Skip to site navigation (Press enter)

[webkit-changes] [277104] trunk/Source

pvollan Thu, 06 May 2021 11:40:57 -0700

Title: [277104] trunk/Source

Revision: 277104
Author: [email protected]
Date: 2021-05-06 11:40:03 -0700 (Thu, 06 May 2021)

Log Message

Add sandbox extension flag to specify that path contains no symlinks
https://bugs.webkit.org/show_bug.cgi?id=219428
<rdar://problem/66551986>


Reviewed by Brent Fulgham.

Source/WebKit:

In general, when SandboxExtension::createHandleWithoutResolvingPath is called, it is assumed that there are no symlinks
in the provided path. Add a 'canonical' flag, which can be used by platform APIs to verify that this is the case. This
patch also stops resolving symlinks with [NSString stringByResolvingSymlinksInPath] in favor of realpath, since realpath
correcly replaces /var with /private/var, which [NSString stringByResolvingSymlinksInPath] does not.

* Shared/Cocoa/SandboxExtensionCocoa.mm:
(WebKit::SandboxExtensionImpl::sandboxExtensionForType):
(WebKit::stringByResolvingSymlinksInPath):
(WebKit::SandboxExtension::createHandleWithoutResolvingPath):
* Shared/SandboxExtension.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::webProcessDataStoreParameters):

Source/WTF:

Declare canonical sandbox flag.

* wtf/spi/darwin/SandboxSPI.h:

Modified Paths

trunk/Source/WTF/ChangeLog
trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h
trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
trunk/Source/WebKit/Shared/SandboxExtension.h
trunk/Source/WebKit/UIProcess/WebProcessPool.cpp

Diff

Modified: trunk/Source/WTF/ChangeLog (277103 => 277104)


--- trunk/Source/WTF/ChangeLog	2021-05-06 18:34:11 UTC (rev 277103)
+++ trunk/Source/WTF/ChangeLog	2021-05-06 18:40:03 UTC (rev 277104)
@@ -1,3 +1,15 @@
+2021-05-06  Per Arne Vollan  <[email protected]>
+
+        Add sandbox extension flag to specify that path contains no symlinks
+        https://bugs.webkit.org/show_bug.cgi?id=219428
+        <rdar://problem/66551986>
+
+        Reviewed by Brent Fulgham.
+
+        Declare canonical sandbox flag.
+
+        * wtf/spi/darwin/SandboxSPI.h:
+
 2021-05-06  Dean Jackson  <[email protected]>
 
         [WebXR] Add IOSurface to FrameData::LayerData

Modified: trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h (277103 => 277104)


--- trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h	2021-05-06 18:34:11 UTC (rev 277103)
+++ trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h	2021-05-06 18:40:03 UTC (rev 277104)
@@ -61,6 +61,7 @@
 extern const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT;
 
 extern const uint32_t SANDBOX_EXTENSION_NO_REPORT;
+extern const uint32_t SANDBOX_EXTENSION_CANONICAL;
 
 char *sandbox_extension_issue_file(const char *extension_class, const char *path, uint32_t flags);
 char *sandbox_extension_issue_generic(const char *extension_class, uint32_t flags);

Modified: trunk/Source/WebKit/ChangeLog (277103 => 277104)


--- trunk/Source/WebKit/ChangeLog	2021-05-06 18:34:11 UTC (rev 277103)
+++ trunk/Source/WebKit/ChangeLog	2021-05-06 18:40:03 UTC (rev 277104)
@@ -1,3 +1,24 @@
+2021-05-06  Per Arne Vollan  <[email protected]>
+
+        Add sandbox extension flag to specify that path contains no symlinks
+        https://bugs.webkit.org/show_bug.cgi?id=219428
+        <rdar://problem/66551986>
+
+        Reviewed by Brent Fulgham.
+
+        In general, when SandboxExtension::createHandleWithoutResolvingPath is called, it is assumed that there are no symlinks
+        in the provided path. Add a 'canonical' flag, which can be used by platform APIs to verify that this is the case. This
+        patch also stops resolving symlinks with [NSString stringByResolvingSymlinksInPath] in favor of realpath, since realpath
+        correcly replaces /var with /private/var, which [NSString stringByResolvingSymlinksInPath] does not.
+       
+        * Shared/Cocoa/SandboxExtensionCocoa.mm:
+        (WebKit::SandboxExtensionImpl::sandboxExtensionForType):
+        (WebKit::stringByResolvingSymlinksInPath):
+        (WebKit::SandboxExtension::createHandleWithoutResolvingPath):
+        * Shared/SandboxExtension.h:
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::webProcessDataStoreParameters):
+
 2021-05-06  Wenson Hsieh  <[email protected]>
 
         [iOS] UI process hangs when showing a modal _javascript_ dialog while focusing an input field

Modified: trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm (277103 => 277104)


--- trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm	2021-05-06 18:34:11 UTC (rev 277103)
+++ trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm	2021-05-06 18:40:03 UTC (rev 277104)
@@ -94,6 +94,8 @@
         uint32_t extensionFlags = 0;
         if (flags & SandboxExtension::Flags::NoReport)
             extensionFlags |= SANDBOX_EXTENSION_NO_REPORT;
+        if (flags & SandboxExtension::Flags::DoNotCanonicalize)
+            extensionFlags |= SANDBOX_EXTENSION_CANONICAL;
 
         switch (type) {
         case SandboxExtension::Type::ReadOnly:
@@ -245,7 +247,9 @@
 
 String stringByResolvingSymlinksInPath(const String& path)
 {
-    return [(NSString *)path stringByResolvingSymlinksInPath];
+    char resolvedPath[PATH_MAX] = { 0 };
+    realpath(path.utf8().data(), resolvedPath);
+    return String::fromUTF8(resolvedPath);
 }
 
 String resolveAndCreateReadWriteDirectoryForSandboxExtension(const String& path)
@@ -276,7 +280,7 @@
 {
     ASSERT(!handle.m_sandboxExtension);
 
-    handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), type);
+    handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), type, WTF::nullopt, SandboxExtension::Flags::DoNotCanonicalize);
     if (!handle.m_sandboxExtension) {
         LOG_ERROR("Could not create a sandbox extension for '%s'", path.utf8().data());
         return false;

Modified: trunk/Source/WebKit/Shared/SandboxExtension.h (277103 => 277104)


--- trunk/Source/WebKit/Shared/SandboxExtension.h	2021-05-06 18:34:11 UTC (rev 277103)
+++ trunk/Source/WebKit/Shared/SandboxExtension.h	2021-05-06 18:40:03 UTC (rev 277104)
@@ -56,7 +56,8 @@
 
     enum class Flags : uint8_t {
         Default,
-        NoReport
+        NoReport,
+        DoNotCanonicalize,
     };
     
     class Handle {

Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.cpp (277103 => 277104)


--- trunk/Source/WebKit/UIProcess/WebProcessPool.cpp	2021-05-06 18:34:11 UTC (rev 277103)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.cpp	2021-05-06 18:40:03 UTC (rev 277104)
@@ -748,7 +748,7 @@
 
     String _javascript_ConfigurationDirectory;
     if (!m_javaScriptConfigurationDirectory.isEmpty())
-        _javascript_ConfigurationDirectory = m_javaScriptConfigurationDirectory;
+        _javascript_ConfigurationDirectory = resolvePathForSandboxExtension(m_javaScriptConfigurationDirectory);
     else if (_javascript_ConfigurationFileEnabled())
         _javascript_ConfigurationDirectory = websiteDataStore.resolvedJavaScriptConfigurationDirectory();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes