macOS V2 Sandbox requires access to com.apple.system.opendirectoryd.libinfo |
||
Issue descriptionThe macOS V2 sandbox allows access to the com.apple.system.opendirectoryd.libinfo mach service, because CFPreferences calls into libsystem_info.dylib which uses the service as a backend to get information about the users on the system. Similar to crbug.com/792217 , this can be resolved only if CFPreferences is stubbed away. SandboxViolation: Chromium Helper(23193) deny mach-lookup com.apple.system.opendirectoryd.libinfo Violation: deny mach-lookup com.apple.system.opendirectoryd.libinfo Process: Chromium Helper [23193] Path: /Users/kerrnel/chromium/src/out/Chromium/Chromium.app/Contents/Versions/65.0.3285.0/Chromium Helper.app/Contents/MacOS/Chromium Helper Load Address: 0x108c22000 Identifier: org.chromium.Chromium.helper Version: 3285.0 (65.0.3285.0) Code Type: x86_64 (Native) Parent Process: Chromium [23185] Responsible: /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal [82914] User ID: 317580 Date/Time: 2017-12-05 14:31:58.318 PST OS Version: Mac OS X 10.12.6 (16G1036) Report Version: 8 Thread 0 (id: 8232257): 0 libsystem_kernel.dylib 0x00007fffdeaee34a mach_msg_trap + 10 1 libxpc.dylib 0x00007fffdec154cf xpc_pipe_routine + 232 2 libxpc.dylib 0x00007fffdec15359 _xpc_interface_routine + 164 3 libxpc.dylib 0x00007fffdec14f0c bootstrap_look_up3 + 193 4 libxpc.dylib 0x00007fffdec14e39 bootstrap_look_up2 + 45 5 libxpc.dylib 0x00007fffdec1709b xpc_pipe_create + 61 6 libsystem_info.dylib 0x00007fffdeab371f _od_xpc_pipe + 150 7 libsystem_info.dylib 0x00007fffdeab365c _od_running + 13 8 libsystem_info.dylib 0x00007fffdeab35fc ds_user_byuid + 17 9 libsystem_info.dylib 0x00007fffdeab33f7 search_user_byuid + 98 10 libsystem_info.dylib 0x00007fffdeab2a93 getpwuid + 49 11 CoreFoundation 0x00007fffc8db3cd8 _CFCopyHomeDirURLForUser + 152 12 CoreFoundation 0x00007fffc8edfa99 __96-[_CFXPreferences(SourceAdditions) withSourceForIdentifier:user:byHost:container:cloud:perform:]_block_invoke.211 + 265 13 CoreFoundation 0x00007fffc8ee001f -[_CFXPreferences(SourceAdditions) withSources:] + 79 14 CoreFoundation 0x00007fffc8edf7a1 -[_CFXPreferences(SourceAdditions) withSourceForIdentifier:user:byHost:container:cloud:perform:] + 817 15 CoreFoundation 0x00007fffc8db3a89 -[CFPrefsSearchListSource addSourceForIdentifier:user:byHost:container:] + 105 16 CoreFoundation 0x00007fffc8f2dadd __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke.256 + 445 17 CoreFoundation 0x00007fffc8f2ed8f -[_CFXPreferences(SearchListAdditions) withSearchLists:] + 79 18 CoreFoundation 0x00007fffc8f2d873 __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke + 259 19 CoreFoundation 0x00007fffc8f2d709 -[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:] + 345 20 CoreFoundation 0x00007fffc8f5a246 -[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:] + 310 21 CoreFoundation 0x00007fffc8dad634 _CFPreferencesGetAppBooleanValueWithContainer + 68 22 QuickLook 0x00007fffceee02ca _QLAppPreferencesBooleanValueForKey + 50 23 QuickLookUI 0x00007fffcec37af9 _GLOBAL__sub_I_InterpolationUtils.mm + 18 24 dyld 0x0000000112014a1b ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 385 25 dyld 0x0000000112014c1e ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40 26 dyld 0x00000001120104aa ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 338 27 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 28 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 29 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 30 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 31 dyld 0x000000011200f524 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 138 32 dyld 0x000000011200f5b9 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 75 33 dyld 0x00000001120047cd dyld::runInitializers(ImageLoader*) + 87 34 dyld 0x000000011200c3ec dlopen + 556 35 libdyld.dylib 0x00007fffde9c4832 dlopen + 59 36 Chromium Helper 0x0000000108c233f9 main + 1609 (chrome_exe_main_mac.cc:152) 37 libdyld.dylib 0x00007fffde9c7235 start + 1 38 Chromium Helper 0x000000000000000a
,
Dec 8 2017
Note that without access to this service the Chromium Helper hangs immediately on startup, in the DYLD initializers.
,
Dec 8 2017
Here is the stacktrace from the sample tool showing where the hang occurs.
Call graph:
9522 Thread_10702208 DispatchQueue_1: com.apple.main-thread (serial)
+ 9522 start (in libdyld.dylib) + 1 [0x7fffde9c7235]
+ 9522 main (in Chromium Helper) + 1609 [0x10e6a83f9] chrome_exe_main_mac.cc:152
+ 9522 dlopen (in libdyld.dylib) + 59 [0x7fffde9c4832]
+ 9522 dlopen (in dyld) + 556 [0x116b063ec]
+ 9522 dyld::runInitializers(ImageLoader*) (in dyld) + 87 [0x116afe7cd]
+ 9522 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) (in dyld) + 75 [0x116b095b9]
+ 9522 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in dyld) + 138 [0x116b09524]
+ 9522 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in dyld) + 233 [0x116b0a441]
+ 9522 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in dyld) + 233 [0x116b0a441]
+ 9522 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in dyld) + 233 [0x116b0a441]
+ 9522 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in dyld) + 233 [0x116b0a441]
+ 9522 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) (in dyld) + 338 [0x116b0a4aa]
+ 9522 ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) (in dyld) + 40 [0x116b0ec1e]
+ 9522 ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) (in dyld) + 385 [0x116b0ea1b]
+ 9522 _GLOBAL__sub_I_InterpolationUtils.mm (in QuickLookUI) + 18 [0x7fffcec37af9]
+ 9522 _QLAppPreferencesBooleanValueForKey (in QuickLook) + 50 [0x7fffceee02ca]
+ 9522 _CFPreferencesGetAppBooleanValueWithContainer (in CoreFoundation) + 68 [0x7fffc8dad634]
+ 9522 -[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:] (in CoreFoundation) + 310 [0x7fffc8f5a246]
+ 9522 -[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:] (in CoreFoundation) + 345 [0x7fffc8f2d709]
+ 9522 __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke (in CoreFoundation) + 290 [0x7fffc8f2d892]
+ 9522 __76-[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:]_block_invoke (in CoreFoundation) + 32 [0x7fffc8f5a2e0]
+ 9522 -[CFPrefsSource copyValueForKey:] (in CoreFoundation) + 53 [0x7fffc8edf055]
+ 9522 -[CFPrefsSearchListSource alreadylocked_copyValueForKey:] (in CoreFoundation) + 60 [0x7fffc8db429c]
+ 9522 -[CFPrefsSearchListSource alreadylocked_copyDictionary] (in CoreFoundation) + 336 [0x7fffc8db45c0]
+ 9522 -[CFPrefsSearchListSource alreadylocked_generationCountFromListOfSources:count:] (in CoreFoundation) + 340 [0x7fffc8f2c554]
+ 9522 CFPREFERENCES_IS_WAITING_FOR_USER_CFPREFSD (in CoreFoundation) + 39 [0x7fffc8f2c307]
+ 9522 __80-[CFPrefsSearchListSource alreadylocked_generationCountFromListOfSources:count:]_block_invoke.132 (in CoreFoundation) + 114 [0x7fffc8f2c9c2]
+ 9522 _os_activity_initiate_impl (in libsystem_trace.dylib) + 53 [0x7fffdebf93a7]
+ 9522 __80-[CFPrefsSearchListSource alreadylocked_generationCountFromListOfSources:count:]_block_invoke_2.134 (in CoreFoundation) + 121 [0x7fffc8f2ca69]
+ 9522 -[_CFXPreferences withConnectionForRole:performBlock:] (in CoreFoundation) + 36 [0x7fffc8f5bcc4]
+ 9522 __80-[CFPrefsSearchListSource alreadylocked_generationCountFromListOfSources:count:]_block_invoke_3.135 (in CoreFoundation) + 31 [0x7fffc8f2ca8f]
+ 9522 xpc_connection_send_message_with_reply_sync (in libxpc.dylib) + 154 [0x7fffdec1a5b8]
+ 9522 dispatch_mach_send_with_result_and_wait_for_reply (in libdispatch.dylib) + 45 [0x7fffde9abff9]
+ 9522 _dispatch_mach_send_and_wait_for_reply (in libdispatch.dylib) + 591 [0x7fffde9abb93]
+ 9522 mach_msg (in libsystem_kernel.dylib) + 55 [0x7fffdeaed797]
+ 9522 mach_msg_trap (in libsystem_kernel.dylib) + 10 [0x7fffdeaee34a]
,
Apr 4 2018
|
||
►
Sign in to add a comment |
||
Comment 1 by kerrnel@chromium.org
, Dec 5 2017