Bug 209814

Summary: [macOS] Deny mach-lookup access to "com.apple.lsd.mapdb" in sandbox
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, darin, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 209861    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch
none
Patch
none
Patch none

Per Arne Vollan
Reported 2020-03-31 09:17:51 PDT
The WebContent sandbox should deny mach-lookup access to "com.apple.lsd.mapdb" on macOS.
Attachments
Patch (4.00 KB, patch)
2020-03-31 09:26 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (5.30 KB, patch)
2020-03-31 10:15 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (7.83 KB, patch)
2020-03-31 12:28 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (7.89 KB, patch)
2020-03-31 12:33 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (10.36 KB, patch)
2020-03-31 13:23 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (11.79 KB, patch)
2020-04-01 15:01 PDT, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2020-03-31 09:26:01 PDT
Created attachment 395048 [details] Patch
Per Arne Vollan
Comment 2 2020-03-31 10:15:09 PDT
Created attachment 395060 [details] Patch
Per Arne Vollan
Comment 3 2020-03-31 12:28:56 PDT
Created attachment 395079 [details] Patch
Radar WebKit Bug Importer
Comment 4 2020-03-31 12:29:25 PDT
<rdar://problem/61119618>
Darin Adler
Comment 5 2020-03-31 12:31:38 PDT
Comment on attachment 395079 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=395079&action=review > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:276 > + // Map Launch Services database WebKit coding style asks for a "." here. > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:360 > +#if HAVE(CSCHECKFIXDISABLE) > + // _CSCheckFixDisable() needs to be called before checking in with Launch Services. > + _CSCheckFixDisable(); > +#endif Why does’t this belong inside the launchServicesCheckIn function?
Per Arne Vollan
Comment 6 2020-03-31 12:33:26 PDT
Created attachment 395080 [details] Patch
Per Arne Vollan
Comment 7 2020-03-31 12:52:07 PDT
(In reply to Darin Adler from comment #5) > Comment on attachment 395079 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=395079&action=review > > > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:276 > > + // Map Launch Services database > > WebKit coding style asks for a "." here. > Will fix. > > Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:360 > > +#if HAVE(CSCHECKFIXDISABLE) > > + // _CSCheckFixDisable() needs to be called before checking in with Launch Services. > > + _CSCheckFixDisable(); > > +#endif > > Why does’t this belong inside the launchServicesCheckIn function? That is a very good point. This would mean all other WebKit processes would get this, but I think that is only a good thing. I will update the patch. Thanks for reviewing!
Per Arne Vollan
Comment 8 2020-03-31 13:23:20 PDT
Created attachment 395084 [details] Patch
EWS
Comment 9 2020-03-31 17:45:20 PDT
Committed r259328: <https://trac.webkit.org/changeset/259328> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395084 [details].
WebKit Commit Bot
Comment 10 2020-04-01 09:47:12 PDT
Re-opened since this is blocked by bug 209861
Per Arne Vollan
Comment 11 2020-04-01 15:01:59 PDT
Created attachment 395207 [details] Patch
EWS
Comment 12 2020-04-01 15:29:25 PDT
Committed r259366: <https://trac.webkit.org/changeset/259366> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395207 [details].
Note You need to log in before you can comment on or make changes to this bug.