Diff
Modified: trunk/Source/WTF/ChangeLog (239791 => 239792)
--- trunk/Source/WTF/ChangeLog 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WTF/ChangeLog 2019-01-10 00:31:52 UTC (rev 239792)
@@ -1,3 +1,13 @@
+2019-01-09 Alex Christensen <[email protected]>
+
+ Expand use of sourceApplicationAuditData
+ https://bugs.webkit.org/show_bug.cgi?id=192995
+ <rdar://problem/46627875>
+
+ Reviewed by Brady Eidson.
+
+ * wtf/Platform.h:
+
2019-01-09 Mark Lam <[email protected]>
Gigacage disabling checks should handle the GIGACAGE_ALLOCATION_CAN_FAIL case properly.
Modified: trunk/Source/WTF/wtf/Platform.h (239791 => 239792)
--- trunk/Source/WTF/wtf/Platform.h 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WTF/wtf/Platform.h 2019-01-10 00:31:52 UTC (rev 239792)
@@ -1359,6 +1359,10 @@
#define HAVE_RSA_PSS 1
#endif
+#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500) || PLATFORM(IOS_FAMILY)
+#define USE_SOURCE_APPLICATION_AUDIT_DATA 1
+#endif
+
#if (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400) || PLATFORM(IOS) || PLATFORM(IOSMAC)
#define HAVE_URL_FORMATTING 1
#endif
Modified: trunk/Source/WebKit/ChangeLog (239791 => 239792)
--- trunk/Source/WebKit/ChangeLog 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/ChangeLog 2019-01-10 00:31:52 UTC (rev 239792)
@@ -1,3 +1,25 @@
+2019-01-09 Alex Christensen <[email protected]>
+
+ Expand use of sourceApplicationAuditData
+ https://bugs.webkit.org/show_bug.cgi?id=192995
+ <rdar://problem/46627875>
+
+ Reviewed by Brady Eidson.
+
+ sourceApplicationAuditData has been used for a long time on iOS, but it's needed on more platforms.
+ I also made it return an Optional instead of a bool and returning by reference. Ahhh. So much nicer.
+ The NetworkProcess needed an additional entitlement on Mac to continue to load anything, which is desirable.
+
+ * NetworkProcess/cocoa/NetworkProcessCocoa.mm:
+ (WebKit::NetworkProcess::sourceApplicationAuditData const):
+ * Platform/IPC/Connection.h:
+ * Platform/IPC/mac/ConnectionMac.mm:
+ (IPC::Connection::getAuditToken):
+ * WebProcess/WebProcess.cpp:
+ (WebKit::WebProcess::initializeWebProcess):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::sourceApplicationAuditData const):
+
2019-01-09 Brent Fulgham <[email protected]>
[iOS] Update sandbox profile to use iconservices instead of lsdiconservice
Copied: trunk/Source/WebKit/Configurations/Network-OSX-restricted.entitlements (from rev 239788, trunk/Source/WebKit/Configurations/Network-OSX.entitlements) (0 => 239792)
--- trunk/Source/WebKit/Configurations/Network-OSX-restricted.entitlements (rev 0)
+++ trunk/Source/WebKit/Configurations/Network-OSX-restricted.entitlements 2019-01-10 00:31:52 UTC (rev 239792)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.private.network.socket-delegate</key>
+ <true/>
+</dict>
+</plist>
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm (239791 => 239792)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm 2019-01-10 00:31:52 UTC (rev 239792)
@@ -133,12 +133,14 @@
RetainPtr<CFDataRef> NetworkProcess::sourceApplicationAuditData() const
{
-#if PLATFORM(IOS_FAMILY) && !PLATFORM(IOSMAC)
- audit_token_t auditToken;
+#if USE(SOURCE_APPLICATION_AUDIT_DATA)
ASSERT(parentProcessConnection());
- if (!parentProcessConnection() || !parentProcessConnection()->getAuditToken(auditToken))
+ if (!parentProcessConnection())
return nullptr;
- return adoptCF(CFDataCreate(nullptr, (const UInt8*)&auditToken, sizeof(auditToken)));
+ Optional<audit_token_t> auditToken = parentProcessConnection()->getAuditToken();
+ if (!auditToken)
+ return nullptr;
+ return adoptCF(CFDataCreate(nullptr, (const UInt8*)&*auditToken, sizeof(*auditToken)));
#else
return nullptr;
#endif
Modified: trunk/Source/WebKit/Platform/IPC/Connection.h (239791 => 239792)
--- trunk/Source/WebKit/Platform/IPC/Connection.h 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/Platform/IPC/Connection.h 2019-01-10 00:31:52 UTC (rev 239792)
@@ -137,7 +137,7 @@
};
static bool identifierIsValid(Identifier identifier) { return MACH_PORT_VALID(identifier.port); }
xpc_connection_t xpcConnection() const { return m_xpcConnection.get(); }
- bool getAuditToken(audit_token_t&);
+ Optional<audit_token_t> getAuditToken();
pid_t remoteProcessID() const;
#elif OS(WINDOWS)
typedef HANDLE Identifier;
Modified: trunk/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm (239791 => 239792)
--- trunk/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/Platform/IPC/mac/ConnectionMac.mm 2019-01-10 00:31:52 UTC (rev 239792)
@@ -603,13 +603,14 @@
return Identifier(m_isServer ? m_receivePort : m_sendPort, m_xpcConnection);
}
-bool Connection::getAuditToken(audit_token_t& auditToken)
+Optional<audit_token_t> Connection::getAuditToken()
{
if (!m_xpcConnection)
- return false;
+ return WTF::nullopt;
+ audit_token_t auditToken;
xpc_connection_get_audit_token(m_xpcConnection.get(), &auditToken);
- return true;
+ return WTFMove(auditToken);
}
bool Connection::kill()
Modified: trunk/Source/WebKit/Scripts/process-network-sandbox-entitlements.sh (239791 => 239792)
--- trunk/Source/WebKit/Scripts/process-network-sandbox-entitlements.sh 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/Scripts/process-network-sandbox-entitlements.sh 2019-01-10 00:31:52 UTC (rev 239792)
@@ -8,6 +8,11 @@
if [[ ${WK_USE_RESTRICTED_ENTITLEMENTS} == "YES" ]]; then
echo "Processing restricted entitlements for Internal SDK";
+ if (( ${TARGET_MAC_OS_X_VERSION_MAJOR} >= 101500 )); then
+ echo "Adding macOS platform entitlements.";
+ /usr/libexec/PlistBuddy -c "Merge Configurations/Network-OSX-restricted.entitlements" "${PROCESSED_XCENT_FILE}";
+ fi
+
echo "Adding sandbox entitlements for Network process.";
/usr/libexec/PlistBuddy -c "Merge Configurations/Network-OSX-sandbox.entitlements" "${PROCESSED_XCENT_FILE}";
fi
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (239791 => 239792)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2019-01-10 00:31:52 UTC (rev 239792)
@@ -3448,6 +3448,7 @@
5C62FDF81EFC263C00CE072E /* WKURLSchemeTaskPrivate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WKURLSchemeTaskPrivate.h; sourceTree = "<group>"; };
5C6CE6D01F59BC460007C6CB /* PageClientImplCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = PageClientImplCocoa.mm; sourceTree = "<group>"; };
5C6CE6D31F59EA350007C6CB /* PageClientImplCocoa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PageClientImplCocoa.h; sourceTree = "<group>"; };
+ 5C6F4EED21E5B11300BC8380 /* Network-OSX-restricted.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = "Network-OSX-restricted.entitlements"; sourceTree = "<group>"; };
5C74300E21500492004BFA17 /* WKWebProcess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKWebProcess.h; sourceTree = "<group>"; };
5C74300F21500492004BFA17 /* WKWebProcess.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WKWebProcess.cpp; sourceTree = "<group>"; };
5C7706731D111D8B0012700F /* WebSocketProvider.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebSocketProvider.cpp; path = Network/WebSocketProvider.cpp; sourceTree = "<group>"; };
@@ -4840,6 +4841,7 @@
1A4F976C100E7B6600637A18 /* FeatureDefines.xcconfig */,
37119A7D20CCB64E002C6DC9 /* Network-iOS-minimalsimulator.entitlements */,
7C0BB9A918DCDF5A0006C086 /* Network-iOS.entitlements */,
+ 5C6F4EED21E5B11300BC8380 /* Network-OSX-restricted.entitlements */,
41D0FC7D20E43A5100076AE8 /* Network-OSX-sandbox.entitlements */,
5C7ACFD1218DD8BD004CBB59 /* Network-OSX.entitlements */,
BC8283AB16B4BEAD00A278FE /* NetworkService.xcconfig */,
Modified: trunk/Source/WebKit/WebProcess/WebProcess.cpp (239791 => 239792)
--- trunk/Source/WebKit/WebProcess/WebProcess.cpp 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/WebProcess/WebProcess.cpp 2019-01-10 00:31:52 UTC (rev 239792)
@@ -398,9 +398,8 @@
#endif
#if ENABLE(REMOTE_INSPECTOR) && PLATFORM(COCOA)
- audit_token_t auditToken;
- if (parentProcessConnection()->getAuditToken(auditToken)) {
- RetainPtr<CFDataRef> auditData = adoptCF(CFDataCreate(nullptr, (const UInt8*)&auditToken, sizeof(auditToken)));
+ if (Optional<audit_token_t> auditToken = parentProcessConnection()->getAuditToken()) {
+ RetainPtr<CFDataRef> auditData = adoptCF(CFDataCreate(nullptr, (const UInt8*)&*auditToken, sizeof(*auditToken)));
Inspector::RemoteInspector::singleton().setParentProcessInformation(WebCore::presentingApplicationPID(), auditData);
}
#endif
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (239791 => 239792)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2019-01-10 00:19:25 UTC (rev 239791)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2019-01-10 00:31:52 UTC (rev 239792)
@@ -417,12 +417,14 @@
RetainPtr<CFDataRef> WebProcess::sourceApplicationAuditData() const
{
-#if PLATFORM(IOS_FAMILY)
- audit_token_t auditToken;
+#if USE(SOURCE_APPLICATION_AUDIT_DATA)
ASSERT(parentProcessConnection());
- if (!parentProcessConnection() || !parentProcessConnection()->getAuditToken(auditToken))
+ if (!parentProcessConnection())
return nullptr;
- return adoptCF(CFDataCreate(nullptr, (const UInt8*)&auditToken, sizeof(auditToken)));
+ Optional<audit_token_t> auditToken = parentProcessConnection()->getAuditToken();
+ if (!auditToken)
+ return nullptr;
+ return adoptCF(CFDataCreate(nullptr, (const UInt8*)&*auditToken, sizeof(*auditToken)));
#else
return nullptr;
#endif
