Changeset 229168 in webkit
- Timestamp:
- Mar 2, 2018 12:20:56 AM (6 years ago)
- Location:
- trunk/Source
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WTF/ChangeLog
r229075 r229168 1 2018-03-02 Dan Bernstein <mitz@apple.com> 2 3 Safari uses WebContent.Development when loading injected bundle embedded in its app bundle 4 https://bugs.webkit.org/show_bug.cgi?id=183275 5 6 Reviewed by Tim Horton. 7 8 * wtf/spi/cocoa/SecuritySPI.h: Declared SecTaskGetCodeSignStatus. 9 1 10 2018-02-27 Karlen Simonyan <szkarlen@gmail.com> 2 11 -
trunk/Source/WTF/wtf/spi/cocoa/SecuritySPI.h
r227467 r229168 72 72 extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; 73 73 extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[]; 74 uint32_t SecTaskGetCodeSignStatus(SecTaskRef); 74 75 #endif 75 76 -
trunk/Source/WebKit/ChangeLog
r229163 r229168 1 2018-03-02 Dan Bernstein <mitz@apple.com> 2 3 Safari uses WebContent.Development when loading injected bundle embedded in its app bundle 4 https://bugs.webkit.org/show_bug.cgi?id=183275 5 6 Reviewed by Tim Horton. 7 8 * UIProcess/mac/WebProcessProxyMac.mm: 9 (WebKit::WebProcessProxy::shouldAllowNonValidInjectedCode const): Return false if this is 10 a platform binary. We can also return false unconditionally when building for any shipping 11 major macOS release. 12 1 13 2018-03-01 Commit Queue <commit-queue@webkit.org> 2 14 -
trunk/Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm
r227582 r229168 32 32 #import "WKFullKeyboardAccessWatcher.h" 33 33 34 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 35 #import <Kernel/kern/cs_blobs.h> 36 #import <wtf/spi/cocoa/SecuritySPI.h> 37 #endif 38 34 39 namespace WebKit { 35 40 … … 41 46 bool WebProcessProxy::shouldAllowNonValidInjectedCode() const 42 47 { 48 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 43 49 static bool isSystemWebKit = [] { 44 50 #if WK_API_ENABLED … … 53 59 return false; 54 60 61 static bool isPlatformBinary = SecTaskGetCodeSignStatus(adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault)).get()) & CS_PLATFORM_BINARY; 62 if (isPlatformBinary) 63 return false; 64 55 65 const String& path = m_processPool->configuration().injectedBundlePath(); 56 66 return !path.isEmpty() && !path.startsWith("/System/"); 67 #else 68 return false; 69 #endif 57 70 } 58 71
Note: See TracChangeset
for help on using the changeset viewer.