RESOLVED FIXED227103
Clear state after process crash so that we know to re-issue sandbox extensions 
https://bugs.webkit.org/show_bug.cgi?id=227103
Summary Clear state after process crash so that we know to re-issue sandbox extensions
Brent Fulgham
Reported 2021-06-16 17:11:43 PDT
We dynamically extend access to certain mach services when the ATTACHMENT_ELEMENT feature is enabled. If a process with this feature activated crashes and WebKit relaunches it, we don't grant the new process the same extensions because we believe they were already previously sent. This patch clears the state after a process crash so that it properly handles the restart case.
Attachments
Patch (2.13 KB, patch)
2021-06-16 17:17 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (3.27 KB, patch)
2021-06-17 17:16 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.31 KB, patch)
2021-06-18 12:52 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2021-06-16 17:12:18 PDT
<rdar://problem/77588760>
Brent Fulgham
Comment 2 2021-06-16 17:17:09 PDT
Created attachment 431624 [details] Patch
Per Arne Vollan
Comment 3 2021-06-17 00:55:29 PDT
Comment on attachment 431624 [details] Patch R=me.
EWS
Comment 4 2021-06-17 15:14:24 PDT
Committed r279014 (238939@main): <https://commits.webkit.org/238939@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431624 [details].
Brent Fulgham
Comment 5 2021-06-17 17:16:22 PDT
Reopening to attach new patch.
Brent Fulgham
Comment 6 2021-06-17 17:16:23 PDT
Created attachment 431745 [details] Patch
Tim Horton
Comment 7 2021-06-17 17:25:49 PDT
Comment on attachment 431745 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=431745&action=review > Source/WebKit/UIProcess/WebPageProxy.cpp:8201 > - if (m_preferences->attachmentElementEnabled() && !m_process->hasIssuedAttachmentElementRelatedSandboxExtensions()) { > + if (m_preferences->attachmentElementEnabled() && !process.hasIssuedAttachmentElementRelatedSandboxExtensions()) { There's other code that uses m_process in this function... is it wrong too??
Brent Fulgham
Comment 8 2021-06-17 23:28:56 PDT
(In reply to Tim Horton from comment #7) > Comment on attachment 431745 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=431745&action=review > > > Source/WebKit/UIProcess/WebPageProxy.cpp:8201 > > - if (m_preferences->attachmentElementEnabled() && !m_process->hasIssuedAttachmentElementRelatedSandboxExtensions()) { > > + if (m_preferences->attachmentElementEnabled() && !process.hasIssuedAttachmentElementRelatedSandboxExtensions()) { > > There's other code that uses m_process in this function... is it wrong too?? Probably? I’ll take a look….
Brent Fulgham
Comment 9 2021-06-18 12:52:40 PDT
Created attachment 431784 [details] Patch for landing
Brent Fulgham
Comment 10 2021-06-18 12:53:48 PDT
(In reply to Brent Fulgham from comment #8) > (In reply to Tim Horton from comment #7) > > Comment on attachment 431745 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=431745&action=review > > > > > Source/WebKit/UIProcess/WebPageProxy.cpp:8201 > > > - if (m_preferences->attachmentElementEnabled() && !m_process->hasIssuedAttachmentElementRelatedSandboxExtensions()) { > > > + if (m_preferences->attachmentElementEnabled() && !process.hasIssuedAttachmentElementRelatedSandboxExtensions()) { > > > > There's other code that uses m_process in this function... is it wrong too?? > > Probably? I’ll take a look…. The only other instance I saw was this one: parameters.shouldCaptureDisplayInUIProcess = m_process->processPool().configuration().shouldCaptureDisplayInUIProcess(); I didn't change it because I wanted to check with GPU Process people. I suspect its fine as-is, since they are likely using the same process pool. I wasn't sure if the state about capturing display in the UI Process would be correct in the new process yet, either.
EWS
Comment 11 2021-06-18 13:36:45 PDT
Committed r279045 (238965@main): <https://commits.webkit.org/238965@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431784 [details].
Note You need to log in before you can comment on or make changes to this bug.