Changeset 229168 in webkit


Ignore:
Timestamp:
Mar 2, 2018 12:20:56 AM (6 years ago)
Author:
mitz@apple.com
Message:

Safari uses WebContent.Development when loading injected bundle embedded in its app bundle
https://bugs.webkit.org/show_bug.cgi?id=183275

Reviewed by Tim Horton.

Source/WebKit:

  • UIProcess/mac/WebProcessProxyMac.mm:

(WebKit::WebProcessProxy::shouldAllowNonValidInjectedCode const): Return false if this is

a platform binary. We can also return false unconditionally when building for any shipping
major macOS release.

Source/WTF:

  • wtf/spi/cocoa/SecuritySPI.h: Declared SecTaskGetCodeSignStatus.
Location:
trunk/Source
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WTF/ChangeLog

    r229075 r229168  
     12018-03-02  Dan Bernstein  <mitz@apple.com>
     2
     3        Safari uses WebContent.Development when loading injected bundle embedded in its app bundle
     4        https://bugs.webkit.org/show_bug.cgi?id=183275
     5
     6        Reviewed by Tim Horton.
     7
     8        * wtf/spi/cocoa/SecuritySPI.h: Declared SecTaskGetCodeSignStatus.
     9
    1102018-02-27  Karlen Simonyan  <szkarlen@gmail.com>
    211

  • trunk/Source/WTF/wtf/spi/cocoa/SecuritySPI.h

    r227467 r229168  
    7272extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[];
    7373extern const SecAsn1Template kSecAsn1SubjectPublicKeyInfoTemplate[];
     74uint32_t SecTaskGetCodeSignStatus(SecTaskRef);
    7475#endif
    7576

  • trunk/Source/WebKit/ChangeLog

    r229163 r229168  
     12018-03-02  Dan Bernstein  <mitz@apple.com>
     2
     3        Safari uses WebContent.Development when loading injected bundle embedded in its app bundle
     4        https://bugs.webkit.org/show_bug.cgi?id=183275
     5
     6        Reviewed by Tim Horton.
     7
     8        * UIProcess/mac/WebProcessProxyMac.mm:
     9        (WebKit::WebProcessProxy::shouldAllowNonValidInjectedCode const): Return false if this is
     10          a platform binary. We can also return false unconditionally when building for any shipping
     11          major macOS release.
     12
    1132018-03-01  Commit Queue  <commit-queue@webkit.org>
    214

  • trunk/Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm

    r227582 r229168  
    3232#import "WKFullKeyboardAccessWatcher.h"
    3333
     34#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
     35#import <Kernel/kern/cs_blobs.h>
     36#import <wtf/spi/cocoa/SecuritySPI.h>
     37#endif
     38
    3439namespace WebKit {
    3540
     
    4146bool WebProcessProxy::shouldAllowNonValidInjectedCode() const
    4247{
     48#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
    4349    static bool isSystemWebKit = [] {
    4450#if WK_API_ENABLED
     
    5359        return false;
    5460
     61    static bool isPlatformBinary = SecTaskGetCodeSignStatus(adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault)).get()) & CS_PLATFORM_BINARY;
     62    if (isPlatformBinary)
     63        return false;
     64
    5565    const String& path = m_processPool->configuration().injectedBundlePath();
    5666    return !path.isEmpty() && !path.startsWith("/System/");
     67#else
     68    return false;
     69#endif
    5770}
    5871
Note: See TracChangeset for help on using the changeset viewer.