RESOLVED FIXED 177047
[Cocoa] Upstream sandbox-related WebKitSystemInterface functions 
https://bugs.webkit.org/show_bug.cgi?id=177047
Summary [Cocoa] Upstream sandbox-related WebKitSystemInterface functions
Andy Estes
Reported 2017-09-16 23:28:53 PDT
[Cocoa] Upstream sandbox-related WebKitSystemInterface functions
Attachments
Patch (43.81 KB, patch)
2017-09-16 23:35 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Patch (46.33 KB, patch)
2017-09-17 00:12 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Patch (46.85 KB, patch)
2017-09-17 00:45 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Patch (43.52 KB, patch)
2017-09-18 14:52 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Andy Estes
Comment 1 2017-09-16 23:35:58 PDT Comment hidden (obsolete)
Build Bot
Comment 2 2017-09-16 23:38:31 PDT Comment hidden (obsolete)
Andy Estes
Comment 3 2017-09-17 00:12:39 PDT Comment hidden (obsolete)
Build Bot
Comment 4 2017-09-17 00:13:48 PDT Comment hidden (obsolete)
Andy Estes
Comment 5 2017-09-17 00:45:21 PDT
Created attachment 321036 [details] Patch
Build Bot
Comment 6 2017-09-17 00:46:28 PDT
Attachment 321036 [details] did not pass style-queue: ERROR: Source/WebKit/Platform/spi/mac/QuarantineSPI.h:52: qtn_proc_apply_to_self is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4] ERROR: Source/WebKit/Platform/spi/mac/QuarantineSPI.h:53: qtn_proc_init_with_self is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4] ERROR: Source/WebKit/Platform/spi/mac/QuarantineSPI.h:54: qtn_proc_set_flags is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4] ERROR: Source/WebKit/Platform/spi/mac/QuarantineSPI.h:55: qtn_proc_alloc is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4] ERROR: Source/WebKit/Platform/spi/mac/QuarantineSPI.h:56: qtn_proc_free is incorrectly named. Don't use underscores in your identifier names. [readability/naming/underscores] [4] Total errors found: 5 in 17 files If any of these errors are false positives, please file a bug against check-webkit-style.
Daniel Bates
Comment 7 2017-09-17 09:46:31 PDT
Comment on attachment 321036 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=321036&action=review > Source/WebKit/ChangeLog:12 > + (): Deleted. What was deleted? Please file a bug to fix prepare-ChangeLog. > Source/WebKit/Shared/SandboxExtension.h:46 > + enum class Type { I take it you feel creating this Type namespace improves readability? > Source/WebKit/Shared/mac/ChildProcessMac.mm:86 > + qtn_proc_t quarantineProperties = qtn_proc_alloc(); For your consideration I suggest we make this a std::unique_ptr with qtn_proc_free() as its custom deleter. Then we can simplify the implementation of this function because we can omit the calls to qtn_proc_free() and this makes the implementation less error prone in the unlikely event that a new early return code path is added. > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:64 > + bool consume() Would it make sense to add an attribute to warn if the return value is unused? > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:76 > + int error = sandbox_extension_release(m_handle); We could use std::exchange(m_handle, 0) here and then reduce this function to one line. > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:81 > + const char* getSerializedFormat(size_t& length) Ditto. > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:92 > + m_token = sandbox_extension_issue_file(APP_SANDBOX_READ, path, 0); I am not near my Mac. I am assuming the right-hand side expression allocates and returns a string that you take ownership of. > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:103 > + char* m_token { nullptr }; Can we make this a std::unique_ptr? Then we do not need an in-class data member initializer (as unique_ptr default constructs to nullptr) and we can remove the destructor.
Daniel Bates
Comment 8 2017-09-17 09:54:13 PDT
(In reply to Daniel Bates from comment #7) > > > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:81 > > + const char* getSerializedFormat(size_t& length) > > Ditto. > I meant to write: Would it make sense to add an attribute to warn if the return value is unused?
Andy Estes
Comment 9 2017-09-18 14:52:26 PDT
Created attachment 321134 [details] Patch
Andy Estes
Comment 10 2017-09-18 14:57:01 PDT
(In reply to Daniel Bates from comment #7) > Comment on attachment 321036 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=321036&action=review > > For your consideration I suggest we make this a std::unique_ptr with > qtn_proc_free() as its custom deleter. Then we can simplify the > implementation of this function because we can omit the calls to > qtn_proc_free() and this makes the implementation less error prone in the > unlikely event that a new early return code path is added. I used a ScopeGuard that calls qtn_proc_free(), which I think is a little cleaner than creating a custom deleter struct for unique_ptr. > > > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:64 > > + bool consume() > > Would it make sense to add an attribute to warn if the return value is > unused? Done. > > > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:76 > > + int error = sandbox_extension_release(m_handle); > > We could use std::exchange(m_handle, 0) here and then reduce this function > to one line. Done. > > > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:81 > > + const char* getSerializedFormat(size_t& length) > > Ditto. Marked with WARN_UNUSED_RETURN. > > > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:92 > > + m_token = sandbox_extension_issue_file(APP_SANDBOX_READ, path, 0); > > I am not near my Mac. I am assuming the right-hand side expression allocates > and returns a string that you take ownership of. Yes. > > > Source/WebKit/Shared/mac/SandboxExtensionMac.mm:103 > > + char* m_token { nullptr }; > > Can we make this a std::unique_ptr? Then we do not need an in-class data > member initializer (as unique_ptr default constructs to nullptr) and we can > remove the destructor. I left this as-is. I think having a destructor calling free() is simpler than creating a custom deleter struct. The class is designed to only assign to m_token during construction and free it during destruction, so there aren't weird lifetime issues that unique_ptr would help solve.
WebKit Commit Bot
Comment 11 2017-09-18 15:35:41 PDT
Comment on attachment 321134 [details] Patch Clearing flags on attachment: 321134 Committed r222183: <http://trac.webkit.org/changeset/222183>
WebKit Commit Bot
Comment 12 2017-09-18 15:35:43 PDT
All reviewed patches have been landed. Closing bug.
Darin Adler
Comment 13 2017-09-24 18:52:46 PDT
Comment on attachment 321036 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=321036&action=review >>> Source/WebKit/Shared/mac/SandboxExtensionMac.mm:103 >>> + char* m_token { nullptr }; >> >> Can we make this a std::unique_ptr? Then we do not need an in-class data member initializer (as unique_ptr default constructs to nullptr) and we can remove the destructor. > > I left this as-is. I think having a destructor calling free() is simpler than creating a custom deleter struct. The class is designed to only assign to m_token during construction and free it during destruction, so there aren't weird lifetime issues that unique_ptr would help solve. Would be safer if you deleted the assignment operator and copy constructor so we don’t accidentally make a copy of this.
Radar WebKit Bug Importer
Comment 14 2017-09-27 12:29:42 PDT
<rdar://problem/34693377>
Note You need to log in before you can comment on or make changes to this bug.