[webkit-changes] [260136] branches/safari-610.1.9-branch

Wed, 15 Apr 2020 09:40:25 -0700

Title: [260136] branches/safari-610.1.9-branch
Revision
260136
Author
[email protected]
Date
2020-04-15 09:39:34 -0700 (Wed, 15 Apr 2020)

Log Message

Cherry-pick r259753. rdar://problem/61360674

    [macOS] Crash under WebKit::SandboxExtension::consume
    https://bugs.webkit.org/show_bug.cgi?id=210188

    Reviewed by Geoffrey Garen.

    Source/WebKit:

    When issuing a mach lookup extension to the database mapping service in the UI process fails, the WebContent
    process will crash when trying to consume the extension.

    No new tests, since I am not able to reproduce the issue.

    * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
    (WebKit::WebProcessPool::platformInitializeWebProcess):
    * WebProcess/com.apple.WebProcess.sb.in:

    LayoutTests:

    * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
    * fast/sandbox/mac/sandbox-mach-lookup.html:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259753 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

Diff

Modified: branches/safari-610.1.9-branch/LayoutTests/ChangeLog (260135 => 260136)


--- branches/safari-610.1.9-branch/LayoutTests/ChangeLog	2020-04-15 16:39:30 UTC (rev 260135)
+++ branches/safari-610.1.9-branch/LayoutTests/ChangeLog	2020-04-15 16:39:34 UTC (rev 260136)
@@ -1,3 +1,41 @@
+2020-04-15  Alan Coon  <[email protected]>
+
+        Cherry-pick r259753. rdar://problem/61360674
+
+    [macOS] Crash under WebKit::SandboxExtension::consume
+    https://bugs.webkit.org/show_bug.cgi?id=210188
+    
+    Reviewed by Geoffrey Garen.
+    
+    Source/WebKit:
+    
+    When issuing a mach lookup extension to the database mapping service in the UI process fails, the WebContent
+    process will crash when trying to consume the extension.
+    
+    No new tests, since I am not able to reproduce the issue.
+    
+    * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+    (WebKit::WebProcessPool::platformInitializeWebProcess):
+    * WebProcess/com.apple.WebProcess.sb.in:
+    
+    LayoutTests:
+    
+    * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+    * fast/sandbox/mac/sandbox-mach-lookup.html:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259753 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-04-08  Per Arne Vollan  <[email protected]>
+
+            [macOS] Crash under WebKit::SandboxExtension::consume
+            https://bugs.webkit.org/show_bug.cgi?id=210188
+
+            Reviewed by Geoffrey Garen.
+
+            * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+            * fast/sandbox/mac/sandbox-mach-lookup.html:
+
 2020-04-05  Alexey Shvayka  <[email protected]>
 
         Octal escapes should be max 3 digits and syntax errors in Unicode patterns

Modified: branches/safari-610.1.9-branch/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (260135 => 260136)


--- branches/safari-610.1.9-branch/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2020-04-15 16:39:30 UTC (rev 260135)
+++ branches/safari-610.1.9-branch/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2020-04-15 16:39:34 UTC (rev 260136)
@@ -8,5 +8,4 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager.content-filter") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.system.logger") is false
-PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.lsd.mapdb") is false

Modified: branches/safari-610.1.9-branch/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html (260135 => 260136)


--- branches/safari-610.1.9-branch/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html	2020-04-15 16:39:30 UTC (rev 260135)
+++ branches/safari-610.1.9-branch/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html	2020-04-15 16:39:34 UTC (rev 260136)
@@ -11,7 +11,6 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager.content-filter\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.system.logger\")");
-    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.lsd.mapdb\")");
 }
 </script>
 </head>

Modified: branches/safari-610.1.9-branch/Source/WebKit/ChangeLog (260135 => 260136)


--- branches/safari-610.1.9-branch/Source/WebKit/ChangeLog	2020-04-15 16:39:30 UTC (rev 260135)
+++ branches/safari-610.1.9-branch/Source/WebKit/ChangeLog	2020-04-15 16:39:34 UTC (rev 260136)
@@ -1,3 +1,47 @@
+2020-04-15  Alan Coon  <[email protected]>
+
+        Cherry-pick r259753. rdar://problem/61360674
+
+    [macOS] Crash under WebKit::SandboxExtension::consume
+    https://bugs.webkit.org/show_bug.cgi?id=210188
+    
+    Reviewed by Geoffrey Garen.
+    
+    Source/WebKit:
+    
+    When issuing a mach lookup extension to the database mapping service in the UI process fails, the WebContent
+    process will crash when trying to consume the extension.
+    
+    No new tests, since I am not able to reproduce the issue.
+    
+    * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+    (WebKit::WebProcessPool::platformInitializeWebProcess):
+    * WebProcess/com.apple.WebProcess.sb.in:
+    
+    LayoutTests:
+    
+    * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+    * fast/sandbox/mac/sandbox-mach-lookup.html:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259753 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-04-08  Per Arne Vollan  <[email protected]>
+
+            [macOS] Crash under WebKit::SandboxExtension::consume
+            https://bugs.webkit.org/show_bug.cgi?id=210188
+
+            Reviewed by Geoffrey Garen.
+
+            When issuing a mach lookup extension to the database mapping service in the UI process fails, the WebContent
+            process will crash when trying to consume the extension.
+
+            No new tests, since I am not able to reproduce the issue.
+
+            * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+            (WebKit::WebProcessPool::platformInitializeWebProcess):
+            * WebProcess/com.apple.WebProcess.sb.in:
+
 2020-04-13  Russell Epstein  <[email protected]>
 
         Cherry-pick r259590. rdar://problem/61691110

Modified: branches/safari-610.1.9-branch/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (260135 => 260136)


--- branches/safari-610.1.9-branch/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-04-15 16:39:30 UTC (rev 260135)
+++ branches/safari-610.1.9-branch/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-04-15 16:39:34 UTC (rev 260136)
@@ -407,8 +407,8 @@
     parameters.mimeTypesMap = commonMimeTypesMap();
 
     SandboxExtension::Handle mapDBHandle;
-    SandboxExtension::createHandleForMachLookup("com.apple.lsd.mapdb", WTF::nullopt, mapDBHandle, SandboxExtension::Flags::NoReport);
-    parameters.mapDBExtensionHandle = WTFMove(mapDBHandle);
+    if (SandboxExtension::createHandleForMachLookup("com.apple.lsd.mapdb", WTF::nullopt, mapDBHandle, SandboxExtension::Flags::NoReport))
+        parameters.mapDBExtensionHandle = WTFMove(mapDBHandle);
 #endif
     
 #if PLATFORM(IOS)

Modified: branches/safari-610.1.9-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (260135 => 260136)


--- branches/safari-610.1.9-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-04-15 16:39:30 UTC (rev 260135)
+++ branches/safari-610.1.9-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-04-15 16:39:34 UTC (rev 260136)
@@ -687,9 +687,10 @@
     (global-name "com.apple.trustd.agent")
 )
 
-(deny mach-lookup
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101600
-    (with telemetry-backtrace)
+(deny mach-lookup (with telemetry-backtrace)
+#else
+(allow mach-lookup
 #endif
     (global-name "com.apple.lsd.mapdb")
 )

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to