[macOS] Block runningboard access in the Network Process sandbox again

https://bugs.webkit.org/show_bug.cgi?id=259274 Reviewed by Per Arne Vollan. Block runningboard access in the Network Process sandbox again on macOS and address Bug 259229 by always holding a background assertion on the network process (so that it never suspends). * Source/WebKit/NetworkProcess/NetworkProcess.cpp: (WebKit::NetworkProcess::setIsHoldingLockedFiles): * Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: * Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp: (WebKit::NetworkProcessProxy::NetworkProcessProxy): * Source/WebKit/UIProcess/Network/NetworkProcessProxy.h: Canonical link: https://commits.webkit.org/266101@main
WebKit · Jul 17, 2023 · 2d0174d · 2d0174d
1 parent d950636
commit 2d0174d
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 5 deletions.
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
@@ -2974,6 +2974,10 @@ void NetworkProcess::requestBackgroundFetchPermission(PAL::SessionID sessionID,
 #if USE(RUNNINGBOARD)
 void NetworkProcess::setIsHoldingLockedFiles(bool isHoldingLockedFiles)
 {
+#if PLATFORM(MAC)
+    // The sandbox doesn't allow the network process to talk to runningboardd on macOS.
+    UNUSED_PARAM(isHoldingLockedFiles);
+#else
     if (!isHoldingLockedFiles) {
         m_holdingLockedFileAssertion = nullptr;
         return;
@@ -2985,6 +2989,7 @@ void NetworkProcess::setIsHoldingLockedFiles(bool isHoldingLockedFiles)
     // We synchronously take a process assertion when beginning a SQLite transaction so that we don't get suspended
     // while holding a locked file. We would get killed if suspended while holding locked files.
     m_holdingLockedFileAssertion = ProcessAssertion::create(getCurrentProcessID(), "Network Process is holding locked files"_s, ProcessAssertionType::FinishTaskInterruptable, ProcessAssertion::Mode::Sync);
+#endif
 }
 #endif
 

diff --git a/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in b/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in
@@ -836,8 +836,3 @@
     (global-name "com.apple.WebPrivacy.Service"))
 
 #endif
-
-#if USE(RUNNINGBOARD)
-(allow mach-lookup
-    (global-name "com.apple.runningboard"))
-#endif
diff --git a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
@@ -258,6 +258,9 @@ NetworkProcessProxy::NetworkProcessProxy()
     , m_customProtocolManagerClient(makeUniqueRef<API::CustomProtocolManagerClient>())
 #endif
     , m_throttler(*this, WebProcessPool::anyProcessPoolNeedsUIBackgroundAssertion())
+#if PLATFORM(MAC)
+    , m_backgroundActivityToPreventSuspension(m_throttler.backgroundActivity("Prevent suspension"_s))
+#endif
 {
     RELEASE_LOG(Process, "%p - NetworkProcessProxy::NetworkProcessProxy", this);
 

diff --git a/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h b/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
@@ -455,6 +455,14 @@ class NetworkProcessProxy final : public AuxiliaryProcessProxy, private ProcessT
 
     WeakHashSet<WebsiteDataStore> m_websiteDataStores;
     HashMap<DataTaskIdentifier, Ref<API::DataTask>> m_dataTasks;
+#if PLATFORM(MAC)
+    // On macOS, we prevent suspension of the NetworkProcess to avoid kills when holding
+    // locked database files. The WebSQLiteDatabaseTracker is not functional on macOS
+    // because the network process is not allowed to talk to talk to runningboardd due
+    // to sandboxing. See rdar://112406083 & rdar://112086186 for potential long-term
+    // fixes.
+    UniqueRef<ProcessThrottlerActivity> m_backgroundActivityToPreventSuspension;
+#endif
 
 #if PLATFORM(IOS_FAMILY)
     RetainPtr<id> m_backgroundObserver;