Title: [272896] trunk/Source
- Revision
- 272896
- Author
- pvol...@apple.com
- Date
- 2021-02-15 20:29:38 -0800 (Mon, 15 Feb 2021)
Log Message
[macOS] Close XPC connections before entering sandbox
https://bugs.webkit.org/show_bug.cgi?id=221905
<rdar://problem/70359582>
Reviewed by Brent Fulgham.
Source/WebKit:
XPC connections that are now allowed in the sandbox should be closed before entering the sandbox.
* Shared/mac/AuxiliaryProcessMac.mm:
(WebKit::initializeSandboxParameters):
Source/WTF:
Add softlinking macro for libraries in /usr/lib/system/.
* wtf/cocoa/SoftLinking.h:
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (272895 => 272896)
--- trunk/Source/WTF/ChangeLog 2021-02-16 04:21:55 UTC (rev 272895)
+++ trunk/Source/WTF/ChangeLog 2021-02-16 04:29:38 UTC (rev 272896)
@@ -1,3 +1,15 @@
+2021-02-15 Per Arne <pvol...@apple.com>
+
+ [macOS] Close XPC connections before entering sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=221905
+ <rdar://problem/70359582>
+
+ Reviewed by Brent Fulgham.
+
+ Add softlinking macro for libraries in /usr/lib/system/.
+
+ * wtf/cocoa/SoftLinking.h:
+
2021-02-15 Michael Saboff <msab...@apple.com>
[ARM64] Change break instruction comment to indicate possible security failure
Modified: trunk/Source/WTF/wtf/cocoa/SoftLinking.h (272895 => 272896)
--- trunk/Source/WTF/wtf/cocoa/SoftLinking.h 2021-02-16 04:21:55 UTC (rev 272895)
+++ trunk/Source/WTF/wtf/cocoa/SoftLinking.h 2021-02-16 04:29:38 UTC (rev 272896)
@@ -42,6 +42,17 @@
return dylib; \
}
+#define SOFT_LINK_SYSTEM_LIBRARY(lib) \
+ static void* lib##Library() \
+ { \
+ static void* dylib = ^{ \
+ void *result = dlopen("/usr/lib/system/" #lib ".dylib", RTLD_NOW); \
+ RELEASE_ASSERT_WITH_MESSAGE(result, "%s", dlerror()); \
+ return result; \
+ }(); \
+ return dylib; \
+ }
+
#define SOFT_LINK_LIBRARY_OPTIONAL(lib) \
static void* lib##Library() \
{ \
Modified: trunk/Source/WebKit/ChangeLog (272895 => 272896)
--- trunk/Source/WebKit/ChangeLog 2021-02-16 04:21:55 UTC (rev 272895)
+++ trunk/Source/WebKit/ChangeLog 2021-02-16 04:29:38 UTC (rev 272896)
@@ -1,5 +1,18 @@
2021-02-15 Per Arne <pvol...@apple.com>
+ [macOS] Close XPC connections before entering sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=221905
+ <rdar://problem/70359582>
+
+ Reviewed by Brent Fulgham.
+
+ XPC connections that are now allowed in the sandbox should be closed before entering the sandbox.
+
+ * Shared/mac/AuxiliaryProcessMac.mm:
+ (WebKit::initializeSandboxParameters):
+
+2021-02-15 Per Arne <pvol...@apple.com>
+
Remove 'com.apple.powerlog.plxpclogger.xpc' from WebKit sandboxes
https://bugs.webkit.org/show_bug.cgi?id=221840
<rdar://problem/73579040>
Modified: trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm (272895 => 272896)
--- trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2021-02-16 04:21:55 UTC (rev 272895)
+++ trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2021-02-16 04:29:38 UTC (rev 272896)
@@ -62,6 +62,11 @@
#import <rootless.h>
#endif
+#import <wtf/SoftLinking.h>
+
+SOFT_LINK_SYSTEM_LIBRARY(libsystem_info)
+SOFT_LINK_OPTIONAL(libsystem_info, mbr_close_connections, int, (), ());
+
#if PLATFORM(MAC)
#define USE_CACHE_COMPILED_SANDBOX 1
#else
@@ -690,6 +695,8 @@
#else
#error "Unknown architecture."
#endif
+ if (mbr_close_connectionsPtr())
+ mbr_close_connectionsPtr()();
}
void AuxiliaryProcess::initializeSandbox(const AuxiliaryProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes