[webkit-changes] [229484] trunk/Source/WebKit

[pvollan]

Title: [229484] trunk/Source/WebKit

Revision

229484

Author

pvol...@apple.com

Date

2018-03-09 14:43:49 -0800 (Fri, 09 Mar 2018)

Log Message

Create CA layer contexts with +remoteContextWithOptions.
https://bugs.webkit.org/show_bug.cgi?id=182747

Reviewed by Brent Fulgham.

CA layer contexts (CAContext) are currently created with +contextWithCGSConnection, which is
using the main WindowServer connection to create the context. Instead, the contexts can be
created with +remoteContextWithOptions, which does not use the main WindowServer connection.
This is a step towards limiting the access the WebContent process has to the window server.
To make the +remoteContextWithOptions call succeed, the sandbox has to be modified to allow
access to CARenderServer. Also, access to the WindowServer should be denied by calling
CGSSetDenyWindowServerConnections(true) before entering the sandbox. This is planned to do
in a follow-up patch. The call to +remoteContextWithOptions will open up WindowServer
connections, since the WindowServer is the system default CA render server, but these
connections come with limited WindowServer exposure. In addition, we need to open up the
sandbox for accessing some IOKit properties.

* Platform/mac/LayerHostingContext.mm:
(WebKit::LayerHostingContext::createForExternalHostingProcess):
* Shared/mac/HangDetectionDisablerMac.mm:
(WebKit::setClientsMayIgnoreEvents):
* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Platform/mac/LayerHostingContext.mm
• trunk/Source/WebKit/Shared/mac/HangDetectionDisablerMac.mm
• trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (229483 => 229484)

--- trunk/Source/WebKit/ChangeLog	2018-03-09 21:47:31 UTC (rev 229483)
+++ trunk/Source/WebKit/ChangeLog	2018-03-09 22:43:49 UTC (rev 229484)
@@ -1,3 +1,28 @@
+2018-03-09  Per Arne Vollan  <pvol...@apple.com>
+
+        Create CA layer contexts with +remoteContextWithOptions.
+        https://bugs.webkit.org/show_bug.cgi?id=182747
+
+        Reviewed by Brent Fulgham.
+
+        CA layer contexts (CAContext) are currently created with +contextWithCGSConnection, which is
+        using the main WindowServer connection to create the context. Instead, the contexts can be
+        created with +remoteContextWithOptions, which does not use the main WindowServer connection.
+        This is a step towards limiting the access the WebContent process has to the window server.
+        To make the +remoteContextWithOptions call succeed, the sandbox has to be modified to allow
+        access to CARenderServer. Also, access to the WindowServer should be denied by calling
+        CGSSetDenyWindowServerConnections(true) before entering the sandbox. This is planned to do
+        in a follow-up patch. The call to +remoteContextWithOptions will open up WindowServer
+        connections, since the WindowServer is the system default CA render server, but these
+        connections come with limited WindowServer exposure. In addition, we need to open up the
+        sandbox for accessing some IOKit properties.
+
+        * Platform/mac/LayerHostingContext.mm:
+        (WebKit::LayerHostingContext::createForExternalHostingProcess):
+        * Shared/mac/HangDetectionDisablerMac.mm:
+        (WebKit::setClientsMayIgnoreEvents):
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2018-03-09  Brent Fulgham  <bfulg...@apple.com>
 
         Remove cookie API access from WebContent Process

Modified: trunk/Source/WebKit/Platform/mac/LayerHostingContext.mm (229483 => 229484)

--- trunk/Source/WebKit/Platform/mac/LayerHostingContext.mm	2018-03-09 21:47:31 UTC (rev 229483)
+++ trunk/Source/WebKit/Platform/mac/LayerHostingContext.mm	2018-03-09 22:43:49 UTC (rev 229484)
@@ -63,6 +63,9 @@
     layerHostingContext->m_context = [CAContext remoteContextWithOptions:@{
         kCAContextIgnoresHitTest : @YES,
         kCAContextDisplayId : @10000 }];
+#elif __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
+    [CAContext setAllowsCGSConnections:NO];
+    layerHostingContext->m_context = [CAContext remoteContextWithOptions:@{kCAContextCIFilterBehavior :  @"ignore"}];
 #else
     layerHostingContext->m_context = [CAContext contextWithCGSConnection:CGSMainConnectionID() options:@{ kCAContextCIFilterBehavior : @"ignore" }];
 #endif

Modified: trunk/Source/WebKit/Shared/mac/HangDetectionDisablerMac.mm (229483 => 229484)

--- trunk/Source/WebKit/Shared/mac/HangDetectionDisablerMac.mm	2018-03-09 21:47:31 UTC (rev 229483)
+++ trunk/Source/WebKit/Shared/mac/HangDetectionDisablerMac.mm	2018-03-09 22:43:49 UTC (rev 229484)
@@ -46,7 +46,14 @@
 
 static void setClientsMayIgnoreEvents(bool clientsMayIgnoreEvents)
 {
-    if (CGSSetConnectionProperty(CGSMainConnectionID(), CGSMainConnectionID(), clientsMayIgnoreEventsKey, clientsMayIgnoreEvents ? kCFBooleanTrue : kCFBooleanFalse) != kCGErrorSuccess)
+    auto cgsId = CGSMainConnectionID();
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
+    // In macOS 10.14 and later, the WebContent process does not have access to the WindowServer.
+    // In this case, there will be no valid WindowServer main connection.
+    if (!cgsId)
+        return;
+#endif
+    if (CGSSetConnectionProperty(cgsId, cgsId, clientsMayIgnoreEventsKey, clientsMayIgnoreEvents ? kCFBooleanTrue : kCFBooleanFalse) != kCGErrorSuccess)
         ASSERT_NOT_REACHED();
 }
 

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (229483 => 229484)

--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2018-03-09 21:47:31 UTC (rev 229483)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2018-03-09 22:43:49 UTC (rev 229484)
@@ -330,6 +330,25 @@
     (iokit-property "saved-config")
     (iokit-property "startup-timing")
     (iokit-property "touch-size-id")
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
+    (iokit-property "ATY,cbits")
+    (iokit-property "ATY,intrev")
+    (iokit-property "AccelNativeDMARowByteAlignment")
+    (iokit-property "CompactVRAM")
+    (iokit-property "EnableBlitLib")
+    (iokit-property "ForceDisableEDRAM")
+    (iokit-property "GPUConfigurationVariable")
+    (iokit-property "GpuDebugPolicy")
+    (iokit-property "IOKitDebug")
+    (iokit-property "IOPCIMatch")
+    (iokit-property "IOOCDBundleName")
+    (iokit-property "MetalStatisticsScriptName")
+    (iokit-property "MetalCoalesce")
+    (iokit-property "PanicOnGPUHang")
+    (iokit-property "TelemetryDisable")
+    (iokit-property "cail_properties")
+    (iokit-property "dpm")
+#endif
 )
 
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300
@@ -569,7 +588,11 @@
        (global-name "com.apple.trustd")
        (global-name "com.apple.trustd.agent")
        (global-name "com.apple.window_proxies")
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
+       (global-name "com.apple.CARenderServer") ; Needed for [CAContext remoteContextWithOptions]
+#else
        (global-name "com.apple.windowserver.active")
+#endif
        (global-name "com.apple.xpc.activity.unmanaged")
        (global-name "com.apple.xpcd")
 )

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes