[webkit-changes] [258605] branches/safari-610.1.7-branch

Tue, 17 Mar 2020 15:45:40 -0700

Title: [258605] branches/safari-610.1.7-branch
Revision
258605
Author
[email protected]
Date
2020-03-17 15:44:43 -0700 (Tue, 17 Mar 2020)

Log Message

Cherry-pick r258518. rdar://problem/60517387

    [macOS] Accessibility sandbox regressions
    https://bugs.webkit.org/show_bug.cgi?id=209065
    Source/WebCore/PAL:

    Reviewed by Brent Fulgham.

    Add Accessibility notification name.

    * pal/spi/cocoa/NSAccessibilitySPI.h:

    Source/WebKit:

    <rdar://problem/60202450>

    Reviewed by Brent Fulgham.

    When Accessibility is enabled, the WebContent process needs access to the preference service, since Accessibility
    is relying on some advanced features of the service. Also, when CF prefs direct mode is enabled, the WebContent
    sandbox needs to explicitly allow reading of the various plist files.

    * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
    (WebKit::WebProcessPool::registerNotificationObservers):
    * WebProcess/com.apple.WebProcess.sb.in:

    Tools:

    Reviewed by Brent Fulgham.

    * TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm:
    (TEST):
    * TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm:
    (TEST):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258518 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

Diff

Modified: branches/safari-610.1.7-branch/Source/WebCore/PAL/ChangeLog (258604 => 258605)


--- branches/safari-610.1.7-branch/Source/WebCore/PAL/ChangeLog	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Source/WebCore/PAL/ChangeLog	2020-03-17 22:44:43 UTC (rev 258605)
@@ -1,5 +1,59 @@
 2020-03-17  Alan Coon  <[email protected]>
 
+        Cherry-pick r258518. rdar://problem/60517387
+
+    [macOS] Accessibility sandbox regressions
+    https://bugs.webkit.org/show_bug.cgi?id=209065
+    Source/WebCore/PAL:
+    
+    
+    Reviewed by Brent Fulgham.
+    
+    Add Accessibility notification name.
+    
+    * pal/spi/cocoa/NSAccessibilitySPI.h:
+    
+    Source/WebKit:
+    
+    <rdar://problem/60202450>
+    
+    Reviewed by Brent Fulgham.
+    
+    When Accessibility is enabled, the WebContent process needs access to the preference service, since Accessibility
+    is relying on some advanced features of the service. Also, when CF prefs direct mode is enabled, the WebContent
+    sandbox needs to explicitly allow reading of the various plist files.
+    
+    * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+    (WebKit::WebProcessPool::registerNotificationObservers):
+    * WebProcess/com.apple.WebProcess.sb.in:
+    
+    Tools:
+    
+    
+    Reviewed by Brent Fulgham.
+    
+    * TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm:
+    (TEST):
+    * TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm:
+    (TEST):
+    
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258518 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-03-16  Per Arne Vollan  <[email protected]>
+
+            [macOS] Accessibility sandbox regressions
+            https://bugs.webkit.org/show_bug.cgi?id=209065
+
+            Reviewed by Brent Fulgham.
+
+            Add Accessibility notification name.
+
+            * pal/spi/cocoa/NSAccessibilitySPI.h:
+
+2020-03-17  Alan Coon  <[email protected]>
+
         Cherry-pick r258359. rdar://problem/60517387
 
     [macOS] _AXSApplicationAccessibilityEnabled should not be called

Modified: branches/safari-610.1.7-branch/Source/WebCore/PAL/pal/spi/cocoa/NSAccessibilitySPI.h (258604 => 258605)


--- branches/safari-610.1.7-branch/Source/WebCore/PAL/pal/spi/cocoa/NSAccessibilitySPI.h	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Source/WebCore/PAL/pal/spi/cocoa/NSAccessibilitySPI.h	2020-03-17 22:44:43 UTC (rev 258605)
@@ -54,6 +54,8 @@
 
 WTF_EXTERN_C_BEGIN
 
+extern NSString *const NSApplicationDidChangeAccessibilityEnhancedUserInterfaceNotification;
+
 void NSAccessibilityHandleFocusChanged();
 void NSAccessibilityUnregisterUniqueIdForUIElement(id element);

Modified: branches/safari-610.1.7-branch/Source/WebKit/ChangeLog (258604 => 258605)


--- branches/safari-610.1.7-branch/Source/WebKit/ChangeLog	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Source/WebKit/ChangeLog	2020-03-17 22:44:43 UTC (rev 258605)
@@ -1,5 +1,64 @@
 2020-03-17  Alan Coon  <[email protected]>
 
+        Cherry-pick r258518. rdar://problem/60517387
+
+    [macOS] Accessibility sandbox regressions
+    https://bugs.webkit.org/show_bug.cgi?id=209065
+    Source/WebCore/PAL:
+    
+    
+    Reviewed by Brent Fulgham.
+    
+    Add Accessibility notification name.
+    
+    * pal/spi/cocoa/NSAccessibilitySPI.h:
+    
+    Source/WebKit:
+    
+    <rdar://problem/60202450>
+    
+    Reviewed by Brent Fulgham.
+    
+    When Accessibility is enabled, the WebContent process needs access to the preference service, since Accessibility
+    is relying on some advanced features of the service. Also, when CF prefs direct mode is enabled, the WebContent
+    sandbox needs to explicitly allow reading of the various plist files.
+    
+    * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+    (WebKit::WebProcessPool::registerNotificationObservers):
+    * WebProcess/com.apple.WebProcess.sb.in:
+    
+    Tools:
+    
+    
+    Reviewed by Brent Fulgham.
+    
+    * TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm:
+    (TEST):
+    * TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm:
+    (TEST):
+    
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258518 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-03-16  Per Arne Vollan  <[email protected]>
+
+            [macOS] Accessibility sandbox regressions
+            https://bugs.webkit.org/show_bug.cgi?id=209065
+            <rdar://problem/60202450>
+
+            Reviewed by Brent Fulgham.
+
+            When Accessibility is enabled, the WebContent process needs access to the preference service, since Accessibility
+            is relying on some advanced features of the service. Also, when CF prefs direct mode is enabled, the WebContent
+            sandbox needs to explicitly allow reading of the various plist files.
+
+            * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+            (WebKit::WebProcessPool::registerNotificationObservers):
+            * WebProcess/com.apple.WebProcess.sb.in:
+
+2020-03-17  Alan Coon  <[email protected]>
+
         Cherry-pick r258359. rdar://problem/60517387
 
     [macOS] _AXSApplicationAccessibilityEnabled should not be called

Modified: branches/safari-610.1.7-branch/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (258604 => 258605)


--- branches/safari-610.1.7-branch/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-03-17 22:44:43 UTC (rev 258605)
@@ -613,6 +613,10 @@
 #if !PLATFORM(IOS_FAMILY)
     // Listen for enhanced accessibility changes and propagate them to the WebProcess.
     m_enhancedAccessibilityObserver = [[NSNotificationCenter defaultCenter] addObserverForName:WebKitApplicationDidChangeAccessibilityEnhancedUserInterfaceNotification object:nil queue:[NSOperationQueue currentQueue] usingBlock:^(NSNotification *note) {
+#if ENABLE(CFPREFS_DIRECT_MODE)
+        for (auto& process : m_processes)
+            process->unblockPreferenceServiceIfNeeded();
+#endif
         setEnhancedAccessibility([[[note userInfo] objectForKey:@"AXEnhancedUserInterface"] boolValue]);
     }];
 
@@ -663,7 +667,9 @@
 #endif // PLATFORM(IOS)
     m_accessibilityEnabledObserver = [[NSNotificationCenter defaultCenter] addObserverForName:(__bridge id)kAXSApplicationAccessibilityEnabledNotification object:nil queue:[NSOperationQueue currentQueue] usingBlock:^(NSNotification *) {
         for (size_t i = 0; i < m_processes.size(); ++i) {
+#if ENABLE(CFPREFS_DIRECT_MODE)
             m_processes[i]->unblockPreferenceServiceIfNeeded();
+#endif
             m_processes[i]->unblockAccessibilityServerIfNeeded();
         }
     }];

Modified: branches/safari-610.1.7-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (258604 => 258605)


--- branches/safari-610.1.7-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-03-17 22:44:43 UTC (rev 258605)
@@ -521,6 +521,40 @@
         "pbs" ;; Needed for NSAttributedString <rdar://problem/10844321>
 ))
 
+#if ENABLE(CFPREFS_DIRECT_MODE)
+(allow file-read*
+    (home-subpath "/Library/Preferences/.GlobalPreferences.plist")
+    (home-subpath "/Library/Preferences/com.apple.security.plist")
+    (home-subpath "/Library/Preferences/com.apple.Accessibility.plist")
+    (home-subpath "/Library/Preferences/com.apple.ATS.plist")
+    (home-subpath "/Library/Preferences/com.apple.CoreGraphics.plist")
+    (home-subpath "/Library/Preferences/com.apple.DownloadAssessment.plist")
+    (home-subpath "/Library/Preferences/com.apple.HIToolbox.plist")
+    (home-subpath "/Library/Preferences/com.apple.LaunchServices.plist")
+    (home-subpath "/Library/Preferences/com.apple.MultitouchSupport.plist")
+    (home-subpath "/Library/Preferences/com.apple.ServicesMenu.Services.plist")
+    (home-subpath "/Library/Preferences/com.apple.ViewBridge.plist")
+    (home-subpath "/Library/Preferences/com.apple.WebKit.plist")
+    (home-subpath "/Library/Preferences/com.apple.WebFoundation.plist")
+    (home-subpath "/Library/Preferences/com.apple.avfoundation.plist")
+    (home-subpath "/Library/Preferences/com.apple.avfoundation.frecents.plist")
+    (home-subpath "/Library/Preferences/com.apple.avfoundation.videoperformancehud.plist")
+    (home-subpath "/Library/Preferences/com.apple.coremedia.plist")
+    (home-subpath "/Library/Preferences/com.apple.crypto.plist")
+    (home-subpath "/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.mouse.plist")
+    (home-subpath "/Library/Preferences/com.apple.driver.AppleBluetoothMultitouch.trackpad.plist")
+    (home-subpath "/Library/Preferences/com.apple.driver.AppleHIDMouse.plist")
+    (home-subpath "/Library/Preferences/com.apple.lookup.shared.plist")
+    (home-subpath "/Library/Preferences/com.apple.mediaaccessibility.plist")
+    (home-subpath "/Library/Preferences/com.apple.networkConnect.plist")
+    (home-subpath "/Library/Preferences/com.apple.speech.voice.prefs.plist")
+    (home-subpath "/Library/Preferences/com.apple.systemsound.plist")
+    (home-subpath "/Library/Preferences/com.apple.universalaccess.plist")
+    (home-subpath "/Library/Preferences/edu.mit.Kerberos.plist")
+    (home-subpath "/Library/Preferences/pbs.plist")
+)
+#endif
+
 ; (Temporary) backward compatibility with non-CFPreferences readers.
 (allow file-read*
     (literal "/Library/Preferences/com.apple.ViewBridge.plist"))

Modified: branches/safari-610.1.7-branch/Tools/ChangeLog (258604 => 258605)


--- branches/safari-610.1.7-branch/Tools/ChangeLog	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Tools/ChangeLog	2020-03-17 22:44:43 UTC (rev 258605)
@@ -1,5 +1,60 @@
 2020-03-17  Alan Coon  <[email protected]>
 
+        Cherry-pick r258518. rdar://problem/60517387
+
+    [macOS] Accessibility sandbox regressions
+    https://bugs.webkit.org/show_bug.cgi?id=209065
+    Source/WebCore/PAL:
+    
+    
+    Reviewed by Brent Fulgham.
+    
+    Add Accessibility notification name.
+    
+    * pal/spi/cocoa/NSAccessibilitySPI.h:
+    
+    Source/WebKit:
+    
+    <rdar://problem/60202450>
+    
+    Reviewed by Brent Fulgham.
+    
+    When Accessibility is enabled, the WebContent process needs access to the preference service, since Accessibility
+    is relying on some advanced features of the service. Also, when CF prefs direct mode is enabled, the WebContent
+    sandbox needs to explicitly allow reading of the various plist files.
+    
+    * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+    (WebKit::WebProcessPool::registerNotificationObservers):
+    * WebProcess/com.apple.WebProcess.sb.in:
+    
+    Tools:
+    
+    
+    Reviewed by Brent Fulgham.
+    
+    * TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm:
+    (TEST):
+    * TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm:
+    (TEST):
+    
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@258518 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-03-16  Per Arne Vollan  <[email protected]>
+
+            [macOS] Accessibility sandbox regressions
+            https://bugs.webkit.org/show_bug.cgi?id=209065
+
+            Reviewed by Brent Fulgham.
+
+            * TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm:
+            (TEST):
+            * TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm:
+            (TEST):
+
+2020-03-17  Alan Coon  <[email protected]>
+
         Cherry-pick r258359. rdar://problem/60517387
 
     [macOS] _AXSApplicationAccessibilityEnabled should not be called

Modified: branches/safari-610.1.7-branch/Tools/TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm (258604 => 258605)


--- branches/safari-610.1.7-branch/Tools/TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Tools/TestWebKitAPI/Tests/WebKit/EnableAccessibility.mm	2020-03-17 22:44:43 UTC (rev 258605)
@@ -30,6 +30,7 @@
 #import <WebKit/WKProcessPoolPrivate.h>
 #import <WebKit/_WKProcessPoolConfiguration.h>
 
+#import <pal/spi/cocoa/NSAccessibilitySPI.h>
 #import <wtf/SoftLinking.h>
 
 SOFT_LINK_LIBRARY(libAccessibility)
@@ -46,3 +47,25 @@
 
     CFNotificationCenterPostNotification(CFNotificationCenterGetDarwinNotifyCenter(),  getkAXSApplicationAccessibilityEnabledNotification(), NULL, NULL, false);
 }
+
+#if WK_HAVE_C_SPI
+
+TEST(WebKit, AccessibilityHasPreferencesServiceAccess)
+{
+    auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    WKRetainPtr<WKContextRef> context = adoptWK(TestWebKitAPI::Util::createContextForInjectedBundleTest("InternalsInjectedBundleTest"));
+    configuration.get().processPool = (WKProcessPool *)context.get();
+    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 300, 300) configuration:configuration.get() addToWindow:YES]);
+
+    [webView synchronouslyLoadTestPageNamed:@"simple"];
+
+    [[NSNotificationCenter defaultCenter] postNotificationName:NSApplicationDidChangeAccessibilityEnhancedUserInterfaceNotification object:nil userInfo:nil];
+
+    auto sandboxAccess = [&] {
+        return [webView stringByEvaluatingJavaScript:@"window.internals.hasSandboxMachLookupAccessToGlobalName('com.apple.WebKit.WebContent', 'com.apple.cfprefsd.daemon')"].boolValue;
+    };
+
+    ASSERT_TRUE(sandboxAccess());
+}
+
+#endif

Modified: branches/safari-610.1.7-branch/Tools/TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm (258604 => 258605)


--- branches/safari-610.1.7-branch/Tools/TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm	2020-03-17 22:44:39 UTC (rev 258604)
+++ branches/safari-610.1.7-branch/Tools/TestWebKitAPI/Tests/WebKit/GrantAccessToPreferencesService.mm	2020-03-17 22:44:43 UTC (rev 258605)
@@ -38,6 +38,8 @@
     configuration.get().processPool = (WKProcessPool *)context.get();
     auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 300, 300) configuration:configuration.get() addToWindow:YES]);
 
+    [webView synchronouslyLoadTestPageNamed:@"simple"];
+
     [webView _grantAccessToPreferenceService];
 
     auto sandboxAccess = [&] {
@@ -44,7 +46,7 @@
         return [webView stringByEvaluatingJavaScript:@"window.internals.hasSandboxMachLookupAccessToGlobalName('com.apple.WebKit.WebContent', 'com.apple.cfprefsd.daemon')"].boolValue;
     };
 
-    ASSERT_TRUE(sandboxAccess);
+    ASSERT_TRUE(sandboxAccess());
 }
 
 #endif

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to