Bug 228220

Summary: WebProcess sandboxing does not apply for open source builds on macOS 12.0 (beta 2 and later)
Product: WebKit Reporter: Dinesh Kumar Vyas <dinodev90>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Major CC: ap, dinodev90, jbedard, kkinnunen, pvollan, saagar, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Local Build   
Hardware: Mac (Apple Silicon)   
OS: Other   
Attachments:
Description Flags
Patch to fix WebProcess sandboxing issue for open source builds (on macOS 12.0 beta 2 and later)
none
Patch none

Description Dinesh Kumar Vyas 2021-07-22 22:57:19 PDT 
WebProcess sandboxing is broken (for local/public builds) on macOS 12.0 (beta 2 and later), causing instant crash/termination of WebProcess.

Root cause:

ENABLE_SANDBOX_MESSAGE_FILTER is NO for non Apple internal builds and we are using 

        (AppleAVDUserClientMessageFilter)
        (IOMobileFramebufferUserClientMessageFilter)
        (IOSurfaceAcceleratorClientMessageFilter)

Which are undefined and causing crash on compiling sb file.

---------------------------------------------------

Logs:

com.apple.WebKit.WebContent.Orion: Could not compile WebContent sandbox: <internal init prelude>:102:28: illegal argument: 
	(internal-strcmp a b #f)

sandbox initialization failed: <internal init prelude>:102:28: illegal argument: 
	(internal-strcmp a b #f)

com.apple.WebKit.WebContent.Orion: Could not initialize sandbox profile [/Volumes/Macintosh HD/Users/Shared/Development/WebKit/WebKit.framework/Resources/com.apple.WebProcess.sb], error '<internal init prelude>:102:28: illegal argument: 
	(internal-strcmp a b #f)
'
ENABLE_SANDBOX_MESSAGE_FILTER=NO
_OS_VERSION=12.0
WEBKIT2_FRAMEWORK_DIR=/Volumes/Macintosh HD/Users/Shared/Development/WebKit
DARWIN_USER_TEMP_DIR=/private/var/folders/98/bhsc41h91w19w4t4p3l_6_240000gp/T/com.apple.WebKit.WebContent
DARWIN_USER_CACHE_DIR=/private/var/folders/98/bhsc41h91w19w4t4p3l_6_240000gp/C/com.apple.WebKit.WebContent
HOME_DIR=/Users/dineshkumarvyas
HOME_LIBRARY_DIR=/Users/dineshkumarvyas/Library
HOME_LIBRARY_PREFERENCES_DIR=/Users/dineshkumarvyas/Library/Preferences
CPU=arm64
com.apple.WebKit.WebContent.Orion: Unable to apply sandbox
Comment 1 Dinesh Kumar Vyas 2021-07-22 23:04:02 PDT 
Created attachment 434065 [details]
Patch to fix WebProcess sandboxing issue for open source builds (on macOS 12.0 beta 2 and later)

Added check for USE(APPLE_INTERNAL_SDK) wherever needed as ENABLE_SANDBOX_MESSAGE_FILTER is always NO/false for open source builds and AppleAVDUserClientMessageFilter, IOSurfaceAcceleratorClientMessageFilter and IOMobileFramebufferUserClientMessageFilter are anavailable there which breaks sandbox compilation using sandbox_compile_file
Comment 2 Saagar Jha 2021-07-26 06:40:09 PDT 
Created attachment 434204 [details]
Patch
Comment 3 Saagar Jha 2021-07-26 06:46:37 PDT 
Here's a slightly different patch that fixes the conditional instead of conditionalizing on USE(APPLE_INTERNAL_SDK). Like the rest of the profile, it duplicates the allow rule and wraps one side in the check for ENABLE_SANDBOX_MESSAGE_FILTER. I was hoping this would do for now, as it matches what the other code looks like, but I'd be interested to see if there was interest for cleaning this up a bit in across all the message filters in a future patch.
Comment 4 Per Arne Vollan 2021-07-26 08:01:00 PDT 
Comment on attachment 434204 [details]
Patch

R=me.
Comment 5 Radar WebKit Bug Importer 2021-07-26 08:01:36 PDT 
<rdar://problem/81108098>
Comment 6 EWS 2021-07-27 11:14:29 PDT 
Committed r280345 (239992@main): <https://commits.webkit.org/239992@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 434204 [details].