- Revision
- 259328
- Author
- [email protected]
- Date
- 2020-03-31 17:45:13 -0700 (Tue, 31 Mar 2020)
Log Message
[macOS] Deny mach-lookup access to "com.apple.lsd.mapdb" in sandbox
https://bugs.webkit.org/show_bug.cgi?id=209814
Reviewed by Darin Adler.
Source/WebKit:
This was done for iOS in <https://trac.webkit.org/changeset/258915>, and in order to be able to do this
on macOS, checking in with Launch Services and updating the process name needs to be done after the
Launch Services database mapping has been done in WebProcess::platformInitializeWebProcess. Also, the
previous call to RegisterApplication has been replaced with a call to launchServicesCheckIn, since
RegisterApplication is an AppKit function, and should be avoided since the WebContent process is not
a NSApplication anymore.
Test: fast/sandbox/mac/sandbox-mach-lookup.html
* Shared/mac/AuxiliaryProcessMac.mm:
(WebKit::AuxiliaryProcess::launchServicesCheckIn):
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
(WebKit::WebProcess::initializeProcessName):
(WebKit::WebProcess::updateProcessName):
(WebKit::WebProcess::platformInitializeProcess):
* WebProcess/com.apple.WebProcess.sb.in:
LayoutTests:
* fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
* fast/sandbox/mac/sandbox-mach-lookup.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (259327 => 259328)
--- trunk/LayoutTests/ChangeLog 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/LayoutTests/ChangeLog 2020-04-01 00:45:13 UTC (rev 259328)
@@ -1,3 +1,13 @@
+2020-03-31 Per Arne Vollan <[email protected]>
+
+ [macOS] Deny mach-lookup access to "com.apple.lsd.mapdb" in sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=209814
+
+ Reviewed by Darin Adler.
+
+ * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+ * fast/sandbox/mac/sandbox-mach-lookup.html:
+
2020-03-31 Ryan Haddad <[email protected]>
[ Catalina ] editing/mac/selection/context-menu-select-editability.html is failing on Catalina
Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (259327 => 259328)
--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2020-04-01 00:45:13 UTC (rev 259328)
@@ -8,4 +8,5 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager.content-filter") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.system.logger") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.lsd.mapdb") is false
Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html (259327 => 259328)
--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html 2020-04-01 00:45:13 UTC (rev 259328)
@@ -11,6 +11,7 @@
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager.content-filter\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.system.logger\")");
+ shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.lsd.mapdb\")");
}
</script>
</head>
Modified: trunk/Source/WebKit/ChangeLog (259327 => 259328)
--- trunk/Source/WebKit/ChangeLog 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/Source/WebKit/ChangeLog 2020-04-01 00:45:13 UTC (rev 259328)
@@ -1,3 +1,30 @@
+2020-03-31 Per Arne Vollan <[email protected]>
+
+ [macOS] Deny mach-lookup access to "com.apple.lsd.mapdb" in sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=209814
+
+ Reviewed by Darin Adler.
+
+ This was done for iOS in <https://trac.webkit.org/changeset/258915>, and in order to be able to do this
+ on macOS, checking in with Launch Services and updating the process name needs to be done after the
+ Launch Services database mapping has been done in WebProcess::platformInitializeWebProcess. Also, the
+ previous call to RegisterApplication has been replaced with a call to launchServicesCheckIn, since
+ RegisterApplication is an AppKit function, and should be avoided since the WebContent process is not
+ a NSApplication anymore.
+
+ Test: fast/sandbox/mac/sandbox-mach-lookup.html
+
+ * Shared/mac/AuxiliaryProcessMac.mm:
+ (WebKit::AuxiliaryProcess::launchServicesCheckIn):
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+ (WebKit::WebProcess::initializeProcessName):
+ (WebKit::WebProcess::updateProcessName):
+ (WebKit::WebProcess::platformInitializeProcess):
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2020-03-31 Don Olmstead <[email protected]>
[PlayStation] Fix build breaks after r259112
Modified: trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm (259327 => 259328)
--- trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2020-04-01 00:45:13 UTC (rev 259328)
@@ -75,6 +75,9 @@
typedef bool (^LSServerConnectionAllowedBlock) ( CFDictionaryRef optionsRef );
extern "C" void _LSSetApplicationLaunchServicesServerConnectionStatus(uint64_t flags, LSServerConnectionAllowedBlock block);
extern "C" CFDictionaryRef _LSApplicationCheckIn(LSSessionID sessionID, CFDictionaryRef applicationInfo);
+#if HAVE(CSCHECKFIXDISABLE)
+extern "C" void _CSCheckFixDisable();
+#endif
namespace WebKit {
using namespace WebCore;
@@ -151,6 +154,11 @@
void AuxiliaryProcess::launchServicesCheckIn()
{
+#if HAVE(CSCHECKFIXDISABLE)
+ // _CSCheckFixDisable() needs to be called before checking in with Launch Services.
+ _CSCheckFixDisable();
+#endif
+
_LSSetApplicationLaunchServicesServerConnectionStatus(0, 0);
RetainPtr<CFDictionaryRef> unused = _LSApplicationCheckIn(kLSDefaultSessionID, CFBundleGetInfoDictionary(CFBundleGetMainBundle()));
}
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (259327 => 259328)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-04-01 00:45:13 UTC (rev 259328)
@@ -406,6 +406,10 @@
parameters.systemHasBattery = systemHasBattery();
parameters.mimeTypesMap = commonMimeTypesMap();
parameters.mapUTIFromMIMEType = createUTIFromMIMETypeMap();
+
+ SandboxExtension::Handle mapDBHandle;
+ SandboxExtension::createHandleForMachLookup("com.apple.lsd.mapdb", WTF::nullopt, mapDBHandle, SandboxExtension::Flags::NoReport);
+ parameters.mapDBExtensionHandle = WTFMove(mapDBHandle);
#endif
#if PLATFORM(IOS)
@@ -426,10 +430,6 @@
if (WebCore::IOSApplication::isMobileSafari())
parameters.vectorOfUTTypeItem = createVectorOfUTTypeItem();
#endif
-
- SandboxExtension::Handle mapDBHandle;
- SandboxExtension::createHandleForMachLookup("com.apple.lsd.mapdb", WTF::nullopt, mapDBHandle, SandboxExtension::Flags::NoReport);
- parameters.mapDBExtensionHandle = WTFMove(mapDBHandle);
#endif
// Allow microphone access if either preference is set because WebRTC requires microphone access.
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (259327 => 259328)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-04-01 00:45:13 UTC (rev 259328)
@@ -134,10 +134,6 @@
#import <os/state_private.h>
#endif
-#if HAVE(CSCHECKFIXDISABLE)
-extern "C" void _CSCheckFixDisable();
-#endif
-
#define RELEASE_LOG_SESSION_ID (m_sessionID ? m_sessionID->toUInt64() : 0)
#define RELEASE_LOG_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
#define RELEASE_LOG_ERROR_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_ERROR_IF(isAlwaysOnLoggingAllowed(), channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
@@ -273,6 +269,7 @@
SandboxExtension::consumePermanently(*parameters.neSessionManagerExtensionHandle);
NetworkExtensionContentFilter::setHasConsumedSandboxExtensions(parameters.neHelperExtensionHandle.hasValue() && parameters.neSessionManagerExtensionHandle.hasValue());
+ // Map Launch Services database.
if (parameters.mapDBExtensionHandle) {
auto extension = SandboxExtension::create(WTFMove(*parameters.mapDBExtensionHandle));
bool ok = extension->consume();
@@ -317,6 +314,8 @@
#endif
WebCore::sleepDisablerClient() = makeUnique<WebSleepDisablerClient>();
+
+ updateProcessName();
}
void WebProcess::platformSetWebsiteDataStoreParameters(WebProcessDataStoreParameters&& parameters)
@@ -335,23 +334,26 @@
}
}
-void WebProcess::initializeProcessName(const AuxiliaryProcessInitializationParameters&)
+void WebProcess::initializeProcessName(const AuxiliaryProcessInitializationParameters& parameters)
{
#if PLATFORM(MAC)
-#if HAVE(CSCHECKFIXDISABLE)
- // _CSCheckFixDisable() needs to be called before checking in with Launch Services.
- _CSCheckFixDisable();
+ m_uiProcessName = parameters.uiProcessName;
+#else
+ UNUSED_PARAM(parameters);
#endif
- // This is necessary so that we are able to set the process' display name.
- _RegisterApplication(nullptr, nullptr);
-
- updateProcessName();
-#endif
}
void WebProcess::updateProcessName()
{
#if PLATFORM(MAC)
+ static std::once_flag onceFlag;
+ std::call_once(
+ onceFlag,
+ [this] {
+ // Checking in with Launch Services is necessary to be able to set the process' display name.
+ launchServicesCheckIn();
+ });
+
NSString *applicationName;
switch (m_processType) {
case ProcessType::Inspector:
@@ -521,8 +523,6 @@
launchServicesCheckIn();
}
#endif // ENABLE(WEBPROCESS_WINDOWSERVER_BLOCKING)
-
- m_uiProcessName = parameters.uiProcessName;
#endif // PLATFORM(MAC)
if (parameters.extraInitializationData.get("inspector-process"_s) == "1")
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (259327 => 259328)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-04-01 00:31:15 UTC (rev 259327)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-04-01 00:45:13 UTC (rev 259328)
@@ -679,10 +679,16 @@
#endif
(global-name "com.apple.PowerManagement.control")
(global-name "com.apple.coreservices.launchservicesd")
- (global-name "com.apple.lsd.mapdb")
(global-name "com.apple.trustd.agent")
)
+(deny mach-lookup
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101600
+ (with telemetry-backtrace)
+#endif
+ (global-name "com.apple.lsd.mapdb")
+)
+
(allow mach-lookup
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
(with telemetry)
