Bug 200543 - [Mac] Use the PID of the WebContent process when issuing local file read sandbox extensions
Summary: [Mac] Use the PID of the WebContent process when issuing local file read sand...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on: 200772 202012
Blocks: 206544
  Show dependency treegraph
 
Reported: 2019-08-08 11:23 PDT by Per Arne Vollan
Modified: 2020-01-21 11:38 PST (History)
8 users (show)

See Also:


Attachments
Patch (7.11 KB, patch)
2019-08-08 11:47 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (7.12 KB, patch)
2019-08-08 12:47 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (8.23 KB, patch)
2019-08-17 22:12 PDT, Per Arne Vollan
bfulgham: review+
bfulgham: commit-queue-
Details | Formatted Diff | Diff
Patch (8.20 KB, patch)
2019-08-18 11:54 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2019-08-08 11:23:01 PDT
When issuing local file read sandbox extensions, use the process identifier of the WebContent process.
Comment 1 Per Arne Vollan 2019-08-08 11:28:33 PDT
rdar://problem/49394015
Comment 2 Per Arne Vollan 2019-08-08 11:47:47 PDT
Created attachment 375829 [details]
Patch
Comment 3 Brent Fulgham 2019-08-08 12:24:47 PDT
Comment on attachment 375829 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=375829&action=review

Looks good.

> Source/WebKit/ChangeLog:9
> +        the WebContent process.

Maybe it would be better phrased as:

"Adopt SPI to issue a process-specific sandbox extension for local file read, passing it the process identifier of the WebContent process."
Comment 4 Per Arne Vollan 2019-08-08 12:43:12 PDT
(In reply to Brent Fulgham from comment #3)
> Comment on attachment 375829 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=375829&action=review
> 
> Looks good.
> 
> > Source/WebKit/ChangeLog:9
> > +        the WebContent process.
> 
> Maybe it would be better phrased as:
> 
> "Adopt SPI to issue a process-specific sandbox extension for local file
> read, passing it the process identifier of the WebContent process."

Thanks for reviewing! I will update the patch.
Comment 5 Per Arne Vollan 2019-08-08 12:47:19 PDT
Created attachment 375832 [details]
Patch
Comment 6 WebKit Commit Bot 2019-08-08 13:32:48 PDT
Comment on attachment 375832 [details]
Patch

Clearing flags on attachment: 375832

Committed r248440: <https://trac.webkit.org/changeset/248440>
Comment 7 Per Arne Vollan 2019-08-17 22:12:41 PDT
Created attachment 376628 [details]
Patch
Comment 8 Brent Fulgham 2019-08-18 08:28:18 PDT
Comment on attachment 376628 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=376628&action=review

I think the log message should be changed, but otherwise this looks good. R=me.

> Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:357
> +        WTFLogAlways("Could not create a '%s' sandbox extension", path.utf8().data());

Thislog message could leak potentially private user data to our logs. Could you change it to one of the LOG_DEBUG macros, or perhaps just remove the path from the log file? it should be enough to log that a file extension could not be generated.
Comment 9 Per Arne Vollan 2019-08-18 11:54:43 PDT
Created attachment 376647 [details]
Patch
Comment 10 Per Arne Vollan 2019-08-18 11:56:33 PDT
(In reply to Brent Fulgham from comment #8)
> Comment on attachment 376628 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=376628&action=review
> 
> I think the log message should be changed, but otherwise this looks good.
> R=me.
> 
> > Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm:357
> > +        WTFLogAlways("Could not create a '%s' sandbox extension", path.utf8().data());
> 
> Thislog message could leak potentially private user data to our logs. Could
> you change it to one of the LOG_DEBUG macros, or perhaps just remove the
> path from the log file? it should be enough to log that a file extension
> could not be generated.

Done.

Thanks for reviewing!
Comment 11 WebKit Commit Bot 2019-08-18 12:38:13 PDT
Comment on attachment 376647 [details]
Patch

Clearing flags on attachment: 376647

Committed r248832: <https://trac.webkit.org/changeset/248832>