[Mac] Disable Mach IPC between renderers and cfprefsd.

content/renderer/renderer_main_platform_delegate_mac.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/renderer_main_platform_delegate.h"
 
 #include <Carbon/Carbon.h>
 #import <Cocoa/Cocoa.h>
 #include <objc/runtime.h>
 
 #include "base/command_line.h"
 #include "base/logging.h"
 #import "base/mac/foundation_util.h"
 #import "base/mac/mac_util.h"
 #include "base/mac/scoped_cftyperef.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/strings/sys_string_conversions.h"
 #include "content/common/sandbox_mac.h"
 #include "content/public/common/content_switches.h"
 #import "content/public/common/injection_test_mac.h"
 #include "content/common/sandbox_init_mac.h"
 #include "third_party/mach_override/mach_override.h"
 
 extern "C" {
 // SPI logging functions for CF that are exported externally.
 void CFLog(int32_t level, CFStringRef format, ...);
@@ skipping 35 matching lines @@
       return;
     }
   }
 
   va_list args;
   va_start(args, format);
   _CFLogvEx(NULL, NULL, NULL, level, format, args);
   va_end(args);
 }
 
+// You are about to read a pretty disgusting hack. In a static initializer,
+// CoreFoundation decides to connect with cfprefsd(8) using Mach IPC. There is
+// no public way to close this Mach port after-the-fact, nor a way to stop it
+// from happening since it is done pre-main in dyld. But the address of the
+// CFMachPort can be found in the run loop's string description. Below, that
+// address is parsed, cast, and then used to invalidate the Mach port to
+// disable communication with cfprefsd.
+void DisconnectCFNotificationCenter() {
+  base::ScopedCFTypeRef<CFStringRef> description(

[Mark Mentovai, 2014/02/25 17:08:41]

You also have port_description in this function. This one is
runloop_description.

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+      CFCopyDescription(CFRunLoopGetCurrent()));

[Mark Mentovai, 2014/02/25 17:08:41]

A comment with the full contents of what this string is expected to look like
would be helpful.

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+  const CFIndex length = CFStringGetLength(description);
+  for (CFIndex i = 0; i < length; ) {
+    // Find the start of a CFMachPort run loop source.
+    CFRange start_range;

[Mark Mentovai, 2014/02/25 17:08:41]

There are a few different ranges in here. This one is the range for a "context =
<CFMachPort " substring. So name it context_range, machport_range,
cfmachport_context_range, etc.

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+    if (!CFStringFindWithOptions(description, CFSTR("context = <CFMachPort "),
+            CFRangeMake(i, length - i), 0, &start_range)) {
+      break;
+    }
+    i = start_range.location + start_range.length;
+
+    // The address of the CFMachPort is the first hexadecimal address after the
+    // CF type name.
+    CFRange address_range = CFRangeMake(i, 0);
+    for (CFIndex j = start_range.location; i < length - j; ++j) {

[Mark Mentovai, 2014/02/25 17:08:41]

“i is less than length minus j”

Do you think that’s readable? It doesn’t help that the names i and j don’t say
anything about the quantities they represent.

I don’t think this logic is even correct.

[Robert Sesek, 2014/02/25 17:56:30]

Wow that was doltish of me. This is the problem with testing over SneakerNet.

+      UniChar c = CFStringGetCharacterAtIndex(description, j);
+      ++address_range.length;

[Mark Mentovai, 2014/02/25 17:08:41]

Don’t you want to do this after breaking on ' '?

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+      if (c == ' ')

[Mark Mentovai, 2014/02/25 17:08:41]

If you never found the space, you might have a truncated string.

[Robert Sesek, 2014/02/25 17:56:30]

I don't think this condition is likely at all, and even if it were, the
string-to-address conversion would fail.

+        break;
+    }
+
+    // The address is a hexadecimal string.
+    if (address_range.length < 1)

[Mark Mentovai, 2014/02/25 17:08:41]

If you passed through the loop above at all, even if you only found a space,
address_range.length will always be at least 1.

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+      continue;
+
+    base::ScopedCFTypeRef<CFStringRef> address_string(
+        CFStringCreateWithSubstring(NULL, description, address_range));
+    if (!address_string)
+      continue;
+
+    // Convert the string to an address.
+    std::string address_std_string = base::SysCFStringRefToUTF8(address_string);
+    uint64 address = 0;

[Mark Mentovai, 2014/02/25 17:08:41]

Marginal preference for

#if __LP64__
  // this thing
#else
  // same thing as this but with uint32 and HexStringToUInt
#endif

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+    if (!base::HexStringToUInt64(address_std_string, &address))
+      continue;
+
+    // Cast the address to an object.
+    CFMachPortRef mach_port = reinterpret_cast<CFMachPortRef>(address);

[Mark Mentovai, 2014/02/25 17:08:41]

if (CFGetTypeID(mach_port) != CFMachPortGetTypeID())
  continue;

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+
+    // Verify that this is the Mach port that needs to be disconnected by the
+    // name of its callout function.
+    base::ScopedCFTypeRef<CFStringRef> port_description(
+        CFCopyDescription(mach_port));

[Mark Mentovai, 2014/02/25 17:08:41]

Contents comment for this one too?

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+    if (CFStringFindWithOptions(port_description,
+            CFSTR("callout = __CFXNotificationReceiveFromServer"),

[Mark Mentovai, 2014/02/25 17:08:41]

Anchor this string with a trailing space.

Maybe even ", callout = __CFXNotificationReceiveFromServer ("

[Robert Sesek, 2014/02/25 17:56:30]

Done.

+            CFRangeMake(0, CFStringGetLength(port_description)),
+            0,
+            NULL)) {
+      CFMachPortInvalidate(mach_port);
+      return;
+    }
+  }
+}
+
 }  // namespace
 
 RendererMainPlatformDelegate::RendererMainPlatformDelegate(
     const MainFunctionParams& parameters)
         : parameters_(parameters) {
 }
 
 RendererMainPlatformDelegate::~RendererMainPlatformDelegate() {
 }
 
@@ skipping 85 matching lines @@
     base::ScopedCFTypeRef<TISInputSourceRef> layout_source(
         TISCopyCurrentKeyboardLayoutInputSource());
     base::ScopedCFTypeRef<TISInputSourceRef> input_source(
         TISCopyCurrentKeyboardInputSource());
 
     CFTypeRef source_list[] = { layout_source.get(), input_source.get() };
     g_text_input_services_source_list_ = CFArrayCreate(kCFAllocatorDefault,
         source_list, arraysize(source_list), &kCFTypeArrayCallBacks);
   }
 
+  DisconnectCFNotificationCenter();
+
   return sandbox_initialized;
 }
 
 void RendererMainPlatformDelegate::RunSandboxTests(bool no_sandbox) {
   Class tests_runner = objc_getClass("RendererSandboxTestsRunner");
   if (tests_runner) {
     if (![tests_runner runTests])
       LOG(ERROR) << "Running renderer with failing sandbox tests!";
     [sandbox_tests_bundle_ unload];
     [sandbox_tests_bundle_ release];
     sandbox_tests_bundle_ = nil;
   }
 }
 
 }  // namespace content