Bug 228220 - WebProcess sandboxing does not apply for open source builds on macOS 12.0 (beta 2 and later)
Summary: WebProcess sandboxing does not apply for open source builds on macOS 12.0 (be...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Local Build
Hardware: Mac (Apple Silicon) Other
: P2 Major
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-07-22 22:57 PDT by Dinesh Kumar Vyas
Modified: 2022-02-10 16:38 PST (History)
7 users (show)

See Also:

Attachments
Patch to fix WebProcess sandboxing issue for open source builds (on macOS 12.0 beta 2 and later) (1.99 KB, patch)
2021-07-22 23:04 PDT, Dinesh Kumar Vyas 		no flags Details | Formatted Diff | Diff
Patch (8.03 KB, patch)
2021-07-26 06:40 PDT, Saagar Jha 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dinesh Kumar Vyas 2021-07-22 22:57:19 PDT 
WebProcess sandboxing is broken (for local/public builds) on macOS 12.0 (beta 2 and later), causing instant crash/termination of WebProcess.

Root cause:

ENABLE_SANDBOX_MESSAGE_FILTER is NO for non Apple internal builds and we are using 

        (AppleAVDUserClientMessageFilter)
        (IOMobileFramebufferUserClientMessageFilter)
        (IOSurfaceAcceleratorClientMessageFilter)

Which are undefined and causing crash on compiling sb file.

---------------------------------------------------

Logs:

com.apple.WebKit.WebContent.Orion: Could not compile WebContent sandbox: <internal init prelude>:102:28: illegal argument: 
	(internal-strcmp a b #f)

sandbox initialization failed: <internal init prelude>:102:28: illegal argument: 
	(internal-strcmp a b #f)

com.apple.WebKit.WebContent.Orion: Could not initialize sandbox profile [/Volumes/Macintosh HD/Users/Shared/Development/WebKit/WebKit.framework/Resources/com.apple.WebProcess.sb], error '<internal init prelude>:102:28: illegal argument: 
	(internal-strcmp a b #f)
'
ENABLE_SANDBOX_MESSAGE_FILTER=NO
_OS_VERSION=12.0
WEBKIT2_FRAMEWORK_DIR=/Volumes/Macintosh HD/Users/Shared/Development/WebKit
DARWIN_USER_TEMP_DIR=/private/var/folders/98/bhsc41h91w19w4t4p3l_6_240000gp/T/com.apple.WebKit.WebContent
DARWIN_USER_CACHE_DIR=/private/var/folders/98/bhsc41h91w19w4t4p3l_6_240000gp/C/com.apple.WebKit.WebContent
HOME_DIR=/Users/dineshkumarvyas
HOME_LIBRARY_DIR=/Users/dineshkumarvyas/Library
HOME_LIBRARY_PREFERENCES_DIR=/Users/dineshkumarvyas/Library/Preferences
CPU=arm64
com.apple.WebKit.WebContent.Orion: Unable to apply sandbox
Comment 1 Dinesh Kumar Vyas 2021-07-22 23:04:02 PDT 
Created attachment 434065 [details]
Patch to fix WebProcess sandboxing issue for open source builds (on macOS 12.0 beta 2 and later)

Added check for USE(APPLE_INTERNAL_SDK) wherever needed as ENABLE_SANDBOX_MESSAGE_FILTER is always NO/false for open source builds and AppleAVDUserClientMessageFilter, IOSurfaceAcceleratorClientMessageFilter and IOMobileFramebufferUserClientMessageFilter are anavailable there which breaks sandbox compilation using sandbox_compile_file
Comment 2 Saagar Jha 2021-07-26 06:40:09 PDT 
Created attachment 434204 [details]
Patch
Comment 3 Saagar Jha 2021-07-26 06:46:37 PDT 
Here's a slightly different patch that fixes the conditional instead of conditionalizing on USE(APPLE_INTERNAL_SDK). Like the rest of the profile, it duplicates the allow rule and wraps one side in the check for ENABLE_SANDBOX_MESSAGE_FILTER. I was hoping this would do for now, as it matches what the other code looks like, but I'd be interested to see if there was interest for cleaning this up a bit in across all the message filters in a future patch.
Comment 4 Per Arne Vollan 2021-07-26 08:01:00 PDT 
Comment on attachment 434204 [details]
Patch

R=me.
Comment 5 Radar WebKit Bug Importer 2021-07-26 08:01:36 PDT 
<rdar://problem/81108098>
Comment 6 EWS 2021-07-27 11:14:29 PDT 
Committed r280345 (239992@main): <https://commits.webkit.org/239992@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 434204 [details].