Diff
Modified: trunk/Source/WebKit/GPUProcess/GPUProcess.cpp (295086 => 295087)
--- trunk/Source/WebKit/GPUProcess/GPUProcess.cpp 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/GPUProcess/GPUProcess.cpp 2022-06-01 15:04:44 UTC (rev 295087)
@@ -265,6 +265,8 @@
SandboxExtension::consumePermanently(parameters.dynamicIOKitExtensionHandles);
#endif
+ populateMobileGestaltCache(WTFMove(parameters.mobileGestaltExtensionHandle));
+
#if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES)
auto emptyArray = adoptCF(CFArrayCreate(kCFAllocatorDefault, nullptr, 0, &kCFTypeArrayCallBacks));
CGImageSourceSetAllowableTypes(emptyArray.get());
Modified: trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp (295086 => 295087)
--- trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp 2022-06-01 15:04:44 UTC (rev 295087)
@@ -61,6 +61,7 @@
encoder << compilerServiceExtensionHandles;
encoder << dynamicIOKitExtensionHandles;
#endif
+ encoder << mobileGestaltExtensionHandle;
encoder << applicationVisibleName;
}
@@ -112,6 +113,12 @@
result.dynamicIOKitExtensionHandles = WTFMove(*dynamicIOKitExtensionHandles);
#endif
+ std::optional<std::optional<SandboxExtension::Handle>> mobileGestaltExtensionHandle;
+ decoder >> mobileGestaltExtensionHandle;
+ if (!mobileGestaltExtensionHandle)
+ return false;
+ result.mobileGestaltExtensionHandle = WTFMove(*mobileGestaltExtensionHandle);
+
if (!decoder.decode(result.applicationVisibleName))
return false;
Modified: trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h (295086 => 295087)
--- trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h 2022-06-01 15:04:44 UTC (rev 295087)
@@ -61,6 +61,7 @@
Vector<SandboxExtension::Handle> compilerServiceExtensionHandles;
Vector<SandboxExtension::Handle> dynamicIOKitExtensionHandles;
#endif
+ std::optional<SandboxExtension::Handle> mobileGestaltExtensionHandle;
String applicationVisibleName;
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in (295086 => 295087)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in 2022-06-01 15:04:44 UTC (rev 295087)
@@ -401,6 +401,11 @@
(allow mach-lookup (with telemetry)
(global-name "com.apple.tccd"))
+(allow mach-lookup
+ (require-all
+ (extension "com.apple.webkit.extension.mach")
+ (global-name "com.apple.mobilegestalt.xpc")))
+
;; <rdar://problem/12413942>
(allow file-read*
(well-known-system-group-container-literal "/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist"))
Modified: trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp (295086 => 295087)
--- trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/Shared/AuxiliaryProcess.cpp 2022-06-01 15:04:44 UTC (rev 295087)
@@ -218,6 +218,12 @@
#endif
}
+#if !PLATFORM(IOS_FAMILY) || PLATFORM(MACCATALYST)
+void AuxiliaryProcess::populateMobileGestaltCache(std::optional<SandboxExtension::Handle>&&)
+{
+}
+#endif
+
#if !PLATFORM(COCOA)
#if !OS(UNIX)
Modified: trunk/Source/WebKit/Shared/AuxiliaryProcess.h (295086 => 295087)
--- trunk/Source/WebKit/Shared/AuxiliaryProcess.h 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/Shared/AuxiliaryProcess.h 2022-06-01 15:04:44 UTC (rev 295087)
@@ -150,6 +150,8 @@
void openDirectoryCacheInvalidated(SandboxExtension::Handle&&);
#endif
+ void populateMobileGestaltCache(std::optional<SandboxExtension::Handle>&& mobileGestaltExtensionHandle);
+
private:
virtual bool shouldOverrideQuarantine() { return true; }
Modified: trunk/Source/WebKit/Shared/ios/AuxiliaryProcessIOS.mm (295086 => 295087)
--- trunk/Source/WebKit/Shared/ios/AuxiliaryProcessIOS.mm 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/Shared/ios/AuxiliaryProcessIOS.mm 2022-06-01 15:04:44 UTC (rev 295087)
@@ -34,6 +34,7 @@
#import <WebCore/SystemVersion.h>
#import <mach/mach.h>
#import <mach/task.h>
+#import <pal/spi/ios/MobileGestaltSPI.h>
#import <pwd.h>
#import <stdlib.h>
#import <sysexits.h>
@@ -51,6 +52,43 @@
}
+void AuxiliaryProcess::populateMobileGestaltCache(std::optional<SandboxExtension::Handle>&& mobileGestaltExtensionHandle)
+{
+ if (!mobileGestaltExtensionHandle)
+ return;
+
+ if (auto extension = SandboxExtension::create(WTFMove(*mobileGestaltExtensionHandle))) {
+ bool ok = extension->consume();
+ ASSERT_UNUSED(ok, ok);
+ // If we have an extension handle for MobileGestalt, it means the MobileGestalt cache is invalid.
+ // In this case, we perform a set of MobileGestalt queries while having access to the daemon,
+ // which will populate the MobileGestalt in-memory cache with correct values.
+ // The set of queries below was determined by finding all possible queries that have cachable
+ // values, and would reach out to the daemon for the answer. That way, the in-memory cache
+ // should be identical to a valid MobileGestalt cache after having queried all of these values.
+ MGGetFloat32Answer(kMGQMainScreenScale, 0);
+ MGGetSInt32Answer(kMGQMainScreenPitch, 0);
+ MGGetSInt32Answer(kMGQMainScreenClass, MGScreenClassPad2);
+ MGGetBoolAnswer(kMGQAppleInternalInstallCapability);
+ MGGetBoolAnswer(kMGQiPadCapability);
+ auto deviceName = adoptCF(MGCopyAnswer(kMGQDeviceName, nullptr));
+ MGGetSInt32Answer(kMGQDeviceClassNumber, MGDeviceClassInvalid);
+ MGGetBoolAnswer(kMGQHasExtendedColorDisplay);
+ MGGetFloat32Answer(kMGQDeviceCornerRadius, 0);
+ MGGetBoolAnswer(kMGQSupportsForceTouch);
+
+ auto answer = adoptCF(MGCopyAnswer(kMGQBluetoothCapability, nullptr));
+ answer = MGCopyAnswer(kMGQDeviceProximityCapability, nullptr);
+ answer = MGCopyAnswer(kMGQDeviceSupportsARKit, nullptr);
+ answer = MGCopyAnswer(kMGQTimeSyncCapability, nullptr);
+ answer = MGCopyAnswer(kMGQWAPICapability, nullptr);
+ answer = MGCopyAnswer(kMGQMainDisplayRotation, nullptr);
+
+ ok = extension->revoke();
+ ASSERT_UNUSED(ok, ok);
+ }
+}
+
} // namespace WebKit
#endif
Modified: trunk/Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp (295086 => 295087)
--- trunk/Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp 2022-06-01 15:04:44 UTC (rev 295087)
@@ -39,6 +39,10 @@
#include <wtf/spi/darwin/SandboxSPI.h>
#endif
+#if PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
+#import <pal/spi/ios/MobileGestaltSPI.h>
+#endif
+
namespace WebKit {
AuxiliaryProcessProxy::AuxiliaryProcessProxy(bool alwaysRunsAtBackgroundPriority, Seconds responsivenessTimeout)
@@ -418,4 +422,18 @@
return parameters;
}
+std::optional<SandboxExtension::Handle> AuxiliaryProcessProxy::createMobileGestaltSandboxExtensionIfNeeded() const
+{
+#if PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
+ if (_MGCacheValid())
+ return std::nullopt;
+
+ RELEASE_LOG_FAULT(Sandbox, "MobileGestalt cache is invalid! Creating a sandbox extension to repopulate cache in memory.");
+
+ return SandboxExtension::createHandleForMachLookup("com.apple.mobilegestalt.xpc"_s, std::nullopt);
+#else
+ return std::nullopt;
+#endif
+}
+
} // namespace WebKit
Modified: trunk/Source/WebKit/UIProcess/AuxiliaryProcessProxy.h (295086 => 295087)
--- trunk/Source/WebKit/UIProcess/AuxiliaryProcessProxy.h 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/UIProcess/AuxiliaryProcessProxy.h 2022-06-01 15:04:44 UTC (rev 295087)
@@ -30,6 +30,7 @@
#include "MessageReceiverMap.h"
#include "ProcessLauncher.h"
#include "ResponsivenessTimer.h"
+#include "SandboxExtension.h"
#include <WebCore/ProcessIdentifier.h>
#include <wtf/ProcessID.h>
#include <wtf/SystemTracing.h>
@@ -144,6 +145,8 @@
void ref() final { ThreadSafeRefCounted::ref(); }
void deref() final { ThreadSafeRefCounted::deref(); }
+ std::optional<SandboxExtension::Handle> createMobileGestaltSandboxExtensionIfNeeded() const;
+
protected:
// ProcessLauncher::Client
void didFinishLaunching(ProcessLauncher*, IPC::Connection::Identifier) override;
Modified: trunk/Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm (295086 => 295087)
--- trunk/Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/UIProcess/Cocoa/GPUProcessProxyCocoa.mm 2022-06-01 15:04:44 UTC (rev 295087)
@@ -35,6 +35,7 @@
void GPUProcessProxy::platformInitializeGPUProcessParameters(GPUProcessCreationParameters& parameters)
{
+ parameters.mobileGestaltExtensionHandle = createMobileGestaltSandboxExtensionIfNeeded();
parameters.applicationVisibleName = applicationVisibleName();
}
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (295086 => 295087)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-06-01 15:04:44 UTC (rev 295087)
@@ -384,12 +384,7 @@
parameters.contentSizeCategory = RenderThemeCocoa::singleton().contentSizeCategory();
#endif
-#if PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
- if (!_MGCacheValid()) {
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.mobilegestalt.xpc"_s, std::nullopt))
- parameters.mobileGestaltExtensionHandle = WTFMove(*handle);
- }
-#endif
+ parameters.mobileGestaltExtensionHandle = process.createMobileGestaltSandboxExtensionIfNeeded();
#if PLATFORM(MAC)
if (auto launchServicesExtensionHandle = SandboxExtension::createHandleForMachLookup("com.apple.coreservices.launchservicesd"_s, std::nullopt))
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (295086 => 295087)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2022-06-01 11:29:56 UTC (rev 295086)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2022-06-01 15:04:44 UTC (rev 295087)
@@ -127,7 +127,6 @@
#import <MobileCoreServices/MobileCoreServices.h>
#import <UIKit/UIAccessibility.h>
#import <pal/spi/ios/GraphicsServicesSPI.h>
-#import <pal/spi/ios/MobileGestaltSPI.h>
#endif
#if PLATFORM(IOS_FAMILY) && USE(APPLE_INTERNAL_SDK)
@@ -238,40 +237,8 @@
}
#endif
- if (parameters.mobileGestaltExtensionHandle) {
- if (auto extension = SandboxExtension::create(WTFMove(*parameters.mobileGestaltExtensionHandle))) {
- bool ok = extension->consume();
- ASSERT_UNUSED(ok, ok);
- // If we have an extension handle for MobileGestalt, it means the MobileGestalt cache is invalid.
- // In this case, we perform a set of MobileGestalt queries while having access to the daemon,
- // which will populate the MobileGestalt in-memory cache with correct values.
- // The set of queries below was determined by finding all possible queries that have cachable
- // values, and would reach out to the daemon for the answer. That way, the in-memory cache
- // should be identical to a valid MobileGestalt cache after having queried all of these values.
-#if PLATFORM(IOS_FAMILY) && !PLATFORM(MACCATALYST)
- MGGetFloat32Answer(kMGQMainScreenScale, 0);
- MGGetSInt32Answer(kMGQMainScreenPitch, 0);
- MGGetSInt32Answer(kMGQMainScreenClass, MGScreenClassPad2);
- MGGetBoolAnswer(kMGQAppleInternalInstallCapability);
- MGGetBoolAnswer(kMGQiPadCapability);
- auto deviceName = adoptCF(MGCopyAnswer(kMGQDeviceName, nullptr));
- MGGetSInt32Answer(kMGQDeviceClassNumber, MGDeviceClassInvalid);
- MGGetBoolAnswer(kMGQHasExtendedColorDisplay);
- MGGetFloat32Answer(kMGQDeviceCornerRadius, 0);
- MGGetBoolAnswer(kMGQSupportsForceTouch);
+ populateMobileGestaltCache(WTFMove(parameters.mobileGestaltExtensionHandle));
- auto answer = adoptCF(MGCopyAnswer(kMGQBluetoothCapability, nullptr));
- answer = MGCopyAnswer(kMGQDeviceProximityCapability, nullptr);
- answer = MGCopyAnswer(kMGQDeviceSupportsARKit, nullptr);
- answer = MGCopyAnswer(kMGQTimeSyncCapability, nullptr);
- answer = MGCopyAnswer(kMGQWAPICapability, nullptr);
- answer = MGCopyAnswer(kMGQMainDisplayRotation, nullptr);
-#endif
- ok = extension->revoke();
- ASSERT_UNUSED(ok, ok);
- }
- }
-
m_uiProcessBundleIdentifier = parameters.uiProcessBundleIdentifier;
#if ENABLE(SANDBOX_EXTENSIONS)
