Summary: | Allow NSFileCoordinator to be called from WebContent process | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Alex Christensen <achristensen> | ||||
Component: | New Bugs | Assignee: | Alex Christensen <achristensen> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | bfulgham, commit-queue, pvollan, webkit-bug-importer | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Alex Christensen
2019-05-14 14:28:06 PDT
Created attachment 369893 [details]
Patch
Comment on attachment 369893 [details]
Patch
r=me
Comment on attachment 369893 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598 > +(allow mach-lookup > + (global-name "com.apple.FileCoordination")) > + Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup? Comment on attachment 369893 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review >> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598 >> + > > Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup? Or perhaps we could issue a mach lookup sandbox extension from the UI process in the injected bundle case? Comment on attachment 369893 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review >>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598 >>> + >> >> Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup? > > Or perhaps we could issue a mach lookup sandbox extension from the UI process in the injected bundle case? The mach-lookup is now matching iOS, so I'm not too concerned about adding it. I do regret the additional syscalls, and I'm not sure if you can make sandbox extensions for syscalls. Comment on attachment 369893 [details] Patch Clearing flags on attachment: 369893 Committed r245322: <https://trac.webkit.org/changeset/245322> All reviewed patches have been landed. Closing bug. |