Changeset 258891 in webkit
- Timestamp:
- Mar 23, 2020 5:15:23 PM (4 years ago)
- Location:
- trunk
- Files:
-
- 12 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r258889 r258891 1 2020-03-23 Per Arne Vollan <pvollan@apple.com> 2 3 [Cocoa] Deny access to database mapping service 4 https://bugs.webkit.org/show_bug.cgi?id=209339 5 6 Reviewed by Brent Fulgham. 7 8 * fast/sandbox/ios/sandbox-mach-lookup-expected.txt: 9 * fast/sandbox/ios/sandbox-mach-lookup.html: 10 1 11 2020-03-23 Jason Lawrence <lawrence.j@apple.com> 2 12 -
trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
r258845 r258891 26 26 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.mobileassetd.v2") is false 27 27 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is false 28 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.lsd.mapdb") is false -
trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
r258845 r258891 29 29 shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.mobileassetd.v2\")"); 30 30 shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices\")"); 31 shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.lsd.mapdb\")"); 31 32 } 32 33 </script> -
trunk/Source/WTF/ChangeLog
r258884 r258891 1 2020-03-23 Per Arne Vollan <pvollan@apple.com> 2 3 [Cocoa] Deny access to database mapping service 4 https://bugs.webkit.org/show_bug.cgi?id=209339 5 <rdar://problem/56966010> 6 7 Reviewed by Brent Fulgham. 8 9 Disable the use of UTTypeRecord swizzling, since this is not needed with the new approach 10 of denying the database mapping service in this patch. 11 12 * wtf/PlatformUse.h: 13 1 14 2020-03-23 John Wilander <wilander@apple.com> 2 15 -
trunk/Source/WTF/wtf/PlatformUse.h
r258841 r258891 322 322 #endif 323 323 324 #if PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 140000 325 #define USE_UTTYPE_SWIZZLER 1 326 #endif 324 #define USE_UTTYPE_SWIZZLER 0 -
trunk/Source/WebKit/ChangeLog
r258888 r258891 1 2020-03-23 Per Arne Vollan <pvollan@apple.com> 2 3 [Cocoa] Deny access to database mapping service 4 https://bugs.webkit.org/show_bug.cgi?id=209339 5 <rdar://problem/56966010> 6 7 Reviewed by Brent Fulgham. 8 9 In order for the WebContent process to not have permantent access to the database mapping service, 10 this patch creates an extension for the service in the UI process, sends it to the WebContent 11 process, where it is consumed. Then, an API call is made which will map the database, and next the 12 WebContent process will revoke the extension. The WebContent process has then mapped the database, 13 and access to the database mapping service is no longer needed. 14 15 Tested by: fast/sandbox/ios/sandbox-mach-lookup.html 16 17 * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: 18 * Shared/WebProcessCreationParameters.cpp: 19 (WebKit::WebProcessCreationParameters::encode const): 20 (WebKit::WebProcessCreationParameters::decode): 21 * Shared/WebProcessCreationParameters.h: 22 * UIProcess/Cocoa/WebProcessPoolCocoa.mm: 23 (WebKit::WebProcessPool::platformInitializeWebProcess): 24 * WebProcess/cocoa/WebProcessCocoa.mm: 25 (WebKit::WebProcess::platformInitializeWebProcess): 26 * WebProcess/com.apple.WebProcess.sb.in: 27 1 28 2020-03-23 Megan Gardner <megan_gardner@apple.com> 2 29 -
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
r258845 r258891 538 538 ) 539 539 540 (deny mach-lookup (with telemetry )540 (deny mach-lookup (with telemetry-backtrace) 541 541 (global-name "com.apple.distributed_notifications@1v3")) 542 542 … … 544 544 (ipc-posix-name-prefix "apple.cfprefs.")) 545 545 546 ( allowmach-lookup (with telemetry-backtrace)546 (deny mach-lookup (with telemetry-backtrace) 547 547 (global-name "com.apple.lsd.mapdb")) 548 548 -
trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp
r258841 r258891 170 170 encoder << neHelperExtensionHandle; 171 171 encoder << neSessionManagerExtensionHandle; 172 encoder << mapDBExtensionHandle; 172 173 encoder << systemHasBattery; 173 174 encoder << mimeTypesMap; … … 457 458 parameters.neSessionManagerExtensionHandle = WTFMove(*neSessionManagerExtensionHandle); 458 459 460 Optional<Optional<SandboxExtension::Handle>> mapDBExtensionHandle; 461 decoder >> mapDBExtensionHandle; 462 if (!mapDBExtensionHandle) 463 return false; 464 parameters.mapDBExtensionHandle = WTFMove(*mapDBExtensionHandle); 465 459 466 Optional<bool> systemHasBattery; 460 467 decoder >> systemHasBattery; -
trunk/Source/WebKit/Shared/WebProcessCreationParameters.h
r258841 r258891 214 214 Optional<SandboxExtension::Handle> neHelperExtensionHandle; 215 215 Optional<SandboxExtension::Handle> neSessionManagerExtensionHandle; 216 Optional<SandboxExtension::Handle> mapDBExtensionHandle; 216 217 bool systemHasBattery { false }; 217 218 Optional<HashMap<String, Vector<String>, ASCIICaseInsensitiveHash>> mimeTypesMap; -
trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
r258841 r258891 381 381 static const char* services[] = { 382 382 "com.apple.lsd.open", 383 "com.apple.lsd.mapdb",384 383 "com.apple.mobileassetd", 385 384 "com.apple.iconservices", … … 416 415 parameters.mimeTypesMap = commonMimeTypesMap(); 417 416 parameters.mapUTIFromMIMEType = createUTIFromMIMETypeMap(); 417 418 SandboxExtension::Handle mapDBHandle; 419 SandboxExtension::createHandleForMachLookup("com.apple.lsd.mapdb", WTF::nullopt, mapDBHandle, SandboxExtension::Flags::NoReport); 420 parameters.mapDBExtensionHandle = WTFMove(mapDBHandle); 418 421 #endif 419 422 -
trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
r258841 r258891 105 105 #import "UserInterfaceIdiom.h" 106 106 #import "WKAccessibilityWebPageObjectIOS.h" 107 #import <MobileCoreServices/MobileCoreServices.h> 107 108 #import <UIKit/UIAccessibility.h> 108 109 #import <WebCore/UTTypeRecordSwizzler.h> … … 275 276 SandboxExtension::consumePermanently(*parameters.neSessionManagerExtensionHandle); 276 277 NetworkExtensionContentFilter::setHasConsumedSandboxExtensions(parameters.neHelperExtensionHandle.hasValue() && parameters.neSessionManagerExtensionHandle.hasValue()); 278 279 if (parameters.mapDBExtensionHandle) { 280 auto extension = SandboxExtension::create(WTFMove(*parameters.mapDBExtensionHandle)); 281 bool ok = extension->consume(); 282 ASSERT_UNUSED(ok, ok); 283 // Perform API calls which will communicate with the database mapping service, and map the database. 284 auto uti = adoptCF(UTTypeCreatePreferredIdentifierForTag(kUTTagClassMIMEType, CFSTR("text/html"), 0)); 285 auto mimeType = adoptCF(UTTypeCopyPreferredTagWithClass(CFSTR("public.png"), kUTTagClassMIMEType)); 286 ok = extension->revoke(); 287 ASSERT_UNUSED(ok, ok); 288 } 289 277 290 setSystemHasBattery(parameters.systemHasBattery); 278 291 -
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
r258841 r258891 680 680 (global-name "com.apple.cfprefsd.daemon") 681 681 (global-name "com.apple.coreservices.launchservicesd") 682 (global-name "com.apple.lsd.mapdb")683 682 (global-name "com.apple.trustd.agent") 684 683 ) … … 888 887 "com.apple.cfprefsd.daemon" 889 888 "com.apple.tccd" 889 "com.apple.lsd.mapdb" 890 890 891 891 ;;; FIXME(207716): The following should be removed when the GPU process is complete
Note: See TracChangeset
for help on using the changeset viewer.