Site Isolation Web Inspector: deterministic Network IDs, event routing

2bfe8ae

Source/WebCore/inspector/InspectorIdentifierRegistry.h

+    static inline String protocolFrameId(WebCore::FrameIdentifier frameID, WebCore::ProcessIdentifier processID)
+    {
+        return makeString("frame-"_s, processID.toUInt64(), '.', static_cast<uint32_t>(frameID.toRawValue()));
+    }
+
+    // FIXME: <https://webkit.org/b/310164> IPC를 통해 별도의 ProcessIdentifier 없이
+    // FrameIdentifier를 수신하는 호출자는 명시적으로 전달하도록 업데이트해야 합니다.
+    static inline String protocolFrameId(WebCore::FrameIdentifier frameID)
+    {
+        return makeString("frame-"_s, frameID.toRawValue() >> 32, '.', static_cast<uint32_t>(frameID.toRawValue()));
+    }
+
+    static inline String protocolRequestId(WebCore::ProcessIdentifier pid, WebCore::ResourceLoaderIdentifier resourceID)
+    {
+        return makeString("request-"_s, pid.toUInt64(), '.', resourceID.toUInt64());
+    }

Source/WebInspectorUI/UserInterface/Controllers/NetworkManager.js

+        if (!frame && frameIdentifier.startsWith("frame-")) {
+            let mainResource = new WI.Resource("about:blank");
+            frame = new WI.Frame(frameIdentifier, frameOptions.name, frameOptions.securityOrigin, null, mainResource);
+            this._frameIdentifierMap.set(frame.id, frame);
+            ...
+        }

Web Inspector의 Network 도메인은 페이지 단위의 "octopus" 도메인입니다. Frontend의 NetworkManager는 통합된 resource 목록과 frame tree를 단일하게 관리하므로, 모든 WebContent process에서 발생하는 이벤트를 전역적으로 충돌하지 않는 ID로 하나의 스트림에 합쳐야 합니다. 기존에는 서로 다른 process의 두 resource가 동일한 숫자 형태의 ResourceLoaderIdentifier를 생성할 수 있었고, Network 패널에서 조용히 aliasing이 발생했습니다.

이 commit에서는 "PID.OID" 형식으로 인코딩된 일관된 frame/request/loader ID를 도입했습니다. ResourceLoaderIdentifier는 process 범위가 지정된 ScopedResourceLoaderIdentifier로 전환됩니다. Cross-origin iframe의 모든 Network 이벤트는 ProxyingNetworkAgent를 통해 라우팅되는데, NetworkManager에는 stub frame 지연 생성 및 null loaderIdentifier 처리 로직도 추가되었습니다. SI 환경에서는 main frame 이벤트 중복을 막기 위해 PageNetworkAgent가 WebContent process에서 비활성화됩니다.

Significance

이 commit은 Site Isolation 인프라를 크게 확장하는 변경입니다. 신뢰할 수 없는 WebContent process와 UIProcess 내 inspector 인프라 사이에 새로운 IPC 경로가 열리며, process 범위가 지정된 식별자가 권한 경계를 넘게 됩니다.

Audit directions

a Aaaaaaaaaaaaaaaaaaa Aa Aaaaaaaaaaaaaa Aaa Aaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaa Aa Aaa Aaaaaaaaaaaaaaaaaaaaa Aa Aaaa Aa Aaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaa a Aa Aaaa Aaaaa Aaaa Aaaaaaaaaaaa Aa Aaaa Aaaaa Aaaaaa Aaaaa Aa Aa a Aaaa Aaa Aaaa Aaaa Aaaaaaaaaa Aaa Aa Aa Aaaaaaaa Aaaaaaaaa Aaa a Aaaaa

a Aaaaa Aaaaa Aaaaaaaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaaaaaa Aaaaaaaaaa Aaaa Aa Aaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaa Aaaa Aaaaaaaaaaaaaaaaaaaa Aa Aa Aaaaaaaa Aa Aaa Aaaa Aaaaa Aaa Aaaaaaaaaa Aaaaaaaa Aa Aaaaaaaa Aaaa Aaa a Aaaaa Aaaaa Aaaaa Aaa Aaaaaaaa Aaa Aaaaaaaaa Aaaaaaaaa Aaa Aaaa Aaaaa

a Aaaaaaaaaaaaaaaaaaaa Aaaaaaaa Aaaa Aaaaaa Aaaaaaaaaaaaaaaaaaaa Aaaaaaaaa Aa Aaaa Aa Aa Aaaaaaaaaaaaaaaaaaaaa Aaaaaaaaaaaa Aaaa Aaaaaaaaa Aaaaa Aaaaaaaaaa Aa Aa Aaa a Aaa Aaaaaaaa Aaa Aaa Aaaa Aaaaa

a Aaaaaa Aaaaaaaaaa Aaaa Aaaaaaaaaaa Aaa Aaaaaaaaaa Aaaaaaaa Aaa Aaaaaaaaaaaaaaaaa Aa Aaaaa Aaaaaaaaaaaaaaaaaaaaaa Aaaaaaa Aaaaaaa Aa a a Aaaaa Aa Aa Aaaaaa Aaaa Aaaa Aaa Aaaa Aaaaa

a Aaaa Aaaaaa Aa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aa Aa Aaa Aaaa Aaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaa Aaaaaaa Aaa Aaa Aaa a Aaaaa Aa Aaaaaaaaaaaaaaaaaaaaaaa Aa Aa Aa Aa Aaaa Aaaaaa Aa Aaaa Aaa Aa Aaa Aa a Aaaaa

🔒

New cross-process IPC paths and ID construction logic have several edge cases and trust-boundary interactions worth security investigation.

더 확인하려면 구독해 주세요