[macOS] Connections to the preference daemon are established before entering the...
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 Jun 2020 22:18:55 +0000 (22:18 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 30 Jun 2020 22:18:55 +0000 (22:18 +0000)
https://bugs.webkit.org/show_bug.cgi?id=213379

Reviewed by Darin Adler.

Source/WebCore/PAL:

Use correct parameter types in _CFPrefsSetDirectModeEnabled and _CFPrefsSetReadOnly, and move
_CFPrefsSetDirectModeEnabled inside an Objective-C guard, since BOOL only seems to be a builtin
type in Objective-C.

* pal/spi/cf/CFUtilitiesSPI.h:

Source/WebKit:

On macOS, connections to the preference daemon are established before entering the sandbox. These connections also persist
after entering the sandbox and denying access to the preference daemon. There should not be attempts to connect to the
preference daemon before entering the sandbox, since these attempts will not be stopped by the sandbox. This patch moves
code that connects to the preference daemon to be executed after the sandbox has been entered. That includes code to
prevent connections to the Dock and code to initialize WebKit logging. Also, instead of calling [NSBundle bundleForClass:],
call [NSBundle bundleWithIdentifier:], since calling [NSBundle bundleForClass:] will connect to the preference daemon.
Finally, allow the syscall SYS_gethostuuid, since that is needed by CoreFoundation when there is no access to the
preference daemon.

No new tests. This should be covered by existing tests. It would be nice to have a test to make sure that there are no
connections to the preference daemon just before entering the sandbox, but I am not aware of how to implement this.

* NetworkProcess/mac/NetworkProcessMac.mm:
(WebKit::NetworkProcess::initializeSandbox):
* Shared/AuxiliaryProcess.cpp:
(WebKit::AuxiliaryProcess::initialize):
* Shared/Cocoa/WebKit2InitializeCocoa.mm:
(WebKit::runInitializationCode):
* Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
(WebKit::XPCServiceMain):
* Shared/mac/AuxiliaryProcessMac.mm:
(WebKit::webKit2Bundle):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
(WebKit::WebProcess::initializeSandbox):
* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@263773 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/PAL/ChangeLog
Source/WebCore/PAL/pal/spi/cf/CFUtilitiesSPI.h
Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/mac/NetworkProcessMac.mm
Source/WebKit/Shared/AuxiliaryProcess.cpp
Source/WebKit/Shared/Cocoa/WebKit2InitializeCocoa.mm
Source/WebKit/Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm
Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm
Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

index 9644328..c3580e2 100644 (file)
@@ -1,3 +1,16 @@
+2020-06-30  Per Arne Vollan  <pvollan@apple.com>
+
+        [macOS] Connections to the preference daemon are established before entering the sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=213379
+
+        Reviewed by Darin Adler.
+
+        Use correct parameter types in _CFPrefsSetDirectModeEnabled and _CFPrefsSetReadOnly, and move
+        _CFPrefsSetDirectModeEnabled inside an Objective-C guard, since BOOL only seems to be a builtin
+        type in Objective-C.
+
+        * pal/spi/cf/CFUtilitiesSPI.h:
+
 2020-06-30  Peng Liu  <peng.liu6@apple.com>
 
         Enable the support of FULLSCREEN_API in WebKitTestRunner
index 9b76fc4..45888c3 100644 (file)
@@ -58,7 +58,9 @@ CFDictionaryRef _CFWebServicesCopyProviderInfo(CFStringRef serviceType, Boolean*
 
 void __CFRunLoopSetOptionsReason(__CFRunLoopOptions opts, CFStringRef reason);
 
-void _CFPrefsSetDirectModeEnabled(bool enabled);
-void _CFPrefsSetReadOnly(bool flag);
+#ifdef __OBJC__
+void _CFPrefsSetDirectModeEnabled(BOOL enabled);
+#endif
+void _CFPrefsSetReadOnly(Boolean flag);
 
 WTF_EXTERN_C_END
index c9786e0..479097a 100644 (file)
@@ -1,3 +1,37 @@
+2020-06-30  Per Arne Vollan  <pvollan@apple.com>
+
+        [macOS] Connections to the preference daemon are established before entering the sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=213379
+
+        Reviewed by Darin Adler.
+
+        On macOS, connections to the preference daemon are established before entering the sandbox. These connections also persist
+        after entering the sandbox and denying access to the preference daemon. There should not be attempts to connect to the
+        preference daemon before entering the sandbox, since these attempts will not be stopped by the sandbox. This patch moves
+        code that connects to the preference daemon to be executed after the sandbox has been entered. That includes code to
+        prevent connections to the Dock and code to initialize WebKit logging. Also, instead of calling [NSBundle bundleForClass:],
+        call [NSBundle bundleWithIdentifier:], since calling [NSBundle bundleForClass:] will connect to the preference daemon.
+        Finally, allow the syscall SYS_gethostuuid, since that is needed by CoreFoundation when there is no access to the
+        preference daemon.
+
+        No new tests. This should be covered by existing tests. It would be nice to have a test to make sure that there are no
+        connections to the preference daemon just before entering the sandbox, but I am not aware of how to implement this.
+
+        * NetworkProcess/mac/NetworkProcessMac.mm:
+        (WebKit::NetworkProcess::initializeSandbox):
+        * Shared/AuxiliaryProcess.cpp:
+        (WebKit::AuxiliaryProcess::initialize):
+        * Shared/Cocoa/WebKit2InitializeCocoa.mm:
+        (WebKit::runInitializationCode):
+        * Shared/EntryPointUtilities/Cocoa/XPCService/XPCServiceMain.mm:
+        (WebKit::XPCServiceMain):
+        * Shared/mac/AuxiliaryProcessMac.mm:
+        (WebKit::webKit2Bundle):
+        * WebProcess/cocoa/WebProcessCocoa.mm:
+        (WebKit::WebProcess::platformInitializeWebProcess):
+        (WebKit::WebProcess::initializeSandbox):
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2020-06-30  Brent Fulgham  <bfulgham@apple.com>
 
         Partially revert r257135 now that the underlying bug is resolved
index ce58268..b5e0d1a 100644 (file)
@@ -87,9 +87,9 @@ void NetworkProcess::allowSpecificHTTPSCertificateForHost(const CertificateInfo&
 void NetworkProcess::initializeSandbox(const AuxiliaryProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
 {
     // Need to overide the default, because service has a different bundle ID.
-    NSBundle *webKit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];
+    auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
 
-    sandboxParameters.setOverrideSandboxProfilePath([webKit2Bundle pathForResource:@"com.apple.WebKit.NetworkProcess" ofType:@"sb"]);
+    sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebKit.NetworkProcess.sb"));
 
     AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
 }
index 26d66dd..c46cb06 100644 (file)
 #include "AuxiliaryProcess.h"
 
 #include "ContentWorldShared.h"
+#include "LogInitialization.h"
 #include "Logging.h"
 #include "SandboxInitializationParameters.h"
+#include <WebCore/LogInitialization.h>
 #include <pal/SessionID.h>
 
 #if !OS(WINDOWS)
@@ -76,6 +78,11 @@ void AuxiliaryProcess::initialize(const AuxiliaryProcessInitializationParameters
     SandboxInitializationParameters sandboxParameters;
     initializeSandbox(parameters, sandboxParameters);
 
+#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
+    WebCore::initializeLogChannelsIfNecessary();
+    WebKit::initializeLogChannelsIfNecessary();
+#endif // !LOG_DISABLED || !RELEASE_LOG_DISABLED
+
     initializeProcessName(parameters);
 
     // In WebKit2, only the UI process should ever be generating certain identifiers.
index 256f749..14d279f 100644 (file)
 #import "config.h"
 #import "WebKit2Initialize.h"
 
-#import "LogInitialization.h"
 #import "VersionChecks.h"
 #import <JavaScriptCore/InitializeThreading.h>
-#import <WebCore/LogInitialization.h>
 #import <mutex>
 #import <wtf/MainThread.h>
 #import <wtf/RefCounted.h>
@@ -56,11 +54,6 @@ static void runInitializationCode(void* = nullptr)
     WTF::initializeMainThread();
 
     WTF::RefCountedBase::enableThreadingChecksGlobally();
-
-#if !LOG_DISABLED || !RELEASE_LOG_DISABLED
-    WebCore::initializeLogChannelsIfNecessary();
-    WebKit::initializeLogChannelsIfNecessary();
-#endif // !LOG_DISABLED || !RELEASE_LOG_DISABLED
 }
 
 void InitializeWebKit2()
index 7d5afac..99fa7ab 100644 (file)
 #import <wtf/RetainPtr.h>
 #import <wtf/spi/darwin/XPCSPI.h>
 
-#if PLATFORM(MAC)
-#import <pal/spi/mac/NSApplicationSPI.h>
-#endif
-
 namespace WebKit {
 
 static void XPCServiceEventHandler(xpc_connection_t peer)
@@ -169,12 +165,6 @@ int XPCServiceMain(int argc, const char** argv)
 #if PLATFORM(MAC)
     // Don't allow Apple Events in WebKit processes. This can be removed when <rdar://problem/14012823> is fixed.
     setenv("__APPLEEVENTSSERVICENAME", "", 1);
-
-    // We don't need to talk to the dock.
-    if (Class nsApplicationClass = NSClassFromString(@"NSApplication")) {
-        if ([nsApplicationClass respondsToSelector:@selector(_preventDockConnections)])
-            [nsApplicationClass _preventDockConnections];
-    }
 #endif
 
     xpc_main(XPCServiceEventHandler);
index 524fab9..6d2f26d 100644 (file)
@@ -517,7 +517,7 @@ static bool tryApplyCachedSandbox(const SandboxInfo& info)
 
 static inline const NSBundle *webKit2Bundle()
 {
-    const static NSBundle *bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];
+    const static NSBundle *bundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
     return bundle;
 }
 
index 67f0c44..dae7ba8 100644 (file)
@@ -226,6 +226,9 @@ void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters& para
 #endif
 
 #if USE(APPKIT)
+    // We don't need to talk to the Dock.
+    [NSApplication _preventDockConnections];
+
     [[NSUserDefaults standardUserDefaults] registerDefaults:@{ @"NSApplicationCrashOnExceptions" : @YES }];
 
     // rdar://9118639 accessibilityFocusedUIElement in NSApplication defaults to use the keyWindow. Since there's
@@ -233,7 +236,7 @@ void WebProcess::platformInitializeWebProcess(WebProcessCreationParameters& para
     Method methodToPatch = class_getInstanceMethod([NSApplication class], @selector(accessibilityFocusedUIElement));
     method_setImplementation(methodToPatch, (IMP)NSApplicationAccessibilityFocusedUIElement);
 #endif
-    
+
 #if PLATFORM(MAC) && ENABLE(WEBPROCESS_NSRUNLOOP)
     // Need to initialize accessibility for VoiceOver to work when the WebContent process is using NSRunLoop.
     // Currently, it is also needed to allocate and initialize an NSApplication object.
@@ -564,9 +567,9 @@ void WebProcess::initializeSandbox(const AuxiliaryProcessInitializationParameter
 {
 #if PLATFORM(MAC) || PLATFORM(MACCATALYST)
     // Need to override the default, because service has a different bundle ID.
-    NSBundle *webKit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKWebView")];
+    auto webKitBundle = [NSBundle bundleWithIdentifier:@"com.apple.WebKit"];
 
-    sandboxParameters.setOverrideSandboxProfilePath([webKit2Bundle pathForResource:@"com.apple.WebProcess" ofType:@"sb"]);
+    sandboxParameters.setOverrideSandboxProfilePath(makeString(String([webKitBundle resourcePath]), "/com.apple.WebProcess.sb"));
 
     AuxiliaryProcess::initializeSandbox(parameters, sandboxParameters);
 #endif
index 66f29d1..d6e8dde 100644 (file)
         (syscall-number SYS_ulock_wait2) ;; <rdar://problem/58743778>
 #endif
         (syscall-number SYS_fstat64_extended) ;; <rdar://problem/61310019>
+        (syscall-number SYS_gethostuuid)
     )
 
     (if (equal? (param "CPU") "arm64")