[iOS] Do not create sandbox reports when the UI process cannot issue …

…extensions to diagnostics service https://bugs.webkit.org/show_bug.cgi?id=207279 <rdar://problem/59030957> Source/WebKit: Reviewed by Brent Fulgham. Do not create sandbox reports when the UI process cannot issue mach extensions to the diagnostics service. The majority of clients are capable of doing this. No new tests, since it is not trivial to test if no sandbox reports are generated for a violation. * Shared/Cocoa/SandboxExtensionCocoa.mm: (WebKit::SandboxExtensionImpl::create): (WebKit::SandboxExtensionImpl::sandboxExtensionForType): (WebKit::SandboxExtensionImpl::SandboxExtensionImpl): (WebKit::SandboxExtension::createHandleForMachLookup): * Shared/SandboxExtension.h: * UIProcess/Cocoa/WebProcessPoolCocoa.mm: (WebKit::WebProcessPool::platformInitializeWebProcess): Source/WTF: Reviewed by Brent Fulgham. Add flag which avoids generating sandbox reports. * wtf/spi/darwin/SandboxSPI.h: Canonical link: https://commits.webkit.org/220287@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255874 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Feb 6, 2020 · f32b8a3 · f32b8a3
1 parent 608cfe5
commit f32b8a3
Show file tree

Hide file tree

Showing 6 changed files with 63 additions and 15 deletions.
diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
@@ -1,3 +1,15 @@
+2020-02-05  Per Arne Vollan  <pvollan@apple.com>
+
+        [iOS] Do not create sandbox reports when the UI process cannot issue extensions to diagnostics service
+        https://bugs.webkit.org/show_bug.cgi?id=207279
+        <rdar://problem/59030957>
+
+        Reviewed by Brent Fulgham.
+
+        Add flag which avoids generating sandbox reports.
+
+        * wtf/spi/darwin/SandboxSPI.h:
+
 2020-02-05  Alex Christensen  <achristensen@webkit.org>
 
         Make WKWebView._negotiatedLegacyTLS accurate when loading main resouorce from network or cache

diff --git a/Source/WTF/wtf/spi/darwin/SandboxSPI.h b/Source/WTF/wtf/spi/darwin/SandboxSPI.h
@@ -59,6 +59,8 @@ extern const char *const APP_SANDBOX_READ;
 extern const char *const APP_SANDBOX_READ_WRITE;
 extern const enum sandbox_filter_type SANDBOX_CHECK_NO_REPORT;
 
+extern const uint32_t SANDBOX_EXTENSION_NO_REPORT;
+
 char *sandbox_extension_issue_file(const char *extension_class, const char *path, uint32_t flags);
 char *sandbox_extension_issue_generic(const char *extension_class, uint32_t flags);
 #if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)

diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,25 @@
+2020-02-05  Per Arne Vollan  <pvollan@apple.com>
+
+        [iOS] Do not create sandbox reports when the UI process cannot issue extensions to diagnostics service
+        https://bugs.webkit.org/show_bug.cgi?id=207279
+        <rdar://problem/59030957>
+
+        Reviewed by Brent Fulgham.
+
+        Do not create sandbox reports when the UI process cannot issue mach extensions to the diagnostics service.
+        The majority of clients are capable of doing this.
+
+        No new tests, since it is not trivial to test if no sandbox reports are generated for a violation.
+
+        * Shared/Cocoa/SandboxExtensionCocoa.mm:
+        (WebKit::SandboxExtensionImpl::create):
+        (WebKit::SandboxExtensionImpl::sandboxExtensionForType):
+        (WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
+        (WebKit::SandboxExtension::createHandleForMachLookup):
+        * Shared/SandboxExtension.h:
+        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+        (WebKit::WebProcessPool::platformInitializeWebProcess):
+
 2020-02-05  Chris Dumez  <cdumez@apple.com>
 
         [IPC hardening] Protect against bad identifier in CacheStorageEngineConnection::reference() / dereference()

diff --git a/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm b/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm
@@ -40,9 +40,9 @@
 class SandboxExtensionImpl {
     WTF_MAKE_FAST_ALLOCATED;
 public:
-    static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken = WTF::nullopt)
+    static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken = WTF::nullopt, OptionSet<SandboxExtension::Flags> flags = SandboxExtension::Flags::Default)
     {
-        std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, auditToken) };
+        std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, auditToken, flags) };
         if (!impl->m_token)
             return nullptr;
         return impl;
@@ -84,30 +84,34 @@ bool invalidate()
     }
 
 private:
-    char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken)
+    char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken, OptionSet<SandboxExtension::Flags> flags)
     {
+        uint32_t extensionFlags = 0;
+        if (flags & SandboxExtension::Flags::NoReport)
+            extensionFlags |= SANDBOX_EXTENSION_NO_REPORT;
+
         switch (type) {
         case SandboxExtension::Type::ReadOnly:
-            return sandbox_extension_issue_file(APP_SANDBOX_READ, path, 0);
+            return sandbox_extension_issue_file(APP_SANDBOX_READ, path, extensionFlags);
         case SandboxExtension::Type::ReadWrite:
-            return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0);
+            return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, extensionFlags);
         case SandboxExtension::Type::Mach:
             if (!auditToken)
-                return sandbox_extension_issue_mach("com.apple.webkit.extension.mach"_s, path, 0);
+                return sandbox_extension_issue_mach("com.apple.webkit.extension.mach"_s, path, extensionFlags);
 #if HAVE(SANDBOX_ISSUE_MACH_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)
-            return sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach"_s, path, 0, *auditToken);
+            return sandbox_extension_issue_mach_to_process("com.apple.webkit.extension.mach"_s, path, extensionFlags, *auditToken);
 #else
             UNUSED_PARAM(auditToken);
             ASSERT_NOT_REACHED();
             return nullptr;
 #endif
         case SandboxExtension::Type::Generic:
-            return sandbox_extension_issue_generic(path, 0);
+            return sandbox_extension_issue_generic(path, extensionFlags);
         case SandboxExtension::Type::ReadByProcess:
 #if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)
             if (!auditToken)
                 return nullptr;
-            return sandbox_extension_issue_file_to_process(APP_SANDBOX_READ, path, 0, *auditToken);
+            return sandbox_extension_issue_file_to_process(APP_SANDBOX_READ, path, extensionFlags, *auditToken);
 #else
             UNUSED_PARAM(auditToken);
             ASSERT_NOT_REACHED();
@@ -116,8 +120,8 @@ bool invalidate()
         }
     }
 
-    SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken)
-        : m_token { sandboxExtensionForType(path, type, auditToken) }
+    SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<audit_token_t> auditToken, OptionSet<SandboxExtension::Flags> flags)
+        : m_token { sandboxExtensionForType(path, type, auditToken, flags) }
     {
     }
 
@@ -336,11 +340,11 @@ String resolvePathForSandboxExtension(const String& path)
     return true;
 }
 
-bool SandboxExtension::createHandleForMachLookup(const String& service, Optional<audit_token_t> auditToken, Handle& handle)
+bool SandboxExtension::createHandleForMachLookup(const String& service, Optional<audit_token_t> auditToken, Handle& handle, OptionSet<Flags> flags)
 {
     ASSERT(!handle.m_sandboxExtension);
 
-    handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, auditToken);
+    handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, auditToken, flags);
     if (!handle.m_sandboxExtension) {
         WTFLogAlways("Could not create a '%s' sandbox extension", service.utf8().data());
         return false;

diff --git a/Source/WebKit/Shared/SandboxExtension.h b/Source/WebKit/Shared/SandboxExtension.h
@@ -27,6 +27,7 @@
 
 #include <wtf/Forward.h>
 #include <wtf/Noncopyable.h>
+#include <wtf/OptionSet.h>
 #include <wtf/ProcessID.h>
 #include <wtf/RefCounted.h>
 #include <wtf/RefPtr.h>
@@ -52,6 +53,11 @@ class SandboxExtension : public RefCounted<SandboxExtension> {
         ReadByProcess
     };
 
+    enum class Flags : uint8_t {
+        Default,
+        NoReport
+    };
+
     class Handle {
         WTF_MAKE_NONCOPYABLE(Handle);
     public:
@@ -105,7 +111,7 @@ class SandboxExtension : public RefCounted<SandboxExtension> {
     static String createHandleForTemporaryFile(const String& prefix, Type, Handle&);
     static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
 #if HAVE(AUDIT_TOKEN)
-    static bool createHandleForMachLookup(const String& service, Optional<audit_token_t>, Handle&);
+    static bool createHandleForMachLookup(const String& service, Optional<audit_token_t>, Handle&, OptionSet<Flags> = Flags::Default);
     static bool createHandleForReadByAuditToken(const String& path, audit_token_t, Handle&);
 #endif
     ~SandboxExtension();

diff --git a/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm b/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
@@ -50,6 +50,7 @@
 #import <WebCore/MIMETypeRegistry.h>
 #import <WebCore/NetworkStorageSession.h>
 #import <WebCore/NotImplemented.h>
+#import <WebCore/PictureInPictureSupport.h>
 #import <WebCore/PlatformPasteboard.h>
 #import <WebCore/RuntimeApplicationChecks.h>
 #import <WebCore/SharedBuffer.h>
@@ -60,6 +61,7 @@
 #import <wtf/ProcessPrivilege.h>
 #import <wtf/SoftLinking.h>
 #import <wtf/cocoa/Entitlements.h>
+#import <wtf/spi/darwin/SandboxSPI.h>
 #import <wtf/spi/darwin/dyldSPI.h>
 
 #if PLATFORM(MAC)
@@ -327,7 +329,7 @@ static bool isInternalInstall()
 
     if (isInternalInstall()) {
         SandboxExtension::Handle diagnosticsExtensionHandle;
-        SandboxExtension::createHandleForMachLookup("com.apple.diagnosticd", WTF::nullopt, diagnosticsExtensionHandle);
+        SandboxExtension::createHandleForMachLookup("com.apple.diagnosticd", WTF::nullopt, diagnosticsExtensionHandle, SandboxExtension::Flags::NoReport);
         parameters.diagnosticsExtensionHandle = WTFMove(diagnosticsExtensionHandle);
     }
 #endif