Unreviewed, rolling out r248440.
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 15 Aug 2019 18:02:34 +0000 (18:02 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 15 Aug 2019 18:02:34 +0000 (18:02 +0000)
https://bugs.webkit.org/show_bug.cgi?id=200772

Introduced regressions related to loading of local files.
(Requested by perarne on #webkit).

Reverted changeset:

"[Mac] Use the PID of the WebContent process when issuing
local file read sandbox extensions"
https://bugs.webkit.org/show_bug.cgi?id=200543
https://trac.webkit.org/changeset/248440

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248731 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WTF/ChangeLog
Source/WTF/wtf/Platform.h
Source/WTF/wtf/spi/darwin/SandboxSPI.h
Source/WebKit/ChangeLog
Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
Source/WebKit/Shared/SandboxExtension.h
Source/WebKit/UIProcess/WebPageProxy.cpp

index d28f5f3..a383ddb 100644 (file)
@@ -1,3 +1,18 @@
+2019-08-15  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r248440.
+        https://bugs.webkit.org/show_bug.cgi?id=200772
+
+        Introduced regressions related to loading of local files.
+        (Requested by perarne on #webkit).
+
+        Reverted changeset:
+
+        "[Mac] Use the PID of the WebContent process when issuing
+        local file read sandbox extensions"
+        https://bugs.webkit.org/show_bug.cgi?id=200543
+        https://trac.webkit.org/changeset/248440
+
 2019-08-14  Kate Cheney  <katherine_cheney@apple.com>
 
         FileSystem::deleteFile should log error status (178347)
index 138e970..a6dd782 100644 (file)
 #define HAVE_SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_PID 1
 #endif
 
-#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
-#define HAVE_SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_PID 1
-#endif
-
 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || (PLATFORM(IOS_FAMILY) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 130000)
 #define HAVE_MDNS_FAST_REGISTRATION 1
 #endif
index 2603066..f58f5aa 100644 (file)
@@ -61,7 +61,6 @@ extern const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT;
 char *sandbox_extension_issue_file(const char *extension_class, const char *path, uint32_t flags);
 char *sandbox_extension_issue_generic(const char *extension_class, uint32_t flags);
 char *sandbox_extension_issue_mach_to_process_by_pid(const char *extension_class, const char *name, uint32_t flags, pid_t);
-char *sandbox_extension_issue_file_to_process_by_pid(const char *extension_class, const char *path, uint32_t flags, pid_t);
 int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...);
 int sandbox_check_by_audit_token(audit_token_t, const char *operation, enum sandbox_filter_type, ...);
 int sandbox_container_path_for_pid(pid_t, char *buffer, size_t bufsize);
index d14dc39..4a513b2 100644 (file)
@@ -1,3 +1,18 @@
+2019-08-15  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r248440.
+        https://bugs.webkit.org/show_bug.cgi?id=200772
+
+        Introduced regressions related to loading of local files.
+        (Requested by perarne on #webkit).
+
+        Reverted changeset:
+
+        "[Mac] Use the PID of the WebContent process when issuing
+        local file read sandbox extensions"
+        https://bugs.webkit.org/show_bug.cgi?id=200543
+        https://trac.webkit.org/changeset/248440
+
 2019-08-15  Alex Christensen  <achristensen@webkit.org>
 
         WKUIDelegate's webView:contextMenuDidEndForElement: should be called when context menus end
index 56a783a..7b6d52b 100644 (file)
@@ -100,14 +100,6 @@ private:
 #endif
         case SandboxExtension::Type::Generic:
             return sandbox_extension_issue_generic(path, 0);
-        case SandboxExtension::Type::ReadByPid:
-#if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_PID)
-            return sandbox_extension_issue_file_to_process_by_pid(APP_SANDBOX_READ, path, 0, pid.value());
-#else
-            UNUSED_PARAM(pid);
-            ASSERT_NOT_REACHED();
-            return nullptr;
-#endif
         }
     }
 
@@ -344,19 +336,6 @@ bool SandboxExtension::createHandleForMachLookupByPid(const String& service, pid
     return true;
 }
 
-bool SandboxExtension::createHandleForReadByPid(const String& path, ProcessID pid, Handle& handle)
-{
-    ASSERT(!handle.m_sandboxExtension);
-    
-    handle.m_sandboxExtension = SandboxExtensionImpl::create(path.utf8().data(), Type::ReadByPid, pid);
-    if (!handle.m_sandboxExtension) {
-        WTFLogAlways("Could not create a '%s' sandbox extension", path.utf8().data());
-        return false;
-    }
-    
-    return true;
-}
-
 SandboxExtension::SandboxExtension(const Handle& handle)
     : m_sandboxExtension(WTFMove(handle.m_sandboxExtension))
 {
index bae4a56..693bd70 100644 (file)
@@ -49,7 +49,6 @@ public:
         ReadWrite,
         Mach,
         Generic,
-        ReadByPid
     };
 
     class Handle {
@@ -105,7 +104,6 @@ public:
     static String createHandleForTemporaryFile(const String& prefix, Type, Handle&);
     static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
     static bool createHandleForMachLookupByPid(const String& service, ProcessID, Handle&);
-    static bool createHandleForReadByPid(const String& path, ProcessID, Handle&);
     ~SandboxExtension();
 
     bool consume();
index d2f9a88..485b31d 100644 (file)
@@ -1076,11 +1076,7 @@ void WebPageProxy::maybeInitializeSandboxExtensionHandle(WebProcessProxy& proces
     // Inspector resources are in a directory with assumed access.
     ASSERT_WITH_SECURITY_IMPLICATION(!WebKit::isInspectorPage(*this));
 
-#if PLATFORM(MAC) && HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_PID)
-    if (SandboxExtension::createHandleForReadByPid("/", processIdentifier(), sandboxExtensionHandle)) {
-#else
     if (SandboxExtension::createHandle("/", SandboxExtension::Type::ReadOnly, sandboxExtensionHandle)) {
-#endif
         willAcquireUniversalFileReadSandboxExtension(process);
         return;
     }
@@ -1093,13 +1089,7 @@ void WebPageProxy::maybeInitializeSandboxExtensionHandle(WebProcessProxy& proces
     // We failed to issue an universal file read access sandbox, fall back to issuing one for the base URL instead.
     auto baseURL = URL(URL(), url.baseAsString());
     auto basePath = baseURL.fileSystemPath();
-    if (basePath.isNull())
-        return;
-#if PLATFORM(MAC) && HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_PID)
-    if (SandboxExtension::createHandleForReadByPid(basePath, processIdentifier(), sandboxExtensionHandle))
-#else
-    if (SandboxExtension::createHandle(basePath, SandboxExtension::Type::ReadOnly, sandboxExtensionHandle))
-#endif
+    if (!basePath.isNull() && SandboxExtension::createHandle(basePath, SandboxExtension::Type::ReadOnly, sandboxExtensionHandle))
         m_process->assumeReadAccessToBaseURL(*this, baseURL);
 }