Changeset 196066 in webkit


Ignore:
Timestamp:
Feb 3, 2016 8:34:29 AM (8 years ago)
Author:
dbates@webkit.org
Message:

REGRESSION (r194660): Legacy WebProcess crashes in ChildProcess::initializeSandbox()
https://bugs.webkit.org/show_bug.cgi?id=153734
<rdar://problem/24433179>

Reviewed by Dan Bernstein.

Fixes an issue where clients that used the legacy WebProcess bootstrapping process would crash.

Additionally, only consider the extra initialization parameter user-directory-suffix for
unsigned apps (e.g. WebKitTestRunner).

  • Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::initializeSandbox):

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit2/ChangeLog

    r196064 r196066  
     12016-02-03  Daniel Bates  <dabates@apple.com>
     2
     3        REGRESSION (r194660): Legacy WebProcess crashes in ChildProcess::initializeSandbox()
     4        https://bugs.webkit.org/show_bug.cgi?id=153734
     5        <rdar://problem/24433179>
     6
     7        Reviewed by Dan Bernstein.
     8
     9        Fixes an issue where clients that used the legacy WebProcess bootstrapping process would crash.
     10
     11        Additionally, only consider the extra initialization parameter user-directory-suffix for
     12        unsigned apps (e.g. WebKitTestRunner).
     13
     14        * Shared/mac/ChildProcessMac.mm:
     15        (WebKit::ChildProcess::initializeSandbox):
     16
    1172016-02-03  Csaba Osztrogonác  <ossy@webkit.org>
    218
  • trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm

    r195985 r196066  
    9797
    9898    if (sandboxParameters.userDirectorySuffix().isNull()) {
    99         auto userDirectorySuffix = parameters.extraInitializationData.find("user-directory-suffix");
    100         if (userDirectorySuffix != parameters.extraInitializationData.end())
    101             sandboxParameters.setUserDirectorySuffix([makeString(userDirectorySuffix->value, '/', String([[NSBundle mainBundle] bundleIdentifier])) fileSystemRepresentation]);
    102         else {
    103             String clientIdentifierToUse;
    104             RetainPtr<SecCodeRef> code = findSecCodeForProcess(xpc_connection_get_pid(parameters.connectionIdentifier.xpcConnection.get()));
     99        if (const OSObjectPtr<xpc_connection_t>& xpcConnection = parameters.connectionIdentifier.xpcConnection) {
     100            pid_t clientProcessID = xpc_connection_get_pid(xpcConnection.get());
     101            RetainPtr<SecCodeRef> code = findSecCodeForProcess(clientProcessID);
    105102            RELEASE_ASSERT(code);
    106103
     
    112109            status = SecCodeCheckValidity(code.get(), kSecCSDefaultFlags, signingRequirement);
    113110            if (status == errSecSuccess) {
     111                String clientIdentifierToUse;
    114112                CFDictionaryRef signingInfo = nullptr;
    115                 if (!SecCodeCopySigningInformation(code.get(), kSecCSDefaultFlags, &signingInfo)) {
    116                     if (CFDictionaryRef plist = dynamic_cf_cast<CFDictionaryRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoPList)))
    117                         clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(plist, kCFBundleIdentifierKey)));
    118                     else
    119                         clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoIdentifier)));
    120                     CFRelease(signingInfo);
    121                 }
     113                status = SecCodeCopySigningInformation(code.get(), kSecCSDefaultFlags, &signingInfo);
     114                RELEASE_ASSERT(status == errSecSuccess);
     115                if (CFDictionaryRef plist = dynamic_cf_cast<CFDictionaryRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoPList)))
     116                    clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(plist, kCFBundleIdentifierKey)));
     117                else
     118                    clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoIdentifier)));
     119                CFRelease(signingInfo);
     120                RELEASE_ASSERT(!clientIdentifierToUse.isEmpty());
     121                sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', clientIdentifierToUse));
    122122            } else {
    123123                // Unsigned, signed by a third party, or has an invalid/malformed signature
    124                 clientIdentifierToUse = parameters.clientIdentifier;
     124                auto userDirectorySuffix = parameters.extraInitializationData.find("user-directory-suffix");
     125                if (userDirectorySuffix != parameters.extraInitializationData.end())
     126                    sandboxParameters.setUserDirectorySuffix([makeString(userDirectorySuffix->value, '/', String([[NSBundle mainBundle] bundleIdentifier])) fileSystemRepresentation]);
     127                sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', parameters.clientIdentifier));
    125128            }
    126             CFRelease(signingRequirement);
    127             if (clientIdentifierToUse.isEmpty()) {
    128                 WTFLogAlways("%s: Couldn't get code signed identifier for client: %d\n", getprogname(), status);
    129                 exit(EX_NOPERM);
    130             }
    131             sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', clientIdentifierToUse));
     129        } else {
     130            // Legacy client
     131            sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', parameters.clientIdentifier));
    132132        }
    133133    }
Note: See TracChangeset for help on using the changeset viewer.