Changeset 251825 in webkit
- Timestamp:
- Oct 30, 2019 5:33:49 PM (4 years ago)
- Location:
- trunk/Source
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r251813 r251825 1 2019-10-30 Per Arne Vollan <pvollan@apple.com> 2 3 It should be possible to create a mach sandbox extension for the WebContent process before the audit token is known 4 https://bugs.webkit.org/show_bug.cgi?id=203618 5 6 Reviewed by Brent Fulgham. 7 8 Added SPI to create mach extension without PID or audit token. 9 10 * wtf/spi/darwin/SandboxSPI.h: 11 1 12 2019-10-30 Daniel Bates <dabates@apple.com> 2 13 -
trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h
r251087 r251825 67 67 char *sandbox_extension_issue_mach_to_process(const char *extension_class, const char *name, uint32_t flags, audit_token_t); 68 68 #endif 69 char *sandbox_extension_issue_mach(const char *extension_class, const char *name, uint32_t flags); 69 70 int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...); 70 71 int sandbox_check_by_audit_token(audit_token_t, const char *operation, enum sandbox_filter_type, ...); -
trunk/Source/WebKit/ChangeLog
r251824 r251825 1 2019-10-30 Per Arne Vollan <pvollan@apple.com> 2 3 It should be possible to create a mach sandbox extension for the WebContent process before the audit token is known 4 https://bugs.webkit.org/show_bug.cgi?id=203618 5 6 Reviewed by Brent Fulgham. 7 8 Currently, we are only able to create a mach sandbox extension for the WebContent process if we know its 9 audit token. It should be possible to create a mach extension without the audit token, since this is 10 needed when we want to create extensions before the PID or audit token is known. These extensions are 11 typically sent in the WebProcess creation parameters. 12 13 No new tests, this is not a behavior change, but a patch in preparation for future patches. 14 15 * Shared/Cocoa/SandboxExtensionCocoa.mm: 16 (WebKit::SandboxExtensionImpl::sandboxExtensionForType): 17 (WebKit::SandboxExtension::createHandleForMachLookup): 18 (WebKit::SandboxExtension::createHandleForMachLookupByAuditToken): Deleted. 19 * Shared/SandboxExtension.h: 20 * UIProcess/ios/WebProcessProxyIOS.mm: 21 (WebKit::WebProcessProxy::unblockAccessibilityServerIfNeeded): 22 1 23 2019-10-30 Per Arne Vollan <pvollan@apple.com> 2 24 -
trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
r251087 r251825 93 93 return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0); 94 94 case SandboxExtension::Type::Mach: 95 if (!auditToken) 96 return sandbox_extension_issue_mach("com.apple.webkit.extension.mach"_s, path, 0); 95 97 #if HAVE(SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN) 96 if (!auditToken)97 return nullptr;98 98 return sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach"_s, path, 0, *auditToken); 99 99 #else … … 337 337 } 338 338 339 bool SandboxExtension::createHandleForMachLookup ByAuditToken(const String& service, audit_token_tauditToken, Handle& handle)339 bool SandboxExtension::createHandleForMachLookup(const String& service, Optional<audit_token_t> auditToken, Handle& handle) 340 340 { 341 341 ASSERT(!handle.m_sandboxExtension); -
trunk/Source/WebKit/Shared/SandboxExtension.h
r251087 r251825 106 106 static bool createHandleForGenericExtension(const String& extensionClass, Handle&); 107 107 #if HAVE(AUDIT_TOKEN) 108 static bool createHandleForMachLookup ByAuditToken(const String& service, audit_token_t, Handle&);108 static bool createHandleForMachLookup(const String& service, Optional<audit_token_t>, Handle&); 109 109 static bool createHandleForReadByAuditToken(const String& path, audit_token_t, Handle&); 110 110 #endif -
trunk/Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm
r251087 r251825 55 55 return; 56 56 57 ASSERT(connection() && connection()->getAuditToken());58 if (!connection() || !connection()->getAuditToken()) {59 WTFLogAlways("Unable to get audit token.");60 return;61 }62 63 57 SandboxExtension::Handle handle; 64 if (!SandboxExtension::createHandleForMachLookup ByAuditToken("com.apple.iphone.axserver-systemwide", *(connection()->getAuditToken()), handle))58 if (!SandboxExtension::createHandleForMachLookup("com.apple.iphone.axserver-systemwide", connection() ? connection()->getAuditToken() : WTF::nullopt, handle)) 65 59 return; 66 60
Note: See TracChangeset
for help on using the changeset viewer.