Cherry-pick 20d3e87. rdar://problem/107631614

[Cocoa] Extend access to the 'com.apple.gputools.service' mach service if Web Inspector is enabled https://bugs.webkit.org/show_bug.cgi?id=256673 <rdar://107631614> Reviewed by Per Arne Vollan. Access to the `com.apple.gputools.service` mach service is denied to the GPU Process. Unfortunately, some developer diagnostic tools for graphics investigation need this access to work. We should have the UI Process extend permission for the GPU Process to talk to relevant services when the Web Inspector has been enabled. * Source/WebKit/GPUProcess/GPUProcess.cpp: (WebKit::GPUProcess::initializeGPUProcess): Consume the GPU tools extensions if present. (WebKit::GPUProcess::updateSandboxAccess): Move outside the MEDIA_SESSION enablement macro so we can use it for WebInspector purposes. * Source/WebKit/GPUProcess/GPUProcess.h: * Source/WebKit/GPUProcess/GPUProcess.messages.in: Ditto. * Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp: (WebKit::GPUProcessCreationParameters::encode const): Update for additional sandbox extensions. (WebKit::GPUProcessCreationParameters::decode): Ditto. * Source/WebKit/GPUProcess/GPUProcessCreationParameters.h: * Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm: (WebKit::GPUProcessProxy::platformInitializeGPUProcessParameters): Add GPU tools extensions to process launch parameters if needed. (WebKit::GPUProcessProxy::createGPUToolsSandboxExtensionHandlesIfNeeded): Added. * Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm: (WebKit::WebProcessPool::platformInitializeWebProcess): Extend GPU tools extensions to the GPU process if they haven't been sent before, but the WebInspector is now enabled. * Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp: (WebKit::GPUProcessProxy::GPUProcessProxy): * Source/WebKit/UIProcess/GPU/GPUProcessProxy.h: Canonical link: https://commits.webkit.org/264029@main Identifier: 263769.51@safari-7616.1.14.10-branch
WebKit · May 24, 2023 · 0cc8a5f · 0cc8a5f
1 parent 645d9c0
commit 0cc8a5f
Show file tree

Hide file tree

Showing 9 changed files with 55 additions and 8 deletions.
diff --git a/Source/WebKit/GPUProcess/GPUProcess.cpp b/Source/WebKit/GPUProcess/GPUProcess.cpp
@@ -262,6 +262,10 @@ void GPUProcess::initializeGPUProcess(GPUProcessCreationParameters&& parameters)
 
     populateMobileGestaltCache(WTFMove(parameters.mobileGestaltExtensionHandle));
 
+#if PLATFORM(COCOA) && ENABLE(REMOTE_INSPECTOR)
+    SandboxExtension::consumePermanently(parameters.gpuToolsExtensionHandles);
+#endif
+
 #if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES)
     auto emptyArray = adoptCF(CFArrayCreate(kCFAllocatorDefault, nullptr, 0, &kCFTypeArrayCallBacks));
     CGImageSourceSetAllowableTypes(emptyArray.get());
@@ -375,6 +379,12 @@ GPUConnectionToWebProcess* GPUProcess::webProcessConnection(WebCore::ProcessIden
     return m_webProcessConnections.get(identifier);
 }
 
+void GPUProcess::updateSandboxAccess(const Vector<SandboxExtension::Handle>& extensions)
+{
+    for (auto& extension : extensions)
+        SandboxExtension::consumePermanently(extension);
+}
+
 #if ENABLE(MEDIA_STREAM)
 void GPUProcess::setMockCaptureDevicesEnabled(bool isEnabled)
 {
@@ -422,12 +432,6 @@ void GPUProcess::updateCaptureOrigin(const WebCore::SecurityOriginData& originDa
         connection->updateCaptureOrigin(originData);
 }
 
-void GPUProcess::updateSandboxAccess(const Vector<SandboxExtension::Handle>& extensions)
-{
-    for (auto& extension : extensions)
-        SandboxExtension::consumePermanently(extension);
-}
-
 void GPUProcess::addMockMediaDevice(const WebCore::MockMediaDevice& device)
 {
     MockRealtimeMediaSourceCenter::addDevice(device);

diff --git a/Source/WebKit/GPUProcess/GPUProcess.h b/Source/WebKit/GPUProcess/GPUProcess.h
@@ -151,6 +151,7 @@ class GPUProcess : public AuxiliaryProcess, public ThreadSafeRefCounted<GPUProce
     void createGPUConnectionToWebProcess(WebCore::ProcessIdentifier, PAL::SessionID, IPC::Connection::Handle&&, GPUProcessConnectionParameters&&, CompletionHandler<void()>&&);
     void addSession(PAL::SessionID, GPUProcessSessionParameters&&);
     void removeSession(PAL::SessionID);
+    void updateSandboxAccess(const Vector<SandboxExtension::Handle>&);
 
     bool updatePreference(std::optional<bool>& oldPreference, std::optional<bool>& newPreference);
     void userPreferredLanguagesChanged(Vector<String>&&);
@@ -161,7 +162,6 @@ class GPUProcess : public AuxiliaryProcess, public ThreadSafeRefCounted<GPUProce
     void setOrientationForMediaCapture(WebCore::IntDegrees);
     void updateCaptureAccess(bool allowAudioCapture, bool allowVideoCapture, bool allowDisplayCapture, WebCore::ProcessIdentifier, CompletionHandler<void()>&&);
     void updateCaptureOrigin(const WebCore::SecurityOriginData&, WebCore::ProcessIdentifier);
-    void updateSandboxAccess(const Vector<SandboxExtension::Handle>&);
     void addMockMediaDevice(const WebCore::MockMediaDevice&);
     void clearMockMediaDevices();
     void removeMockMediaDevice(const String&);

diff --git a/Source/WebKit/GPUProcess/GPUProcess.messages.in b/Source/WebKit/GPUProcess/GPUProcess.messages.in
@@ -28,6 +28,7 @@ messages -> GPUProcess LegacyReceiver {
     CreateGPUConnectionToWebProcess(WebCore::ProcessIdentifier processIdentifier, PAL::SessionID sessionID, IPC::Connection::Handle connectionHandle, struct WebKit::GPUProcessConnectionParameters parameters) -> () AllowedWhenWaitingForSyncReply
 
     UpdateGPUProcessPreferences(struct WebKit::GPUProcessPreferences preferences)
+    UpdateSandboxAccess(Vector<WebKit::SandboxExtension::Handle> extensions);
 
     PrepareToSuspend(bool isSuspensionImminent, MonotonicTime estimatedSuspendTime) -> ()
     ProcessDidResume()
@@ -38,7 +39,6 @@ messages -> GPUProcess LegacyReceiver {
 #if ENABLE(MEDIA_STREAM)
     SetMockCaptureDevicesEnabled(bool isEnabled)
     SetOrientationForMediaCapture(WebCore::IntDegrees orientation);
-    UpdateSandboxAccess(Vector<WebKit::SandboxExtension::Handle> extensions);
     UpdateCaptureAccess(bool allowAudioCapture, bool allowVideoCapture, bool allowDisplayCapture, WebCore::ProcessIdentifier processID) -> ()
     UpdateCaptureOrigin(WebCore::SecurityOriginData originData, WebCore::ProcessIdentifier processID)
     AddMockMediaDevice(struct WebCore::MockMediaDevice device)

diff --git a/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp b/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp
@@ -62,6 +62,9 @@ void GPUProcessCreationParameters::encode(IPC::Encoder& encoder) const
     encoder << dynamicIOKitExtensionHandles;
 #endif
     encoder << mobileGestaltExtensionHandle;
+#if PLATFORM(COCOA) && ENABLE(REMOTE_INSPECTOR)
+    encoder << gpuToolsExtensionHandles;
+#endif
 
     encoder << applicationVisibleName;
 #if PLATFORM(COCOA)
@@ -128,6 +131,14 @@ bool GPUProcessCreationParameters::decode(IPC::Decoder& decoder, GPUProcessCreat
         return false;
     result.mobileGestaltExtensionHandle = WTFMove(*mobileGestaltExtensionHandle);
 
+#if PLATFORM(COCOA) && ENABLE(REMOTE_INSPECTOR)
+    std::optional<Vector<SandboxExtension::Handle>> gpuToolsExtensionHandles;
+    decoder >> gpuToolsExtensionHandles;
+    if (!gpuToolsExtensionHandles)
+        return false;
+    result.gpuToolsExtensionHandles = WTFMove(*gpuToolsExtensionHandles);
+#endif
+
     if (!decoder.decode(result.applicationVisibleName))
         return false;
 

diff --git a/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h b/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h
@@ -62,6 +62,9 @@ struct GPUProcessCreationParameters {
     Vector<SandboxExtension::Handle> dynamicIOKitExtensionHandles;
 #endif
     std::optional<SandboxExtension::Handle> mobileGestaltExtensionHandle;
+#if PLATFORM(COCOA) && ENABLE(REMOTE_INSPECTOR)
+    Vector<SandboxExtension::Handle> gpuToolsExtensionHandles;
+#endif
 
     String applicationVisibleName;
 #if PLATFORM(COCOA)

diff --git a/Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm b/Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm
@@ -32,6 +32,7 @@
 #include "GPUProcessCreationParameters.h"
 #include "GPUProcessMessages.h"
 #include "MediaPermissionUtilities.h"
+#include "WebProcessProxy.h"
 
 #if HAVE(POWERLOG_TASK_MODE_QUERY)
 #include <pal/spi/mac/PowerLogSPI.h>
@@ -45,6 +46,7 @@
 void GPUProcessProxy::platformInitializeGPUProcessParameters(GPUProcessCreationParameters& parameters)
 {
     parameters.mobileGestaltExtensionHandle = createMobileGestaltSandboxExtensionIfNeeded();
+    parameters.gpuToolsExtensionHandles = createGPUToolsSandboxExtensionHandlesIfNeeded();
     parameters.applicationVisibleName = applicationVisibleName();
     parameters.strictSecureDecodingForAllObjCEnabled = IPC::strictSecureDecodingForAllObjCEnabled();
 }
@@ -76,6 +78,14 @@
 }
 #endif // HAVE(POWERLOG_TASK_MODE_QUERY)
 
+Vector<SandboxExtension::Handle> GPUProcessProxy::createGPUToolsSandboxExtensionHandlesIfNeeded()
+{
+    if (!WebProcessProxy::shouldEnableRemoteInspector())
+        return { };
+
+    return SandboxExtension::createHandlesForMachLookup({ "com.apple.gputools.service"_s, }, std::nullopt);
+}
+
 }
 
 #endif
diff --git a/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm b/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
@@ -414,6 +414,15 @@ static void logProcessPoolState(const WebProcessPool& pool)
     if (WebProcessProxy::shouldEnableRemoteInspector()) {
         auto handles = SandboxExtension::createHandlesForMachLookup({ "com.apple.webinspector"_s }, process.auditToken());
         parameters.enableRemoteWebInspectorExtensionHandles = WTFMove(handles);
+
+#if ENABLE(GPU_PROCESS)
+        if (auto* gpuProcess = GPUProcessProxy::singletonIfCreated()) {
+            if (!gpuProcess->hasSentGPUToolsSandboxExtensions()) {
+                auto gpuToolsHandle = GPUProcessProxy::createGPUToolsSandboxExtensionHandlesIfNeeded();
+                gpuProcess->send(Messages::GPUProcess::UpdateSandboxAccess(gpuToolsHandle), 0);
+            }
+        }
+#endif
     }
 #endif
 

diff --git a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
@@ -183,6 +183,10 @@ GPUProcessProxy::GPUProcessProxy()
     // Initialize the GPU process.
     send(Messages::GPUProcess::InitializeGPUProcess(parameters), 0);
 
+#if PLATFORM(COCOA)
+    m_hasSentGPUToolsSandboxExtensions = !parameters.gpuToolsExtensionHandles.isEmpty();
+#endif
+
 #if HAVE(AUDIO_COMPONENT_SERVER_REGISTRATIONS) && ENABLE(AUDIO_COMPONENT_SERVER_REGISTRATIONS_IN_GPU_PROCESS)
     auto registrations = fetchAudioComponentServerRegistrations();
     RELEASE_ASSERT(registrations);

diff --git a/Source/WebKit/UIProcess/GPU/GPUProcessProxy.h b/Source/WebKit/UIProcess/GPU/GPUProcessProxy.h
@@ -119,6 +119,11 @@ class GPUProcessProxy final : public AuxiliaryProcessProxy, private ProcessThrot
     void requestBitmapImageForCurrentTime(WebCore::ProcessIdentifier, WebCore::MediaPlayerIdentifier, CompletionHandler<void(ShareableBitmap::Handle&&)>&&);
 #endif
 
+#if PLATFORM(COCOA) && ENABLE(REMOTE_INSPECTOR)
+    bool hasSentGPUToolsSandboxExtensions() const { return m_hasSentGPUToolsSandboxExtensions; }
+    static Vector<SandboxExtension::Handle> createGPUToolsSandboxExtensionHandlesIfNeeded();
+#endif
+
 private:
     explicit GPUProcessProxy();
 
@@ -182,6 +187,7 @@ class GPUProcessProxy final : public AuxiliaryProcessProxy, private ProcessThrot
     bool m_hasSentCameraSandboxExtension { false };
     bool m_hasSentMicrophoneSandboxExtension { false };
     bool m_hasSentDisplayCaptureSandboxExtension { false };
+    bool m_hasSentGPUToolsSandboxExtensions { false };
 #endif
 
 #if HAVE(SCREEN_CAPTURE_KIT)