<rdar://problem/56750384>

Created attachment 382332 [details] Patch

Comment on attachment 382332 [details] Patch Attachment 382332 [details] did not pass jsc-ews (mac): Output: https://webkit-queues.webkit.org/results/13192015 New failing tests: mozilla-tests.yaml/js1_5/Array/regress-101964.js.mozilla-ftl-eager-no-cjit-validate-phases

Comment on attachment 382332 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=382332&action=review > Source/WebKit/ChangeLog:11 > + typically sent in the WebProcess creation parameters. Is there a way to ensure we only call this no-audit-token code in cases where we don't have a connection yet? Maybe have the code take a ProcessProxy object and get its connection internally so a future developer can't accidentally misuse the API? > Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm:58 > + if (!SandboxExtension::createHandleForMachLookup("com.apple.iphone.axserver-systemwide", connection() ? connection()->getAuditToken() : WTF::nullopt, handle)) What if we passed the {Web|Network|ProcessProxy here (instead of the audit token pointer) so we could always confirm we were only passing a nullptr audit token when a connection was missing.

(In reply to Brent Fulgham from comment #4) > Comment on attachment 382332 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=382332&action=review > > > Source/WebKit/ChangeLog:11 > > + typically sent in the WebProcess creation parameters. > > Is there a way to ensure we only call this no-audit-token code in cases > where we don't have a connection yet? Maybe have the code take a > ProcessProxy object and get its connection internally so a future developer > can't accidentally misuse the API? > > > Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm:58 > > + if (!SandboxExtension::createHandleForMachLookup("com.apple.iphone.axserver-systemwide", connection() ? connection()->getAuditToken() : WTF::nullopt, handle)) > > What if we passed the {Web|Network|ProcessProxy here (instead of the audit > token pointer) so we could always confirm we were only passing a nullptr > audit token when a connection was missing. I think this is an excellent idea to enforce providing the audit token when available. However, I see that we normally don't include things from WebKit (e.g. #include <WebKit/WebProcessProxy.h>) from files in the WebKit Shared folder. Given this, should I still make the change? Thanks for reviewing!

Comment on attachment 382332 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=382332&action=review >>> Source/WebKit/ChangeLog:11 >>> + typically sent in the WebProcess creation parameters. >> >> Is there a way to ensure we only call this no-audit-token code in cases where we don't have a connection yet? Maybe have the code take a ProcessProxy object and get its connection internally so a future developer can't accidentally misuse the API? > > I think this is an excellent idea to enforce providing the audit token when available. However, I see that we normally don't include things from WebKit (e.g. #include <WebKit/WebProcessProxy.h>) from files in the WebKit Shared folder. Given this, should I still make the change? > > Thanks for reviewing! I see -- since this is used in UIProcess and {Web|Network}Process, this would be a layering violation. Okay -- let's leave it as-is.

Comment on attachment 382332 [details] Patch Thanks!

Comment on attachment 382332 [details] Patch Clearing flags on attachment: 382332 Committed r251825: <https://trac.webkit.org/changeset/251825>

All reviewed patches have been landed. Closing bug.