Unreviewed, reverting r259328.
https://bugs.webkit.org/show_bug.cgi?id=209861
Introduced API test failures (Requested by perarne on
#webkit).
Reverted changeset:
"[macOS] Deny mach-lookup access to "com.apple.lsd.mapdb" in
sandbox"
https://bugs.webkit.org/show_bug.cgi?id=209814
https://trac.webkit.org/changeset/259328
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@259352 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index fd253f6..7f95d69 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2020-04-01 Commit Queue <commit-queue@webkit.org>
+
+ Unreviewed, reverting r259328.
+ https://bugs.webkit.org/show_bug.cgi?id=209861
+
+ Introduced API test failures (Requested by perarne on
+ #webkit).
+
+ Reverted changeset:
+
+ "[macOS] Deny mach-lookup access to "com.apple.lsd.mapdb" in
+ sandbox"
+ https://bugs.webkit.org/show_bug.cgi?id=209814
+ https://trac.webkit.org/changeset/259328
+
2020-04-01 youenn fablet <youenn@apple.com>
Bump libwebrtc to M82
diff --git a/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt b/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt
index a136a1c..8807cd0 100644
--- a/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt
+++ b/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt
@@ -8,5 +8,4 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager.content-filter") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.system.logger") is false
-PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.lsd.mapdb") is false
diff --git a/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html b/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html
index 9462915..00c2f5a 100644
--- a/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html
+++ b/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html
@@ -11,7 +11,6 @@
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager.content-filter\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.system.logger\")");
- shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.lsd.mapdb\")");
}
</script>
</head>
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 75f2126..fb51987 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,3 +1,18 @@
+2020-04-01 Commit Queue <commit-queue@webkit.org>
+
+ Unreviewed, reverting r259328.
+ https://bugs.webkit.org/show_bug.cgi?id=209861
+
+ Introduced API test failures (Requested by perarne on
+ #webkit).
+
+ Reverted changeset:
+
+ "[macOS] Deny mach-lookup access to "com.apple.lsd.mapdb" in
+ sandbox"
+ https://bugs.webkit.org/show_bug.cgi?id=209814
+ https://trac.webkit.org/changeset/259328
+
2020-04-01 Brent Fulgham <bfulgham@apple.com>
Convert app-bound domain categorization parameter to a method
diff --git a/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm b/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm
index 6010a95..78f9c05 100644
--- a/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm
+++ b/Source/WebKit/Shared/mac/AuxiliaryProcessMac.mm
@@ -75,9 +75,6 @@
typedef bool (^LSServerConnectionAllowedBlock) ( CFDictionaryRef optionsRef );
extern "C" void _LSSetApplicationLaunchServicesServerConnectionStatus(uint64_t flags, LSServerConnectionAllowedBlock block);
extern "C" CFDictionaryRef _LSApplicationCheckIn(LSSessionID sessionID, CFDictionaryRef applicationInfo);
-#if HAVE(CSCHECKFIXDISABLE)
-extern "C" void _CSCheckFixDisable();
-#endif
namespace WebKit {
using namespace WebCore;
@@ -154,11 +151,6 @@
void AuxiliaryProcess::launchServicesCheckIn()
{
-#if HAVE(CSCHECKFIXDISABLE)
- // _CSCheckFixDisable() needs to be called before checking in with Launch Services.
- _CSCheckFixDisable();
-#endif
-
_LSSetApplicationLaunchServicesServerConnectionStatus(0, 0);
RetainPtr<CFDictionaryRef> unused = _LSApplicationCheckIn(kLSDefaultSessionID, CFBundleGetInfoDictionary(CFBundleGetMainBundle()));
}
diff --git a/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm b/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
index abdf894..9f945509 100644
--- a/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
+++ b/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
@@ -406,10 +406,6 @@
parameters.systemHasBattery = systemHasBattery();
parameters.mimeTypesMap = commonMimeTypesMap();
parameters.mapUTIFromMIMEType = createUTIFromMIMETypeMap();
-
- SandboxExtension::Handle mapDBHandle;
- SandboxExtension::createHandleForMachLookup("com.apple.lsd.mapdb", WTF::nullopt, mapDBHandle, SandboxExtension::Flags::NoReport);
- parameters.mapDBExtensionHandle = WTFMove(mapDBHandle);
#endif
#if PLATFORM(IOS)
@@ -430,6 +426,10 @@
if (WebCore::IOSApplication::isMobileSafari())
parameters.vectorOfUTTypeItem = createVectorOfUTTypeItem();
#endif
+
+ SandboxExtension::Handle mapDBHandle;
+ SandboxExtension::createHandleForMachLookup("com.apple.lsd.mapdb", WTF::nullopt, mapDBHandle, SandboxExtension::Flags::NoReport);
+ parameters.mapDBExtensionHandle = WTFMove(mapDBHandle);
#endif
// Allow microphone access if either preference is set because WebRTC requires microphone access.
diff --git a/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm b/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
index 9910eaf..5e19917 100644
--- a/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
+++ b/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
@@ -134,6 +134,10 @@
#import <os/state_private.h>
#endif
+#if HAVE(CSCHECKFIXDISABLE)
+extern "C" void _CSCheckFixDisable();
+#endif
+
#define RELEASE_LOG_SESSION_ID (m_sessionID ? m_sessionID->toUInt64() : 0)
#define RELEASE_LOG_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_IF(isAlwaysOnLoggingAllowed(), channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
#define RELEASE_LOG_ERROR_IF_ALLOWED(channel, fmt, ...) RELEASE_LOG_ERROR_IF(isAlwaysOnLoggingAllowed(), channel, "%p - [sessionID=%" PRIu64 "] WebProcess::" fmt, this, RELEASE_LOG_SESSION_ID, ##__VA_ARGS__)
@@ -269,7 +273,6 @@
SandboxExtension::consumePermanently(*parameters.neSessionManagerExtensionHandle);
NetworkExtensionContentFilter::setHasConsumedSandboxExtensions(parameters.neHelperExtensionHandle.hasValue() && parameters.neSessionManagerExtensionHandle.hasValue());
- // Map Launch Services database.
if (parameters.mapDBExtensionHandle) {
auto extension = SandboxExtension::create(WTFMove(*parameters.mapDBExtensionHandle));
bool ok = extension->consume();
@@ -314,8 +317,6 @@
#endif
WebCore::sleepDisablerClient() = makeUnique<WebSleepDisablerClient>();
-
- updateProcessName();
}
void WebProcess::platformSetWebsiteDataStoreParameters(WebProcessDataStoreParameters&& parameters)
@@ -334,26 +335,23 @@
}
}
-void WebProcess::initializeProcessName(const AuxiliaryProcessInitializationParameters& parameters)
+void WebProcess::initializeProcessName(const AuxiliaryProcessInitializationParameters&)
{
#if PLATFORM(MAC)
- m_uiProcessName = parameters.uiProcessName;
-#else
- UNUSED_PARAM(parameters);
+#if HAVE(CSCHECKFIXDISABLE)
+ // _CSCheckFixDisable() needs to be called before checking in with Launch Services.
+ _CSCheckFixDisable();
+#endif
+ // This is necessary so that we are able to set the process' display name.
+ _RegisterApplication(nullptr, nullptr);
+
+ updateProcessName();
#endif
}
void WebProcess::updateProcessName()
{
#if PLATFORM(MAC)
- static std::once_flag onceFlag;
- std::call_once(
- onceFlag,
- [this] {
- // Checking in with Launch Services is necessary to be able to set the process' display name.
- launchServicesCheckIn();
- });
-
NSString *applicationName;
switch (m_processType) {
case ProcessType::Inspector:
@@ -523,6 +521,8 @@
launchServicesCheckIn();
}
#endif // ENABLE(WEBPROCESS_WINDOWSERVER_BLOCKING)
+
+ m_uiProcessName = parameters.uiProcessName;
#endif // PLATFORM(MAC)
if (parameters.extraInitializationData.get("inspector-process"_s) == "1")
diff --git a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
index cd75c5f..8ceb57c 100644
--- a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
+++ b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
@@ -679,14 +679,8 @@
#endif
(global-name "com.apple.PowerManagement.control")
(global-name "com.apple.coreservices.launchservicesd")
- (global-name "com.apple.trustd.agent")
-)
-
-(deny mach-lookup
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101600
- (with telemetry-backtrace)
-#endif
(global-name "com.apple.lsd.mapdb")
+ (global-name "com.apple.trustd.agent")
)
(allow mach-lookup
