Diff
Modified: trunk/Source/WTF/ChangeLog (243007 => 243008)
--- trunk/Source/WTF/ChangeLog 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WTF/ChangeLog 2019-03-15 20:27:24 UTC (rev 243008)
@@ -1,3 +1,14 @@
+2019-03-15 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Block the accessibility server when accessibility is not enabled.
+ https://bugs.webkit.org/show_bug.cgi?id=195342
+
+ Reviewed by Brent Fulgham.
+
+ Add SPI to issue a mach extension to a process by pid.
+
+ * wtf/spi/darwin/SandboxSPI.h:
+
2019-03-13 Sam Weinig <s...@webkit.org>
Add utility function to allow easy reverse range-based iteration of a container
Modified: trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h (243007 => 243008)
--- trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h 2019-03-15 20:27:24 UTC (rev 243008)
@@ -63,6 +63,7 @@
char *sandbox_extension_issue_file(const char *extension_class, const char *path, uint32_t flags);
char *sandbox_extension_issue_generic(const char *extension_class, uint32_t flags);
+char *sandbox_extension_issue_mach_to_process_by_pid(const char *extension_class, const char *name, uint32_t flags, pid_t);
int sandbox_check(pid_t, const char *operation, enum sandbox_filter_type, ...);
int sandbox_check_by_audit_token(audit_token_t, const char *operation, enum sandbox_filter_type, ...);
int sandbox_container_path_for_pid(pid_t, char *buffer, size_t bufsize);
Modified: trunk/Source/WebKit/ChangeLog (243007 => 243008)
--- trunk/Source/WebKit/ChangeLog 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/ChangeLog 2019-03-15 20:27:24 UTC (rev 243008)
@@ -1,3 +1,38 @@
+2019-03-15 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Block the accessibility server when accessibility is not enabled.
+ https://bugs.webkit.org/show_bug.cgi?id=195342
+
+ Reviewed by Brent Fulgham.
+
+ By default, block the iOS accessibility server in the sandbox. If accessibility is enabled,
+ let the UI process issue a mach extension to the WebContent process. The UI process will
+ issue the mach extension the the WebContent process by its process identifier. The sandbox
+ extension handle is sent to the WebContent process to be consumed. The message will be sent
+ when the WebProcess has finished launching, and also when accessibility is turned on.
+
+ * Platform/spi/ios/AccessibilitySupportSPI.h:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * Shared/SandboxExtension.h:
+ * Shared/mac/SandboxExtensionMac.mm:
+ (WebKit::SandboxExtensionImpl::create):
+ (WebKit::SandboxExtensionImpl::sandboxExtensionForType):
+ (WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
+ (WebKit::SandboxExtension::createHandleForMachLookupByPid):
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::registerNotificationObservers):
+ (WebKit::WebProcessPool::unregisterNotificationObservers):
+ * UIProcess/WebProcessPool.h:
+ * UIProcess/WebProcessProxy.cpp:
+ (WebKit::WebProcessProxy::didFinishLaunching):
+ * UIProcess/WebProcessProxy.h:
+ * UIProcess/ios/WebProcessProxyIOS.mm:
+ (WebKit::WebProcessProxy::unblockAccessibilityServerIfNeeded):
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::unblockAccessibilityServer):
+ * WebProcess/WebProcess.h:
+ * WebProcess/WebProcess.messages.in:
+
2019-03-15 Antti Koivisto <an...@apple.com>
Use Region for event region even when it is a rectangle
Modified: trunk/Source/WebKit/Platform/spi/ios/AccessibilitySupportSPI.h (243007 => 243008)
--- trunk/Source/WebKit/Platform/spi/ios/AccessibilitySupportSPI.h 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/Platform/spi/ios/AccessibilitySupportSPI.h 2019-03-15 20:27:24 UTC (rev 243008)
@@ -41,6 +41,8 @@
#if PLATFORM(IOS_FAMILY)
extern Boolean _AXSKeyRepeatEnabled();
extern CFTimeInterval _AXSKeyRepeatDelay();
+extern Boolean _AXSApplicationAccessibilityEnabled();
+extern CFStringRef kAXSApplicationAccessibilityEnabledNotification;
#endif
#if ENABLE(ACCESSIBILITY_EVENTS)
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (243007 => 243008)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2019-03-15 20:27:24 UTC (rev 243008)
@@ -187,7 +187,6 @@
(global-name "com.apple.backboard.hid.focus")
(global-name "com.apple.backboard.hid.services")
(global-name "com.apple.iohideventsystem")
- (global-name "com.apple.iphone.axserver-systemwide")
(global-name "com.apple.frontboard.workspace")
(global-name "com.apple.frontboard.systemappservices"))
@@ -454,6 +453,8 @@
(deny mach-lookup (with send-signal SIGKILL)
(global-name "com.apple.backboard.hid.services"))
+(allow mach-lookup (extension "com.apple.webkit.extension.mach"))
+
;; These services have been identified as unused during living-on.
;; This list overrides some definitions above and in common.sb.
;; FIXME: remove overridden rules once the final list has been
Modified: trunk/Source/WebKit/Shared/SandboxExtension.h (243007 => 243008)
--- trunk/Source/WebKit/Shared/SandboxExtension.h 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/Shared/SandboxExtension.h 2019-03-15 20:27:24 UTC (rev 243008)
@@ -27,6 +27,7 @@
#include <wtf/Forward.h>
#include <wtf/Noncopyable.h>
+#include <wtf/ProcessID.h>
#include <wtf/RefCounted.h>
#include <wtf/RefPtr.h>
#include <wtf/Vector.h>
@@ -46,6 +47,7 @@
enum class Type {
ReadOnly,
ReadWrite,
+ Mach,
Generic,
};
@@ -101,6 +103,7 @@
static bool createHandleForReadWriteDirectory(const String& path, Handle&); // Will attempt to create the directory.
static String createHandleForTemporaryFile(const String& prefix, Type, Handle&);
static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
+ static bool createHandleForMachLookupByPid(const String& service, ProcessID, Handle&);
~SandboxExtension();
bool consume();
Modified: trunk/Source/WebKit/Shared/mac/SandboxExtensionMac.mm (243007 => 243008)
--- trunk/Source/WebKit/Shared/mac/SandboxExtensionMac.mm 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/Shared/mac/SandboxExtensionMac.mm 2019-03-15 20:27:24 UTC (rev 243008)
@@ -40,9 +40,9 @@
class SandboxExtensionImpl {
public:
- static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type)
+ static std::unique_ptr<SandboxExtensionImpl> create(const char* path, SandboxExtension::Type type, Optional<ProcessID> pid = WTF::nullopt)
{
- std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type) };
+ std::unique_ptr<SandboxExtensionImpl> impl { new SandboxExtensionImpl(path, type, pid) };
if (!impl->m_token)
return nullptr;
return impl;
@@ -64,6 +64,10 @@
#if PLATFORM(IOS_FAMILY_SIMULATOR)
return !sandbox_check(getpid(), 0, SANDBOX_FILTER_NONE);
#else
+ if (m_handle == -1) {
+ LOG_ERROR("Could not create a sandbox extension for '%s', errno = %d", m_token, errno);
+ return false;
+ }
return m_handle;
#endif
}
@@ -80,7 +84,7 @@
}
private:
- char* sandboxExtensionForType(const char* path, SandboxExtension::Type type)
+ char* sandboxExtensionForType(const char* path, SandboxExtension::Type type, Optional<ProcessID> pid = WTF::nullopt)
{
switch (type) {
case SandboxExtension::Type::ReadOnly:
@@ -87,13 +91,15 @@
return sandbox_extension_issue_file(APP_SANDBOX_READ, path, 0);
case SandboxExtension::Type::ReadWrite:
return sandbox_extension_issue_file(APP_SANDBOX_READ_WRITE, path, 0);
+ case SandboxExtension::Type::Mach:
+ return sandbox_extension_issue_mach_to_process_by_pid("com.apple.webkit.extension.mach"_s, path, 0, pid.value());
case SandboxExtension::Type::Generic:
return sandbox_extension_issue_generic(path, 0);
}
}
- SandboxExtensionImpl(const char* path, SandboxExtension::Type type)
- : m_token { sandboxExtensionForType(path, type) }
+ SandboxExtensionImpl(const char* path, SandboxExtension::Type type, Optional<ProcessID> pid = WTF::nullopt)
+ : m_token { sandboxExtensionForType(path, type, pid) }
{
}
@@ -357,6 +363,19 @@
return true;
}
+bool SandboxExtension::createHandleForMachLookupByPid(const String& service, ProcessID pid, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+
+ handle.m_sandboxExtension = SandboxExtensionImpl::create(service.utf8().data(), Type::Mach, pid);
+ if (!handle.m_sandboxExtension) {
+ WTFLogAlways("Could not create a '%s' sandbox extension", service.utf8().data());
+ return false;
+ }
+
+ return true;
+}
+
SandboxExtension::SandboxExtension(const Handle& handle)
: m_sandboxExtension(WTFMove(handle.m_sandboxExtension))
{
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (243007 => 243008)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2019-03-15 20:27:24 UTC (rev 243008)
@@ -26,6 +26,7 @@
#import "config.h"
#import "WebProcessPool.h"
+#import "AccessibilitySupportSPI.h"
#import "CookieStorageUtilsCF.h"
#import "LegacyCustomProtocolManagerClient.h"
#import "NetworkProcessCreationParameters.h"
@@ -447,6 +448,10 @@
}];
#elif PLATFORM(IOS)
CFNotificationCenterAddObserver(CFNotificationCenterGetDarwinNotifyCenter(), this, backlightLevelDidChangeCallback, static_cast<CFStringRef>(UIBacklightLevelChangedNotification), nullptr, CFNotificationSuspensionBehaviorCoalesce);
+ m_accessibilityEnabledObserver = [[NSNotificationCenter defaultCenter] addObserverForName:(__bridge id)kAXSApplicationAccessibilityEnabledNotification object:nil queue:[NSOperationQueue currentQueue] usingBlock:^(NSNotification *) {
+ for (size_t i = 0; i < m_processes.size(); ++i)
+ m_processes[i]->unblockAccessibilityServerIfNeeded();
+ }];
#endif // !PLATFORM(IOS_FAMILY)
}
@@ -466,6 +471,7 @@
[[NSNotificationCenter defaultCenter] removeObserver:m_deactivationObserver.get()];
#elif PLATFORM(IOS)
CFNotificationCenterRemoveObserver(CFNotificationCenterGetDarwinNotifyCenter(), this, static_cast<CFStringRef>(UIBacklightLevelChangedNotification) , nullptr);
+ [[NSNotificationCenter defaultCenter] removeObserver:m_accessibilityEnabledObserver.get()];
#endif // !PLATFORM(IOS_FAMILY)
}
Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.h (243007 => 243008)
--- trunk/Source/WebKit/UIProcess/WebProcessPool.h 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.h 2019-03-15 20:27:24 UTC (rev 243008)
@@ -673,6 +673,10 @@
std::unique_ptr<PerActivityStateCPUUsageSampler> m_perActivityStateCPUUsageSampler;
#endif
+#if PLATFORM(IOS_FAMILY)
+ RetainPtr<NSObject> m_accessibilityEnabledObserver;
+#endif
+
bool m_shouldUseTestingNetworkSession { false };
bool m_processTerminationEnabled { true };
Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp (243007 => 243008)
--- trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp 2019-03-15 20:27:24 UTC (rev 243008)
@@ -759,6 +759,8 @@
if (xpc_connection_t xpcConnection = connection()->xpcConnection())
m_throttler.didConnectToProcess(xpc_connection_get_pid(xpcConnection));
}
+
+ unblockAccessibilityServerIfNeeded();
#endif
}
Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.h (243007 => 243008)
--- trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2019-03-15 20:27:24 UTC (rev 243008)
@@ -293,6 +293,10 @@
void revokeAudioCaptureExtension() { m_mediaCaptureSandboxExtensions &= ~Audio; }
#endif
+#if PLATFORM(IOS_FAMILY)
+ void unblockAccessibilityServerIfNeeded();
+#endif
+
protected:
static uint64_t generatePageID();
WebProcessProxy(WebProcessPool&, WebsiteDataStore&, IsPrewarmed);
@@ -431,6 +435,7 @@
#if PLATFORM(IOS_FAMILY)
ForegroundWebProcessToken m_foregroundToken;
BackgroundWebProcessToken m_backgroundToken;
+ bool m_hasSentMessageToUnblockAccessibilityServer { false };
#endif
HashMap<String, uint64_t> m_pageURLRetainCountMap;
Modified: trunk/Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm (243007 => 243008)
--- trunk/Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm 2019-03-15 20:27:24 UTC (rev 243008)
@@ -28,6 +28,7 @@
#if PLATFORM(IOS_FAMILY)
+#import "AccessibilitySupportSPI.h"
#import "WKFullKeyboardAccessWatcher.h"
#import "WebProcessMessages.h"
@@ -42,6 +43,25 @@
#endif
}
+void WebProcessProxy::unblockAccessibilityServerIfNeeded()
+{
+ if (m_hasSentMessageToUnblockAccessibilityServer)
+ return;
+ if (!_AXSApplicationAccessibilityEnabled())
+ return;
+ if (!processIdentifier())
+ return;
+ if (!canSendMessage())
+ return;
+
+ SandboxExtension::Handle handle;
+ if (!SandboxExtension::createHandleForMachLookupByPid("com.apple.iphone.axserver-systemwide", processIdentifier(), handle))
+ return;
+
+ send(Messages::WebProcess::UnblockAccessibilityServer(handle), 0);
+ m_hasSentMessageToUnblockAccessibilityServer = true;
+}
+
} // namespace WebKit
#endif // PLATFORM(IOS_FAMILY)
Modified: trunk/Source/WebKit/WebProcess/WebProcess.cpp (243007 => 243008)
--- trunk/Source/WebKit/WebProcess/WebProcess.cpp 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/WebProcess/WebProcess.cpp 2019-03-15 20:27:24 UTC (rev 243008)
@@ -1867,4 +1867,12 @@
PlatformKeyboardEvent::setCurrentModifierState({ });
}
+#if PLATFORM(IOS_FAMILY)
+void WebProcess::unblockAccessibilityServer(const SandboxExtension::Handle& handle)
+{
+ bool ok = SandboxExtension::consumePermanently(handle);
+ ASSERT_UNUSED(ok, ok);
+}
+#endif
+
} // namespace WebKit
Modified: trunk/Source/WebKit/WebProcess/WebProcess.h (243007 => 243008)
--- trunk/Source/WebKit/WebProcess/WebProcess.h 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/WebProcess/WebProcess.h 2019-03-15 20:27:24 UTC (rev 243008)
@@ -245,6 +245,8 @@
#if PLATFORM(IOS_FAMILY)
void accessibilityProcessSuspendedNotification(bool);
+
+ void unblockAccessibilityServer(const SandboxExtension::Handle&);
#endif
#if PLATFORM(IOS)
Modified: trunk/Source/WebKit/WebProcess/WebProcess.messages.in (243007 => 243008)
--- trunk/Source/WebKit/WebProcess/WebProcess.messages.in 2019-03-15 20:06:04 UTC (rev 243007)
+++ trunk/Source/WebKit/WebProcess/WebProcess.messages.in 2019-03-15 20:27:24 UTC (rev 243008)
@@ -157,4 +157,8 @@
#endif
ClearCurrentModifierStateForTesting()
+
+#if PLATFORM(IOS_FAMILY)
+ UnblockAccessibilityServer(WebKit::SandboxExtension::Handle handle)
+#endif
}
