Diff
Modified: branches/safari-606-branch/Source/WebKit/ChangeLog (234243 => 234244)
--- branches/safari-606-branch/Source/WebKit/ChangeLog 2018-07-26 07:15:10 UTC (rev 234243)
+++ branches/safari-606-branch/Source/WebKit/ChangeLog 2018-07-26 07:15:14 UTC (rev 234244)
@@ -1,5 +1,58 @@
2018-07-25 Babak Shafiei <[email protected]>
+ Cherry-pick r234195. rdar://problem/42604534
+
+ [macOS] PluginProcess needs TCC entitlements for media capture
+ https://bugs.webkit.org/show_bug.cgi?id=187981
+ <rdar://problem/42433634>
+
+ Reviewed by Chris Dumez.
+
+ The changes needed in Bug 185526 are also needed for the plugin process, or else the UIProcess
+ (e.g., Safari) is not able to pass the user's camera/microphone access permission to the plugin process.
+
+ This patch has the following changes:
+
+ 1. Rename "WebContent-OSX-restricted.entitlements" to "WebContent-or-Plugin-OSX-restricted.entitlements"
+ 2. Rename "process-webcontent-entitlements.sh" to "process-webcontent-or-plugin-entitlements.sh"
+ 3. Add a run-script step to the Plugin.64 and Plugin.32 builds to add the relevant entitlements.
+ 4. Silence some Flash plugin sandbox exceptions triggered after activating the camera.
+
+ * Configurations/WebContent-or-Plugin-OSX-restricted.entitlements: Renamed from Source/WebKit/Configurations/WebContent-OSX-restricted.entitlements.
+ * Resources/PlugInSandboxProfiles/com.macromedia.Flash Player ESR.plugin.sb: Address sandbox violations needed by camera use.
+ * Resources/PlugInSandboxProfiles/com.macromedia.Flash Player.plugin.sb: Ditto.
+ * Scripts/process-webcontent-or-plugin-entitlements.sh: Renamed from Source/WebKit/Scripts/process-webcontent-entitlements.sh.
+ * WebKit.xcodeproj/project.pbxproj: Update for renaming, and perform entitlement steps on Plugin process.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234195 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-07-25 Brent Fulgham <[email protected]>
+
+ [macOS] PluginProcess needs TCC entitlements for media capture
+ https://bugs.webkit.org/show_bug.cgi?id=187981
+ <rdar://problem/42433634>
+
+ Reviewed by Chris Dumez.
+
+ The changes needed in Bug 185526 are also needed for the plugin process, or else the UIProcess
+ (e.g., Safari) is not able to pass the user's camera/microphone access permission to the plugin process.
+
+ This patch has the following changes:
+
+ 1. Rename "WebContent-OSX-restricted.entitlements" to "WebContent-or-Plugin-OSX-restricted.entitlements"
+ 2. Rename "process-webcontent-entitlements.sh" to "process-webcontent-or-plugin-entitlements.sh"
+ 3. Add a run-script step to the Plugin.64 and Plugin.32 builds to add the relevant entitlements.
+ 4. Silence some Flash plugin sandbox exceptions triggered after activating the camera.
+
+ * Configurations/WebContent-or-Plugin-OSX-restricted.entitlements: Renamed from Source/WebKit/Configurations/WebContent-OSX-restricted.entitlements.
+ * Resources/PlugInSandboxProfiles/com.macromedia.Flash Player ESR.plugin.sb: Address sandbox violations needed by camera use.
+ * Resources/PlugInSandboxProfiles/com.macromedia.Flash Player.plugin.sb: Ditto.
+ * Scripts/process-webcontent-or-plugin-entitlements.sh: Renamed from Source/WebKit/Scripts/process-webcontent-entitlements.sh.
+ * WebKit.xcodeproj/project.pbxproj: Update for renaming, and perform entitlement steps on Plugin process.
+
+2018-07-25 Babak Shafiei <[email protected]>
+
Cherry-pick r234181. rdar://problem/42604524
Enable Web Content Filtering on watchOS
Deleted: branches/safari-606-branch/Source/WebKit/Configurations/WebContent-OSX-restricted.entitlements (234243 => 234244)
--- branches/safari-606-branch/Source/WebKit/Configurations/WebContent-OSX-restricted.entitlements 2018-07-26 07:15:10 UTC (rev 234243)
+++ branches/safari-606-branch/Source/WebKit/Configurations/WebContent-OSX-restricted.entitlements 2018-07-26 07:15:14 UTC (rev 234244)
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
- <key>com.apple.tcc.delegated-services</key>
- <array>
- <string>kTCCServiceCamera</string>
- <string>kTCCServiceMicrophone</string>
- </array>
-</dict>
-</plist>
Copied: branches/safari-606-branch/Source/WebKit/Configurations/WebContent-or-Plugin-OSX-restricted.entitlements (from rev 234243, branches/safari-606-branch/Source/WebKit/Configurations/WebContent-OSX-restricted.entitlements) (0 => 234244)
--- branches/safari-606-branch/Source/WebKit/Configurations/WebContent-or-Plugin-OSX-restricted.entitlements (rev 0)
+++ branches/safari-606-branch/Source/WebKit/Configurations/WebContent-or-Plugin-OSX-restricted.entitlements 2018-07-26 07:15:14 UTC (rev 234244)
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.tcc.delegated-services</key>
+ <array>
+ <string>kTCCServiceCamera</string>
+ <string>kTCCServiceMicrophone</string>
+ </array>
+</dict>
+</plist>
Modified: branches/safari-606-branch/Source/WebKit/Resources/PlugInSandboxProfiles/com.macromedia.Flash Player ESR.plugin.sb (234243 => 234244)
--- branches/safari-606-branch/Source/WebKit/Resources/PlugInSandboxProfiles/com.macromedia.Flash Player ESR.plugin.sb 2018-07-26 07:15:10 UTC (rev 234243)
+++ branches/safari-606-branch/Source/WebKit/Resources/PlugInSandboxProfiles/com.macromedia.Flash Player ESR.plugin.sb 2018-07-26 07:15:14 UTC (rev 234244)
@@ -62,3 +62,18 @@
(allow network-bind (local ip))
+;;;
+;;; Needed for Camera access
+;;;
+(allow iokit-get-properties
+ (iokit-property-regex #"^(Activation|Animation)Thresholds")
+ (iokit-property-regex #"^((Accurate|Extended)Max|Min)DigitizerPressureValue")
+ (iokit-property "IOPCITunnelCompatible")
+ (iokit-property "PowerControlSupported")
+ (iokit-property "Removable")
+ (iokit-property "ResetOnLockMs")
+ (iokit-property "ResetOnUnlockMs")
+ (iokit-property "ShouldResetOnButton")
+ (iokit-property-regex #"^Support(sSilentClick|TapToWake)")
+ (iokit-property "WirelessChargingNotificationSupported")
+)
Modified: branches/safari-606-branch/Source/WebKit/Resources/PlugInSandboxProfiles/com.macromedia.Flash Player.plugin.sb (234243 => 234244)
--- branches/safari-606-branch/Source/WebKit/Resources/PlugInSandboxProfiles/com.macromedia.Flash Player.plugin.sb 2018-07-26 07:15:10 UTC (rev 234243)
+++ branches/safari-606-branch/Source/WebKit/Resources/PlugInSandboxProfiles/com.macromedia.Flash Player.plugin.sb 2018-07-26 07:15:14 UTC (rev 234244)
@@ -62,3 +62,18 @@
(allow network-bind (local ip))
+;;;
+;;; Needed for Camera access
+;;;
+(allow iokit-get-properties
+ (iokit-property-regex #"^(Activation|Animation)Thresholds")
+ (iokit-property-regex #"^((Accurate|Extended)Max|Min)DigitizerPressureValue")
+ (iokit-property "IOPCITunnelCompatible")
+ (iokit-property "PowerControlSupported")
+ (iokit-property "Removable")
+ (iokit-property "ResetOnLockMs")
+ (iokit-property "ResetOnUnlockMs")
+ (iokit-property "ShouldResetOnButton")
+ (iokit-property-regex #"^Support(sSilentClick|TapToWake)")
+ (iokit-property "WirelessChargingNotificationSupported")
+)
Deleted: branches/safari-606-branch/Source/WebKit/Scripts/process-webcontent-entitlements.sh (234243 => 234244)
--- branches/safari-606-branch/Source/WebKit/Scripts/process-webcontent-entitlements.sh 2018-07-26 07:15:10 UTC (rev 234243)
+++ branches/safari-606-branch/Source/WebKit/Scripts/process-webcontent-entitlements.sh 2018-07-26 07:15:14 UTC (rev 234244)
@@ -1,26 +0,0 @@
-#!/bin/sh
-set -e
-
-PROCESSED_XCENT_FILE="${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent"
-
-if [[ ${WK_PLATFORM_NAME} == "macosx" ]]; then
-
- if [[ ${WK_USE_RESTRICTED_ENTITLEMENTS} == "YES" ]]; then
- echo "Processing restricted entitlements for Internal SDK";
-
- if (( ${TARGET_MAC_OS_X_VERSION_MAJOR} >= 101400 )); then
- echo "Adding macOS platform entitlements.";
- /usr/libexec/PlistBuddy -c "Merge Configurations/WebContent-OSX-restricted.entitlements" "${PROCESSED_XCENT_FILE}";
- fi
-
- if [[ ${WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT} == "YES" ]]; then
- echo "Adding domain extension entitlement for relocatable build.";
- /usr/libexec/PlistBuddy -c "Add :com.apple.private.xpc.domain-extension bool YES" "${PROCESSED_XCENT_FILE}";
- fi
- fi
-
- if [[ ${WK_XPC_SERVICE_VARIANT} == "Development" ]]; then
- echo "Disabling library validation for development build.";
- /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.disable-library-validation bool YES" "${PROCESSED_XCENT_FILE}";
- fi
-fi
Copied: branches/safari-606-branch/Source/WebKit/Scripts/process-webcontent-or-plugin-entitlements.sh (from rev 234243, branches/safari-606-branch/Source/WebKit/Scripts/process-webcontent-entitlements.sh) (0 => 234244)
--- branches/safari-606-branch/Source/WebKit/Scripts/process-webcontent-or-plugin-entitlements.sh (rev 0)
+++ branches/safari-606-branch/Source/WebKit/Scripts/process-webcontent-or-plugin-entitlements.sh 2018-07-26 07:15:14 UTC (rev 234244)
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+PROCESSED_XCENT_FILE="${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent"
+
+if [[ ${WK_PLATFORM_NAME} == "macosx" ]]; then
+
+ if [[ ${WK_USE_RESTRICTED_ENTITLEMENTS} == "YES" ]]; then
+ echo "Processing restricted entitlements for Internal SDK";
+
+ if (( ${TARGET_MAC_OS_X_VERSION_MAJOR} >= 101400 )); then
+ echo "Adding macOS platform entitlements.";
+ /usr/libexec/PlistBuddy -c "Merge Configurations/WebContent-or-Plugin-OSX-restricted.entitlements" "${PROCESSED_XCENT_FILE}";
+ fi
+
+ if [[ ${WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT} == "YES" ]]; then
+ echo "Adding domain extension entitlement for relocatable build.";
+ /usr/libexec/PlistBuddy -c "Add :com.apple.private.xpc.domain-extension bool YES" "${PROCESSED_XCENT_FILE}";
+ fi
+ fi
+
+ if [[ ${WK_XPC_SERVICE_VARIANT} == "Development" ]]; then
+ echo "Disabling library validation for development build.";
+ /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.disable-library-validation bool YES" "${PROCESSED_XCENT_FILE}";
+ fi
+fi
Modified: branches/safari-606-branch/Source/WebKit/WebKit.xcodeproj/project.pbxproj (234243 => 234244)
--- branches/safari-606-branch/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-07-26 07:15:10 UTC (rev 234243)
+++ branches/safari-606-branch/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-07-26 07:15:14 UTC (rev 234244)
@@ -3355,7 +3355,7 @@
37A64E5618F38F4600EB30F1 /* _WKFormInputSession.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = _WKFormInputSession.h; sourceTree = "<group>"; };
37A709A61E3EA0FD00CA5969 /* WKDataDetectorTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKDataDetectorTypes.h; sourceTree = "<group>"; };
37A709A81E3EA40C00CA5969 /* WKDataDetectorTypesInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKDataDetectorTypesInternal.h; sourceTree = "<group>"; };
- 37B418EB1C9624F20031E63B /* WebContent-OSX-restricted.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = "WebContent-OSX-restricted.entitlements"; sourceTree = "<group>"; };
+ 37B418EB1C9624F20031E63B /* WebContent-or-Plugin-OSX-restricted.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = "WebContent-or-Plugin-OSX-restricted.entitlements"; sourceTree = "<group>"; };
37B47E2C1D64DB76005F4EFF /* objcSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = objcSPI.h; sourceTree = "<group>"; };
37B5045119EEF31300CE2CF8 /* WKErrorPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKErrorPrivate.h; sourceTree = "<group>"; };
37BEC4DE19491486008B4286 /* CompletionHandlerCallChecker.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = CompletionHandlerCallChecker.mm; sourceTree = "<group>"; };
@@ -3909,7 +3909,7 @@
7A9CD8C21C779AD600D9F6C7 /* WebResourceLoadStatisticsStore.messages.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = WebResourceLoadStatisticsStore.messages.in; sourceTree = "<group>"; };
7AB6EA441EEAAE2300037B2B /* APIIconDatabaseClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIIconDatabaseClient.h; sourceTree = "<group>"; };
7AB6EA461EEAB6B000037B2B /* APIGeolocationProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIGeolocationProvider.h; sourceTree = "<group>"; };
- 7ACFAAD820B88D4F00C53203 /* process-webcontent-entitlements.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = "process-webcontent-entitlements.sh"; sourceTree = "<group>"; };
+ 7ACFAAD820B88D4F00C53203 /* process-webcontent-or-plugin-entitlements.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = "process-webcontent-or-plugin-entitlements.sh"; sourceTree = "<group>"; };
7AF2361E1E79A3B400438A05 /* WebErrors.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebErrors.cpp; sourceTree = "<group>"; };
7AF2361F1E79A3D800438A05 /* WebErrors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebErrors.h; sourceTree = "<group>"; };
7AF236221E79A43100438A05 /* WebErrorsCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebErrorsCocoa.mm; sourceTree = "<group>"; };
@@ -5184,7 +5184,7 @@
1A4F976E100E7B6600637A18 /* Version.xcconfig */,
37119A7E20CCB64E002C6DC9 /* WebContent-iOS-minimalsimulator.entitlements */,
7C0BB9A818DCDE890006C086 /* WebContent-iOS.entitlements */,
- 37B418EB1C9624F20031E63B /* WebContent-OSX-restricted.entitlements */,
+ 37B418EB1C9624F20031E63B /* WebContent-or-Plugin-OSX-restricted.entitlements */,
7AF66E1120C07CB6007828EA /* WebContent-OSX.entitlements */,
372EBB4A2017E76000085064 /* WebContentService.Development.xcconfig */,
BCACC40E16B0B8A800B6E092 /* WebContentService.xcconfig */,
@@ -8629,7 +8629,7 @@
0FC0856F187CE0A900780D86 /* messages.py */,
0FC08570187CE0A900780D86 /* model.py */,
0FC08571187CE0A900780D86 /* parser.py */,
- 7ACFAAD820B88D4F00C53203 /* process-webcontent-entitlements.sh */,
+ 7ACFAAD820B88D4F00C53203 /* process-webcontent-or-plugin-entitlements.sh */,
);
path = Scripts;
sourceTree = "<group>";
@@ -10140,6 +10140,7 @@
BC8283F516B4FDDE00A278FE /* Sources */,
BC8283F616B4FDDE00A278FE /* Frameworks */,
BC8283F716B4FDDE00A278FE /* Resources */,
+ 7A79E2DE2107F32B00EF32A4 /* Process Plugin entitlements */,
);
buildRules = (
);
@@ -10159,6 +10160,7 @@
BC82841B16B4FDF600A278FE /* Sources */,
BC82841C16B4FDF600A278FE /* Frameworks */,
BC82841D16B4FDF600A278FE /* Resources */,
+ 7A79E2DD2107F2DD00EF32A4 /* Process Plugin entitlements */,
);
buildRules = (
);
@@ -10523,6 +10525,44 @@
shellPath = /bin/sh;
shellScript = "# We autogenerate this file, so don't want to retain an old copy during builds.\nrm -f ${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent\n";
};
+ 7A79E2DD2107F2DD00EF32A4 /* Process Plugin entitlements */ = {
+ isa = PBXShellScriptBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ );
+ inputFileListPaths = (
+ );
+ inputPaths = (
+ "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent",
+ );
+ name = "Process Plugin entitlements";
+ outputFileListPaths = (
+ );
+ outputPaths = (
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ shellPath = /bin/sh;
+ shellScript = "Scripts/process-webcontent-or-plugin-entitlements.sh\n";
+ };
+ 7A79E2DE2107F32B00EF32A4 /* Process Plugin entitlements */ = {
+ isa = PBXShellScriptBuildPhase;
+ buildActionMask = 2147483647;
+ files = (
+ );
+ inputFileListPaths = (
+ );
+ inputPaths = (
+ "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent",
+ );
+ name = "Process Plugin entitlements";
+ outputFileListPaths = (
+ );
+ outputPaths = (
+ );
+ runOnlyForDeploymentPostprocessing = 0;
+ shellPath = /bin/sh;
+ shellScript = "Scripts/process-webcontent-or-plugin-entitlements.sh\n";
+ };
7AFCBD5420B8911D00F55C9C /* Process WebContent entitlements */ = {
isa = PBXShellScriptBuildPhase;
buildActionMask = 2147483647;
@@ -10536,7 +10576,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
- shellScript = "Scripts/process-webcontent-entitlements.sh\n";
+ shellScript = "Scripts/process-webcontent-or-plugin-entitlements.sh\n";
};
7AFCBD5520B8917D00F55C9C /* Process WebContent entitlements */ = {
isa = PBXShellScriptBuildPhase;
@@ -10551,7 +10591,7 @@
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
- shellScript = "Scripts/process-webcontent-entitlements.sh\n";
+ shellScript = "Scripts/process-webcontent-or-plugin-entitlements.sh\n";
};
99CA3862207286DB00BAD578 /* Copy WebDriver Atoms to Framework Private Headers */ = {
isa = PBXShellScriptBuildPhase;
