[macOS] Block coreservicesd in sandbox.
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Feb 2019 00:02:49 +0000 (00:02 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 8 Feb 2019 00:02:49 +0000 (00:02 +0000)
commit3ea34560a58650c480c0b1733f032a049fbe1ca4
tree2ff8579e627730cc5104d398b7f87347a3fa128c
parent2fd57c032612323b602f11b70335de6f836b6025
[macOS] Block coreservicesd in sandbox.
https://bugs.webkit.org/show_bug.cgi?id=192670

Reviewed by Alexey Proskuryakov.

Source/WebKit:

We should block CoreServices in newer versions of macOS. In order to achieve this we need to avoid calling
_RegisterApplication before entering the sandbox, since this call will open up a connection to CoreServices.
The call to _RegisterApplication is moved to ChildProcess::updateProcessName, since it is needed to
successfully update the process name. The call to ChildProcess::updateProcessName is made after entering
the sandbox.

* Shared/AuxiliaryProcess.cpp:
(WebKit::AuxiliaryProcess::initialize):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::initializeProcessName):
(WebKit::WebProcess::platformInitializeProcess):
* WebProcess/com.apple.WebProcess.sb.in:

Source/WTF:

Add HAVE_CSCHECKFIXDISABLE define.

* wtf/Platform.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241169 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WTF/ChangeLog
Source/WTF/wtf/Platform.h
Source/WebKit/ChangeLog
Source/WebKit/Shared/AuxiliaryProcess.cpp
Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
Source/WebKit/WebProcess/com.apple.WebProcess.sb.in