violation.
+
+        * Shared/Cocoa/SandboxExtensionCocoa.mm:
+        (WebKit::SandboxExtensionImpl::create):
+        (WebKit::SandboxExtensionImpl::sandboxExtensionForType):
+        (WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
+        (WebKit::SandboxExtension::createHandleForMachLookup):
+        * Shared/SandboxExtension.h:
+        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+        (WebKit::WebProcessPool::platformInitializeWebProcess):
+
 2020-02-05  Chris Dumez  <cdu...@apple.com>
 
         [IPC hardening] Protect against bad identifier in CacheStorageEngineConnection::reference() / dereference()

Modified: trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm (255873 => 255874)

--- trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm	2020-02-05 23:57:44 UTC (rev 255873)
+++ trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm	2020-02-06 00:06:20 UTC (rev 255874)
@@ -40,9 +40,9 @@
 class SandboxExtensionImpl {
     WTF_MAKE_FAST_ALLOCATED;
 public:
-    static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken = WTF::nullopt)
+    static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken = WTF::nullopt, OptionSet<SandboxExtension::Flags> flags = SandboxExtension::Flags::Default)
     {
-        std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, auditToken) };
+        std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, auditToken, flags) };
         if (!impl->m_token)
             return nullptr;
         return impl;
@@ -84,18 +84,22 @@
     }
 
 private:
-    char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken)
+    char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken, OptionSet<SandboxExtension::Flags> flags)
     {
+        uint32_t extensionFlags = 0;
+        if (flags & SandboxExtension::Flags::NoReport)
+            extensionFlags |= SANDBOX_EXTENSION_NO_REPORT;
+
         switch (type) {
         case SandboxExtension::Type::ReadOnly:
-            return sandbox_extension_issue_file(APP_SANDBOX_READ, path, 0);
+            return sandbox_extension_issue_file(APP_SANDBOX_READ, path, extensionFlags);
         case SandboxExtension::Type::ReadWrite:
-            return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0);
+            return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, extensionFlags);
         case SandboxExtension::Type::Mach:
             if (!auditToken)
-                return sandbox_extension_issue_mach("com.apple.webkit.extension.mach"_s, path, 0);
+                return sandbox_extension_issue_mach("com.apple.webkit.extension.mach"_s, path, extensionFlags);
 #if HAVE(SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)
-            return sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach"_s, path, 0, *auditToken);
+            return sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach"_s, path, extensionFlags, *auditToken);
 #else
             UNUSED_PARAM(auditToken);
             ASSERT_NOT_REACHED();
@@ -102,12 +106,12 @@
             return nullptr;
 #endif
         case SandboxExtension::Type::Generic:
-            return sandbox_extension_issue_generic(path, 0);
+            return sandbox_extension_issue_generic(path, extensionFlags);
         case SandboxExtension::Type::ReadByProcess:
 #if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)
             if (!auditToken)
                 return nullptr;
-            return sandbox_extension_issue_file_to_process(APP_SANDBOX_READ, path, 0, *auditToken);
+            return sandbox_extension_issue_file_to_process(APP_SANDBOX_READ, path, extensionFlags, *auditToken);
 #else
             UNUSED_PARAM(auditToken);
             ASSERT_NOT_REACHED();
@@ -116,8 +120,8 @@
         }
     }
 
-    SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken)
-        : m_token { sandboxExtensionForType(path, type, auditToken) }
+    SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken, OptionSet<SandboxExtension::Flags> flags)
+        : m_token { sandboxExtensionForType(path, type, auditToken, flags) }
     {
     }
 
@@ -336,11 +340,11 @@
     return true;
 }
 
-bool SandboxExtension::createHandleForMachLookup(const String& service, Optional<audit_token_t> auditToken, Handle& handle)
+bool SandboxExtension::createHandleForMachLookup(const String& service, Optional<audit_token_t> auditToken, Handle& handle, OptionSet<Flags> flags)
 {
     ASSERT(!handle.m_sandboxExtension);
     
-    handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, auditToken);
+    handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, auditToken, flags);
     if (!handle.m_sandboxExtension) {
         WTFLogAlways("Could not create a '%s' sandbox extension", service.utf8().data());
         return false;

Modified: trunk/Source/WebKit/Shared/SandboxExtension.h (255873 => 255874)

--- trunk/Source/WebKit/Shared/SandboxExtension.h	2020-02-05 23:57:44 UTC (rev 255873)
+++ trunk/Source/WebKit/Shared/SandboxExtension.h	2020-02-06 00:06:20 UTC (rev 255874)
@@ -27,6 +27,7 @@
 
 #include <wtf/Forward.h>
 #include <wtf/Noncopyable.h>
+#include <wtf/OptionSet.h>
 #include <wtf/ProcessID.h>
 #include <wtf/RefCounted.h>
 #include <wtf/RefPtr.h>
@@ -52,6 +53,11 @@
         ReadByProcess
     };
 
+    enum class Flags : uint8_t {
+        Default,
+        NoReport
+    };
+    
     class Handle {
         WTF_MAKE_NONCOPYABLE(Handle);
     public:
@@ -105,7 +111,7 @@
     static String createHandleForTemporaryFile(const String& prefix, Type, Handle&);
     static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
 #if HAVE(AUDIT_TOKEN)
-    static bool createHandleForMachLookup(const String& service, Optional<audit_token_t>, Handle&);
+    static bool createHandleForMachLookup(const String& service, Optional<audit_token_t>, Handle&, OptionSet<Flags> = Flags::Default);
     static bool createHandleForReadByAuditToken(const String& path, audit_token_t, Handle&);
 #endif
     ~SandboxExtension();

Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (255873 => 255874)

--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-02-05 23:57:44 UTC (rev 255873)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-02-06 00:06:20 UTC (rev 255874)
@@ -50,6 +50,7 @@
 #import <WebCore/MIMETypeRegistry.h>
 #import <WebCore/NetworkStorageSession.h>
 #import <WebCore/NotImplemented.h>
+#import <WebCore/PictureInPictureSupport.h>
 #import <WebCore/PlatformPasteboard.h>
 #import <WebCore/RuntimeApplicationChecks.h>
 #import <WebCore/SharedBuffer.h>
@@ -60,6 +61,7 @@
 #import <wtf/ProcessPrivilege.h>
 #import <wtf/SoftLinking.h>
 #import <wtf/cocoa/Entitlements.h>
+#import <wtf/spi/darwin/SandboxSPI.h>
 #import <wtf/spi/darwin/dyldSPI.h>
 
 #if PLATFORM(MAC)
@@ -327,7 +329,7 @@
     
     if (isInternalInstall()) {
         SandboxExtension::Handle diagnosticsExtensionHandle;
-        SandboxExtension::createHandleForMachLookup("com.apple.diagnosticd", WTF::nullopt, diagnosticsExtensionHandle);
+        SandboxExtension::createHandleForMachLookup("com.apple.diagnosticd", WTF::nullopt, diagnosticsExtensionHandle, SandboxExtension::Flags::NoReport);
         parameters.diagnosticsExtensionHandle = WTFMove(diagnosticsExtensionHandle);
     }
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes