[webkit-changes] [272082] trunk/Source

[ysuzuki]

Title: [272082] trunk/Source

Revision

272082

Author

ysuz...@apple.com

Date

2021-01-29 15:31:48 -0800 (Fri, 29 Jan 2021)

Log Message

[JSC] Add com.apple.private.securejit entitlement for JITCage
https://bugs.webkit.org/show_bug.cgi?id=221147

Reviewed by Keith Miller.

Source/_javascript_Core:

Add com.apple.private.securejit only for iOS, used for JITCage.

* entitlements.plist:
* runtime/Options.cpp:
(JSC::canUseJITCage):

Source/WebKit:

Add com.apple.private.securejit only for iOS.

* Scripts/process-entitlements.sh:

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/entitlements.plist
• trunk/Source/_javascript_Core/runtime/Options.cpp
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Scripts/process-entitlements.sh

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (272081 => 272082)

--- trunk/Source/_javascript_Core/ChangeLog	2021-01-29 23:07:25 UTC (rev 272081)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-01-29 23:31:48 UTC (rev 272082)
@@ -1,5 +1,18 @@
 2021-01-29  Yusuke Suzuki  <ysuz...@apple.com>
 
+        [JSC] Add com.apple.private.securejit entitlement for JITCage
+        https://bugs.webkit.org/show_bug.cgi?id=221147
+
+        Reviewed by Keith Miller.
+
+        Add com.apple.private.securejit only for iOS, used for JITCage.
+
+        * entitlements.plist:
+        * runtime/Options.cpp:
+        (JSC::canUseJITCage):
+
+2021-01-29  Yusuke Suzuki  <ysuz...@apple.com>
+
         [JSC] Fix WebAssembly.Global's error message and support "funcref"
         https://bugs.webkit.org/show_bug.cgi?id=221157
 

Modified: trunk/Source/_javascript_Core/entitlements.plist (272081 => 272082)

--- trunk/Source/_javascript_Core/entitlements.plist	2021-01-29 23:07:25 UTC (rev 272081)
+++ trunk/Source/_javascript_Core/entitlements.plist	2021-01-29 23:31:48 UTC (rev 272082)
@@ -2,6 +2,8 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>com.apple.private.securejit</key>
+	<true/>
 	<key>dynamic-codesigning</key>
 	<true/>
 </dict>

Modified: trunk/Source/_javascript_Core/runtime/Options.cpp (272081 => 272082)

--- trunk/Source/_javascript_Core/runtime/Options.cpp	2021-01-29 23:07:25 UTC (rev 272081)
+++ trunk/Source/_javascript_Core/runtime/Options.cpp	2021-01-29 23:31:48 UTC (rev 272082)
@@ -53,6 +53,7 @@
 #if ENABLE(JIT_CAGE)
 #include <WebKitAdditions/JITCageAdditions.h>
 #include <machine/cpu_capabilities.h>
+#include <wtf/cocoa/Entitlements.h>
 #endif
 
 namespace JSC {
@@ -1126,7 +1127,10 @@
 }
 
 #if ENABLE(JIT_CAGE)
-bool canUseJITCage() { return JSC_JIT_CAGE_VERSION(); }
+bool canUseJITCage()
+{
+    return JSC_JIT_CAGE_VERSION() && processHasEntitlement("com.apple.private.securejit");
+}
 #else
 bool canUseJITCage() { return false; }
 #endif

Modified: trunk/Source/WebKit/ChangeLog (272081 => 272082)

--- trunk/Source/WebKit/ChangeLog	2021-01-29 23:07:25 UTC (rev 272081)
+++ trunk/Source/WebKit/ChangeLog	2021-01-29 23:31:48 UTC (rev 272082)
@@ -1,3 +1,14 @@
+2021-01-29  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] Add com.apple.private.securejit entitlement for JITCage
+        https://bugs.webkit.org/show_bug.cgi?id=221147
+
+        Reviewed by Keith Miller.
+
+        Add com.apple.private.securejit only for iOS.
+
+        * Scripts/process-entitlements.sh:
+
 2021-01-29  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, reverting r272065.

Modified: trunk/Source/WebKit/Scripts/process-entitlements.sh (272081 => 272082)

--- trunk/Source/WebKit/Scripts/process-entitlements.sh	2021-01-29 23:07:25 UTC (rev 272081)
+++ trunk/Source/WebKit/Scripts/process-entitlements.sh	2021-01-29 23:31:48 UTC (rev 272082)
@@ -194,6 +194,7 @@
     plistbuddy Add :com.apple.private.memorystatus bool YES
     plistbuddy Add :com.apple.private.network.socket-delegate bool YES
     plistbuddy Add :com.apple.private.pac.exception bool YES
+    plistbuddy Add :com.apple.private.securejit bool YES
     plistbuddy Add :com.apple.private.security.message-filter bool YES
     plistbuddy Add :com.apple.private.webinspector.allow-remote-inspection bool YES
     plistbuddy Add :com.apple.private.webinspector.proxy-application bool YES
@@ -293,6 +294,7 @@
 
 function ios_family_process_plugin_entitlements()
 {
+    plistbuddy Add :com.apple.private.securejit                            bool YES
     plistbuddy Add :com.apple.security.cs.allow-jit                        bool YES
     plistbuddy Add :com.apple.security.cs.allow-unsigned-executable-memory bool YES
     plistbuddy Add :com.apple.security.cs.disable-library-validation       bool YES

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes