[webkit-changes] [269867] trunk/Source

Mon, 16 Nov 2020 11:53:52 -0800

Title: [269867] trunk/Source
Revision
269867
Author
[email protected]
Date
2020-11-16 11:52:43 -0800 (Mon, 16 Nov 2020)

Log Message

[macOS] The WebContent sandbox does not apply for open source builds
https://bugs.webkit.org/show_bug.cgi?id=218982

Reviewed by Alexey Proskuryakov.

Source/WebKit:

The WebContent sandbox does not apply for open source builds on macOS, since it has enabled message filtering,
which requires a private entitlement.

* WebProcess/com.apple.WebProcess.sb.in:

Source/WTF:

Add HAVE define for sandbox message filtering.

* wtf/PlatformHave.h:

Modified Paths

Diff

Modified: trunk/Source/WTF/ChangeLog (269866 => 269867)


--- trunk/Source/WTF/ChangeLog	2020-11-16 19:46:50 UTC (rev 269866)
+++ trunk/Source/WTF/ChangeLog	2020-11-16 19:52:43 UTC (rev 269867)
@@ -1,3 +1,14 @@
+2020-11-16  Per Arne Vollan  <[email protected]>
+
+        [macOS] The WebContent sandbox does not apply for open source builds
+        https://bugs.webkit.org/show_bug.cgi?id=218982
+
+        Reviewed by Alexey Proskuryakov.
+
+        Add HAVE define for sandbox message filtering.
+
+        * wtf/PlatformHave.h:
+
 2020-11-16  Megan Gardner  <[email protected]>
 
         Add menu support for app highlights for books

Modified: trunk/Source/WTF/wtf/PlatformHave.h (269866 => 269867)


--- trunk/Source/WTF/wtf/PlatformHave.h	2020-11-16 19:46:50 UTC (rev 269866)
+++ trunk/Source/WTF/wtf/PlatformHave.h	2020-11-16 19:52:43 UTC (rev 269867)
@@ -770,3 +770,7 @@
 #if PLATFORM(IOS) || PLATFORM(MACCATALYST) || PLATFORM(MAC)
 #define HAVE_AVCAPTUREDEVICE 1
 #endif
+
+#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000 && defined __has_include && __has_include(<CoreFoundation/CFPriv.h>)
+#define HAVE_SANDBOX_MESSAGE_FILTERING 1
+#endif

Modified: trunk/Source/WebKit/ChangeLog (269866 => 269867)


--- trunk/Source/WebKit/ChangeLog	2020-11-16 19:46:50 UTC (rev 269866)
+++ trunk/Source/WebKit/ChangeLog	2020-11-16 19:52:43 UTC (rev 269867)
@@ -1,3 +1,15 @@
+2020-11-16  Per Arne Vollan  <[email protected]>
+
+        [macOS] The WebContent sandbox does not apply for open source builds
+        https://bugs.webkit.org/show_bug.cgi?id=218982
+
+        Reviewed by Alexey Proskuryakov.
+
+        The WebContent sandbox does not apply for open source builds on macOS, since it has enabled message filtering,
+        which requires a private entitlement.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2020-11-16  Megan Gardner  <[email protected]>
 
         Add menu support for app highlights for books

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (269866 => 269867)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-11-16 19:46:50 UTC (rev 269866)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-11-16 19:52:43 UTC (rev 269867)
@@ -112,7 +112,7 @@
     ;; OpenCL
     (allow iokit-open
         (iokit-connection "IOAccelerator")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow
@@ -127,7 +127,7 @@
     )
     (allow iokit-open
         (iokit-registry-entry-class "IOAccelerationUserClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow (with telemetry)
@@ -140,7 +140,7 @@
     )
     (allow iokit-open
         (iokit-registry-entry-class "IOSurfaceRootUserClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow
@@ -155,7 +155,7 @@
     )
     (allow iokit-open
         (iokit-registry-entry-class "IOSurfaceSendRight")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow (with telemetry)
@@ -174,7 +174,7 @@
     ;; H.264 Acceleration
     (allow iokit-open
         (iokit-registry-entry-class "AppleIntelMEUserClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow
@@ -189,7 +189,7 @@
     )
     (allow iokit-open
         (iokit-registry-entry-class "AppleSNBFBUserClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow
@@ -205,7 +205,7 @@
     ;; QuartzCore
     (allow iokit-open
         (iokit-registry-entry-class "AGPMClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow (with telemetry)
@@ -218,7 +218,7 @@
     )
     (allow iokit-open
         (iokit-registry-entry-class "AppleGraphicsControlClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow
@@ -233,7 +233,7 @@
     )
     (allow iokit-open
         (iokit-registry-entry-class "AppleGraphicsPolicyClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow (with telemetry)
@@ -247,7 +247,7 @@
     ;; OpenGL
     (allow iokit-open
         (iokit-registry-entry-class "AppleMGPUPowerControlClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow (with telemetry)
@@ -816,7 +816,7 @@
 
 (allow iokit-open
     (iokit-user-client-class "AppleUpstreamUserClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
     (with telemetry-backtrace)
     (apply-message-filter
         (allow (with telemetry)
@@ -830,7 +830,7 @@
 
 (allow iokit-open
     (iokit-user-client-class "RootDomainUserClient") ;; Needed by WebCore::PerformanceMonitor
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
     (with telemetry-backtrace)
     (apply-message-filter
         (allow (with telemetry)
@@ -844,7 +844,7 @@
 
 (allow iokit-open
     (iokit-user-client-class "AudioAUUC") ;; <rdar://problem/10427451> && <rdar://problem/10808817>
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
     (with telemetry-backtrace)
     (apply-message-filter
         (allow (with telemetry)
@@ -858,7 +858,7 @@
 
 (allow iokit-open
     (iokit-user-client-class "IOAudioControlUserClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
     (with telemetry-backtrace)
     (apply-message-filter
         (allow (with telemetry)
@@ -872,7 +872,7 @@
 
 (allow iokit-open
     (iokit-user-client-class "IOAudioEngineUserClient")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
     (with telemetry-backtrace)
     (apply-message-filter
         (allow (with telemetry)
@@ -1168,7 +1168,7 @@
     (allow iokit-open
         ;; QuickTimeUSBVDCDigitizer
         (iokit-user-client-class "IOUSBDeviceUserClientV2")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow (with telemetry)
@@ -1181,7 +1181,7 @@
     )
     (allow iokit-open
         (iokit-user-client-class "IOUSBInterfaceUserClientV2")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
         (with telemetry-backtrace)
         (apply-message-filter
             (allow (with telemetry)
@@ -1428,6 +1428,7 @@
 #include <WebKitAdditions/WebContentSandboxAdditionsMac.sb>
 #endif
 
+#if HAVE(SANDBOX_MESSAGE_FILTERING)
 (when (defined? 'mach-bootstrap)
     (allow mach-bootstrap
         (apply-message-filter
@@ -1550,3 +1551,4 @@
         )
     )
 )
+#endif // HAVE(SANDBOX_MESSAGE_FILTERING)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to