Bug 216834

Summary:

[macOS] Issue sandbox extension for the diagnostic daemon

Product:

WebKit

Reporter:

Per Arne Vollan <pvollan>

Component:

WebKit Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, mitz, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	ews-feeder: commit-queue-
Patch	bfulgham: review+
Patch	none
Patch	none
Patch	none
Patch	none

Per Arne Vollan

Reported 2020-09-22 10:19:39 PDT

On internal installs, the UI process should issue a mach lookup sandbox extension for accessing the diagnostic daemon, and send it to the WebContent process.

Attachments
Patch (7.09 KB, patch) 2020-09-22 11:39 PDT, Per Arne Vollan	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (7.32 KB, patch) 2020-09-22 11:45 PDT, Per Arne Vollan	bfulgham: review+	Details Formatted Diff Diff
Patch (9.33 KB, patch) 2020-09-23 11:40 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (7.13 KB, patch) 2020-09-23 11:45 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (1.67 KB, patch) 2020-09-24 09:46 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Patch (1.67 KB, patch) 2020-09-24 09:47 PDT, Per Arne Vollan	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

Per Arne Vollan

Comment 1 2020-09-22 10:21:42 PDT

<rdar://problem/58496834>

Per Arne Vollan

Comment 2 2020-09-22 11:39:21 PDT

Created attachment 409383 [details] Patch

Per Arne Vollan

Comment 3 2020-09-22 11:42:33 PDT

*** Bug 206115 has been marked as a duplicate of this bug. ***

Per Arne Vollan

Comment 4 2020-09-22 11:45:39 PDT

Created attachment 409385 [details] Patch

Brent Fulgham

Comment 5 2020-09-23 11:29:54 PDT

Comment on attachment 409385 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409385&action=review r=me, but I think you could use an existing FileSystem function instead of the raw 'stat' operation. > Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:68 > +#import <sys/stat.h> You don't need to include this if you use , FileSystem::fileIsDirectory > Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:211 > + static bool isInternal = !stat("/AppleInternal", &st); I think it might be better to do: static bool isInternal = FileSystem::fileIsDirectory("/AppleInternal", FileSystem::ShouldFollowSymbolicLinks::No);

Per Arne Vollan

Comment 6 2020-09-23 11:40:19 PDT

Created attachment 409488 [details] Patch

Per Arne Vollan

Comment 7 2020-09-23 11:40:56 PDT

(In reply to Brent Fulgham from comment #5) > Comment on attachment 409385 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=409385&action=review > > r=me, but I think you could use an existing FileSystem function instead of > the raw 'stat' operation. > > > Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:68 > > +#import <sys/stat.h> > > You don't need to include this if you use , FileSystem::fileIsDirectory > > > Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:211 > > + static bool isInternal = !stat("/AppleInternal", &st); > > I think it might be better to do: > > static bool isInternal = FileSystem::fileIsDirectory("/AppleInternal", > FileSystem::ShouldFollowSymbolicLinks::No); Will fix, thanks for reviewing!

Per Arne Vollan

Comment 8 2020-09-23 11:45:42 PDT

Created attachment 409489 [details] Patch

EWS

Comment 9 2020-09-23 12:52:08 PDT

Committed r267498: <https://trac.webkit.org/changeset/267498> All reviewed patches have been landed. Closing bug and clearing flags on attachment 409489 [details].

mitz

Comment 10 2020-09-23 13:53:33 PDT

Comment on attachment 409385 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409385&action=review >> Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:211 >> + static bool isInternal = !stat("/AppleInternal", &st); > > I think it might be better to do: > > static bool isInternal = FileSystem::fileIsDirectory("/AppleInternal", FileSystem::ShouldFollowSymbolicLinks::No); Either way it’s not the recommended way to test whether a computer is running the Apple-internal version of macOS. See OSVariantSPI.h in WTF.

Per Arne Vollan

Comment 11 2020-09-23 15:19:59 PDT

(In reply to mitz from comment #10) > Comment on attachment 409385 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=409385&action=review > > >> Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:211 > >> + static bool isInternal = !stat("/AppleInternal", &st); > > > > I think it might be better to do: > > > > static bool isInternal = FileSystem::fileIsDirectory("/AppleInternal", FileSystem::ShouldFollowSymbolicLinks::No); > > Either way it’s not the recommended way to test whether a computer is > running the Apple-internal version of macOS. See OSVariantSPI.h in WTF. Ah, thanks! I will look into that.

Per Arne Vollan

Comment 12 2020-09-24 09:46:24 PDT

Created attachment 409584 [details] Patch

Per Arne Vollan

Comment 13 2020-09-24 09:47:41 PDT

Created attachment 409585 [details] Patch

Note You need to log in before you can comment on or make changes to this bug.