[webkit-changes] [228933] trunk/Source/WebKit

Thu, 22 Feb 2018 14:05:21 -0800

Title: [228933] trunk/Source/WebKit
Revision
228933
Author
[email protected]
Date
2018-02-22 14:05:06 -0800 (Thu, 22 Feb 2018)

Log Message

Add an entitlement check for service worker on iOS
https://bugs.webkit.org/show_bug.cgi?id=182865

Reviewed by Dan Bernstein.

Addressed Dan's comment by using xpc_connection_copy_entitlement_value instead of obtaining the audit token first.

* Shared/mac/SandboxUtilities.h:
* Shared/mac/SandboxUtilities.mm:
(WebKit::connectedProcessHasEntitlement):
* StorageProcess/ios/StorageProcessIOS.mm:
(WebKit::StorageProcess::parentProcessHasServiceWorkerEntitlement const):
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::parentProcessHasServiceWorkerEntitlement const):

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (228932 => 228933)


--- trunk/Source/WebKit/ChangeLog	2018-02-22 21:53:12 UTC (rev 228932)
+++ trunk/Source/WebKit/ChangeLog	2018-02-22 22:05:06 UTC (rev 228933)
@@ -1,3 +1,20 @@
+2018-02-22  Ryosuke Niwa  <[email protected]>
+
+        Add an entitlement check for service worker on iOS
+        https://bugs.webkit.org/show_bug.cgi?id=182865
+
+        Reviewed by Dan Bernstein.
+
+        Addressed Dan's comment by using xpc_connection_copy_entitlement_value instead of obtaining the audit token first.
+
+        * Shared/mac/SandboxUtilities.h:
+        * Shared/mac/SandboxUtilities.mm:
+        (WebKit::connectedProcessHasEntitlement):
+        * StorageProcess/ios/StorageProcessIOS.mm:
+        (WebKit::StorageProcess::parentProcessHasServiceWorkerEntitlement const):
+        * WebProcess/WebPage/ios/WebPageIOS.mm:
+        (WebKit::WebPage::parentProcessHasServiceWorkerEntitlement const):
+
 2018-02-22  Youenn Fablet  <[email protected]>
 
         Fetch event release assert should take into account the fetch mode

Modified: trunk/Source/WebKit/Shared/mac/SandboxUtilities.h (228932 => 228933)


--- trunk/Source/WebKit/Shared/mac/SandboxUtilities.h	2018-02-22 21:53:12 UTC (rev 228932)
+++ trunk/Source/WebKit/Shared/mac/SandboxUtilities.h	2018-02-22 22:05:06 UTC (rev 228933)
@@ -39,6 +39,6 @@
 String pathForProcessContainer();
 
 bool processHasEntitlement(NSString *entitlement);
-bool connectedProcessHasEntitlement(xpc_connection_t, NSString *entitlement);
+bool connectedProcessHasEntitlement(xpc_connection_t, const char *entitlement);
 
 }

Modified: trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm (228932 => 228933)


--- trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm	2018-02-22 21:53:12 UTC (rev 228932)
+++ trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm	2018-02-22 22:05:06 UTC (rev 228933)
@@ -28,6 +28,7 @@
 
 #import <array>
 #import <sys/param.h>
+#import <wtf/OSObjectPtr.h>
 #import <wtf/spi/cocoa/SecuritySPI.h>
 #import <wtf/spi/darwin/SandboxSPI.h>
 #import <wtf/spi/darwin/XPCSPI.h>
@@ -92,20 +93,13 @@
     return CFBooleanGetValue(static_cast<CFBooleanRef>(value.get()));
 }
 
-bool connectedProcessHasEntitlement(xpc_connection_t connection, NSString *entitlement)
+bool connectedProcessHasEntitlement(xpc_connection_t connection, const char *entitlement)
 {
-    audit_token_t token;
-    xpc_connection_get_audit_token(connection, &token);
-    auto task = adoptCF(SecTaskCreateWithAuditToken(NULL, token));
-
-    auto value = adoptCF(SecTaskCopyValueForEntitlement(task.get(), (__bridge CFStringRef)entitlement, nullptr));
+    auto value = adoptOSObject(xpc_connection_copy_entitlement_value(connection, entitlement));
     if (!value)
         return false;
 
-    if (CFGetTypeID(value.get()) != CFBooleanGetTypeID())
-        return false;
-
-    return CFBooleanGetValue(static_cast<CFBooleanRef>(value.get()));
+    return xpc_get_type(value.get()) == XPC_TYPE_BOOL && xpc_bool_get_value(value.get());
 }
 
 }

Modified: trunk/Source/WebKit/StorageProcess/ios/StorageProcessIOS.mm (228932 => 228933)


--- trunk/Source/WebKit/StorageProcess/ios/StorageProcessIOS.mm	2018-02-22 21:53:12 UTC (rev 228932)
+++ trunk/Source/WebKit/StorageProcess/ios/StorageProcessIOS.mm	2018-02-22 22:05:06 UTC (rev 228933)
@@ -61,7 +61,7 @@
 
 bool StorageProcess::parentProcessHasServiceWorkerEntitlement() const
 {
-    static bool hasEntitlement = connectedProcessHasEntitlement(parentProcessConnection()->xpcConnection(), @"com.apple.developer.WebKit.ServiceWorkers");
+    static bool hasEntitlement = connectedProcessHasEntitlement(parentProcessConnection()->xpcConnection(), "com.apple.developer.WebKit.ServiceWorkers");
     return hasEntitlement;
 }

Modified: trunk/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm (228932 => 228933)


--- trunk/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm	2018-02-22 21:53:12 UTC (rev 228932)
+++ trunk/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm	2018-02-22 22:05:06 UTC (rev 228933)
@@ -392,7 +392,7 @@
 
 bool WebPage::parentProcessHasServiceWorkerEntitlement() const
 {
-    static bool hasEntitlement = connectedProcessHasEntitlement(WebProcess::singleton().parentProcessConnection()->xpcConnection(), @"com.apple.developer.WebKit.ServiceWorkers");
+    static bool hasEntitlement = connectedProcessHasEntitlement(WebProcess::singleton().parentProcessConnection()->xpcConnection(), "com.apple.developer.WebKit.ServiceWorkers");
     return hasEntitlement;
 }
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to