RESOLVED FIXED 197895
Allow NSFileCoordinator to be called from WebContent process 
https://bugs.webkit.org/show_bug.cgi?id=197895
Summary Allow NSFileCoordinator to be called from WebContent process
Alex Christensen
Reported 2019-05-14 14:28:06 PDT
Allow NSFileCoordinator to be called from WebContent process
Attachments
Patch (3.46 KB, patch)
2019-05-14 14:30 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2019-05-14 14:30:58 PDT
Created attachment 369893 [details] Patch
Alex Christensen
Comment 2 2019-05-14 14:31:00 PDT
<rdar://problem/50107679>
Brent Fulgham
Comment 3 2019-05-14 15:13:19 PDT
Comment on attachment 369893 [details] Patch r=me
Per Arne Vollan
Comment 4 2019-05-14 15:28:32 PDT
Comment on attachment 369893 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598 > +(allow mach-lookup > + (global-name "com.apple.FileCoordination")) > + Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup?
Per Arne Vollan
Comment 5 2019-05-14 15:55:43 PDT
Comment on attachment 369893 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review >> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598 >> + > > Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup? Or perhaps we could issue a mach lookup sandbox extension from the UI process in the injected bundle case?
Alex Christensen
Comment 6 2019-05-15 07:27:35 PDT
Comment on attachment 369893 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review >>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598 >>> + >> >> Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup? > > Or perhaps we could issue a mach lookup sandbox extension from the UI process in the injected bundle case? The mach-lookup is now matching iOS, so I'm not too concerned about adding it. I do regret the additional syscalls, and I'm not sure if you can make sandbox extensions for syscalls.
WebKit Commit Bot
Comment 7 2019-05-15 07:55:17 PDT
Comment on attachment 369893 [details] Patch Clearing flags on attachment: 369893 Committed r245322: <https://trac.webkit.org/changeset/245322>
WebKit Commit Bot
Comment 8 2019-05-15 07:55:19 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.