macOS V2 Sandbox allows access to com.apple.logd |
||
Issue descriptionThe macOS V2 Sandbox allows access to the com.apple.logd mach service because CFPreferences tries to open a handle to it in its static initializer. Similar to crbug.com/792217 , this can be resolved only if CFPreferences is stubbed away. SandboxViolation: Chromium Helper(23193) deny mach-lookup com.apple.logd Violation: deny mach-lookup com.apple.logd Process: Chromium Helper [23193] Path: /Users/kerrnel/chromium/src/out/Chromium/Chromium.app/Contents/Versions/65.0.3285.0/Chromium Helper.app/Contents/MacOS/Chromium Helper Load Address: 0x108c22000 Identifier: org.chromium.Chromium.helper Version: 3285.0 (65.0.3285.0) Code Type: x86_64 (Native) Parent Process: Chromium [23185] Responsible: /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal [82914] User ID: 317580 Date/Time: 2017-12-05 14:31:58.324 PST OS Version: Mac OS X 10.12.6 (16G1036) Report Version: 8 Thread 0 (id: 8232257): 0 libsystem_kernel.dylib 0x00007fffdeaee34a mach_msg_trap + 10 1 libxpc.dylib 0x00007fffdec154cf xpc_pipe_routine + 232 2 libxpc.dylib 0x00007fffdec15359 _xpc_interface_routine + 164 3 libxpc.dylib 0x00007fffdec14f0c bootstrap_look_up3 + 193 4 libxpc.dylib 0x00007fffdec14e39 bootstrap_look_up2 + 45 5 libsystem_trace.dylib 0x00007fffdebfa26e _os_trace_get_logd_port + 70 6 libdispatch.dylib 0x00007fffde9b80f5 _firehose_task_buffer_init + 135 7 libdispatch.dylib 0x00007fffde9918fc _dispatch_client_callout + 8 8 libdispatch.dylib 0x00007fffde9918b9 dispatch_once_f + 38 9 libdispatch.dylib 0x00007fffde9922f7 voucher_activity_get_metadata_buffer + 100 10 libsystem_trace.dylib 0x00007fffdebf9ae0 _os_trace_init_slow + 92 11 libdispatch.dylib 0x00007fffde9918fc _dispatch_client_callout + 8 12 libdispatch.dylib 0x00007fffde9918b9 dispatch_once_f + 38 13 libsystem_trace.dylib 0x00007fffdebf88b7 _os_activity_create_addr + 422 14 CoreFoundation 0x00007fffc8f2c624 __80-[CFPrefsSearchListSource alreadylocked_generationCountFromListOfSources:count:]_block_invoke + 84 15 CoreFoundation 0x00007fffc8f2c4e2 -[CFPrefsSearchListSource alreadylocked_generationCountFromListOfSources:count:] + 226 16 CoreFoundation 0x00007fffc8db45c0 -[CFPrefsSearchListSource alreadylocked_copyDictionary] + 336 17 CoreFoundation 0x00007fffc8db429c -[CFPrefsSearchListSource alreadylocked_copyValueForKey:] + 60 18 CoreFoundation 0x00007fffc8edf055 -[CFPrefsSource copyValueForKey:] + 53 19 CoreFoundation 0x00007fffc8f5a2e0 __76-[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:]_block_invoke + 32 20 CoreFoundation 0x00007fffc8f2d892 __108-[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:]_block_invoke + 290 21 CoreFoundation 0x00007fffc8f2d709 -[_CFXPreferences(SearchListAdditions) withSearchListForIdentifier:container:cloudConfigurationURL:perform:] + 345 22 CoreFoundation 0x00007fffc8f5a246 -[_CFXPreferences copyAppValueForKey:identifier:container:configurationURL:] + 310 23 CoreFoundation 0x00007fffc8dad634 _CFPreferencesGetAppBooleanValueWithContainer + 68 24 QuickLook 0x00007fffceee02ca _QLAppPreferencesBooleanValueForKey + 50 25 QuickLookUI 0x00007fffcec37af9 _GLOBAL__sub_I_InterpolationUtils.mm + 18 26 dyld 0x0000000112014a1b ImageLoaderMachO::doModInitFunctions(ImageLoader::LinkContext const&) + 385 27 dyld 0x0000000112014c1e ImageLoaderMachO::doInitialization(ImageLoader::LinkContext const&) + 40 28 dyld 0x00000001120104aa ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 338 29 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 30 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 31 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 32 dyld 0x0000000112010441 ImageLoader::recursiveInitialization(ImageLoader::LinkContext const&, unsigned int, char const*, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 233 33 dyld 0x000000011200f524 ImageLoader::processInitializers(ImageLoader::LinkContext const&, unsigned int, ImageLoader::InitializerTimingList&, ImageLoader::UninitedUpwards&) + 138 34 dyld 0x000000011200f5b9 ImageLoader::runInitializers(ImageLoader::LinkContext const&, ImageLoader::InitializerTimingList&) + 75 35 dyld 0x00000001120047cd dyld::runInitializers(ImageLoader*) + 87 36 dyld 0x000000011200c3ec dlopen + 556 37 libdyld.dylib 0x00007fffde9c4832 dlopen + 59 38 Chromium Helper 0x0000000108c233f9 main + 1609 (chrome_exe_main_mac.cc:152) 39 libdyld.dylib 0x00007fffde9c7235 start + 1 40 Chromium Helper 0x000000000000000a
,
Dec 6 2017
We may want to allow access to logd if --enable-logging is passed, since base/logging.h sends messages to the system log facility.
,
Apr 4 2018
|
||
►
Sign in to add a comment |
||
Comment 1 by kerrnel@chromium.org
, Dec 5 2017