Use audit_token_t instead of pid_t for checking sandbox of other processes
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 8 Apr 2017 00:24:58 +0000 (00:24 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 8 Apr 2017 00:24:58 +0000 (00:24 +0000)
commit367329c192ec1ccf9d8484ab33c8562144a6db2f
treeb4f94a5d11b0710a557bf7199ac0fed0dda553c6
parenta94ead0656103f26890f28f50e82bc48271ca0e7
Use audit_token_t instead of pid_t for checking sandbox of other processes
https://bugs.webkit.org/show_bug.cgi?id=170616
<rdar://problem/31158189>

Patch by Alex Christensen <achristensen@webkit.org> on 2017-04-07
Reviewed by Daniel Bates.

Source/WebKit2:

pid's can be reused, so it's theoretically unsafe to use the pid of another process to check whether it's sandboxed.
Use an audit_token_t instead to be more sure that we are not mistakenly checking a new process that has reused the
old process's pid. For the current process, though, we have no xpc_connection_t to the process because we are the process.

* PluginProcess/mac/PluginProcessMac.mm:
(WebKit::PluginProcess::initializeSandbox):
* Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:
(WebKit::XPCServiceInitializerDelegate::isClientSandboxed):
* Shared/mac/SandboxUtilities.h:
* Shared/mac/SandboxUtilities.mm:
(WebKit::currentProcessIsSandboxed):
(WebKit::connectedProcessIsSandboxed):
(WebKit::processIsSandboxed): Deleted.
* UIProcess/Cocoa/WebProcessProxyCocoa.mm:
(WebKit::WebProcessProxy::platformIsBeingDebugged):
* UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
(WebKit::PluginInfoStore::shouldUsePlugin):
* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::platformGetLaunchOptions):

Source/WTF:

* wtf/spi/darwin/SandboxSPI.h:
Declare more SPI.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@215132 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WTF/ChangeLog
Source/WTF/wtf/spi/darwin/SandboxSPI.h
Source/WebKit2/ChangeLog
Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm
Source/WebKit2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm
Source/WebKit2/Shared/mac/SandboxUtilities.h
Source/WebKit2/Shared/mac/SandboxUtilities.mm
Source/WebKit2/UIProcess/Cocoa/WebProcessProxyCocoa.mm
Source/WebKit2/UIProcess/Plugins/mac/PluginInfoStoreMac.mm
Source/WebKit2/UIProcess/Plugins/mac/PluginProcessProxyMac.mm