[Mac] Always use plug-in sandbox with sandboxed clients
authorap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 May 2014 18:24:43 +0000 (18:24 +0000)
committerap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 May 2014 18:24:43 +0000 (18:24 +0000)
https://bugs.webkit.org/show_bug.cgi?id=133358
<rdar://problem/15637695>

Reviewed by Anders Carlsson.

* PluginProcess/mac/PluginProcessMac.mm: (WebKit::PluginProcess::initializeSandbox):
Refuse to start if parent process is sandboxed, and plug-in process is not going to be.
None of this should run in normal case, because there are also checks on UI process side.

* Shared/Plugins/PluginModuleInfo.h:
* Shared/Plugins/Netscape/mac/NetscapePluginModuleMac.mm:
(WebKit::NetscapePluginModule::getPluginInfo):
Added a member to PluginModuleInfo, telling whether the plug-in has a sandbox profile.

* Shared/Plugins/Netscape/mac/PluginInformationMac.mm:
(WebKit::getPlatformPluginModuleInformation): Use the new PluginModuleInfo member,
we no longer need to check the file system here.

* WebKit2.xcodeproj/project.pbxproj:
* Shared/mac/SandboxUtilities.h: Added.
* Shared/mac/SandboxUtilities.cpp: Added. (WebKit::processIsSandboxed):
This code is simple, but include magic is not. Moved it to a separate file to
avoid repeating.

* UIProcess/API/C/mac/WKContextPrivateMac.mm: Removed an unused include.

* UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
(WebKit::PluginInfoStore::shouldUsePlugin): Don't use unsandboxed plug-ins in
sandboxed applications.

* UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::PluginProcessProxy::platformGetLaunchOptions): Don't ever pass disable-sandbox
from sandboxed processes.

* Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:
(WebKit::XPCServiceInitializerDelegate::isClientSandboxed):
Use the new shared code in SandboxUtilities.h.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@169457 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
Source/WebKit2/ChangeLog
Source/WebKit2/PluginProcess/mac/PluginProcessMac.mm
Source/WebKit2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm
Source/WebKit2/Shared/Plugins/Netscape/mac/NetscapePluginModuleMac.mm
Source/WebKit2/Shared/Plugins/Netscape/mac/PluginInformationMac.mm
Source/WebKit2/Shared/Plugins/PluginModuleInfo.h
Source/WebKit2/Shared/mac/SandboxUtilities.cpp [new file with mode: 0644]
Source/WebKit2/Shared/mac/SandboxUtilities.h [new file with mode: 0644]
Source/WebKit2/UIProcess/API/C/mac/WKContextPrivateMac.mm
Source/WebKit2/UIProcess/Plugins/mac/PluginInfoStoreMac.mm
Source/WebKit2/UIProcess/Plugins/mac/PluginProcessProxyMac.mm
Source/WebKit2/WebKit2.xcodeproj/project.pbxproj

index 8a5dc62..4bc0458 100644 (file)
@@ -1,3 +1,44 @@
+2014-05-29  Alexey Proskuryakov  <ap@apple.com>
+
+        [Mac] Always use plug-in sandbox with sandboxed clients
+        https://bugs.webkit.org/show_bug.cgi?id=133358
+        <rdar://problem/15637695>
+
+        Reviewed by Anders Carlsson.
+
+        * PluginProcess/mac/PluginProcessMac.mm: (WebKit::PluginProcess::initializeSandbox):
+        Refuse to start if parent process is sandboxed, and plug-in process is not going to be.
+        None of this should run in normal case, because there are also checks on UI process side.
+        
+        * Shared/Plugins/PluginModuleInfo.h:
+        * Shared/Plugins/Netscape/mac/NetscapePluginModuleMac.mm:
+        (WebKit::NetscapePluginModule::getPluginInfo):
+        Added a member to PluginModuleInfo, telling whether the plug-in has a sandbox profile.
+
+        * Shared/Plugins/Netscape/mac/PluginInformationMac.mm:
+        (WebKit::getPlatformPluginModuleInformation): Use the new PluginModuleInfo member,
+        we no longer need to check the file system here.
+
+        * WebKit2.xcodeproj/project.pbxproj:
+        * Shared/mac/SandboxUtilities.h: Added.
+        * Shared/mac/SandboxUtilities.cpp: Added. (WebKit::processIsSandboxed):
+        This code is simple, but include magic is not. Moved it to a separate file to
+        avoid repeating.
+
+        * UIProcess/API/C/mac/WKContextPrivateMac.mm: Removed an unused include.
+
+        * UIProcess/Plugins/mac/PluginInfoStoreMac.mm:
+        (WebKit::PluginInfoStore::shouldUsePlugin): Don't use unsandboxed plug-ins in
+        sandboxed applications.
+
+        * UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
+        (WebKit::PluginProcessProxy::platformGetLaunchOptions): Don't ever pass disable-sandbox
+        from sandboxed processes.
+
+        * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:
+        (WebKit::XPCServiceInitializerDelegate::isClientSandboxed):
+        Use the new shared code in SandboxUtilities.h.
+
 2014-05-29  Timothy Horton  <timothy_horton@apple.com>
 
         Crash loading skydrive.com (assertion under RemoteLayerTreeDisplayRefreshMonitor)
index 7a4d519..f35c1b0 100644 (file)
@@ -36,6 +36,7 @@
 #import "PluginProcessShim.h"
 #import "PluginSandboxProfile.h"
 #import "SandboxInitializationParameters.h"
+#import "SandboxUtilities.h"
 #import <CoreAudio/AudioHardware.h>
 #import <WebCore/LocalizedStrings.h>
 #import <WebKitSystemInterface.h>
@@ -456,12 +457,32 @@ void PluginProcess::initializeProcessName(const ChildProcessInitializationParame
 
 void PluginProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters)
 {
-    if (parameters.extraInitializationData.get("disable-sandbox") == "1")
+    // PluginProcess may already be sandboxed if its parent process was sandboxed, and launched a child process instead of an XPC service.
+    // This is generally not expected, however we currently always spawn a child process to create a MIME type preferences file.
+    if (processIsSandboxed(getpid())) {
+        RELEASE_ASSERT(!parameters.connectionIdentifier.xpcConnection);
+        RELEASE_ASSERT(processIsSandboxed(getppid()));
         return;
+    }
+
+    bool parentIsSandboxed = parameters.connectionIdentifier.xpcConnection && processIsSandboxed(xpc_connection_get_pid(parameters.connectionIdentifier.xpcConnection.get()));
+
+    if (parameters.extraInitializationData.get("disable-sandbox") == "1") {
+        if (parentIsSandboxed) {
+            WTFLogAlways("Sandboxed processes may not disable plug-in sandbox, terminating %s.", parameters.clientIdentifier.utf8().data());
+            exit(EX_OSERR);
+        }
+        return;
+    }
 
     String sandboxProfile = pluginSandboxProfile(m_pluginBundleIdentifier);
-    if (sandboxProfile.isEmpty())
+    if (sandboxProfile.isEmpty()) {
+        if (parentIsSandboxed) {
+            WTFLogAlways("Sandboxed processes may only use sandboxed plug-ins, terminating %s.", parameters.clientIdentifier.utf8().data());
+            exit(EX_OSERR);
+        }
         return;
+    }
 
     sandboxParameters.setSandboxProfile(sandboxProfile);
 
index 8681716..40ae3c6 100644 (file)
@@ -25,6 +25,7 @@
 
 #import "config.h"
 
+#import "SandboxUtilities.h"
 #import "XPCServiceEntryPoint.h"
 
 #if __has_include(<xpc/private.h>)
@@ -34,16 +35,6 @@ extern "C" xpc_object_t xpc_connection_copy_entitlement_value(xpc_connection_t c
 extern "C" mach_port_t xpc_dictionary_copy_mach_send(xpc_object_t, const char*);
 #endif
 
-#if __has_include(<sandbox/private.h>)
-#import <sandbox/private.h>
-#else
-enum sandbox_filter_type {
-    SANDBOX_FILTER_NONE,
-};
-extern "C"
-int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...);
-#endif
-
 namespace WebKit {
 
 XPCServiceInitializerDelegate::~XPCServiceInitializerDelegate()
@@ -104,9 +95,7 @@ bool XPCServiceInitializerDelegate::hasEntitlement(const char* entitlement)
 
 bool XPCServiceInitializerDelegate::isClientSandboxed()
 {
-    pid_t clientPID = xpc_connection_get_pid(m_connection.get());
-
-    return sandbox_check(clientPID, nullptr, SANDBOX_FILTER_NONE);
+    return processIsSandboxed(xpc_connection_get_pid(m_connection.get()));
 }
 
 } // namespace WebKit
index 17f582e..595d6dd 100644 (file)
@@ -29,6 +29,7 @@
 #if ENABLE(NETSCAPE_PLUGIN_API)
 
 #import "PluginProcessProxy.h"
+#import "PluginSandboxProfile.h"
 #import <WebCore/WebCoreNSStringExtras.h>
 #import <wtf/HashSet.h>
 #import <wtf/MainThread.h>
@@ -386,7 +387,9 @@ bool NetscapePluginModule::getPluginInfo(const String& pluginPath, PluginModuleI
     if (!getPluginInfoFromPropertyLists(bundle.get(), plugin) &&
         !getPluginInfoFromCarbonResources(bundle.get(), plugin))
         return false;
-    
+
+    plugin.hasSandboxProfile = pluginHasSandboxProfile(plugin.bundleIdentifier);
+
     RetainPtr<CFStringRef> filename = adoptCF(CFURLCopyLastPathComponent(bundleURL.get()));
     plugin.info.file = filename.get();
     
index a082093..4887ee6 100644 (file)
@@ -31,7 +31,6 @@
 #import "APINumber.h"
 #import "APIString.h"
 #import "PluginModuleInfo.h"
-#import "PluginSandboxProfile.h"
 #import "StringUtilities.h"
 #import <WebKitSystemInterface.h>
 
@@ -43,7 +42,7 @@ void getPlatformPluginModuleInformation(const PluginModuleInfo& plugin, Immutabl
     map.set(pluginInformationBundleVersionKey(), API::String::create(plugin.versionString));
     map.set(pluginInformationBundleShortVersionKey(), API::String::create(plugin.shortVersionString));
     map.set(pluginInformationUpdatePastLastBlockedVersionIsKnownAvailableKey(), API::Boolean::create(WKIsPluginUpdateAvailable(nsStringFromWebCoreString(plugin.bundleIdentifier))));
-    map.set(pluginInformationHasSandboxProfileKey(), API::Boolean::create(pluginHasSandboxProfile(plugin.bundleIdentifier)));
+    map.set(pluginInformationHasSandboxProfileKey(), API::Boolean::create(plugin.hasSandboxProfile));
 }
 
 } // namespace WebKit
index 2b8bd3b..a6a5ed5 100644 (file)
@@ -56,6 +56,7 @@ struct PluginModuleInfo {
     String versionString;
     String shortVersionString;
     String preferencePanePath;
+    bool hasSandboxProfile;
 #elif PLATFORM(GTK)
     bool requiresGtk2;
 #endif
diff --git a/Source/WebKit2/Shared/mac/SandboxUtilities.cpp b/Source/WebKit2/Shared/mac/SandboxUtilities.cpp
new file mode 100644 (file)
index 0000000..9276e41
--- /dev/null
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2014 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "SandboxUtilities.h"
+
+#if __has_include(<sandbox/private.h>)
+#import <sandbox/private.h>
+#else
+enum sandbox_filter_type {
+    SANDBOX_FILTER_NONE,
+};
+extern "C"
+int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...);
+#endif
+
+namespace WebKit {
+
+bool processIsSandboxed(pid_t pid)
+{
+    return sandbox_check(pid, nullptr, SANDBOX_FILTER_NONE);
+}
+
+}
diff --git a/Source/WebKit2/Shared/mac/SandboxUtilities.h b/Source/WebKit2/Shared/mac/SandboxUtilities.h
new file mode 100644 (file)
index 0000000..7a9e0f2
--- /dev/null
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2014 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SandboxUtilities_h
+#define SandboxUtilities_h
+
+#include <sys/types.h>
+
+namespace WebKit {
+
+bool processIsSandboxed(pid_t);
+
+}
+
+#endif // SandboxUtilities_h
index 9145556..7f0033c 100644 (file)
@@ -32,7 +32,6 @@
 #import "ImmutableDictionary.h"
 #import "PluginInfoStore.h"
 #import "PluginInformation.h"
-#import "PluginSandboxProfile.h"
 #import "StringUtilities.h"
 #import "WKAPICast.h"
 #import "WKPluginInformation.h"
index 7d4e7ae..fad8e64 100644 (file)
 
 #if PLATFORM(MAC) && ENABLE(NETSCAPE_PLUGIN_API)
 
+#import "Logging.h"
 #import "NetscapePluginModule.h"
+#import "SandboxUtilities.h"
 #import "WebKitSystemInterface.h"
 #import <WebCore/WebCoreNSStringExtras.h>
 #import <wtf/HashSet.h>
 #import <wtf/RetainPtr.h>
+#import <wtf/text/CString.h>
 
 using namespace WebCore;
 
@@ -91,8 +94,15 @@ bool PluginInfoStore::shouldUsePlugin(Vector<PluginModuleInfo>& alreadyLoadedPlu
         }
     }
 
-    if (plugin.bundleIdentifier == "com.apple.java.JavaAppletPlugin")
+    if (plugin.bundleIdentifier == "com.apple.java.JavaAppletPlugin") {
+        LOG(Plugins, "Ignoring com.apple.java.JavaAppletPlugin");
         return false;
+    }
+
+    if (processIsSandboxed(getpid()) && !plugin.hasSandboxProfile) {
+        LOG(Plugins, "Ignoring unsandboxed plug-in %s", plugin.bundleIdentifier.utf8().data());
+        return false;
+    }
 
     return true;
 }
index a6818a3..03011c7 100644 (file)
@@ -32,6 +32,7 @@
 #import "EnvironmentVariables.h"
 #import "PluginProcessCreationParameters.h"
 #import "PluginProcessMessages.h"
+#import "SandboxUtilities.h"
 #import "WebKitSystemInterface.h"
 #import <QuartzCore/CARemoteLayerServer.h>
 #import <WebCore/FileSystem.h>
@@ -151,9 +152,12 @@ void PluginProcessProxy::platformGetLaunchOptions(ProcessLauncher::LaunchOptions
     launchOptions.executableHeap = PluginProcessProxy::pluginNeedsExecutableHeap(pluginProcessAttributes.moduleInfo);
     launchOptions.extraInitializationData.add("plugin-path", pluginProcessAttributes.moduleInfo.path);
 
-    // FIXME: Don't allow this if the UI process is sandboxed.
-    if (pluginProcessAttributes.sandboxPolicy == PluginProcessSandboxPolicyUnsandboxed)
-        launchOptions.extraInitializationData.add("disable-sandbox", "1");
+    if (pluginProcessAttributes.sandboxPolicy == PluginProcessSandboxPolicyUnsandboxed) {
+        if (!processIsSandboxed(getpid()))
+            launchOptions.extraInitializationData.add("disable-sandbox", "1");
+        else
+            WTFLogAlways("Main process is sandboxed, ignoring plug-in sandbox policy");
+    }
 
     launchOptions.useXPC = shouldUseXPC(launchOptions, pluginProcessAttributes);
 }
index cce96b9..a4cfe8b 100644 (file)
                E18E6918169B667B009B6670 /* SecItemShimProxyMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = E18E6914169B667B009B6670 /* SecItemShimProxyMessages.h */; };
                E19582D3153CBFD700B60875 /* PDFKitImports.h in Headers */ = {isa = PBXBuildFile; fileRef = E19582D2153CBFD700B60875 /* PDFKitImports.h */; };
                E19582D6153CC05400B60875 /* PDFKitImports.mm in Sources */ = {isa = PBXBuildFile; fileRef = E19582D4153CC05300B60875 /* PDFKitImports.mm */; };
+               E19BDA8A193686A400B97F57 /* SandboxUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = E19BDA88193686A400B97F57 /* SandboxUtilities.h */; };
+               E19BDA8B19368D4600B97F57 /* SandboxUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E19BDA87193686A400B97F57 /* SandboxUtilities.cpp */; };
                E19BDA86193665E300B97F57 /* com.apple.appstore.CodeRedeemerNetscapePlugin.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = E19BDA8419365F4B00B97F57 /* com.apple.appstore.CodeRedeemerNetscapePlugin.sb */; };
                E1A31732134CEA6C007C9A4F /* AttributedString.h in Headers */ = {isa = PBXBuildFile; fileRef = E1A31731134CEA6C007C9A4F /* AttributedString.h */; };
                E1A31735134CEA80007C9A4F /* AttributedString.mm in Sources */ = {isa = PBXBuildFile; fileRef = E1A31734134CEA80007C9A4F /* AttributedString.mm */; };
                E19582D2153CBFD700B60875 /* PDFKitImports.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PDFKitImports.h; sourceTree = "<group>"; };
                E19582D4153CC05300B60875 /* PDFKitImports.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = PDFKitImports.mm; sourceTree = "<group>"; };
                E1967E37150AB5E200C73169 /* com.apple.WebProcess.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.WebProcess.sb; sourceTree = "<group>"; };
+               E19BDA87193686A400B97F57 /* SandboxUtilities.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SandboxUtilities.cpp; sourceTree = "<group>"; };
+               E19BDA88193686A400B97F57 /* SandboxUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SandboxUtilities.h; sourceTree = "<group>"; };
                E19BDA8419365F4B00B97F57 /* com.apple.appstore.CodeRedeemerNetscapePlugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.appstore.CodeRedeemerNetscapePlugin.sb; sourceTree = "<group>"; };
                E1A31731134CEA6C007C9A4F /* AttributedString.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AttributedString.h; sourceTree = "<group>"; };
                E1A31734134CEA80007C9A4F /* AttributedString.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = AttributedString.mm; sourceTree = "<group>"; };
                                1AAB4AA91296F1540023952F /* SandboxExtensionMac.mm */,
                                E1E552C216AE065E004ED653 /* SandboxInitialiationParametersMac.mm */,
                                51D1304F1382EAC000351EDD /* SecItemRequestData.cpp */,
+                               E19BDA87193686A400B97F57 /* SandboxUtilities.cpp */,
+                               E19BDA88193686A400B97F57 /* SandboxUtilities.h */,
                                51D130501382EAC000351EDD /* SecItemRequestData.h */,
                                51D130511382EAC000351EDD /* SecItemResponseData.cpp */,
                                51D130521382EAC000351EDD /* SecItemResponseData.h */,
                        buildActionMask = 2147483647;
                        files = (
                                1ADAE12E1919A5B400F48E21 /* WKPreferences.h in Headers */,
+                               E19BDA8A193686A400B97F57 /* SandboxUtilities.h in Headers */,
                        );
                        runOnlyForDeploymentPostprocessing = 0;
                };
                                2DA944951884E3B500ED86DB /* WKViewIOS.mm in Sources */,
                                BC14DF78120B5B7900826C0C /* InjectedBundleScriptWorld.cpp in Sources */,
                                1AE49A4A11FFA8CE0048B464 /* JSNPMethod.cpp in Sources */,
+                               E19BDA8B19368D4600B97F57 /* SandboxUtilities.cpp in Sources */,
                                2D6AB542192B1C4A003A9FD1 /* WKPDFPageNumberIndicator.mm in Sources */,
                                1AE4987911FF7FAA0048B464 /* JSNPObject.cpp in Sources */,
                                BCE0937714FB128C001138D9 /* LayerHostingContext.mm in Sources */,