Diff
Modified: trunk/Source/WTF/ChangeLog (280257 => 280258)
--- trunk/Source/WTF/ChangeLog 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WTF/ChangeLog 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,3 +1,16 @@
+2021-07-23 Robert Jenner <[email protected]>
+
+ Unreviewed, reverting r280205.
+
+ Broke multiple WebAuthn tests.
+
+ Reverted changeset:
+
+ "REGRESSION (r278877) [Cocoa] WebAuthn stopped working for
+ non-Safari browsers"
+ https://bugs.webkit.org/show_bug.cgi?id=228116
+ https://commits.webkit.org/r280205
+
2021-07-23 Philippe Normand <[email protected]>
[GLib] Remove libportal dependency
Modified: trunk/Source/WTF/WTF.xcodeproj/project.pbxproj (280257 => 280258)
--- trunk/Source/WTF/WTF.xcodeproj/project.pbxproj 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WTF/WTF.xcodeproj/project.pbxproj 2021-07-23 21:01:12 UTC (rev 280258)
@@ -451,7 +451,6 @@
795212021F42588800BD6421 /* SingleRootGraph.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SingleRootGraph.h; sourceTree = "<group>"; };
7A05093D1FB9DCC500B33FB8 /* JSONValues.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSONValues.h; sourceTree = "<group>"; };
7A05093E1FB9DCC500B33FB8 /* JSONValues.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSONValues.cpp; sourceTree = "<group>"; };
- 7A4D4AAB26A8DEFC001182F1 /* CodeSignSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CodeSignSPI.h; sourceTree = "<group>"; };
7A6EBA3220746C33004F9C44 /* MachSendRight.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MachSendRight.h; sourceTree = "<group>"; };
7A6EBA3320746C34004F9C44 /* MachSendRight.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = MachSendRight.cpp; sourceTree = "<group>"; };
7AF023B32061E16C00A8EFD6 /* ProcessPrivilege.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ProcessPrivilege.h; sourceTree = "<group>"; };
@@ -1521,7 +1520,6 @@
CE73E02319DCB7AB00580D5C /* darwin */ = {
isa = PBXGroup;
children = (
- 7A4D4AAB26A8DEFC001182F1 /* CodeSignSPI.h */,
14933E21228C22DF00F79E46 /* DataVaultSPI.h */,
E431CC4A21187ADB000C8A07 /* DispatchSPI.h */,
93DDE9311CDC052D00FD3491 /* dyldSPI.h */,
Modified: trunk/Source/WTF/wtf/spi/cocoa/SecuritySPI.h (280257 => 280258)
--- trunk/Source/WTF/wtf/spi/cocoa/SecuritySPI.h 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WTF/wtf/spi/cocoa/SecuritySPI.h 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -76,9 +76,7 @@
SecTaskRef SecTaskCreateWithAuditToken(CFAllocatorRef, audit_token_t);
SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef);
-CFStringRef SecTaskCopySigningIdentifier(SecTaskRef, CFErrorRef *);
CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef, CFStringRef entitlement, CFErrorRef*);
-uint32_t SecTaskGetCodeSignStatus(SecTaskRef);
SecIdentityRef SecIdentityCreate(CFAllocatorRef, SecCertificateRef, SecKeyRef);
SecAccessControlRef SecAccessControlCreateFromData(CFAllocatorRef, CFDataRef, CFErrorRef*);
CFDataRef SecAccessControlCopyData(SecAccessControlRef);
@@ -87,10 +85,12 @@
#if PLATFORM(MAC)
#include <Security/SecAsn1Types.h>
+CFStringRef SecTaskCopySigningIdentifier(SecTaskRef, CFErrorRef *);
ALLOW_DEPRECATED_DECLARATIONS_BEGIN
extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[];
extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[];
ALLOW_DEPRECATED_DECLARATIONS_END
+uint32_t SecTaskGetCodeSignStatus(SecTaskRef);
#endif
#if HAVE(SEC_TRUST_SERIALIZATION)
Deleted: trunk/Source/WTF/wtf/spi/darwin/CodeSignSPI.h (280257 => 280258)
--- trunk/Source/WTF/wtf/spi/darwin/CodeSignSPI.h 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WTF/wtf/spi/darwin/CodeSignSPI.h 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,35 +0,0 @@
-/*
- * Copyright (C) 2021 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#pragma once
-
-#if USE(APPLE_INTERNAL_SDK)
-
-#include <Kernel/kern/cs_blobs.h>
-
-#else
-
-#define CS_PLATFORM_BINARY 0x04000000
-
-#endif
Modified: trunk/Source/WebKit/ChangeLog (280257 => 280258)
--- trunk/Source/WebKit/ChangeLog 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/ChangeLog 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,3 +1,16 @@
+2021-07-23 Robert Jenner <[email protected]>
+
+ Unreviewed, reverting r280205.
+
+ Broke multiple WebAuthn tests.
+
+ Reverted changeset:
+
+ "REGRESSION (r278877) [Cocoa] WebAuthn stopped working for
+ non-Safari browsers"
+ https://bugs.webkit.org/show_bug.cgi?id=228116
+ https://commits.webkit.org/r280205
+
2021-07-23 Per Arne <[email protected]>
[macOS] Reduce sandbox logging
Deleted: trunk/Source/WebKit/Shared/Cocoa/CodeSigning.h (280257 => 280258)
--- trunk/Source/WebKit/Shared/Cocoa/CodeSigning.h 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/Shared/Cocoa/CodeSigning.h 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2016-2021 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include <wtf/Forward.h>
-#include <wtf/spi/darwin/XPCSPI.h>
-
-namespace WebKit {
-
-// These functions return a null string if the process is unsigned.
-String codeSigningIdentifierForCurrentProcess();
-String codeSigningIdentifier(xpc_connection_t);
-bool currentProcessIsPlatformBinary();
-std::pair<String, bool> codeSigningIdentifierAndPlatformBinaryStatus(xpc_connection_t);
-
-} // namespace WebKit
Deleted: trunk/Source/WebKit/Shared/Cocoa/CodeSigning.mm (280257 => 280258)
--- trunk/Source/WebKit/Shared/Cocoa/CodeSigning.mm 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/Shared/Cocoa/CodeSigning.mm 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2016-2021 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#import "config.h"
-#import "CodeSigning.h"
-
-#if PLATFORM(COCOA)
-
-#import <wtf/RetainPtr.h>
-#import <wtf/spi/cocoa/SecuritySPI.h>
-#import <wtf/spi/darwin/CodeSignSPI.h>
-#import <wtf/text/WTFString.h>
-
-namespace WebKit {
-
-static String codeSigningIdentifier(SecTaskRef task)
-{
- return adoptCF(SecTaskCopySigningIdentifier(task, nullptr)).get();
-}
-
-String codeSigningIdentifierForCurrentProcess()
-{
- return codeSigningIdentifier(adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault)).get());
-}
-
-String codeSigningIdentifier(xpc_connection_t connection)
-{
- auto pair = codeSigningIdentifierAndPlatformBinaryStatus(connection);
- return pair.first;
-}
-
-bool currentProcessIsPlatformBinary()
-{
- auto task = adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault));
- return SecTaskGetCodeSignStatus(task.get()) & CS_PLATFORM_BINARY;
-}
-
-std::pair<String, bool> codeSigningIdentifierAndPlatformBinaryStatus(xpc_connection_t connection)
-{
- audit_token_t auditToken;
- xpc_connection_get_audit_token(connection, &auditToken);
- auto task = adoptCF(SecTaskCreateWithAuditToken(kCFAllocatorDefault, auditToken));
- bool isPlatformBinary = SecTaskGetCodeSignStatus(task.get()) & CS_PLATFORM_BINARY;
- auto signingIdentifier = codeSigningIdentifier(task.get());
- return std::make_pair(signingIdentifier, isPlatformBinary);
-}
-
-} // namespace WebKit
-
-#endif // PLATFORM(COCOA)
Modified: trunk/Source/WebKit/Shared/Cocoa/XPCEndpoint.mm (280257 => 280258)
--- trunk/Source/WebKit/Shared/Cocoa/XPCEndpoint.mm 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/Shared/Cocoa/XPCEndpoint.mm 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2020-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,9 @@
#if PLATFORM(MAC)
#import "CodeSigning.h"
+#import <Kernel/kern/cs_blobs.h>
#import <wtf/RetainPtr.h>
+#import <wtf/spi/cocoa/SecuritySPI.h>
#import <wtf/text/WTFString.h>
#endif
@@ -53,7 +55,10 @@
if (pid != getpid() && !WTF::hasEntitlement(connection.get(), "com.apple.private.webkit.use-xpc-endpoint")) {
WTFLogAlways("Audit token does not have required entitlement com.apple.private.webkit.use-xpc-endpoint");
#if PLATFORM(MAC)
- auto [signingIdentifier, isPlatformBinary] = codeSigningIdentifierAndPlatformBinaryStatus(connection.get());
+ audit_token_t auditToken;
+ xpc_connection_get_audit_token(connection.get(), &auditToken);
+ bool isPlatformBinary = SecTaskGetCodeSignStatus(adoptCF(SecTaskCreateWithAuditToken(kCFAllocatorDefault, auditToken)).get()) & CS_PLATFORM_BINARY;
+ auto signingIdentifier = codeSigningIdentifier(connection.get());
if (!isPlatformBinary || !signingIdentifier.startsWith("com.apple.WebKit.WebContent")) {
WTFLogAlways("XPC endpoint denied to connect with unknown client");
Copied: trunk/Source/WebKit/Shared/mac/CodeSigning.h (from rev 280256, trunk/Source/WebKit/Shared/Cocoa/CodeSigning.h) (0 => 280258)
--- trunk/Source/WebKit/Shared/mac/CodeSigning.h (rev 0)
+++ trunk/Source/WebKit/Shared/mac/CodeSigning.h 2021-07-23 21:01:12 UTC (rev 280258)
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <wtf/Forward.h>
+#include <wtf/spi/darwin/XPCSPI.h>
+
+namespace WebKit {
+
+// These functions return a null string if the process is unsigned.
+String codeSigningIdentifierForCurrentProcess();
+String codeSigningIdentifier(xpc_connection_t);
+
+} // namespace WebKit
Copied: trunk/Source/WebKit/Shared/mac/CodeSigning.mm (from rev 280256, trunk/Source/WebKit/Shared/Cocoa/CodeSigning.mm) (0 => 280258)
--- trunk/Source/WebKit/Shared/mac/CodeSigning.mm (rev 0)
+++ trunk/Source/WebKit/Shared/mac/CodeSigning.mm 2021-07-23 21:01:12 UTC (rev 280258)
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+#import "CodeSigning.h"
+
+#if PLATFORM(MAC) || PLATFORM(MACCATALYST)
+
+#import <wtf/RetainPtr.h>
+#import <wtf/spi/cocoa/SecuritySPI.h>
+#import <wtf/text/WTFString.h>
+
+namespace WebKit {
+
+static String codeSigningIdentifier(SecTaskRef task)
+{
+ return adoptCF(SecTaskCopySigningIdentifier(task, nullptr)).get();
+}
+
+String codeSigningIdentifierForCurrentProcess()
+{
+ return codeSigningIdentifier(adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault)).get());
+}
+
+String codeSigningIdentifier(xpc_connection_t connection)
+{
+ audit_token_t auditToken;
+ xpc_connection_get_audit_token(connection, &auditToken);
+ return codeSigningIdentifier(adoptCF(SecTaskCreateWithAuditToken(kCFAllocatorDefault, auditToken)).get());
+}
+
+} // namespace WebKit
+
+#endif // PLATFORM(MAC)
Modified: trunk/Source/WebKit/SourcesCocoa.txt (280257 => 280258)
--- trunk/Source/WebKit/SourcesCocoa.txt 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/SourcesCocoa.txt 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,4 +1,4 @@
-// Copyright (C) 2018-2021 Apple Inc. All rights reserved.
+// Copyright (C) 2018-2019 Apple Inc. All rights reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
@@ -161,7 +161,6 @@
Shared/Cocoa/APIObject.mm
Shared/Cocoa/ArgumentCodersCocoa.mm
Shared/Cocoa/AuxiliaryProcessCocoa.mm
-Shared/Cocoa/CodeSigning.mm
Shared/Cocoa/CompletionHandlerCallChecker.mm
Shared/Cocoa/CoreTextHelpers.mm
Shared/Cocoa/DataDetectionResult.mm
@@ -206,6 +205,7 @@
Shared/ios/WebTouchEventIOS.cpp
Shared/mac/AuxiliaryProcessMac.mm
+Shared/mac/CodeSigning.mm
Shared/mac/HangDetectionDisablerMac.mm
Shared/mac/NativeWebGestureEventMac.mm
Shared/mac/NativeWebKeyboardEventMac.mm
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm (280257 => 280258)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2021-07-23 21:01:12 UTC (rev 280258)
@@ -27,7 +27,6 @@
#import "WebProcessProxy.h"
#import "AccessibilitySupportSPI.h"
-#import "CodeSigning.h"
#import "HighPerformanceGPUManager.h"
#import "Logging.h"
#import "ObjCObjectGraph.h"
@@ -306,7 +305,7 @@
});
}
-bool WebProcessProxy::messageSourceIsValidWebContentProcess()
+bool WebProcessProxy::hasCorrectPACEntitlement()
{
if (!hasConnection()) {
ASSERT_NOT_REACHED();
@@ -313,21 +312,22 @@
return false;
}
+#if HAVE(PAC_SHARED_REGION_ID)
+ auto auditToken = connection()->getAuditToken();
+ if (!auditToken) {
+ ASSERT_NOT_REACHED();
+ RELEASE_LOG_ERROR(Process, "Unable to get parent web process audit token");
+ return false;
+ }
+
#if USE(APPLE_INTERNAL_SDK)
-#if PLATFORM(IOS)
- // FIXME(rdar://80908833): On iOS, we can only perform the below checks for platform binaries until rdar://80908833 is fixed.
- if (!currentProcessIsPlatformBinary())
- return true;
-#endif
-
// Confirm that the connection is from a WebContent process:
- auto [signingIdentifier, isPlatformBinary] = codeSigningIdentifierAndPlatformBinaryStatus(connection()->xpcConnection());
-
- if (!isPlatformBinary || !signingIdentifier.startsWith("com.apple.WebKit.WebContent")) {
- RELEASE_LOG_ERROR(Process, "Process is not an entitled WebContent process.");
+ if (!WTF::hasEntitlementValue(auditToken.value(), "com.apple.pac.shared_region_id", "WebContent")) {
+ RELEASE_LOG_ERROR(Process, "Process is not an entitled WebContent process. Process shared_region_id is incorrect.");
return false;
}
#endif
+#endif
return true;
}
Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp (280257 => 280258)
--- trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp 2021-07-23 21:01:12 UTC (rev 280258)
@@ -825,7 +825,7 @@
#if ENABLE(WEB_AUTHN)
void WebProcessProxy::getWebAuthnProcessConnection(Messages::WebProcessProxy::GetWebAuthnProcessConnection::DelayedReply&& reply)
{
- MESSAGE_CHECK_COMPLETION(messageSourceIsValidWebContentProcess(), reply({ }));
+ MESSAGE_CHECK_COMPLETION(hasCorrectPACEntitlement(), reply({ }));
m_processPool->getWebAuthnProcessConnection(*this, WTFMove(reply));
}
#endif
Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.h (280257 => 280258)
--- trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2021-07-23 21:01:12 UTC (rev 280258)
@@ -531,7 +531,7 @@
#endif
#if PLATFORM(COCOA)
- bool messageSourceIsValidWebContentProcess();
+ bool hasCorrectPACEntitlement();
#endif
enum class IsWeak { No, Yes };
Modified: trunk/Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm (280257 => 280258)
--- trunk/Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm 2021-07-23 21:01:12 UTC (rev 280258)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2021 Apple Inc. All rights reserved.
+ * Copyright (C) 2011 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,10 +29,11 @@
#if PLATFORM(MAC)
-#import "CodeSigning.h"
#import "WKFullKeyboardAccessWatcher.h"
+#import <Kernel/kern/cs_blobs.h>
#import <signal.h>
#import <wtf/ProcessPrivilege.h>
+#import <wtf/spi/cocoa/SecuritySPI.h>
namespace WebKit {
@@ -51,7 +52,7 @@
if (!isSystemWebKit)
return false;
- static bool isPlatformBinary = currentProcessIsPlatformBinary();
+ static bool isPlatformBinary = SecTaskGetCodeSignStatus(adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault)).get()) & CS_PLATFORM_BINARY;
if (isPlatformBinary)
return false;
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (280257 => 280258)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2021-07-23 21:00:51 UTC (rev 280257)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2021-07-23 21:01:12 UTC (rev 280258)
@@ -3,7 +3,7 @@
archiveVersion = 1;
classes = {
};
- objectVersion = 54;
+ objectVersion = 52;
objects = {
/* Begin PBXAggregateTarget section */
@@ -5998,6 +5998,7 @@
F40BBB40257FF46E0067463A /* GPUProcessWakeupMessageArguments.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = GPUProcessWakeupMessageArguments.h; sourceTree = "<group>"; };
F40D1B68220BDC0F00B49A01 /* WebAutocorrectionContext.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = WebAutocorrectionContext.h; path = ios/WebAutocorrectionContext.h; sourceTree = "<group>"; };
F41056612130699A0092281D /* APIAttachmentCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = APIAttachmentCocoa.mm; sourceTree = "<group>"; };
+ F414CE2A269DDED100BD216A /* GPUProcessCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = GPUProcessCocoa.mm; path = cocoa/GPUProcessCocoa.mm; sourceTree = "<group>"; };
F414CE2C269DE6EA00BD216A /* RemoteRenderingBackendState.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteRenderingBackendState.h; sourceTree = "<group>"; };
F42D633F22A0EFD300D2FB3A /* WebAutocorrectionData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebAutocorrectionData.h; path = ios/WebAutocorrectionData.h; sourceTree = "<group>"; };
F42D634022A0EFD300D2FB3A /* WebAutocorrectionData.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WebAutocorrectionData.mm; path = ios/WebAutocorrectionData.mm; sourceTree = "<group>"; };
@@ -8356,8 +8357,6 @@
A175C44921AA3170000037D0 /* ArgumentCodersCocoa.h */,
A175C44B21AA331B000037D0 /* ArgumentCodersCocoa.mm */,
1A698F171E4910220064E881 /* AuxiliaryProcessCocoa.mm */,
- CE11AD511CBC482F00681EE5 /* CodeSigning.h */,
- CE11AD4F1CBC47F800681EE5 /* CodeSigning.mm */,
37BEC4DF19491486008B4286 /* CompletionHandlerCallChecker.h */,
37BEC4DE19491486008B4286 /* CompletionHandlerCallChecker.mm */,
1C739E872347BD0F00C621EC /* CoreTextHelpers.h */,
@@ -10531,6 +10530,8 @@
children = (
A15799AC2584433100528236 /* MediaFormatReader */,
9F54F88E16488E87007DF81A /* AuxiliaryProcessMac.mm */,
+ CE11AD511CBC482F00681EE5 /* CodeSigning.h */,
+ CE11AD4F1CBC47F800681EE5 /* CodeSigning.mm */,
1AC75A1C1B33695E0056745B /* HangDetectionDisablerMac.mm */,
2D50365D1BCC793F00E20BB3 /* NativeWebGestureEventMac.mm */,
C02BFF1D1251502E009CCBEA /* NativeWebKeyboardEventMac.mm */,
@@ -11711,6 +11712,14 @@
path = cache;
sourceTree = "<group>";
};
+ F414CE27269DDE8000BD216A /* cocoa */ = {
+ isa = PBXGroup;
+ children = (
+ F414CE2A269DDED100BD216A /* GPUProcessCocoa.mm */,
+ );
+ name = cocoa;
+ sourceTree = "<group>";
+ };
F638955A133BF57D008941D5 /* mac */ = {
isa = PBXGroup;
children = (
