Changeset 196066 in webkit
- Timestamp:
- Feb 3, 2016 8:34:29 AM (8 years ago)
- Location:
- trunk/Source/WebKit2
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r196064 r196066 1 2016-02-03 Daniel Bates <dabates@apple.com> 2 3 REGRESSION (r194660): Legacy WebProcess crashes in ChildProcess::initializeSandbox() 4 https://bugs.webkit.org/show_bug.cgi?id=153734 5 <rdar://problem/24433179> 6 7 Reviewed by Dan Bernstein. 8 9 Fixes an issue where clients that used the legacy WebProcess bootstrapping process would crash. 10 11 Additionally, only consider the extra initialization parameter user-directory-suffix for 12 unsigned apps (e.g. WebKitTestRunner). 13 14 * Shared/mac/ChildProcessMac.mm: 15 (WebKit::ChildProcess::initializeSandbox): 16 1 17 2016-02-03 Csaba Osztrogonác <ossy@webkit.org> 2 18 -
trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm
r195985 r196066 97 97 98 98 if (sandboxParameters.userDirectorySuffix().isNull()) { 99 auto userDirectorySuffix = parameters.extraInitializationData.find("user-directory-suffix"); 100 if (userDirectorySuffix != parameters.extraInitializationData.end()) 101 sandboxParameters.setUserDirectorySuffix([makeString(userDirectorySuffix->value, '/', String([[NSBundle mainBundle] bundleIdentifier])) fileSystemRepresentation]); 102 else { 103 String clientIdentifierToUse; 104 RetainPtr<SecCodeRef> code = findSecCodeForProcess(xpc_connection_get_pid(parameters.connectionIdentifier.xpcConnection.get())); 99 if (const OSObjectPtr<xpc_connection_t>& xpcConnection = parameters.connectionIdentifier.xpcConnection) { 100 pid_t clientProcessID = xpc_connection_get_pid(xpcConnection.get()); 101 RetainPtr<SecCodeRef> code = findSecCodeForProcess(clientProcessID); 105 102 RELEASE_ASSERT(code); 106 103 … … 112 109 status = SecCodeCheckValidity(code.get(), kSecCSDefaultFlags, signingRequirement); 113 110 if (status == errSecSuccess) { 111 String clientIdentifierToUse; 114 112 CFDictionaryRef signingInfo = nullptr; 115 if (!SecCodeCopySigningInformation(code.get(), kSecCSDefaultFlags, &signingInfo)) { 116 if (CFDictionaryRef plist = dynamic_cf_cast<CFDictionaryRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoPList))) 117 clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(plist, kCFBundleIdentifierKey))); 118 else 119 clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoIdentifier))); 120 CFRelease(signingInfo); 121 } 113 status = SecCodeCopySigningInformation(code.get(), kSecCSDefaultFlags, &signingInfo); 114 RELEASE_ASSERT(status == errSecSuccess); 115 if (CFDictionaryRef plist = dynamic_cf_cast<CFDictionaryRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoPList))) 116 clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(plist, kCFBundleIdentifierKey))); 117 else 118 clientIdentifierToUse = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(signingInfo, kSecCodeInfoIdentifier))); 119 CFRelease(signingInfo); 120 RELEASE_ASSERT(!clientIdentifierToUse.isEmpty()); 121 sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', clientIdentifierToUse)); 122 122 } else { 123 123 // Unsigned, signed by a third party, or has an invalid/malformed signature 124 clientIdentifierToUse = parameters.clientIdentifier; 124 auto userDirectorySuffix = parameters.extraInitializationData.find("user-directory-suffix"); 125 if (userDirectorySuffix != parameters.extraInitializationData.end()) 126 sandboxParameters.setUserDirectorySuffix([makeString(userDirectorySuffix->value, '/', String([[NSBundle mainBundle] bundleIdentifier])) fileSystemRepresentation]); 127 sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', parameters.clientIdentifier)); 125 128 } 126 CFRelease(signingRequirement); 127 if (clientIdentifierToUse.isEmpty()) { 128 WTFLogAlways("%s: Couldn't get code signed identifier for client: %d\n", getprogname(), status); 129 exit(EX_NOPERM); 130 } 131 sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', clientIdentifierToUse)); 129 } else { 130 // Legacy client 131 sandboxParameters.setUserDirectorySuffix(makeString(String([[NSBundle mainBundle] bundleIdentifier]), '+', parameters.clientIdentifier)); 132 132 } 133 133 }
Note: See TracChangeset
for help on using the changeset viewer.