Bug 207279

Summary: [iOS] Do not create sandbox reports when the UI process cannot issue extensions to diagnostics service
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bfulgham, cdumez, cmarcelo, commit-queue, dbates, ews-watchlist, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Per Arne Vollan
Reported 2020-02-05 11:26:26 PST
Do not create sandbox reports when the UI process cannot issue mach extensions to the diagnostics service. The majority of clients are capable of doing this.
Attachments
Patch (9.88 KB, patch)
2020-02-05 11:52 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2020-02-05 11:26:51 PST
rdar://problem/59030957
Per Arne Vollan
Comment 2 2020-02-05 11:52:47 PST
Created attachment 389838 [details] Patch
Brent Fulgham
Comment 3 2020-02-05 12:30:11 PST
Comment on attachment 389838 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=389838&action=review > Source/WebKit/Shared/SandboxExtension.h:59 > + }; You could maybe do: enum class Flags : uint32_t { Default = 0, NoReport = SANDBOX_EXTENSION_NO_REPORT }; Then I think that OptionSet<Flags> would map to unit32_t, and do the |-ing for you. But you would need to add SandboxSPI.h header, which might be undesirable. > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:91 > + extensionFlags |= SANDBOX_EXTENSION_NO_REPORT; I don't think you need this code, if you make the OptionSet<Flags> as I suggested. > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97 > + return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, extensionFlags); I wonder if we should consider adding SANDBOX_EXTENSION_CANONICAL to our file paths (if we ensure we always work with fully-resolved paths).
Per Arne Vollan
Comment 4 2020-02-05 13:20:09 PST
(In reply to Brent Fulgham from comment #3) > Comment on attachment 389838 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=389838&action=review > > > Source/WebKit/Shared/SandboxExtension.h:59 > > + }; > > You could maybe do: > > enum class Flags : uint32_t { > Default = 0, > NoReport = SANDBOX_EXTENSION_NO_REPORT > }; > > > Then I think that OptionSet<Flags> would map to unit32_t, and do the |-ing > for you. > > But you would need to add SandboxSPI.h header, which might be undesirable. > Good idea! However, I don't think this will compile on other platforms. Are you OK with keeping as is? > > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:91 > > + extensionFlags |= SANDBOX_EXTENSION_NO_REPORT; > > I don't think you need this code, if you make the OptionSet<Flags> as I > suggested. > > > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:97 > > + return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, extensionFlags); > > I wonder if we should consider adding SANDBOX_EXTENSION_CANONICAL to our > file paths (if we ensure we always work with fully-resolved paths). I think that would be good enhancement! Perhaps we could do this in a follow-up patch? Thanks for reviewing!
Brent Fulgham
Comment 5 2020-02-05 16:00:03 PST
Comment on attachment 389838 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=389838&action=review >>> Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:91 >>> + extensionFlags |= SANDBOX_EXTENSION_NO_REPORT; >> >> I don't think you need this code, if you make the OptionSet<Flags> as I suggested. > > I think that would be good enhancement! Perhaps we could do this in a follow-up patch? > > Thanks for reviewing! Sure -- no need to do now.
WebKit Commit Bot
Comment 6 2020-02-05 16:06:27 PST
Comment on attachment 389838 [details] Patch Clearing flags on attachment: 389838 Committed r255874: <https://trac.webkit.org/changeset/255874>
WebKit Commit Bot
Comment 7 2020-02-05 16:06:29 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.