Changeset 199401 in webkit

Timestamp:

Apr 12, 2016 7:29:23 PM (8 years ago)

Author:

dbates@webkit.org

Message:

REGRESSION (r198933): Unable to login to Google account from Internet Accounts preference pane
​https://bugs.webkit.org/show_bug.cgi?id=156447
<rdar://problem/25628133>

Reviewed by Darin Adler.

Reverts the workaround landed in r199301 and teaches ProcessLauncherMac to use the code
signing identifier of the UI process as the client-identifier if it is signed. Otherwise,
we fall back to using the main bundle identifier or _NSGetProgname() depending on whether
the UI process has an associated app bundle.

• PlatformMac.cmake: Add file Shared/mac/CodeSigning.mm.
• Shared/mac/ChildProcessMac.mm:

(WebKit::ChildProcess::initializeSandbox):
(WebKit::codeSigningIdentifierForProcess): Deleted; moved from here to file Shared/mac/CodeSigning.mm.

• Shared/mac/CodeSigning.h: Added.
• Shared/mac/CodeSigning.mm: Added.

(WebKit::secCodeForCurrentProcess): Added.
(WebKit::secCodeForProcess): Added.
(WebKit::secCodeSigningInformation): Added.
(WebKit::appleSignedOrMacAppStoreSignedOrAppleDeveloperSignedRequirement): Added.
(WebKit::secCodeSigningIdentifier): Added.
(WebKit::codeSigningIdentifier): Returns the code signing identifier for the current process.
(WebKit::codeSigningIdentifierForProcess): Moved from file Shared/mac/ChildProcessMac.mm. Extracted logic
into various helper functions (above) so that it can be shared with WebKit::codeSigningIdentifier() as
well as to improve the readability of the code. Removed the OSStatus out argument that was used by callers
for logging purposes and moved such logging responsibility into WebKit::secCodeSigningIdentifier() as
a release assertion message since we always want to log this error when code signing validation fails. We
use a release assertion to cause a noticeable crash because we such failures should not occur and if they
do then we want to see crash reports so that we can handle such failures. Using a release assertion for
validation failures also simplifies the possible return values of this function as such failures represented
the only case where this function would return an empty string. We now return either a null string or a non-
empty string. We return a null string when the specified process is either unsigned or signed by a third-party;
otherwise, we return a non-empty string that represents the code signing identifier.

• UIProcess/Launcher/mac/ProcessLauncherMac.mm:

(WebKit::connectToService): Use the code signing identifier for the client-identifier if we have one (e.g.
we are signed app). If we do not have a code signing identifier then take client-identifier to be the
bundle identifier of our main bundle. Failing that we take client-identifier to be _NSGetProgname().

• WebKit2.xcodeproj/project.pbxproj: Add files Shared/mac/CodeSigning.{h, mm}.

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• PlatformMac.cmake (modified) (1 diff)
• Shared/mac/ChildProcessMac.mm (modified) (4 diffs)
• Shared/mac/CodeSigning.h (added)
• Shared/mac/CodeSigning.mm (added)
• UIProcess/Launcher/mac/ProcessLauncherMac.mm (modified) (3 diffs)
• WebKit2.xcodeproj/project.pbxproj (modified) (5 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2016-04-12  Daniel Bates  <dabates@apple.com>
+
+        REGRESSION (r198933): Unable to login to Google account from Internet Accounts preference pane
+        https://bugs.webkit.org/show_bug.cgi?id=156447
+        <rdar://problem/25628133>
+
+        Reviewed by Darin Adler.
+
+        Reverts the workaround landed in r199301 and teaches ProcessLauncherMac to use the code
+        signing identifier of the UI process as the client-identifier if it is signed. Otherwise,
+        we fall back to using the main bundle identifier or _NSGetProgname() depending on whether
+        the UI process has an associated app bundle.
+
+        * PlatformMac.cmake: Add file Shared/mac/CodeSigning.mm.
+        * Shared/mac/ChildProcessMac.mm:
+        (WebKit::ChildProcess::initializeSandbox):
+        (WebKit::codeSigningIdentifierForProcess): Deleted; moved from here to file Shared/mac/CodeSigning.mm.
+        * Shared/mac/CodeSigning.h: Added.
+        * Shared/mac/CodeSigning.mm: Added.
+        (WebKit::secCodeForCurrentProcess): Added.
+        (WebKit::secCodeForProcess): Added.
+        (WebKit::secCodeSigningInformation): Added.
+        (WebKit::appleSignedOrMacAppStoreSignedOrAppleDeveloperSignedRequirement): Added.
+        (WebKit::secCodeSigningIdentifier): Added.
+        (WebKit::codeSigningIdentifier): Returns the code signing identifier for the current process.
+        (WebKit::codeSigningIdentifierForProcess): Moved from file Shared/mac/ChildProcessMac.mm. Extracted logic
+        into various helper functions (above) so that it can be shared with WebKit::codeSigningIdentifier() as
+        well as to improve the readability of the code. Removed the OSStatus out argument that was used by callers
+        for logging purposes and moved such logging responsibility into WebKit::secCodeSigningIdentifier() as
+        a release assertion message since we always want to log this error when code signing validation fails. We
+        use a release assertion to cause a noticeable crash because we such failures should not occur and if they
+        do then we want to see crash reports so that we can handle such failures. Using a release assertion for
+        validation failures also simplifies the possible return values of this function as such failures represented
+        the only case where this function would return an empty string. We now return either a null string or a non-
+        empty string. We return a null string when the specified process is either unsigned or signed by a third-party;
+        otherwise, we return a non-empty string that represents the code signing identifier.
+        * UIProcess/Launcher/mac/ProcessLauncherMac.mm:
+        (WebKit::connectToService): Use the code signing identifier for the client-identifier if we have one (e.g.
+        we are signed app). If we do not have a code signing identifier then take client-identifier to be the
+        bundle identifier of our main bundle. Failing that we take client-identifier to be _NSGetProgname().
+        * WebKit2.xcodeproj/project.pbxproj: Add files Shared/mac/CodeSigning.{h, mm}.
+
 2016-04-12  Enrica Casucci  <enrica@apple.com>
 

trunk/Source/WebKit2/PlatformMac.cmake

@@ -123 +123 @@
     Shared/mac/AttributedString.mm
     Shared/mac/ChildProcessMac.mm
+    Shared/mac/CodeSigning.mm
     Shared/mac/ColorSpaceData.mm
     Shared/mac/CookieStorageShim.mm

trunk/Source/WebKit2/Shared/mac/ChildProcessMac.mm

@@ -29 +29 @@
 #import "ChildProcess.h"
 
+#import "CodeSigning.h"
 #import "SandboxInitializationParameters.h"
 #import "WebKitSystemInterface.h"
@@ -39 +40 @@
 #import <stdlib.h>
 #import <sysexits.h>
-#import <wtf/cf/TypeCastsCF.h>
 #import <wtf/spi/darwin/SandboxSPI.h>
 
@@ -77 +77 @@
     initializeTimerCoalescingPolicy();
     [[NSFileManager defaultManager] changeCurrentDirectoryPath:[[NSBundle mainBundle] bundlePath]];
-}
-
-static String codeSigningIdentifierForProcess(pid_t pid, OSStatus& errorCode)
-{
-    RetainPtr<CFNumberRef> pidCFNumber = adoptCF(CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &pid));
-    const void* keys[] = { kSecGuestAttributePid };
-    const void* values[] = { pidCFNumber.get() };
-    RetainPtr<CFDictionaryRef> attributes = adoptCF(CFDictionaryCreate(kCFAllocatorDefault, keys, values, WTF_ARRAY_LENGTH(keys), &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
-    SecCodeRef code = nullptr;
-    if ((errorCode = SecCodeCopyGuestWithAttributes(nullptr, attributes.get(), kSecCSDefaultFlags, &code)))
-        return String();
-    RetainPtr<SecCodeRef> codePtr = adoptCF(code);
-    RELEASE_ASSERT(codePtr);
-
-    CFStringRef macAppStoreSignedOrAppleDeveloperSignedRequirement = CFSTR("(anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9]) or (anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13])");
-    SecRequirementRef signingRequirement = nullptr;
-    RELEASE_ASSERT(!SecRequirementCreateWithString(macAppStoreSignedOrAppleDeveloperSignedRequirement, kSecCSDefaultFlags, &signingRequirement));
-    RetainPtr<SecRequirementRef> signingRequirementPtr = adoptCF(signingRequirement);
-    errorCode = SecCodeCheckValidity(codePtr.get(), kSecCSDefaultFlags, signingRequirementPtr.get());
-    if (errorCode == errSecCSUnsigned || errorCode == errSecCSReqFailed)
-        return String(); // Unsigned, signed by Apple, or signed by a third-party
-    if (errorCode != errSecSuccess)
-        return emptyString(); // e.g. invalid/malformed signature
-    String codeSigningIdentifier;
-    CFDictionaryRef signingInfo = nullptr;
-    RELEASE_ASSERT(!SecCodeCopySigningInformation(codePtr.get(), kSecCSDefaultFlags, &signingInfo));
-    RetainPtr<CFDictionaryRef> signingInfoPtr = adoptCF(signingInfo);
-    if (CFDictionaryRef plist = dynamic_cf_cast<CFDictionaryRef>(CFDictionaryGetValue(signingInfoPtr.get(), kSecCodeInfoPList)))
-        codeSigningIdentifier = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(plist, kCFBundleIdentifierKey)));
-    else
-        codeSigningIdentifier = String(dynamic_cf_cast<CFStringRef>(CFDictionaryGetValue(signingInfoPtr.get(), kSecCodeInfoIdentifier)));
-    RELEASE_ASSERT(!codeSigningIdentifier.isEmpty());
-    return codeSigningIdentifier;
 }
 
@@ -211 +178 @@
     if (willUseUserDirectorySuffixInitializationParameter)
         return;
-    error = noErr;
-    String clientCodeSigningIdentifier = codeSigningIdentifierForProcess(xpc_connection_get_pid(parameters.connectionIdentifier.xpcConnection.get()), error);
+    String clientCodeSigningIdentifier = codeSigningIdentifierForProcess(xpc_connection_get_pid(parameters.connectionIdentifier.xpcConnection.get()));
     bool isClientCodeSigned = !clientCodeSigningIdentifier.isNull();
     if (isClientCodeSigned && clientCodeSigningIdentifier != parameters.clientIdentifier) {
-        WTFLogAlways("%s: Code signing identifier of client differs from passed client identifier: %ld\n", getprogname(), static_cast<long>(error));
+        WTFLogAlways("%s: Code signing identifier of client differs from passed client identifier.\n", getprogname());
         exit(EX_NOPERM);
     }

trunk/Source/WebKit2/UIProcess/Launcher/mac/ProcessLauncherMac.mm

@@ -45 +45 @@
 #import <wtf/text/WTFString.h>
 
+#if PLATFORM(MAC)
+#import "CodeSigning.h"
+#endif
+
 namespace WebKit {
 
@@ -137 +141 @@
     mach_port_insert_right(mach_task_self(), listeningPort, listeningPort, MACH_MSG_TYPE_MAKE_SEND);
 
-    NSString *bundleIdentifier = [[NSBundle mainBundle] bundleIdentifier];
-    CString clientIdentifier = bundleIdentifier ? String([[NSBundle mainBundle] bundleIdentifier]).utf8() : *_NSGetProgname();
+    String clientIdentifier;
+#if PLATFORM(MAC)
+    clientIdentifier = codeSigningIdentifier();
+#endif
+    if (clientIdentifier.isNull())
+        clientIdentifier = [[NSBundle mainBundle] bundleIdentifier];
 
     // FIXME: Switch to xpc_connection_set_bootstrap once it's available everywhere we need.
@@ -147 +155 @@
     mach_port_deallocate(mach_task_self(), listeningPort);
 
-    xpc_dictionary_set_string(bootstrapMessage.get(), "client-identifier", clientIdentifier.data());
+    xpc_dictionary_set_string(bootstrapMessage.get(), "client-identifier", !clientIdentifier.isEmpty() ? clientIdentifier.utf8().data() : *_NSGetProgname());
     xpc_dictionary_set_string(bootstrapMessage.get(), "ui-process-name", [[[NSProcessInfo processInfo] processName] UTF8String]);
 

trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj

@@ -1712 +1712 @@
                 CDCA85C8132ABA4E00E961DF /* WKFullScreenWindowController.mm in Sources */ = {isa = PBXBuildFile; fileRef = CDCA85C6132ABA4E00E961DF /* WKFullScreenWindowController.mm */; };
                 CDCA85C9132ABA4E00E961DF /* WKFullScreenWindowController.h in Headers */ = {isa = PBXBuildFile; fileRef = CDCA85C7132ABA4E00E961DF /* WKFullScreenWindowController.h */; };
+                CE11AD501CBC47F800681EE5 /* CodeSigning.mm in Sources */ = {isa = PBXBuildFile; fileRef = CE11AD4F1CBC47F800681EE5 /* CodeSigning.mm */; };
+                CE11AD521CBC482F00681EE5 /* CodeSigning.h in Headers */ = {isa = PBXBuildFile; fileRef = CE11AD511CBC482F00681EE5 /* CodeSigning.h */; };
                 CE1A0BD21A48E6C60054EF74 /* AssertionServicesSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = CE1A0BCC1A48E6C60054EF74 /* AssertionServicesSPI.h */; };
                 CE1A0BD31A48E6C60054EF74 /* CorePDFSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = CE1A0BCD1A48E6C60054EF74 /* CorePDFSPI.h */; };
@@ -3787 +3789 @@
                 CDCA85C7132ABA4E00E961DF /* WKFullScreenWindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKFullScreenWindowController.h; sourceTree = "<group>"; };
                 CDCA85D4132AC2B300E961DF /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = /System/Library/Frameworks/IOKit.framework; sourceTree = "<absolute>"; };
+                CE11AD4F1CBC47F800681EE5 /* CodeSigning.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CodeSigning.mm; sourceTree = "<group>"; };
+                CE11AD511CBC482F00681EE5 /* CodeSigning.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CodeSigning.h; sourceTree = "<group>"; };
                 CE1A0BCC1A48E6C60054EF74 /* AssertionServicesSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AssertionServicesSPI.h; sourceTree = "<group>"; };
                 CE1A0BCD1A48E6C60054EF74 /* CorePDFSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CorePDFSPI.h; sourceTree = "<group>"; };
@@ -6224 +6228 @@
                                 E1A31734134CEA80007C9A4F /* AttributedString.mm */,
                                 9F54F88E16488E87007DF81A /* ChildProcessMac.mm */,
+                                CE11AD511CBC482F00681EE5 /* CodeSigning.h */,
+                                CE11AD4F1CBC47F800681EE5 /* CodeSigning.mm */,
                                 1A2A4AFE158693920090C9E9 /* ColorSpaceData.h */,
                                 1A2A4AFD158693920090C9E9 /* ColorSpaceData.mm */,
@@ -7320 +7326 @@
                                 E1513C67166EABB200149FCB /* ChildProcessProxy.h in Headers */,
                                 290F4272172A0C7400939FF0 /* ChildProcessSupplement.h in Headers */,
+                                CE11AD521CBC482F00681EE5 /* CodeSigning.h in Headers */,
                                 1A6F9F9011E13EFC00DB1371 /* CommandLine.h in Headers */,
                                 37BEC4E119491486008B4286 /* CompletionHandlerCallChecker.h in Headers */,
@@ -8762 +8769 @@
                                 51FAEC3B1B0657680009C4E7 /* ChildProcessMessageReceiver.cpp in Sources */,
                                 E1513C66166EABB200149FCB /* ChildProcessProxy.cpp in Sources */,
+                                CE11AD501CBC47F800681EE5 /* CodeSigning.mm in Sources */,
                                 1A2A4B0E1586A2240090C9E9 /* ColorSpaceData.mm in Sources */,
                                 1A6F9FB711E1408500DB1371 /* CommandLinePOSIX.cpp in Sources */,