Bug 197895 - Allow NSFileCoordinator to be called from WebContent process
Summary: Allow NSFileCoordinator to be called from WebContent process
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-05-14 14:28 PDT by Alex Christensen
Modified: 2019-05-15 07:55 PDT (History)
4 users (show)

See Also:


Attachments
Patch (3.46 KB, patch)
2019-05-14 14:30 PDT, Alex Christensen
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2019-05-14 14:28:06 PDT
Allow NSFileCoordinator to be called from WebContent process
Comment 1 Alex Christensen 2019-05-14 14:30:58 PDT
Created attachment 369893 [details]
Patch
Comment 2 Alex Christensen 2019-05-14 14:31:00 PDT
<rdar://problem/50107679>
Comment 3 Brent Fulgham 2019-05-14 15:13:19 PDT
Comment on attachment 369893 [details]
Patch

r=me
Comment 4 Per Arne Vollan 2019-05-14 15:28:32 PDT
Comment on attachment 369893 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review

> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598
> +(allow mach-lookup
> +    (global-name "com.apple.FileCoordination"))
> +

Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup?
Comment 5 Per Arne Vollan 2019-05-14 15:55:43 PDT
Comment on attachment 369893 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review

>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598
>> +
> 
> Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup?

Or perhaps we could issue a mach lookup sandbox extension from the UI process in the injected bundle case?
Comment 6 Alex Christensen 2019-05-15 07:27:35 PDT
Comment on attachment 369893 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=369893&action=review

>>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:598
>>> +
>> 
>> Would it be possible to broker the NSFileCoordinator call to the UI process, to avoid allowing this mach-lookup?
> 
> Or perhaps we could issue a mach lookup sandbox extension from the UI process in the injected bundle case?

The mach-lookup is now matching iOS, so I'm not too concerned about adding it.  I do regret the additional syscalls, and I'm not sure if you can make sandbox extensions for syscalls.
Comment 7 WebKit Commit Bot 2019-05-15 07:55:17 PDT
Comment on attachment 369893 [details]
Patch

Clearing flags on attachment: 369893

Committed r245322: <https://trac.webkit.org/changeset/245322>
Comment 8 WebKit Commit Bot 2019-05-15 07:55:19 PDT
All reviewed patches have been landed.  Closing bug.