[webkit-changes] [294397] trunk/Source

[pvollan]

Title: [294397] trunk/Source

Revision

294397

Author

pvol...@apple.com

Date

2022-05-18 08:45:53 -0700 (Wed, 18 May 2022)

Log Message

Add WebKit API to turn off the URL scheme check when linkifying through Data Detectors
https://bugs.webkit.org/show_bug.cgi?id=239900
<rdar://92026172>

Reviewed by Geoffrey Garen.

This will enable us to block the Mach service com.apple.lsd.open in the WebContent process for all clients.
The URL scheme check is disabled by default for all clients that are not Web browsers. This choice was made
because we know that com.apple.lsd.open can be blocked for Web browsers without disabling the check, since
we already have blocked it there for quite some time without observing any issues. We also have a couple of
examples of other apps, which are not Mail clients, that would need this to be the default behavior.

* Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.h:
* Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.mm:
* Source/WebCore/PAL/pal/spi/cocoa/DataDetectorsCoreSPI.h:
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* Source/WebKit/Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):
* Source/WebKit/Shared/WebProcessCreationParameters.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _disableURLSchemeCheckInDataDetectors]):
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
* Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
(WebKit::WebPageProxy::disableURLSchemeCheckInDataDetectors const):
* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
(WebKit::nonBrowserServices): Deleted.
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/WebProcess/WebProcess.h:
* Source/WebKit/WebProcess/WebProcess.messages.in:
* Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):
(WebKit::WebProcess::disableURLSchemeCheckInDataDetectors const):
* Source/WTF/wtf/PlatformHave.h:

Canonical link: https://commits.webkit.org/250691@main

Modified Paths

• trunk/Source/WTF/wtf/PlatformHave.h
• trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.h
• trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.mm
• trunk/Source/WebCore/PAL/pal/spi/cocoa/DataDetectorsCoreSPI.h
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
• trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp
• trunk/Source/WebKit/Shared/WebProcessCreationParameters.h
• trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
• trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h
• trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
• trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
• trunk/Source/WebKit/UIProcess/WebPageProxy.h
• trunk/Source/WebKit/WebProcess/WebProcess.h
• trunk/Source/WebKit/WebProcess/WebProcess.messages.in
• trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

Diff

Modified: trunk/Source/WTF/wtf/PlatformHave.h (294396 => 294397)

--- trunk/Source/WTF/wtf/PlatformHave.h	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WTF/wtf/PlatformHave.h	2022-05-18 15:45:53 UTC (rev 294397)
@@ -1179,3 +1179,7 @@
 #if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 120000) || (PLATFORM(MACCATALYST) && __IPHONE_OS_VERSION_MIN_REQUIRED < 150000)
 #define HAVE_SYSTEM_HTTP_CONTENT_FILTERING 1
 #endif
+
+#if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 160000)
+#define HAVE_DDRESULT_DISABLE_URL_SCHEME_CHECKING 1
+#endif

Modified: trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.h (294396 => 294397)

--- trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.h	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.h	2022-05-18 15:45:53 UTC (rev 294397)
@@ -68,5 +68,5 @@
 SOFT_LINK_FUNCTION_FOR_HEADER(PAL, DataDetectorsCore, DDScanQueryCreate, DDScanQueryRef, (CFAllocatorRef allocator), (allocator))
 SOFT_LINK_FUNCTION_FOR_HEADER(PAL, DataDetectorsCore, DDScanQueryCreateFromString, DDScanQueryRef, (CFAllocatorRef allocator, CFStringRef string, CFRange range), (allocator, string, range))
 SOFT_LINK_FUNCTION_FOR_HEADER(PAL, DataDetectorsCore, DDScannerCopyResultsWithOptions, CFArrayRef, (DDScannerRef scanner, DDScannerCopyResultsOptions options), (scanner, options))
-
+SOFT_LINK_FUNCTION_MAY_FAIL_FOR_HEADER(PAL, DataDetectorsCore, DDResultDisableURLSchemeChecking, void, (), ())
 #endif // ENABLE(DATA_DETECTION)

Modified: trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.mm (294396 => 294397)

--- trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.mm	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.mm	2022-05-18 15:45:53 UTC (rev 294397)
@@ -69,4 +69,5 @@
 SOFT_LINK_FUNCTION_FOR_SOURCE(PAL, DataDetectorsCore, DDScanQueryCreate, DDScanQueryRef, (CFAllocatorRef allocator), (allocator))
 SOFT_LINK_FUNCTION_FOR_SOURCE(PAL, DataDetectorsCore, DDScanQueryCreateFromString, DDScanQueryRef, (CFAllocatorRef allocator, CFStringRef string, CFRange range), (allocator, string, range))
 SOFT_LINK_FUNCTION_FOR_SOURCE(PAL, DataDetectorsCore, DDScannerCopyResultsWithOptions, CFArrayRef, (DDScannerRef scanner, DDScannerCopyResultsOptions options), (scanner, options))
+SOFT_LINK_FUNCTION_MAY_FAIL_FOR_SOURCE_WITH_EXPORT(PAL, DataDetectorsCore, DDResultDisableURLSchemeChecking, void, (), (), PAL_EXPORT)
 #endif // ENABLE(DATA_DETECTION)

Modified: trunk/Source/WebCore/PAL/pal/spi/cocoa/DataDetectorsCoreSPI.h (294396 => 294397)

--- trunk/Source/WebCore/PAL/pal/spi/cocoa/DataDetectorsCoreSPI.h	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebCore/PAL/pal/spi/cocoa/DataDetectorsCoreSPI.h	2022-05-18 15:45:53 UTC (rev 294397)
@@ -147,7 +147,7 @@
 bool DDResultHasProperties(DDResultRef, CFIndex propertySet);
 CFArrayRef DDResultGetSubResults(DDResultRef);
 DDQueryRange DDResultGetQueryRangeForURLification(DDResultRef);
-
+void DDResultDisableURLSchemeChecking();
 WTF_EXTERN_C_END
 
 #endif

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (294396 => 294397)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2022-05-18 15:45:53 UTC (rev 294397)
@@ -1062,11 +1062,7 @@
     (require-all
         (extension "com.apple.webkit.extension.mach")
         (global-name
-            "com.apple.iconservices"
-            "com.apple.lsd.open"
-        )
-    )
-)
+            "com.apple.iconservices")))
 
 (allow iokit-open
     (require-all

Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (294396 => 294397)

--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp	2022-05-18 15:45:53 UTC (rev 294397)
@@ -167,7 +167,6 @@
 #endif
 
 #if PLATFORM(IOS_FAMILY)
-    encoder << dynamicMachExtensionHandles;
     encoder << dynamicIOKitExtensionHandles;
 #endif
 
@@ -459,12 +458,6 @@
 #endif
 
 #if PLATFORM(IOS_FAMILY)
-    std::optional<Vector<SandboxExtension::Handle>> dynamicMachExtensionHandles;
-    decoder >> dynamicMachExtensionHandles;
-    if (!dynamicMachExtensionHandles)
-        return false;
-    parameters.dynamicMachExtensionHandles = WTFMove(*dynamicMachExtensionHandles);
-
     std::optional<Vector<SandboxExtension::Handle>> dynamicIOKitExtensionHandles;
     decoder >> dynamicIOKitExtensionHandles;
     if (!dynamicIOKitExtensionHandles)

Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (294396 => 294397)

--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h	2022-05-18 15:45:53 UTC (rev 294397)
@@ -208,7 +208,6 @@
 #endif
 
 #if PLATFORM(IOS_FAMILY)
-    Vector<SandboxExtension::Handle> dynamicMachExtensionHandles;
     Vector<SandboxExtension::Handle> dynamicIOKitExtensionHandles;
 #endif
 

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm (294396 => 294397)

--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm	2022-05-18 15:45:53 UTC (rev 294397)
@@ -2585,6 +2585,13 @@
         _page->revokeAccessToAssetServices();
 }
 
+- (void)_disableURLSchemeCheckInDataDetectors
+{
+    THROW_IF_SUSPENDED;
+    if (_page)
+        _page->disableURLSchemeCheckInDataDetectors();
+}
+
 - (void)_switchFromStaticFontRegistryToUserFontRegistry
 {
     THROW_IF_SUSPENDED;

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h (294396 => 294397)

--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h	2022-05-18 15:45:53 UTC (rev 294397)
@@ -407,6 +407,8 @@
 - (void)_grantAccessToAssetServices WK_API_AVAILABLE(macos(12.0), ios(14.0));
 - (void)_revokeAccessToAssetServices WK_API_AVAILABLE(macos(12.0), ios(14.0));
 
+- (void)_disableURLSchemeCheckInDataDetectors WK_API_AVAILABLE(ios(WK_IOS_TBA));
+
 /*! @abstract If the WKWebView was created with _shouldAllowUserInstalledFonts = NO,
  the web process will automatically use an in-process font registry, and its sandbox
  will be restricted to forbid access to fontd. Otherwise, the web process will use

Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm (294396 => 294397)

--- trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm	2022-05-18 15:45:53 UTC (rev 294397)
@@ -852,6 +852,11 @@
     process().send(Messages::WebProcess::RevokeAccessToAssetServices(), 0);
 }
 
+void WebPageProxy::disableURLSchemeCheckInDataDetectors() const
+{
+    process().send(Messages::WebProcess::DisableURLSchemeCheckInDataDetectors(), 0);
+}
+
 void WebPageProxy::switchFromStaticFontRegistryToUserFontRegistry()
 {
     process().send(Messages::WebProcess::SwitchFromStaticFontRegistryToUserFontRegistry(fontdMachExtensionHandle(SandboxExtension::MachBootstrapOptions::EnableMachBootstrap)), 0);

Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (294396 => 294397)

--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2022-05-18 15:45:53 UTC (rev 294397)
@@ -287,17 +287,6 @@
     m_resolvedPaths.uiProcessBundleResourcePath = resolvePathForSandboxExtension(String { [[NSBundle mainBundle] resourcePath] });
 }
 
-#if PLATFORM(IOS_FAMILY)
-static const Vector<ASCIILiteral>& nonBrowserServices()
-{
-    ASSERT(isMainRunLoop());
-    static NeverDestroyed services = Vector<ASCIILiteral> {
-        "com.apple.lsd.open"_s,
-    };
-    return services;
-}
-#endif
-
 void WebProcessPool::platformInitializeWebProcess(const WebProcessProxy& process, WebProcessCreationParameters& parameters)
 {
     parameters.mediaMIMETypes = process.mediaMIMETypes();
@@ -398,9 +387,6 @@
 #endif
 
 #if PLATFORM(IOS_FAMILY)
-    if (!isFullWebBrowser())
-        parameters.dynamicMachExtensionHandles = SandboxExtension::createHandlesForMachLookup(nonBrowserServices(), std::nullopt);
-
     if (WebCore::deviceHasAGXCompilerService())
         parameters.dynamicIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(WebCore::agxCompilerClasses(), std::nullopt);
 #endif

Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.h (294396 => 294397)

--- trunk/Source/WebKit/UIProcess/WebPageProxy.h	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.h	2022-05-18 15:45:53 UTC (rev 294397)
@@ -1920,6 +1920,8 @@
     void revokeAccessToAssetServices();
     void switchFromStaticFontRegistryToUserFontRegistry();
 
+    void disableURLSchemeCheckInDataDetectors() const;
+
     void setIsTakingSnapshotsForApplicationSuspension(bool);
     void setNeedsDOMWindowResizeEvent();
 

Modified: trunk/Source/WebKit/WebProcess/WebProcess.h (294396 => 294397)

--- trunk/Source/WebKit/WebProcess/WebProcess.h	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/WebProcess/WebProcess.h	2022-05-18 15:45:53 UTC (rev 294397)
@@ -367,6 +367,8 @@
     void revokeAccessToAssetServices();
     void switchFromStaticFontRegistryToUserFontRegistry(WebKit::SandboxExtension::Handle&& fontMachExtensionHandle);
 
+    void disableURLSchemeCheckInDataDetectors() const;
+
 #if PLATFORM(MAC)
     void updatePageScreenProperties();
 #endif

Modified: trunk/Source/WebKit/WebProcess/WebProcess.messages.in (294396 => 294397)

--- trunk/Source/WebKit/WebProcess/WebProcess.messages.in	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/WebProcess/WebProcess.messages.in	2022-05-18 15:45:53 UTC (rev 294397)
@@ -168,6 +168,7 @@
     SwitchFromStaticFontRegistryToUserFontRegistry(WebKit::SandboxExtension::Handle fontMachExtensionHandle)
 
 #if PLATFORM(COCOA)
+    DisableURLSchemeCheckInDataDetectors()
     UnblockServicesRequiredByAccessibility(Vector<WebKit::SandboxExtension::Handle> handleArray)
 #if ENABLE(CFPREFS_DIRECT_MODE)
     NotifyPreferencesChanged(String domain, String key, std::optional<String> encodedValue)

Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (294396 => 294397)

--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2022-05-18 14:55:24 UTC (rev 294396)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2022-05-18 15:45:53 UTC (rev 294397)
@@ -27,6 +27,7 @@
 #import "WebProcess.h"
 
 #import "AccessibilitySupportSPI.h"
+#import "DefaultWebBrowserChecks.h"
 #import "LegacyCustomProtocolManager.h"
 #import "LogInitialization.h"
 #import "Logging.h"
@@ -93,6 +94,7 @@
 #import <pal/spi/cg/CoreGraphicsSPI.h>
 #import <pal/spi/cocoa/AVFoundationSPI.h>
 #import <pal/spi/cocoa/CoreServicesSPI.h>
+#import <pal/spi/cocoa/DataDetectorsCoreSPI.h>
 #import <pal/spi/cocoa/LaunchServicesSPI.h>
 #import <pal/spi/cocoa/NSAccessibilitySPI.h>
 #import <pal/spi/cocoa/QuartzCoreSPI.h>
@@ -157,6 +159,7 @@
 #import <pal/cf/AudioToolboxSoftLink.h>
 #import <pal/cf/VideoToolboxSoftLink.h>
 #import <pal/cocoa/AVFoundationSoftLink.h>
+#import <pal/cocoa/DataDetectorsCoreSoftLink.h>
 #import <pal/cocoa/MediaToolboxSoftLink.h>
 
 #if USE(APPLE_INTERNAL_SDK)
@@ -410,7 +413,6 @@
 #endif
 
 #if PLATFORM(IOS_FAMILY)
-    SandboxExtension::consumePermanently(parameters.dynamicMachExtensionHandles);
     SandboxExtension::consumePermanently(parameters.dynamicIOKitExtensionHandles);
 #endif
     
@@ -446,6 +448,9 @@
     WebCore::IOSurface::setBytesPerRowAlignment(parameters.bytesPerRowIOSurfaceAlignment);
 
     accessibilityPreferencesDidChange(parameters.accessibilityPreferences);
+
+    if (!isParentProcessAFullWebBrowser(*this))
+        disableURLSchemeCheckInDataDetectors();
 }
 
 void WebProcess::platformSetWebsiteDataStoreParameters(WebProcessDataStoreParameters&& parameters)
@@ -1164,6 +1169,14 @@
     m_assetServiceV2Extension = nullptr;
 }
 
+void WebProcess::disableURLSchemeCheckInDataDetectors() const
+{
+#if HAVE(DDRESULT_DISABLE_URL_SCHEME_CHECKING)
+    if (PAL::canLoad_DataDetectorsCore_DDResultDisableURLSchemeChecking())
+        PAL::softLinkDataDetectorsCoreDDResultDisableURLSchemeChecking();
+#endif
+}
+
 void WebProcess::switchFromStaticFontRegistryToUserFontRegistry(WebKit::SandboxExtension::Handle&& fontMachExtensionHandle)
 {
     SandboxExtension::consumePermanently(fontMachExtensionHandle);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes