Bug 214825

Summary: Remember to check entitlement before communicating over XPC
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, darin, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch
bfulgham: review+
Patch none

Per Arne Vollan
Reported 2020-07-27 06:47:07 PDT
Remember to check entitlement before communicating over XPC with another WebKit process. This needs to be done to make sure that it really is a WebKit process on the other end.
Attachments
Patch (2.81 KB, patch)
2020-07-27 06:52 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (3.66 KB, patch)
2020-07-28 09:36 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (4.34 KB, patch)
2020-07-28 14:01 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (5.93 KB, patch)
2020-07-29 06:27 PDT, Per Arne Vollan 		bfulgham: review+
DetailsFormatted DiffDiff
Patch (6.01 KB, patch)
2020-07-30 07:22 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2020-07-27 06:52:54 PDT
Created attachment 405271 [details] Patch
Per Arne Vollan
Comment 2 2020-07-28 09:36:53 PDT
Created attachment 405366 [details] Patch
Per Arne Vollan
Comment 3 2020-07-28 09:37:14 PDT
Thanks for reviewing!
Per Arne Vollan
Comment 4 2020-07-28 14:01:33 PDT
Created attachment 405410 [details] Patch
Per Arne Vollan
Comment 5 2020-07-29 06:27:30 PDT
Created attachment 405453 [details] Patch
Brent Fulgham
Comment 6 2020-07-29 08:33:13 PDT
Comment on attachment 405453 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=405453&action=review R=me > Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:47 > + WTFLogAlways("Audit token does not have required entitlement"); Should we just say what entitlement in the error message?
Per Arne Vollan
Comment 7 2020-07-30 07:22:59 PDT
Created attachment 405569 [details] Patch
Per Arne Vollan
Comment 8 2020-07-30 07:23:28 PDT
(In reply to Brent Fulgham from comment #6) > Comment on attachment 405453 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=405453&action=review > > R=me > > > Source/WebKit/Shared/Cocoa/XPCEndpoint.mm:47 > > + WTFLogAlways("Audit token does not have required entitlement"); > > Should we just say what entitlement in the error message? Fixed. Thanks for reviewing!
EWS
Comment 9 2020-07-30 09:36:34 PDT
Committed r265087: <https://trac.webkit.org/changeset/265087> All reviewed patches have been landed. Closing bug and clearing flags on attachment 405569 [details].
Radar WebKit Bug Importer
Comment 10 2020-07-30 09:37:18 PDT
<rdar://problem/66331689>
Note You need to log in before you can comment on or make changes to this bug.