Changeset 256660 in webkit


Ignore:
Timestamp:
Feb 14, 2020 5:20:19 PM (4 years ago)
Author:
Brent Fulgham
Message:

Dynamically generate media-related mach connections when not using the GPU Process
https://bugs.webkit.org/show_bug.cgi?id=207743
<rdar://problem/59449750>

Reviewed by Per Arne Vollan.

Stop using permanent sandbox permissions to connect to media-related XPC services. Instead,
create them dynamically in the UIProcess and vend them to the relevant WebContent process
as needed. If all media features are active in the GPU process, do not emit extensions since
they should not be needed in the WebContent process at that point.

Tested by existing media and GPU process tests.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Remove permanet rules in

preference for dynamic extensions.

  • Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode const): Serialize new service connections.
(WebKit::WebProcessCreationParameters::decode): Ditto.

  • Shared/WebProcessCreationParameters.h:
  • UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::mediaRelatedMachServices): Helper function listing needed services.
(WebKit::WebProcessPool::platformInitializeWebProcess): Create service connections when
needed.

  • WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess): Consume media-related connections
when needed.

  • WebProcess/com.apple.WebProcess.sb.in: Remove permanet rules in preference for

dynamic extensions.

Location:
trunk/Source/WebKit
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r256658 r256660  
     12020-02-14  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Dynamically generate media-related mach connections when not using the GPU Process
     4        https://bugs.webkit.org/show_bug.cgi?id=207743
     5        <rdar://problem/59449750>
     6
     7        Reviewed by Per Arne Vollan.
     8
     9        Stop using permanent sandbox permissions to connect to media-related XPC services. Instead,
     10        create them dynamically in the UIProcess and vend them to the relevant WebContent process
     11        as needed. If all media features are active in the GPU process, do not emit extensions since
     12        they should not be needed in the WebContent process at that point.
     13
     14        Tested by existing media and GPU process tests.
     15
     16        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Remove permanet rules in
     17        preference for dynamic extensions.
     18        * Shared/WebProcessCreationParameters.cpp:
     19        (WebKit::WebProcessCreationParameters::encode const): Serialize new service connections.
     20        (WebKit::WebProcessCreationParameters::decode): Ditto.
     21        * Shared/WebProcessCreationParameters.h:
     22        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
     23        (WebKit::mediaRelatedMachServices): Helper function listing needed services.
     24        (WebKit::WebProcessPool::platformInitializeWebProcess): Create service connections when
     25        needed.
     26        * WebProcess/cocoa/WebProcessCocoa.mm:
     27        (WebKit::WebProcess::platformInitializeWebProcess): Consume media-related connections
     28        when needed.
     29        * WebProcess/com.apple.WebProcess.sb.in: Remove permanet rules in preference for
     30        dynamic extensions.
     31
    1322020-02-14  Youenn Fablet  <youenn@apple.com>
    233
  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r256473 r256660  
    1 ; Copyright (C) 2010-2019 Apple Inc. All rights reserved.
     1; Copyright (C) 2010-2020 Apple Inc. All rights reserved.
    22;
    33; Redistribution and use in source and binary forms, with or without
     
    120120        (mobile-preferences-read "com.apple.MobileAsset")))
    121121
    122 (define-once (play-audio)
    123     (allow mach-lookup
    124            (global-name "com.apple.audio.AURemoteIOServer"))
    125     (allow mach-lookup (with report) (with telemetry)
    126            (xpc-service-name "com.apple.audio.toolbox.reporting.service")))
    127 
    128122(define-once (play-media . filters)
    129123    (if (not (null? filters))
     
    145139            (extension "com.apple.security.exception.files.absolute-path.read-write"
    146140                       "com.apple.security.exception.files.home-relative-path.read-write")))
    147     ;; CoreMedia framework.
    148     (allow mach-lookup
    149            (global-name "com.apple.coremedia.admin")
    150            (global-name "com.apple.coremedia.asset.xpc")
    151            (global-name "com.apple.coremedia.assetimagegenerator.xpc")
    152            (global-name "com.apple.coremedia.audiodeviceclock.xpc") ; Needed for CMTimeBase
    153            (global-name "com.apple.coremedia.audioprocessingtap.xpc")
    154            (global-name "com.apple.coremedia.capturesession")      ; Actually for video capture
    155            (global-name "com.apple.coremedia.capturesource")       ; Also for video capture (<rdar://problem/15794291>).
    156            (global-name "com.apple.coremedia.cpe.xpc") ; Needed for HDR playback.
    157            (global-name "com.apple.coremedia.customurlloader.xpc") ; Needed for custom media loading
    158            (global-name "com.apple.coremedia.formatreader.xpc")
    159            (global-name "com.apple.coremedia.player.xpc")
    160            (global-name "com.apple.coremedia.remaker")
    161            (global-name "com.apple.coremedia.remotequeue")
    162            (global-name "com.apple.coremedia.routediscoverer.xpc")
    163            (global-name "com.apple.coremedia.routingcontext.xpc")
    164            (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
    165            (global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")
    166            (global-name "com.apple.coremedia.sandboxserver.xpc")
    167            (global-name "com.apple.coremedia.systemcontroller.xpc")
    168            (global-name "com.apple.coremedia.volumecontroller.xpc"))
    169 
    170     (allow mach-lookup (with report) (with telemetry)
    171         (global-name "com.apple.coremedia.cpeprotector.xpc")
    172         (global-name "com.apple.coremedia.endpoint.xpc")
    173         (global-name "com.apple.coremedia.figcontentkeysession.xpc")
    174         (global-name "com.apple.coremedia.figcpecryptor")
    175         (global-name "com.apple.coremedia.routingsessionmanager.xpc")
    176         (global-name "com.apple.coremedia.sts"))
    177141
    178142    (mobile-preferences-read
     
    190154        (literal "/private/var/preferences/com.apple.networkd.plist"))
    191155
    192     ;; Required by the MediaPlayer framework.
    193     (allow mach-lookup
    194         (global-name "com.apple.audio.AudioSession"))
    195 
    196     (allow mach-lookup (with report) (with telemetry)
    197         (global-name "com.apple.airplay.apsynccontroller.xpc"))
    198 
    199156    ;; Allow mediaserverd to issue file extensions for the purposes of reading media
    200157    (allow file-issue-extension (require-all
     
    207164        "com.apple.mediaremote"
    208165        "com.apple.mobileipod")
    209     (allow mach-lookup
    210            (global-name "com.apple.mediaremoted.xpc"))
    211     (allow mach-lookup (with report) (with telemetry)
    212         (xpc-service-name "com.apple.MediaPlayer.RemotePlayerService"))
    213166)
    214167
     
    225178        (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
    226179        (allow device-camera))
    227 
    228     ;; Support incoming video connections
    229     (allow mach-lookup
    230         (global-name "com.apple.coremedia.compressionsession")
    231         (global-name "com.apple.coremedia.decompressionsession")
    232         (global-name "com.apple.coremedia.videoqueue"))
    233180)
    234181
     
    245192
    246193(define-once (media-accessibility-support)
    247     ;; <rdar://problem/12801477>
    248     (allow mach-lookup
    249         (global-name "com.apple.accessibility.mediaaccessibilityd"))
    250 
    251194    ;; <rdar://problem/12250145>
    252195    (mobile-preferences-read "com.apple.mediaaccessibility")
     
    681624
    682625;; Any app can play audio & movies.
    683 (play-audio)
    684626(play-media)
    685627
     
    692634
    693635(speech-synthesis-and-voiceover)
    694 
    695 (allow mach-lookup (with report) (with telemetry)
    696     (global-name "com.apple.audio.AudioComponentRegistrar"))
    697636
    698637;; Permit reading assets via MobileAsset framework.
     
    909848    (require-all
    910849        (extension "com.apple.webkit.extension.mach")
    911         (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices")))
     850        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd" "com.apple.nehelper" "com.apple.nesessionmanager.content-filter" "com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI" "com.apple.diagnosticd" "com.apple.lsd.open" "com.apple.mobileassetd" "com.apple.mobileassetd.v2" "com.apple.frontboard.systemappservices" "com.apple.iconservices"
     851
     852            ;;; FIXME(207716): The following should be removed when the GPU process is complete
     853            "com.apple.airplay.apsynccontroller.xpc" "com.apple.audio.AURemoteIOServer" "com.apple.audio.AudioComponentRegistrar"
     854            "com.apple.audio.AudioComponentRegistrar" "com.apple.audio.AudioSession" "com.apple.coremedia.admin" "com.apple.coremedia.asset.xpc"
     855            "com.apple.coremedia.assetimagegenerator.xpc" "com.apple.coremedia.audiodeviceclock.xpc" "com.apple.coremedia.audioprocessingtap.xpc"
     856            "com.apple.coremedia.capturesession" "com.apple.coremedia.capturesource" "com.apple.coremedia.compressionsession" "com.apple.coremedia.cpe.xpc"
     857            "com.apple.coremedia.cpeprotector.xpc" "com.apple.coremedia.customurlloader.xpc" "com.apple.coremedia.decompressionsession"
     858            "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.figcontentkeysession.xpc" "com.apple.coremedia.figcpecryptor"
     859            "com.apple.coremedia.formatreader.xpc" "com.apple.coremedia.player.xpc" "com.apple.coremedia.remaker" "com.apple.coremedia.remotequeue"
     860            "com.apple.coremedia.routediscoverer.xpc" "com.apple.coremedia.routingcontext.xpc" "com.apple.coremedia.routingsessionmanager.xpc"
     861            "com.apple.coremedia.samplebufferaudiorenderer.xpc" "com.apple.coremedia.samplebufferrendersynchronizer.xpc" "com.apple.coremedia.sandboxserver.xpc"
     862            "com.apple.coremedia.sts" "com.apple.coremedia.systemcontroller.xpc" "com.apple.coremedia.videoqueue" "com.apple.coremedia.volumecontroller.xpc"
     863            "com.apple.mediaremoted.xpc"
     864            ;;; FIXME(207716): End services to remove.
     865)))
     866
     867(allow mach-lookup
     868    (require-all
     869        (extension "com.apple.webkit.extension.mach")
     870        (xpc-service-name
     871            ;;; FIXME(207716): The following should be removed when the GPU process is complete
     872            "com.apple.MediaPlayer.RemotePlayerService"
     873            "com.apple.accessibility.mediaaccessibilityd"
     874            "com.apple.audio.toolbox.reporting.service"
     875            ;;; FIXME(207716): End services to remove.
     876        )
     877    )
     878)
    912879
    913880(allow mach-lookup
  • trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp

    r256531 r256660  
    11/*
    2  * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
     2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    177177    encoder << focusRingColor;
    178178#endif
     179
     180#if PLATFORM(COCOA)
     181    // FIXME(207716): The following should be removed when the GPU process is complete.
     182    encoder << mediaExtensionHandles;
     183#endif
    179184}
    180185
     
    472477#endif
    473478
     479#if PLATFORM(COCOA)
     480    // FIXME(207716): The following should be removed when the GPU process is complete.
     481    Optional<SandboxExtension::HandleArray> mediaExtensionHandles;
     482    decoder >> mediaExtensionHandles;
     483    if (!mediaExtensionHandles)
     484        return false;
     485    parameters.mediaExtensionHandles = WTFMove(*mediaExtensionHandles);
     486    // FIXME(207716): End region to remove.
     487#endif
     488
    474489    return true;
    475490}
  • trunk/Source/WebKit/Shared/WebProcessCreationParameters.h

    r256531 r256660  
    11/*
    2  * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
     2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    219219    WebCore::Color focusRingColor;
    220220#endif
     221
     222#if PLATFORM(COCOA)
     223    SandboxExtension::HandleArray mediaExtensionHandles; // FIXME(207716): Remove when GPU process is complete.
     224#endif
    221225};
    222226
  • trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm

    r256531 r256660  
    11/*
    2  * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    217217#endif
    218218
     219// FIXME(207716): The following should be removed when the GPU process is complete.
     220static const Vector<String>& mediaRelatedMachServices()
     221{
     222    ASSERT(isMainThread());
     223    static const auto services = makeNeverDestroyed(Vector<String> {
     224        "com.apple.audio.AudioComponentRegistrar", "com.apple.coremedia.endpoint.xpc",
     225        "com.apple.coremedia.routediscoverer.xpc", "com.apple.coremedia.routingcontext.xpc",
     226        "com.apple.coremedia.volumecontroller.xpc", "com.apple.accessibility.mediaaccessibilityd",
     227        "com.apple.mediaremoted.xpc",
     228#if PLATFORM(IOS_FAMILY)
     229        "com.apple.audio.AudioSession", "com.apple.MediaPlayer.RemotePlayerService",
     230        "com.apple.audio.toolbox.reporting.service", "com.apple.coremedia.admin",
     231        "com.apple.coremedia.asset.xpc", "com.apple.coremedia.assetimagegenerator.xpc",
     232        "com.apple.coremedia.audiodeviceclock.xpc", "com.apple.coremedia.audioprocessingtap.xpc",
     233        "com.apple.coremedia.capturesession", "com.apple.coremedia.capturesource",
     234        "com.apple.coremedia.compressionsession", "com.apple.coremedia.cpe.xpc",
     235        "com.apple.coremedia.cpeprotector.xpc", "com.apple.coremedia.customurlloader.xpc",
     236        "com.apple.coremedia.decompressionsession", "com.apple.coremedia.figcontentkeysession.xpc",
     237        "com.apple.coremedia.figcpecryptor", "com.apple.coremedia.formatreader.xpc",
     238        "com.apple.coremedia.player.xpc", "com.apple.coremedia.remaker",
     239        "com.apple.coremedia.remotequeue", "com.apple.coremedia.routingsessionmanager.xpc",
     240        "com.apple.coremedia.samplebufferaudiorenderer.xpc", "com.apple.coremedia.samplebufferrendersynchronizer.xpc",
     241        "com.apple.coremedia.sandboxserver.xpc", "com.apple.coremedia.sts",
     242        "com.apple.coremedia.systemcontroller.xpc", "com.apple.coremedia.videoqueue",
     243        "com.apple.airplay.apsynccontroller.xpc", "com.apple.audio.AURemoteIOServer"
     244#endif
     245#if PLATFORM(MAC)
     246        "com.apple.coremedia.endpointstream.xpc", "com.apple.coremedia.endpointplaybacksession.xpc",
     247        "com.apple.coremedia.endpointremotecontrolsession.xpc", "com.apple.coremedia.videodecoder",
     248        "com.apple.coremedia.videoencoder"
     249#endif
     250    });
     251    return services;
     252}
     253
    219254void WebProcessPool::platformInitializeWebProcess(const WebProcessProxy& process, WebProcessCreationParameters& parameters)
    220255{
     
    337372#if PLATFORM(COCOA)
    338373    if ([getNEFilterSourceClass() filterRequired]) {
    339         SandboxExtension::Handle handle;
    340         SandboxExtension::createHandleForMachLookup("com.apple.nehelper", WTF::nullopt, handle);
    341         parameters.neHelperExtensionHandle = WTFMove(handle);
     374        SandboxExtension::Handle helperHandle;
     375        SandboxExtension::createHandleForMachLookup("com.apple.nehelper", WTF::nullopt, helperHandle);
     376        parameters.neHelperExtensionHandle = WTFMove(helperHandle);
     377        SandboxExtension::Handle managerHandle;
    342378#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 101500
    343         SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager", WTF::nullopt, handle);
     379        SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager", WTF::nullopt, managerHandle);
    344380#else
    345         SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter", WTF::nullopt, handle);
    346 #endif
    347         parameters.neSessionManagerExtensionHandle = WTFMove(handle);
     381        SandboxExtension::createHandleForMachLookup("com.apple.nesessionmanager.content-filter", WTF::nullopt, managerHandle);
     382#endif
     383        parameters.neSessionManagerExtensionHandle = WTFMove(managerHandle);
    348384    }
    349385    parameters.systemHasBattery = systemHasBattery();
     
    365401    parameters.focusRingColor = RenderTheme::singleton().focusRingColor(OptionSet<StyleColor::Options>());
    366402#endif
     403
     404   
     405    // Allow microphone access if either preference is set because WebRTC requires microphone access.
     406    bool needWebProcessExtensions = !m_defaultPageGroup->preferences().useGPUProcessForMedia()
     407        || !m_defaultPageGroup->preferences().captureAudioInGPUProcessEnabled()
     408        || !m_defaultPageGroup->preferences().captureVideoInGPUProcessEnabled();
     409
     410    if (needWebProcessExtensions) {
     411        // FIXME(207716): The following should be removed when the GPU process is complete.
     412        const auto& services = mediaRelatedMachServices();
     413        parameters.mediaExtensionHandles.allocate(services.size());
     414        for (size_t i = 0, size = services.size(); i < size; ++i)
     415            SandboxExtension::createHandleForMachLookup(services[i], WTF::nullopt, parameters.mediaExtensionHandles[i]);
     416    }
    367417}
    368418
  • trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

    r256531 r256660  
    11/*
    2  * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
     2 * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    273273    RenderThemeIOS::setFocusRingColor(parameters.focusRingColor);
    274274#endif
     275
     276#if PLATFORM(COCOA)
     277    // FIXME(207716): The following should be removed when the GPU process is complete.
     278    for (size_t i = 0, size = parameters.mediaExtensionHandles.size(); i < size; ++i)
     279        SandboxExtension::consumePermanently(parameters.mediaExtensionHandles[i]);
     280#endif
    275281}
    276282
  • trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

    r256476 r256660  
    401401(allow mach-lookup
    402402    (xpc-service-name "com.apple.PerformanceAnalysis.animationperfd")
    403     (xpc-service-name "com.apple.accessibility.mediaaccessibilityd")
    404403    (xpc-service-name "com.apple.audio.SandboxHelper")
    405     (xpc-service-name "com.apple.coremedia.videodecoder")
    406     (xpc-service-name "com.apple.coremedia.videoencoder")
    407404    (xpc-service-name "com.apple.hiservices-xpcservice")
    408405    (xpc-service-name "com.apple.print.normalizerd")
     
    612609    (with report) (with telemetry)
    613610#endif
    614     (global-name "com.apple.audio.AudioComponentRegistrar")
    615611    (global-name "com.apple.awdd")
    616612    (global-name "com.apple.cookied")
     
    633629       (global-name "com.apple.audio.audiohald")
    634630       (global-name "com.apple.fonts")
    635        (global-name "com.apple.mediaremoted.xpc")
    636631       (global-name "com.apple.logd")
    637632       (global-name "com.apple.logd.events")
     
    755750       (home-subpath "/Library/Input Methods"))
    756751#endif
    757 
    758 ;; AirPlay
    759 (allow mach-lookup
    760     (global-name "com.apple.coremedia.endpoint.xpc")
    761     (global-name "com.apple.coremedia.endpointstream.xpc")
    762     (global-name "com.apple.coremedia.endpointplaybacksession.xpc")
    763     ; <rdar://problem/35509194>
    764     (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
    765     (global-name "com.apple.coremedia.routediscoverer.xpc")
    766     (global-name "com.apple.coremedia.routingcontext.xpc")
    767     (global-name "com.apple.coremedia.volumecontroller.xpc")
    768 )
    769752
    770753;; Data Detectors
     
    863846            "com.apple.nesessionmanager"
    864847#endif
     848
     849            ;;; FIXME(207716): The following should be removed when the GPU process is complete
     850            "com.apple.audio.AudioComponentRegistrar" "com.apple.coremedia.endpoint.xpc" "com.apple.coremedia.endpointstream.xpc"
     851            "com.apple.coremedia.endpointplaybacksession.xpc" "com.apple.coremedia.endpointremotecontrolsession.xpc" "com.apple.coremedia.routediscoverer.xpc"
     852            "com.apple.coremedia.routingcontext.xpc" "com.apple.coremedia.volumecontroller.xpc" "com.apple.mediaremoted.xpc"
     853            ;;; FIXME(207716): End services to remove.
     854        )
     855    )
     856)
     857
     858(allow mach-lookup
     859    (require-all
     860        (extension "com.apple.webkit.extension.mach")
     861        (xpc-service-name
     862            ;;; FIXME(207716): The following should be removed when the GPU process is complete
     863            "com.apple.accessibility.mediaaccessibilityd" "com.apple.coremedia.videodecoder" "com.apple.coremedia.videoencoder"
     864            ;;; FIXME(207716): End services to remove.
    865865        )
    866866    )
Note: See TracChangeset for help on using the changeset viewer.