[solved] QtWebEngineProcess not working in sandboxed application



  • Hi,

    Qt 5.4.0 final release

    my app starts in sandbox, but QtWebEngineProcess is not allowed to start / crashes due to sandbox restrictions .
    Maybe i must set entitlements explicitly for QtWebEngineProcess... but how?
    I created a entitlement file for:

    @<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
    </dict>
    </plist>
    @

    But how do i have to apply it to the QtWebEngineProcess inside my bundle?

    Here is the error log:

    @Process: QtWebEngineProcess [45564]
    Path: /development/*/MyProcess.app/Contents/Frameworks/QtWebEngineCore.framework/Versions/5/Helpers/QtWebEngineProcess.app/Contents/MacOS/QtWebEngineProcess
    Identifier: QtWebEngineProcess
    Version: ???
    Code Type: X86-64 (Native)
    Parent Process: MyProcess [45560]
    Responsible: MyProcess [45560]
    User ID: 501

    Date/Time: 2014-12-15 21:44:38.757 +0100
    OS Version: Mac OS X 10.10.1 (14B25)
    Report Version: 11
    Anonymous UUID: 08FE5E3D-C136-084C-7579-A2F503845AE3

    Sleep/Wake UUID: 4357B39D-B4A3-46CE-A395-EA4ECBE89802

    Time Awake Since Boot: 30000 seconds
    Time Since Wake: 14000 seconds

    Crashed Thread: 0 Dispatch queue: com.apple.main-thread

    Exception Type: EXC_BAD_INSTRUCTION (SIGILL)
    Exception Codes: 0x0000000000000001, 0x0000000000000000

    Application Specific Information:
    Could not set sandbox profile data: Operation not permitted (1)

    Application Specific Signatures:
    SYSCALL_SET_PROFILE

    Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
    0 libsystem_secinit.dylib 0x00007fff9a0e84b7 _libsecinit_setup_app_sandbox + 805
    1 libsystem_secinit.dylib 0x00007fff9a0e7b21 _libsecinit_initialize_once + 20
    2 libdispatch.dylib 0x00007fff969d9c13 _dispatch_client_callout + 8
    3 libdispatch.dylib 0x00007fff969d9b26 dispatch_once_f + 117
    4 libSystem.B.dylib 0x00007fff93698aaa libSystem_initializer + 131
    @

    Greetings
    Nando



  • @
    codesign -s $YOUR_CERT -i "com.yourcompany.QtWebEngineProcess" --entitlements /path/to/inherit.entitlements /path/to/QtWebEngineProcess.app
    @



  • Hi Seamus,
    thanks for the tip. i will try it and the report.



  • i have still the same error:

    APPCERT = "3rd Party Mac Developer Application: <my company name...>"
    BUNDLEID = "my app bundle id"

    @
    QT_WEBENGINE_PROCESS_ENTITLEMENTS = $$PWD/QtWebEngineProcess.entitlements

    codesign.commands += codesign -s '$${APPCERT}' -i "com.yourcompany.QtWebEngineProcess" --entitlements "$${QT_WEBENGINE_PROCESS_ENTITLEMENTS}" $${TARGET}.app/Contents/Frameworks/QtWebEngineCore.framework/Helpers/QtWebEngineProcess.app;
    codesign.commands += codesign -s '$${APPCERT}' -i "org.qt-project.Qt.QtWebEngineCore" $${TARGET}.app/Contents/Frameworks/QtWebEngineCore.framework/Versions/Current;
    codesign.commands += codesign -s '$${APPCERT}' -i "org.qt-project.Qt.QtWebEngineCore" $${TARGET}.app/Contents/Frameworks/QtWebEngineCore.framework/Versions/5/Libraries/ffmpegsumo.so;
    @

    content of QT_WEBENGINE_PROCESS_ENTITLEMENTS = $$PWD/QtWebEngineProcess.entitlements:

    @
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
    </dict>
    </plist>
    @

    This is the console output:

    @17/12/14 23:16:25,816 sandboxd[465]: ([58974]) QtWebEngineProce(58974) deny forbidden-sandbox-reinit
    17/12/14 23:16:25,823 com.apple.xpc.launchd[1]: (com.apple.ReportCrash[58975]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash
    @



  • The bundle id in my example, "com.yourcompany.QtWebEngineProcess", is not a place-holder, use it verbatim.



  • @<?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>com.apple.security.app-sandbox</key>
    <true/>
    <key>com.apple.security.inherit</key>
    <true/>
    </dict>
    </plist>@

    Relevant lines from my post build script
    @export L_TARGET=$BUILT_PRODUCTS_DIR/$FULL_PRODUCT_NAME
    export L_TARGET_FRAMEWORKS=$L_TARGET/Contents/Frameworks
    mkdir -p $L_TARGET_FRAMEWORKS
    codesign --force -s "$APPCERT" -i "org.qt-project.QtWebEngine" $L_TARGET_FRAMEWORKS/QtWebEngine.framework/
    codesign --force -s "$APPCERT" -i "com.yourcompany.QtWebEngineProcess"
    --entitlements ~/working/sandbox-inherit.entitlements
    $L_TARGET_FRAMEWORKS/QtWebEngineCore.framework/Versions/Current/Helpers/QtWebEngineProcess.app
    codesign --force -s "$APPCERT" -i "org.qt-project.Qt.QtWebEngineCore" $L_TARGET_FRAMEWORKS/QtWebEngineCore.framework/
    codesign --force -s "$APPCERT" -i "org.qt-project.QtWebEngineWidgets" $L_TARGET_FRAMEWORKS/QtWebEngineWidgets.framework/@



  • Thank you very much Seamus!
    Now it is working :)


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.