Diff
Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/ChangeLog 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog 2021-01-25 22:11:12 UTC (rev 271824)
@@ -1,5 +1,68 @@
2021-01-25 Alan Coon <[email protected]>
+ Cherry-pick r271469. rdar://problem/73468174
+
+ [Cocoa] Network extension sandbox extensions are sometimes issued too late
+ https://bugs.webkit.org/show_bug.cgi?id=220525
+ <rdar://problem/68443565>
+
+ Reviewed by Brent Fulgham.
+
+ Currently, Network extension sandbox extensions are sent to the WebContent process as part of the load parameters, but this is too late in some cases.
+ In these cases, the extensions can be sent along with the DidReceivePolicyDecision message.
+
+ * Shared/Cocoa/LoadParametersCocoa.mm:
+ (WebKit::LoadParameters::platformEncode const):
+ (WebKit::LoadParameters::platformDecode):
+ * Shared/LoadParameters.h:
+ * UIProcess/Cocoa/WebPageProxyCocoa.mm:
+ (WebKit::WebPageProxy::addPlatformLoadParameters):
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::createNetworkExtensionsSandboxExtensions):
+ (WebKit::WebPageProxy::decidePolicyForNavigationActionAsyncShared):
+ (WebKit::WebPageProxy::decidePolicyForNewWindowAction):
+ (WebKit::WebPageProxy::decidePolicyForResponseShared):
+ * WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
+ (WebKit::WebPage::platformDidReceiveLoadParameters):
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::didReceivePolicyDecision):
+ * WebProcess/WebPage/WebPage.h:
+ * WebProcess/WebPage/WebPage.messages.in:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271469 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-01-13 Per Arne Vollan <[email protected]>
+
+ [Cocoa] Network extension sandbox extensions are sometimes issued too late
+ https://bugs.webkit.org/show_bug.cgi?id=220525
+ <rdar://problem/68443565>
+
+ Reviewed by Brent Fulgham.
+
+ Currently, Network extension sandbox extensions are sent to the WebContent process as part of the load parameters, but this is too late in some cases.
+ In these cases, the extensions can be sent along with the DidReceivePolicyDecision message.
+
+ * Shared/Cocoa/LoadParametersCocoa.mm:
+ (WebKit::LoadParameters::platformEncode const):
+ (WebKit::LoadParameters::platformDecode):
+ * Shared/LoadParameters.h:
+ * UIProcess/Cocoa/WebPageProxyCocoa.mm:
+ (WebKit::WebPageProxy::addPlatformLoadParameters):
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::createNetworkExtensionsSandboxExtensions):
+ (WebKit::WebPageProxy::decidePolicyForNavigationActionAsyncShared):
+ (WebKit::WebPageProxy::decidePolicyForNewWindowAction):
+ (WebKit::WebPageProxy::decidePolicyForResponseShared):
+ * WebProcess/WebPage/Cocoa/WebPageCocoa.mm:
+ (WebKit::WebPage::platformDidReceiveLoadParameters):
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::didReceivePolicyDecision):
+ * WebProcess/WebPage/WebPage.h:
+ * WebProcess/WebPage/WebPage.messages.in:
+
+2021-01-25 Alan Coon <[email protected]>
+
Cherry-pick r271405. rdar://problem/73466993
[Cocoa] Support key rotation with HLS-backed encrypted media streams
Modified: branches/safari-611-branch/Source/WebKit/Shared/Cocoa/LoadParametersCocoa.mm (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/Shared/Cocoa/LoadParametersCocoa.mm 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/Shared/Cocoa/LoadParametersCocoa.mm 2021-01-25 22:11:12 UTC (rev 271824)
@@ -37,8 +37,6 @@
{
IPC::encode(encoder, dataDetectionContext.get());
- encoder << neHelperExtensionHandle;
- encoder << neSessionManagerExtensionHandle;
#if PLATFORM(IOS)
encoder << contentFilterExtensionHandle;
encoder << frontboardServiceExtensionHandle;
@@ -50,18 +48,6 @@
if (!IPC::decode(decoder, parameters.dataDetectionContext))
return false;
- Optional<Optional<SandboxExtension::Handle>> neHelperExtensionHandle;
- decoder >> neHelperExtensionHandle;
- if (!neHelperExtensionHandle)
- return false;
- parameters.neHelperExtensionHandle = WTFMove(*neHelperExtensionHandle);
-
- Optional<Optional<SandboxExtension::Handle>> neSessionManagerExtensionHandle;
- decoder >> neSessionManagerExtensionHandle;
- if (!neSessionManagerExtensionHandle)
- return false;
- parameters.neSessionManagerExtensionHandle = WTFMove(*neSessionManagerExtensionHandle);
-
#if PLATFORM(IOS)
Optional<Optional<SandboxExtension::Handle>> contentFilterExtensionHandle;
decoder >> contentFilterExtensionHandle;
Modified: branches/safari-611-branch/Source/WebKit/Shared/LoadParameters.h (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/Shared/LoadParameters.h 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/Shared/LoadParameters.h 2021-01-25 22:11:12 UTC (rev 271824)
@@ -74,8 +74,6 @@
#if PLATFORM(COCOA)
RetainPtr<NSDictionary> dataDetectionContext;
- Optional<SandboxExtension::Handle> neHelperExtensionHandle;
- Optional<SandboxExtension::Handle> neSessionManagerExtensionHandle;
#endif
#if PLATFORM(IOS)
Optional<SandboxExtension::Handle> contentFilterExtensionHandle;
Modified: branches/safari-611-branch/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm 2021-01-25 22:11:12 UTC (rev 271824)
@@ -154,23 +154,6 @@
{
loadParameters.dataDetectionContext = m_uiClient->dataDetectionContext();
-#if ENABLE(CONTENT_FILTERING)
- if (!process.hasNetworkExtensionSandboxAccess() && NetworkExtensionContentFilter::isRequired()) {
- SandboxExtension::Handle helperHandle;
- SandboxExtension::createHandleForMachLookup("com.apple.nehelper"_s, WTF::nullopt, helperHandle);
- loadParameters.neHelperExtensionHandle = WTFMove(helperHandle);
- SandboxExtension::Handle managerHandle;
-#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 101500
- SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager"_s, WTF::nullopt, managerHandle);
-#else
- SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter"_s, WTF::nullopt, managerHandle);
-#endif
- loadParameters.neSessionManagerExtensionHandle = WTFMove(managerHandle);
-
- process.markHasNetworkExtensionSandboxAccess();
- }
-#endif
-
#if PLATFORM(IOS)
if (!process.hasManagedSessionSandboxAccess() && [getWebFilterEvaluatorClass() isManagedSession]) {
SandboxExtension::Handle handle;
@@ -552,8 +535,24 @@
send(Messages::WebPage::CreateAppHighlightInSelectedRange(createNewGroup));
}
+#endif
+SandboxExtension::HandleArray WebPageProxy::createNetworkExtensionsSandboxExtensions(WebProcessProxy& process)
+{
+#if ENABLE(CONTENT_FILTERING)
+ if (!process.hasNetworkExtensionSandboxAccess() && NetworkExtensionContentFilter::isRequired()) {
+ process.markHasNetworkExtensionSandboxAccess();
+ constexpr ASCIILiteral neHelperService { "com.apple.nehelper"_s };
+#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 101500
+ constexpr ASCIILiteral neSessionManagerService { "com.apple.nesessionmanager"_s };
+#else
+ constexpr ASCIILiteral neSessionManagerService { "com.apple.nesessionmanager.content-filter"_s };
#endif
+ return SandboxExtension::createHandlesForMachLookup({ neHelperService, neSessionManagerService }, WTF::nullopt);
+ }
+#endif
+ return SandboxExtension::HandleArray();
+}
} // namespace WebKit
Modified: branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.cpp (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.cpp 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.cpp 2021-01-25 22:11:12 UTC (rev 271824)
@@ -5027,7 +5027,7 @@
MESSAGE_CHECK(process, frame);
auto sender = PolicyDecisionSender::create(identifier, [webPageID, frameID, listenerID, process] (const auto& policyDecision) {
- process->send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, policyDecision), webPageID);
+ process->send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, policyDecision, createNetworkExtensionsSandboxExtensions(process)), webPageID);
});
decidePolicyForNavigationAction(process.copyRef(), *frame, WTFMove(frameInfo), navigationID, WTFMove(navigationActionData), WTFMove(originatingFrameInfo), originatingPageID,
@@ -5338,7 +5338,7 @@
ASSERT_UNUSED(safeBrowsingWarning, !safeBrowsingWarning);
auto sender = PolicyDecisionSender::create(identifier, [this, protectedThis = WTFMove(protectedThis), frameID, listenerID] (const auto& policyDecision) {
- send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, policyDecision));
+ send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, policyDecision, createNetworkExtensionsSandboxExtensions(m_process)));
});
receivedPolicyDecision(policyAction, nullptr, nullptr, WTFMove(navigationAction), WTFMove(sender));
@@ -5377,7 +5377,7 @@
ASSERT_UNUSED(safeBrowsingWarning, !safeBrowsingWarning);
auto sender = PolicyDecisionSender::create(identifier, [webPageID, frameID, listenerID, process = WTFMove(process)] (const auto& policyDecision) {
- process->send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, policyDecision), webPageID);
+ process->send(Messages::WebPage::DidReceivePolicyDecision(frameID, listenerID, policyDecision, createNetworkExtensionsSandboxExtensions(process)), webPageID);
});
receivedPolicyDecision(policyAction, navigation.get(), nullptr, WTFMove(navigationResponse), WTFMove(sender));
@@ -10343,6 +10343,13 @@
#endif
+#if !PLATFORM(COCOA)
+SandboxExtension::HandleArray WebPageProxy::createNetworkExtensionsSandboxExtensions(WebProcessProxy& process)
+{
+ return SandboxExtension::HandleArray();
+}
+#endif
+
} // namespace WebKit
#undef RELEASE_LOG_IF_ALLOWED
Modified: branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.h (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.h 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/UIProcess/WebPageProxy.h 2021-01-25 22:11:12 UTC (rev 271824)
@@ -2371,6 +2371,8 @@
bool setIsNavigatingToAppBoundDomainAndCheckIfPermitted(bool isMainFrame, const URL&, Optional<NavigatingToAppBoundDomain>);
#endif
+ static SandboxExtension::HandleArray createNetworkExtensionsSandboxExtensions(WebProcessProxy&);
+
const Identifier m_identifier;
WebCore::PageIdentifier m_webPageID;
WeakPtr<PageClient> m_pageClient;
Modified: branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/Cocoa/WebPageCocoa.mm 2021-01-25 22:11:12 UTC (rev 271824)
@@ -81,14 +81,6 @@
m_dataDetectionContext = parameters.dataDetectionContext;
-#if ENABLE(CONTENT_FILTERING)
- if (parameters.neHelperExtensionHandle)
- SandboxExtension::consumePermanently(*parameters.neHelperExtensionHandle);
- if (parameters.neSessionManagerExtensionHandle)
- SandboxExtension::consumePermanently(*parameters.neSessionManagerExtensionHandle);
- NetworkExtensionContentFilter::setHasConsumedSandboxExtensions(parameters.neHelperExtensionHandle.hasValue() && parameters.neSessionManagerExtensionHandle.hasValue());
-#endif
-
#if PLATFORM(IOS)
if (parameters.contentFilterExtensionHandle)
SandboxExtension::consumePermanently(*parameters.contentFilterExtensionHandle);
@@ -414,6 +406,16 @@
postLayoutData.baseWritingDirection = frame.editor().baseWritingDirectionForSelectionStart();
}
+void WebPage::consumeNetworkExtensionSandboxExtensions(const SandboxExtension::HandleArray& networkExtensionsHandles)
+{
+#if ENABLE(CONTENT_FILTERING)
+ SandboxExtension::consumePermanently(networkExtensionsHandles);
+ NetworkExtensionContentFilter::setHasConsumedSandboxExtensions(networkExtensionsHandles.size());
+#else
+ UNUSED_PARAM(networkExtensionsHandles);
+#endif
+}
+
} // namespace WebKit
#endif // PLATFORM(COCOA)
Modified: branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.cpp (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-01-25 22:11:12 UTC (rev 271824)
@@ -3363,8 +3363,10 @@
pluginView->setLayerHostingMode(m_layerHostingMode);
}
-void WebPage::didReceivePolicyDecision(FrameIdentifier frameID, uint64_t listenerID, PolicyDecision&& policyDecision)
+void WebPage::didReceivePolicyDecision(FrameIdentifier frameID, uint64_t listenerID, PolicyDecision&& policyDecision, const SandboxExtension::HandleArray& networkExtensionsHandles)
{
+ consumeNetworkExtensionSandboxExtensions(networkExtensionsHandles);
+
WebFrame* frame = WebProcess::singleton().webFrame(frameID);
RELEASE_LOG_IF_ALLOWED(Loading, "didReceivePolicyDecision: policyAction: %u - frameID: %llu - webFrame: %p - mainFrame: %d", (unsigned)policyDecision.policyAction, frameID.toUInt64(), frame, frame ? frame->isMainFrame() : 0);
@@ -7144,6 +7146,11 @@
}
#endif
+#if !PLATFORM(COCOA)
+void WebPage::consumeNetworkExtensionSandboxExtensions(const SandboxExtension::HandleArray&)
+{
+}
+#endif
} // namespace WebKit
Modified: branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.h (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.h 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.h 2021-01-25 22:11:12 UTC (rev 271824)
@@ -1584,7 +1584,7 @@
void clearServiceWorkerEntitlementOverride(CompletionHandler<void()>&& completionHandler) { completionHandler(); }
#endif
- void didReceivePolicyDecision(WebCore::FrameIdentifier, uint64_t listenerID, PolicyDecision&&);
+ void didReceivePolicyDecision(WebCore::FrameIdentifier, uint64_t listenerID, PolicyDecision&&, const SandboxExtension::HandleArray&);
void continueWillSubmitForm(WebCore::FrameIdentifier, uint64_t listenerID);
void setUserAgent(const String&);
void setCustomTextEncodingName(const String&);
@@ -1801,6 +1801,8 @@
void setSelectionRange(const WebCore::IntPoint&, WebCore::TextGranularity, bool);
+ void consumeNetworkExtensionSandboxExtensions(const SandboxExtension::HandleArray&);
+
WebCore::PageIdentifier m_identifier;
std::unique_ptr<WebCore::Page> m_page;
Modified: branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.messages.in (271823 => 271824)
--- branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.messages.in 2021-01-25 22:11:06 UTC (rev 271823)
+++ branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/WebPage.messages.in 2021-01-25 22:11:12 UTC (rev 271824)
@@ -196,7 +196,7 @@
UpdateWebsitePolicies(struct WebKit::WebsitePoliciesData websitePolicies)
NotifyUserScripts()
- DidReceivePolicyDecision(WebCore::FrameIdentifier frameID, uint64_t listenerID, struct WebKit::PolicyDecision policyDecision)
+ DidReceivePolicyDecision(WebCore::FrameIdentifier frameID, uint64_t listenerID, struct WebKit::PolicyDecision policyDecision, WebKit::SandboxExtension::HandleArray networkExtensionsSandboxExtensions)
ContinueWillSubmitForm(WebCore::FrameIdentifier frameID, uint64_t listenerID)
