New issue
Advanced search Search tips

Issue 792217 link

Starred by 2 users
Status: WontFix
Owner:
kerrnel@chromium.org
Closed: Apr 2018
Cc:
rsesek@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

macOS V2 Sandbox requires IPC for apple.shm.notification_center

Project Member Reported by kerrnel@chromium.org, Dec 5 2017 
The macOS V2 Sandbox requires Chrome to allow access to notification_center:

(allow ipc-posix-shm-read-data
  (ipc-posix-name "apple.shm.notification_center"))

(allow mach-lookup
  (global-name "com.apple.system.notification_center"))

The reason for this is that QuickLookUI.framework opens a connection to notification_center in a static initializer. See the stack trace below.

It would be better to block the service, but that requires Apple to get rid of the initializer or for Chrome to hack out all of CFPreferences by swizzling it away (per rsesek@).

Stack trace of the attempt to open the shm handle:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fffdeaf613e __shm_open + 10
1   libsystem_notify.dylib        	0x00007fffdebd04fc notify_register_check + 535
2   libsystem_info.dylib          	0x00007fffdeab3155 __si_module_static_ds_block_invoke + 109
3   libdispatch.dylib             	0x00007fffde9918fc _dispatch_client_callout + 8
4   libdispatch.dylib             	0x00007fffde9918b9 dispatch_once_f + 38
5   libsystem_info.dylib          	0x00007fffdeab30e4 si_module_static_ds + 41
6   libsystem_info.dylib          	0x00007fffdeab2ba0 si_module_with_name + 230
7   libsystem_info.dylib          	0x00007fffdeab2fcb si_module_config_modules_for_category + 168
8   libsystem_info.dylib          	0x00007fffdeab2c67 __si_module_static_search_block_invoke + 83
9   libdispatch.dylib             	0x00007fffde9918fc _dispatch_client_callout + 8
10  libdispatch.dylib             	0x00007fffde9918b9 dispatch_once_f + 38
11  libsystem_info.dylib          	0x00007fffdeab2c11 si_module_static_search + 56
12  libsystem_info.dylib          	0x00007fffdeab2ba0 si_module_with_name + 230
13  libsystem_info.dylib          	0x00007fffdeab2a82 getpwuid + 32
14  com.apple.CoreFoundation      	0x00007fffc8db3cd8 _CFCopyHomeDirURLForUser + 152
15  com.apple.CoreFoundation      	0x00007fffc8edfa99 __96-[_CFXPreferences(SourceAdditions) withSourceForIdentifier:user:byHost:container:cloud:perform:]_block_invoke.211 + 265
16  com.apple.CoreFoundation      	0x00007fffc8ee001f -[_CFXPreferences(SourceAdditions) withSources:] + 79
17  com.apple.CoreFoundation      	0x00007fffc8edf7a1 -[_CFXPreferences(SourceAdditions) withSourceForIdentifier:user:byHost:container:cloud:perform:] + 817
18  com.apple.CoreFoundation      	0x00007fffc8db3a89 -[CFPrefsSearchListSource addSourceForIdentifier:user:byHost:container:] + 105
19  com.apple.CoreFoundation      	0x00007fffc8f2dadd __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke.256 + 445
20  com.apple.CoreFoundation      	0x00007fffc8f2ed8f -[_CFXPreferences(SearchListAdditions) withSearchLists:] + 79
21  com.apple.CoreFoundation      	0x00007fffc8f2d873 __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke + 259
22  com.apple.CoreFoundation      	0x00007fffc8f2d709 -[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:] + 345
23  com.apple.CoreFoundation      	0x00007fffc8f5a246 -[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:] + 310
24  com.apple.CoreFoundation      	0x00007fffc8dad634 _CFPreferencesGetAppBooleanValueWithContainer + 68
25  com.apple.QuickLookFramework  	0x00007fffceee02ca _QLAppPreferencesBooleanValueForKey + 50
26  com.apple.QuickLookUIFramework	0x00007fffcec37af9 _GLOBAL__sub_I_InterpolationUtils.mm + 18
27  dyld                          	0x000000010bb9ba1b ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 385
28  dyld                          	0x000000010bb9bc1e ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
29  dyld                          	0x000000010bb974aa ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 338
30  dyld                          	0x000000010bb97441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
31  dyld                          	0x000000010bb97441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
32  dyld                          	0x000000010bb97441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
33  dyld                          	0x000000010bb97441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
34  dyld                          	0x000000010bb96524 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 138
35  dyld                          	0x000000010bb965b9 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 75
36  dyld                          	0x000000010bb8b7cd dyld::runInitializers(ImageLoader*) + 87
37  dyld                          	0x000000010bb933ec dlopen + 556
38  libdyld.dylib                 	0x00007fffde9c4832 dlopen + 59
39  org.chromium.Chromium.helper  	0x00000001003e73f9 main + 1609 (chrome_exe_main_mac.cc:152)
40  libdyld.dylib                 	0x00007fffde9c7235 start + 1

Comment 1 by kerrnel@chromium.org, Dec 5 2017 

Note that this results in spam to the console about it repeatedly trying to get the handle, which means CPU time is being wasted.

Comment 2 by kerrnel@chromium.org, Dec 5 2017

Labels: MacOS-Sandbox-Trace

Comment 3 by kerrnel@chromium.org, Dec 5 2017 

Note that the mach service access happens in a different place but is still related to CFPrefs:

Thread 0 (id: 8249016):
0   libsystem_kernel.dylib        	0x00007fffdeaee34a mach_msg_trap + 10
1   libxpc.dylib                  	0x00007fffdec154cf xpc_pipe_routine + 232
2   libxpc.dylib                  	0x00007fffdec15359 _xpc_interface_routine + 164
3   libxpc.dylib                  	0x00007fffdec14f0c bootstrap_look_up3 + 193
4   libxpc.dylib                  	0x00007fffdec14e39 bootstrap_look_up2 + 45
5   libsystem_notify.dylib        	0x00007fffdebd2a82 ___notify_lib_init_block_invoke + 58
6   libdispatch.dylib             	0x00007fffde9918fc _dispatch_client_callout + 8
7   libdispatch.dylib             	0x00007fffde9918b9 dispatch_once_f + 38
8   libsystem_notify.dylib        	0x00007fffdebcf4f2 _notify_lib_init + 913
9   libsystem_notify.dylib        	0x00007fffdebcf9ac notify_register_dispatch + 112
10  CoreFoundation                	0x00007fffc8edf8f7 __96-[_CFXPreferences(SourceAdditions) withSourceForIdentifier:user:byHost:container:cloud:perform:]_block_invoke_2 + 55
11  libdispatch.dylib             	0x00007fffde9918fc _dispatch_client_callout + 8
12  libdispatch.dylib             	0x00007fffde9918b9 dispatch_once_f + 38
13  CoreFoundation                	0x00007fffc8edf826 -[_CFXPreferences(SourceAdditions) withSourceForIdentifier:user:byHost:container:cloud:perform:] + 950
14  CoreFoundation                	0x00007fffc8db3a89 -[CFPrefsSearchListSource addSourceForIdentifier:user:byHost:container:] + 105
15  CoreFoundation                	0x00007fffc8f2dadd __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke.256 + 445
16  CoreFoundation                	0x00007fffc8f2ed8f -[_CFXPreferences(SearchListAdditions) withSearchLists:] + 79
17  CoreFoundation                	0x00007fffc8f2d873 __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke + 259
18  CoreFoundation                	0x00007fffc8f2d709 -[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:] + 345
19  CoreFoundation                	0x00007fffc8f5a246 -[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:] + 310
20  CoreFoundation                	0x00007fffc8dad634 _CFPreferencesGetAppBooleanValueWithContainer + 68
21  QuickLook                     	0x00007fffceee02ca _QLAppPreferencesBooleanValueForKey + 50
22  QuickLookUI                   	0x00007fffcec37af9 _GLOBAL__sub_I_InterpolationUtils.mm + 18
23  dyld                          	0x0000000114d1aa1b ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 385
24  dyld                          	0x0000000114d1ac1e ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40
25  dyld                          	0x0000000114d164aa ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 338
26  dyld                          	0x0000000114d16441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
27  dyld                          	0x0000000114d16441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
28  dyld                          	0x0000000114d16441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
29  dyld                          	0x0000000114d16441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233
30  dyld                          	0x0000000114d15524 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 138
31  dyld                          	0x0000000114d155b9 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 75
32  dyld                          	0x0000000114d0a7cd dyld::runInitializers(ImageLoader*) + 87
33  dyld                          	0x0000000114d123ec dlopen + 556
34  libdyld.dylib                 	0x00007fffde9c4832 dlopen + 59
35  Chromium Helper               	0x00000001097133f9 main + 1609 (chrome_exe_main_mac.cc:152)
36  libdyld.dylib                 	0x00007fffde9c7235 start + 1
37  Chromium Helper               	0x000000000000000a

Comment 4 by rsesek@chromium.org, Dec 6 2017 

It's probably not limited to CFPrefs. libsystem_notify (https://opensource.apple.com/source/Libnotify/Libnotify-172/) is likely used in a lot of places, both at the C-level API (notify.h) and things built on top of it (CFNotificationCenter, though distributed notifications go through distnoted).

Comment 5 by rsesek@chromium.org, Dec 6 2017 

E.g., here are some things that the system uses libnotify for: https://opensource.apple.com/source/Libnotify/Libnotify-172/notify_keys.h.auto.html

Comment 6 by kerrnel@chromium.org, Apr 4 2018

Status: WontFix (was: Assigned)

Sign in to add a comment