Title: [286437] trunk/Source
- Revision
- 286437
- Author
- pvol...@apple.com
- Date
- 2021-12-02 10:44:46 -0800 (Thu, 02 Dec 2021)
Log Message
[WP] Strengthen sandbox when AppCache is disabled
https://bugs.webkit.org/show_bug.cgi?id=233746
<rdar://problem/85953893>
Reviewed by Brent Fulgham.
Source/WebKit:
When AppCache is disabled, we can remove access to some resources in the WebContent process' sandbox.
This is implemented using a new sandbox state variable representing the AppCache state.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* WebProcess/WebPage/WebPage.cpp:
* WebProcess/com.apple.WebProcess.sb.in:
Source/WTF:
Add HAVE macro for sandbox state flags support.
* wtf/PlatformHave.h:
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (286436 => 286437)
--- trunk/Source/WTF/ChangeLog 2021-12-02 17:57:46 UTC (rev 286436)
+++ trunk/Source/WTF/ChangeLog 2021-12-02 18:44:46 UTC (rev 286437)
@@ -1,3 +1,15 @@
+2021-12-02 Per Arne Vollan <pvol...@apple.com>
+
+ [WP] Strengthen sandbox when AppCache is disabled
+ https://bugs.webkit.org/show_bug.cgi?id=233746
+ <rdar://problem/85953893>
+
+ Reviewed by Brent Fulgham.
+
+ Add HAVE macro for sandbox state flags support.
+
+ * wtf/PlatformHave.h:
+
2021-12-02 Aditya Keerthi <akeer...@apple.com>
[macCatalyst] Enable support for date/time inputs
Modified: trunk/Source/WTF/wtf/PlatformHave.h (286436 => 286437)
--- trunk/Source/WTF/wtf/PlatformHave.h 2021-12-02 17:57:46 UTC (rev 286436)
+++ trunk/Source/WTF/wtf/PlatformHave.h 2021-12-02 18:44:46 UTC (rev 286437)
@@ -1102,3 +1102,8 @@
#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 120000
#undef HAVE_AV_DELEGATING_PLAYBACK_COORDINATOR
#endif
+
+#if ((PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 130000) \
+ || (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 160000))
+#define HAVE_SANDBOX_STATE_FLAGS 1
+#endif
Modified: trunk/Source/WebKit/ChangeLog (286436 => 286437)
--- trunk/Source/WebKit/ChangeLog 2021-12-02 17:57:46 UTC (rev 286436)
+++ trunk/Source/WebKit/ChangeLog 2021-12-02 18:44:46 UTC (rev 286437)
@@ -1,3 +1,18 @@
+2021-12-02 Per Arne Vollan <pvol...@apple.com>
+
+ [WP] Strengthen sandbox when AppCache is disabled
+ https://bugs.webkit.org/show_bug.cgi?id=233746
+ <rdar://problem/85953893>
+
+ Reviewed by Brent Fulgham.
+
+ When AppCache is disabled, we can remove access to some resources in the WebContent process' sandbox.
+ This is implemented using a new sandbox state variable representing the AppCache state.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+ * WebProcess/WebPage/WebPage.cpp:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2021-12-02 Youenn Fablet <you...@apple.com>
Add some logging to NetworkRTCProvider
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (286436 => 286437)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-12-02 17:57:46 UTC (rev 286436)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-12-02 18:44:46 UTC (rev 286437)
@@ -1385,27 +1385,45 @@
(when (defined? 'system-fcntl)
(deny system-fcntl (with telemetry))
(allow system-fcntl
- (fcntl-command F_BARRIERFSYNC)
- (fcntl-command F_GETCONFINED)
- (fcntl-command F_GETFL) ;; LibJPEGReadPlugin::copyImageBlockSetStandard
- (fcntl-command F_GETLK)
- (fcntl-command F_GETSIGSINFO)
- (fcntl-command F_NOCACHE)
- (fcntl-command F_OFD_GETLK)
- (fcntl-command F_OFD_SETLKWTIMEOUT)
- (fcntl-command F_RDADVISE)
- (fcntl-command F_SETCONFINED)
- (fcntl-command F_GETPATH) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
- (fcntl-command F_ADDFILESIGS_RETURN) ;; ImageLoaderMachO::loadCodeSignature
- (fcntl-command F_CHECK_LV) ;; ImageLoaderMachO::loadCodeSignature
- (fcntl-command F_SPECULATIVE_READ) ;; ImageLoaderMachO::mapSegments
- (fcntl-command F_SETFD) ;; libwebrtc.dylib (no backtrace)
- (fcntl-command F_GETFD) ;; libwebrtc.dylib (no backtrace)
- (fcntl-command F_SETFL) ;; CMCapture uses when camera is enabled
- (fcntl-command F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
+ (fcntl-command
+ F_GETPATH)) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
+ (allow system-fcntl (with report) (with telemetry)
+ (fcntl-command
+ F_BARRIERFSYNC
+ F_GETCONFINED
+ F_GETFL ;; LibJPEGReadPlugin::copyImageBlockSetStandard
+ F_GETSIGSINFO
+ F_NOCACHE
+ F_RDADVISE
+ F_SETCONFINED
+ F_ADDFILESIGS_RETURN ;; ImageLoaderMachO::loadCodeSignature
+ F_CHECK_LV ;; ImageLoaderMachO::loadCodeSignature
+ F_SPECULATIVE_READ ;; ImageLoaderMachO::mapSegments
+ F_SETFD ;; libwebrtc.dylib (no backtrace)
+ F_GETFD ;; libwebrtc.dylib (no backtrace)
+ F_SETFL ;; CMCapture uses when camera is enabled
+ F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
- (allow system-fcntl (with telemetry)
- (fcntl-command F_OFD_SETLK))
+ (define (appcache-fcntl-commands)
+ (fcntl-command
+ F_GETLK
+ F_OFD_GETLK
+ F_OFD_SETLK
+ F_OFD_SETLKWTIMEOUT))
+
+#if HAVE(SANDBOX_STATE_FLAGS)
+ ;; This rule enables the WebContent process to flip the "AppCacheDisabled" sandbox variable
+ ;; by reading a preference from the domain "com.apple.WebKit.WebContent.AppCacheDisabled".
+ (deny user-preference-read (with enable-state-flag "AppCacheDisabled")
+ (preference-domain "com.apple.WebKit.WebContent.AppCacheDisabled"))
+
+ (with-filter (require-not (state-flag "AppCacheDisabled"))
+ (allow system-fcntl (appcache-fcntl-commands)))
+ (with-filter (state-flag "AppCacheDisabled")
+ (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
+#else
+ (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
+#endif
(allow system-fcntl
(fcntl-command F_GETPROTECTIONCLASS)
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (286436 => 286437)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-12-02 17:57:46 UTC (rev 286436)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-12-02 18:44:46 UTC (rev 286437)
@@ -902,6 +902,15 @@
m_page->setCanUseCredentialStorage(parameters.canUseCredentialStorage);
+#if HAVE(SANDBOX_STATE_FLAGS)
+ if (!m_page->settings().offlineWebApplicationCacheEnabled()) {
+ // This call is not meant to actually read a preference, but is only here to trigger a sandbox rule in the
+ // WebContent process, which will toggle a sandbox variable used to determine if AppCache is disabled
+ // This call should be replaced with proper API when available.
+ CFPreferencesGetAppIntegerValue(CFSTR("key"), CFSTR("com.apple.WebKit.WebContent.AppCacheDisabled"), nullptr);
+ }
+#endif
+
updateThrottleState();
}
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (286436 => 286437)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-12-02 17:57:46 UTC (rev 286436)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-12-02 18:44:46 UTC (rev 286437)
@@ -1812,31 +1812,49 @@
(when (defined? 'system-fcntl)
(deny system-fcntl (with telemetry))
- (allow system-fcntl
- (fcntl-command F_BARRIERFSYNC)
- (fcntl-command F_GETCONFINED)
- (fcntl-command F_GETFL) ;; LibJPEGReadPlugin::copyImageBlockSetStandard
- (fcntl-command F_GETLK)
- (fcntl-command F_GETSIGSINFO)
- (fcntl-command F_NOCACHE)
- (fcntl-command F_OFD_GETLK)
- (fcntl-command F_OFD_SETLKWTIMEOUT)
- (fcntl-command F_RDADVISE)
- (fcntl-command F_SETCONFINED)
- (fcntl-command F_GETPATH) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
- (fcntl-command F_ADDFILESIGS_RETURN) ;; ImageLoaderMachO::loadCodeSignature
- (fcntl-command F_CHECK_LV) ;; ImageLoaderMachO::loadCodeSignature
- (fcntl-command F_SPECULATIVE_READ) ;; ImageLoaderMachO::mapSegments
- (fcntl-command F_SETFD) ;; libwebrtc.dylib (no backtrace)
- (fcntl-command F_GETFD) ;; libwebrtc.dylib (no backtrace)
- (fcntl-command F_RDADVISE) ;; CoreNLP::ReadOnlyFile <- +[DDScannerService scanString:range:configuration:] <- WebCore::DictionaryLookup::rangeAtHitTestResult(WebCore::HitTestResult const&)
- (fcntl-command F_NOCACHE) ;; Security::UnixPlusPlus::FileDesc::fcnt <- MTRegisterPluginFormatReaderBundleDirectory <- invocation function for block in WebCore::registerFormatReaderIfNecessary()
- (fcntl-command F_SETFL) ;; CMCapture uses when camera is enabled
- (fcntl-command F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
+ (allow system-fcntl
+ (fcntl-command
+ F_GETPATH)) ;; used by dyld4 and CGFontURLCreate, getcwd (at least)
+ (allow system-fcntl (with report) (with telemetry)
+ (fcntl-command
+ F_BARRIERFSYNC
+ F_GETCONFINED
+ F_GETFL ;; LibJPEGReadPlugin::copyImageBlockSetStandard
+ F_GETSIGSINFO
+ F_NOCACHE
+ F_RDADVISE
+ F_SETCONFINED
+ F_ADDFILESIGS_RETURN ;; ImageLoaderMachO::loadCodeSignature
+ F_CHECK_LV ;; ImageLoaderMachO::loadCodeSignature
+ F_SPECULATIVE_READ ;; ImageLoaderMachO::mapSegments
+ F_SETFD ;; libwebrtc.dylib (no backtrace)
+ F_GETFD ;; libwebrtc.dylib (no backtrace)
+ F_RDADVISE ;; CoreNLP::ReadOnlyFile <- +[DDScannerService scanString:range:configuration:] <- WebCore::DictionaryLookup::rangeAtHitTestResult(WebCore::HitTestResult const&)
+ F_NOCACHE ;; Security::UnixPlusPlus::FileDesc::fcnt <- MTRegisterPluginFormatReaderBundleDirectory <- invocation function for block in WebCore::registerFormatReaderIfNecessary()
+ F_SETFL ;; CMCapture uses when camera is enabled
+ F_SETNOSIGPIPE)) ;; CMCapture uses when camera is enabled
- (allow system-fcntl
- (fcntl-command F_OFD_SETLK))
+ (define (appcache-fcntl-commands)
+ (fcntl-command
+ F_GETLK
+ F_OFD_GETLK
+ F_OFD_SETLK
+ F_OFD_SETLKWTIMEOUT))
+#if HAVE(SANDBOX_STATE_FLAGS)
+ ;; This rule enables the WebContent process to flip the "AppCacheDisabled" sandbox variable
+ ;; by reading a preference from the domain "com.apple.WebKit.WebContent.AppCacheDisabled".
+ (deny user-preference-read (with enable-state-flag "AppCacheDisabled")
+ (preference-domain "com.apple.WebKit.WebContent.AppCacheDisabled"))
+
+ (with-filter (require-not (state-flag "AppCacheDisabled"))
+ (allow system-fcntl (appcache-fcntl-commands)))
+ (with-filter (state-flag "AppCacheDisabled")
+ (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
+#else
+ (allow system-fcntl (with report) (with telemetry) (appcache-fcntl-commands)))
+#endif
+
(allow system-fcntl
(fcntl-command F_GETPROTECTIONCLASS)
(fcntl-command F_SETPROTECTIONCLASS))
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes