Changeset 202024 in webkit


Ignore:
Timestamp:
Jun 13, 2016, 9:03:02 PM (9 years ago)
Author:
mitz@apple.com
Message:

[Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
https://bugs.webkit.org/show_bug.cgi?id=156668
<rdar://problem/26714558>

Reviewed by Anders Carlsson.

  • Configurations/WebContentService.xcconfig: Enable library validation when the Web Content service is given the XPC domain extension entitlement when targeting macOS Sierra or later.
Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r202005 r202024  
     12016-06-13  Dan Bernstein  <mitz@apple.com>
     2
     3        [Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
     4        https://bugs.webkit.org/show_bug.cgi?id=156668
     5        <rdar://problem/26714558>
     6
     7        Reviewed by Anders Carlsson.
     8
     9        * Configurations/WebContentService.xcconfig: Enable library validation when the Web Content
     10          service is given the XPC domain extension entitlement when targeting macOS Sierra or later.
     11
    1122016-06-13  Alex Christensen  <achristensen@webkit.org>
    213

  • trunk/Source/WebKit2/Configurations/WebContentService.xcconfig

    r200172 r202024  
    2828CODE_SIGN_ENTITLEMENTS[sdk=macosx*] = $(CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT));
    2929CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_YES = Configurations/WebContent-OSX.entitlements;
     30OTHER_CODE_SIGN_FLAGS[sdk=macosx*] = $(OTHER_CODE_SIGN_FLAGS_macosx_$(TARGET_MAC_OS_X_VERSION_MAJOR));
     31OTHER_CODE_SIGN_FLAGS_macosx_101200 = $(WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS);
     32OTHER_CODE_SIGN_FLAGS_macosx_101300 = $(OTHER_CODE_SIGN_FLAGS_macosx_101200);
    3033
    3134PRODUCT_NAME = com.apple.WebKit.WebContent$(WK_XPC_SERVICE_SUFFIX);
     
    4144WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT);
    4245WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = $(WK_RELOCATABLE_FRAMEWORKS);
     46
     47WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS = $(WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT));
     48WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS_YES = -o library;
Note: See TracChangeset for help on using the changeset viewer.