Diff
Modified: trunk/Source/WebCore/ChangeLog (291189 => 291190)
--- trunk/Source/WebCore/ChangeLog 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebCore/ChangeLog 2022-03-11 22:13:34 UTC (rev 291190)
@@ -1,3 +1,20 @@
+2022-03-11 Per Arne Vollan <pvol...@apple.com>
+
+ [macOS] Image decoders should be restricted for Mail
+ https://bugs.webkit.org/show_bug.cgi?id=237717
+ <rdar://89827733>
+
+ Reviewed by Geoffrey Garen.
+
+ Only add restricted decoding flag when it is explicitly requested.
+
+ * WebCore.xcodeproj/project.pbxproj:
+ * platform/graphics/cg/ImageDecoderCG.cpp:
+ (WebCore::createImageSourceOptions):
+ (WebCore::ImageDecoderCG::enableRestrictedDecoding):
+ (WebCore::ImageDecoderCG::restrictedDecodingEnabled):
+ * platform/graphics/cg/ImageDecoderCG.h:
+
2022-03-11 Wenson Hsieh <wenson_hs...@apple.com>
[iOS] Add support for -[UITextInput removeEmojiAlternatives] on WKContentView
Modified: trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj (291189 => 291190)
--- trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj 2022-03-11 22:13:34 UTC (rev 291190)
@@ -1903,7 +1903,7 @@
5546757B1FD212A9003B10B0 /* ImageSource.h in Headers */ = {isa = PBXBuildFile; fileRef = 554675781FD1FC1A003B10B0 /* ImageSource.h */; settings = {ATTRIBUTES = (Private, ); }; };
5550CB421E955E3C00111AA0 /* ImageTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 5550CB411E955E3C00111AA0 /* ImageTypes.h */; settings = {ATTRIBUTES = (Private, ); }; };
555130011E7CCCCB00A69E38 /* DecodingOptions.h in Headers */ = {isa = PBXBuildFile; fileRef = 555130001E7CCCCA00A69E38 /* DecodingOptions.h */; settings = {ATTRIBUTES = (Private, ); }; };
- 555B87ED1CAAF0AB00349425 /* ImageDecoderCG.h in Headers */ = {isa = PBXBuildFile; fileRef = 555B87EB1CAAF0AB00349425 /* ImageDecoderCG.h */; };
+ 555B87ED1CAAF0AB00349425 /* ImageDecoderCG.h in Headers */ = {isa = PBXBuildFile; fileRef = 555B87EB1CAAF0AB00349425 /* ImageDecoderCG.h */; settings = {ATTRIBUTES = (Private, ); }; };
556C7C4B22123997009B06CA /* RenderingUpdateScheduler.h in Headers */ = {isa = PBXBuildFile; fileRef = 556C7C4722123942009B06CA /* RenderingUpdateScheduler.h */; settings = {ATTRIBUTES = (Private, ); }; };
5576A5651D88A70800CCC04C /* ImageFrame.h in Headers */ = {isa = PBXBuildFile; fileRef = 5576A5631D88A70800CCC04C /* ImageFrame.h */; settings = {ATTRIBUTES = (Private, ); }; };
5584765A2453F334009F550C /* ReducedResolutionSeconds.h in Headers */ = {isa = PBXBuildFile; fileRef = 558476582453ABC2009F550C /* ReducedResolutionSeconds.h */; settings = {ATTRIBUTES = (Private, ); }; };
Modified: trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.cpp (291189 => 291190)
--- trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.cpp 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.cpp 2022-03-11 22:13:34 UTC (rev 291190)
@@ -67,7 +67,8 @@
CFDictionarySetValue(options.get(), kCGImageSourceShouldPreferRGB32, kCFBooleanTrue);
CFDictionarySetValue(options.get(), kCGImageSourceSkipMetadata, kCFBooleanTrue);
#if HAVE(IMAGE_RESTRICTED_DECODING) && USE(APPLE_INTERNAL_SDK)
- CFDictionarySetValue(options.get(), kCGImageSourceEnableRestrictedDecoding, kCFBooleanTrue);
+ if (ImageDecoderCG::restrictedDecodingEnabled())
+ CFDictionarySetValue(options.get(), kCGImageSourceEnableRestrictedDecoding, kCFBooleanTrue);
#endif
return options;
}
@@ -254,6 +255,8 @@
}
#endif
+bool ImageDecoderCG::m_enableRestrictedDecoding = false;
+
ImageDecoderCG::ImageDecoderCG(FragmentedSharedBuffer& data, AlphaOption, GammaAndColorProfileOption)
{
RetainPtr<CFStringRef> utiHint;
@@ -594,6 +597,16 @@
return MIMETypeRegistry::isSupportedImageMIMEType(mimeType);
}
+void ImageDecoderCG::enableRestrictedDecoding()
+{
+ m_enableRestrictedDecoding = true;
}
+bool ImageDecoderCG::restrictedDecodingEnabled()
+{
+ return m_enableRestrictedDecoding;
+}
+
+}
+
#endif // USE(CG)
Modified: trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.h (291189 => 291190)
--- trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.h 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.h 2022-03-11 22:13:34 UTC (rev 291190)
@@ -68,10 +68,14 @@
bool isAllDataReceived() const final { return m_isAllDataReceived; }
void clearFrameBufferCache(size_t) final { }
+ WEBCORE_EXPORT static void enableRestrictedDecoding();
+ static bool restrictedDecodingEnabled();
+
private:
bool m_isAllDataReceived { false };
mutable EncodedDataStatus m_encodedDataStatus { EncodedDataStatus::Unknown };
RetainPtr<CGImageSourceRef> m_nativeDecoder;
+ static bool m_enableRestrictedDecoding;
};
}
Modified: trunk/Source/WebKit/ChangeLog (291189 => 291190)
--- trunk/Source/WebKit/ChangeLog 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebKit/ChangeLog 2022-03-11 22:13:34 UTC (rev 291190)
@@ -1,3 +1,23 @@
+2022-03-11 Per Arne Vollan <pvol...@apple.com>
+
+ [macOS] Image decoders should be restricted for Mail
+ https://bugs.webkit.org/show_bug.cgi?id=237717
+ <rdar://89827733>
+
+ Reviewed by Geoffrey Garen.
+
+ We already restrict image decoders for Mail on iOS. We should do so on macOS too.
+
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode const):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2022-03-11 Chris Dumez <cdu...@apple.com>
Delay responsiveness checks for the Network Process until it has finished initialization
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (291189 => 291190)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2022-03-11 22:13:34 UTC (rev 291190)
@@ -167,7 +167,7 @@
#if HAVE(VIDEO_RESTRICTED_DECODING)
#if PLATFORM(MAC)
- encoder << videoDecoderExtensionHandles;
+ encoder << trustdExtensionHandle;
#endif
encoder << restrictImageAndVideoDecoders;
#endif
@@ -470,11 +470,11 @@
#if HAVE(VIDEO_RESTRICTED_DECODING)
#if PLATFORM(MAC)
- std::optional<Vector<SandboxExtension::Handle>> videoDecoderExtensionHandles;
- decoder >> videoDecoderExtensionHandles;
- if (!videoDecoderExtensionHandles)
+ std::optional<SandboxExtension::Handle> trustdExtensionHandle;
+ decoder >> trustdExtensionHandle;
+ if (!trustdExtensionHandle)
return false;
- parameters.videoDecoderExtensionHandles = WTFMove(*videoDecoderExtensionHandles);
+ parameters.trustdExtensionHandle = WTFMove(*trustdExtensionHandle);
#endif
std::optional<bool> restrictImageAndVideoDecoders;
decoder >> restrictImageAndVideoDecoders;
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (291189 => 291190)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2022-03-11 22:13:34 UTC (rev 291190)
@@ -209,7 +209,7 @@
std::optional<SandboxExtension::Handle> launchServicesExtensionHandle;
#if HAVE(VIDEO_RESTRICTED_DECODING)
#if PLATFORM(MAC)
- Vector<SandboxExtension::Handle> videoDecoderExtensionHandles;
+ SandboxExtension::Handle trustdExtensionHandle;
#endif
bool restrictImageAndVideoDecoders { false };
#endif
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (291189 => 291190)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-03-11 22:13:34 UTC (rev 291190)
@@ -445,8 +445,11 @@
#if HAVE(VIDEO_RESTRICTED_DECODING)
#if PLATFORM(MAC)
- if (MacApplication::isAppleMail())
- parameters.videoDecoderExtensionHandles = SandboxExtension::createHandlesForMachLookup({ "com.apple.coremedia.videodecoder"_s, "com.apple.trustd.agent"_s }, std::nullopt);
+ if (MacApplication::isAppleMail()) {
+ if (auto trustdExtensionHandle = SandboxExtension::createHandleForMachLookup("com.apple.trustd.agent"_s, std::nullopt))
+ parameters.trustdExtensionHandle = WTFMove(*trustdExtensionHandle);
+ parameters.restrictImageAndVideoDecoders = true;
+ }
#else
parameters.restrictImageAndVideoDecoders = IOSApplication::isMobileMail() || IOSApplication::isMailCompositionService();
#endif // PLATFORM(MAC)
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (291189 => 291190)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2022-03-11 22:13:34 UTC (rev 291190)
@@ -67,6 +67,7 @@
#import <WebCore/HistoryController.h>
#import <WebCore/HistoryItem.h>
#import <WebCore/IOSurface.h>
+#import <WebCore/ImageDecoderCG.h>
#import <WebCore/LocalizedDeviceModel.h>
#import <WebCore/LocalizedStrings.h>
#import <WebCore/LogInitialization.h>
@@ -289,11 +290,14 @@
#if HAVE(VIDEO_RESTRICTED_DECODING)
#if PLATFORM(MAC)
- SandboxExtension::consumePermanently(parameters.videoDecoderExtensionHandles);
-#elif USE(APPLE_INTERNAL_SDK)
- if (parameters.restrictImageAndVideoDecoders)
+ SandboxExtension::consumePermanently(parameters.trustdExtensionHandle);
+#endif // PLATFORM(MAC)
+#if USE(APPLE_INTERNAL_SDK)
+ if (parameters.restrictImageAndVideoDecoders) {
+ ImageDecoderCG::enableRestrictedDecoding();
restrictImageAndVideoDecoders();
-#endif // PLATFORM(MAC)
+ }
+#endif
#endif // HAVE(VIDEO_RESTRICTED_DECODING)
// Disable NSURLCache.
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (291189 => 291190)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-03-11 21:55:33 UTC (rev 291189)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-03-11 22:13:34 UTC (rev 291190)
@@ -1410,6 +1410,11 @@
))
#endif
+(allow mach-lookup
+ (require-all
+ (extension "com.apple.webkit.extension.mach")
+ (global-name "com.apple.trustd.agent")))
+
;; Various services required by AppKit and other frameworks
(allow mach-lookup
(global-name "com.apple.logd")