Context Navigation

Changeset 169938 in webkit

Timestamp:

Jun 13, 2014, 11:04:34 AM (11 years ago)

Author:

mitz@apple.com

Message:

Reviewed by Anders Carlsson.

(WebKit::XPCServiceInitializer): Call checkEntitlements on iOS, too.

(WebKit::XPCServiceInitializerDelegate::checkEntitlements): On iOS, allow decoding keys
if the application has the appropriate keychain access group.

(IPC::setAllowsDecodingSecKeyRef): Added. Sets static bool.
(IPC::decode): Check the secKeyRefDecodingAllowed bool before decoding a key.

Location:

trunk/Source/WebKit2

Files:

-              r169937
+              r169938
+-06-13  Dan Bernstein  <mitz@apple.com>
+        [iOS] Networking process always decodes keys
+        https://bugs.webkit.org/show_bug.cgi?id=133863
+        Reviewed by Anders Carlsson.
+        * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h:
+        (WebKit::XPCServiceInitializer): Call checkEntitlements on iOS, too.
+        * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:
+        (WebKit::XPCServiceInitializerDelegate::checkEntitlements): On iOS, allow decoding keys
+        if the application has the appropriate keychain access group.
+        * Shared/cf/ArgumentCodersCF.cpp:
+        (IPC::setAllowsDecodingSecKeyRef): Added. Sets static bool.
+        (IPC::decode): Check the secKeyRefDecodingAllowed bool before decoding a key.
+        * Shared/cf/ArgumentCodersCF.h:
 -06-12  Anders Carlsson  <andersca@apple.com>

-              r169546
+              r169938
     virtual ~XPCServiceInitializerDelegate();
-#if PLATFORM(MAC)
     virtual bool checkEntitlements();
-#endif
     virtual bool getConnectionIdentifier(IPC::Connection::Identifier& identifier);
 …
     InitializeWebKit2();
-#if PLATFORM(MAC)
     if (!delegate.checkEntitlements())
         exit(EXIT_FAILURE);
-#endif
     ChildProcessInitializationParameters parameters;

-              r169457
+              r169938
 #import "config.h"
+#import "ArgumentCodersCF.h"
 #import "SandboxUtilities.h"
 #import "XPCServiceEntryPoint.h"
 …
+}
-#if PLATFORM(MAC)
 bool XPCServiceInitializerDelegate::checkEntitlements()
+{
+#if PLATFORM(MAC)
     if (!isClientSandboxed())
         return true;
 …
         return false;
+    }
+#endif
+#if PLATFORM(IOS)
+    auto value = IPC::adoptXPC(xpc_connection_copy_entitlement_value(m_connection.get(), "keychain-access-groups"));
+    if (value && xpc_get_type(value.get()) == XPC_TYPE_ARRAY) {
+        xpc_array_apply(value.get(), ^bool(size_t index, xpc_object_t object) {
+            if (xpc_get_type(object) == XPC_TYPE_STRING && !strcmp(xpc_string_get_string_ptr(object), "com.apple.identities")) {
+                IPC::setAllowsDecodingSecKeyRef(true);
+                return false;
+            }
+            return true;
+        });
+    }
+#endif
     return true;
+}
-#endif
 bool XPCServiceInitializerDelegate::getConnectionIdentifier(IPC::Connection::Identifier& identifier)

-              r169682
+              r169938
+}
+#if PLATFORM(IOS)
+static bool secKeyRefDecodingAllowed;
+void setAllowsDecodingSecKeyRef(bool allowsDecodingSecKeyRef)
+{
+    secKeyRefDecodingAllowed = allowsDecodingSecKeyRef;
+}
+#endif
 void encode(ArgumentEncoder& encoder, SecIdentityRef identity)
+{
 …
     SecKeyRef key = nullptr;
 #if PLATFORM(IOS)
+    SecKeyFindWithPersistentRef(keyData.get(), &key);
+    if (secKeyRefDecodingAllowed)
+        SecKeyFindWithPersistentRef(keyData.get(), &key);
 #endif
 #if PLATFORM(MAC)

-              r169682
+              r169938
 #endif
+#if PLATFORM(IOS)
+void setAllowsDecodingSecKeyRef(bool);
+#endif
 CFTypeRef tokenNullTypeRef();

Note: See TracChangeset for help on using the changeset viewer.