Bug 200543

Summary: [Mac] Use the PID of the WebContent process when issuing local file read sandbox extensions
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, cdumez, cmarcelo, commit-queue, dbates, ews-watchlist, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 200772, 202012    
Bug Blocks: 206544    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
bfulgham: review+, bfulgham: commit-queue-
Patch none

Description Per Arne Vollan 2019-08-08 11:23:01 PDT 
When issuing local file read sandbox extensions, use the process identifier of the WebContent process.
Comment 1 Per Arne Vollan 2019-08-08 11:28:33 PDT 
rdar://problem/49394015
Comment 2 Per Arne Vollan 2019-08-08 11:47:47 PDT 
Created attachment 375829 [details]
Patch
Comment 3 Brent Fulgham 2019-08-08 12:24:47 PDT 
Comment on attachment 375829 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=375829&action=review

Looks good.

> Source/WebKit/ChangeLog:9
> +        the WebContent process.

Maybe it would be better phrased as:

"Adopt SPI to issue a process-specific sandbox extension for local file read, passing it the process identifier of the WebContent process."
Comment 4 Per Arne Vollan 2019-08-08 12:43:12 PDT 
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 375829 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=375829&action=review
> 
> Looks good.
> 
> > Source/WebKit/ChangeLog:9
> > +        the WebContent process.
> 
> Maybe it would be better phrased as:
> 
> "Adopt SPI to issue a process-specific sandbox extension for local file
> read, passing it the process identifier of the WebContent process."

Thanks for reviewing! I will update the patch.
Comment 5 Per Arne Vollan 2019-08-08 12:47:19 PDT 
Created attachment 375832 [details]
Patch
Comment 6 WebKit Commit Bot 2019-08-08 13:32:48 PDT 
Comment on attachment 375832 [details]
Patch

Clearing flags on attachment: 375832

Committed r248440: <https://trac.webkit.org/changeset/248440>
Comment 7 Per Arne Vollan 2019-08-17 22:12:41 PDT 
Created attachment 376628 [details]
Patch
Comment 8 Brent Fulgham 2019-08-18 08:28:18 PDT 
Comment on attachment 376628 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=376628&action=review

I think the log message should be changed, but otherwise this looks good. R=me.

> Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:357
> +        WTFLogAlways("Could not create a '%s' sandbox extension", path.utf8().data());

Thislog message could leak potentially private user data to our logs. Could you change it to one of the LOG_DEBUG macros, or perhaps just remove the path from the log file? it should be enough to log that a file extension could not be generated.
Comment 9 Per Arne Vollan 2019-08-18 11:54:43 PDT 
Created attachment 376647 [details]
Patch
Comment 10 Per Arne Vollan 2019-08-18 11:56:33 PDT 
(In reply to Brent Fulgham from comment #8)
> Comment on attachment 376628 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=376628&action=review
> 
> I think the log message should be changed, but otherwise this looks good.
> R=me.
> 
> > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:357
> > +        WTFLogAlways("Could not create a '%s' sandbox extension", path.utf8().data());
> 
> Thislog message could leak potentially private user data to our logs. Could
> you change it to one of the LOG_DEBUG macros, or perhaps just remove the
> path from the log file? it should be enough to log that a file extension
> could not be generated.

Done.

Thanks for reviewing!
Comment 11 WebKit Commit Bot 2019-08-18 12:38:13 PDT 
Comment on attachment 376647 [details]
Patch

Clearing flags on attachment: 376647

Committed r248832: <https://trac.webkit.org/changeset/248832>