Changeset 251825 in webkit

Timestamp:

Oct 30, 2019 5:33:49 PM (4 years ago)

Author:

pvollan@apple.com

Message:

It should be possible to create a mach sandbox extension for the WebContent process before the audit token is known
​https://bugs.webkit.org/show_bug.cgi?id=203618

Reviewed by Brent Fulgham.

Source/WebKit:

Currently, we are only able to create a mach sandbox extension for the WebContent process if we know its
audit token. It should be possible to create a mach extension without the audit token, since this is
needed when we want to create extensions before the PID or audit token is known. These extensions are
typically sent in the WebProcess creation parameters.

No new tests, this is not a behavior change, but a patch in preparation for future patches.

• Shared/Cocoa/SandboxExtensionCocoa.mm:

(WebKit::SandboxExtensionImpl::sandboxExtensionForType):
(WebKit::SandboxExtension::createHandleForMachLookup):
(WebKit::SandboxExtension::createHandleForMachLookupByAuditToken): Deleted.

• Shared/SandboxExtension.h:
• UIProcess/ios/WebProcessProxyIOS.mm:

(WebKit::WebProcessProxy::unblockAccessibilityServerIfNeeded):

Source/WTF:

Added SPI to create mach extension without PID or audit token.

• wtf/spi/darwin/SandboxSPI.h:

Location:

trunk/Source

Files:

• WTF/ChangeLog (modified) (1 diff)
• WTF/wtf/spi/darwin/SandboxSPI.h (modified) (1 diff)
• WebKit/ChangeLog (modified) (1 diff)
• WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm (modified) (2 diffs)
• WebKit/Shared/SandboxExtension.h (modified) (1 diff)
• WebKit/UIProcess/ios/WebProcessProxyIOS.mm (modified) (1 diff)

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2019-10-30  Per Arne Vollan  <pvollan@apple.com>
+
+        It should be possible to create a mach sandbox extension for the WebContent process before the audit token is known
+        https://bugs.webkit.org/show_bug.cgi?id=203618
+
+        Reviewed by Brent Fulgham.
+
+        Added SPI to create mach extension without PID or audit token.
+
+        * wtf/spi/darwin/SandboxSPI.h:
+
 2019-10-30  Daniel Bates  <dabates@apple.com>
 

trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h

@@ -67 +67 @@
 char *sandbox_extension_issue_mach_to_process(const char *extension_class, const char *name, uint32_t flags, audit_token_t);
 #endif
+char *sandbox_extension_issue_mach(const char *extension_class, const char *name, uint32_t flags);
 int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...);
 int sandbox_check_by_audit_token(audit_token_t, const char *operation, enum sandbox_filter_type, ...);

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-10-30  Per Arne Vollan  <pvollan@apple.com>
+
+        It should be possible to create a mach sandbox extension for the WebContent process before the audit token is known
+        https://bugs.webkit.org/show_bug.cgi?id=203618
+
+        Reviewed by Brent Fulgham.
+
+        Currently, we are only able to create a mach sandbox extension for the WebContent process if we know its
+        audit token. It should be possible to create a mach extension without the audit token, since this is
+        needed when we want to create extensions before the PID or audit token is known. These extensions are
+        typically sent in the WebProcess creation parameters.
+        
+        No new tests, this is not a behavior change, but a patch in preparation for future patches.
+
+        * Shared/Cocoa/SandboxExtensionCocoa.mm:
+        (WebKit::SandboxExtensionImpl::sandboxExtensionForType):
+        (WebKit::SandboxExtension::createHandleForMachLookup):
+        (WebKit::SandboxExtension::createHandleForMachLookupByAuditToken): Deleted.
+        * Shared/SandboxExtension.h:
+        * UIProcess/ios/WebProcessProxyIOS.mm:
+        (WebKit::WebProcessProxy::unblockAccessibilityServerIfNeeded):
+
 2019-10-30  Per Arne Vollan  <pvollan@apple.com>
 

trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm

@@ -93 +93 @@
             return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0);
         case SandboxExtension::Type::Mach:
+            if (!auditToken)
+                return sandbox_extension_issue_mach("com.apple.webkit.extension.mach"_s, path, 0);
 #if HAVE(SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)
-            if (!auditToken)
-                return nullptr;
             return sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach"_s, path, 0, *auditToken);
 #else
@@ -337 +337 @@
 }
 
-bool SandboxExtension::createHandleForMachLookupByAuditToken(const String& service, audit_token_t auditToken, Handle& handle)
+bool SandboxExtension::createHandleForMachLookup(const String& service, Optional<audit_token_t> auditToken, Handle& handle)
 {
     ASSERT(!handle.m_sandboxExtension);

trunk/Source/WebKit/Shared/SandboxExtension.h

@@ -106 +106 @@
     static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
 #if HAVE(AUDIT_TOKEN)
-    static bool createHandleForMachLookupByAuditToken(const String& service, audit_token_t, Handle&);
+    static bool createHandleForMachLookup(const String& service, Optional<audit_token_t>, Handle&);
     static bool createHandleForReadByAuditToken(const String& path, audit_token_t, Handle&);
 #endif

trunk/Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm

@@ -55 +55 @@
         return;
 
-    ASSERT(connection() && connection()->getAuditToken());
-    if (!connection() || !connection()->getAuditToken()) {
-        WTFLogAlways("Unable to get audit token.");
-        return;
-    }
-    
     SandboxExtension::Handle handle;
-    if (!SandboxExtension::createHandleForMachLookupByAuditToken("com.apple.iphone.axserver-systemwide", *(connection()->getAuditToken()), handle))
+    if (!SandboxExtension::createHandleForMachLookup("com.apple.iphone.axserver-systemwide", connection() ? connection()->getAuditToken() : WTF::nullopt, handle))
         return;