Attachment #402329 for bug #213379

View Details Raw Unified Return to Bug 213379

| Differences between



2020-06-19  Per Arne Vollan  <pvollan@apple.com>

        [macOS] Connections to the preference daemon are established before entering the sandbox
        https://bugs.webkit.org/show_bug.cgi?id=213379

        Reviewed by Darin Adler.

        Use correct parameter types in _CFPrefsSetDirectModeEnabled and _CFPrefsSetReadOnly, and move
        _CFPrefsSetDirectModeEnabled inside an Objective-C guard, since BOOL only seems to be a builtin
        type in Objective-C.

        * pal/spi/cf/CFUtilitiesSPI.h:

2020-06-19  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Unify "font:" CSS shorthand values between macOS and iOS family

Lines 58-64 CFDictionaryRef _CFWebServicesCopyProvid Source/WebCore/PAL/pal/spi/cf/CFUtilitiesSPI.h_sec1
- Source/WebCore/PAL/pal/spi/cf/CFUtilitiesSPI.h -2 / +4 lines
58		58
59	void __CFRunLoopSetOptionsReason(__CFRunLoopOptions opts, CFStringRef reason);	59	void __CFRunLoopSetOptionsReason(__CFRunLoopOptions opts, CFStringRef reason);
60		60
61	void _CFPrefsSetDirectModeEnabled(bool enabled);	61	#ifdef __OBJC__
62	void _CFPrefsSetReadOnly(bool flag);	62	void _CFPrefsSetDirectModeEnabled(BOOL enabled);
		63	#endif
		64	void _CFPrefsSetReadOnly(Boolean flag);
63		65
64	WTF_EXTERN_C_END	66	WTF_EXTERN_C_END



2020-06-19  Per Arne Vollan  <pvollan@apple.com>

        [macOS] Connections to the preference daemon are established before entering the sandbox
        https://bugs.webkit.org/show_bug.cgi?id=213379

        Reviewed by Darin Adler.

        On macOS, connections to the preference daemon are established before entering the sandbox. These connections also persist
        after entering the sandbox and denying access to the preference daemon. There should not be attempts to connect to the
        preference daemon before entering the sandbox, since these attempts will not be stopped by the sandbox. This patch moves
        code that connects to the preference daemon to be executed after the sandbox has been entered. That includes code to
        prevent connections to the Dock and code to initialize WebKit logging. Also, instead of calling [NSBundle bundleForClass:],
        call [NSBundle bundleWithIdentifier:], since calling [NSBundle bundleForClass:] will connect to the preference daemon.
        Finally, allow the syscall SYS_gethostuuid, since that is needed by CoreFoundation when there is no access to the
        preference daemon.

        No new tests. This should be covered by existing tests. It would be nice to have a test to make sure that there are no
        connections to the preference daemon just before entering the sandbox, but I am not aware of how to implement this.

        * NetworkProcess/mac/NetworkProcessMac.mm:
        (WebKit::NetworkProcess::initializeSandbox):
        * Shared/AuxiliaryProcess.cpp:
        (WebKit::AuxiliaryProcess::initialize):
        * Shared/Cocoa/WebKit2InitializeCocoa.mm:
        (WebKit::runInitializationCode):
        * Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
        (WebKit::XPCServiceMain):
        * Shared/mac/AuxiliaryProcessMac.mm:
        (WebKit::webKit2Bundle):
        * WebProcess/cocoa/WebProcessCocoa.mm:
        (WebKit::WebProcess::platformInitializeWebProcess):
        (WebKit::WebProcess::initializeSandbox):
        * WebProcess/com.apple.WebProcess.sb.in:

2020-06-12  Takashi Komori  <Takashi.Komori@sony.com>

        [Curl] Implement functions to use ResourceLoadStatistics.



void NetworkProcess::initializeSandbox(const AuxiliaryProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
{
    // Need to overide the default, because service has a different bundle ID.
    auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];

    sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebKit.NetworkProcess.sb"));

    AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
}

Lines 27-34 Source/WebKit/Shared/AuxiliaryProcess.cpp_sec1
- Source/WebKit/Shared/AuxiliaryProcess.cpp +7 lines
27	#include "AuxiliaryProcess.h"	27	#include "AuxiliaryProcess.h"
28		28
29	#include "ContentWorldShared.h"	29	#include "ContentWorldShared.h"
		30	#include "LogInitialization.h"
30	#include "Logging.h"	31	#include "Logging.h"
31	#include "SandboxInitializationParameters.h"	32	#include "SandboxInitializationParameters.h"
		33	#include <WebCore/LogInitialization.h>
32	#include <pal/SessionID.h>	34	#include <pal/SessionID.h>
33		35
34	#if !OS(WINDOWS)	36	#if !OS(WINDOWS)
Lines 76-81 void AuxiliaryProcess::initialize(const Source/WebKit/Shared/AuxiliaryProcess.cpp_sec2
76	SandboxInitializationParameters sandboxParameters;	78	SandboxInitializationParameters sandboxParameters;
77	initializeSandbox(parameters, sandboxParameters);	79	initializeSandbox(parameters, sandboxParameters);
78		80
		81	#if !LOG_DISABLED \|\| !RELEASE_LOG_DISABLED
		82	WebCore::initializeLogChannelsIfNecessary();
		83	WebKit::initializeLogChannelsIfNecessary();
		84	#endif // !LOG_DISABLED \|\| !RELEASE_LOG_DISABLED
		85
79	initializeProcessName(parameters);	86	initializeProcessName(parameters);
80		87
81	// In WebKit2, only the UI process should ever be generating certain identifiers.	88	// In WebKit2, only the UI process should ever be generating certain identifiers.



#import "config.h"
#import "WebKit2Initialize.h"

#import "LogInitialization.h"
#import "VersionChecks.h"
#import <JavaScriptCore/InitializeThreading.h>
#import <WebCore/LogInitialization.h>
#import <mutex>
#import <wtf/MainThread.h>
#import <wtf/RefCounted.h>

    RunLoop::initializeMain();

    WTF::RefCountedBase::enableThreadingChecksGlobally();

#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
    WebCore::initializeLogChannelsIfNecessary();
    WebKit::initializeLogChannelsIfNecessary();
#endif // !LOG_DISABLED || !RELEASE_LOG_DISABLED
}

void InitializeWebKit2()



#import <wtf/RetainPtr.h>
#import <wtf/spi/darwin/XPCSPI.h>

#if PLATFORM(MAC)
#import <pal/spi/mac/NSApplicationSPI.h>
#endif

namespace WebKit {

static void XPCServiceEventHandler(xpc_connection_t peer)

#if PLATFORM(MAC)
    // Don't allow Apple Events in WebKit processes. This can be removed when <rdar://problem/14012823> is fixed.
    setenv("__APPLEEVENTSSERVICENAME", "", 1);

    // We don't need to talk to the dock.
    if (Class nsApplicationClass = NSClassFromString(@"NSApplication")) {
        if ([nsApplicationClass respondsToSelector:@selector(_preventDockConnections)])
            [nsApplicationClass _preventDockConnections];
    }
#endif

    xpc_main(XPCServiceEventHandler);

Lines 520-526 static bool tryApplyCachedSandbox(const Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm_sec1
- Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm -1 / +1 lines
520		520
521	static inline const NSBundle *webKit2Bundle()	521	static inline const NSBundle *webKit2Bundle()
522	{	522	{
523	const static NSBundle *bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];	523	const static NSBundle *bundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
524	return bundle;	524	return bundle;
525	}	525	}
526		526

Lines 1089-1094 Source/WebKit/WebProcess/com.apple.WebProcess.sb.in_sec1
- Source/WebKit/WebProcess/com.apple.WebProcess.sb.in +1 lines
1089	(syscall-number SYS_ulock_wait2) ;; <rdar://problem/58743778>	1089	(syscall-number SYS_ulock_wait2) ;; <rdar://problem/58743778>
1090	#endif	1090	#endif
1091	(syscall-number SYS_fstat64_extended) ;; <rdar://problem/61310019>	1091	(syscall-number SYS_fstat64_extended) ;; <rdar://problem/61310019>
		1092	(syscall-number SYS_gethostuuid)
1092	)	1093	)
1093		1094
1094	#if __MAC_OS_X_VERSION_MIN_REQUIRED > 101500	1095	#if __MAC_OS_X_VERSION_MIN_REQUIRED > 101500



        ASSERT(String(uti.get()) == String(adoptCF(UTTypeCreatePreferredIdentifierForTag(kUTTagClassMIMEType, CFSTR("text/html"), 0)).get()));
    }

#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
    WebCore::initializeLogChannelsIfNecessary(parameters.webCoreLoggingChannels);
    WebKit::initializeLogChannelsIfNecessary(parameters.webKitLoggingChannels);
#endif

    WebCore::setApplicationBundleIdentifier(parameters.uiProcessBundleIdentifier);
    setApplicationSDKVersion(parameters.uiProcessSDKVersion);


#endif

#if USE(APPKIT)
    // We don't need to talk to the Dock.
    if (Class nsApplicationClass = NSClassFromString(@"NSApplication")) {
        if ([nsApplicationClass respondsToSelector:@selector(_preventDockConnections)])
            [nsApplicationClass _preventDockConnections];
    }

    [[NSUserDefaults standardUserDefaults] registerDefaults:@{ @"NSApplicationCrashOnExceptions" : @YES }];

    // rdar://9118639 accessibilityFocusedUIElement in NSApplication defaults to use the keyWindow. Since there's

    Method methodToPatch = class_getInstanceMethod([NSApplication class], @selector(accessibilityFocusedUIElement));
    method_setImplementation(methodToPatch, (IMP)NSApplicationAccessibilityFocusedUIElement);
#endif

#if PLATFORM(MAC) && ENABLE(WEBPROCESS_NSRUNLOOP)
    // Need to initialize accessibility for VoiceOver to work when the WebContent process is using NSRunLoop.
    // Currently, it is also needed to allocate and initialize an NSApplication object.

{
#if PLATFORM(MAC) || PLATFORM(MACCATALYST)
    // Need to override the default, because service has a different bundle ID.
    auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];

    sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebProcess.sb"));

    AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
#endif

Return to Bug 213379

Lines 185-195 void WebProcess::platformInitializeWebPr Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm_sec1
- Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm -8 / +9 lines
185	ASSERT(String(uti.get()) == String(adoptCF(UTTypeCreatePreferredIdentifierForTag(kUTTagClassMIMEType, CFSTR("text/html"), 0)).get()));	185	ASSERT(String(uti.get()) == String(adoptCF(UTTypeCreatePreferredIdentifierForTag(kUTTagClassMIMEType, CFSTR("text/html"), 0)).get()));
186	}	186	}
187		187
188	#if !LOG_DISABLED \|\| !RELEASE_LOG_DISABLED
189	WebCore::initializeLogChannelsIfNecessary(parameters.webCoreLoggingChannels);
190	WebKit::initializeLogChannelsIfNecessary(parameters.webKitLoggingChannels);
191	#endif
192
193	WebCore::setApplicationBundleIdentifier(parameters.uiProcessBundleIdentifier);	188	WebCore::setApplicationBundleIdentifier(parameters.uiProcessBundleIdentifier);
194	setApplicationSDKVersion(parameters.uiProcessSDKVersion);	189	setApplicationSDKVersion(parameters.uiProcessSDKVersion);
195		190
Lines 231-236 void WebProcess::platformInitializeWebPr Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm_sec2
231	#endif	226	#endif
232		227
233	#if USE(APPKIT)	228	#if USE(APPKIT)
		229	// We don't need to talk to the Dock.
		230	if (Class nsApplicationClass = NSClassFromString(@"NSApplication")) {
		231	if ([nsApplicationClass respondsToSelector:@selector(_preventDockConnections)])
		232	[nsApplicationClass _preventDockConnections];
		233	}
		234
234	[[NSUserDefaults standardUserDefaults] registerDefaults:@{ @"NSApplicationCrashOnExceptions" : @YES }];	235	[[NSUserDefaults standardUserDefaults] registerDefaults:@{ @"NSApplicationCrashOnExceptions" : @YES }];
235		236
236	// rdar://9118639 accessibilityFocusedUIElement in NSApplication defaults to use the keyWindow. Since there's	237	// rdar://9118639 accessibilityFocusedUIElement in NSApplication defaults to use the keyWindow. Since there's
Lines 238-244 void WebProcess::platformInitializeWebPr Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm_sec3
238	Method methodToPatch = class_getInstanceMethod([NSApplication class], @selector(accessibilityFocusedUIElement));	239	Method methodToPatch = class_getInstanceMethod([NSApplication class], @selector(accessibilityFocusedUIElement));
239	method_setImplementation(methodToPatch, (IMP)NSApplicationAccessibilityFocusedUIElement);	240	method_setImplementation(methodToPatch, (IMP)NSApplicationAccessibilityFocusedUIElement);
240	#endif	241	#endif
241		242
242	#if PLATFORM(MAC) && ENABLE(WEBPROCESS_NSRUNLOOP)	243	#if PLATFORM(MAC) && ENABLE(WEBPROCESS_NSRUNLOOP)
243	// Need to initialize accessibility for VoiceOver to work when the WebContent process is using NSRunLoop.	244	// Need to initialize accessibility for VoiceOver to work when the WebContent process is using NSRunLoop.
244	// Currently, it is also needed to allocate and initialize an NSApplication object.	245	// Currently, it is also needed to allocate and initialize an NSApplication object.
Lines 579-587 void WebProcess::initializeSandbox(const Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm_sec4
579	{	580	{
580	#if PLATFORM(MAC) \|\| PLATFORM(MACCATALYST)	581	#if PLATFORM(MAC) \|\| PLATFORM(MACCATALYST)
581	// Need to override the default, because service has a different bundle ID.	582	// Need to override the default, because service has a different bundle ID.
582	NSBundle *webKit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];	583	auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
583		584
584	sandboxParameters.setOverrideSandboxProfilePath([webKit2Bundle pathForResource:@"com.apple.WebProcess" ofType:@"sb"]);	585	sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebProcess.sb"));
585		586
586	AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);	587	AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
587	#endif	588	#endif

Lines 1-3 Source/WebCore/PAL/ChangeLog_sec1
- Source/WebCore/PAL/ChangeLog +13 lines
		1	2020-06-19 Per Arne Vollan <pvollan@apple.com>
		2
		3	[macOS] Connections to the preference daemon are established before entering the sandbox
		4	https://bugs.webkit.org/show_bug.cgi?id=213379
		5
		6	Reviewed by Darin Adler.
		7
		8	Use correct parameter types in _CFPrefsSetDirectModeEnabled and _CFPrefsSetReadOnly, and move
		9	_CFPrefsSetDirectModeEnabled inside an Objective-C guard, since BOOL only seems to be a builtin
		10	type in Objective-C.
		11
		12	* pal/spi/cf/CFUtilitiesSPI.h:
		13
1	2020-06-19 Myles C. Maxfield <mmaxfield@apple.com>	14	2020-06-19 Myles C. Maxfield <mmaxfield@apple.com>
2		15
3	[Cocoa] Unify "font:" CSS shorthand values between macOS and iOS family	16	[Cocoa] Unify "font:" CSS shorthand values between macOS and iOS family

Lines 1-3 Source/WebKit/ChangeLog_sec1
- Source/WebKit/ChangeLog +34 lines
		1	2020-06-19 Per Arne Vollan <pvollan@apple.com>
		2
		3	[macOS] Connections to the preference daemon are established before entering the sandbox
		4	https://bugs.webkit.org/show_bug.cgi?id=213379
		5
		6	Reviewed by Darin Adler.
		7
		8	On macOS, connections to the preference daemon are established before entering the sandbox. These connections also persist
		9	after entering the sandbox and denying access to the preference daemon. There should not be attempts to connect to the
		10	preference daemon before entering the sandbox, since these attempts will not be stopped by the sandbox. This patch moves
		11	code that connects to the preference daemon to be executed after the sandbox has been entered. That includes code to
		12	prevent connections to the Dock and code to initialize WebKit logging. Also, instead of calling [NSBundle bundleForClass:],
		13	call [NSBundle bundleWithIdentifier:], since calling [NSBundle bundleForClass:] will connect to the preference daemon.
		14	Finally, allow the syscall SYS_gethostuuid, since that is needed by CoreFoundation when there is no access to the
		15	preference daemon.
		16
		17	No new tests. This should be covered by existing tests. It would be nice to have a test to make sure that there are no
		18	connections to the preference daemon just before entering the sandbox, but I am not aware of how to implement this.
		19
		20	* NetworkProcess/mac/NetworkProcessMac.mm:
		21	(WebKit::NetworkProcess::initializeSandbox):
		22	* Shared/AuxiliaryProcess.cpp:
		23	(WebKit::AuxiliaryProcess::initialize):
		24	* Shared/Cocoa/WebKit2InitializeCocoa.mm:
		25	(WebKit::runInitializationCode):
		26	* Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
		27	(WebKit::XPCServiceMain):
		28	* Shared/mac/AuxiliaryProcessMac.mm:
		29	(WebKit::webKit2Bundle):
		30	* WebProcess/cocoa/WebProcessCocoa.mm:
		31	(WebKit::WebProcess::platformInitializeWebProcess):
		32	(WebKit::WebProcess::initializeSandbox):
		33	* WebProcess/com.apple.WebProcess.sb.in:
		34
1	2020-06-12 Takashi Komori <Takashi.Komori@sony.com>	35	2020-06-12 Takashi Komori <Takashi.Komori@sony.com>
2		36
3	[Curl] Implement functions to use ResourceLoadStatistics.	37	[Curl] Implement functions to use ResourceLoadStatistics.

Lines 87-95 void NetworkProcess::allowSpecificHTTPSC Source/WebKit/NetworkProcess/mac/NetworkProcessMac.mm_sec1
- Source/WebKit/NetworkProcess/mac/NetworkProcessMac.mm -2 / +2 lines
87	void NetworkProcess::initializeSandbox(const AuxiliaryProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)	87	void NetworkProcess::initializeSandbox(const AuxiliaryProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
88	{	88	{
89	// Need to overide the default, because service has a different bundle ID.	89	// Need to overide the default, because service has a different bundle ID.
90	NSBundle *webKit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];	90	auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
91		91
92	sandboxParameters.setOverrideSandboxProfilePath([webKit2Bundle pathForResource:@"com.apple.WebKit.NetworkProcess" ofType:@"sb"]);	92	sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebKit.NetworkProcess.sb"));
93		93
94	AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);	94	AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
95	}	95	}

Lines 26-35 Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm_sec1
- Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm -7 lines
26	#import "config.h"	26	#import "config.h"
27	#import "WebKit2Initialize.h"	27	#import "WebKit2Initialize.h"
28		28
29	#import "LogInitialization.h"
30	#import "VersionChecks.h"	29	#import "VersionChecks.h"
31	#import <JavaScriptCore/InitializeThreading.h>	30	#import <JavaScriptCore/InitializeThreading.h>
32	#import <WebCore/LogInitialization.h>
33	#import <mutex>	31	#import <mutex>
34	#import <wtf/MainThread.h>	32	#import <wtf/MainThread.h>
35	#import <wtf/RefCounted.h>	33	#import <wtf/RefCounted.h>
Lines 56-66 static void runInitializationCode(void* Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm_sec2
56	RunLoop::initializeMain();	54	RunLoop::initializeMain();
57		55
58	WTF::RefCountedBase::enableThreadingChecksGlobally();	56	WTF::RefCountedBase::enableThreadingChecksGlobally();
59
60	#if !LOG_DISABLED \|\| !RELEASE_LOG_DISABLED
61	WebCore::initializeLogChannelsIfNecessary();
62	WebKit::initializeLogChannelsIfNecessary();
63	#endif // !LOG_DISABLED \|\| !RELEASE_LOG_DISABLED
64	}	57	}
65		58
66	void InitializeWebKit2()	59	void InitializeWebKit2()

Lines 33-42 Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm_sec1
- Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm -10 lines
33	#import <wtf/RetainPtr.h>	33	#import <wtf/RetainPtr.h>
34	#import <wtf/spi/darwin/XPCSPI.h>	34	#import <wtf/spi/darwin/XPCSPI.h>
35		35
36	#if PLATFORM(MAC)
37	#import <pal/spi/mac/NSApplicationSPI.h>
38	#endif
39
40	namespace WebKit {	36	namespace WebKit {
41		37
42	static void XPCServiceEventHandler(xpc_connection_t peer)	38	static void XPCServiceEventHandler(xpc_connection_t peer)
Lines 169-180 int XPCServiceMain(int argc, const char* Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm_sec2
169	#if PLATFORM(MAC)	165	#if PLATFORM(MAC)
170	// Don't allow Apple Events in WebKit processes. This can be removed when <rdar://problem/14012823> is fixed.	166	// Don't allow Apple Events in WebKit processes. This can be removed when <rdar://problem/14012823> is fixed.
171	setenv("__APPLEEVENTSSERVICENAME", "", 1);	167	setenv("__APPLEEVENTSSERVICENAME", "", 1);
172
173	// We don't need to talk to the dock.
174	if (Class nsApplicationClass = NSClassFromString(@"NSApplication")) {
175	if ([nsApplicationClass respondsToSelector:@selector(_preventDockConnections)])
176	[nsApplicationClass _preventDockConnections];
177	}
178	#endif	168	#endif
179		169
180	xpc_main(XPCServiceEventHandler);	170	xpc_main(XPCServiceEventHandler);