214233 – REGRESSION (r261152): 10 blocks of critical sandboxing code disabled because they are guarded with HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)

Bug 214233 - REGRESSION (r261152): 10 blocks of critical sandboxing code disabled because they are guarded with HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)

Summary: REGRESSION (r261152): 10 blocks of critical sandboxing code disabled because ...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P1 Critical
Assignee:	Darin Adler

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-07-12 07:57 PDT by Darin Adler
Modified:	2020-07-13 13:34 PDT (History)
CC List:	9 users (show)

See Also:	211427 214244

Attachments
Patch (10.86 KB, patch) 2020-07-12 08:04 PDT, Darin Adler	no flags	Details \| Formatted Diff \| Diff
Patch (11.44 KB, patch) 2020-07-12 08:39 PDT, Darin Adler	no flags	Details \| Formatted Diff \| Diff
Patch (11.44 KB, patch) 2020-07-12 08:50 PDT, Darin Adler	no flags	Details \| Formatted Diff \| Diff
Patch (12.11 KB, patch) 2020-07-12 09:07 PDT, Darin Adler	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Darin Adler 2020-07-12 07:57:11 PDT

The change in r261152 intended to remove no-longer-needed conditionals that are now always true on Cocoa platforms.

However, when I made that change I accidentally left 9 blocks of code guarded by HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN) behind. So these were all disabled!

These 9 blocks of code must either be:

1) enabled unconditionally
2) guarded by #HAVE(AUDIT_TOKEN)
3) guarded by ENABLE(SANDBOX_EXTENSIONS)

Comment 1 Darin Adler 2020-07-12 08:04:12 PDT Comment hidden (obsolete)

Created attachment 404096 [details]
Patch

Comment 2 Darin Adler 2020-07-12 08:04:55 PDT

Patch enables these code paths unconditionally. I’ll count on EWS to detect if I need to guard these with HAVE(AUDIO_TOKEN) or ENABLE(SANDBOX_EXTENSIONS).

Comment 3 Darin Adler 2020-07-12 08:21:45 PDT

To fix the WinCairo build I am working on a revised version that puts more code inside ENABLE(SANDBOX_EXTENSIONS).

Comment 4 Darin Adler 2020-07-12 08:39:44 PDT Comment hidden (obsolete)

Created attachment 404098 [details]
Patch

Comment 5 Darin Adler 2020-07-12 08:50:01 PDT Comment hidden (obsolete)

Created attachment 404099 [details]
Patch

Comment 6 Darin Adler 2020-07-12 09:07:47 PDT

Created attachment 404101 [details]
Patch

Comment 7 Darin Adler 2020-07-12 09:59:42 PDT

Ended up adding a couple ENABLE(SANDBOX_EXTENSIONS) guards. Patch is ready for review now.

Comment 8 Per Arne Vollan 2020-07-12 11:27:08 PDT

Comment on attachment 404101 [details]
Patch

R=me

Comment 9 EWS 2020-07-12 11:53:57 PDT

Committed r264283: <https://trac.webkit.org/changeset/264283>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 404101 [details].

Comment 10 Radar WebKit Bug Importer 2020-07-12 11:54:12 PDT

<rdar://problem/65439117>

Comment 11 Fujii Hironori 2020-07-13 00:13:39 PDT

WinCairo can't load local files since this change.
Filed: Bug 214248 – [WinCairo][WK2] REGRESSION (r264283): Can't load file: URL

Comment 12 Darin Adler 2020-07-13 13:34:35 PDT

rdar://64219585