Bug 203626 - Investigate if mach lookup access to *.apple-extension-service, *.viewservice, and com.apple.uikit.viewservice.* can be denied
Summary: Investigate if mach lookup access to *.apple-extension-service, *.viewservice...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-10-30 14:03 PDT by Per Arne Vollan
Modified: 2019-11-01 13:19 PDT (History)
5 users (show)

See Also:


Attachments
Patch (2.16 KB, patch)
2019-10-30 14:06 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (2.04 KB, patch)
2019-10-30 14:10 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (1.82 KB, patch)
2019-11-01 11:23 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2019-10-30 14:03:23 PDT
These services have not been observed being in use while running layout test, and should be denied in the WebContent Sandbox.
Comment 1 Radar WebKit Bug Importer 2019-10-30 14:03:41 PDT
<rdar://problem/56757653>
Comment 2 Per Arne Vollan 2019-10-30 14:06:16 PDT
Created attachment 382348 [details]
Patch
Comment 3 Per Arne Vollan 2019-10-30 14:10:54 PDT
Created attachment 382351 [details]
Patch
Comment 4 Brent Fulgham 2019-10-30 14:58:16 PDT
Comment on attachment 382351 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=382351&action=review

I am worried about this change. Please make sure to test on a device with this sandbox, using MobileMaill and MobileSafari, and attempting to share URLs.

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:434
>          (xpc-service-name-regex #"\.apple-extension-service$") ;; <rdar://problem/19525887>

I can't see this radar, but this could be related to sharing services. We should make sure to test with share sheet before checking this change in.

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:435
>          (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371>

I'm worried about this denial: According to <rdar://problem/31252371>, this was triggered in MobileSafari. Unless you have run MobileSafari with this change, I wouldn't want to land this.
Comment 5 Per Arne Vollan 2019-10-30 15:33:08 PDT
(In reply to Brent Fulgham from comment #4)
> Comment on attachment 382351 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=382351&action=review
> 
> I am worried about this change. Please make sure to test on a device with
> this sandbox, using MobileMaill and MobileSafari, and attempting to share
> URLs.
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:434
> >          (xpc-service-name-regex #"\.apple-extension-service$") ;; <rdar://problem/19525887>
> 
> I can't see this radar, but this could be related to sharing services. We
> should make sure to test with share sheet before checking this change in.
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:435
> >          (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371>
> 
> I'm worried about this denial: According to <rdar://problem/31252371>, this
> was triggered in MobileSafari. Unless you have run MobileSafari with this
> change, I wouldn't want to land this.

I will perform tests with MobileMail and MobileSafari, sharing URLs and testing with share sheet.

Thanks for reviewing!
Comment 6 Alexey Proskuryakov 2019-10-30 23:18:42 PDT
Comment on attachment 382351 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=382351&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:432
> +    (deny mach-lookup (with send-signal SIGKILL)

Sending SIGKILL is potentially super disruptive to a lot of people if we miss something in testing. At the very least, there should be a bug that tracks removing SIGKILL before shipping, but really, we need a better mechanism to learn about sandbox violations.
Comment 7 Per Arne Vollan 2019-11-01 11:23:46 PDT
Created attachment 382599 [details]
Patch
Comment 8 Alexey Proskuryakov 2019-11-01 11:49:55 PDT
Comment on attachment 382599 [details]
Patch

OK. I don't know what "with telemetry" does, but it sounds appropriate :)
Comment 9 Per Arne Vollan 2019-11-01 11:52:52 PDT
(In reply to Alexey Proskuryakov from comment #8)
> Comment on attachment 382599 [details]
> Patch
> 
> OK. I don't know what "with telemetry" does, but it sounds appropriate :)

Thanks for reviewing :)
Comment 10 WebKit Commit Bot 2019-11-01 13:19:18 PDT
Comment on attachment 382599 [details]
Patch

Clearing flags on attachment: 382599

Committed r251935: <https://trac.webkit.org/changeset/251935>
Comment 11 WebKit Commit Bot 2019-11-01 13:19:20 PDT
All reviewed patches have been landed.  Closing bug.