Changeset 260820 in webkit
- Timestamp:
- Apr 28, 2020 6:09:22 AM (4 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r260814 r260820 1 2020-04-28 Per Arne Vollan <pvollan@apple.com> 2 3 [iOS] Fix sandbox violation when uploading a file 4 https://bugs.webkit.org/show_bug.cgi?id=210937 5 6 Reviewed by Darin Adler. 7 8 * fast/forms/file/open-file-panel-crash-expected.txt: Added. 9 * fast/forms/file/open-file-panel-crash.html: Added. 10 * platform/win/TestExpectations: 11 1 12 2020-04-28 Youenn Fablet <youenn@apple.com> 2 13 -
trunk/LayoutTests/platform/win/TestExpectations
r260270 r260820 4490 4490 fast/text/combining-character-sequence-vertical.html [ Failure ] 4491 4491 4492 fast/forms/file/open-file-panel-crash.html [ Skip ] -
trunk/Source/WebKit/ChangeLog
r260819 r260820 1 2020-04-28 Per Arne Vollan <pvollan@apple.com> 2 3 [iOS] Fix sandbox violation when uploading a file 4 https://bugs.webkit.org/show_bug.cgi?id=210937 5 6 Reviewed by Darin Adler. 7 8 On iOS, the file chooser needs access to frontboard and icon services in the WebContent process. Create and 9 consume extensions for these services when choosing files. When done, the extensions should be revoked. This 10 patch also fixes an out-of-bounds array exception when running the test created for this patch. Additionally, 11 the function thumbnailSizedImageForImage should return a RetainPtr<UIImage>, since it seems unsafe to not 12 retain the UIImage after the image context is released in that function. 13 14 Test: fast/forms/file/open-file-panel-crash.html 15 16 * Shared/ios/WebIconUtilities.h: 17 * Shared/ios/WebIconUtilities.mm: 18 (WebKit::thumbnailSizedImageForImage): 19 (WebKit::fallbackIconForFile): 20 (WebKit::iconForImageFile): 21 (WebKit::iconForVideoFile): 22 (WebKit::iconForFile): 23 * UIProcess/WebPageProxy.cpp: 24 * UIProcess/ios/forms/WKFileUploadPanel.mm: 25 (-[_WKFileUploadItem displayImage]): 26 (-[_WKImageFileUploadItem displayImage]): 27 (-[_WKVideoFileUploadItem displayImage]): 28 (-[WKFileUploadPanel documentPicker:didPickDocumentsAtURLs:]): 29 (-[WKFileUploadPanel imagePickerController:didFinishPickingMediaWithInfo:]): 30 (-[WKFileUploadPanel imagePickerController:didFinishPickingMultipleMediaWithInfo:]): 31 * WebProcess/WebCoreSupport/ios/WebChromeClientIOS.mm: 32 (WebKit::WebChromeClient::createIconForFiles): 33 * WebProcess/WebPage/WebPage.cpp: 34 (WebKit::WebPage::didChooseFilesForOpenPanelWithDisplayStringAndIcon): 35 * WebProcess/WebPage/WebPage.h: 36 * WebProcess/WebPage/WebPage.messages.in: 37 1 38 2020-04-27 Carlos Garcia Campos <cgarcia@igalia.com> 2 39 -
trunk/Source/WebKit/Shared/ios/WebIconUtilities.h
r237266 r260820 32 32 namespace WebKit { 33 33 34 UIImage *fallbackIconForFile(NSURL *file);35 UIImage *iconForImageFile(NSURL *file);36 UIImage *iconForVideoFile(NSURL *file);37 UIImage *iconForFile(NSURL *file);34 RetainPtr<UIImage> fallbackIconForFile(NSURL *file); 35 RetainPtr<UIImage> iconForImageFile(NSURL *file); 36 RetainPtr<UIImage> iconForVideoFile(NSURL *file); 37 RetainPtr<UIImage> iconForFile(NSURL *file); 38 38 39 39 } -
trunk/Source/WebKit/Shared/ios/WebIconUtilities.mm
r260366 r260820 72 72 } 73 73 74 static UIImage *thumbnailSizedImageForImage(CGImageRef image)74 static RetainPtr<UIImage> thumbnailSizedImageForImage(CGImageRef image) 75 75 { 76 76 UIImage *squaredImage = squareImage(image); … … 82 82 CGContextSetInterpolationQuality(UIGraphicsGetCurrentContext(), kCGInterpolationHigh); 83 83 [squaredImage drawInRect:destRect]; 84 UIImage *resultImage = UIGraphicsGetImageFromCurrentImageContext();84 RetainPtr<UIImage> resultImage = UIGraphicsGetImageFromCurrentImageContext(); 85 85 UIGraphicsEndImageContext(); 86 86 return resultImage; 87 87 } 88 88 89 UIImage*fallbackIconForFile(NSURL *file)89 RetainPtr<UIImage> fallbackIconForFile(NSURL *file) 90 90 { 91 91 ASSERT_ARG(file, [file isFileURL]); 92 92 93 93 UIDocumentInteractionController *interactionController = [UIDocumentInteractionController interactionControllerWithURL:file]; 94 if (![interactionController.icons count]) 95 return nil; 94 96 return thumbnailSizedImageForImage(interactionController.icons[0].CGImage); 95 97 } 96 98 97 UIImage*iconForImageFile(NSURL *file)99 RetainPtr<UIImage> iconForImageFile(NSURL *file) 98 100 { 99 101 ASSERT_ARG(file, [file isFileURL]); … … 114 116 } 115 117 116 UIImage*iconForVideoFile(NSURL *file)118 RetainPtr<UIImage> iconForVideoFile(NSURL *file) 117 119 { 118 120 ASSERT_ARG(file, [file isFileURL]); … … 132 134 } 133 135 134 UIImage*iconForFile(NSURL *file)136 RetainPtr<UIImage> iconForFile(NSURL *file) 135 137 { 136 138 ASSERT_ARG(file, [file isFileURL]); -
trunk/Source/WebKit/UIProcess/WebPageProxy.cpp
r260793 r260820 6641 6641 #endif 6642 6642 6643 send(Messages::WebPage::DidChooseFilesForOpenPanelWithDisplayStringAndIcon(fileURLs, displayString, iconData ? iconData->dataReference() : IPC::DataReference())); 6643 SandboxExtension::Handle frontboardServicesSandboxExtension, iconServicesSandboxExtension; 6644 SandboxExtension::createHandleForMachLookup("com.apple.frontboard.systemappservices", WTF::nullopt, frontboardServicesSandboxExtension); 6645 SandboxExtension::createHandleForMachLookup("com.apple.iconservices", WTF::nullopt, iconServicesSandboxExtension); 6646 6647 send(Messages::WebPage::DidChooseFilesForOpenPanelWithDisplayStringAndIcon(fileURLs, displayString, iconData ? iconData->dataReference() : IPC::DataReference(), frontboardServicesSandboxExtension, iconServicesSandboxExtension)); 6644 6648 6645 6649 m_openPanelResultListener->invalidate(); -
trunk/Source/WebKit/UIProcess/ios/forms/WKFileUploadPanel.mm
r260116 r260820 75 75 @property (nonatomic, readonly, getter=isVideo) BOOL video; 76 76 @property (nonatomic, readonly) NSURL *fileURL; 77 @property (nonatomic, readonly) UIImage *displayImage;77 @property (nonatomic, readonly) RetainPtr<UIImage> displayImage; 78 78 @end 79 79 … … 104 104 } 105 105 106 - ( UIImage *)displayImage106 - (RetainPtr<UIImage>)displayImage 107 107 { 108 108 ASSERT_NOT_REACHED(); … … 123 123 } 124 124 125 - ( UIImage *)displayImage125 - (RetainPtr<UIImage>)displayImage 126 126 { 127 127 return iconForImageFile(self.fileURL); … … 141 141 } 142 142 143 - ( UIImage *)displayImage143 - (RetainPtr<UIImage>)displayImage 144 144 { 145 145 return iconForVideoFile(self.fileURL); … … 630 630 ASSERT(urls.count); 631 631 [self _dismissDisplayAnimated:YES]; 632 [self _chooseFiles:urls displayString:displayStringForDocumentsAtURLs(urls) iconImage:iconForFile(urls[0]) ];632 [self _chooseFiles:urls displayString:displayStringForDocumentsAtURLs(urls) iconImage:iconForFile(urls[0]).get()]; 633 633 } 634 634 … … 668 668 _WKFileUploadItem *result = [processedResults objectAtIndex:0]; 669 669 dispatch_async(dispatch_get_main_queue(), ^{ 670 [self _chooseFiles:@[result.fileURL] displayString:displayString iconImage:result.displayImage ];670 [self _chooseFiles:@[result.fileURL] displayString:displayString iconImage:result.displayImage.get()]; 671 671 }); 672 672 } … … 685 685 [self _processMediaInfoDictionaries:infos 686 686 successBlock:^(NSArray *processedResults, NSString *displayString) { 687 UIImage *iconImage = nil;687 RetainPtr<UIImage> iconImage = nil; 688 688 NSMutableArray *fileURLs = [NSMutableArray array]; 689 689 for (_WKFileUploadItem *result in processedResults) { … … 697 697 698 698 dispatch_async(dispatch_get_main_queue(), ^{ 699 [self _chooseFiles:fileURLs displayString:displayString iconImage:iconImage ];699 [self _chooseFiles:fileURLs displayString:displayString iconImage:iconImage.get()]; 700 700 }); 701 701 } -
trunk/Source/WebKit/WebProcess/WebCoreSupport/ios/WebChromeClientIOS.mm
r258721 r260820 152 152 // FIXME: We should generate an icon showing multiple files here, if applicable. Currently, if there are multiple 153 153 // files, we only use the first URL to generate an icon. 154 return Icon::createIconForImage(iconForFile([NSURL fileURLWithPath:filenames[0] isDirectory:NO]). CGImage);154 return Icon::createIconForImage(iconForFile([NSURL fileURLWithPath:filenames[0] isDirectory:NO]).get().CGImage); 155 155 } 156 156 -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp
r260764 r260820 272 272 #include <WebCore/UTIRegistry.h> 273 273 #include <wtf/MachSendRight.h> 274 #include <wtf/spi/darwin/SandboxSPI.h> 274 275 #endif 275 276 … … 4216 4217 4217 4218 #if PLATFORM(IOS_FAMILY) 4218 void WebPage::didChooseFilesForOpenPanelWithDisplayStringAndIcon(const Vector<String>& files, const String& displayString, const IPC::DataReference& iconData )4219 void WebPage::didChooseFilesForOpenPanelWithDisplayStringAndIcon(const Vector<String>& files, const String& displayString, const IPC::DataReference& iconData, SandboxExtension::Handle&& frontboardServicesSandboxExtensionHandle, SandboxExtension::Handle&& iconServicesSandboxExtensionHandle) 4219 4220 { 4220 4221 if (!m_activeOpenPanelResultListener) 4221 4222 return; 4223 4224 auto frontboardServicesSandboxExtension = SandboxExtension::create(WTFMove(frontboardServicesSandboxExtensionHandle)); 4225 if (frontboardServicesSandboxExtension) { 4226 bool consumed = frontboardServicesSandboxExtension->consume(); 4227 ASSERT_UNUSED(consumed, consumed); 4228 } 4229 4230 auto iconServicesSandboxExtension = SandboxExtension::create(WTFMove(iconServicesSandboxExtensionHandle)); 4231 if (iconServicesSandboxExtension) { 4232 bool consumed = iconServicesSandboxExtension->consume(); 4233 ASSERT_UNUSED(consumed, consumed); 4234 } 4235 4236 RELEASE_ASSERT(!sandbox_check(getpid(), "mach-lookup", static_cast<enum sandbox_filter_type>(SANDBOX_FILTER_GLOBAL_NAME | SANDBOX_CHECK_NO_REPORT), "com.apple.frontboard.systemappservices")); 4237 RELEASE_ASSERT(!sandbox_check(getpid(), "mach-lookup", static_cast<enum sandbox_filter_type>(SANDBOX_FILTER_GLOBAL_NAME | SANDBOX_CHECK_NO_REPORT), "com.apple.frontboard.iconservices")); 4222 4238 4223 4239 RefPtr<Icon> icon; … … 4231 4247 m_activeOpenPanelResultListener->didChooseFilesWithDisplayStringAndIcon(files, displayString, icon.get()); 4232 4248 m_activeOpenPanelResultListener = nullptr; 4249 4250 if (frontboardServicesSandboxExtension) { 4251 bool revoked = frontboardServicesSandboxExtension->revoke(); 4252 ASSERT_UNUSED(revoked, revoked); 4253 } 4254 4255 if (iconServicesSandboxExtension) { 4256 bool revoked = iconServicesSandboxExtension->revoke(); 4257 ASSERT_UNUSED(revoked, revoked); 4258 } 4259 4233 4260 } 4234 4261 #endif -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.h
r260764 r260820 1585 1585 1586 1586 #if PLATFORM(IOS_FAMILY) 1587 void didChooseFilesForOpenPanelWithDisplayStringAndIcon(const Vector<String>&, const String& displayString, const IPC::DataReference& iconData );1587 void didChooseFilesForOpenPanelWithDisplayStringAndIcon(const Vector<String>&, const String& displayString, const IPC::DataReference& iconData, WebKit::SandboxExtension::Handle&&, WebKit::SandboxExtension::Handle&&); 1588 1588 bool isTransparentOrFullyClipped(const WebCore::Element&) const; 1589 1589 #endif -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in
r260764 r260820 339 339 # Open panel. 340 340 #if PLATFORM(IOS_FAMILY) 341 DidChooseFilesForOpenPanelWithDisplayStringAndIcon(Vector<String> fileURLs, String displayString, IPC::DataReference iconData )341 DidChooseFilesForOpenPanelWithDisplayStringAndIcon(Vector<String> fileURLs, String displayString, IPC::DataReference iconData, WebKit::SandboxExtension::Handle frontboardServicesSandboxExtension, WebKit::SandboxExtension::Handle iconServicesSandboxExtension) 342 342 #endif 343 343 DidChooseFilesForOpenPanel(Vector<String> fileURLs)
Note: See TracChangeset
for help on using the changeset viewer.