199119 2019-06-21 15:09:03 -0700 Adjust sandboxes based on seed feedback 2019-06-23 17:29:11 -0700 1 1 1 Unclassified WebKit WebKit Misc. Safari 10 Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=199140 InRadar P2 Normal --- 1 bfulgham bfulgham bfulgham eric.carlson ggaren mitz pvollan webkit-bug-importer oldest_to_newest 1547011 0 bfulgham 2019-06-21 15:09:03 -0700 Adjust our process sandboxes based on seed user feedback as follows: (1) Silence spurious warnings about two XPC services we purposefully block: (global-name "com.apple.CoreServices.coreservicesd") (global-name "com.apple.DiskArbitration.diskarbitrationd") (2) Unblock an IOKit property needed for video playback feature detection: (iokit-property "compatible") (3) Allow file-read* access to "/Library/Fonts" in the network process to allow proper font serialization: (subpath "/Library/Fonts") (4) Allow access to the sysctl for "kern.osproductversion", which is needed by LaunchServices to detect some filesystem features. "kern.osproductversion" 1547013 1 bfulgham 2019-06-21 15:09:43 -0700 <rdar://problem/50164879> 1547014 2 372656 bfulgham 2019-06-21 15:12:07 -0700 Created attachment 372656 Patch 1547028 3 bfulgham 2019-06-21 15:52:58 -0700 Committed r246702: <https://trac.webkit.org/changeset/246702> 1547029 4 webkit-bug-importer 2019-06-21 15:53:16 -0700 <rdar://problem/52006224> 1547032 5 mitz 2019-06-21 16:06:13 -0700 (In reply to Brent Fulgham from comment #0) > Adjust our process sandboxes based on seed user feedback as follows: > > (3) Allow file-read* access to "/Library/Fonts" in the network process to > allow proper font serialization: > (subpath "/Library/Fonts") What messages does the network process send or receive that include serialized font objects? 1547033 6 bfulgham 2019-06-21 16:14:55 -0700 (In reply to mitz from comment #5) > (In reply to Brent Fulgham from comment #0) > > Adjust our process sandboxes based on seed user feedback as follows: > > > > (3) Allow file-read* access to "/Library/Fonts" in the network process to > > allow proper font serialization: > > (subpath "/Library/Fonts") > > What messages does the network process send or receive that include > serialized font objects? In this case, it was DidReceiveAuthenticationChallenge which wasn't actually serializing a font. However, the encoding code we use in all of our processes recognizes the possibility that it might be decoding (or encoding) a Font and instantiates a PlatformFont object that triggers access to the file I granted access to. That encoding is probably present for UIProcess <--> WebContent process communications, but it lives in NetworkProcess, too. 1547035 7 mitz 2019-06-21 16:38:53 -0700 (In reply to Brent Fulgham from comment #6) > (In reply to mitz from comment #5) > > (In reply to Brent Fulgham from comment #0) > > > Adjust our process sandboxes based on seed user feedback as follows: > > > > > > (3) Allow file-read* access to "/Library/Fonts" in the network process to > > > allow proper font serialization: > > > (subpath "/Library/Fonts") > > > > What messages does the network process send or receive that include > > serialized font objects? > > In this case, it was DidReceiveAuthenticationChallenge which wasn't actually > serializing a font. However, the encoding code we use in all of our > processes recognizes the possibility that it might be decoding (or encoding) > a Font and instantiates a PlatformFont object that triggers access to the > file I granted access to. > > That encoding is probably present for UIProcess <--> WebContent process > communications, but it lives in NetworkProcess, too. So presumably this is happening when UIFont is initialized as a side effect of [object isKindOfClass:[PlatformFont class]] in typeFromObject(). This is a case where it’s better to use NSClassFromString() and avoid all costs (time, memory, and sandbox holes) of initializing the class. You could add something like static NSString const * PlatformFontClassName = @"NSColor"; and static NSString const * PlatformFontClassName = @"UIColor"; and so on alongside the declarations the top of the file and use those string constants for the class membership tests like I described. 372656 2019-06-21 15:12:07 -0700 2019-06-21 15:45:14 -0700 Patch bug-199119-20190621151206.patch text/plain 4527 bfulgham U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ2NjUzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDRkODUzYTE0NmI3ZGExYWZm ZmUyM2M0ZjQ5ZmQ4MjM1MjE1YWY3YjEuLjU0Zjc5NmI3NzQ0ODAwYmJkMjllODkyZmRjMmQ1YmU5 MzVjNzRjY2YgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTkgQEAKKzIwMTktMDYtMjEgIEJyZW50IEZ1 bGdoYW0gIDxiZnVsZ2hhbUBhcHBsZS5jb20+CisKKyAgICAgICAgQWRqdXN0IHNhbmRib3hlcyBi YXNlZCBvbiBzZWVkIGZlZWRiYWNrCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0xOTkxMTkKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzUwMTY0ODc5Pgor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFVwZGF0ZSBv dXIgc2FuZGJveGVzIHRvIGFkZHJlc3MgdGVzdCBmYWlsdXJlcyBhbmQgYnVncyBlbmNvdW50ZXJl ZCBkdXJpbmcgaW5pdGlhbCBpT1MgMTMgYW5kCisgICAgICAgIG1hY09TIENhdGFsaW5hIHRlc3Rp bmcuCisKKyAgICAgICAgKiBOZXR3b3JrUHJvY2Vzcy9tYWMvY29tLmFwcGxlLldlYktpdC5OZXR3 b3JrUHJvY2Vzcy5zYi5pbjoKKyAgICAgICAgKiBSZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lv cy9jb20uYXBwbGUuV2ViS2l0Lk5ldHdvcmtpbmcuc2I6CisgICAgICAgICogUmVzb3VyY2VzL1Nh bmRib3hQcm9maWxlcy9pb3MvY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50LnNiOgorICAgICAg ICAqIFdlYlByb2Nlc3MvY29tLmFwcGxlLldlYlByb2Nlc3Muc2IuaW46CisKIDIwMTktMDYtMjAg IEFsZXhhbmRlciBNaWtoYXlsZW5rbyAgPGV4YWxtNzY1OUBnbWFpbC5jb20+CiAKICAgICAgICAg W0dUS10gRW5hYmxlIG5hdmlnYXRpb24gc3dpcGUgbGF5b3V0IHRlc3RzCmRpZmYgLS1naXQgYS9T b3VyY2UvV2ViS2l0L05ldHdvcmtQcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0Lk5ldHdvcmtQ cm9jZXNzLnNiLmluIGIvU291cmNlL1dlYktpdC9OZXR3b3JrUHJvY2Vzcy9tYWMvY29tLmFwcGxl LldlYktpdC5OZXR3b3JrUHJvY2Vzcy5zYi5pbgppbmRleCA4OGI4ZWQ2YWFiNjNmYTVhNGIzMGQ0 ZTAxOGYwYmNlOTYxZGM5MmJlLi4xNWUwMmZkOGM5NTQ4N2JiOWY2YzlhYzliMDI0Mjg1Y2M4MWNk ZTE2IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L05ldHdvcmtQcm9jZXNzL21hYy9jb20uYXBw bGUuV2ViS2l0Lk5ldHdvcmtQcm9jZXNzLnNiLmluCisrKyBiL1NvdXJjZS9XZWJLaXQvTmV0d29y a1Byb2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQuTmV0d29ya1Byb2Nlc3Muc2IuaW4KQEAgLTky LDggKzkyLDEwIEBACiAgICAgICAgICJjb20uYXBwbGUuV2ViRm91bmRhdGlvbiIKICAgICAgICAg ImNvbS5hcHBsZS5pc3QuZHMuYXBwbGVjb25uZWN0Mi51YXQiIDs7IFJlbW92ZSBhZnRlciA8cmRh cjovL3Byb2JsZW0vMzU1NDI4MDM+IHNoaXBzCiAgICAgICAgICJjb20uYXBwbGUubmV0d29ya0Nv bm5lY3QiKSkKKwogKGFsbG93IGZpbGUtcmVhZCoKICAgICA7OyBCYXNpYyBzeXN0ZW0gcGF0aHMK KyAgICAoc3VicGF0aCAiL0xpYnJhcnkvRm9udHMiKSA7OyBOZWVkZWQgdG8gc2VyaWFsaXplIGZv bnQgZGF0YSB0eXBlcyA8cmRhcjovL3Byb2JsZW0vNTAxNjQ4Nzk+CiAgICAgKHN1YnBhdGggIi9M aWJyYXJ5L0ZyYW1ld29ya3MiKQogICAgIChzdWJwYXRoICIvTGlicmFyeS9NYW5hZ2VkIFByZWZl cmVuY2VzIikKIApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9SZXNvdXJjZXMvU2FuZGJveFBy b2ZpbGVzL2lvcy9jb20uYXBwbGUuV2ViS2l0Lk5ldHdvcmtpbmcuc2IgYi9Tb3VyY2UvV2ViS2l0 L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuTmV0d29ya2lu Zy5zYgppbmRleCA4MDcxNmVjNjQzNDhiZmI0NDhlZGU2NzYyZDRjMGRkOWMxOWNkZjdmLi41ZTdl OTA4ZjRlZjhhNjNjYjRmZWY0ZjMwZTVlMmE5MmUxODc1ODgzIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuTmV0 d29ya2luZy5zYgorKysgYi9Tb3VyY2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMv aW9zL2NvbS5hcHBsZS5XZWJLaXQuTmV0d29ya2luZy5zYgpAQCAtNzIsNiArNzIsMTIgQEAKICAg ICAobGl0ZXJhbCAiL3Vzci9sb2NhbC9saWIvbG9nIikgOyA8cmRhcjovL3Byb2JsZW0vMzY2Mjk0 OTU+CiApCiAKKzs7IFJlYWQtb25seSBwcmVmZXJlbmNlcyBhbmQgZGF0YQorKGFsbG93IGZpbGUt cmVhZCoKKyAgICA7OyBCYXNpYyBzeXN0ZW0gcGF0aHMKKyAgICAoc3VicGF0aCAiL0xpYnJhcnkv Rm9udHMiKSA7OyBOZWVkZWQgdG8gc2VyaWFsaXplIGZvbnQgZGF0YSB0eXBlcyA8cmRhcjovL3By b2JsZW0vNTAxNjQ4Nzk+CispCisKIDs7IFNlY3VyaXR5IGZyYW1ld29yawogKGFsbG93IG1hY2gt bG9va3VwCiAgICAgKGdsb2JhbC1uYW1lICJjb20uYXBwbGUub2NzcGQiKQpkaWZmIC0tZ2l0IGEv U291cmNlL1dlYktpdC9SZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBwbGUuV2Vi S2l0LldlYkNvbnRlbnQuc2IgYi9Tb3VyY2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmls ZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYgppbmRleCAxOGEzOGEyODQzOTUx YWE0ODI2MWM3MDAxYjMzNGU3ZDQ0OTA4YWM3Li5hZWM4MWIzNDQwNTAxNzdhYWE1MTRlMGMzNGRi YTA5NWFjZmE2NGExIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94 UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYgorKysgYi9Tb3VyY2Uv V2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2Vi Q29udGVudC5zYgpAQCAtMjg4LDYgKzI4OCw3IEBACiAgICAgKGlva2l0LXByb3BlcnR5LXJlZ2V4 ICMiKGNhbnZhcy1oZWlnaHR8Y2FudmFzLXdpZHRoKSIpCiAgICAgKGlva2l0LXByb3BlcnR5ICJj bGFzcy1jb2RlIikKICAgICAoaW9raXQtcHJvcGVydHkgImNvbG9yLWFjY3VyYWN5LWluZGV4IikK KyAgICAoaW9raXQtcHJvcGVydHkgImNvbXBhdGlibGUiKSA7OyA8cmRhcjovL3Byb2JsZW0vNDc1 MjM1MTY+CiAgICAgKGlva2l0LXByb3BlcnR5ICJjb21wYXRpYmxlLWRldmljZS1mYWxsYmFjayIp IDs7IDxyZGFyOi8vcHJvYmxlbS80OTQ5NzcyMD4KICAgICAoaW9raXQtcHJvcGVydHkgImRldmlj ZS1jb2xvcnMiKSA7OyA8cmRhcjovL3Byb2JsZW0vNTEzMjIwNzI+CiAgICAgKGlva2l0LXByb3Bl cnR5ICJkZXZpY2UtaWQiKQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL2Nv bS5hcHBsZS5XZWJQcm9jZXNzLnNiLmluIGIvU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL2NvbS5h cHBsZS5XZWJQcm9jZXNzLnNiLmluCmluZGV4IDFhMzFiZTFjNzY1MDNjOTViOGVmMGM2ZWZjOTNk OWU3MmMzZWJlOTQuLjY4OGFmZWZhZWUxNWE2YzdlYTkyNWQyNDQwYmQ0MjVhYmVkYmY0OGIgMTAw NjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvV2ViUHJvY2Vzcy9jb20uYXBwbGUuV2ViUHJvY2Vzcy5z Yi5pbgorKysgYi9Tb3VyY2UvV2ViS2l0L1dlYlByb2Nlc3MvY29tLmFwcGxlLldlYlByb2Nlc3Mu c2IuaW4KQEAgLTE2Nyw2ICsxNjcsNyBAQAogICAgICAgICAia2Vybi5ob3N0bmFtZSIKICAgICAg ICAgImtlcm4ubWF4ZmlsZXNwZXJwcm9jIgogICAgICAgICAia2Vybi5tZW1vcnlzdGF0dXNfbGV2 ZWwiCisgICAgICAgICJrZXJuLm9zcHJvZHVjdHZlcnNpb24iIDs7IDxyZGFyOi8vcHJvYmxlbS81 MTc1NjczOT4KICAgICAgICAgImtlcm4uc2FmZWJvb3QiCiAgICAgICAgICJrZXJuLnZlcnNpb24i CiAgICAgICAgICJtYWNoZGVwLmNwdS5icmFuZF9zdHJpbmciCkBAIC02MzUsMTEgKzYzNiwxMiBA QAogCiAjaWYgX19NQUNfT1NfWF9WRVJTSU9OX01JTl9SRVFVSVJFRCA+PSAxMDE0MDAgfHwgUExB VEZPUk0oSU9TTUFDKQogKGRlbnkgbWFjaC1sb29rdXAgKHdpdGggbm8tbG9nKQorICAgIChnbG9i YWwtbmFtZSAiY29tLmFwcGxlLkNvcmVTZXJ2aWNlcy5jb3Jlc2VydmljZXNkIikKKyAgICAoZ2xv YmFsLW5hbWUgImNvbS5hcHBsZS5EaXNrQXJiaXRyYXRpb24uZGlza2FyYml0cmF0aW9uZCIpCiAg ICAgKGdsb2JhbC1uYW1lICJjb20uYXBwbGUuVmlld0JyaWRnZUF1eGlsaWFyeSIpCiAgICAgKGds b2JhbC1uYW1lICJjb20uYXBwbGUud2luZG93c2VydmVyLmFjdGl2ZSIpKQogI2VuZGlmCiAKLQog OzsgTmVlZGVkIHRvIHN1cHBvcnQgZW5jcnlwdGVkIG1lZGlhIHBsYXliYWNrIDxyZGFyOi8vcHJv YmxlbS80MDAzODQ3OD4KIChhbGxvdyBtYWNoLWxvb2t1cAogICAgIChnbG9iYWwtbmFtZSAiY29t LmFwcGxlLlNlY3VyaXR5U2VydmVyIikK