- Revision
- 259700
- Author
- [email protected]
- Date
- 2020-04-07 19:38:42 -0700 (Tue, 07 Apr 2020)
Log Message
[iOS] Deny mach lookup access to the runningboard service in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=209933
Reviewed by Chris Dumez.
Source/WebKit:
Creating the dependency process assertion in the WebContent process requires access to runningboard, but since
this is only done on process startup, we can issue a temporary extension to the runningboard service, which
will be immediately revoked after the process assertion has been created.
Test: fast/sandbox/ios/sandbox-mach-lookup.html
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):
* Shared/WebProcessCreationParameters.h:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeConnection):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
LayoutTests:
* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (259699 => 259700)
--- trunk/LayoutTests/ChangeLog 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/LayoutTests/ChangeLog 2020-04-08 02:38:42 UTC (rev 259700)
@@ -1,3 +1,13 @@
+2020-04-07 Per Arne Vollan <[email protected]>
+
+ [iOS] Deny mach lookup access to the runningboard service in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=209933
+
+ Reviewed by Chris Dumez.
+
+ * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+ * fast/sandbox/ios/sandbox-mach-lookup.html:
+
2020-04-07 Chris Fleizach <[email protected]>
AX: VoiceOver can't activate combobox when textfield is inside it
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (259699 => 259700)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt 2020-04-08 02:38:42 UTC (rev 259700)
@@ -27,3 +27,4 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.lsd.mapdb") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.frontboard.systemappservices") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.runningboard") is false
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (259699 => 259700)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html 2020-04-08 02:38:42 UTC (rev 259700)
@@ -30,6 +30,7 @@
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.lsd.mapdb\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.frontboard.systemappservices\")");
+ shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.runningboard\")");
}
</script>
</head>
Modified: trunk/Source/WebKit/ChangeLog (259699 => 259700)
--- trunk/Source/WebKit/ChangeLog 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/Source/WebKit/ChangeLog 2020-04-08 02:38:42 UTC (rev 259700)
@@ -1,3 +1,28 @@
+2020-04-07 Per Arne Vollan <[email protected]>
+
+ [iOS] Deny mach lookup access to the runningboard service in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=209933
+
+ Reviewed by Chris Dumez.
+
+ Creating the dependency process assertion in the WebContent process requires access to runningboard, but since
+ this is only done on process startup, we can issue a temporary extension to the runningboard service, which
+ will be immediately revoked after the process assertion has been created.
+
+ Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode const):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::initializeConnection):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+
2020-04-07 John Wilander <[email protected]>
ITP Debug Mode logs should be more generic now that it blocks all third-party cookies by default
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (259699 => 259700)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-04-08 02:38:42 UTC (rev 259700)
@@ -554,8 +554,8 @@
(deny ipc-posix-sem-create ipc-posix-sem-post ipc-posix-sem-unlink ipc-posix-sem-wait)
(allow ipc-posix-sem-open))
-(allow mach-lookup (with telemetry)
- (global-name "com.apple.runningboard") ;; Needed by process assertion code (ProcessTaskStateObserver).
+(deny mach-lookup (with telemetry-backtrace)
+ (global-name "com.apple.runningboard")
)
(allow system-sched
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (259699 => 259700)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2020-04-08 02:38:42 UTC (rev 259700)
@@ -163,6 +163,7 @@
#if PLATFORM(IOS_FAMILY)
encoder << diagnosticsExtensionHandle;
+ encoder << runningboardExtensionHandle;
encoder << dynamicMachExtensionHandles;
#endif
@@ -437,6 +438,12 @@
return false;
parameters.diagnosticsExtensionHandle = WTFMove(*diagnosticsExtensionHandle);
+ Optional<Optional<SandboxExtension::Handle>> runningboardExtensionHandle;
+ decoder >> runningboardExtensionHandle;
+ if (!runningboardExtensionHandle)
+ return false;
+ parameters.runningboardExtensionHandle = WTFMove(*runningboardExtensionHandle);
+
Optional<SandboxExtension::HandleArray> dynamicMachExtensionHandles;
decoder >> dynamicMachExtensionHandles;
if (!dynamicMachExtensionHandles)
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (259699 => 259700)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2020-04-08 02:38:42 UTC (rev 259700)
@@ -204,6 +204,7 @@
#if PLATFORM(IOS_FAMILY)
Optional<SandboxExtension::Handle> diagnosticsExtensionHandle;
+ Optional<SandboxExtension::Handle> runningboardExtensionHandle;
SandboxExtension::HandleArray dynamicMachExtensionHandles;
#endif
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (259699 => 259700)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2020-04-08 02:38:42 UTC (rev 259700)
@@ -388,6 +388,10 @@
SandboxExtension::createHandleForMachLookup("com.apple.diagnosticd", WTF::nullopt, diagnosticsExtensionHandle, SandboxExtension::Flags::NoReport);
parameters.diagnosticsExtensionHandle = WTFMove(diagnosticsExtensionHandle);
}
+
+ SandboxExtension::Handle runningboardExtensionHandle;
+ SandboxExtension::createHandleForMachLookup("com.apple.runningboard", WTF::nullopt, runningboardExtensionHandle, SandboxExtension::Flags::NoReport);
+ parameters.runningboardExtensionHandle = WTFMove(runningboardExtensionHandle);
#endif
#if PLATFORM(COCOA)
Modified: trunk/Source/WebKit/WebProcess/WebProcess.cpp (259699 => 259700)
--- trunk/Source/WebKit/WebProcess/WebProcess.cpp 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/Source/WebKit/WebProcess/WebProcess.cpp 2020-04-08 02:38:42 UTC (rev 259700)
@@ -296,12 +296,6 @@
m_eventDispatcher->initializeConnection(connection);
#if PLATFORM(IOS_FAMILY)
m_viewUpdateDispatcher->initializeConnection(connection);
-
- ASSERT(!m_uiProcessDependencyProcessAssertion);
- if (auto remoteProcessID = connection->remoteProcessID())
- m_uiProcessDependencyProcessAssertion = makeUnique<ProcessAssertion>(remoteProcessID, "WebContent process dependency on UIProcess"_s, ProcessAssertionType::DependentProcessLink);
- else
- RELEASE_LOG_ERROR_IF_ALLOWED(ProcessSuspension, "Unable to create a process dependency assertion on UIProcess because remoteProcessID is 0");
#endif // PLATFORM(IOS_FAMILY)
m_webInspectorInterruptDispatcher->initializeConnection(connection);
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (259699 => 259700)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-04-08 01:38:41 UTC (rev 259699)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-04-08 02:38:42 UTC (rev 259700)
@@ -176,6 +176,22 @@
ASSERT_UNUSED(ok, ok);
}
+
+#if PLATFORM(IOS_FAMILY)
+ auto extension = SandboxExtension::create(WTFMove(*parameters.runningboardExtensionHandle));
+ bool consumed = extension->consume();
+ ASSERT_UNUSED(consumed, consumed);
+
+ ASSERT(!m_uiProcessDependencyProcessAssertion);
+ if (auto remoteProcessID = parentProcessConnection()->remoteProcessID())
+ m_uiProcessDependencyProcessAssertion = makeUnique<ProcessAssertion>(remoteProcessID, "WebContent process dependency on UIProcess"_s, ProcessAssertionType::DependentProcessLink);
+ else
+ RELEASE_LOG_ERROR_IF_ALLOWED(ProcessSuspension, "Unable to create a process dependency assertion on UIProcess because remoteProcessID is 0");
+
+ bool revoked = extension->revoke();
+ ASSERT_UNUSED(revoked, revoked);
+#endif
+
#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
WebCore::initializeLogChannelsIfNecessary(parameters.webCoreLoggingChannels);
WebKit::initializeLogChannelsIfNecessary(parameters.webKitLoggingChannels);
