Changeset 293509 in webkit

Timestamp:

Apr 27, 2022 8:49:37 AM (2 years ago)

Author:

pvollan@apple.com

Message:

[macOS] The function getpwnam can sometimes fail
​https://bugs.webkit.org/show_bug.cgi?id=239513
<rdar://89758690>

Reviewed by Darin Adler.

The system function getpwnam is caching the results from the first invocation, and will return the cached
values after the first call. It may happen that opendirectoryd will invalidate the cached values by
posting notifications. If that happens, getpwnam will then fail, since there are no cached values and
the WebContent process' sandbox is blocking access to opendirectoryd. This patch addresses this issue
by observing these notifications in the UI process, and recreating the cached values for getpwnam, by
calling the function in the WebContent process while holding a temporary sandbox extenstion to
opendirectoryd.

• GPUProcess/GPUProcess.h:
• GPUProcess/GPUProcess.messages.in:
• GPUProcess/mac/GPUProcessMac.mm:

(WebKit::GPUProcess::openDirectoryCacheInvalidated):

• GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
• Shared/AuxiliaryProcess.h:
• Shared/mac/AuxiliaryProcessMac.mm:

(WebKit::getHomeDirectory):
(WebKit::populateSandboxInitializationParameters):
(WebKit::AuxiliaryProcess::openDirectoryCacheInvalidated):

• UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::registerNotificationObservers):
(WebKit::WebProcessPool::unregisterNotificationObservers):

• UIProcess/WebProcessPool.h:
• WebProcess/WebProcess.h:
• WebProcess/WebProcess.messages.in:
• WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::openDirectoryCacheInvalidated):

• WebProcess/com.apple.WebProcess.sb.in:

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• GPUProcess/GPUProcess.h (modified) (1 diff)
• GPUProcess/GPUProcess.messages.in (modified) (1 diff)
• GPUProcess/mac/GPUProcessMac.mm (modified) (1 diff)
• GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (modified) (1 diff)
• Shared/AuxiliaryProcess.h (modified) (2 diffs)
• Shared/mac/AuxiliaryProcessMac.mm (modified) (3 diffs)
• UIProcess/Cocoa/WebProcessPoolCocoa.mm (modified) (3 diffs)
• UIProcess/WebProcessPool.h (modified) (1 diff)
• WebProcess/WebProcess.h (modified) (2 diffs)
• WebProcess/WebProcess.messages.in (modified) (1 diff)
• WebProcess/cocoa/WebProcessCocoa.mm (modified) (1 diff)
• WebProcess/com.apple.WebProcess.sb.in (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2022-04-27  Per Arne Vollan  <pvollan@apple.com>
+
+        [macOS] The function getpwnam can sometimes fail
+        https://bugs.webkit.org/show_bug.cgi?id=239513
+        <rdar://89758690>
+
+        Reviewed by Darin Adler.
+
+        The system function getpwnam is caching the results from the first invocation, and will return the cached
+        values after the first call. It may happen that opendirectoryd will invalidate the cached values by
+        posting notifications. If that happens, getpwnam will then fail, since there are no cached values and
+        the WebContent process' sandbox is blocking access to opendirectoryd. This patch addresses this issue
+        by observing these notifications in the UI process, and recreating the cached values for getpwnam, by
+        calling the function in the WebContent process while holding a temporary sandbox extenstion to
+        opendirectoryd.
+
+        * GPUProcess/GPUProcess.h:
+        * GPUProcess/GPUProcess.messages.in:
+        * GPUProcess/mac/GPUProcessMac.mm:
+        (WebKit::GPUProcess::openDirectoryCacheInvalidated):
+        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+        * Shared/AuxiliaryProcess.h:
+        * Shared/mac/AuxiliaryProcessMac.mm:
+        (WebKit::getHomeDirectory):
+        (WebKit::populateSandboxInitializationParameters):
+        (WebKit::AuxiliaryProcess::openDirectoryCacheInvalidated):
+        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+        (WebKit::WebProcessPool::registerNotificationObservers):
+        (WebKit::WebProcessPool::unregisterNotificationObservers):
+        * UIProcess/WebProcessPool.h:
+        * WebProcess/WebProcess.h:
+        * WebProcess/WebProcess.messages.in:
+        * WebProcess/cocoa/WebProcessCocoa.mm:
+        (WebKit::WebProcess::openDirectoryCacheInvalidated):
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2022-04-26  Michael Catanzaro  <mcatanzaro@redhat.com>
 

trunk/Source/WebKit/GPUProcess/GPUProcess.h

@@ -203 +203 @@
 #endif
 
+#if PLATFORM(MAC)
+    void openDirectoryCacheInvalidated(SandboxExtension::Handle&&);
+#endif
+
     // Connections to WebProcesses.
     HashMap<WebCore::ProcessIdentifier, Ref<GPUConnectionToWebProcess>> m_webProcessConnections;

trunk/Source/WebKit/GPUProcess/GPUProcess.messages.in

@@ -92 +92 @@
 #endif
 
+#if PLATFORM(MAC)
+    OpenDirectoryCacheInvalidated(WebKit::SandboxExtension::Handle handle)
+#endif
+
     WebProcessConnectionCountForTesting() -> (uint64_t count)
 }

trunk/Source/WebKit/GPUProcess/mac/GPUProcessMac.mm

@@ -98 +98 @@
 #endif
 }
+
+void GPUProcess::openDirectoryCacheInvalidated(SandboxExtension::Handle&& handle)
+{
+    AuxiliaryProcess::openDirectoryCacheInvalidated(WTFMove(handle));
+}
+
 #endif
 

trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in

@@ -877 +877 @@
 #endif
 
+(allow mach-lookup
+    (require-all
+        (extension "com.apple.webkit.extension.mach")
+        (global-name "com.apple.system.opendirectoryd.libinfo")))
+
 (allow mach-lookup (with telemetry)
     (global-name "com.apple.relatived.tempest")

trunk/Source/WebKit/Shared/AuxiliaryProcess.h

@@ -29 +29 @@
 #include "MessageReceiverMap.h"
 #include "MessageSender.h"
+#include "SandboxExtension.h"
 #include <WebCore/ProcessIdentifier.h>
 #include <WebCore/RuntimeApplicationChecks.h>
@@ -146 +147 @@
     void applyProcessCreationParameters(const AuxiliaryProcessCreationParameters&);
 
+#if PLATFORM(MAC)
+    void openDirectoryCacheInvalidated(SandboxExtension::Handle&&);
+#endif
+
 private:
     virtual bool shouldOverrideQuarantine() { return true; }

trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm

@@ -666 +666 @@
 }
 
+static String getHomeDirectory()
+{
+    // According to the man page for getpwuid_r, we should use sysconf(_SC_GETPW_R_SIZE_MAX) to determine the size of the buffer.
+    // However, a buffer size of 4096 should be sufficient, since PATH_MAX is 1024.
+    char buffer[4096];
+    passwd pwd;
+    passwd* result = nullptr;
+    if (getpwuid_r(getuid(), &pwd, buffer, sizeof(buffer), &result) || !result) {
+        WTFLogAlways("%s: Couldn't find home directory", getprogname());
+        RELEASE_ASSERT_NOT_REACHED();
+    }
+    return String::fromUTF8(pwd.pw_dir);
+}
+
 static void populateSandboxInitializationParameters(SandboxInitializationParameters& sandboxParameters)
 {
@@ -691 +705 @@
     sandboxParameters.addConfDirectoryParameter("DARWIN_USER_CACHE_DIR", _CS_DARWIN_USER_CACHE_DIR);
 
-    char buffer[4096];
-    int bufferSize = sizeof(buffer);
-    struct passwd pwd;
-    struct passwd* result = 0;
-    if (getpwuid_r(getuid(), &pwd, buffer, bufferSize, &result) || !result) {
-        WTFLogAlways("%s: Couldn't find home directory\n", getprogname());
-        exit(EX_NOPERM);
-    }
-
-    sandboxParameters.addPathParameter("HOME_DIR", pwd.pw_dir);
-    String path = FileSystem::pathByAppendingComponent(String::fromUTF8(pwd.pw_dir), "Library"_s);
+    auto homeDirectory = getHomeDirectory();
+    
+    sandboxParameters.addPathParameter("HOME_DIR", homeDirectory);
+    String path = FileSystem::pathByAppendingComponent(homeDirectory, "Library"_s);
     sandboxParameters.addPathParameter("HOME_LIBRARY_DIR", FileSystem::fileSystemRepresentation(path).data());
     path = FileSystem::pathByAppendingComponent(path, "/Preferences"_s);
@@ -825 +832 @@
 #endif
 
+void AuxiliaryProcess::openDirectoryCacheInvalidated(SandboxExtension::Handle&& handle)
+{
+    // When Open Directory has invalidated the in-process cache for the results of getpwnam/getpwuid_r,
+    // we need to rebuild the cache by getting the home directory while holding a temporary sandbox
+    // extension to the associated Open Directory service.
+
+    auto sandboxExtension = SandboxExtension::create(WTFMove(handle));
+    if (!sandboxExtension)
+        return;
+
+    sandboxExtension->consume();
+
+    getHomeDirectory();
+
+    sandboxExtension->revoke();
+}
+
 } // namespace WebKit
 

trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm

@@ -89 +89 @@
 #import "WebInspectorPreferenceObserver.h"
 #import <QuartzCore/CARemoteLayerServer.h>
+#import <notify.h>
+#import <notify_keys.h>
 #import <pal/spi/mac/NSApplicationSPI.h>
 #else
@@ -708 +710 @@
     
     addCFNotificationObserver(colorPreferencesDidChangeCallback, AppleColorPreferencesChangedNotification, CFNotificationCenterGetDistributedCenter());
+
+    const char* messages[] = { kNotifyDSCacheInvalidation, kNotifyDSCacheInvalidationGroup, kNotifyDSCacheInvalidationHost, kNotifyDSCacheInvalidationService, kNotifyDSCacheInvalidationUser };
+    m_openDirectoryNotifyTokens.reserveInitialCapacity(std::size(messages));
+    for (auto* message : messages) {
+        int notifyToken;
+        notify_register_dispatch(message, &notifyToken, dispatch_get_main_queue(), ^(int token) {
+            RELEASE_LOG(Notifications, "OpenDirectory invalidated cache");
+            auto handle = SandboxExtension::createHandleForMachLookup("com.apple.system.opendirectoryd.libinfo"_s, std::nullopt);
+            if (!handle)
+                return;
+#if ENABLE(GPU_PROCESS)
+            if (auto* gpuProcess = GPUProcessProxy::singletonIfCreated())
+                gpuProcess->send(Messages::GPUProcess::OpenDirectoryCacheInvalidated(*handle), 0);
+#endif
+            sendToAllProcesses(Messages::WebProcess::OpenDirectoryCacheInvalidated(*handle));
+        });
+        m_openDirectoryNotifyTokens.append(notifyToken);
+    }
 #elif !PLATFORM(MACCATALYST)
     addCFNotificationObserver(backlightLevelDidChangeCallback, (__bridge CFStringRef)UIBacklightLevelChangedNotification);
@@ -771 +791 @@
     [[NSNotificationCenter defaultCenter] removeObserver:m_deactivationObserver.get()];
     removeCFNotificationObserver(AppleColorPreferencesChangedNotification, CFNotificationCenterGetDistributedCenter());
+    for (auto token : m_openDirectoryNotifyTokens)
+        notify_cancel(token);
 #elif !PLATFORM(MACCATALYST)
     removeCFNotificationObserver((__bridge CFStringRef)UIBacklightLevelChangedNotification);

trunk/Source/WebKit/UIProcess/WebProcessPool.h

@@ -811 +811 @@
     std::unique_ptr<WebCore::PowerObserver> m_powerObserver;
     std::unique_ptr<PAL::SystemSleepListener> m_systemSleepListener;
+    Vector<int> m_openDirectoryNotifyTokens;
 #endif
 #if ENABLE(IPC_TESTING_API)

trunk/Source/WebKit/WebProcess/WebProcess.h

@@ -30 +30 @@
 #include "CacheModel.h"
 #include "IdentifierTypes.h"
-#include "SandboxExtension.h"
 #include "StorageAreaMapIdentifier.h"
 #include "TextCheckerState.h"
@@ -354 +353 @@
 #endif
 
+#if PLATFORM(MAC)
+    void openDirectoryCacheInvalidated(SandboxExtension::Handle&&);
+#endif
+
     bool areAllPagesThrottleable() const;
 

trunk/Source/WebKit/WebProcess/WebProcess.messages.in

@@ -202 +202 @@
     SetMediaAccessibilityPreferences(WebCore::CaptionUserPreferences::CaptionDisplayMode displayMode, Vector<String> languages)
 #endif
+
+#if PLATFORM(MAC)
+    OpenDirectoryCacheInvalidated(WebKit::SandboxExtension::Handle handle)
+#endif
 }

trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

@@ -1291 +1291 @@
 }
 
+#if PLATFORM(MAC)
+void WebProcess::openDirectoryCacheInvalidated(SandboxExtension::Handle&& handle)
+{
+    AuxiliaryProcess::openDirectoryCacheInvalidated(WTFMove(handle));
+}
+#endif
+
 } // namespace WebKit
 

trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

@@ -1467 +1467 @@
        (global-name "com.apple.system.opendirectoryd.membership"))
 )
+(allow mach-lookup
+    (require-all
+        (extension "com.apple.webkit.extension.mach")
+        (global-name "com.apple.system.opendirectoryd.libinfo")))
 #else
 (allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.