- Revision
- 263295
- Author
- pvol...@apple.com
- Date
- 2020-06-19 16:37:55 -0700 (Fri, 19 Jun 2020)
Log Message
[macOS] Connections to the preference daemon are established before entering the sandbox
https://bugs.webkit.org/show_bug.cgi?id=213379
Reviewed by Darin Adler.
Source/WebCore/PAL:
Use correct parameter types in _CFPrefsSetDirectModeEnabled and _CFPrefsSetReadOnly, and move
_CFPrefsSetDirectModeEnabled inside an Objective-C guard, since BOOL only seems to be a builtin
type in Objective-C.
* pal/spi/cf/CFUtilitiesSPI.h:
Source/WebKit:
On macOS, connections to the preference daemon are established before entering the sandbox. These connections also persist
after entering the sandbox and denying access to the preference daemon. There should not be attempts to connect to the
preference daemon before entering the sandbox, since these attempts will not be stopped by the sandbox. This patch moves
code that connects to the preference daemon to be executed after the sandbox has been entered. That includes code to
prevent connections to the Dock and code to initialize WebKit logging. Also, instead of calling [NSBundle bundleForClass:],
call [NSBundle bundleWithIdentifier:], since calling [NSBundle bundleForClass:] will connect to the preference daemon.
Finally, allow the syscall SYS_gethostuuid, since that is needed by CoreFoundation when there is no access to the
preference daemon.
No new tests. This should be covered by existing tests. It would be nice to have a test to make sure that there are no
connections to the preference daemon just before entering the sandbox, but I am not aware of how to implement this.
* NetworkProcess/mac/NetworkProcessMac.mm:
(WebKit::NetworkProcess::initializeSandbox):
* Shared/AuxiliaryProcess.cpp:
(WebKit::AuxiliaryProcess::initialize):
* Shared/Cocoa/WebKit2InitializeCocoa.mm:
(WebKit::runInitializationCode):
* Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
(WebKit::XPCServiceMain):
* Shared/mac/AuxiliaryProcessMac.mm:
(WebKit::webKit2Bundle):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
(WebKit::WebProcess::initializeSandbox):
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebCore/PAL/ChangeLog (263294 => 263295)
--- trunk/Source/WebCore/PAL/ChangeLog 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebCore/PAL/ChangeLog 2020-06-19 23:37:55 UTC (rev 263295)
@@ -1,3 +1,16 @@
+2020-06-19 Per Arne Vollan <pvol...@apple.com>
+
+ [macOS] Connections to the preference daemon are established before entering the sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=213379
+
+ Reviewed by Darin Adler.
+
+ Use correct parameter types in _CFPrefsSetDirectModeEnabled and _CFPrefsSetReadOnly, and move
+ _CFPrefsSetDirectModeEnabled inside an Objective-C guard, since BOOL only seems to be a builtin
+ type in Objective-C.
+
+ * pal/spi/cf/CFUtilitiesSPI.h:
+
2020-06-19 Myles C. Maxfield <mmaxfi...@apple.com>
[Cocoa] Unify "font:" CSS shorthand values between macOS and iOS family
Modified: trunk/Source/WebCore/PAL/pal/spi/cf/CFUtilitiesSPI.h (263294 => 263295)
--- trunk/Source/WebCore/PAL/pal/spi/cf/CFUtilitiesSPI.h 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebCore/PAL/pal/spi/cf/CFUtilitiesSPI.h 2020-06-19 23:37:55 UTC (rev 263295)
@@ -58,7 +58,9 @@
void __CFRunLoopSetOptionsReason(__CFRunLoopOptions opts, CFStringRef reason);
-void _CFPrefsSetDirectModeEnabled(bool enabled);
-void _CFPrefsSetReadOnly(bool flag);
+#ifdef __OBJC__
+void _CFPrefsSetDirectModeEnabled(BOOL enabled);
+#endif
+void _CFPrefsSetReadOnly(Boolean flag);
WTF_EXTERN_C_END
Modified: trunk/Source/WebKit/ChangeLog (263294 => 263295)
--- trunk/Source/WebKit/ChangeLog 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/ChangeLog 2020-06-19 23:37:55 UTC (rev 263295)
@@ -1,3 +1,37 @@
+2020-06-19 Per Arne Vollan <pvol...@apple.com>
+
+ [macOS] Connections to the preference daemon are established before entering the sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=213379
+
+ Reviewed by Darin Adler.
+
+ On macOS, connections to the preference daemon are established before entering the sandbox. These connections also persist
+ after entering the sandbox and denying access to the preference daemon. There should not be attempts to connect to the
+ preference daemon before entering the sandbox, since these attempts will not be stopped by the sandbox. This patch moves
+ code that connects to the preference daemon to be executed after the sandbox has been entered. That includes code to
+ prevent connections to the Dock and code to initialize WebKit logging. Also, instead of calling [NSBundle bundleForClass:],
+ call [NSBundle bundleWithIdentifier:], since calling [NSBundle bundleForClass:] will connect to the preference daemon.
+ Finally, allow the syscall SYS_gethostuuid, since that is needed by CoreFoundation when there is no access to the
+ preference daemon.
+
+ No new tests. This should be covered by existing tests. It would be nice to have a test to make sure that there are no
+ connections to the preference daemon just before entering the sandbox, but I am not aware of how to implement this.
+
+ * NetworkProcess/mac/NetworkProcessMac.mm:
+ (WebKit::NetworkProcess::initializeSandbox):
+ * Shared/AuxiliaryProcess.cpp:
+ (WebKit::AuxiliaryProcess::initialize):
+ * Shared/Cocoa/WebKit2InitializeCocoa.mm:
+ (WebKit::runInitializationCode):
+ * Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
+ (WebKit::XPCServiceMain):
+ * Shared/mac/AuxiliaryProcessMac.mm:
+ (WebKit::webKit2Bundle):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+ (WebKit::WebProcess::initializeSandbox):
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2020-06-19 Chris Dumez <cdu...@apple.com>
Avoid initializing RenderTheme singleton unnecessarily in the UIProcess
Modified: trunk/Source/WebKit/NetworkProcess/mac/NetworkProcessMac.mm (263294 => 263295)
--- trunk/Source/WebKit/NetworkProcess/mac/NetworkProcessMac.mm 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/NetworkProcess/mac/NetworkProcessMac.mm 2020-06-19 23:37:55 UTC (rev 263295)
@@ -87,9 +87,9 @@
void NetworkProcess::initializeSandbox(const AuxiliaryProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
{
// Need to overide the default, because service has a different bundle ID.
- NSBundle *webKit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];
+ auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
- sandboxParameters.setOverrideSandboxProfilePath([webKit2Bundle pathForResource:@"com.apple.WebKit.NetworkProcess" ofType:@"sb"]);
+ sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebKit.NetworkProcess.sb"));
AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
}
Modified: trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp (263294 => 263295)
--- trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp 2020-06-19 23:37:55 UTC (rev 263295)
@@ -27,8 +27,10 @@
#include "AuxiliaryProcess.h"
#include "ContentWorldShared.h"
+#include "LogInitialization.h"
#include "Logging.h"
#include "SandboxInitializationParameters.h"
+#include <WebCore/LogInitialization.h>
#include <pal/SessionID.h>
#if !OS(WINDOWS)
@@ -76,6 +78,11 @@
SandboxInitializationParameters sandboxParameters;
initializeSandbox(parameters, sandboxParameters);
+#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
+ WebCore::initializeLogChannelsIfNecessary();
+ WebKit::initializeLogChannelsIfNecessary();
+#endif // !LOG_DISABLED || !RELEASE_LOG_DISABLED
+
initializeProcessName(parameters);
// In WebKit2, only the UI process should ever be generating certain identifiers.
Modified: trunk/Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm (263294 => 263295)
--- trunk/Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm 2020-06-19 23:37:55 UTC (rev 263295)
@@ -26,10 +26,8 @@
#import "config.h"
#import "WebKit2Initialize.h"
-#import "LogInitialization.h"
#import "VersionChecks.h"
#import <_javascript_Core/InitializeThreading.h>
-#import <WebCore/LogInitialization.h>
#import <mutex>
#import <wtf/MainThread.h>
#import <wtf/RefCounted.h>
@@ -56,11 +54,6 @@
RunLoop::initializeMain();
WTF::RefCountedBase::enableThreadingChecksGlobally();
-
-#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
- WebCore::initializeLogChannelsIfNecessary();
- WebKit::initializeLogChannelsIfNecessary();
-#endif // !LOG_DISABLED || !RELEASE_LOG_DISABLED
}
void InitializeWebKit2()
Modified: trunk/Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm (263294 => 263295)
--- trunk/Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm 2020-06-19 23:37:55 UTC (rev 263295)
@@ -33,10 +33,6 @@
#import <wtf/RetainPtr.h>
#import <wtf/spi/darwin/XPCSPI.h>
-#if PLATFORM(MAC)
-#import <pal/spi/mac/NSApplicationSPI.h>
-#endif
-
namespace WebKit {
static void XPCServiceEventHandler(xpc_connection_t peer)
@@ -169,12 +165,6 @@
#if PLATFORM(MAC)
// Don't allow Apple Events in WebKit processes. This can be removed when <rdar://problem/14012823> is fixed.
setenv("__APPLEEVENTSSERVICENAME", "", 1);
-
- // We don't need to talk to the dock.
- if (Class nsApplicationClass = NSClassFromString(@"NSApplication")) {
- if ([nsApplicationClass respondsToSelector:@selector(_preventDockConnections)])
- [nsApplicationClass _preventDockConnections];
- }
#endif
xpc_main(XPCServiceEventHandler);
Modified: trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm (263294 => 263295)
--- trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm 2020-06-19 23:37:55 UTC (rev 263295)
@@ -520,7 +520,7 @@
static inline const NSBundle *webKit2Bundle()
{
- const static NSBundle *bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];
+ const static NSBundle *bundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
return bundle;
}
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (263294 => 263295)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2020-06-19 23:37:55 UTC (rev 263295)
@@ -185,11 +185,6 @@
ASSERT(String(uti.get()) == String(adoptCF(UTTypeCreatePreferredIdentifierForTag(kUTTagClassMIMEType, CFSTR("text/html"), 0)).get()));
}
-#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
- WebCore::initializeLogChannelsIfNecessary(parameters.webCoreLoggingChannels);
- WebKit::initializeLogChannelsIfNecessary(parameters.webKitLoggingChannels);
-#endif
-
WebCore::setApplicationBundleIdentifier(parameters.uiProcessBundleIdentifier);
setApplicationSDKVersion(parameters.uiProcessSDKVersion);
@@ -231,6 +226,9 @@
#endif
#if USE(APPKIT)
+ // We don't need to talk to the Dock.
+ [NSApplication _preventDockConnections];
+
[[NSUserDefaults standardUserDefaults] registerDefaults:@{ @"NSApplicationCrashOnExceptions" : @YES }];
// rdar://9118639 accessibilityFocusedUIElement in NSApplication defaults to use the keyWindow. Since there's
@@ -238,7 +236,7 @@
Method methodToPatch = class_getInstanceMethod([NSApplication class], @selector(accessibilityFocusedUIElement));
method_setImplementation(methodToPatch, (IMP)NSApplicationAccessibilityFocusedUIElement);
#endif
-
+
#if PLATFORM(MAC) && ENABLE(WEBPROCESS_NSRUNLOOP)
// Need to initialize accessibility for VoiceOver to work when the WebContent process is using NSRunLoop.
// Currently, it is also needed to allocate and initialize an NSApplication object.
@@ -582,9 +580,9 @@
{
#if PLATFORM(MAC) || PLATFORM(MACCATALYST)
// Need to override the default, because service has a different bundle ID.
- NSBundle *webKit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];
+ auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
- sandboxParameters.setOverrideSandboxProfilePath([webKit2Bundle pathForResource:@"com.apple.WebProcess" ofType:@"sb"]);
+ sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebProcess.sb"));
AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
#endif
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (263294 => 263295)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-06-19 23:12:07 UTC (rev 263294)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-06-19 23:37:55 UTC (rev 263295)
@@ -1100,6 +1100,7 @@
(syscall-number SYS_ulock_wait2) ;; <rdar://problem/58743778>
#endif
(syscall-number SYS_fstat64_extended) ;; <rdar://problem/61310019>
+ (syscall-number SYS_gethostuuid)
)
#if __MAC_OS_X_VERSION_MIN_REQUIRED > 101500