Changeset 185298 in webkit
- Timestamp:
- Jun 6, 2015, 7:08:46 PM (10 years ago)
- Location:
- trunk/Source/WebKit2
- Files:
-
- 13 edited
-
ChangeLog (modified) (1 diff)
-
Configurations/BaseTarget.xcconfig (modified) (2 diffs)
-
Configurations/BaseXPCService.xcconfig (modified) (1 diff)
-
Configurations/DatabaseService.Development.xcconfig (modified) (1 diff)
-
Configurations/DatabaseService.xcconfig (modified) (1 diff)
-
Configurations/DebugRelease.xcconfig (modified) (1 diff)
-
Configurations/NetworkService.Development.xcconfig (modified) (1 diff)
-
Configurations/NetworkService.xcconfig (modified) (2 diffs)
-
Configurations/WebContentService.Development.xcconfig (modified) (2 diffs)
-
Configurations/WebContentService.xcconfig (modified) (2 diffs)
-
Shared/ios/ChildProcessIOS.mm (modified) (2 diffs)
-
WebKit2.xcodeproj/project.pbxproj (modified) (5 diffs)
-
WebProcess/cocoa/WebProcessCocoa.mm (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r185294 r185298 1 2015-06-06 Dan Bernstein <mitz@apple.com> 2 3 [iOS] Can’t debug with Development XPC services due to automatic sandboxing 4 https://bugs.webkit.org/show_bug.cgi?id=145731 5 6 Reviewed by Darin Adler. 7 8 In iOS, the XPC services are automatically sandboxed based on their entitlements. The 9 sandbox doesn’t allow them to re-exec, which is necessary for linking against engineering 10 builds of the WebKit frameworks placed in a non-system location. 11 12 The solution is to opt Engineering builds into manual sandboxing. 13 14 * Configurations/BaseTarget.xcconfig: 15 - Add ENABLE_MANUAL_SANDBOXING to 16 GCC_PREPROCESSOR_DEFINITIONS when WK_MANUAL_SANDBOXING_ENABLED is YES. 17 - Set WK_MANUAL_SANDBOXING_ENABLED to YES for OS X, because we always use manual 18 sandboxing on that platform. 19 20 * Configurations/DebugRelease.xcconfig: Removed unused definition of DEBUG_OR_RELEASE. Set 21 WK_MANUAL_SANDBOXING_ENABLED to YES for all engineering builds. 22 23 * Configurations/BaseXPCService.xcconfig: Define CODE_SIGN_ENTITLEMENTS for iOS to be empty 24 if the service is not installed; to use the base entitlements file from Configurations if 25 manual sandboxing is not enabled; and to use a derived entitlements file, which doesn’t 26 specify a sandbox profile, if manual sandboxing is enabled. 27 28 * Configurations/DatabaseService.Development.xcconfig: Define 29 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE and let BaseXPCService.xcconfig define 30 CODE_SIGN_ENTITLEMENTS for iOS. 31 32 * Configurations/DatabaseService.xcconfig: Ditto. 33 * Configurations/NetworkService.Development.xcconfig: Ditto. 34 * Configurations/NetworkService.xcconfig: Ditto. 35 * Configurations/WebContentService.Development.xcconfig: Ditto. 36 * Configurations/WebContentService.xcconfig: Ditto. 37 38 * WebKit2.xcodeproj/project.pbxproj: 39 - In the Derived Sources target, added a Derive Entitlements for Manual Sandboxing script 40 build phase. When building for iOS with manual sandboxing enabled, it creates copies of 41 the iOS entitlements files with a -no-sandbox suffix and the seatbelt-profiles key 42 removed. 43 - In the WebKit target, added a Copy iOS Sandbox Profiles for Manual Sandboxing script build 44 phase. When building for iOS with manual sandboxing enabled, it copies the iOS sandbox 45 profiles into the framework, so that the services can apply them to themselves at runtime. 46 47 * Shared/ios/ChildProcessIOS.mm: 48 (WebKit::ChildProcess::initializeSandbox): Use ENABLE(MANUAL_SANDBOXING) and don’t define it 49 here. 50 51 * WebProcess/cocoa/WebProcessCocoa.mm: 52 (WebKit::WebProcess::initializeSandbox): Use ENABLE(MANUAL_SANDBOXING) instead of defining 53 and using ENABLE_MANUAL_WEBPROCESS_SANDBOXING here. 54 1 55 2015-06-06 Anders Carlsson <andersca@apple.com> 2 56 -
trunk/Source/WebKit2/Configurations/BaseTarget.xcconfig
r178080 r185298 30 30 31 31 GCC_PREFIX_HEADER = WebKit2Prefix.h; 32 GCC_PREPROCESSOR_DEFINITIONS = $(DEBUG_DEFINES) $(FEATURE_DEFINES) FRAMEWORK_NAME=WebKit32 GCC_PREPROCESSOR_DEFINITIONS = $(DEBUG_DEFINES) $(FEATURE_DEFINES) $(WK_MANUAL_SANDBOXING_DEFINES) FRAMEWORK_NAME=WebKit 33 33 HEADER_SEARCH_PATHS = $(BUILT_PRODUCTS_DIR)/usr/local/include $(WEBCORE_PRIVATE_HEADERS_DIR)/ForwardingHeaders $(WEBCORE_PRIVATE_HEADERS_DIR)/icu $(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit2 $(HEADER_SEARCH_PATHS); 34 34 … … 59 59 OTHER_LDFLAGS_VERSIONED_FRAMEWORK_PATH = $(OTHER_LDFLAGS_VERSIONED_FRAMEWORK_PATH_$(USE_STAGING_INSTALL_PATH)); 60 60 OTHER_LDFLAGS_VERSIONED_FRAMEWORK_PATH_YES = -Wl,-dyld_env -Wl,DYLD_VERSIONED_FRAMEWORK_PATH=/System/Library/StagedFrameworks/Safari; 61 62 WK_MANUAL_SANDBOXING_ENABLED[sdk=macosx*] = YES; 63 64 WK_MANUAL_SANDBOXING_DEFINES = $(WK_MANUAL_SANDBOXING_DEFINES_$(WK_MANUAL_SANDBOXING_ENABLED)); 65 WK_MANUAL_SANDBOXING_DEFINES_YES = ENABLE_MANUAL_SANDBOXING; -
trunk/Source/WebKit2/Configurations/BaseXPCService.xcconfig
r177621 r185298 45 45 46 46 OTHER_LDFLAGS = $(inherited) $(OTHER_LDFLAGS_VERSIONED_FRAMEWORK_PATH); 47 48 CODE_SIGN_ENTITLEMENTS[sdk=iphone*] = $(CODE_SIGN_ENTITLEMENTS_IOS_SKIP_INSTALL_$(SKIP_INSTALL)); 49 50 CODE_SIGN_ENTITLEMENTS_IOS_SKIP_INSTALL_ = $(CODE_SIGN_ENTITLEMENTS_IOS_SKIP_INSTALL_NO); 51 CODE_SIGN_ENTITLEMENTS_IOS_SKIP_INSTALL_NO = $(CODE_SIGN_ENTITLEMENTS_IOS_MANUAL_SANDBOXING_$(WK_MANUAL_SANDBOXING_ENABLED)); 52 CODE_SIGN_ENTITLEMENTS_IOS_SKIP_INSTALL_YES = ; 53 54 CODE_SIGN_ENTITLEMENTS_IOS_MANUAL_SANDBOXING_ = $(CODE_SIGN_ENTITLEMENTS_IOS_MANUAL_SANDBOXING_NO); 55 CODE_SIGN_ENTITLEMENTS_IOS_MANUAL_SANDBOXING_NO = Configurations/$(WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE).entitlements; 56 CODE_SIGN_ENTITLEMENTS_IOS_MANUAL_SANDBOXING_YES = $(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit2/$(WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE)-no-sandbox.entitlements; -
trunk/Source/WebKit2/Configurations/DatabaseService.Development.xcconfig
r169759 r185298 25 25 26 26 WK_XPC_SERVICE_VARIANT = Development; 27 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE = Databases-iOS; 27 28 28 29 PRODUCT_NAME = com.apple.WebKit.Databases.Development; 29 30 INFOPLIST_FILE = DatabaseProcess/EntryPoint/mac/XPCService/DatabaseService.Development/Info.plist; 30 31 CODE_SIGN_ENTITLEMENTS[sdk=iphoneos*] = Configurations/Databases-iOS.entitlements32 CODE_SIGN_ENTITLEMENTS[sdk=iphonesimulator*] = Configurations/Databases-iOS.entitlements -
trunk/Source/WebKit2/Configurations/DatabaseService.xcconfig
r169759 r185298 25 25 26 26 WK_XPC_SERVICE_VARIANT = Normal; 27 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE = WebContent-iOS; 27 28 28 29 PRODUCT_NAME = com.apple.WebKit.Databases; 29 30 INFOPLIST_FILE = DatabaseProcess/EntryPoint/mac/XPCService/DatabaseService/Info.plist; 30 31 CODE_SIGN_ENTITLEMENTS[sdk=iphoneos*] = Configurations/Databases-iOS.entitlements32 CODE_SIGN_ENTITLEMENTS[sdk=iphonesimulator*] = Configurations/Databases-iOS.entitlements -
trunk/Source/WebKit2/Configurations/DebugRelease.xcconfig
r184862 r185298 45 45 WEBKIT_SYSTEM_INTERFACE_LIBRARY_macosx_101200 = $(WEBKIT_SYSTEM_INTERFACE_LIBRARY_macosx_101100); 46 46 47 DEBUG_OR_RELEASE = YES;48 49 47 SDKROOT[sdk=iphone*] = $(SDKROOT); 50 48 SDKROOT = $(SDKROOT_$(PLATFORM_NAME)_$(USE_INTERNAL_SDK)); 51 49 SDKROOT_macosx_ = macosx; 52 50 SDKROOT_macosx_YES = macosx.internal; 51 52 WK_MANUAL_SANDBOXING_ENABLED = YES; -
trunk/Source/WebKit2/Configurations/NetworkService.Development.xcconfig
r177621 r185298 25 25 26 26 WK_XPC_SERVICE_VARIANT = Development; 27 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE = Network-iOS; 27 28 28 29 PRODUCT_NAME = com.apple.WebKit.Networking.Development; 29 30 INFOPLIST_FILE[sdk=iphone*] = NetworkProcess/EntryPoint/mac/XPCService/NetworkService.Development/Info-iOS.plist; 30 31 INFOPLIST_FILE[sdk=macosx*] = NetworkProcess/EntryPoint/mac/XPCService/NetworkService.Development/Info-OSX.plist; 31 32 CODE_SIGN_ENTITLEMENTS[sdk=iphone*] = Configurations/Network-iOS.entitlements; -
trunk/Source/WebKit2/Configurations/NetworkService.xcconfig
r184215 r185298 25 25 26 26 WK_XPC_SERVICE_VARIANT = Normal; 27 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE = Network-iOS; 27 28 28 29 PRODUCT_NAME = com.apple.WebKit.Networking; … … 32 33 INFOPLIST_FILE[sdk=macosx10.10*] = NetworkProcess/EntryPoint/mac/XPCService/NetworkService/Info-OSX-10.9-10.10.plist; 33 34 34 CODE_SIGN_ENTITLEMENTS[sdk=iphone*] = Configurations/Network-iOS.entitlements;35 36 35 OTHER_LDFLAGS = $(inherited) $(OTHER_LDFLAGS_VERSIONED_FRAMEWORK_PATH) $(OTHER_LDFLAGS_PLATFORM); 37 36 OTHER_LDFLAGS_PLATFORM[sdk=macosx*] = $(BUILT_PRODUCTS_DIR)/SecItemShim.dylib; -
trunk/Source/WebKit2/Configurations/WebContentService.Development.xcconfig
r184862 r185298 25 25 26 26 WK_XPC_SERVICE_VARIANT = Development; 27 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE = WebContent-iOS; 27 28 28 29 PRODUCT_NAME = com.apple.WebKit.WebContent.Development; … … 37 38 BUNDLE_LOCALIZATION_KEY_macosx_101200 = CFBundleFollowParentLocalization; 38 39 39 CODE_SIGN_ENTITLEMENTS[sdk=iphoneos*] = Configurations/WebContent-iOS.entitlements;40 41 40 OTHER_LDFLAGS = $(inherited) $(OTHER_LDFLAGS_VERSIONED_FRAMEWORK_PATH) $(OTHER_LDFLAGS_PLATFORM); 42 41 OTHER_LDFLAGS_PLATFORM[sdk=macosx*] = -framework AppKit; -
trunk/Source/WebKit2/Configurations/WebContentService.xcconfig
r184862 r185298 25 25 26 26 WK_XPC_SERVICE_VARIANT = Normal; 27 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE = WebContent-iOS; 27 28 28 29 PRODUCT_NAME = com.apple.WebKit.WebContent; … … 39 40 BUNDLE_LOCALIZATION_KEY_macosx_101200 = CFBundleFollowParentLocalization; 40 41 41 CODE_SIGN_ENTITLEMENTS[sdk=iphoneos*] = Configurations/WebContent-iOS.entitlements;42 43 42 OTHER_LDFLAGS = $(inherited) $(OTHER_LDFLAGS_VERSIONED_FRAMEWORK_PATH) $(OTHER_LDFLAGS_PLATFORM); 44 43 OTHER_LDFLAGS_PLATFORM[sdk=macosx*] = -framework AppKit $(BUILT_PRODUCTS_DIR)/WebProcessShim.dylib; -
trunk/Source/WebKit2/Shared/ios/ChildProcessIOS.mm
r179409 r185298 42 42 #import <WebCore/FloatingPointEnvironment.h> 43 43 44 #ifndef ENABLE_MANUAL_SANDBOXING 45 #define ENABLE_MANUAL_SANDBOXING 0 46 #endif 47 48 #if ENABLE_MANUAL_SANDBOXING 44 #if ENABLE(MANUAL_SANDBOXING) 49 45 50 46 // We have to #undef __APPLE_API_PRIVATE to prevent sandbox.h from looking for a header file that does not exist (<rdar://problem/9679211>). … … 75 71 void ChildProcess::initializeSandbox(const ChildProcessInitializationParameters& parameters, SandboxInitializationParameters& sandboxParameters) 76 72 { 77 #if ENABLE _MANUAL_SANDBOXING73 #if ENABLE(MANUAL_SANDBOXING) 78 74 NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKView")]; 79 75 String defaultProfilePath = [webkit2Bundle pathForResource:[[NSBundle mainBundle] bundleIdentifier] ofType:@"sb"]; -
trunk/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj
r185225 r185298 75 75 buildPhases = ( 76 76 C0CE72841247E66800BC0EC4 /* Generate Derived Sources */, 77 3740E7281B23724A004ADEF1 /* Derive Entitlements for Manual Sandboxing */, 77 78 ); 78 79 dependencies = ( … … 8691 8692 8DC2EF520486A6940098B216 /* Resources */, 8692 8693 7CB16FEE1724BA05007A0A95 /* Copy Plug-in Sandbox Profiles */, 8694 37E531011B2391090074F0DF /* Copy iOS Sandbox Profiles for Manual Sandboxing */, 8693 8695 1A07D2F71919B36500ECDA16 /* Copy Message Generation Scripts */, 8694 8696 8DC2EF540486A6940098B216 /* Sources */, … … 9202 9204 shellScript = "if [ \"${ACTION}\" = \"installhdrs\" ]; then\n exit 0;\nfi\n\nif [ -f ../../Tools/Scripts/check-for-inappropriate-objc-class-names ]; then\n ../../Tools/Scripts/check-for-inappropriate-objc-class-names WK _WK || exit $?\nfi"; 9203 9205 }; 9206 3740E7281B23724A004ADEF1 /* Derive Entitlements for Manual Sandboxing */ = { 9207 isa = PBXShellScriptBuildPhase; 9208 buildActionMask = 2147483647; 9209 files = ( 9210 ); 9211 inputPaths = ( 9212 "$(SRCROOT)/Configurations/Databases-iOS.entitlements", 9213 "$(SRCROOT)/Configurations/Network-iOS.entitlements", 9214 "$(SRCROOT)/Configurations/WebContent-iOS.entitlements", 9215 ); 9216 name = "Derive Entitlements for Manual Sandboxing"; 9217 outputPaths = ( 9218 "$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit2/Databases-iOS-no-sandbox.entitlements", 9219 "$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit2/Network-iOS-no-sandbox.entitlements", 9220 "$(BUILT_PRODUCTS_DIR)/DerivedSources/WebKit2/WebContent-iOS-no-sandbox.entitlements", 9221 ); 9222 runOnlyForDeploymentPostprocessing = 0; 9223 shellPath = /bin/sh; 9224 shellScript = "if [[ \"${WK_MANUAL_SANDBOXING_ENABLED}\" != \"YES\" || \"${PLATFORM_NAME}\" == \"macosx\" ]]; then\n exit\nfi\n\nif [[ \"${ACTION}\" == \"build\" || \"${ACTION}\" == \"install\" ]]; then\n for ((i = 0; i < ${SCRIPT_INPUT_FILE_COUNT}; ++i)); do\n eval ENTITLEMENTS=\\${SCRIPT_INPUT_FILE_${i}}\n ENTITLEMENTS_BASE=${ENTITLEMENTS##*/}\n ENTITLEMENTS_BASE=${ENTITLEMENTS_BASE%.entitlements}\n plutil -remove seatbelt-profiles -o \"${BUILT_PRODUCTS_DIR}/DerivedSources/WebKit2/${ENTITLEMENTS_BASE}-no-sandbox.entitlements\" \"${ENTITLEMENTS}\"\n done\nfi"; 9225 }; 9204 9226 375A248817E5048E00C9A086 /* Postprocess WKBase.h */ = { 9205 9227 isa = PBXShellScriptBuildPhase; … … 9216 9238 shellPath = /bin/sh; 9217 9239 shellScript = "WKBASE_H=${TARGET_BUILD_DIR}/${PRIVATE_HEADERS_FOLDER_PATH}/WKBase.h\n\nunifdef -B -D__APPLE__ -UBUILDING_GTK__ -UUSE_SOUP -UBUILDING_EFL__ -UBUILDING_QT__ -o ${WKBASE_H}.unifdef ${WKBASE_H}\n\ncase $? in\n0)\n rm ${WKBASE_H}.unifdef\n ;;\n1)\n mv ${WKBASE_H}{.unifdef,}\n ;;\n*)\n exit 1\nesac\n"; 9240 }; 9241 37E531011B2391090074F0DF /* Copy iOS Sandbox Profiles for Manual Sandboxing */ = { 9242 isa = PBXShellScriptBuildPhase; 9243 buildActionMask = 2147483647; 9244 files = ( 9245 ); 9246 inputPaths = ( 9247 "$(SRCROOT)/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb", 9248 "$(SRCROOT)/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb", 9249 "$(SRCROOT)/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb", 9250 ); 9251 name = "Copy iOS Sandbox Profiles for Manual Sandboxing"; 9252 outputPaths = ( 9253 "$(TARGET_BUILD_DIR)/$(UNLOCALIZED_RESOURCES_FOLDER_PATH)/com.apple.WebKit.Databases.sb", 9254 "$(TARGET_BUILD_DIR)/$(UNLOCALIZED_RESOURCES_FOLDER_PATH)/com.apple.WebKit.Networking.sb", 9255 "$(TARGET_BUILD_DIR)/$(UNLOCALIZED_RESOURCES_FOLDER_PATH)/com.apple.WebKit.WebContent.sb", 9256 ); 9257 runOnlyForDeploymentPostprocessing = 0; 9258 shellPath = /bin/sh; 9259 shellScript = "if [[ \"${WK_MANUAL_SANDBOXING_ENABLED}\" != \"YES\" || \"${PLATFORM_NAME}\" == \"macosx\" ]]; then\n exit\nfi\n\nif [[ \"${ACTION}\" == \"build\" || \"${ACTION}\" == \"install\" ]]; then\n for ((i = 0; i < ${SCRIPT_INPUT_FILE_COUNT}; ++i)); do\n eval SANDBOX_PROFILE=\\${SCRIPT_INPUT_FILE_${i}}\n ditto \"${SANDBOX_PROFILE}\" \"${TARGET_BUILD_DIR}/${UNLOCALIZED_RESOURCES_FOLDER_PATH}/${SANDBOX_PROFILE##*/}\"\n done\nfi"; 9218 9260 }; 9219 9261 5DF408C5131DD46700130071 /* Check For Weak VTables and Externals */ = { … … 11142 11184 ); 11143 11185 defaultConfigurationIsVisible = 0; 11186 defaultConfigurationName = Production; 11144 11187 }; 11145 11188 510031F21379CACB00C8DFE4 /* Build configuration list for PBXNativeTarget "SecItemShim" */ = { -
trunk/Source/WebKit2/WebProcess/cocoa/WebProcessCocoa.mm
r185273 r185298 60 60 #import <wtf/RAMSize.h> 61 61 62 #define ENABLE_MANUAL_WEBPROCESS_SANDBOXING !PLATFORM(IOS)63 64 62 using namespace WebCore; 65 63 … … 208 206 { 209 207 #if ENABLE(WEB_PROCESS_SANDBOX) 210 #if ENABLE _MANUAL_WEBPROCESS_SANDBOXING208 #if ENABLE(MANUAL_SANDBOXING) 211 209 // Need to override the default, because service has a different bundle ID. 212 210 NSBundle *webkit2Bundle = [NSBundle bundleForClass:NSClassFromString(@"WKView")];
Note:
See TracChangeset
for help on using the changeset viewer.
