Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Installation and Deployment
  4. [solved] QtWebEngineProcess not working in sandboxed application
QtWS25 Last Chance

[solved] QtWebEngineProcess not working in sandboxed application

Scheduled Pinned Locked Moved Installation and Deployment
8 Posts 3 Posters 7.3k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    N Offline
    nando76
    wrote on last edited by
    #1

    Hi,

    Qt 5.4.0 final release

    my app starts in sandbox, but QtWebEngineProcess is not allowed to start / crashes due to sandbox restrictions .
    Maybe i must set entitlements explicitly for QtWebEngineProcess... but how?
    I created a entitlement file for:

    @<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
    </dict>
    </plist>
    @

    But how do i have to apply it to the QtWebEngineProcess inside my bundle?

    Here is the error log:

    @Process: QtWebEngineProcess [45564]
    Path: /development/*/MyProcess.app/Contents/Frameworks/QtWebEngineCore.framework/Versions/5/Helpers/QtWebEngineProcess.app/Contents/MacOS/QtWebEngineProcess
    Identifier: QtWebEngineProcess
    Version: ???
    Code Type: X86-64 (Native)
    Parent Process: MyProcess [45560]
    Responsible: MyProcess [45560]
    User ID: 501

    Date/Time: 2014-12-15 21:44:38.757 +0100
    OS Version: Mac OS X 10.10.1 (14B25)
    Report Version: 11
    Anonymous UUID: 08FE5E3D-C136-084C-7579-A2F503845AE3

    Sleep/Wake UUID: 4357B39D-B4A3-46CE-A395-EA4ECBE89802

    Time Awake Since Boot: 30000 seconds
    Time Since Wake: 14000 seconds

    Crashed Thread: 0 Dispatch queue: com.apple.main-thread

    Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
    Exception Codes: 0x0000000000000001, 0x0000000000000000

    Application Specific Information:
    Could not set sandbox profile data: Operation not permitted (1)

    Application Specific Signatures:
    SYSCALL_SET_PROFILE

    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
    0 libsystem_secinit.dylib 0x00007fff9a0e84b7 _libsecinit_setup_app_sandbox + 805
    1 libsystem_secinit.dylib 0x00007fff9a0e7b21 _libsecinit_initialize_once + 20
    2 libdispatch.dylib 0x00007fff969d9c13 _dispatch_client_callout + 8
    3 libdispatch.dylib 0x00007fff969d9b26 dispatch_once_f + 117
    4 libSystem.B.dylib 0x00007fff93698aaa libSystem_initializer + 131
    @

    Greetings
    Nando

    1 Reply Last reply
    0
    • S Offline
      S Offline
      Seamus Boyle
      wrote on last edited by
      #2

      @
      codesign -s $YOUR_CERT -i "com.yourcompany.QtWebEngineProcess" --entitlements /path/to/inherit.entitlements /path/to/QtWebEngineProcess.app
      @

      1 Reply Last reply
      0
      • N Offline
        N Offline
        nando76
        wrote on last edited by
        #3

        Hi Seamus,
        thanks for the tip. i will try it and the report.

        1 Reply Last reply
        0
        • N Offline
          N Offline
          nando76
          wrote on last edited by
          #4

          i have still the same error:

          APPCERT = "3rd Party Mac Developer Application: <my company name...>"
          BUNDLEID = "my app bundle id"

          @
          QT_WEBENGINE_PROCESS_ENTITLEMENTS = $$PWD/QtWebEngineProcess.entitlements

          codesign.commands += codesign -s '$${APPCERT}' -i "com.yourcompany.QtWebEngineProcess" --entitlements "$${QT_WEBENGINE_PROCESS_ENTITLEMENTS}" $${TARGET}.app/Contents/Frameworks/QtWebEngineCore.framework/Helpers/QtWebEngineProcess.app;
          codesign.commands += codesign -s '$${APPCERT}' -i "org.qt-project.Qt.QtWebEngineCore" $${TARGET}.app/Contents/Frameworks/QtWebEngineCore.framework/Versions/Current;
          codesign.commands += codesign -s '$${APPCERT}' -i "org.qt-project.Qt.QtWebEngineCore" $${TARGET}.app/Contents/Frameworks/QtWebEngineCore.framework/Versions/5/Libraries/ffmpegsumo.so;
          @

          content of QT_WEBENGINE_PROCESS_ENTITLEMENTS = $$PWD/QtWebEngineProcess.entitlements:

          @
          <?xml version="1.0" encoding="UTF-8"?>
          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
          <plist version="1.0">
          <dict>
          <key>com.apple.security.app-sandbox</key>
          <true/>
          <key>com.apple.security.inherit</key>
          <true/>
          </dict>
          </plist>
          @

          This is the console output:

          @17/12/14 23:16:25,816 sandboxd[465]: ([58974]) QtWebEngineProce(58974) deny forbidden-sandbox-reinit
          17/12/14 23:16:25,823 com.apple.xpc.launchd[1]: (com.apple.ReportCrash[58975]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash
          @

          1 Reply Last reply
          0
          • S Offline
            S Offline
            Seamus Boyle
            wrote on last edited by
            #5

            The bundle id in my example, "com.yourcompany.QtWebEngineProcess", is not a place-holder, use it verbatim.

            1 Reply Last reply
            0
            • S Offline
              S Offline
              Seamus Boyle
              wrote on last edited by
              #6

              @<?xml version="1.0" encoding="UTF-8"?>
              <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
              <plist version="1.0">
              <dict>
              <key>com.apple.security.app-sandbox</key>
              <true/>
              <key>com.apple.security.inherit</key>
              <true/>
              </dict>
              </plist>@

              Relevant lines from my post build script
              @export L_TARGET=$BUILT_PRODUCTS_DIR/$FULL_PRODUCT_NAME
              export L_TARGET_FRAMEWORKS=$L_TARGET/Contents/Frameworks
              mkdir -p $L_TARGET_FRAMEWORKS
              codesign --force -s "$APPCERT" -i "org.qt-project.QtWebEngine" $L_TARGET_FRAMEWORKS/QtWebEngine.framework/
              codesign --force -s "$APPCERT" -i "com.yourcompany.QtWebEngineProcess"
              --entitlements ~/working/sandbox-inherit.entitlements
              $L_TARGET_FRAMEWORKS/QtWebEngineCore.framework/Versions/Current/Helpers/QtWebEngineProcess.app
              codesign --force -s "$APPCERT" -i "org.qt-project.Qt.QtWebEngineCore" $L_TARGET_FRAMEWORKS/QtWebEngineCore.framework/
              codesign --force -s "$APPCERT" -i "org.qt-project.QtWebEngineWidgets" $L_TARGET_FRAMEWORKS/QtWebEngineWidgets.framework/@

              1 Reply Last reply
              0
              • N Offline
                N Offline
                nando76
                wrote on last edited by
                #7

                Thank you very much Seamus!
                Now it is working :)

                1 Reply Last reply
                0
                • E Offline
                  E Offline
                  elsamuko
                  wrote on last edited by
                  #8

                  For those who read this in 2020:

                  I needed to add the entitlement

                      <key>com.apple.security.cs.disable-executable-page-protection</key>
                      <true/>
                  

                  to the entitlements of the webengine process. This is needed for the V8 engine to make memory executable.
                  The entitlement com.apple.security.app-sandbox isn't necessary, but doesn't harm.

                  1 Reply Last reply
                  1

                  • Login

                  • Login or register to search.
                  • First post
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • Users
                  • Groups
                  • Search
                  • Get Qt Extensions
                  • Unsolved