Bug 228220

Summary: WebProcess sandboxing does not apply for open source builds on macOS 12.0 (beta 2 and later)
Product: WebKit Reporter: Dinesh Kumar Vyas <dinodev90>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Major CC: ap, dinodev90, jbedard, kkinnunen, pvollan, saagar, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Mac (Apple Silicon)   
OS: Other   
Attachments:
Description Flags
Patch to fix WebProcess sandboxing issue for open source builds (on macOS 12.0 beta 2 and later)
none
Patch none

Dinesh Kumar Vyas
Reported 2021-07-22 22:57:19 PDT
WebProcess sandboxing is broken (for local/public builds) on macOS 12.0 (beta 2 and later), causing instant crash/termination of WebProcess. Root cause: ENABLE_SANDBOX_MESSAGE_FILTER is NO for non Apple internal builds and we are using (AppleAVDUserClientMessageFilter) (IOMobileFramebufferUserClientMessageFilter) (IOSurfaceAcceleratorClientMessageFilter) Which are undefined and causing crash on compiling sb file. --------------------------------------------------- Logs: com.apple.WebKit.WebContent.Orion: Could not compile WebContent sandbox: <internal init prelude>:102:28: illegal argument: (internal-strcmp a b #f) sandbox initialization failed: <internal init prelude>:102:28: illegal argument: (internal-strcmp a b #f) com.apple.WebKit.WebContent.Orion: Could not initialize sandbox profile [/Volumes/Macintosh HD/Users/Shared/Development/WebKit/WebKit.framework/Resources/com.apple.WebProcess.sb], error '<internal init prelude>:102:28: illegal argument: (internal-strcmp a b #f) ' ENABLE_SANDBOX_MESSAGE_FILTER=NO _OS_VERSION=12.0 WEBKIT2_FRAMEWORK_DIR=/Volumes/Macintosh HD/Users/Shared/Development/WebKit DARWIN_USER_TEMP_DIR=/private/var/folders/98/bhsc41h91w19w4t4p3l_6_240000gp/T/com.apple.WebKit.WebContent DARWIN_USER_CACHE_DIR=/private/var/folders/98/bhsc41h91w19w4t4p3l_6_240000gp/C/com.apple.WebKit.WebContent HOME_DIR=/Users/dineshkumarvyas HOME_LIBRARY_DIR=/Users/dineshkumarvyas/Library HOME_LIBRARY_PREFERENCES_DIR=/Users/dineshkumarvyas/Library/Preferences CPU=arm64 com.apple.WebKit.WebContent.Orion: Unable to apply sandbox
Attachments
Patch to fix WebProcess sandboxing issue for open source builds (on macOS 12.0 beta 2 and later) (1.99 KB, patch)
2021-07-22 23:04 PDT, Dinesh Kumar Vyas 		no flags
DetailsFormatted DiffDiff
Patch (8.03 KB, patch)
2021-07-26 06:40 PDT, Saagar Jha 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dinesh Kumar Vyas
Comment 1 2021-07-22 23:04:02 PDT
Created attachment 434065 [details] Patch to fix WebProcess sandboxing issue for open source builds (on macOS 12.0 beta 2 and later) Added check for USE(APPLE_INTERNAL_SDK) wherever needed as ENABLE_SANDBOX_MESSAGE_FILTER is always NO/false for open source builds and AppleAVDUserClientMessageFilter, IOSurfaceAcceleratorClientMessageFilter and IOMobileFramebufferUserClientMessageFilter are anavailable there which breaks sandbox compilation using sandbox_compile_file
Saagar Jha
Comment 2 2021-07-26 06:40:09 PDT
Created attachment 434204 [details] Patch
Saagar Jha
Comment 3 2021-07-26 06:46:37 PDT
Here's a slightly different patch that fixes the conditional instead of conditionalizing on USE(APPLE_INTERNAL_SDK). Like the rest of the profile, it duplicates the allow rule and wraps one side in the check for ENABLE_SANDBOX_MESSAGE_FILTER. I was hoping this would do for now, as it matches what the other code looks like, but I'd be interested to see if there was interest for cleaning this up a bit in across all the message filters in a future patch.
Per Arne Vollan
Comment 4 2021-07-26 08:01:00 PDT
Comment on attachment 434204 [details] Patch R=me.
Radar WebKit Bug Importer
Comment 5 2021-07-26 08:01:36 PDT
<rdar://problem/81108098>
EWS
Comment 6 2021-07-27 11:14:29 PDT
Committed r280345 (239992@main): <https://commits.webkit.org/239992@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 434204 [details].
Note You need to log in before you can comment on or make changes to this bug.