WebKit Bugzilla
Attachment 338951 Details for
Bug 184991
: We should cache the compiled sandbox profile in a data vault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP
b-backup.diff (text/plain), 17.05 KB, created by
Saam Barati
on 2018-04-26 19:03:23 PDT
(
hide
)
Description:
WIP
Filename:
MIME Type:
Creator:
Saam Barati
Created:
2018-04-26 19:03:23 PDT
Size:
17.05 KB
patch
obsolete
>Index: Source/WTF/wtf/spi/darwin/SandboxSPI.h >=================================================================== >--- Source/WTF/wtf/spi/darwin/SandboxSPI.h (revision 231078) >+++ Source/WTF/wtf/spi/darwin/SandboxSPI.h (working copy) >@@ -31,6 +31,9 @@ > > #if USE(APPLE_INTERNAL_SDK) > #import <sandbox/private.h> >+WTF_EXTERN_C_BEGIN >+#import <sandbox/libsandbox.h> >+WTF_EXTERN_C_END > #else > enum sandbox_filter_type { > SANDBOX_FILTER_NONE, >@@ -38,7 +41,19 @@ enum sandbox_filter_type { > }; > > #define SANDBOX_NAMED_EXTERNAL 0x0003 >-#endif >+ >+typedef struct { >+ char *builtin; >+ unsigned char *data; >+ size_t size; >+} *sandbox_profile_t; >+ >+typedef struct { >+ const char **params; >+ size_t size, available; >+} *sandbox_params_t; >+ >+#endif // USE(APPLE_INTERNAL_SDK) > > WTF_EXTERN_C_BEGIN > >@@ -55,6 +70,12 @@ int sandbox_extension_release(int64_t ex > int sandbox_init_with_parameters(const char *profile, uint64_t flags, const char *const parameters[], char **errorbuf); > int64_t sandbox_extension_consume(const char *extension_token); > >+sandbox_params_t sandbox_create_params(void); >+int sandbox_set_param(sandbox_params_t params, const char *key, const char *value); >+void sandbox_free_params(sandbox_params_t params); >+sandbox_profile_t sandbox_compile_file(const char *path, sandbox_params_t params, char **error); >+int sandbox_apply(sandbox_profile_t profile); >+ > WTF_EXTERN_C_END > > #endif // OS(DARWIN) >Index: Source/WebKit/Configurations/WebKit.xcconfig >=================================================================== >--- Source/WebKit/Configurations/WebKit.xcconfig (revision 231078) >+++ Source/WebKit/Configurations/WebKit.xcconfig (working copy) >@@ -82,6 +82,9 @@ WK_MOBILE_CORE_SERVICES_LDFLAGS_cocoatou > WK_MOBILE_GESTALT_LDFLAGS = $(WK_MOBILE_GESTALT_LDFLAGS_$(WK_COCOA_TOUCH)); > WK_MOBILE_GESTALT_LDFLAGS_cocoatouch = -lMobileGestalt; > >+WK_LIBSANDBOX_LDFLAGS = $(WK_LIBSANDBOX_LDFLAGS_$(WK_PLATFORM_NAME)); >+WK_LIBSANDBOX_LDFLAGS_macosx = -lsandbox; >+ > WK_OPENGL_LDFLAGS = $(WK_OPENGL_LDFLAGS_$(WK_PLATFORM_NAME)); > WK_OPENGL_LDFLAGS_iphoneos = -framework OpenGLES; > WK_OPENGL_LDFLAGS_iphoneminimalsimulator = -framework OpenGL; >@@ -109,7 +112,7 @@ WK_SAFE_BROWSING_LDFLAGS_MACOS_SINCE_101 > WK_UIKIT_LDFLAGS = $(WK_UIKIT_LDFLAGS_$(WK_COCOA_TOUCH)); > WK_UIKIT_LDFLAGS_cocoatouch = -framework UIKit; > >-FRAMEWORK_AND_LIBRARY_LDFLAGS = -lobjc -framework CFNetwork -framework CoreAudio -framework CoreFoundation -framework CoreGraphics -framework CoreText -framework Foundation -framework ImageIO -framework IOKit -framework WebKitLegacy $(WK_ACCESSIBILITY_LDFLAGS) $(WK_APPKIT_LDFLAGS) $(WK_ASSERTION_SERVICES_LDFLAGS) $(WK_CARBON_LDFLAGS) $(WK_CORE_PDF_LDFLAGS) $(WK_CORE_PREDICTION_LDFLAGS) $(WK_CORE_SERVICES_LDFLAGS) $(WK_GRAPHICS_SERVICES_LDFLAGS) $(WK_IOSURFACE_LDFLAGS) $(WK_LIBWEBRTC_LDFLAGS) $(WK_MOBILE_CORE_SERVICES_LDFLAGS) $(WK_MOBILE_GESTALT_LDFLAGS) $(WK_OPENGL_LDFLAGS) $(WK_PDFKIT_LDFLAGS) $(WK_SAFE_BROWSING_LDFLAGS) $(WK_UIKIT_LDFLAGS); >+FRAMEWORK_AND_LIBRARY_LDFLAGS = -lobjc -framework CFNetwork -framework CoreAudio -framework CoreFoundation -framework CoreGraphics -framework CoreText -framework Foundation -framework ImageIO -framework IOKit -framework WebKitLegacy $(WK_ACCESSIBILITY_LDFLAGS) $(WK_APPKIT_LDFLAGS) $(WK_ASSERTION_SERVICES_LDFLAGS) $(WK_CARBON_LDFLAGS) $(WK_CORE_PDF_LDFLAGS) $(WK_CORE_PREDICTION_LDFLAGS) $(WK_CORE_SERVICES_LDFLAGS) $(WK_GRAPHICS_SERVICES_LDFLAGS) $(WK_IOSURFACE_LDFLAGS) $(WK_LIBWEBRTC_LDFLAGS) $(WK_MOBILE_CORE_SERVICES_LDFLAGS) $(WK_MOBILE_GESTALT_LDFLAGS) $(WK_LIBSANDBOX_LDFLAGS) $(WK_OPENGL_LDFLAGS) $(WK_PDFKIT_LDFLAGS) $(WK_SAFE_BROWSING_LDFLAGS) $(WK_UIKIT_LDFLAGS); > > // Prevent C++ standard library operator new, delete and their related exception types from being exported as weak symbols. > UNEXPORTED_SYMBOL_LDFLAGS = -Wl,-unexported_symbol -Wl,__ZTISt9bad_alloc -Wl,-unexported_symbol -Wl,__ZTISt9exception -Wl,-unexported_symbol -Wl,__ZTSSt9bad_alloc -Wl,-unexported_symbol -Wl,__ZTSSt9exception -Wl,-unexported_symbol -Wl,__ZdlPvS_ -Wl,-unexported_symbol -Wl,__ZnwmPv -Wl,-unexported_symbol -Wl,__Znwm -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC2EOS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC1EOS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEaSEDn -Wl,-unexported_symbol, -Wl,__ZNKSt3__18functionIFvN7WebCore12PolicyActionEEEclES2_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEE4swapERS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC1ERKS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEC2ERKS4_ -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEED1Ev -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEED2Ev -Wl,-unexported_symbol, -Wl,__ZNSt3__18functionIFvN7WebCore12PolicyActionEEEaSERKS4_ -Wl,-unexported_symbol, -Wl,__ZTVNSt3__117bad_function_callE; >Index: Source/WebKit/Shared/ChildProcess.h >=================================================================== >--- Source/WebKit/Shared/ChildProcess.h (revision 231078) >+++ Source/WebKit/Shared/ChildProcess.h (working copy) >@@ -46,6 +46,8 @@ struct ChildProcessInitializationParamet > std::optional<WebCore::ProcessIdentifier> processIdentifier; > IPC::Connection::Identifier connectionIdentifier; > HashMap<String, String> extraInitializationData; >+ void* compiledSandbox { nullptr }; >+ size_t compiledSandboxSize { 0 }; > #if PLATFORM(COCOA) > OSObjectPtr<xpc_object_t> priorityBoostMessage; > #endif >Index: Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h >=================================================================== >--- Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h (revision 231078) >+++ Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h (working copy) >@@ -112,6 +112,12 @@ void XPCServiceInitializer(OSObjectPtr<x > Thread::setGlobalMaxQOSClass(QOS_CLASS_UTILITY); > #endif > >+ if (xpc_object_t sandbox = xpc_dictionary_get_value(initializerMessage, "compiled-sandbox-buffer")) { >+ RELEASE_ASSERT(xpc_get_type(sandbox) == XPC_TYPE_DATA); >+ parameters.compiledSandbox = bitwise_cast<void*>(xpc_data_get_bytes_ptr(sandbox)); >+ parameters.compiledSandboxSize = xpc_data_get_length(sandbox); >+ } >+ > XPCServiceType::singleton().initialize(parameters); > } > >Index: Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm >=================================================================== >--- Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm (revision 231078) >+++ Source/WebKit/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm (working copy) >@@ -131,6 +131,10 @@ bool XPCServiceInitializerDelegate::getE > extraInitializationData.add(ASCIILiteral("user-directory-suffix"), userDirectorySuffix); > } > >+ String webContentUserDirectorySuffix = xpc_dictionary_get_string(extraDataInitializationDataObject, "webcontent-user-directory-suffix"); >+ if (!webContentUserDirectorySuffix.isEmpty()) >+ extraInitializationData.add(ASCIILiteral("webcontent-user-directory-suffix"), webContentUserDirectorySuffix); >+ > String alwaysRunsAtBackgroundPriority = xpc_dictionary_get_string(extraDataInitializationDataObject, "always-runs-at-background-priority"); > if (!alwaysRunsAtBackgroundPriority.isEmpty()) > extraInitializationData.add(ASCIILiteral("always-runs-at-background-priority"), alwaysRunsAtBackgroundPriority); >Index: Source/WebKit/Shared/mac/ChildProcessMac.mm >=================================================================== >--- Source/WebKit/Shared/mac/ChildProcessMac.mm (revision 231078) >+++ Source/WebKit/Shared/mac/ChildProcessMac.mm (working copy) >@@ -41,6 +41,7 @@ > #import <sysexits.h> > #import <wtf/Scope.h> > #import <wtf/spi/darwin/SandboxSPI.h> >+#import <wtf/DataLog.h> > > #if USE(APPLE_INTERNAL_SDK) > #include <HIServices/ProcessesPriv.h> >@@ -111,6 +112,30 @@ static OSStatus enableSandboxStyleFileQu > > void ChildProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters) > { >+ if (parameters.compiledSandbox) { >+ using SandboxProfile = typename std::remove_pointer<sandbox_profile_t>::type; >+ SandboxProfile sandbox; >+ sandbox.builtin = nullptr; // OOPS >+ sandbox.data = bitwise_cast<unsigned char*>(parameters.compiledSandbox); >+ sandbox.size = parameters.compiledSandboxSize; >+ if (sandbox_apply(&sandbox)) { >+ WTFLogAlways("Could not apply web content sandbox\n"); >+ CRASH(); >+ } >+ >+ auto userDirectorySuffix = parameters.extraInitializationData.find(ASCIILiteral("webcontent-user-directory-suffix")); >+ RELEASE_ASSERT_WITH_MESSAGE(userDirectorySuffix != parameters.extraInitializationData.end(), "When specifying a compiled sandbox to be applied, we must also specify a suffix."); >+ setenv("DIRHELPER_USER_DIR_SUFFIX", FileSystem::fileSystemRepresentation(userDirectorySuffix->value).data(), 1); >+ char temporaryDirectory[PATH_MAX]; >+ if (!confstr(_CS_DARWIN_USER_TEMP_DIR, temporaryDirectory, sizeof(temporaryDirectory))) { >+ WTFLogAlways("%s: couldn't retrieve private temporary directory path: %d\n", getprogname(), errno); >+ exit(EX_NOPERM); >+ } >+ setenv("TMPDIR", temporaryDirectory, 1); >+ return; >+ } >+ >+ > NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKView")]; > String defaultProfilePath = [webkit2Bundle pathForResource:[[NSBundle mainBundle] bundleIdentifier] ofType:@"sb"]; > >Index: Source/WebKit/UIProcess/Launcher/mac/ProcessLauncherMac.mm >=================================================================== >--- Source/WebKit/UIProcess/Launcher/mac/ProcessLauncherMac.mm (revision 231078) >+++ Source/WebKit/UIProcess/Launcher/mac/ProcessLauncherMac.mm (working copy) >@@ -43,10 +43,19 @@ > #import <wtf/text/CString.h> > #import <wtf/text/WTFString.h> > >+ > #if PLATFORM(MAC) > #import "CodeSigning.h" > #endif > >+#import "SandboxInitializationParameters.h" >+#import <WebCore/FileSystem.h> >+#import <wtf/DataLog.h> >+#import <WebCore/SystemVersion.h> >+#import <sysexits.h> >+#import <pwd.h> >+#import <wtf/spi/darwin/SandboxSPI.h> >+ > namespace WebKit { > > static const char* serviceName(const ProcessLauncher::LaunchOptions& launchOptions) >@@ -102,6 +111,112 @@ static NSString *systemDirectoryPath() > return path; > } > >+static void addSandboxAndUserDirectorySuffix(xpc_object_t bootstrapMessage, xpc_object_t extraInitializationData, String clientIdentifier) >+{ >+ using SandboxProfile = typename std::remove_pointer<sandbox_profile_t>::type; >+ static std::once_flag onceFlag; >+ >+ static size_t constexpr macPageSize = 4096; >+ static_assert(sizeof(SandboxProfile) < macPageSize, ""); >+ alignas(macPageSize) static char sandboxProfileBuffer[macPageSize]; >+ >+ String userDirectorySuffix = makeString("com.apple.WebKit.WebContent+", clientIdentifier); >+ xpc_dictionary_set_string(extraInitializationData, "webcontent-user-directory-suffix", userDirectorySuffix.utf8().data()); >+ >+ std::call_once(onceFlag, [&] { >+ SandboxInitializationParameters sandboxParameters; >+ >+ Vector<String> osVersionParts; >+ String osSystemMarketingVersion = WebCore::systemMarketingVersion(); >+ osSystemMarketingVersion.split('.', false, osVersionParts); >+ if (osVersionParts.size() < 2) { >+ WTFLogAlways("%s: Couldn't find OS Version\n", getprogname()); >+ exit(EX_NOPERM); >+ } >+ String osVersion = osVersionParts[0] + '.' + osVersionParts[1]; >+ sandboxParameters.addParameter("_OS_VERSION", osVersion.utf8().data()); >+ >+ NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKView")]; >+ >+ { >+ char* oldSuffix = getenv("DIRHELPER_USER_DIR_SUFFIX"); >+ if (oldSuffix) >+ oldSuffix = fastStrDup(oldSuffix); >+ >+ >+ setenv("DIRHELPER_USER_DIR_SUFFIX", WebCore::FileSystem::fileSystemRepresentation(userDirectorySuffix).data(), 1); >+ sandboxParameters.addPathParameter("WEBKIT2_FRAMEWORK_DIR", [[webkit2Bundle bundlePath] stringByDeletingLastPathComponent]); >+ sandboxParameters.addConfDirectoryParameter("DARWIN_USER_TEMP_DIR", _CS_DARWIN_USER_TEMP_DIR); >+ sandboxParameters.addConfDirectoryParameter("DARWIN_USER_CACHE_DIR", _CS_DARWIN_USER_CACHE_DIR); >+ >+ if (oldSuffix) { >+ setenv("DIRHELPER_USER_DIR_SUFFIX", oldSuffix, 1); >+ fastFree(oldSuffix); >+ } else >+ unsetenv("DIRHELPER_USER_DIR_SUFFIX"); >+ } >+ >+ char buffer[4096]; >+ int bufferSize = sizeof(buffer); >+ struct passwd pwd; >+ { >+ struct passwd* result = 0; >+ if (getpwuid_r(getuid(), &pwd, buffer, bufferSize, &result) || !result) { >+ WTFLogAlways("%s: Couldn't find home directory\n", getprogname()); >+ exit(EX_NOPERM); >+ } >+ } >+ >+ sandboxParameters.addPathParameter("HOME_DIR", pwd.pw_dir); >+ String homeDirectoryPath = String::fromUTF8(pwd.pw_dir); >+ homeDirectoryPath.append("/Library"); >+ sandboxParameters.addPathParameter("HOME_LIBRARY_DIR", WebCore::FileSystem::fileSystemRepresentation(homeDirectoryPath).data()); >+ homeDirectoryPath.append("/Preferences"); >+ sandboxParameters.addPathParameter("HOME_LIBRARY_PREFERENCES_DIR", WebCore::FileSystem::fileSystemRepresentation(homeDirectoryPath).data()); >+ >+ sandbox_params_t params = sandbox_create_params(); >+ for (size_t i = 0; i < sandboxParameters.count(); ++i) { >+ if (sandbox_set_param(params, sandboxParameters.name(i), sandboxParameters.value(i))) { >+ WTFLogAlways("%s: Couldn't set sandbox param: %s\n", getprogname(), strerror(errno)); >+ CRASH(); >+ } >+ } >+ >+ String sandboxProfilePath = [webkit2Bundle pathForResource:@"com.apple.WebProcess" ofType:@"sb"]; >+ CString profilePath = WebCore::FileSystem::fileSystemRepresentation(sandboxProfilePath); >+ char* error = nullptr; >+ >+ SandboxProfile* sandboxProfile = sandbox_compile_file(profilePath.data(), params, &error); >+ if (sandboxProfile) { >+ // OOPS: We can't rely on this being non null, shovel it across IPC too. >+ RELEASE_ASSERT(!sandboxProfile->builtin); >+ } else { >+ WTFLogAlways("%s: Couldn't compile WebContent sandbox\n", getprogname()); >+ CRASH(); >+ } >+ >+ sandbox_free_params(params); >+ >+ // Make the compiled sandbox data readonly so a read/write gadget won't be able to >+ // change it once it's generated. >+ { >+ size_t alignedSize = roundUpToMultipleOf(macPageSize, sandboxProfile->size); >+ char* newData = static_cast<char*>(fastAlignedMalloc(macPageSize, alignedSize)); >+ memcpy(newData, sandboxProfile->data, sandboxProfile->size); >+ memset(newData + sandboxProfile->size, 0, alignedSize - sandboxProfile->size); >+ mprotect(newData, alignedSize, PROT_READ); >+ sandboxProfile->data = bitwise_cast<unsigned char*>(newData); >+ } >+ >+ memcpy(sandboxProfileBuffer, sandboxProfile, sizeof(SandboxProfile)); >+ mprotect(sandboxProfileBuffer, macPageSize, PROT_READ); >+ }); >+ >+ SandboxProfile* sandboxProfile = bitwise_cast<SandboxProfile*>(sandboxProfileBuffer); >+ auto data = adoptOSObject(xpc_data_create(sandboxProfile->data, sandboxProfile->size)); >+ xpc_dictionary_set_value(bootstrapMessage, "compiled-sandbox-buffer", data.get()); >+} >+ > void ProcessLauncher::launchProcess() > { > ASSERT(!m_xpcConnection); >@@ -199,6 +314,9 @@ void ProcessLauncher::launchProcess() > for (const auto& keyValuePair : m_launchOptions.extraInitializationData) > xpc_dictionary_set_string(extraInitializationData.get(), keyValuePair.key.utf8().data(), keyValuePair.value.utf8().data()); > >+ if (m_launchOptions.processType == ProcessLauncher::ProcessType::Web) >+ addSandboxAndUserDirectorySuffix(bootstrapMessage.get(), extraInitializationData.get(), clientIdentifier); >+ > xpc_dictionary_set_value(bootstrapMessage.get(), "extra-initialization-data", extraInitializationData.get()); > > auto weakProcessLauncher = m_weakPtrFactory.createWeakPtr(*this); >Index: Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp >=================================================================== >--- Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp (revision 231078) >+++ Source/WebKit/WebProcess/InjectedBundle/API/c/WKBundlePage.cpp (working copy) >@@ -304,9 +304,9 @@ void WKBundlePageStopLoading(WKBundlePag > toImpl(pageRef)->stopLoading(); > } > >-void WKBundlePageSetDefersLoading(WKBundlePageRef pageRef, bool defersLoading) >+void WKBundlePageSetDefersLoading(WKBundlePageRef , bool ) > { >- toImpl(pageRef)->setDefersLoading(defersLoading); >+ //toImpl(pageRef)->setDefersLoading(defersLoading); > } > > WKStringRef WKBundlePageCopyRenderTreeExternalRepresentation(WKBundlePageRef pageRef)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=338951">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 184991
:
338858
|
338915
|
338951
|
338955
|
338963
|
338968
|
339519
|
342768
|
342781
|
342796
|
342947
|
342973
|
342997
|
343006
|
343012
|
343014
|
343025
|
343051
|
343063
|
343073
|
343094
|
343110
|
343126
|
343354
|
343356
|
343456
|
343554
|
343574
|
343651
|
343655
|
343771
|
343774
|
343776
|
343804
|
344130
|
344805
|
344832
|
345206
|
345287
|
345311
|
345327
|
345377
|
345392
|
345405
|
345588
|
345598
|
346440
|
346558
|
346743
|
346810
|
346841
|
347144
|
347170