Changeset 231979 in webkit

Timestamp:

May 18, 2018 1:13:34 PM (6 years ago)

Author:

eric.carlson@apple.com

Message:

Handle failure to extend sandbox gracefully
​https://bugs.webkit.org/show_bug.cgi?id=185779
<rdar://problem/40316349>

Reviewed by Brent Fulgham.

Source/WebCore:

Test: TestWebKitAPI/Tests/WebKitCocoa/UserMediaSimulateFailedSandbox.mm

• Modules/mediastream/UserMediaRequest.cpp:

(WebCore::UserMediaRequest::deny): Include the error string in the promise rejection.

• Modules/mediastream/UserMediaRequest.h:

Source/WebKit:

• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _denyNextUserMediaRequest]):

• UIProcess/API/Cocoa/WKWebViewPrivate.h:

• UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted): Don't append
the request to m_grantedRequests if it failed.
(WebKit::UserMediaPermissionRequestManagerProxy::grantAccess): Deny request if willCreateMediaStream
fails.

• UIProcess/UserMediaPermissionRequestManagerProxy.h:

• UIProcess/UserMediaProcessManager.cpp:

(WebKit::UserMediaProcessManager::willCreateMediaStream): Don't try to extend sandbox if
we fail to allocate all necessary handles.

• UIProcess/UserMediaProcessManager.h:

(WebKit::UserMediaProcessManager::denyNextUserMediaRequest): New, for testing.

Tools:

• TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
• TestWebKitAPI/Tests/WebKitCocoa/UserMediaSimulateFailedSandbox.mm: Added.

(-[SimulateFailedSandboxMessageHandler userContentController:didReceiveScriptMessage:]):
(-[SimulateFailedSandboxUIDelegate _webView:requestUserMediaAuthorizationForDevices:url:mainFrameURL:decisionHandler:]):
(-[SimulateFailedSandboxUIDelegate _webView:checkUserMediaPermissionForURL:mainFrameURL:frameIdentifier:decisionHandler:]):
(MediaCaptureSimulateFailedSandbox::SetUp):
(MediaCaptureSimulateFailedSandbox::loadTestAndWaitForMessage):
(TEST_F):

• TestWebKitAPI/Tests/WebKitCocoa/disableGetUserMedia.html:

Location:

trunk

Files:

• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/mediastream/UserMediaRequest.cpp (modified) (1 diff)
• Source/WebCore/Modules/mediastream/UserMediaRequest.h (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm (modified) (2 diffs)
• Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h (modified) (1 diff)
• Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (modified) (2 diffs)
• Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.h (modified) (1 diff)
• Source/WebKit/UIProcess/UserMediaProcessManager.cpp (modified) (3 diffs)
• Source/WebKit/UIProcess/UserMediaProcessManager.h (modified) (2 diffs)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (modified) (4 diffs)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/UserMediaSimulateFailedSandbox.mm (added)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/disableGetUserMedia.html (modified) (2 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-05-18  Eric Carlson  <eric.carlson@apple.com>
+
+        Handle failure to extend sandbox gracefully
+        https://bugs.webkit.org/show_bug.cgi?id=185779
+        <rdar://problem/40316349>
+
+        Reviewed by Brent Fulgham.
+
+        Test: TestWebKitAPI/Tests/WebKitCocoa/UserMediaSimulateFailedSandbox.mm
+
+        * Modules/mediastream/UserMediaRequest.cpp:
+        (WebCore::UserMediaRequest::deny): Include the error string in the promise rejection.
+        * Modules/mediastream/UserMediaRequest.h:
+
 2018-05-18  Antoine Quint  <graouts@apple.com>
 

trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.cpp

@@ -258 +258 @@
 }
 
-void UserMediaRequest::deny(MediaAccessDenialReason reason, const String& invalidConstraint)
+void UserMediaRequest::deny(MediaAccessDenialReason reason, const String& message)
 {
     if (!m_scriptExecutionContext)
         return;
 
+    ExceptionCode code;
     switch (reason) {
     case MediaAccessDenialReason::NoConstraints:
         RELEASE_LOG(MediaStream, "UserMediaRequest::deny - no constraints");
-        m_promise.reject(TypeError);
+        code = TypeError;
         break;
     case MediaAccessDenialReason::UserMediaDisabled:
         RELEASE_LOG(MediaStream, "UserMediaRequest::deny - user media disabled");
-        m_promise.reject(SecurityError);
+        code = SecurityError;
         break;
     case MediaAccessDenialReason::NoCaptureDevices:
         RELEASE_LOG(MediaStream, "UserMediaRequest::deny - no capture devices");
-        m_promise.reject(NotFoundError);
+        code = NotFoundError;
         break;
     case MediaAccessDenialReason::InvalidConstraint:
-        RELEASE_LOG(MediaStream, "UserMediaRequest::deny - invalid constraint - %s", invalidConstraint.utf8().data());
-        m_promise.rejectType<IDLInterface<OverconstrainedError>>(OverconstrainedError::create(invalidConstraint, ASCIILiteral("Invalid constraint")).get());
-        break;
+        RELEASE_LOG(MediaStream, "UserMediaRequest::deny - invalid constraint - %s", message.utf8().data());
+        m_promise.rejectType<IDLInterface<OverconstrainedError>>(OverconstrainedError::create(message, ASCIILiteral("Invalid constraint")).get());
+        return;
     case MediaAccessDenialReason::HardwareError:
         RELEASE_LOG(MediaStream, "UserMediaRequest::deny - hardware error");
-        m_promise.reject(NotReadableError);
+        code = NotReadableError;
         break;
     case MediaAccessDenialReason::OtherFailure:
         RELEASE_LOG(MediaStream, "UserMediaRequest::deny - other failure");
-        m_promise.reject(AbortError);
+        code = AbortError;
         break;
     case MediaAccessDenialReason::PermissionDenied:
         RELEASE_LOG(MediaStream, "UserMediaRequest::deny - permission denied");
-        m_promise.reject(NotAllowedError);
+        code = NotAllowedError;
         break;
     case MediaAccessDenialReason::InvalidAccess:
         RELEASE_LOG(MediaStream, "UserMediaRequest::deny - invalid access");
-        m_promise.reject(InvalidAccessError);
-        break;
-    }
+        code = InvalidAccessError;
+        break;
+    }
+
+    if (!message.isEmpty())
+        m_promise.reject(code, message);
+    else
+        m_promise.reject(code);
 }
 

trunk/Source/WebCore/Modules/mediastream/UserMediaRequest.h

@@ -58 +58 @@
 
     enum MediaAccessDenialReason { NoConstraints, UserMediaDisabled, NoCaptureDevices, InvalidConstraint, HardwareError, PermissionDenied, InvalidAccess, OtherFailure };
-    WEBCORE_EXPORT void deny(MediaAccessDenialReason, const String& invalidConstraint = emptyString());
+    WEBCORE_EXPORT void deny(MediaAccessDenialReason, const String& errorMessage = emptyString());
 
     const Vector<String>& audioDeviceUIDs() const { return m_audioDeviceUIDs; }

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-05-18  Eric Carlson  <eric.carlson@apple.com>
+
+        Handle failure to extend sandbox gracefully
+        https://bugs.webkit.org/show_bug.cgi?id=185779
+        <rdar://problem/40316349>
+
+        Reviewed by Brent Fulgham.
+
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (-[WKWebView _denyNextUserMediaRequest]): 
+        * UIProcess/API/Cocoa/WKWebViewPrivate.h:
+
+        * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+        (WebKit::UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted): Don't append
+        the request to m_grantedRequests if it failed.
+        (WebKit::UserMediaPermissionRequestManagerProxy::grantAccess): Deny request if willCreateMediaStream
+        fails.
+        * UIProcess/UserMediaPermissionRequestManagerProxy.h:
+
+        * UIProcess/UserMediaProcessManager.cpp:
+        (WebKit::UserMediaProcessManager::willCreateMediaStream): Don't try to extend sandbox if
+        we fail to allocate all necessary handles.
+        * UIProcess/UserMediaProcessManager.h:
+        (WebKit::UserMediaProcessManager::denyNextUserMediaRequest): New, for testing.
+
 2018-05-18  Antoine Quint  <graouts@apple.com>
 

trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm

@@ -48 +48 @@
 #import "SandboxUtilities.h"
 #import "UIDelegate.h"
+#import "UserMediaProcessManager.h"
 #import "VersionChecks.h"
 #import "ViewGestureController.h"
@@ -6386 +6387 @@
 }
 
+- (void)_denyNextUserMediaRequest
+{
+    WebKit::UserMediaProcessManager::singleton().denyNextUserMediaRequest();
+}
 @end
 

trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h

@@ -460 +460 @@
 - (void)_executeEditCommand:(NSString *)command argument:(NSString *)argument completion:(void (^)(BOOL))completion WK_API_AVAILABLE(macosx(10.13.4), ios(11.3));
 
+- (void)_denyNextUserMediaRequest WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
+
 - (BOOL)_beginBackSwipeForTesting;
 - (BOOL)_completeBackSwipeForTesting;

trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp

@@ -154 +154 @@
         return;
 
-    grantAccess(userMediaID, WTFMove(audioDevice), WTFMove(videoDevice), request->deviceIdentifierHashSalt());
-    m_grantedRequests.append(request.releaseNonNull());
+    if (grantAccess(userMediaID, WTFMove(audioDevice), WTFMove(videoDevice), request->deviceIdentifierHashSalt()))
+        m_grantedRequests.append(request.releaseNonNull());
+
 #else
     UNUSED_PARAM(userMediaID);
@@ -221 +222 @@
 }
 
-void UserMediaPermissionRequestManagerProxy::grantAccess(uint64_t userMediaID, const CaptureDevice audioDevice, const CaptureDevice videoDevice, const String& deviceIdentifierHashSalt)
-{
-    UserMediaProcessManager::singleton().willCreateMediaStream(*this, !!audioDevice, !!videoDevice);
+bool UserMediaPermissionRequestManagerProxy::grantAccess(uint64_t userMediaID, const CaptureDevice audioDevice, const CaptureDevice videoDevice, const String& deviceIdentifierHashSalt)
+{
+    if (!UserMediaProcessManager::singleton().willCreateMediaStream(*this, !!audioDevice, !!videoDevice)) {
+        denyRequest(userMediaID, UserMediaPermissionRequestProxy::UserMediaAccessDenialReason::OtherFailure, "Unable to extend sandbox.");
+        return false;
+    }
+
     m_page.process().send(Messages::WebPage::UserMediaAccessWasGranted(userMediaID, audioDevice, videoDevice, deviceIdentifierHashSalt), m_page.pageID());
+    return true;
 }
 #endif

trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.h

@@ -69 +69 @@
     void denyRequest(uint64_t userMediaID, UserMediaPermissionRequestProxy::UserMediaAccessDenialReason, const String& invalidConstraint);
 #if ENABLE(MEDIA_STREAM)
-    void grantAccess(uint64_t userMediaID, const WebCore::CaptureDevice audioDevice, const WebCore::CaptureDevice videoDevice, const String& deviceIdentifierHashSalt);
+    bool grantAccess(uint64_t userMediaID, const WebCore::CaptureDevice audioDevice, const WebCore::CaptureDevice videoDevice, const String& deviceIdentifierHashSalt);
 
     const UserMediaPermissionRequestProxy* searchForGrantedRequest(uint64_t frameID, const WebCore::SecurityOrigin& userMediaDocumentOrigin, const WebCore::SecurityOrigin& topLevelDocumentOrigin, bool needsAudio, bool needsVideo) const;

trunk/Source/WebKit/UIProcess/UserMediaProcessManager.cpp

@@ -127 +127 @@
 }
 
-void UserMediaProcessManager::willCreateMediaStream(UserMediaPermissionRequestManagerProxy& proxy, bool withAudio, bool withVideo)
+bool UserMediaProcessManager::willCreateMediaStream(UserMediaPermissionRequestManagerProxy& proxy, bool withAudio, bool withVideo)
 {
 #if ENABLE(SANDBOX_EXTENSIONS)
@@ -134 +134 @@
     ASSERT(stateMap().contains(&processStartingCapture));
 
-    proxy.page().activateMediaStreamCaptureInPage();
+    if (m_denyNextRequest) {
+        m_denyNextRequest = false;
+        return false;
+    }
 
     auto& state = processState(processStartingCapture);
@@ -172 +175 @@
         }
 
+        if (ids.size() != handles.size()) {
+            WTFLogAlways("Could not create a required sandbox extension, capture will fail!");
+            return false;
+        }
+
         state.setSandboxExtensionsGranted(currentExtensions);
         processStartingCapture.send(Messages::WebPage::GrantUserMediaDeviceSandboxExtensions(MediaDeviceSandboxExtensions(ids, WTFMove(handles))), proxy.page().pageID());
     }
-#endif
+#else
+    UNUSED_PARAM(proxy);
+    UNUSED_PARAM(withAudio);
+    UNUSED_PARAM(withVideo);
+#endif
+
+    proxy.page().activateMediaStreamCaptureInPage();
+
+    return true;
 }
 

trunk/Source/WebKit/UIProcess/UserMediaProcessManager.h

@@ -35 +35 @@
     void removeUserMediaPermissionRequestManagerProxy(UserMediaPermissionRequestManagerProxy&);
 
-    void willCreateMediaStream(UserMediaPermissionRequestManagerProxy&, bool withAudio, bool withVideo);
+    bool willCreateMediaStream(UserMediaPermissionRequestManagerProxy&, bool withAudio, bool withVideo);
     void muteCaptureMediaStreamsExceptIn(WebPageProxy&);
 
@@ -44 +44 @@
     bool captureEnabled() const { return m_captureEnabled; }
 
+    void denyNextUserMediaRequest() { m_denyNextRequest = true; }
+
 private:
     bool m_captureEnabled { true };
+    bool m_denyNextRequest { false };
 };
 

trunk/Tools/ChangeLog

@@ +1 @@
+2018-05-18  Eric Carlson  <eric.carlson@apple.com>
+
+        Handle failure to extend sandbox gracefully
+        https://bugs.webkit.org/show_bug.cgi?id=185779
+        <rdar://problem/40316349>
+
+        Reviewed by Brent Fulgham.
+
+        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+        * TestWebKitAPI/Tests/WebKitCocoa/UserMediaSimulateFailedSandbox.mm: Added.
+        (-[SimulateFailedSandboxMessageHandler userContentController:didReceiveScriptMessage:]):
+        (-[SimulateFailedSandboxUIDelegate _webView:requestUserMediaAuthorizationForDevices:url:mainFrameURL:decisionHandler:]):
+        (-[SimulateFailedSandboxUIDelegate _webView:checkUserMediaPermissionForURL:mainFrameURL:frameIdentifier:decisionHandler:]):
+        (MediaCaptureSimulateFailedSandbox::SetUp):
+        (MediaCaptureSimulateFailedSandbox::loadTestAndWaitForMessage):
+        (TEST_F):
+        * TestWebKitAPI/Tests/WebKitCocoa/disableGetUserMedia.html:
+
 2018-05-18  Daniel Bates  <dabates@apple.com>
 

trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

@@ -36 +36 @@
                 07E1F6A31FFC4B760096C7EC /* GetDisplayMedia.mm in Sources */ = {isa = PBXBuildFile; fileRef = 07E1F6A01FFC3A080096C7EC /* GetDisplayMedia.mm */; };
                 07E499911F9E56DF002F1EF3 /* GetUserMediaReprompt.mm in Sources */ = {isa = PBXBuildFile; fileRef = 07E499901F9E56A1002F1EF3 /* GetUserMediaReprompt.mm */; };
+                07F4E92E20AF59E2002E3803 /* UserMediaSimulateFailedSandbox.mm in Sources */ = {isa = PBXBuildFile; fileRef = 07F4E92D20AF58D3002E3803 /* UserMediaSimulateFailedSandbox.mm */; };
                 0EBBCC661FFF9E0C00FA42AB /* pop-up-check.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 0EBBCC651FFF9DCE00FA42AB /* pop-up-check.html */; };
                 0F139E771A423A5B00F590F5 /* WeakObjCPtr.mm in Sources */ = {isa = PBXBuildFile; fileRef = 0F139E751A423A5300F590F5 /* WeakObjCPtr.mm */; };
@@ -1152 +1153 @@
                 07E499901F9E56A1002F1EF3 /* GetUserMediaReprompt.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = GetUserMediaReprompt.mm; sourceTree = "<group>"; };
                 07EDEFAC1EB9400C00D43292 /* UserMediaDisabled.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = UserMediaDisabled.mm; sourceTree = "<group>"; };
+                07F4E92D20AF58D3002E3803 /* UserMediaSimulateFailedSandbox.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = UserMediaSimulateFailedSandbox.mm; sourceTree = "<group>"; };
                 0BCD833414857CE400EA2003 /* HashMap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = HashMap.cpp; sourceTree = "<group>"; };
                 0BCD85691485C98B00EA2003 /* SetForScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SetForScope.cpp; sourceTree = "<group>"; };
@@ -2259 +2261 @@
                                 7CCB99201D3B41F6003922F6 /* UserInitiatedActionInNavigationAction.mm */,
                                 07EDEFAC1EB9400C00D43292 /* UserMediaDisabled.mm */,
+                                07F4E92D20AF58D3002E3803 /* UserMediaSimulateFailedSandbox.mm */,
                                 93E943F11CD3E87E00AC08C2 /* VideoControlsManager.mm */,
                                 6356FB211EC4E0BA0044BF18 /* VisibleContentRect.mm */,
@@ -3783 +3786 @@
                                 7CCE7F171A411AE600447C4C /* UserMedia.cpp in Sources */,
                                 0799C3491EBA2D7B003B7532 /* UserMediaDisabled.mm in Sources */,
+                                07F4E92E20AF59E2002E3803 /* UserMediaSimulateFailedSandbox.mm in Sources */,
                                 7CCE7F181A411AE600447C4C /* UserMessage.cpp in Sources */,
                                 7C83E03A1D0A602700FEBCF3 /* UtilitiesCocoa.mm in Sources */,

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/disableGetUserMedia.html

@@ -1 +1 @@
 <script>
+    let err = '';
     function gotUserMedia(mediaStream)
     {
@@ -7 +8 @@
     function userMediaError(error)
     {
+        err = `${error.name},${error.message}`;
         window.webkit.messageHandlers.testHandler.postMessage('denied');
     }
 
-    var constraints = { audio: false, video: true};
+    function lastError()
+    {
+        return err;
+    }
+
+    let constraints = { audio: false, video: true};
     navigator.mediaDevices.getUserMedia(constraints)
         .then(gotUserMedia).