Bug 231248 - Add an entitlement check to only allow AdAttributionDaemon to be connected to by the network process
Summary: Add an entitlement check to only allow AdAttributionDaemon to be connected to...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-10-05 13:31 PDT by Alex Christensen
Modified: 2021-10-05 16:48 PDT (History)
1 user (show)

See Also:

Attachments
Patch (6.59 KB, patch)
2021-10-05 13:35 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
Patch (7.33 KB, patch)
2021-10-05 15:50 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2021-10-05 13:31:28 PDT 
Add an entitlement check to only allow AdAttributionDaemon to be connected to by the network process
Comment 1 Alex Christensen 2021-10-05 13:35:16 PDT 
Created attachment 440257 [details]
Patch
Comment 2 Alexey Proskuryakov 2021-10-05 13:42:25 PDT 
Comment on attachment 440257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=440257&action=review

> Source/WebKit/Shared/EntryPointUtilities/Cocoa/Daemon/PCMDaemonEntryPoint.mm:84
> +            NSLog(@"connection attempted connection without required entitlement");

Does this look right in the log starting with lower case?

> Tools/TestWebKitAPI/Tests/WebKitCocoa/EventAttribution.mm:513
> +    xpc_connection_set_event_handler(connection.get(), ^(xpc_object_t event) {
> +        if (event == XPC_ERROR_CONNECTION_INTERRUPTED) {
> +            done = true;
> +    });

Not sure if this tests enough. Isn't the purpose to verify that the connection is never established? This just verifies that it's dropped, perhaps only eventually.

Also, failing as timeout isn't always understood to be a legitimate failure in practice.
Comment 3 Alex Christensen 2021-10-05 15:19:52 PDT 
Comment on attachment 440257 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=440257&action=review

>> Source/WebKit/Shared/EntryPointUtilities/Cocoa/Daemon/PCMDaemonEntryPoint.mm:84
>> +            NSLog(@"connection attempted connection without required entitlement");
> 
> Does this look right in the log starting with lower case?

I'll capitalize.

> Tools/TestWebKitAPI/Tests/WebKitCocoa/EventAttribution.mm:483
> +    system([NSString stringWithFormat:@"launchctl unload %@ 2> /dev/null", plistLocation.path].fileSystemRepresentation);

I committed this separately in http://trac.webkit.org/r283574

>> Tools/TestWebKitAPI/Tests/WebKitCocoa/EventAttribution.mm:513
>> +    });
> 
> Not sure if this tests enough. Isn't the purpose to verify that the connection is never established? This just verifies that it's dropped, perhaps only eventually.
> 
> Also, failing as timeout isn't always understood to be a legitimate failure in practice.

This is what it looks like at this API level when a connection is never established.  I'll change this to make sure event is always equal to XPC_ERROR_CONNECTION_INTERRUPTED to make sure that nothing else happens.

I agree that it's not great to have the failure mode be a timeout, but I think that's how this test needs to be.
Comment 4 Alex Christensen 2021-10-05 15:50:29 PDT 
Created attachment 440285 [details]
Patch
Comment 5 EWS 2021-10-05 16:47:55 PDT 
Committed r283586 (242544@main): <https://commits.webkit.org/242544@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 440285 [details].
Comment 6 Radar WebKit Bug Importer 2021-10-05 16:48:18 PDT 
<rdar://problem/83910831>