Changeset 215132 in webkit
- Timestamp:
- Apr 7, 2017 5:24:58 PM (7 years ago)
- Location:
- trunk/Source
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r215107 r215132 1 2017-04-07 Alex Christensen <achristensen@webkit.org> 2 3 Use audit_token_t instead of pid_t for checking sandbox of other processes 4 https://bugs.webkit.org/show_bug.cgi?id=170616 5 <rdar://problem/31158189> 6 7 Reviewed by Daniel Bates. 8 9 * wtf/spi/darwin/SandboxSPI.h: 10 Declare more SPI. 11 1 12 2017-04-07 Ting-Wei Lan <lantw44@gmail.com> 2 13 -
trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h
r205488 r215132 24 24 */ 25 25 26 #ifndef SandboxSPI_h 27 #define SandboxSPI_h 26 #pragma once 28 27 29 28 #if OS(DARWIN) … … 46 45 extern const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT; 47 46 int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...); 47 int sandbox_check_by_audit_token(audit_token_t, const char *operation, enum sandbox_filter_type, ...); 48 48 int sandbox_container_path_for_pid(pid_t, char *buffer, size_t bufsize); 49 49 int sandbox_init_with_parameters(const char *profile, uint64_t flags, const char *const parameters[], char **errorbuf); … … 52 52 53 53 #endif // OS(DARWIN) 54 55 #endif // SandboxSPI_h -
trunk/Source/WebKit2/ChangeLog
r215129 r215132 1 2017-04-07 Alex Christensen <achristensen@webkit.org> 2 3 Use audit_token_t instead of pid_t for checking sandbox of other processes 4 https://bugs.webkit.org/show_bug.cgi?id=170616 5 <rdar://problem/31158189> 6 7 Reviewed by Daniel Bates. 8 9 pid's can be reused, so it's theoretically unsafe to use the pid of another process to check whether it's sandboxed. 10 Use an audit_token_t instead to be more sure that we are not mistakenly checking a new process that has reused the 11 old process's pid. For the current process, though, we have no xpc_connection_t to the process because we are the process. 12 13 * PluginProcess/mac/PluginProcessMac.mm: 14 (WebKit::PluginProcess::initializeSandbox): 15 * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm: 16 (WebKit::XPCServiceInitializerDelegate::isClientSandboxed): 17 * Shared/mac/SandboxUtilities.h: 18 * Shared/mac/SandboxUtilities.mm: 19 (WebKit::currentProcessIsSandboxed): 20 (WebKit::connectedProcessIsSandboxed): 21 (WebKit::processIsSandboxed): Deleted. 22 * UIProcess/Cocoa/WebProcessProxyCocoa.mm: 23 (WebKit::WebProcessProxy::platformIsBeingDebugged): 24 * UIProcess/Plugins/mac/PluginInfoStoreMac.mm: 25 (WebKit::PluginInfoStore::shouldUsePlugin): 26 * UIProcess/Plugins/mac/PluginProcessProxyMac.mm: 27 (WebKit::PluginProcessProxy::platformGetLaunchOptions): 28 1 29 2017-04-07 Brent Fulgham <bfulgham@apple.com> 2 30 -
trunk/Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm
r206675 r215132 621 621 // PluginProcess may already be sandboxed if its parent process was sandboxed, and launched a child process instead of an XPC service. 622 622 // This is generally not expected, however we currently always spawn a child process to create a MIME type preferences file. 623 if ( processIsSandboxed(getpid())) {623 if (currentProcessIsSandboxed()) { 624 624 RELEASE_ASSERT(!parameters.connectionIdentifier.xpcConnection); 625 RELEASE_ASSERT(processIsSandboxed(getppid())); 626 return; 627 } 628 629 bool parentIsSandboxed = parameters.connectionIdentifier.xpcConnection && processIsSandboxed(xpc_connection_get_pid(parameters.connectionIdentifier.xpcConnection.get())); 625 return; 626 } 627 628 bool parentIsSandboxed = parameters.connectionIdentifier.xpcConnection && connectedProcessIsSandboxed(parameters.connectionIdentifier.xpcConnection.get()); 630 629 631 630 if (parameters.extraInitializationData.get("disable-sandbox") == "1") { -
trunk/Source/WebKit2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm
r211482 r215132 122 122 bool XPCServiceInitializerDelegate::isClientSandboxed() 123 123 { 124 return processIsSandboxed(xpc_connection_get_pid(m_connection.get()));124 return connectedProcessIsSandboxed(m_connection.get()); 125 125 } 126 126 -
trunk/Source/WebKit2/Shared/mac/SandboxUtilities.h
r186718 r215132 24 24 */ 25 25 26 #ifndef SandboxUtilities_h 27 #define SandboxUtilities_h 26 #pragma once 28 27 29 28 #import <sys/types.h> 30 29 #import <wtf/Forward.h> 30 #import <wtf/spi/darwin/XPCSPI.h> 31 31 32 32 namespace WebKit { 33 33 34 bool processIsSandboxed(pid_t); 34 bool connectedProcessIsSandboxed(xpc_connection_t); 35 bool currentProcessIsSandboxed(); 35 36 bool processHasContainer(); 36 37 … … 41 42 42 43 } 43 44 #endif // SandboxUtilities_h -
trunk/Source/WebKit2/Shared/mac/SandboxUtilities.mm
r193937 r215132 31 31 #import <wtf/spi/cocoa/SecuritySPI.h> 32 32 #import <wtf/spi/darwin/SandboxSPI.h> 33 #import <wtf/spi/darwin/XPCSPI.h> 33 34 #import <wtf/text/WTFString.h> 34 35 35 36 namespace WebKit { 36 37 37 bool processIsSandboxed(pid_t pid)38 bool currentProcessIsSandboxed() 38 39 { 39 return sandbox_check(pid, nullptr, SANDBOX_FILTER_NONE); 40 return sandbox_check(getpid(), nullptr, SANDBOX_FILTER_NONE); 41 } 42 43 bool connectedProcessIsSandboxed(xpc_connection_t connectionToParent) 44 { 45 audit_token_t token; 46 xpc_connection_get_audit_token(connectionToParent, &token); 47 return sandbox_check_by_audit_token(token, nullptr, SANDBOX_FILTER_NONE); 40 48 } 41 49 -
trunk/Source/WebKit2/UIProcess/Cocoa/WebProcessProxyCocoa.mm
r207807 r215132 126 126 { 127 127 // If the UI process is sandboxed, it cannot find out whether other processes are being debugged. 128 if ( processIsSandboxed(getpid()))128 if (currentProcessIsSandboxed()) 129 129 return false; 130 130 -
trunk/Source/WebKit2/UIProcess/Plugins/mac/PluginInfoStoreMac.mm
r204462 r215132 101 101 } 102 102 103 if ( processIsSandboxed(getpid()) && !plugin.hasSandboxProfile) {103 if (currentProcessIsSandboxed() && !plugin.hasSandboxProfile) { 104 104 LOG(Plugins, "Ignoring unsandboxed plug-in %s", plugin.bundleIdentifier.utf8().data()); 105 105 return false; -
trunk/Source/WebKit2/UIProcess/Plugins/mac/PluginProcessProxyMac.mm
r208455 r215132 106 106 107 107 if (pluginProcessAttributes.sandboxPolicy == PluginProcessSandboxPolicyUnsandboxed) { 108 if (! processIsSandboxed(getpid()))108 if (!currentProcessIsSandboxed()) 109 109 launchOptions.extraInitializationData.add("disable-sandbox", "1"); 110 110 else
Note: See TracChangeset
for help on using the changeset viewer.