Changeset 294397 in webkit


Ignore:
Timestamp:
May 18, 2022 8:45:53 AM (2 years ago)
Author:
pvollan@apple.com
Message:

Add WebKit API to turn off the URL scheme check when linkifying through Data Detectors
https://bugs.webkit.org/show_bug.cgi?id=239900
<rdar://92026172>

Reviewed by Geoffrey Garen.

This will enable us to block the Mach service com.apple.lsd.open in the WebContent process for all clients.
The URL scheme check is disabled by default for all clients that are not Web browsers. This choice was made
because we know that com.apple.lsd.open can be blocked for Web browsers without disabling the check, since
we already have blocked it there for quite some time without observing any issues. We also have a couple of
examples of other apps, which are not Mail clients, that would need this to be the default behavior.

  • Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.h:
  • Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.mm:
  • Source/WebCore/PAL/pal/spi/cocoa/DataDetectorsCoreSPI.h:
  • Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
  • Source/WebKit/Shared/WebProcessCreationParameters.cpp:

(WebKit::WebProcessCreationParameters::encode const):
(WebKit::WebProcessCreationParameters::decode):

  • Source/WebKit/Shared/WebProcessCreationParameters.h:
  • Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _disableURLSchemeCheckInDataDetectors]):

  • Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h:
  • Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:

(WebKit::WebPageProxy::disableURLSchemeCheckInDataDetectors const):

  • Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:

(WebKit::WebProcessPool::platformInitializeWebProcess):
(WebKit::nonBrowserServices): Deleted.

  • Source/WebKit/UIProcess/WebPageProxy.h:
  • Source/WebKit/WebProcess/WebProcess.h:
  • Source/WebKit/WebProcess/WebProcess.messages.in:
  • Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm:

(WebKit::WebProcess::platformInitializeWebProcess):
(WebKit::WebProcess::disableURLSchemeCheckInDataDetectors const):

  • Source/WTF/wtf/PlatformHave.h:

Canonical link: https://commits.webkit.org/250691@main

Location:
trunk/Source
Files:
15 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WTF/wtf/PlatformHave.h

    r293990 r294397  
    11801180#define HAVE_SYSTEM_HTTP_CONTENT_FILTERING 1
    11811181#endif
     1182
     1183#if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 160000)
     1184#define HAVE_DDRESULT_DISABLE_URL_SCHEME_CHECKING 1
     1185#endif

  • trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.h

    r288621 r294397  
    6969SOFT_LINK_FUNCTION_FOR_HEADER(PAL, DataDetectorsCore, DDScanQueryCreateFromString, DDScanQueryRef, (CFAllocatorRef allocator, CFStringRef string, CFRange range), (allocator, string, range))
    7070SOFT_LINK_FUNCTION_FOR_HEADER(PAL, DataDetectorsCore, DDScannerCopyResultsWithOptions, CFArrayRef, (DDScannerRef scanner, DDScannerCopyResultsOptions options), (scanner, options))
    71 
     71SOFT_LINK_FUNCTION_MAY_FAIL_FOR_HEADER(PAL, DataDetectorsCore, DDResultDisableURLSchemeChecking, void, (), ())
    7272#endif // ENABLE(DATA_DETECTION)

  • trunk/Source/WebCore/PAL/pal/cocoa/DataDetectorsCoreSoftLink.mm

    r288621 r294397  
    7070SOFT_LINK_FUNCTION_FOR_SOURCE(PAL, DataDetectorsCore, DDScanQueryCreateFromString, DDScanQueryRef, (CFAllocatorRef allocator, CFStringRef string, CFRange range), (allocator, string, range))
    7171SOFT_LINK_FUNCTION_FOR_SOURCE(PAL, DataDetectorsCore, DDScannerCopyResultsWithOptions, CFArrayRef, (DDScannerRef scanner, DDScannerCopyResultsOptions options), (scanner, options))
     72SOFT_LINK_FUNCTION_MAY_FAIL_FOR_SOURCE_WITH_EXPORT(PAL, DataDetectorsCore, DDResultDisableURLSchemeChecking, void, (), (), PAL_EXPORT)
    7273#endif // ENABLE(DATA_DETECTION)

  • trunk/Source/WebCore/PAL/pal/spi/cocoa/DataDetectorsCoreSPI.h

    r277479 r294397  
    148148CFArrayRef DDResultGetSubResults(DDResultRef);
    149149DDQueryRange DDResultGetQueryRangeForURLification(DDResultRef);
    150 
     150void DDResultDisableURLSchemeChecking();
    151151WTF_EXTERN_C_END
    152152

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in

    r294060 r294397  
    10631063        (extension "com.apple.webkit.extension.mach")
    10641064        (global-name
    1065             "com.apple.iconservices"
    1066             "com.apple.lsd.open"
    1067         )
    1068     )
    1069 )
     1065            "com.apple.iconservices")))
    10701066
    10711067(allow iokit-open

  • trunk/Source/WebKit/Shared/WebProcessCreationParameters.cpp

    r294103 r294397  
    168168
    169169#if PLATFORM(IOS_FAMILY)
    170     encoder << dynamicMachExtensionHandles;
    171170    encoder << dynamicIOKitExtensionHandles;
    172171#endif
     
    460459
    461460#if PLATFORM(IOS_FAMILY)
    462     std::optional<Vector<SandboxExtension::Handle>> dynamicMachExtensionHandles;
    463     decoder >> dynamicMachExtensionHandles;
    464     if (!dynamicMachExtensionHandles)
    465         return false;
    466     parameters.dynamicMachExtensionHandles = WTFMove(*dynamicMachExtensionHandles);
    467 
    468461    std::optional<Vector<SandboxExtension::Handle>> dynamicIOKitExtensionHandles;
    469462    decoder >> dynamicIOKitExtensionHandles;

  • trunk/Source/WebKit/Shared/WebProcessCreationParameters.h

    r294103 r294397  
    209209
    210210#if PLATFORM(IOS_FAMILY)
    211     Vector<SandboxExtension::Handle> dynamicMachExtensionHandles;
    212211    Vector<SandboxExtension::Handle> dynamicIOKitExtensionHandles;
    213212#endif

  • trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm

    r294325 r294397  
    25862586}
    25872587
     2588- (void)_disableURLSchemeCheckInDataDetectors
     2589{
     2590    THROW_IF_SUSPENDED;
     2591    if (_page)
     2592        _page->disableURLSchemeCheckInDataDetectors();
     2593}
     2594
    25882595- (void)_switchFromStaticFontRegistryToUserFontRegistry
    25892596{

  • trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h

    r294325 r294397  
    408408- (void)_revokeAccessToAssetServices WK_API_AVAILABLE(macos(12.0), ios(14.0));
    409409
     410- (void)_disableURLSchemeCheckInDataDetectors WK_API_AVAILABLE(ios(WK_IOS_TBA));
     411
    410412/*! @abstract If the WKWebView was created with _shouldAllowUserInstalledFonts = NO,
    411413 the web process will automatically use an in-process font registry, and its sandbox

  • trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm

    r294190 r294397  
    853853}
    854854
     855void WebPageProxy::disableURLSchemeCheckInDataDetectors() const
     856{
     857    process().send(Messages::WebProcess::DisableURLSchemeCheckInDataDetectors(), 0);
     858}
     859
    855860void WebPageProxy::switchFromStaticFontRegistryToUserFontRegistry()
    856861{

  • trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm

    r293595 r294397  
    288288}
    289289
    290 #if PLATFORM(IOS_FAMILY)
    291 static const Vector<ASCIILiteral>& nonBrowserServices()
    292 {
    293     ASSERT(isMainRunLoop());
    294     static NeverDestroyed services = Vector<ASCIILiteral> {
    295         "com.apple.lsd.open"_s,
    296     };
    297     return services;
    298 }
    299 #endif
    300 
    301290void WebProcessPool::platformInitializeWebProcess(const WebProcessProxy& process, WebProcessCreationParameters& parameters)
    302291{
     
    399388
    400389#if PLATFORM(IOS_FAMILY)
    401     if (!isFullWebBrowser())
    402         parameters.dynamicMachExtensionHandles = SandboxExtension::createHandlesForMachLookup(nonBrowserServices(), std::nullopt);
    403 
    404390    if (WebCore::deviceHasAGXCompilerService())
    405391        parameters.dynamicIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(WebCore::agxCompilerClasses(), std::nullopt);

  • trunk/Source/WebKit/UIProcess/WebPageProxy.h

    r294325 r294397  
    19211921    void switchFromStaticFontRegistryToUserFontRegistry();
    19221922
     1923    void disableURLSchemeCheckInDataDetectors() const;
     1924
    19231925    void setIsTakingSnapshotsForApplicationSuspension(bool);
    19241926    void setNeedsDOMWindowResizeEvent();

  • trunk/Source/WebKit/WebProcess/WebProcess.h

    r294190 r294397  
    368368    void switchFromStaticFontRegistryToUserFontRegistry(WebKit::SandboxExtension::Handle&& fontMachExtensionHandle);
    369369
     370    void disableURLSchemeCheckInDataDetectors() const;
     371
    370372#if PLATFORM(MAC)
    371373    void updatePageScreenProperties();

  • trunk/Source/WebKit/WebProcess/WebProcess.messages.in

    r294190 r294397  
    169169
    170170#if PLATFORM(COCOA)
     171    DisableURLSchemeCheckInDataDetectors()
    171172    UnblockServicesRequiredByAccessibility(Vector<WebKit::SandboxExtension::Handle> handleArray)
    172173#if ENABLE(CFPREFS_DIRECT_MODE)

  • trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

    r294190 r294397  
    2828
    2929#import "AccessibilitySupportSPI.h"
     30#import "DefaultWebBrowserChecks.h"
    3031#import "LegacyCustomProtocolManager.h"
    3132#import "LogInitialization.h"
     
    9495#import <pal/spi/cocoa/AVFoundationSPI.h>
    9596#import <pal/spi/cocoa/CoreServicesSPI.h>
     97#import <pal/spi/cocoa/DataDetectorsCoreSPI.h>
    9698#import <pal/spi/cocoa/LaunchServicesSPI.h>
    9799#import <pal/spi/cocoa/NSAccessibilitySPI.h>
     
    158160#import <pal/cf/VideoToolboxSoftLink.h>
    159161#import <pal/cocoa/AVFoundationSoftLink.h>
     162#import <pal/cocoa/DataDetectorsCoreSoftLink.h>
    160163#import <pal/cocoa/MediaToolboxSoftLink.h>
    161164
     
    411414
    412415#if PLATFORM(IOS_FAMILY)
    413     SandboxExtension::consumePermanently(parameters.dynamicMachExtensionHandles);
    414416    SandboxExtension::consumePermanently(parameters.dynamicIOKitExtensionHandles);
    415417#endif
     
    447449
    448450    accessibilityPreferencesDidChange(parameters.accessibilityPreferences);
     451
     452    if (!isParentProcessAFullWebBrowser(*this))
     453        disableURLSchemeCheckInDataDetectors();
    449454}
    450455
     
    11651170}
    11661171
     1172void WebProcess::disableURLSchemeCheckInDataDetectors() const
     1173{
     1174#if HAVE(DDRESULT_DISABLE_URL_SCHEME_CHECKING)
     1175    if (PAL::canLoad_DataDetectorsCore_DDResultDisableURLSchemeChecking())
     1176        PAL::softLinkDataDetectorsCoreDDResultDisableURLSchemeChecking();
     1177#endif
     1178}
     1179
    11671180void WebProcess::switchFromStaticFontRegistryToUserFontRegistry(WebKit::SandboxExtension::Handle&& fontMachExtensionHandle)
    11681181{
Note: See TracChangeset for help on using the changeset viewer.