Title: [256660] trunk/Source/WebKit
Revision
256660
Author
bfulg...@apple.com
Date
2020-02-14 17:20:19 -0800 (Fri, 14 Feb 2020)

Log Message

Dynamically generate media-related mach connections when not using the GPU Process
https://bugs.webkit.org/show_bug.cgi?id=207743
<rdar://problem/59449750>

Reviewed by Per Arne Vollan.

Stop using permanent sandbox permissions to connect to media-related XPC services. Instead,
create them dynamically in the UIProcess and vend them to the relevant WebContent process
as needed. If all media features are active in the GPU process, do not emit extensions since
they should not be needed in the WebContent process at that point.

Tested by existing media and GPU process tests.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Remove permanet rules in
preference for dynamic extensions.
* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode const): Serialize new service connections.
(WebKit::WebProcessCreationParameters::decode): Ditto.
* Shared/WebProcessCreationParameters.h:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::mediaRelatedMachServices): Helper function listing needed services.
(WebKit::WebProcessPool::platformInitializeWebProcess): Create service connections when
needed.
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess): Consume media-related connections
when needed.
* WebProcess/com.apple.WebProcess.sb.in: Remove permanet rules in preference for
dynamic extensions.

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (256659 => 256660)


--- trunk/Source/WebKit/ChangeLog	2020-02-15 01:18:49 UTC (rev 256659)
+++ trunk/Source/WebKit/ChangeLog	2020-02-15 01:20:19 UTC (rev 256660)
@@ -1,3 +1,34 @@
+2020-02-14  Brent Fulgham  <bfulg...@apple.com>
+
+        Dynamically generate media-related mach connections when not using the GPU Process
+        https://bugs.webkit.org/show_bug.cgi?id=207743
+        <rdar://problem/59449750>
+
+        Reviewed by Per Arne Vollan.
+
+        Stop using permanent sandbox permissions to connect to media-related XPC services. Instead,
+        create them dynamically in the UIProcess and vend them to the relevant WebContent process
+        as needed. If all media features are active in the GPU process, do not emit extensions since
+        they should not be needed in the WebContent process at that point.
+
+        Tested by existing media and GPU process tests.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Remove permanet rules in
+        preference for dynamic extensions.
+        * Shared/WebProcessCreationParameters.cpp:
+        (WebKit::WebProcessCreationParameters::encode const): Serialize new service connections.
+        (WebKit::WebProcessCreationParameters::decode): Ditto.
+        * Shared/WebProcessCreationParameters.h:
+        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+        (WebKit::mediaRelatedMachServices): Helper function listing needed services.
+        (WebKit::WebProcessPool::platformInitializeWebProcess): Create service connections when
+        needed.
+        * WebProcess/cocoa/WebProcessCocoa.mm:
+        (WebKit::WebProcess::platformInitializeWebProcess): Consume media-related connections
+        when needed.
+        * WebProcess/com.apple.WebProcess.sb.in: Remove permanet rules in preference for
+        dynamic extensions.
+
 2020-02-14  Youenn Fablet  <you...@apple.com>
 
         Introduce MediaStreamPrivate::forEachTrack

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (256659 => 256660)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-15 01:18:49 UTC (rev 256659)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-15 01:20:19 UTC (rev 256660)
@@ -1,4 +1,4 @@
-; Copyright (C) 2010-2019 Apple Inc. All rights reserved.
+; Copyright (C) 2010-2020 Apple Inc. All rights reserved.
 ;
 ; Redistribution and use in source and binary forms, with or without
 ; modification, are permitted provided that the following conditions
@@ -119,12 +119,6 @@
                (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
         (mobile-preferences-read "com.apple.MobileAsset")))
 
-(define-once (play-audio)
-    (allow mach-lookup
-           (global-name "com.apple.audio.AURemoteIOServer"))
-    (allow mach-lookup (with report) (with telemetry)
-           (xpc-service-name "com.apple.audio.toolbox.reporting.service")))
-
 (define-once (play-media . filters)
     (if (not (null? filters))
         ;; <rdar://problem/9875794>
@@ -144,37 +138,7 @@
             (extension-class "com.apple.mediaserverd.read-write")
             (extension "com.apple.security.exception.files.absolute-path.read-write"
                        "com.apple.security.exception.files.home-relative-path.read-write")))
-    ;; CoreMedia framework.
-    (allow mach-lookup
-           (global-name "com.apple.coremedia.admin")
-           (global-name "com.apple.coremedia.asset.xpc")
-           (global-name "com.apple.coremedia.assetimagegenerator.xpc")
-           (global-name "com.apple.coremedia.audiodeviceclock.xpc") ; Needed for CMTimeBase
-           (global-name "com.apple.coremedia.audioprocessingtap.xpc")
-           (global-name "com.apple.coremedia.capturesession")      ; Actually for video capture
-           (global-name "com.apple.coremedia.capturesource")       ; Also for video capture (<rdar://problem/15794291>).
-           (global-name "com.apple.coremedia.cpe.xpc") ; Needed for HDR playback.
-           (global-name "com.apple.coremedia.customurlloader.xpc") ; Needed for custom media loading
-           (global-name "com.apple.coremedia.formatreader.xpc")
-           (global-name "com.apple.coremedia.player.xpc")
-           (global-name "com.apple.coremedia.remaker")
-           (global-name "com.apple.coremedia.remotequeue")
-           (global-name "com.apple.coremedia.routediscoverer.xpc")
-           (global-name "com.apple.coremedia.routingcontext.xpc")
-           (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
-           (global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")
-           (global-name "com.apple.coremedia.sandboxserver.xpc")
-           (global-name "com.apple.coremedia.systemcontroller.xpc")
-           (global-name "com.apple.coremedia.volumecontroller.xpc"))
 
-    (allow mach-lookup (with report) (with telemetry)
-        (global-name "com.apple.coremedia.cpeprotector.xpc")
-        (global-name "com.apple.coremedia.endpoint.xpc")
-        (global-name "com.apple.coremedia.figcontentkeysession.xpc")
-        (global-name "com.apple.coremedia.figcpecryptor")
-        (global-name "com.apple.coremedia.routingsessionmanager.xpc")
-        (global-name "com.apple.coremedia.sts"))
-
     (mobile-preferences-read
         "com.apple.avfoundation"
         "com.apple.coreaudio"
@@ -189,13 +153,6 @@
     (allow file-read*
         (literal "/private/var/preferences/com.apple.networkd.plist"))
 
-    ;; Required by the MediaPlayer framework.
-    (allow mach-lookup
-        (global-name "com.apple.audio.AudioSession"))
-
-    (allow mach-lookup (with report) (with telemetry)
-        (global-name "com.apple.airplay.apsynccontroller.xpc"))
-
     ;; Allow mediaserverd to issue file extensions for the purposes of reading media
     (allow file-issue-extension (require-all
         (extension "com.apple.app-sandbox.read")
@@ -206,10 +163,6 @@
     (mobile-preferences-read
         "com.apple.mediaremote"
         "com.apple.mobileipod")
-    (allow mach-lookup
-           (global-name "com.apple.mediaremoted.xpc"))
-    (allow mach-lookup (with report) (with telemetry)
-        (xpc-service-name "com.apple.MediaPlayer.RemotePlayerService"))
 )
 
 (define-once (media-capture-support)
@@ -224,12 +177,6 @@
         (allow file-read* (subpath "/Library/CoreMediaIO/Plug-Ins/DAL"))
         (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
         (allow device-camera))
-
-    ;; Support incoming video connections
-    (allow mach-lookup
-        (global-name "com.apple.coremedia.compressionsession")
-        (global-name "com.apple.coremedia.decompressionsession")
-        (global-name "com.apple.coremedia.videoqueue"))
 )
 
 (define-once (accessibility-support)
@@ -244,10 +191,6 @@
 )
 
 (define-once (media-accessibility-support)
-    ;; <rdar://problem/12801477>
-    (allow mach-lookup
-        (global-name "com.apple.accessibility.mediaaccessibilityd"))
-
     ;; <rdar://problem/12250145>
     (mobile-preferences-read "com.apple.mediaaccessibility")
     (mobile-preferences-read-write "com.apple.mediaaccessibility.public")
@@ -680,7 +623,6 @@
 ;;;
 
 ;; Any app can play audio & movies.
-(play-audio)
 (play-media)
 
 ;; Access to media controls
@@ -692,9 +634,6 @@
 
 (speech-synthesis-and-voiceover)
 
-(allow mach-lookup (with report) (with telemetry)
-    (global-name "com.apple.audio.AudioComponentRegistrar"))
-
 ;; Permit reading assets via MobileAsset framework.
 (asset-access 'with-media-playback)
 
@@ -908,11 +847,39 @@
 (allow mach-lookup
     (require-all
         (extension "com.apple.webkit.extension.mach")
-        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices")))
+        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices"
 
+            ;;; FIXME(207716): The following should be removed when the GPU process is complete
+            "com.apple.airplay.apsynccontroller.xpc" "com.apple.audio.AURemoteIOServer" "com.apple.audio.AudioComponentRegistrar"
+            "com.apple.audio.AudioComponentRegistrar" "com.apple.audio.AudioSession" "com.apple.coremedia.admin" "com.apple.coremedia.asset.xpc"
+            "com.apple.coremedia.assetimagegenerator.xpc" "com.apple.coremedia.audiodeviceclock.xpc" "com.apple.coremedia.audioprocessingtap.xpc"
+            "com.apple.coremedia.capturesession" "com.apple.coremedia.capturesource" "com.apple.coremedia.compressionsession" "com.apple.coremedia.cpe.xpc"
+            "com.apple.coremedia.cpeprotector.xpc" "com.apple.coremedia.customurlloader.xpc" "com.apple.coremedia.decompressionsession"
+            "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.figcontentkeysession.xpc" "com.apple.coremedia.figcpecryptor"
+            "com.apple.coremedia.formatreader.xpc" "com.apple.coremedia.player.xpc" "com.apple.coremedia.remaker" "com.apple.coremedia.remotequeue"
+            "com.apple.coremedia.routediscoverer.xpc" "com.apple.coremedia.routingcontext.xpc" "com.apple.coremedia.routingsessionmanager.xpc"
+            "com.apple.coremedia.samplebufferaudiorenderer.xpc" "com.apple.coremedia.samplebufferrendersynchronizer.xpc" "com.apple.coremedia.sandboxserver.xpc"
+            "com.apple.coremedia.sts" "com.apple.coremedia.systemcontroller.xpc" "com.apple.coremedia.videoqueue" "com.apple.coremedia.volumecontroller.xpc"
+            "com.apple.mediaremoted.xpc"
+            ;;; FIXME(207716): End services to remove.
+)))
+
 (allow mach-lookup
     (require-all
         (extension "com.apple.webkit.extension.mach")
+        (xpc-service-name
+            ;;; FIXME(207716): The following should be removed when the GPU process is complete
+            "com.apple.MediaPlayer.RemotePlayerService"
+            "com.apple.accessibility.mediaaccessibilityd"
+            "com.apple.audio.toolbox.reporting.service"
+            ;;; FIXME(207716): End services to remove.
+        )
+    )
+)
+
+(allow mach-lookup
+    (require-all
+        (extension "com.apple.webkit.extension.mach")
         (xpc-service-name-prefix "com.apple.AGXCompilerService")))
 
 (media-capture-support)

Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (256659 => 256660)


--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp	2020-02-15 01:18:49 UTC (rev 256659)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp	2020-02-15 01:20:19 UTC (rev 256660)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -176,6 +176,11 @@
     encoder << cssValueToSystemColorMap;
     encoder << focusRingColor;
 #endif
+
+#if PLATFORM(COCOA)
+    // FIXME(207716): The following should be removed when the GPU process is complete.
+    encoder << mediaExtensionHandles;
+#endif
 }
 
 bool WebProcessCreationParameters::decode(IPC::Decoder& decoder, WebProcessCreationParameters& parameters)
@@ -471,6 +476,16 @@
     parameters.focusRingColor = WTFMove(*focusRingColor);
 #endif
 
+#if PLATFORM(COCOA)
+    // FIXME(207716): The following should be removed when the GPU process is complete.
+    Optional<SandboxExtension::HandleArray> mediaExtensionHandles;
+    decoder >> mediaExtensionHandles;
+    if (!mediaExtensionHandles)
+        return false;
+    parameters.mediaExtensionHandles = WTFMove(*mediaExtensionHandles);
+    // FIXME(207716): End region to remove.
+#endif
+
     return true;
 }
 

Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (256659 => 256660)


--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h	2020-02-15 01:18:49 UTC (rev 256659)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h	2020-02-15 01:20:19 UTC (rev 256660)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -218,6 +218,10 @@
     WebCore::RenderThemeIOS::CSSValueToSystemColorMap cssValueToSystemColorMap;
     WebCore::Color focusRingColor;
 #endif
+
+#if PLATFORM(COCOA)
+    SandboxExtension::HandleArray mediaExtensionHandles; // FIXME(207716): Remove when GPU process is complete.
+#endif
 };
 
 } // namespace WebKit

Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (256659 => 256660)


--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-02-15 01:18:49 UTC (rev 256659)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-02-15 01:20:19 UTC (rev 256660)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -216,6 +216,41 @@
 }
 #endif
 
+// FIXME(207716): The following should be removed when the GPU process is complete.
+static const Vector<String>& mediaRelatedMachServices()
+{
+    ASSERT(isMainThread());
+    static const auto services = makeNeverDestroyed(Vector<String> {
+        "com.apple.audio.AudioComponentRegistrar", "com.apple.coremedia.endpoint.xpc",
+        "com.apple.coremedia.routediscoverer.xpc", "com.apple.coremedia.routingcontext.xpc",
+        "com.apple.coremedia.volumecontroller.xpc", "com.apple.accessibility.mediaaccessibilityd",
+        "com.apple.mediaremoted.xpc",
+#if PLATFORM(IOS_FAMILY)
+        "com.apple.audio.AudioSession", "com.apple.MediaPlayer.RemotePlayerService",
+        "com.apple.audio.toolbox.reporting.service", "com.apple.coremedia.admin",
+        "com.apple.coremedia.asset.xpc", "com.apple.coremedia.assetimagegenerator.xpc",
+        "com.apple.coremedia.audiodeviceclock.xpc", "com.apple.coremedia.audioprocessingtap.xpc",
+        "com.apple.coremedia.capturesession", "com.apple.coremedia.capturesource",
+        "com.apple.coremedia.compressionsession", "com.apple.coremedia.cpe.xpc",
+        "com.apple.coremedia.cpeprotector.xpc", "com.apple.coremedia.customurlloader.xpc",
+        "com.apple.coremedia.decompressionsession", "com.apple.coremedia.figcontentkeysession.xpc",
+        "com.apple.coremedia.figcpecryptor", "com.apple.coremedia.formatreader.xpc",
+        "com.apple.coremedia.player.xpc", "com.apple.coremedia.remaker",
+        "com.apple.coremedia.remotequeue", "com.apple.coremedia.routingsessionmanager.xpc",
+        "com.apple.coremedia.samplebufferaudiorenderer.xpc", "com.apple.coremedia.samplebufferrendersynchronizer.xpc",
+        "com.apple.coremedia.sandboxserver.xpc", "com.apple.coremedia.sts",
+        "com.apple.coremedia.systemcontroller.xpc", "com.apple.coremedia.videoqueue",
+        "com.apple.airplay.apsynccontroller.xpc", "com.apple.audio.AURemoteIOServer"
+#endif
+#if PLATFORM(MAC)
+        "com.apple.coremedia.endpointstream.xpc", "com.apple.coremedia.endpointplaybacksession.xpc",
+        "com.apple.coremedia.endpointremotecontrolsession.xpc", "com.apple.coremedia.videodecoder",
+        "com.apple.coremedia.videoencoder"
+#endif
+    });
+    return services;
+}
+
 void WebProcessPool::platformInitializeWebProcess(const WebProcessProxy& process, WebProcessCreationParameters& parameters)
 {
     parameters.mediaMIMETypes = process.mediaMIMETypes();
@@ -336,15 +371,16 @@
     
 #if PLATFORM(COCOA)
     if ([getNEFilterSourceClass() filterRequired]) {
-        SandboxExtension::Handle handle;
-        SandboxExtension::createHandleForMachLookup("com.apple.nehelper", WTF::nullopt, handle);
-        parameters.neHelperExtensionHandle = WTFMove(handle);
+        SandboxExtension::Handle helperHandle;
+        SandboxExtension::createHandleForMachLookup("com.apple.nehelper", WTF::nullopt, helperHandle);
+        parameters.neHelperExtensionHandle = WTFMove(helperHandle);
+        SandboxExtension::Handle managerHandle;
 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 101500
-        SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager", WTF::nullopt, handle);
+        SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager", WTF::nullopt, managerHandle);
 #else
-        SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter", WTF::nullopt, handle);
+        SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter", WTF::nullopt, managerHandle);
 #endif
-        parameters.neSessionManagerExtensionHandle = WTFMove(handle);
+        parameters.neSessionManagerExtensionHandle = WTFMove(managerHandle);
     }
     parameters.systemHasBattery = systemHasBattery();
 #endif
@@ -364,6 +400,20 @@
     parameters.cssValueToSystemColorMap = RenderThemeIOS::cssValueToSystemColorMap();
     parameters.focusRingColor = RenderTheme::singleton().focusRingColor(OptionSet<StyleColor::Options>());
 #endif
+
+    
+    // Allow microphone access if either preference is set because WebRTC requires microphone access.
+    bool needWebProcessExtensions = !m_defaultPageGroup->preferences().useGPUProcessForMedia()
+        || !m_defaultPageGroup->preferences().captureAudioInGPUProcessEnabled()
+        || !m_defaultPageGroup->preferences().captureVideoInGPUProcessEnabled();
+
+    if (needWebProcessExtensions) {
+        // FIXME(207716): The following should be removed when the GPU process is complete.
+        const auto& services = mediaRelatedMachServices();
+        parameters.mediaExtensionHandles.allocate(services.size());
+        for (size_t i = 0, size = services.size(); i < size; ++i)
+            SandboxExtension::createHandleForMachLookup(services[i], WTF::nullopt, parameters.mediaExtensionHandles[i]);
+    }
 }
 
 void WebProcessPool::platformInitializeNetworkProcess(NetworkProcessCreationParameters& parameters)

Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (256659 => 256660)


--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2020-02-15 01:18:49 UTC (rev 256659)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2020-02-15 01:20:19 UTC (rev 256660)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -272,6 +272,12 @@
     RenderThemeIOS::setCSSValueToSystemColorMap(WTFMove(parameters.cssValueToSystemColorMap));
     RenderThemeIOS::setFocusRingColor(parameters.focusRingColor);
 #endif
+
+#if PLATFORM(COCOA)
+    // FIXME(207716): The following should be removed when the GPU process is complete.
+    for (size_t i = 0, size = parameters.mediaExtensionHandles.size(); i < size; ++i)
+        SandboxExtension::consumePermanently(parameters.mediaExtensionHandles[i]);
+#endif
 }
 
 void WebProcess::platformSetWebsiteDataStoreParameters(WebProcessDataStoreParameters&& parameters)

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (256659 => 256660)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-02-15 01:18:49 UTC (rev 256659)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-02-15 01:20:19 UTC (rev 256660)
@@ -400,10 +400,7 @@
 (deny mach-lookup (xpc-service-name-prefix ""))
 (allow mach-lookup
     (xpc-service-name "com.apple.PerformanceAnalysis.animationperfd")
-    (xpc-service-name "com.apple.accessibility.mediaaccessibilityd")
     (xpc-service-name "com.apple.audio.SandboxHelper")
-    (xpc-service-name "com.apple.coremedia.videodecoder")
-    (xpc-service-name "com.apple.coremedia.videoencoder")
     (xpc-service-name "com.apple.hiservices-xpcservice")
     (xpc-service-name "com.apple.print.normalizerd")
 )
@@ -611,7 +608,6 @@
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
     (with report) (with telemetry)
 #endif
-    (global-name "com.apple.audio.AudioComponentRegistrar")
     (global-name "com.apple.awdd")
     (global-name "com.apple.cookied")
     (global-name "com.apple.diagnosticd")
@@ -632,7 +628,6 @@
        (global-name "com.apple.audio.SystemSoundServer-OSX")
        (global-name "com.apple.audio.audiohald")
        (global-name "com.apple.fonts")
-       (global-name "com.apple.mediaremoted.xpc")
        (global-name "com.apple.logd")
        (global-name "com.apple.logd.events")
        (global-name "com.apple.lskdd") ;; <rdar://problem/49123855>
@@ -755,18 +750,6 @@
        (home-subpath "/Library/Input Methods"))
 #endif
 
-;; AirPlay
-(allow mach-lookup
-    (global-name "com.apple.coremedia.endpoint.xpc")
-    (global-name "com.apple.coremedia.endpointstream.xpc")
-    (global-name "com.apple.coremedia.endpointplaybacksession.xpc")
-    ; <rdar://problem/35509194>
-    (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
-    (global-name "com.apple.coremedia.routediscoverer.xpc")
-    (global-name "com.apple.coremedia.routingcontext.xpc")
-    (global-name "com.apple.coremedia.volumecontroller.xpc")
-)
-
 ;; Data Detectors
 (allow file-read* (subpath "/private/var/db/datadetectors/sys"))
 
@@ -862,10 +845,27 @@
 #else
             "com.apple.nesessionmanager"
 #endif
+
+            ;;; FIXME(207716): The following should be removed when the GPU process is complete
+            "com.apple.audio.AudioComponentRegistrar" "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.endpointstream.xpc"
+            "com.apple.coremedia.endpointplaybacksession.xpc" "com.apple.coremedia.endpointremotecontrolsession.xpc" "com.apple.coremedia.routediscoverer.xpc"
+            "com.apple.coremedia.routingcontext.xpc" "com.apple.coremedia.volumecontroller.xpc" "com.apple.mediaremoted.xpc"
+            ;;; FIXME(207716): End services to remove.
         )
     )
 )
 
+(allow mach-lookup
+    (require-all
+        (extension "com.apple.webkit.extension.mach")
+        (xpc-service-name
+            ;;; FIXME(207716): The following should be removed when the GPU process is complete
+            "com.apple.accessibility.mediaaccessibilityd" "com.apple.coremedia.videodecoder" "com.apple.coremedia.videoencoder"
+            ;;; FIXME(207716): End services to remove.
+        )
+    )
+)
+
 (when (defined? 'syscall-unix)
     (deny syscall-unix (with send-signal SIGKILL))
     (allow syscall-unix
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to