Skip to site navigation (Press enter)

[webkit-changes] [199628] trunk/Source/WebKit2

mitz Sat, 16 Apr 2016 14:38:07 -0700

Title: [199628] trunk/Source/WebKit2

Revision: 199628
Author: [email protected]
Date: 2016-04-16 14:37:08 -0700 (Sat, 16 Apr 2016)

Log Message

[Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
https://bugs.webkit.org/show_bug.cgi?id=156668
<rdar://problem/25429784>


Reviewed by Anders Carlsson.

* Configurations/WebContentService.xcconfig: Enable library validation when the Web Content
  service is given the XPC domain extension entitlement.

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/Configurations/WebContentService.xcconfig

Diff

Modified: trunk/Source/WebKit2/ChangeLog (199627 => 199628)


--- trunk/Source/WebKit2/ChangeLog	2016-04-16 18:16:17 UTC (rev 199627)
+++ trunk/Source/WebKit2/ChangeLog	2016-04-16 21:37:08 UTC (rev 199628)
@@ -1,3 +1,14 @@
+2016-04-16  Dan Bernstein  <[email protected]>
+
+        [Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
+        https://bugs.webkit.org/show_bug.cgi?id=156668
+        <rdar://problem/25429784>
+
+        Reviewed by Anders Carlsson.
+
+        * Configurations/WebContentService.xcconfig: Enable library validation when the Web Content
+          service is given the XPC domain extension entitlement.
+
 2016-04-15  Dan Bernstein  <[email protected]>
 
         [Mac] WebContent, Networking and Databases services have i386 slices that are never used

Modified: trunk/Source/WebKit2/Configurations/WebContentService.xcconfig (199627 => 199628)


--- trunk/Source/WebKit2/Configurations/WebContentService.xcconfig	2016-04-16 18:16:17 UTC (rev 199627)
+++ trunk/Source/WebKit2/Configurations/WebContentService.xcconfig	2016-04-16 21:37:08 UTC (rev 199628)
@@ -27,6 +27,7 @@
 
 CODE_SIGN_ENTITLEMENTS[sdk=macosx*] = $(CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT));
 CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_YES = Configurations/WebContent-OSX.entitlements;
+OTHER_CODE_SIGN_FLAGS[sdk=macosx*] = $(WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS);
 
 PRODUCT_NAME = com.apple.WebKit.WebContent$(WK_XPC_SERVICE_SUFFIX);
 INFOPLIST_FILE[sdk=iphone*] = WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-iOS.plist;
@@ -40,3 +41,6 @@
 WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_ = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO);
 WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT);
 WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = $(WK_RELOCATABLE_FRAMEWORKS);
+
+WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS = $(WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT));
+WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS_YES = -o library;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes