Changeset 256660 in webkit
- Timestamp:
- Feb 14, 2020 5:20:19 PM (4 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r256658 r256660 1 2020-02-14 Brent Fulgham <bfulgham@apple.com> 2 3 Dynamically generate media-related mach connections when not using the GPU Process 4 https://bugs.webkit.org/show_bug.cgi?id=207743 5 <rdar://problem/59449750> 6 7 Reviewed by Per Arne Vollan. 8 9 Stop using permanent sandbox permissions to connect to media-related XPC services. Instead, 10 create them dynamically in the UIProcess and vend them to the relevant WebContent process 11 as needed. If all media features are active in the GPU process, do not emit extensions since 12 they should not be needed in the WebContent process at that point. 13 14 Tested by existing media and GPU process tests. 15 16 * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Remove permanet rules in 17 preference for dynamic extensions. 18 * Shared/WebProcessCreationParameters.cpp: 19 (WebKit::WebProcessCreationParameters::encode const): Serialize new service connections. 20 (WebKit::WebProcessCreationParameters::decode): Ditto. 21 * Shared/WebProcessCreationParameters.h: 22 * UIProcess/Cocoa/WebProcessPoolCocoa.mm: 23 (WebKit::mediaRelatedMachServices): Helper function listing needed services. 24 (WebKit::WebProcessPool::platformInitializeWebProcess): Create service connections when 25 needed. 26 * WebProcess/cocoa/WebProcessCocoa.mm: 27 (WebKit::WebProcess::platformInitializeWebProcess): Consume media-related connections 28 when needed. 29 * WebProcess/com.apple.WebProcess.sb.in: Remove permanet rules in preference for 30 dynamic extensions. 31 1 32 2020-02-14 Youenn Fablet <youenn@apple.com> 2 33 -
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
r256473 r256660 1 ; Copyright (C) 2010-20 19Apple Inc. All rights reserved.1 ; Copyright (C) 2010-2020 Apple Inc. All rights reserved. 2 2 ; 3 3 ; Redistribution and use in source and binary forms, with or without … … 120 120 (mobile-preferences-read "com.apple.MobileAsset"))) 121 121 122 (define-once (play-audio)123 (allow mach-lookup124 (global-name "com.apple.audio.AURemoteIOServer"))125 (allow mach-lookup (with report) (with telemetry)126 (xpc-service-name "com.apple.audio.toolbox.reporting.service")))127 128 122 (define-once (play-media . filters) 129 123 (if (not (null? filters)) … … 145 139 (extension "com.apple.security.exception.files.absolute-path.read-write" 146 140 "com.apple.security.exception.files.home-relative-path.read-write"))) 147 ;; CoreMedia framework.148 (allow mach-lookup149 (global-name "com.apple.coremedia.admin")150 (global-name "com.apple.coremedia.asset.xpc")151 (global-name "com.apple.coremedia.assetimagegenerator.xpc")152 (global-name "com.apple.coremedia.audiodeviceclock.xpc") ; Needed for CMTimeBase153 (global-name "com.apple.coremedia.audioprocessingtap.xpc")154 (global-name "com.apple.coremedia.capturesession") ; Actually for video capture155 (global-name "com.apple.coremedia.capturesource") ; Also for video capture (<rdar://problem/15794291>).156 (global-name "com.apple.coremedia.cpe.xpc") ; Needed for HDR playback.157 (global-name "com.apple.coremedia.customurlloader.xpc") ; Needed for custom media loading158 (global-name "com.apple.coremedia.formatreader.xpc")159 (global-name "com.apple.coremedia.player.xpc")160 (global-name "com.apple.coremedia.remaker")161 (global-name "com.apple.coremedia.remotequeue")162 (global-name "com.apple.coremedia.routediscoverer.xpc")163 (global-name "com.apple.coremedia.routingcontext.xpc")164 (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")165 (global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")166 (global-name "com.apple.coremedia.sandboxserver.xpc")167 (global-name "com.apple.coremedia.systemcontroller.xpc")168 (global-name "com.apple.coremedia.volumecontroller.xpc"))169 170 (allow mach-lookup (with report) (with telemetry)171 (global-name "com.apple.coremedia.cpeprotector.xpc")172 (global-name "com.apple.coremedia.endpoint.xpc")173 (global-name "com.apple.coremedia.figcontentkeysession.xpc")174 (global-name "com.apple.coremedia.figcpecryptor")175 (global-name "com.apple.coremedia.routingsessionmanager.xpc")176 (global-name "com.apple.coremedia.sts"))177 141 178 142 (mobile-preferences-read … … 190 154 (literal "/private/var/preferences/com.apple.networkd.plist")) 191 155 192 ;; Required by the MediaPlayer framework.193 (allow mach-lookup194 (global-name "com.apple.audio.AudioSession"))195 196 (allow mach-lookup (with report) (with telemetry)197 (global-name "com.apple.airplay.apsynccontroller.xpc"))198 199 156 ;; Allow mediaserverd to issue file extensions for the purposes of reading media 200 157 (allow file-issue-extension (require-all … … 207 164 "com.apple.mediaremote" 208 165 "com.apple.mobileipod") 209 (allow mach-lookup210 (global-name "com.apple.mediaremoted.xpc"))211 (allow mach-lookup (with report) (with telemetry)212 (xpc-service-name "com.apple.MediaPlayer.RemotePlayerService"))213 166 ) 214 167 … … 225 178 (allow mach-lookup (extension "com.apple.app-sandbox.mach")) 226 179 (allow device-camera)) 227 228 ;; Support incoming video connections229 (allow mach-lookup230 (global-name "com.apple.coremedia.compressionsession")231 (global-name "com.apple.coremedia.decompressionsession")232 (global-name "com.apple.coremedia.videoqueue"))233 180 ) 234 181 … … 245 192 246 193 (define-once (media-accessibility-support) 247 ;; <rdar://problem/12801477>248 (allow mach-lookup249 (global-name "com.apple.accessibility.mediaaccessibilityd"))250 251 194 ;; <rdar://problem/12250145> 252 195 (mobile-preferences-read "com.apple.mediaaccessibility") … … 681 624 682 625 ;; Any app can play audio & movies. 683 (play-audio)684 626 (play-media) 685 627 … … 692 634 693 635 (speech-synthesis-and-voiceover) 694 695 (allow mach-lookup (with report) (with telemetry)696 (global-name "com.apple.audio.AudioComponentRegistrar"))697 636 698 637 ;; Permit reading assets via MobileAsset framework. … … 909 848 (require-all 910 849 (extension "com.apple.webkit.extension.mach") 911 (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices"))) 850 (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices" 851 852 ;;; FIXME(207716): The following should be removed when the GPU process is complete 853 "com.apple.airplay.apsynccontroller.xpc" "com.apple.audio.AURemoteIOServer" "com.apple.audio.AudioComponentRegistrar" 854 "com.apple.audio.AudioComponentRegistrar" "com.apple.audio.AudioSession" "com.apple.coremedia.admin" "com.apple.coremedia.asset.xpc" 855 "com.apple.coremedia.assetimagegenerator.xpc" "com.apple.coremedia.audiodeviceclock.xpc" "com.apple.coremedia.audioprocessingtap.xpc" 856 "com.apple.coremedia.capturesession" "com.apple.coremedia.capturesource" "com.apple.coremedia.compressionsession" "com.apple.coremedia.cpe.xpc" 857 "com.apple.coremedia.cpeprotector.xpc" "com.apple.coremedia.customurlloader.xpc" "com.apple.coremedia.decompressionsession" 858 "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.figcontentkeysession.xpc" "com.apple.coremedia.figcpecryptor" 859 "com.apple.coremedia.formatreader.xpc" "com.apple.coremedia.player.xpc" "com.apple.coremedia.remaker" "com.apple.coremedia.remotequeue" 860 "com.apple.coremedia.routediscoverer.xpc" "com.apple.coremedia.routingcontext.xpc" "com.apple.coremedia.routingsessionmanager.xpc" 861 "com.apple.coremedia.samplebufferaudiorenderer.xpc" "com.apple.coremedia.samplebufferrendersynchronizer.xpc" "com.apple.coremedia.sandboxserver.xpc" 862 "com.apple.coremedia.sts" "com.apple.coremedia.systemcontroller.xpc" "com.apple.coremedia.videoqueue" "com.apple.coremedia.volumecontroller.xpc" 863 "com.apple.mediaremoted.xpc" 864 ;;; FIXME(207716): End services to remove. 865 ))) 866 867 (allow mach-lookup 868 (require-all 869 (extension "com.apple.webkit.extension.mach") 870 (xpc-service-name 871 ;;; FIXME(207716): The following should be removed when the GPU process is complete 872 "com.apple.MediaPlayer.RemotePlayerService" 873 "com.apple.accessibility.mediaaccessibilityd" 874 "com.apple.audio.toolbox.reporting.service" 875 ;;; FIXME(207716): End services to remove. 876 ) 877 ) 878 ) 912 879 913 880 (allow mach-lookup -
trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp
r256531 r256660 1 1 /* 2 * Copyright (C) 2010-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 177 177 encoder << focusRingColor; 178 178 #endif 179 180 #if PLATFORM(COCOA) 181 // FIXME(207716): The following should be removed when the GPU process is complete. 182 encoder << mediaExtensionHandles; 183 #endif 179 184 } 180 185 … … 472 477 #endif 473 478 479 #if PLATFORM(COCOA) 480 // FIXME(207716): The following should be removed when the GPU process is complete. 481 Optional<SandboxExtension::HandleArray> mediaExtensionHandles; 482 decoder >> mediaExtensionHandles; 483 if (!mediaExtensionHandles) 484 return false; 485 parameters.mediaExtensionHandles = WTFMove(*mediaExtensionHandles); 486 // FIXME(207716): End region to remove. 487 #endif 488 474 489 return true; 475 490 } -
trunk/Source/WebKit/Shared/WebProcessCreationParameters.h
r256531 r256660 1 1 /* 2 * Copyright (C) 2010-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 219 219 WebCore::Color focusRingColor; 220 220 #endif 221 222 #if PLATFORM(COCOA) 223 SandboxExtension::HandleArray mediaExtensionHandles; // FIXME(207716): Remove when GPU process is complete. 224 #endif 221 225 }; 222 226 -
trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
r256531 r256660 1 1 /* 2 * Copyright (C) 2010-20 19Apple Inc. All rights reserved.2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 217 217 #endif 218 218 219 // FIXME(207716): The following should be removed when the GPU process is complete. 220 static const Vector<String>& mediaRelatedMachServices() 221 { 222 ASSERT(isMainThread()); 223 static const auto services = makeNeverDestroyed(Vector<String> { 224 "com.apple.audio.AudioComponentRegistrar", "com.apple.coremedia.endpoint.xpc", 225 "com.apple.coremedia.routediscoverer.xpc", "com.apple.coremedia.routingcontext.xpc", 226 "com.apple.coremedia.volumecontroller.xpc", "com.apple.accessibility.mediaaccessibilityd", 227 "com.apple.mediaremoted.xpc", 228 #if PLATFORM(IOS_FAMILY) 229 "com.apple.audio.AudioSession", "com.apple.MediaPlayer.RemotePlayerService", 230 "com.apple.audio.toolbox.reporting.service", "com.apple.coremedia.admin", 231 "com.apple.coremedia.asset.xpc", "com.apple.coremedia.assetimagegenerator.xpc", 232 "com.apple.coremedia.audiodeviceclock.xpc", "com.apple.coremedia.audioprocessingtap.xpc", 233 "com.apple.coremedia.capturesession", "com.apple.coremedia.capturesource", 234 "com.apple.coremedia.compressionsession", "com.apple.coremedia.cpe.xpc", 235 "com.apple.coremedia.cpeprotector.xpc", "com.apple.coremedia.customurlloader.xpc", 236 "com.apple.coremedia.decompressionsession", "com.apple.coremedia.figcontentkeysession.xpc", 237 "com.apple.coremedia.figcpecryptor", "com.apple.coremedia.formatreader.xpc", 238 "com.apple.coremedia.player.xpc", "com.apple.coremedia.remaker", 239 "com.apple.coremedia.remotequeue", "com.apple.coremedia.routingsessionmanager.xpc", 240 "com.apple.coremedia.samplebufferaudiorenderer.xpc", "com.apple.coremedia.samplebufferrendersynchronizer.xpc", 241 "com.apple.coremedia.sandboxserver.xpc", "com.apple.coremedia.sts", 242 "com.apple.coremedia.systemcontroller.xpc", "com.apple.coremedia.videoqueue", 243 "com.apple.airplay.apsynccontroller.xpc", "com.apple.audio.AURemoteIOServer" 244 #endif 245 #if PLATFORM(MAC) 246 "com.apple.coremedia.endpointstream.xpc", "com.apple.coremedia.endpointplaybacksession.xpc", 247 "com.apple.coremedia.endpointremotecontrolsession.xpc", "com.apple.coremedia.videodecoder", 248 "com.apple.coremedia.videoencoder" 249 #endif 250 }); 251 return services; 252 } 253 219 254 void WebProcessPool::platformInitializeWebProcess(const WebProcessProxy& process, WebProcessCreationParameters& parameters) 220 255 { … … 337 372 #if PLATFORM(COCOA) 338 373 if ([getNEFilterSourceClass() filterRequired]) { 339 SandboxExtension::Handle handle; 340 SandboxExtension::createHandleForMachLookup("com.apple.nehelper", WTF::nullopt, handle); 341 parameters.neHelperExtensionHandle = WTFMove(handle); 374 SandboxExtension::Handle helperHandle; 375 SandboxExtension::createHandleForMachLookup("com.apple.nehelper", WTF::nullopt, helperHandle); 376 parameters.neHelperExtensionHandle = WTFMove(helperHandle); 377 SandboxExtension::Handle managerHandle; 342 378 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 101500 343 SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager", WTF::nullopt, handle);379 SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager", WTF::nullopt, managerHandle); 344 380 #else 345 SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter", WTF::nullopt, handle);346 #endif 347 parameters.neSessionManagerExtensionHandle = WTFMove( handle);381 SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter", WTF::nullopt, managerHandle); 382 #endif 383 parameters.neSessionManagerExtensionHandle = WTFMove(managerHandle); 348 384 } 349 385 parameters.systemHasBattery = systemHasBattery(); … … 365 401 parameters.focusRingColor = RenderTheme::singleton().focusRingColor(OptionSet<StyleColor::Options>()); 366 402 #endif 403 404 405 // Allow microphone access if either preference is set because WebRTC requires microphone access. 406 bool needWebProcessExtensions = !m_defaultPageGroup->preferences().useGPUProcessForMedia() 407 || !m_defaultPageGroup->preferences().captureAudioInGPUProcessEnabled() 408 || !m_defaultPageGroup->preferences().captureVideoInGPUProcessEnabled(); 409 410 if (needWebProcessExtensions) { 411 // FIXME(207716): The following should be removed when the GPU process is complete. 412 const auto& services = mediaRelatedMachServices(); 413 parameters.mediaExtensionHandles.allocate(services.size()); 414 for (size_t i = 0, size = services.size(); i < size; ++i) 415 SandboxExtension::createHandleForMachLookup(services[i], WTF::nullopt, parameters.mediaExtensionHandles[i]); 416 } 367 417 } 368 418 -
trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm
r256531 r256660 1 1 /* 2 * Copyright (C) 2010-20 18Apple Inc. All rights reserved.2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved. 3 3 * 4 4 * Redistribution and use in source and binary forms, with or without … … 273 273 RenderThemeIOS::setFocusRingColor(parameters.focusRingColor); 274 274 #endif 275 276 #if PLATFORM(COCOA) 277 // FIXME(207716): The following should be removed when the GPU process is complete. 278 for (size_t i = 0, size = parameters.mediaExtensionHandles.size(); i < size; ++i) 279 SandboxExtension::consumePermanently(parameters.mediaExtensionHandles[i]); 280 #endif 275 281 } 276 282 -
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
r256476 r256660 401 401 (allow mach-lookup 402 402 (xpc-service-name "com.apple.PerformanceAnalysis.animationperfd") 403 (xpc-service-name "com.apple.accessibility.mediaaccessibilityd")404 403 (xpc-service-name "com.apple.audio.SandboxHelper") 405 (xpc-service-name "com.apple.coremedia.videodecoder")406 (xpc-service-name "com.apple.coremedia.videoencoder")407 404 (xpc-service-name "com.apple.hiservices-xpcservice") 408 405 (xpc-service-name "com.apple.print.normalizerd") … … 612 609 (with report) (with telemetry) 613 610 #endif 614 (global-name "com.apple.audio.AudioComponentRegistrar")615 611 (global-name "com.apple.awdd") 616 612 (global-name "com.apple.cookied") … … 633 629 (global-name "com.apple.audio.audiohald") 634 630 (global-name "com.apple.fonts") 635 (global-name "com.apple.mediaremoted.xpc")636 631 (global-name "com.apple.logd") 637 632 (global-name "com.apple.logd.events") … … 755 750 (home-subpath "/Library/Input Methods")) 756 751 #endif 757 758 ;; AirPlay759 (allow mach-lookup760 (global-name "com.apple.coremedia.endpoint.xpc")761 (global-name "com.apple.coremedia.endpointstream.xpc")762 (global-name "com.apple.coremedia.endpointplaybacksession.xpc")763 ; <rdar://problem/35509194>764 (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")765 (global-name "com.apple.coremedia.routediscoverer.xpc")766 (global-name "com.apple.coremedia.routingcontext.xpc")767 (global-name "com.apple.coremedia.volumecontroller.xpc")768 )769 752 770 753 ;; Data Detectors … … 863 846 "com.apple.nesessionmanager" 864 847 #endif 848 849 ;;; FIXME(207716): The following should be removed when the GPU process is complete 850 "com.apple.audio.AudioComponentRegistrar" "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.endpointstream.xpc" 851 "com.apple.coremedia.endpointplaybacksession.xpc" "com.apple.coremedia.endpointremotecontrolsession.xpc" "com.apple.coremedia.routediscoverer.xpc" 852 "com.apple.coremedia.routingcontext.xpc" "com.apple.coremedia.volumecontroller.xpc" "com.apple.mediaremoted.xpc" 853 ;;; FIXME(207716): End services to remove. 854 ) 855 ) 856 ) 857 858 (allow mach-lookup 859 (require-all 860 (extension "com.apple.webkit.extension.mach") 861 (xpc-service-name 862 ;;; FIXME(207716): The following should be removed when the GPU process is complete 863 "com.apple.accessibility.mediaaccessibilityd" "com.apple.coremedia.videodecoder" "com.apple.coremedia.videoencoder" 864 ;;; FIXME(207716): End services to remove. 865 865 ) 866 866 )
Note: See TracChangeset
for help on using the changeset viewer.