Title: [257135] trunk/Source/WebKit
- Revision
- 257135
- Author
- pvol...@apple.com
- Date
- 2020-02-21 08:27:53 -0800 (Fri, 21 Feb 2020)
Log Message
[iOS] Fix media related sandbox issues in the GPU process
https://bugs.webkit.org/show_bug.cgi?id=208033
Reviewed by Eric Carlson.
The mach lookup sandbox extension to 'com.apple.tccd' needs to be created with the method SandboxExtension::createHandleForMachLookup.
The file read-write sandbox extension to the media cache directory needs to be created with the parent folder of the actual cache folder,
since the media frameworks also seem to access files there.
No new tests, covered by existing tests.
* UIProcess/GPU/GPUProcessProxy.cpp:
(WebKit::GPUProcessProxy::singleton):
(WebKit::gpuProcessSessionParameters):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (257134 => 257135)
--- trunk/Source/WebKit/ChangeLog 2020-02-21 16:20:55 UTC (rev 257134)
+++ trunk/Source/WebKit/ChangeLog 2020-02-21 16:27:53 UTC (rev 257135)
@@ -1,3 +1,20 @@
+2020-02-21 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Fix media related sandbox issues in the GPU process
+ https://bugs.webkit.org/show_bug.cgi?id=208033
+
+ Reviewed by Eric Carlson.
+
+ The mach lookup sandbox extension to 'com.apple.tccd' needs to be created with the method SandboxExtension::createHandleForMachLookup.
+ The file read-write sandbox extension to the media cache directory needs to be created with the parent folder of the actual cache folder,
+ since the media frameworks also seem to access files there.
+
+ No new tests, covered by existing tests.
+
+ * UIProcess/GPU/GPUProcessProxy.cpp:
+ (WebKit::GPUProcessProxy::singleton):
+ (WebKit::gpuProcessSessionParameters):
+
2020-02-20 Peng Liu <peng.l...@apple.com>
[Media in GPU process] Synchronize the properties of video layers in the GPU process with the hosting layer in the web process
Modified: trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp (257134 => 257135)
--- trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp 2020-02-21 16:20:55 UTC (rev 257134)
+++ trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp 2020-02-21 16:27:53 UTC (rev 257135)
@@ -107,7 +107,7 @@
SandboxExtension::createHandleForGenericExtension("com.apple.webkit.microphone", parameters.microphoneSandboxExtensionHandle);
#if PLATFORM(IOS)
if (needsCameraSandboxExtension || needsMicrophoneSandboxExtension)
- SandboxExtension::createHandleForGenericExtension("com.apple.tccd", parameters.tccSandboxExtensionHandle);
+ SandboxExtension::createHandleForMachLookup("com.apple.tccd", WTF::nullopt, parameters.tccSandboxExtensionHandle);
#endif
#endif
// Initialize the GPU process.
@@ -281,8 +281,13 @@
parameters.mediaCacheDirectory = store.resolvedMediaCacheDirectory();
SandboxExtension::Handle mediaCacheDirectoryExtensionHandle;
- if (!parameters.mediaCacheDirectory.isEmpty())
- SandboxExtension::createHandleWithoutResolvingPath(parameters.mediaCacheDirectory, SandboxExtension::Type::ReadWrite, parameters.mediaCacheDirectorySandboxExtensionHandle);
+ if (!parameters.mediaCacheDirectory.isEmpty()) {
+ String parentFolder = parameters.mediaCacheDirectory;
+ auto position = parentFolder.reverseFind("/");
+ if (position != notFound)
+ parentFolder = parentFolder.substring(0, position);
+ SandboxExtension::createHandleWithoutResolvingPath(parentFolder, SandboxExtension::Type::ReadWrite, parameters.mediaCacheDirectorySandboxExtensionHandle);
+ }
#if ENABLE(LEGACY_ENCRYPTED_MEDIA)
parameters.mediaKeysStorageDirectory = store.resolvedMediaKeysDirectory();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
