RESOLVED FIXED 237717
[macOS] Image decoders should be restricted for Mail 
https://bugs.webkit.org/show_bug.cgi?id=237717
Summary [macOS] Image decoders should be restricted for Mail
Per Arne Vollan
Reported 2022-03-10 08:55:27 PST
We already restrict image decoders for Mail on iOS. We should do so on macOS too.
Attachments
Patch (5.21 KB, patch)
2022-03-10 09:01 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (17.09 KB, patch)
2022-03-10 13:48 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (10.41 KB, patch)
2022-03-10 14:10 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (2.28 KB, patch)
2022-03-11 14:58 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2022-03-10 08:57:19 PST
<rdar://89827733>
Per Arne Vollan
Comment 2 2022-03-10 09:01:21 PST
Created attachment 454367 [details] Patch
Per Arne Vollan
Comment 3 2022-03-10 13:48:17 PST
Created attachment 454396 [details] Patch
Per Arne Vollan
Comment 4 2022-03-10 14:10:45 PST
Created attachment 454398 [details] Patch
Geoffrey Garen
Comment 5 2022-03-10 14:57:27 PST
Comment on attachment 454398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=454398&action=review r=me > Source/WebCore/platform/graphics/cg/ImageDecoderCG.h:78 > + static bool m_enableRestrictedDecoding; For static variables, we use the "s_" prefix. "m_" for "member", "s_" for "static". > Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:450 > + if (auto trustdExtensionHandle = SandboxExtension::createHandleForMachLookup("com.apple.trustd.agent"_s, std::nullopt)) > + parameters.trustdExtensionHandle = WTFMove(*trustdExtensionHandle); In a follow-up, it would be nice to disconnect Mail from trustd.
Per Arne Vollan
Comment 6 2022-03-10 15:32:26 PST
(In reply to Geoffrey Garen from comment #5) > Comment on attachment 454398 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=454398&action=review > > r=me > > > Source/WebCore/platform/graphics/cg/ImageDecoderCG.h:78 > > + static bool m_enableRestrictedDecoding; > > For static variables, we use the "s_" prefix. "m_" for "member", "s_" for > "static". > Will fix! > > Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:450 > > + if (auto trustdExtensionHandle = SandboxExtension::createHandleForMachLookup("com.apple.trustd.agent"_s, std::nullopt)) > > + parameters.trustdExtensionHandle = WTFMove(*trustdExtensionHandle); > > In a follow-up, it would be nice to disconnect Mail from trustd. That is a good point, I will follow up on this. Thanks for reviewing!
EWS
Comment 7 2022-03-11 14:14:45 PST
Committed r291190 (248346@main): <https://commits.webkit.org/248346@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 454398 [details].
Per Arne Vollan
Comment 8 2022-03-11 14:58:29 PST
Reopening to attach new patch.
Per Arne Vollan
Comment 9 2022-03-11 14:58:30 PST
Created attachment 454514 [details] Patch
EWS
Comment 10 2022-03-11 19:17:07 PST
Committed r291204 (248359@main): <https://commits.webkit.org/248359@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 454514 [details].
Tim Horton
Comment 11 2022-03-28 13:38:37 PDT
Comment on attachment 454398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=454398&action=review > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:295 > +#if USE(APPLE_INTERNAL_SDK) I know this was preexisting, but it's generally wrong for code to be guarded by USE(APPLE_INTERNAL_SDK); you should use SPI headers (which can be guarded by USE(APPLE_INTERNAL_SDK)) to run the same code in non-internal-SDK builds... is there a reason this code doesn't behave like the rest?
Per Arne Vollan
Comment 12 2022-03-28 15:36:34 PDT
(In reply to Tim Horton from comment #11) > Comment on attachment 454398 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=454398&action=review > > > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:295 > > +#if USE(APPLE_INTERNAL_SDK) > > I know this was preexisting, but it's generally wrong for code to be guarded > by USE(APPLE_INTERNAL_SDK); you should use SPI headers (which can be guarded > by USE(APPLE_INTERNAL_SDK)) to run the same code in non-internal-SDK > builds... is there a reason this code doesn't behave like the rest? That is a good point. This should behave like the rest. I have filed a bug report to address this. Thanks for reviewing!
Note You need to log in before you can comment on or make changes to this bug.