RESOLVED FIXED 220777
[macOS] The development WebContent XPC service crashes under WebKit::AuxiliaryProcess::initializeSandbox 
https://bugs.webkit.org/show_bug.cgi?id=220777
Summary [macOS] The development WebContent XPC service crashes under WebKit::Auxiliar...
Per Arne Vollan
Reported 2021-01-20 11:49:31 PST
This happens because the development XPC service does not have the required private entitlement to enable message filtering in the sandbox, and therefore fails to apply the sandbox. The existing runtime switching to enable message filtering based on the presence of the entitlement is not working correctly.
Attachments
Patch (15.54 KB, patch)
2021-01-20 12:01 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (16.67 KB, patch)
2021-01-20 12:51 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (16.63 KB, patch)
2021-01-20 14:23 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2021-01-20 11:50:06 PST
<rdar://problem/73382584>
Per Arne Vollan
Comment 2 2021-01-20 12:01:10 PST
Created attachment 417986 [details] Patch
Per Arne Vollan
Comment 3 2021-01-20 12:51:24 PST
Created attachment 417989 [details] Patch
Per Arne Vollan
Comment 4 2021-01-20 14:23:47 PST
Created attachment 417996 [details] Patch
Brent Fulgham
Comment 5 2021-01-21 10:41:44 PST
Comment on attachment 417996 [details] Patch r=me
Per Arne Vollan
Comment 6 2021-01-21 11:25:05 PST
(In reply to Brent Fulgham from comment #5) > Comment on attachment 417996 [details] > Patch > > r=me Thanks for reviewing!
EWS
Comment 7 2021-01-21 12:35:10 PST
Committed r271710: <https://trac.webkit.org/changeset/271710> All reviewed patches have been landed. Closing bug and clearing flags on attachment 417996 [details].
Alexey Proskuryakov
Comment 8 2021-01-21 18:31:43 PST
Comment on attachment 417996 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=417996&action=review > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-121 > -#if HAVE(SANDBOX_MESSAGE_FILTERING) I'm surprised by the removal of compile time check. But I guess it's OK given that EWS is green.
Per Arne Vollan
Comment 9 2021-01-25 11:10:00 PST
(In reply to Alexey Proskuryakov from comment #8) > Comment on attachment 417996 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=417996&action=review > > > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-121 > > -#if HAVE(SANDBOX_MESSAGE_FILTERING) > > I'm surprised by the removal of compile time check. But I guess it's OK > given that EWS is green. This should now be handled at compile time of the sandbox. Thanks for reviewing!
Note You need to log in before you can comment on or make changes to this bug.