Diff
Modified: trunk/Source/WebCore/ChangeLog (288816 => 288817)
--- trunk/Source/WebCore/ChangeLog 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebCore/ChangeLog 2022-01-31 17:31:33 UTC (rev 288817)
@@ -1,3 +1,15 @@
+2022-01-31 Per Arne Vollan <[email protected]>
+
+ [iOS][WP] Restrict image decoders
+ https://bugs.webkit.org/show_bug.cgi?id=234175
+
+ Reviewed by Brent Fulgham.
+
+ Enable restriced decoding for images.
+
+ * platform/graphics/cg/ImageDecoderCG.cpp:
+ (WebCore::createImageSourceOptions):
+
2022-01-31 J Pascoe <[email protected]>
[WebAuthn] Provide SPI to export/import local credentials
Modified: trunk/Source/WebCore/PAL/ChangeLog (288816 => 288817)
--- trunk/Source/WebCore/PAL/ChangeLog 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebCore/PAL/ChangeLog 2022-01-31 17:31:33 UTC (rev 288817)
@@ -1,3 +1,15 @@
+2022-01-31 Per Arne Vollan <[email protected]>
+
+ [iOS][WP] Restrict image decoders
+ https://bugs.webkit.org/show_bug.cgi?id=234175
+
+ Reviewed by Brent Fulgham.
+
+ Include WebKitAdditions soft link files.
+
+ * pal/cf/VideoToolboxSoftLink.cpp:
+ * pal/cf/VideoToolboxSoftLink.h:
+
2022-01-26 Wenson Hsieh <[email protected]>
Data detectors sometimes show up in the wrong place when resizing images with Live Text
Modified: trunk/Source/WebCore/PAL/pal/cf/VideoToolboxSoftLink.cpp (288816 => 288817)
--- trunk/Source/WebCore/PAL/pal/cf/VideoToolboxSoftLink.cpp 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebCore/PAL/pal/cf/VideoToolboxSoftLink.cpp 2022-01-31 17:31:33 UTC (rev 288817)
@@ -27,9 +27,14 @@
#if USE(AVFOUNDATION)
#include <VideoToolbox/VTCompressionSession.h>
+
+#if USE(APPLE_INTERNAL_SDK)
+#import <WebKitAdditions/VideoToolboxSPIAdditions.h>
+#endif
+
#include <wtf/SoftLinking.h>
-SOFT_LINK_FRAMEWORK_FOR_SOURCE(PAL, VideoToolbox)
+SOFT_LINK_FRAMEWORK_FOR_SOURCE_WITH_EXPORT(PAL, VideoToolbox, PAL_EXPORT)
SOFT_LINK_CONSTANT_FOR_SOURCE(PAL, VideoToolbox, kVTCompressionPropertyKey_ExpectedFrameRate, CFStringRef)
SOFT_LINK_CONSTANT_FOR_SOURCE(PAL, VideoToolbox, kVTCompressionPropertyKey_MaxKeyFrameInterval, CFStringRef)
@@ -49,4 +54,8 @@
SOFT_LINK_FUNCTION_FOR_SOURCE(PAL, VideoToolbox, VTCompressionSessionPrepareToEncodeFrames, OSStatus, (VTCompressionSessionRef session), (session))
SOFT_LINK_FUNCTION_FOR_SOURCE(PAL, VideoToolbox, VTCompressionSessionInvalidate, void, (VTCompressionSessionRef session), (session))
+#if USE(APPLE_INTERNAL_SDK)
+#import <WebKitAdditions/VideoToolboxSoftLinkAdditionsImplementation.h>
+#endif
+
#endif // USE(AVFOUNDATION)
Modified: trunk/Source/WebCore/PAL/pal/cf/VideoToolboxSoftLink.h (288816 => 288817)
--- trunk/Source/WebCore/PAL/pal/cf/VideoToolboxSoftLink.h 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebCore/PAL/pal/cf/VideoToolboxSoftLink.h 2022-01-31 17:31:33 UTC (rev 288817)
@@ -26,6 +26,12 @@
#if USE(AVFOUNDATION)
+#include <VideoToolbox/VTCompressionSession.h>
+
+#if USE(APPLE_INTERNAL_SDK)
+#import <WebKitAdditions/VideoToolboxSPIAdditions.h>
+#endif
+
#include <wtf/SoftLinking.h>
SOFT_LINK_FRAMEWORK_FOR_HEADER(PAL, VideoToolbox)
@@ -64,4 +70,8 @@
SOFT_LINK_FUNCTION_FOR_HEADER(PAL, VideoToolbox, VTCompressionSessionInvalidate, void, (VTCompressionSessionRef session), (session))
#define VTCompressionSessionInvalidate softLink_VideoToolbox_VTCompressionSessionInvalidate
+#if USE(APPLE_INTERNAL_SDK)
+#import <WebKitAdditions/VideoToolboxSoftLinkAdditions.h>
+#endif
+
#endif // USE(AVFOUNDATION)
Modified: trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.cpp (288816 => 288817)
--- trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.cpp 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebCore/platform/graphics/cg/ImageDecoderCG.cpp 2022-01-31 17:31:33 UTC (rev 288817)
@@ -58,6 +58,8 @@
const CFStringRef kCGImageSourceShouldCacheImmediately = CFSTR("kCGImageSourceShouldCacheImmediately");
#endif
+const CFStringRef kCGImageSourceEnableRestrictedDecoding = CFSTR("kCGImageSourceEnableRestrictedDecoding");
+
static RetainPtr<CFMutableDictionaryRef> createImageSourceOptions()
{
RetainPtr<CFMutableDictionaryRef> options = adoptCF(CFDictionaryCreateMutable(nullptr, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
@@ -64,6 +66,9 @@
CFDictionarySetValue(options.get(), kCGImageSourceShouldCache, kCFBooleanTrue);
CFDictionarySetValue(options.get(), kCGImageSourceShouldPreferRGB32, kCFBooleanTrue);
CFDictionarySetValue(options.get(), kCGImageSourceSkipMetadata, kCFBooleanTrue);
+#if HAVE(IMAGE_RESTRICTED_DECODING) && USE(APPLE_INTERNAL_SDK)
+ CFDictionarySetValue(options.get(), kCGImageSourceEnableRestrictedDecoding, kCFBooleanTrue);
+#endif
return options;
}
Modified: trunk/Source/WebKit/ChangeLog (288816 => 288817)
--- trunk/Source/WebKit/ChangeLog 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebKit/ChangeLog 2022-01-31 17:31:33 UTC (rev 288817)
@@ -1,3 +1,21 @@
+2022-01-31 Per Arne Vollan <[email protected]>
+
+ [iOS][WP] Restrict image decoders
+ https://bugs.webkit.org/show_bug.cgi?id=234175
+
+ Reviewed by Brent Fulgham.
+
+ Restrict image decoders in order to enable further sandbox strengthening.
+
+ * Shared/WebProcessCreationParameters.cpp:
+ (WebKit::WebProcessCreationParameters::encode const):
+ (WebKit::WebProcessCreationParameters::decode):
+ * Shared/WebProcessCreationParameters.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * WebProcess/cocoa/WebProcessCocoa.mm:
+ (WebKit::WebProcess::platformInitializeWebProcess):
+
2022-01-31 J Pascoe <[email protected]>
[WebAuthn] Provide SPI to export/import local credentials
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp (288816 => 288817)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp 2022-01-31 17:31:33 UTC (rev 288817)
@@ -167,6 +167,7 @@
#if HAVE(VIDEO_RESTRICTED_DECODING)
encoder << videoDecoderExtensionHandles;
+ encoder << restrictImageAndVideoDecoders;
#endif
#if PLATFORM(IOS_FAMILY)
@@ -475,6 +476,12 @@
if (!videoDecoderExtensionHandles)
return false;
parameters.videoDecoderExtensionHandles = WTFMove(*videoDecoderExtensionHandles);
+
+ std::optional<bool> restrictImageAndVideoDecoders;
+ decoder >> restrictImageAndVideoDecoders;
+ if (!restrictImageAndVideoDecoders)
+ return false;
+ parameters.restrictImageAndVideoDecoders = WTFMove(*restrictImageAndVideoDecoders);
#endif
#if PLATFORM(IOS_FAMILY)
Modified: trunk/Source/WebKit/Shared/WebProcessCreationParameters.h (288816 => 288817)
--- trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebKit/Shared/WebProcessCreationParameters.h 2022-01-31 17:31:33 UTC (rev 288817)
@@ -205,6 +205,7 @@
std::optional<SandboxExtension::Handle> launchServicesExtensionHandle;
#if HAVE(VIDEO_RESTRICTED_DECODING)
Vector<SandboxExtension::Handle> videoDecoderExtensionHandles;
+ bool restrictImageAndVideoDecoders { false };
#endif
#if PLATFORM(IOS_FAMILY)
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (288816 => 288817)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-01-31 17:31:33 UTC (rev 288817)
@@ -442,11 +442,10 @@
#if PLATFORM(MAC)
if (MacApplication::isAppleMail())
parameters.videoDecoderExtensionHandles = SandboxExtension::createHandlesForMachLookup({ "com.apple.coremedia.videodecoder"_s, "com.apple.trustd.agent"_s }, std::nullopt);
-#elif PLATFORM(IOS_FAMILY)
- if (IOSApplication::isMobileMail() || IOSApplication::isMailCompositionService())
- parameters.videoDecoderExtensionHandles = SandboxExtension::createHandlesForMachLookup({ "com.apple.coremedia.decompressionsession"_s }, std::nullopt);
-#endif
-#endif
+#else
+ parameters.restrictImageAndVideoDecoders = IOSApplication::isMobileMail() || IOSApplication::isMailCompositionService();
+#endif // PLATFORM(MAC)
+#endif // HAVE(VIDEO_RESTRICTED_DECODING)
#if PLATFORM(IOS_FAMILY) && ENABLE(CFPREFS_DIRECT_MODE)
if ([UIApplication sharedApplication]) {
Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (288816 => 288817)
--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2022-01-31 16:55:49 UTC (rev 288816)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm 2022-01-31 17:31:33 UTC (rev 288817)
@@ -149,7 +149,6 @@
#import <pal/spi/mac/NSScrollerImpSPI.h>
#endif
-
#if HAVE(MEDIA_ACCESSIBILITY_FRAMEWORK)
#import "WebCaptionPreferencesDelegate.h"
#import <WebCore/CaptionUserPreferencesMediaAF.h>
@@ -157,9 +156,14 @@
#import <WebCore/MediaAccessibilitySoftLink.h>
#import <pal/cf/AudioToolboxSoftLink.h>
+#import <pal/cf/VideoToolboxSoftLink.h>
#import <pal/cocoa/AVFoundationSoftLink.h>
#import <pal/cocoa/MediaToolboxSoftLink.h>
+#if USE(APPLE_INTERNAL_SDK)
+#import <WebKitAdditions/VideoToolboxAdditions.h>
+#endif
+
#if HAVE(CATALYST_USER_INTERFACE_IDIOM_AND_SCALE_FACTOR)
// FIXME: This is only for binary compatibility with versions of UIKit in macOS 11 that are missing the change in <rdar://problem/68524148>.
SOFT_LINK_FRAMEWORK(UIKit)
@@ -290,8 +294,13 @@
#endif
#if HAVE(VIDEO_RESTRICTED_DECODING)
+#if PLATFORM(MAC)
SandboxExtension::consumePermanently(parameters.videoDecoderExtensionHandles);
-#endif
+#elif USE(APPLE_INTERNAL_SDK)
+ if (parameters.restrictImageAndVideoDecoders)
+ restrictImageAndVideoDecoders();
+#endif // PLATFORM(MAC)
+#endif // HAVE(VIDEO_RESTRICTED_DECODING)
// Disable NSURLCache.
auto urlCache = adoptNS([[NSURLCache alloc] initWithMemoryCapacity:0 diskCapacity:0 diskPath:nil]);
