REGRESSION(249649): Unable to open local files in MiniBrowser on macOS
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Oct 2019 20:08:24 +0000 (20:08 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 3 Oct 2019 20:08:24 +0000 (20:08 +0000)
https://bugs.webkit.org/show_bug.cgi?id=201798

Reviewed by Brent Fulgham.

Source/WebKit:

The commit <https://trac.webkit.org/changeset/249649> introduced a MiniBrowser regression on macOS where MiniBrowser
is not able to open local files. The change set r249649 fixed a problem where the WebContent process PID was not ready
to be used when creating a sandbox extension. This happened in the cases where the WebContent process had not finished
launching when the load started. The WebContent process is also creating sandbox extensions for the Networking process
for the files being loaded, and also needs to be passing the audit token of the Networking process when creating these.
This patch implements getting the audit token for the Networking process when the WebProcess is sending a message to
the UI process to establish the Networking process connection. The audit token is stored in the NetworkProcessConnection
object, and passed to the NetworkLoadParameters object when the load is started. Finally, when encoding the Network
resources load parameters, the audit token is used to create an extension for the Networking process.

API test: WKWebView.LoadFileWithLoadRequest

* NetworkProcess/NetworkLoadParameters.h:
* NetworkProcess/NetworkResourceLoadParameters.cpp:
(WebKit::NetworkResourceLoadParameters::encode const):
* Platform/IPC/ArgumentCoders.cpp:
(IPC::ArgumentCoder<audit_token_t>::encode):
(IPC::ArgumentCoder<audit_token_t>::decode):
* Platform/IPC/ArgumentCoders.h:
* Shared/Cocoa/SandboxExtensionCocoa.mm:
(WebKit::SandboxExtensionImpl::create):
(WebKit::SandboxExtensionImpl::sandboxExtensionForType):
(WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
(WebKit::SandboxExtension::createHandleForMachLookupByPid):
(WebKit::SandboxExtension::createHandleForReadByPid):
(WebKit::SandboxExtension::createHandleForReadByAuditToken):
* Shared/SandboxExtension.h:
* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::openNetworkProcessConnection):
* UIProcess/WebProcessProxy.messages.in:
* WebKit.xcodeproj/project.pbxproj:
* WebProcess/Network/NetworkProcessConnection.h:
(WebKit::NetworkProcessConnection::setNetworkProcessAuditToken):
(WebKit::NetworkProcessConnection::networkProcessAuditToken const):
* WebProcess/Network/NetworkProcessConnectionInfo.h: Added.
(WebKit::NetworkProcessConnectionInfo::identifier):
(WebKit::NetworkProcessConnectionInfo::encode const):
(WebKit::NetworkProcessConnectionInfo::decode):
* WebProcess/Network/WebLoaderStrategy.cpp:
(WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
(WebKit::WebLoaderStrategy::loadResourceSynchronously):
(WebKit::WebLoaderStrategy::startPingLoad):
(WebKit::WebLoaderStrategy::preconnectTo):
* WebProcess/WebProcess.cpp:
(WebKit::getNetworkProcessConnection):
(WebKit::WebProcess::ensureNetworkProcessConnection):

Source/WTF:

Add HAVE_AUDIT_TOKEN and SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN defines.

* wtf/Platform.h:

Tools:

Added API test WKWebView.LoadFileWithLoadRequest.

* TestWebKitAPI/Tests/WebKitCocoa/LoadFileURL.mm:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@250673 268f45cc-cd09-0410-ab3c-d52691b4dbfc

18 files changed:
Source/WTF/ChangeLog
Source/WTF/wtf/Platform.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkLoadParameters.h
Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp
Source/WebKit/Platform/IPC/ArgumentCoders.cpp
Source/WebKit/Platform/IPC/ArgumentCoders.h
Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
Source/WebKit/Shared/SandboxExtension.h
Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
Source/WebKit/UIProcess/WebProcessProxy.messages.in
Source/WebKit/WebKit.xcodeproj/project.pbxproj
Source/WebKit/WebProcess/Network/NetworkProcessConnection.h
Source/WebKit/WebProcess/Network/NetworkProcessConnectionInfo.h [new file with mode: 0644]
Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp
Source/WebKit/WebProcess/WebProcess.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadFileURL.mm

index 24b2cda..ca9a2b0 100644 (file)
@@ -1,3 +1,14 @@
+2019-10-03  Per Arne Vollan  <pvollan@apple.com>
+
+        REGRESSION(249649): Unable to open local files in MiniBrowser on macOS
+        https://bugs.webkit.org/show_bug.cgi?id=201798
+
+        Reviewed by Brent Fulgham.
+
+        Add HAVE_AUDIT_TOKEN and SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN defines.
+
+        * wtf/Platform.h:
+
 2019-10-02  Myles C. Maxfield  <mmaxfield@apple.com>
 
         REGRESSION (r245672): <select> dropdown with text-rendering: optimizeLegibility freezes Safari
index 87d6e17..230bfa6 100644 (file)
 #define HAVE_PTHREAD_SETNAME_NP 1
 #define HAVE_READLINE 1
 #define HAVE_SYS_TIMEB_H 1
+#define HAVE_AUDIT_TOKEN 1
 
 #if __has_include(<mach/mach_exc.defs>) && !PLATFORM(GTK)
 #define HAVE_MACH_EXCEPTIONS 1
 #define HAVE_SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_PID 1
 #endif
 
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500)
+#define HAVE_SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN 1
+#endif
+
 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
 #define HAVE_MDNS_FAST_REGISTRATION 1
 #endif
index b996f19..58d2471 100644 (file)
@@ -1,3 +1,57 @@
+2019-10-03  Per Arne Vollan  <pvollan@apple.com>
+
+        REGRESSION(249649): Unable to open local files in MiniBrowser on macOS
+        https://bugs.webkit.org/show_bug.cgi?id=201798
+
+        Reviewed by Brent Fulgham.
+
+        The commit <https://trac.webkit.org/changeset/249649> introduced a MiniBrowser regression on macOS where MiniBrowser
+        is not able to open local files. The change set r249649 fixed a problem where the WebContent process PID was not ready
+        to be used when creating a sandbox extension. This happened in the cases where the WebContent process had not finished
+        launching when the load started. The WebContent process is also creating sandbox extensions for the Networking process
+        for the files being loaded, and also needs to be passing the audit token of the Networking process when creating these.
+        This patch implements getting the audit token for the Networking process when the WebProcess is sending a message to
+        the UI process to establish the Networking process connection. The audit token is stored in the NetworkProcessConnection
+        object, and passed to the NetworkLoadParameters object when the load is started. Finally, when encoding the Network
+        resources load parameters, the audit token is used to create an extension for the Networking process.
+
+        API test: WKWebView.LoadFileWithLoadRequest
+
+        * NetworkProcess/NetworkLoadParameters.h:
+        * NetworkProcess/NetworkResourceLoadParameters.cpp:
+        (WebKit::NetworkResourceLoadParameters::encode const):
+        * Platform/IPC/ArgumentCoders.cpp:
+        (IPC::ArgumentCoder<audit_token_t>::encode):
+        (IPC::ArgumentCoder<audit_token_t>::decode):
+        * Platform/IPC/ArgumentCoders.h:
+        * Shared/Cocoa/SandboxExtensionCocoa.mm:
+        (WebKit::SandboxExtensionImpl::create):
+        (WebKit::SandboxExtensionImpl::sandboxExtensionForType):
+        (WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
+        (WebKit::SandboxExtension::createHandleForMachLookupByPid):
+        (WebKit::SandboxExtension::createHandleForReadByPid):
+        (WebKit::SandboxExtension::createHandleForReadByAuditToken):
+        * Shared/SandboxExtension.h:
+        * UIProcess/Network/NetworkProcessProxy.cpp:
+        (WebKit::NetworkProcessProxy::openNetworkProcessConnection):
+        * UIProcess/WebProcessProxy.messages.in:
+        * WebKit.xcodeproj/project.pbxproj:
+        * WebProcess/Network/NetworkProcessConnection.h:
+        (WebKit::NetworkProcessConnection::setNetworkProcessAuditToken):
+        (WebKit::NetworkProcessConnection::networkProcessAuditToken const):
+        * WebProcess/Network/NetworkProcessConnectionInfo.h: Added.
+        (WebKit::NetworkProcessConnectionInfo::identifier):
+        (WebKit::NetworkProcessConnectionInfo::encode const):
+        (WebKit::NetworkProcessConnectionInfo::decode):
+        * WebProcess/Network/WebLoaderStrategy.cpp:
+        (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess):
+        (WebKit::WebLoaderStrategy::loadResourceSynchronously):
+        (WebKit::WebLoaderStrategy::startPingLoad):
+        (WebKit::WebLoaderStrategy::preconnectTo):
+        * WebProcess/WebProcess.cpp:
+        (WebKit::getNetworkProcessConnection):
+        (WebKit::WebProcess::ensureNetworkProcessConnection):
+
 2019-10-03  Konstantin Tokarev  <annulen@yandex.ru>
 
         CMake-built WebKit.framework should launch XPC services successfully
index 57e0b1e..de74d33 100644 (file)
@@ -46,6 +46,9 @@ public:
     WebCore::FrameIdentifier webFrameID;
     RefPtr<WebCore::SecurityOrigin> topOrigin;
     WTF::ProcessID parentPID { 0 };
+#if HAVE(AUDIT_TOKEN)
+    Optional<audit_token_t> networkProcessAuditToken;
+#endif
     WebCore::ResourceRequest request;
     WebCore::ContentSniffingPolicy contentSniffingPolicy { WebCore::ContentSniffingPolicy::SniffContent };
     WebCore::ContentEncodingSniffingPolicy contentEncodingSniffingPolicy { WebCore::ContentEncodingSniffingPolicy::Sniff };
index 0138563..e28c7d1 100644 (file)
@@ -66,7 +66,14 @@ void NetworkResourceLoadParameters::encode(IPC::Encoder& encoder) const
 
     if (request.url().isLocalFile()) {
         SandboxExtension::Handle requestSandboxExtension;
+#if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)
+        if (networkProcessAuditToken)
+            SandboxExtension::createHandleForReadByAuditToken(request.url().fileSystemPath(), *networkProcessAuditToken, requestSandboxExtension);
+        else
+            SandboxExtension::createHandle(request.url().fileSystemPath(), SandboxExtension::Type::ReadOnly, requestSandboxExtension);
+#else
         SandboxExtension::createHandle(request.url().fileSystemPath(), SandboxExtension::Type::ReadOnly, requestSandboxExtension);
+#endif
         encoder << requestSandboxExtension;
     }
 
index 5907e62..76d2b09 100644 (file)
@@ -188,4 +188,21 @@ bool ArgumentCoder<SHA1::Digest>::decode(Decoder& decoder, SHA1::Digest& digest)
     return decoder.decodeFixedLengthData(digest.data(), sizeof(digest), 1);
 }
 
+#if HAVE(AUDIT_TOKEN)
+void ArgumentCoder<audit_token_t>::encode(Encoder& encoder, const audit_token_t& auditToken)
+{
+    for (unsigned i = 0; i < WTF_ARRAY_LENGTH(auditToken.val); i++)
+        encoder << auditToken.val[i];
+}
+
+bool ArgumentCoder<audit_token_t>::decode(Decoder& decoder, audit_token_t& auditToken)
+{
+    for (unsigned i = 0; i < WTF_ARRAY_LENGTH(auditToken.val); i++) {
+        if (!decoder.decode(auditToken.val[i]))
+            return false;
+    }
+    return true;
+}
+#endif
+
 } // namespace IPC
index e33b0d5..f1ea1ec 100644 (file)
@@ -621,4 +621,11 @@ template<> struct ArgumentCoder<SHA1::Digest> {
     static bool decode(Decoder&, SHA1::Digest&);
 };
 
+#if HAVE(AUDIT_TOKEN)
+template<> struct ArgumentCoder<audit_token_t> {
+    static void encode(Encoder&, const audit_token_t&);
+    static bool decode(Decoder&, audit_token_t&);
+};
+#endif
+
 } // namespace IPC
index 5fc28f6..3e4681c 100644 (file)
@@ -32,6 +32,7 @@
 #import "Decoder.h"
 #import "Encoder.h"
 #import <wtf/FileSystem.h>
+#import <wtf/Variant.h>
 #import <wtf/spi/darwin/SandboxSPI.h>
 #import <wtf/text/CString.h>
 
@@ -40,9 +41,9 @@ namespace WebKit {
 class SandboxExtensionImpl {
     WTF_MAKE_FAST_ALLOCATED;
 public:
-    static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
+    static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<Variant<pid_t, audit_token_t>> processToken = WTF::nullopt)
     {
-        std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, pid) };
+        std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, processToken) };
         if (!impl->m_token)
             return nullptr;
         return impl;
@@ -84,7 +85,7 @@ public:
     }
 
 private:
-    char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
+    char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<Variant<pid_t, audit_token_t>> processToken)
     {
         switch (type) {
         case SandboxExtension::Type::ReadOnly:
@@ -93,27 +94,37 @@ private:
             return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0);
         case SandboxExtension::Type::Mach:
 #if HAVE(SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_PID)
-            return sandbox_extension_issue_mach_to_process_by_pid("com.apple.webkit.extension.mach"_s, path, 0, pid.value());
+            if (!processToken)
+                return nullptr;
+            if (!WTF::holds_alternative<pid_t>(*processToken))
+                return nullptr;
+            return sandbox_extension_issue_mach_to_process_by_pid("com.apple.webkit.extension.mach"_s, path, 0, WTF::get<pid_t>(*processToken));
 #else
-            UNUSED_PARAM(pid);
+            UNUSED_PARAM(processToken);
             ASSERT_NOT_REACHED();
             return nullptr;
 #endif
         case SandboxExtension::Type::Generic:
             return sandbox_extension_issue_generic(path, 0);
-        case SandboxExtension::Type::ReadByPid:
+        case SandboxExtension::Type::ReadByProcess:
 #if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_PID)
-            return sandbox_extension_issue_file_to_process_by_pid(APP_SANDBOX_READ, path, SANDBOX_EXTENSION_USER_INTENT, pid.value());
+            if (!processToken)
+                return nullptr;
+            if (WTF::holds_alternative<pid_t>(*processToken))
+                return sandbox_extension_issue_file_to_process_by_pid(APP_SANDBOX_READ, path, SANDBOX_EXTENSION_USER_INTENT, WTF::get<pid_t>(*processToken));
+            if (WTF::holds_alternative<audit_token_t>(*processToken))
+                return sandbox_extension_issue_file_to_process(APP_SANDBOX_READ, path, SANDBOX_EXTENSION_USER_INTENT, WTF::get<audit_token_t>(*processToken));
+            return nullptr;
 #else
-            UNUSED_PARAM(pid);
+            UNUSED_PARAM(processToken);
             ASSERT_NOT_REACHED();
             return nullptr;
 #endif
         }
     }
 
-    SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<pid_t> pid = WTF::nullopt)
-        : m_token { sandboxExtensionForType(path, type, pid) }
+    SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<Variant<pid_t, audit_token_t>> processToken)
+        : m_token { sandboxExtensionForType(path, type, processToken) }
     {
     }
 
@@ -336,7 +347,8 @@ bool SandboxExtension::createHandleForMachLookupByPid(const String& service, pid
 {
     ASSERT(!handle.m_sandboxExtension);
     
-    handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, pid);
+    Variant<pid_t, audit_token_t> processToken(pid);
+    handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, WTFMove(processToken));
     if (!handle.m_sandboxExtension) {
         WTFLogAlways("Could not create a '%s' sandbox extension", service.utf8().data());
         return false;
@@ -352,7 +364,22 @@ bool SandboxExtension::createHandleForReadByPid(const String& path, ProcessID pi
     if (!pid)
         return false;
 
-    handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), Type::ReadByPid, pid);
+    Variant<pid_t, audit_token_t> processToken(pid);
+    handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), Type::ReadByProcess, WTFMove(processToken));
+    if (!handle.m_sandboxExtension) {
+        WTFLogAlways("Could not create sandbox extension");
+        return false;
+    }
+    
+    return true;
+}
+
+bool SandboxExtension::createHandleForReadByAuditToken(const String& path, audit_token_t auditToken, Handle& handle)
+{
+    ASSERT(!handle.m_sandboxExtension);
+
+    Variant<pid_t, audit_token_t> processToken(auditToken);
+    handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), Type::ReadByProcess, WTFMove(processToken));
     if (!handle.m_sandboxExtension) {
         WTFLogAlways("Could not create sandbox extension");
         return false;
index bae4a56..a1e59a3 100644 (file)
@@ -49,7 +49,7 @@ public:
         ReadWrite,
         Mach,
         Generic,
-        ReadByPid
+        ReadByProcess
     };
 
     class Handle {
@@ -106,6 +106,9 @@ public:
     static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
     static bool createHandleForMachLookupByPid(const String& service, ProcessID, Handle&);
     static bool createHandleForReadByPid(const String& path, ProcessID, Handle&);
+#if HAVE(AUDIT_TOKEN)
+    static bool createHandleForReadByAuditToken(const String& path, audit_token_t, Handle&);
+#endif
     ~SandboxExtension();
 
     bool consume();
index 3830b25..2773a06 100644 (file)
@@ -36,6 +36,7 @@
 #endif
 #include "Logging.h"
 #include "NetworkContentRuleListManagerMessages.h"
+#include "NetworkProcessConnectionInfo.h"
 #include "NetworkProcessCreationParameters.h"
 #include "NetworkProcessMessages.h"
 #include "SandboxExtension.h"
@@ -158,10 +159,10 @@ void NetworkProcessProxy::openNetworkProcessConnection(uint64_t connectionReques
         auto request = m_connectionRequests.take(connectionRequestIdentifier);
 
 #if USE(UNIX_DOMAIN_SOCKETS) || OS(WINDOWS)
-        request.reply(*connectionIdentifier);
+        request.reply(NetworkProcessConnectionInfo { WTFMove(*connectionIdentifier) });
 #elif OS(DARWIN)
         MESSAGE_CHECK(MACH_PORT_VALID(connectionIdentifier->port()));
-        request.reply(IPC::Attachment { connectionIdentifier->port(), MACH_MSG_TYPE_MOVE_SEND });
+        request.reply(NetworkProcessConnectionInfo { IPC::Attachment { connectionIdentifier->port(), MACH_MSG_TYPE_MOVE_SEND }, connection()->getAuditToken() });
 #else
         notImplemented();
 #endif
index e37782e..d0ab943 100644 (file)
@@ -36,7 +36,7 @@ messages -> WebProcessProxy LegacyReceiver {
     GetPlugins(bool refresh) -> (Vector<WebCore::PluginInfo> plugins, Vector<WebCore::PluginInfo> applicationPlugins, struct Optional<Vector<WebCore::SupportedPluginIdentifier>> supportedPluginIdentifiers) Synchronous
     GetPluginProcessConnection(uint64_t pluginProcessToken) -> (IPC::Attachment connectionHandle, bool supportsAsynchronousInitialization) Synchronous
 #endif
-    GetNetworkProcessConnection() -> (IPC::Attachment connectionHandle) Synchronous
+    GetNetworkProcessConnection() -> (struct WebKit::NetworkProcessConnectionInfo connectionInfo) Synchronous
     ProcessReadyToSuspend()
     DidCancelProcessSuspension()
 
index 68751f9..ebf6f07 100644 (file)
                E1E552C316AE065E004ED653 /* SandboxInitializationParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SandboxInitializationParameters.h; sourceTree = "<group>"; };
                E1EE53DC11F8CF9F00CCBEE4 /* InjectedBundlePageEditorClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InjectedBundlePageEditorClient.h; sourceTree = "<group>"; };
                E1EE53E611F8CFFB00CCBEE4 /* InjectedBundlePageEditorClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = InjectedBundlePageEditorClient.cpp; sourceTree = "<group>"; };
+               E3439B632345463A0011DE0B /* NetworkProcessConnectionInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = NetworkProcessConnectionInfo.h; path = Network/NetworkProcessConnectionInfo.h; sourceTree = "<group>"; };
                E404907021DE65F70037F0DB /* ScrollerPairMac.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScrollerPairMac.h; sourceTree = "<group>"; };
                E404907121DE65F70037F0DB /* ScrollingTreeFrameScrollingNodeRemoteMac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ScrollingTreeFrameScrollingNodeRemoteMac.cpp; sourceTree = "<group>"; };
                E404907221DE65F70037F0DB /* ScrollerPairMac.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ScrollerPairMac.mm; sourceTree = "<group>"; };
                                5105B0D4162F7A7A00E27709 /* NetworkProcessConnection.cpp */,
                                5105B0D5162F7A7A00E27709 /* NetworkProcessConnection.h */,
                                51FB0902163A3B1C00EC324A /* NetworkProcessConnection.messages.in */,
+                               E3439B632345463A0011DE0B /* NetworkProcessConnectionInfo.h */,
                                51ABF65616392F1500132A7A /* WebLoaderStrategy.cpp */,
                                51ABF65716392F1500132A7A /* WebLoaderStrategy.h */,
                                A5860E6F230F67DE00461AAE /* WebResourceInterceptController.cpp */,
index 2554651..817e445 100644 (file)
@@ -76,6 +76,11 @@ public:
     WebSWClientConnection& serviceWorkerConnection();
 #endif
 
+#if HAVE(AUDIT_TOKEN)
+    void setNetworkProcessAuditToken(Optional<audit_token_t> auditToken) { m_networkProcessAuditToken = auditToken; }
+    Optional<audit_token_t> networkProcessAuditToken() const { return m_networkProcessAuditToken; }
+#endif
+
 private:
     NetworkProcessConnection(IPC::Connection::Identifier);
 
@@ -99,6 +104,9 @@ private:
 
     // The connection from the web process to the network process.
     Ref<IPC::Connection> m_connection;
+#if HAVE(AUDIT_TOKEN)
+    Optional<audit_token_t> m_networkProcessAuditToken;
+#endif
 
 #if ENABLE(INDEXED_DATABASE)
     RefPtr<WebIDBConnectionToServer> m_webIDBConnection;
diff --git a/Source/WebKit/WebProcess/Network/NetworkProcessConnectionInfo.h b/Source/WebKit/WebProcess/Network/NetworkProcessConnectionInfo.h
new file mode 100644 (file)
index 0000000..b199505
--- /dev/null
@@ -0,0 +1,70 @@
+/*
+* Copyright (C) 2019 Apple Inc. All rights reserved.
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+* 1. Redistributions of source code must retain the above copyright
+*    notice, this list of conditions and the following disclaimer.
+* 2. Redistributions in binary form must reproduce the above copyright
+*    notice, this list of conditions and the following disclaimer in the
+*    documentation and/or other materials provided with the distribution.
+*
+* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+* THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#pragma once
+
+namespace WebKit {
+
+struct NetworkProcessConnectionInfo {
+    IPC::Attachment connection;
+#if HAVE(AUDIT_TOKEN)
+    Optional<audit_token_t> auditToken;
+#endif
+
+    IPC::Connection::Identifier identifier()
+    {
+#if USE(UNIX_DOMAIN_SOCKETS)
+        return IPC::Connection::Identifier(connection.fileDescriptor());
+#elif OS(DARWIN)
+        return IPC::Connection::Identifier(connection.port());
+#elif OS(WINDOWS)
+        return IPC::Connection::Identifier(connection.handle());
+#else
+        ASSERT_NOT_REACHED();
+        return IPC::Connection::Identifier();
+#endif
+    }
+    
+    void encode(IPC::Encoder& encoder) const
+    {
+        encoder << connection;
+#if HAVE(AUDIT_TOKEN)
+        encoder << auditToken;
+#endif
+    }
+    
+    static bool decode(IPC::Decoder& decoder, NetworkProcessConnectionInfo& info)
+    {
+        if (!decoder.decode(info.connection))
+            return false;
+#if HAVE(AUDIT_TOKEN)
+        if (!decoder.decode(info.auditToken))
+            return false;
+#endif
+        return true;
+    }
+};
+
+};
index 0e52ea2..afa3c72 100644 (file)
@@ -286,6 +286,9 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL
     loadParameters.webPageID = trackingParameters.pageID;
     loadParameters.webFrameID = trackingParameters.frameID;
     loadParameters.parentPID = presentingApplicationPID();
+#if HAVE(AUDIT_TOKEN)
+    loadParameters.networkProcessAuditToken = WebProcess::singleton().ensureNetworkProcessConnection().networkProcessAuditToken();
+#endif
     loadParameters.request = request;
     loadParameters.contentSniffingPolicy = contentSniffingPolicy;
     loadParameters.contentEncodingSniffingPolicy = contentEncodingSniffingPolicy;
@@ -561,6 +564,9 @@ void WebLoaderStrategy::loadResourceSynchronously(FrameLoader& frameLoader, unsi
     loadParameters.webPageID = pageID;
     loadParameters.webFrameID = frameID;
     loadParameters.parentPID = presentingApplicationPID();
+#if HAVE(AUDIT_TOKEN)
+    loadParameters.networkProcessAuditToken = WebProcess::singleton().ensureNetworkProcessConnection().networkProcessAuditToken();
+#endif
     loadParameters.request = request;
     loadParameters.contentSniffingPolicy = ContentSniffingPolicy::SniffContent;
     loadParameters.contentEncodingSniffingPolicy = ContentEncodingSniffingPolicy::Sniff;
@@ -630,6 +636,9 @@ void WebLoaderStrategy::startPingLoad(Frame& frame, ResourceRequest& request, co
     loadParameters.sourceOrigin = &document->securityOrigin();
     loadParameters.topOrigin = &document->topOrigin();
     loadParameters.parentPID = presentingApplicationPID();
+#if HAVE(AUDIT_TOKEN)
+    loadParameters.networkProcessAuditToken = WebProcess::singleton().ensureNetworkProcessConnection().networkProcessAuditToken();
+#endif
     loadParameters.storedCredentialsPolicy = options.credentials == FetchOptions::Credentials::Omit ? StoredCredentialsPolicy::DoNotUse : StoredCredentialsPolicy::Use;
     loadParameters.options = options;
     loadParameters.originalRequestHeaders = originalRequestHeaders;
@@ -690,6 +699,9 @@ void WebLoaderStrategy::preconnectTo(FrameLoader& frameLoader, const URL& url, S
     parameters.webPageID = webPage->identifier();
     parameters.webFrameID = webFrame->frameID();
     parameters.parentPID = presentingApplicationPID();
+#if HAVE(AUDIT_TOKEN)
+    parameters.networkProcessAuditToken = WebProcess::singleton().ensureNetworkProcessConnection().networkProcessAuditToken();
+#endif
     parameters.storedCredentialsPolicy = storedCredentialsPolicy;
     parameters.shouldPreconnectOnly = PreconnectOnly::Yes;
     parameters.shouldRestrictHTTPResponseAccess = shouldPerformSecurityChecks();
index ed18492..f7b2cb6 100644 (file)
@@ -38,6 +38,7 @@
 #include "Logging.h"
 #include "NetworkConnectionToWebProcessMessages.h"
 #include "NetworkProcessConnection.h"
+#include "NetworkProcessConnectionInfo.h"
 #include "NetworkSession.h"
 #include "NetworkSessionCreationParameters.h"
 #include "PluginProcessConnectionManager.h"
@@ -1137,10 +1138,10 @@ void WebProcess::setInjectedBundleParameters(const IPC::DataReference& value)
     injectedBundle->setBundleParameters(value);
 }
 
-static IPC::Connection::Identifier getNetworkProcessConnection(IPC::Connection& connection)
+static NetworkProcessConnectionInfo getNetworkProcessConnection(IPC::Connection& connection)
 {
-    IPC::Attachment encodedConnectionIdentifier;
-    if (!connection.sendSync(Messages::WebProcessProxy::GetNetworkProcessConnection(), Messages::WebProcessProxy::GetNetworkProcessConnection::Reply(encodedConnectionIdentifier), 0)) {
+    NetworkProcessConnectionInfo connectionInfo;
+    if (!connection.sendSync(Messages::WebProcessProxy::GetNetworkProcessConnection(), Messages::WebProcessProxy::GetNetworkProcessConnection::Reply(connectionInfo), 0)) {
 #if PLATFORM(GTK) || PLATFORM(WPE)
         // GTK+ and WPE ports don't exit on send sync message failure.
         // In this particular case, the network process can be terminated by the UI process while the
@@ -1153,16 +1154,7 @@ static IPC::Connection::Identifier getNetworkProcessConnection(IPC::Connection&
 #endif
     }
 
-#if USE(UNIX_DOMAIN_SOCKETS)
-    return encodedConnectionIdentifier.releaseFileDescriptor();
-#elif OS(DARWIN)
-    return encodedConnectionIdentifier.port();
-#elif OS(WINDOWS)
-    return encodedConnectionIdentifier.handle();
-#else
-    ASSERT_NOT_REACHED();
-    return IPC::Connection::Identifier();
-#endif
+    return connectionInfo;
 }
 
 NetworkProcessConnection& WebProcess::ensureNetworkProcessConnection()
@@ -1172,17 +1164,20 @@ NetworkProcessConnection& WebProcess::ensureNetworkProcessConnection()
 
     // If we've lost our connection to the network process (e.g. it crashed) try to re-establish it.
     if (!m_networkProcessConnection) {
-        IPC::Connection::Identifier connectionIdentifier = getNetworkProcessConnection(*parentProcessConnection());
+        auto connectionInfo = getNetworkProcessConnection(*parentProcessConnection());
 
         // Retry once if the IPC to get the connectionIdentifier succeeded but the connectionIdentifier we received
         // is invalid. This may indicate that the network process has crashed.
-        if (!IPC::Connection::identifierIsValid(connectionIdentifier))
-            connectionIdentifier = getNetworkProcessConnection(*parentProcessConnection());
+        if (!IPC::Connection::identifierIsValid(connectionInfo.identifier()))
+            connectionInfo = getNetworkProcessConnection(*parentProcessConnection());
 
-        if (!IPC::Connection::identifierIsValid(connectionIdentifier))
+        if (!IPC::Connection::identifierIsValid(connectionInfo.identifier()))
             CRASH();
 
-        m_networkProcessConnection = NetworkProcessConnection::create(connectionIdentifier);
+        m_networkProcessConnection = NetworkProcessConnection::create(connectionInfo.identifier());
+#if HAVE(AUDIT_TOKEN)
+        m_networkProcessConnection->setNetworkProcessAuditToken(WTFMove(connectionInfo.auditToken));
+#endif
     }
     
     return *m_networkProcessConnection;
index 2381e05..00e8cf3 100644 (file)
@@ -1,3 +1,14 @@
+2019-10-03  Per Arne Vollan  <pvollan@apple.com>
+
+        REGRESSION(249649): Unable to open local files in MiniBrowser on macOS
+        https://bugs.webkit.org/show_bug.cgi?id=201798
+
+        Reviewed by Brent Fulgham.
+
+        Added API test WKWebView.LoadFileWithLoadRequest.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/LoadFileURL.mm:
+
 2019-10-03  Jonathan Bedard  <jbedard@apple.com>
 
         Add myself to various tools watchlists
index 64a33ce..095fc4c 100644 (file)
 #import <WebKit/WebViewPrivate.h>
 #import <wtf/RetainPtr.h>
 
+TEST(WKWebView, LoadFileWithLoadRequest)
+{
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600)]);
+
+    auto delegate = adoptNS([[TestNavigationDelegate alloc] init]);
+    [webView setNavigationDelegate:delegate.get()];
+
+    NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+    [webView loadRequest:request];
+    [delegate waitForDidFinishNavigation];
+}
 
 TEST(WKWebView, LoadTwoFiles)
 {