Changeset 244597 in webkit

Timestamp:

Apr 24, 2019 10:46:28 AM (5 years ago)

Author:

achristensen@apple.com

Message:

WKContentRuleLists should have a maximum FileProtection of CompleteUnlessOpen
​https://bugs.webkit.org/show_bug.cgi?id=197078
<rdar://problem/49564348>

Reviewed by Geoff Garen.

Source/WebKit:

r242735 was a fix for crashes when using mmap'd memory in apps with default FileProtection of NSFileProtectionComplete.
It is more memory efficient and just as secure to reduce the FileProtection of these files to NSFileProtectionCompleteUnlessOpen.

• NetworkProcess/cache/NetworkCacheFileSystem.cpp:

(WebKit::NetworkCache::isSafeToUseMemoryMapForPath):
(WebKit::NetworkCache::makeSafeToUseMemoryMapForPath):
(WebKit::NetworkCache::pathRegisteredAsUnsafeToMemoryMapForTesting): Deleted.
(WebKit::NetworkCache::registerPathAsUnsafeToMemoryMapForTesting): Deleted.

• NetworkProcess/cache/NetworkCacheFileSystem.h:
• NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm: Added.

(WebKit::NetworkCache::isSafeToUseMemoryMapForPath):
(WebKit::NetworkCache::makeSafeToUseMemoryMapForPath):

• Shared/WebCompiledContentRuleList.cpp:

(WebKit::WebCompiledContentRuleList::conditionsApplyOnlyToDomain const):
(WebKit::WebCompiledContentRuleList::filtersWithoutConditionsBytecode const):
(WebKit::WebCompiledContentRuleList::filtersWithConditionsBytecode const):
(WebKit::WebCompiledContentRuleList::topURLFiltersBytecode const):
(WebKit::WebCompiledContentRuleList::actions const):
(WebKit::WebCompiledContentRuleList::usesCopiedMemory const): Deleted.

• Shared/WebCompiledContentRuleList.h:
• Shared/WebCompiledContentRuleListData.cpp:

(WebKit::WebCompiledContentRuleListData::encode const):
(WebKit::WebCompiledContentRuleListData::decode):
(WebKit::WebCompiledContentRuleListData::size const): Deleted.
(WebKit::WebCompiledContentRuleListData::dataPointer const): Deleted.

• Shared/WebCompiledContentRuleListData.h:

(WebKit::WebCompiledContentRuleListData::WebCompiledContentRuleListData):

• SourcesCocoa.txt:
• UIProcess/API/APIContentRuleList.cpp:

(API::ContentRuleList::usesCopiedMemory const): Deleted.

• UIProcess/API/APIContentRuleList.h:
• UIProcess/API/APIContentRuleListStore.cpp:

(API::openAndMapOrCopyContentRuleList):
(API::compiledToFile):
(API::createExtension):
(API::ContentRuleListStore::getContentRuleListSource):
(API::ContentRuleListStore::readContentsOfFile): Deleted.
(API::MappedOrCopiedData::dataPointer const): Deleted.

• UIProcess/API/APIContentRuleListStore.h:
• UIProcess/API/Cocoa/APIContentRuleListStoreCocoa.mm:

(API::ContentRuleListStore::readContentsOfFile): Deleted.

• UIProcess/API/Cocoa/WKContentRuleListStore.mm:

(+[WKContentRuleListStore _registerPathAsUnsafeToMemoryMapForTesting:]): Deleted.

• UIProcess/API/Cocoa/WKContentRuleListStorePrivate.h:
• UIProcess/API/Cocoa/_WKUserContentFilter.mm:

(-[_WKUserContentFilter usesCopiedMemory]): Deleted.

• UIProcess/API/Cocoa/_WKUserContentFilterPrivate.h:
• WebKit.xcodeproj/project.pbxproj:

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/WKContentExtensionStore.mm:

(TEST_F):
(-[TestSchemeHandlerSubresourceShouldBeBlocked webView:startURLSchemeTask:]): Deleted.
(-[TestSchemeHandlerSubresourceShouldBeBlocked webView:stopURLSchemeTask:]): Deleted.
Unfortunately, setting the NSFileProtectionKey attribute is only supported on iOS devices.

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/cache/NetworkCacheFileSystem.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/cache/NetworkCacheFileSystem.h (modified) (1 diff)
• Source/WebKit/NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm (added)
• Source/WebKit/Shared/WebCompiledContentRuleList.cpp (modified) (4 diffs)
• Source/WebKit/Shared/WebCompiledContentRuleList.h (modified) (1 diff)
• Source/WebKit/Shared/WebCompiledContentRuleListData.cpp (modified) (2 diffs)
• Source/WebKit/Shared/WebCompiledContentRuleListData.h (modified) (2 diffs)
• Source/WebKit/SourcesCocoa.txt (modified) (1 diff)
• Source/WebKit/UIProcess/API/APIContentRuleList.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/API/APIContentRuleList.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/APIContentRuleListStore.cpp (modified) (5 diffs)
• Source/WebKit/UIProcess/API/APIContentRuleListStore.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/APIContentRuleListStoreCocoa.mm (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKContentRuleListStore.mm (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKContentRuleListStorePrivate.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/_WKUserContentFilter.mm (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/_WKUserContentFilterPrivate.h (modified) (1 diff)
• Source/WebKit/WebKit.xcodeproj/project.pbxproj (modified) (2 diffs)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/WKContentExtensionStore.mm (modified) (2 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-04-24  Alex Christensen  <achristensen@webkit.org>
+
+        WKContentRuleLists should have a maximum FileProtection of CompleteUnlessOpen
+        https://bugs.webkit.org/show_bug.cgi?id=197078
+        <rdar://problem/49564348>
+
+        Reviewed by Geoff Garen.
+
+        r242735 was a fix for crashes when using mmap'd memory in apps with default FileProtection of NSFileProtectionComplete.
+        It is more memory efficient and just as secure to reduce the FileProtection of these files to NSFileProtectionCompleteUnlessOpen.
+
+        * NetworkProcess/cache/NetworkCacheFileSystem.cpp:
+        (WebKit::NetworkCache::isSafeToUseMemoryMapForPath):
+        (WebKit::NetworkCache::makeSafeToUseMemoryMapForPath):
+        (WebKit::NetworkCache::pathRegisteredAsUnsafeToMemoryMapForTesting): Deleted.
+        (WebKit::NetworkCache::registerPathAsUnsafeToMemoryMapForTesting): Deleted.
+        * NetworkProcess/cache/NetworkCacheFileSystem.h:
+        * NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm: Added.
+        (WebKit::NetworkCache::isSafeToUseMemoryMapForPath):
+        (WebKit::NetworkCache::makeSafeToUseMemoryMapForPath):
+        * Shared/WebCompiledContentRuleList.cpp:
+        (WebKit::WebCompiledContentRuleList::conditionsApplyOnlyToDomain const):
+        (WebKit::WebCompiledContentRuleList::filtersWithoutConditionsBytecode const):
+        (WebKit::WebCompiledContentRuleList::filtersWithConditionsBytecode const):
+        (WebKit::WebCompiledContentRuleList::topURLFiltersBytecode const):
+        (WebKit::WebCompiledContentRuleList::actions const):
+        (WebKit::WebCompiledContentRuleList::usesCopiedMemory const): Deleted.
+        * Shared/WebCompiledContentRuleList.h:
+        * Shared/WebCompiledContentRuleListData.cpp:
+        (WebKit::WebCompiledContentRuleListData::encode const):
+        (WebKit::WebCompiledContentRuleListData::decode):
+        (WebKit::WebCompiledContentRuleListData::size const): Deleted.
+        (WebKit::WebCompiledContentRuleListData::dataPointer const): Deleted.
+        * Shared/WebCompiledContentRuleListData.h:
+        (WebKit::WebCompiledContentRuleListData::WebCompiledContentRuleListData):
+        * SourcesCocoa.txt:
+        * UIProcess/API/APIContentRuleList.cpp:
+        (API::ContentRuleList::usesCopiedMemory const): Deleted.
+        * UIProcess/API/APIContentRuleList.h:
+        * UIProcess/API/APIContentRuleListStore.cpp:
+        (API::openAndMapOrCopyContentRuleList):
+        (API::compiledToFile):
+        (API::createExtension):
+        (API::ContentRuleListStore::getContentRuleListSource):
+        (API::ContentRuleListStore::readContentsOfFile): Deleted.
+        (API::MappedOrCopiedData::dataPointer const): Deleted.
+        * UIProcess/API/APIContentRuleListStore.h:
+        * UIProcess/API/Cocoa/APIContentRuleListStoreCocoa.mm:
+        (API::ContentRuleListStore::readContentsOfFile): Deleted.
+        * UIProcess/API/Cocoa/WKContentRuleListStore.mm:
+        (+[WKContentRuleListStore _registerPathAsUnsafeToMemoryMapForTesting:]): Deleted.
+        * UIProcess/API/Cocoa/WKContentRuleListStorePrivate.h:
+        * UIProcess/API/Cocoa/_WKUserContentFilter.mm:
+        (-[_WKUserContentFilter usesCopiedMemory]): Deleted.
+        * UIProcess/API/Cocoa/_WKUserContentFilterPrivate.h:
+        * WebKit.xcodeproj/project.pbxproj:
+
 2019-04-24  David Kilzer  <ddkilzer@apple.com>
 

trunk/Source/WebKit/NetworkProcess/cache/NetworkCacheFileSystem.cpp

@@ -146 +146 @@
 }
 
-static String& pathRegisteredAsUnsafeToMemoryMapForTesting()
+#if !PLATFORM(IOS_FAMILY)
+bool isSafeToUseMemoryMapForPath(const String&)
 {
-    static NeverDestroyed<String> path;
-    return path.get();
+    return true;
 }
-
-void registerPathAsUnsafeToMemoryMapForTesting(const String& path)
+void makeSafeToUseMemoryMapForPath(const String&)
 {
-    pathRegisteredAsUnsafeToMemoryMapForTesting() = path;
 }
-
-    
-bool isSafeToUseMemoryMapForPath(const String& path)
-{
-    if (path == pathRegisteredAsUnsafeToMemoryMapForTesting())
-        return false;
-
-#if PLATFORM(IOS_FAMILY) && !PLATFORM(IOS_FAMILY_SIMULATOR)
-    struct {
-        uint32_t length;
-        uint32_t protectionClass;
-    } attrBuffer;
-
-    attrlist attrList = { };
-    attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
-    attrList.commonattr = ATTR_CMN_DATA_PROTECT_FLAGS;
-    int32_t error = getattrlist(FileSystem::fileSystemRepresentation(path).data(), &attrList, &attrBuffer, sizeof(attrBuffer), FSOPT_NOFOLLOW);
-    if (error) {
-        RELEASE_LOG_ERROR(Network, "Unable to get cache directory protection class, disabling use of shared mapped memory");
-        return false;
-    }
-
-    // For stricter protection classes shared maps could disappear when device is locked.
-    const uint32_t fileProtectionCompleteUntilFirstUserAuthentication = 3;
-    bool isSafe = attrBuffer.protectionClass >= fileProtectionCompleteUntilFirstUserAuthentication;
-
-    if (!isSafe)
-        RELEASE_LOG(Network, "Disallowing use of shared mapped memory due to container protection class %u", attrBuffer.protectionClass);
-
-    return isSafe;
-#else
-    UNUSED_PARAM(path);
-    return true;
 #endif
-}
 
 }

trunk/Source/WebKit/NetworkProcess/cache/NetworkCacheFileSystem.h

@@ -43 +43 @@
 void updateFileModificationTimeIfNeeded(const String& path);
 
-bool isSafeToUseMemoryMapForPath(const String& path);
-void registerPathAsUnsafeToMemoryMapForTesting(const String&);
+bool isSafeToUseMemoryMapForPath(const String&);
+void makeSafeToUseMemoryMapForPath(const String&);
 
 }

trunk/Source/WebKit/Shared/WebCompiledContentRuleList.cpp

@@ -45 +45 @@
 }
 
-bool WebCompiledContentRuleList::usesCopiedMemory() const
-{
-    return WTF::holds_alternative<RefPtr<WebCore::SharedBuffer>>(m_data.data);
-}
-
 bool WebCompiledContentRuleList::conditionsApplyOnlyToDomain() const
 {
-    return *reinterpret_cast<const uint32_t*>(reinterpret_cast<const uint8_t*>(m_data.dataPointer()) + m_data.conditionsApplyOnlyToDomainOffset);
+    return *reinterpret_cast<const uint32_t*>(reinterpret_cast<const uint8_t*>(m_data.data->data()) + m_data.conditionsApplyOnlyToDomainOffset);
 }
 
 const WebCore::ContentExtensions::DFABytecode* WebCompiledContentRuleList::filtersWithoutConditionsBytecode() const
 {
-    return static_cast<const WebCore::ContentExtensions::DFABytecode*>(m_data.dataPointer()) + m_data.filtersWithoutConditionsBytecodeOffset;
+    return static_cast<const WebCore::ContentExtensions::DFABytecode*>(m_data.data->data()) + m_data.filtersWithoutConditionsBytecodeOffset;
 }
 
@@ -67 +62 @@
 const WebCore::ContentExtensions::DFABytecode* WebCompiledContentRuleList::filtersWithConditionsBytecode() const
 {
-    return static_cast<const WebCore::ContentExtensions::DFABytecode*>(m_data.dataPointer()) + m_data.filtersWithConditionsBytecodeOffset;
+    return static_cast<const WebCore::ContentExtensions::DFABytecode*>(m_data.data->data()) + m_data.filtersWithConditionsBytecodeOffset;
 }
 
@@ -77 +72 @@
 const WebCore::ContentExtensions::DFABytecode* WebCompiledContentRuleList::topURLFiltersBytecode() const
 {
-    return static_cast<const WebCore::ContentExtensions::DFABytecode*>(m_data.dataPointer()) + m_data.topURLFiltersBytecodeOffset;
+    return static_cast<const WebCore::ContentExtensions::DFABytecode*>(m_data.data->data()) + m_data.topURLFiltersBytecodeOffset;
 }
 
@@ -87 +82 @@
 const WebCore::ContentExtensions::SerializedActionByte* WebCompiledContentRuleList::actions() const
 {
-    return static_cast<const WebCore::ContentExtensions::SerializedActionByte*>(m_data.dataPointer()) + m_data.actionsOffset;
+    return static_cast<const WebCore::ContentExtensions::SerializedActionByte*>(m_data.data->data()) + m_data.actionsOffset;
 }
 

trunk/Source/WebKit/Shared/WebCompiledContentRuleList.h

@@ -41 +41 @@
     const WebCompiledContentRuleListData& data() const { return m_data; }
 
-    bool usesCopiedMemory() const;
-    
 private:
     WebCompiledContentRuleList(WebCompiledContentRuleListData&&);

trunk/Source/WebKit/Shared/WebCompiledContentRuleListData.cpp

@@ -35 +35 @@
 namespace WebKit {
 
-size_t WebCompiledContentRuleListData::size() const
-{
-    return WTF::switchOn(data, [] (const auto& sharedMemoryOrBuffer) {
-        return sharedMemoryOrBuffer->size();
-    });
-}
-
-const void* WebCompiledContentRuleListData::dataPointer() const
-{
-    return WTF::switchOn(data, [] (const auto& sharedMemoryOrBuffer) -> const void* {
-        return sharedMemoryOrBuffer->data();
-    });
-}
-
 void WebCompiledContentRuleListData::encode(IPC::Encoder& encoder) const
 {
-    if (auto sharedMemory = WTF::get_if<RefPtr<SharedMemory>>(data)) {
-        encoder << true;
-        SharedMemory::Handle handle;
-        sharedMemory->get()->createHandle(handle, SharedMemory::Protection::ReadOnly);
-        encoder << handle;
-    } else {
-        encoder << false;
-        encoder << IPC::SharedBufferDataReference { *WTF::get<RefPtr<WebCore::SharedBuffer>>(data) };
-    }
+    SharedMemory::Handle handle;
+    data->createHandle(handle, SharedMemory::Protection::ReadOnly);
+    encoder << handle;
 
     encoder << conditionsApplyOnlyToDomainOffset;
@@ -74 +54 @@
 Optional<WebCompiledContentRuleListData> WebCompiledContentRuleListData::decode(IPC::Decoder& decoder)
 {
-    Variant<RefPtr<SharedMemory>, RefPtr<WebCore::SharedBuffer>> data;
-
-    Optional<bool> hasSharedMemory;
-    decoder >> hasSharedMemory;
-    if (!hasSharedMemory)
+    SharedMemory::Handle handle;
+    if (!decoder.decode(handle))
         return WTF::nullopt;
-
-    if (*hasSharedMemory) {
-        SharedMemory::Handle handle;
-        if (!decoder.decode(handle))
-            return WTF::nullopt;
-        data = { SharedMemory::map(handle, SharedMemory::Protection::ReadOnly) };
-    } else {
-        IPC::DataReference dataReference;
-        if (!decoder.decode(dataReference))
-            return WTF::nullopt;
-        data = { RefPtr<WebCore::SharedBuffer>(WebCore::SharedBuffer::create(dataReference.data(), dataReference.size())) };
-    }
+    RefPtr<SharedMemory> data = SharedMemory::map(handle, SharedMemory::Protection::ReadOnly);
 
     Optional<unsigned> conditionsApplyOnlyToDomainOffset;

trunk/Source/WebKit/Shared/WebCompiledContentRuleListData.h

@@ -42 +42 @@
 class WebCompiledContentRuleListData {
 public:
-    WebCompiledContentRuleListData(Variant<RefPtr<SharedMemory>, RefPtr<WebCore::SharedBuffer>>&& data, unsigned conditionsApplyOnlyToDomainOffset, unsigned actionsOffset, unsigned actionsSize, unsigned filtersWithoutConditionsBytecodeOffset, unsigned filtersWithoutConditionsBytecodeSize, unsigned filtersWithConditionsBytecodeOffset, unsigned filtersWithConditionsBytecodeSize, unsigned topURLFiltersBytecodeOffset, unsigned topURLFiltersBytecodeSize)
+    WebCompiledContentRuleListData(RefPtr<SharedMemory>&& data, unsigned conditionsApplyOnlyToDomainOffset, unsigned actionsOffset, unsigned actionsSize, unsigned filtersWithoutConditionsBytecodeOffset, unsigned filtersWithoutConditionsBytecodeSize, unsigned filtersWithConditionsBytecodeOffset, unsigned filtersWithConditionsBytecodeSize, unsigned topURLFiltersBytecodeOffset, unsigned topURLFiltersBytecodeSize)
         : data(WTFMove(data))
         , conditionsApplyOnlyToDomainOffset(conditionsApplyOnlyToDomainOffset)
@@ -59 +59 @@
     static Optional<WebCompiledContentRuleListData> decode(IPC::Decoder&);
 
-    size_t size() const;
-    const void* dataPointer() const;
-    
-    Variant<RefPtr<SharedMemory>, RefPtr<WebCore::SharedBuffer>> data;
+    RefPtr<SharedMemory> data;
     unsigned conditionsApplyOnlyToDomainOffset { 0 };
     unsigned actionsOffset { 0 };

trunk/Source/WebKit/SourcesCocoa.txt

@@ -23 +23 @@
 
 NetworkProcess/cache/NetworkCacheDataCocoa.mm
+NetworkProcess/cache/NetworkCacheFileSystemCocoa.mm
 NetworkProcess/cache/NetworkCacheIOChannelCocoa.mm
 

trunk/Source/WebKit/UIProcess/API/APIContentRuleList.cpp

@@ -44 +44 @@
 }
 
-bool ContentRuleList::usesCopiedMemory() const
-{
-    return m_compiledRuleList->usesCopiedMemory();
-}
-
 } // namespace API
 

trunk/Source/WebKit/UIProcess/API/APIContentRuleList.h

@@ -50 +50 @@
     const WebKit::WebCompiledContentRuleList& compiledRuleList() const { return m_compiledRuleList.get(); }
 
-    bool usesCopiedMemory() const;
-
 private:
     WTF::String m_name;

trunk/Source/WebKit/UIProcess/API/APIContentRuleListStore.cpp

@@ -202 +202 @@
 }
 
-#if !PLATFORM(COCOA)
-RefPtr<WebCore::SharedBuffer> ContentRuleListStore::readContentsOfFile(const WTF::String& filePath)
-{
-    ASSERT_NOT_REACHED();
-    return nullptr;
-}
-#endif
-
-struct MappedOrCopiedData {
+struct MappedData {
     ContentRuleListMetaData metaData;
-    Variant<WebKit::NetworkCache::Data, RefPtr<WebCore::SharedBuffer>> data;
-    
-    const uint8_t* dataPointer() const
-    {
-        return WTF::switchOn(data, [] (const WebKit::NetworkCache::Data& data) {
-            return data.data();
-        }, [] (const RefPtr<WebCore::SharedBuffer>& sharedBuffer) {
-            return reinterpret_cast<const uint8_t*>(sharedBuffer->data());
-        });
-    }
+    WebKit::NetworkCache::Data data;
 };
 
-static Optional<MappedOrCopiedData> openAndMapOrCopyContentRuleList(const WTF::String& path)
-{
-    if (!WebKit::NetworkCache::isSafeToUseMemoryMapForPath(path)) {
-        RefPtr<WebCore::SharedBuffer> buffer = ContentRuleListStore::readContentsOfFile(path);
-        if (!buffer)
-            return WTF::nullopt;
-        auto metaData = decodeContentRuleListMetaData(*buffer);
-        if (!metaData)
-            return WTF::nullopt;
-        return {{ WTFMove(*metaData), { buffer.releaseNonNull() }}};
-    }
-
+static Optional<MappedData> openAndMapOrCopyContentRuleList(const WTF::String& path)
+{
+    WebKit::NetworkCache::makeSafeToUseMemoryMapForPath(path);
     WebKit::NetworkCache::Data fileData = mapFile(fileSystemRepresentation(path).data());
     if (fileData.isNull())
@@ -259 +233 @@
 }
 
-static Expected<MappedOrCopiedData, std::error_code> compiledToFile(WTF::String&& json, Vector<WebCore::ContentExtensions::ContentExtensionRule>&& parsedRules, const WTF::String& finalFilePath)
+static Expected<MappedData, std::error_code> compiledToFile(WTF::String&& json, Vector<WebCore::ContentExtensions::ContentExtensionRule>&& parsedRules, const WTF::String& finalFilePath)
 {
     using namespace WebCore::ContentExtensions;
@@ -412 +386 @@
         return makeUnexpected(ContentRuleListStore::Error::CompileFailed);
     }
-
-    if (!isSafeToUseMemoryMapForPath(finalFilePath)) {
-        auto contents = ContentRuleListStore::readContentsOfFile(finalFilePath);
-        if (!contents)
-            return makeUnexpected(ContentRuleListStore::Error::CompileFailed);
-        return {{ WTFMove(metaData), WTFMove(contents) }};
-    }
+    
+    makeSafeToUseMemoryMapForPath(finalFilePath);
     
     return {{ WTFMove(metaData), WTFMove(mappedData) }};
 }
 
-static Ref<API::ContentRuleList> createExtension(const WTF::String& identifier, MappedOrCopiedData&& data)
-{
-    RefPtr<WebKit::SharedMemory> sharedMemory;
-    if (auto mappedFileData = WTF::get_if<WebKit::NetworkCache::Data>(data.data)) {
-        sharedMemory = mappedFileData->tryCreateSharedMemory();
-
-        // Content extensions are always compiled to files, and at this point the file
-        // has been already mapped, therefore tryCreateSharedMemory() cannot fail.
-        ASSERT(sharedMemory);
-    }
-    auto mappedOrCopiedFileData = sharedMemory ?
-        Variant<RefPtr<WebKit::SharedMemory>, RefPtr<WebCore::SharedBuffer>> { sharedMemory }
-        : Variant<RefPtr<WebKit::SharedMemory>, RefPtr<WebCore::SharedBuffer>> { WTFMove(WTF::get<RefPtr<WebCore::SharedBuffer>>(data.data)) };
+static Ref<API::ContentRuleList> createExtension(const WTF::String& identifier, MappedData&& data)
+{
+    auto sharedMemory = data.data.tryCreateSharedMemory();
+
+    // Content extensions are always compiled to files, and at this point the file
+    // has been already mapped, therefore tryCreateSharedMemory() cannot fail.
+    ASSERT(sharedMemory);
 
     const size_t headerAndSourceSize = ContentRuleListFileHeaderSize + data.metaData.sourceSize;
     auto compiledContentRuleListData = WebKit::WebCompiledContentRuleListData(
-        WTFMove(mappedOrCopiedFileData),
+        WTFMove(sharedMemory),
         ConditionsApplyOnlyToDomainOffset,
         headerAndSourceSize,
@@ -457 +420 @@
     );
     auto compiledContentRuleList = WebKit::WebCompiledContentRuleList::create(WTFMove(compiledContentRuleListData));
-    return API::ContentRuleList::create(identifier, WTFMove(compiledContentRuleList), WTF::holds_alternative<WebKit::NetworkCache::Data>(data.data) ? WTF::get<WebKit::NetworkCache::Data>(data.data) : WebKit::NetworkCache::Data { });
+    return API::ContentRuleList::create(identifier, WTFMove(compiledContentRuleList), WTFMove(data.data));
 }
 
@@ -589 +552 @@
                 return;
             }
-            bool is8Bit = contentRuleList->dataPointer()[ContentRuleListFileHeaderSize];
+            bool is8Bit = contentRuleList->data.data()[ContentRuleListFileHeaderSize];
             size_t start = ContentRuleListFileHeaderSize + sizeof(bool);
             size_t length = contentRuleList->metaData.sourceSize - sizeof(bool);
             if (is8Bit)
-                complete(WTF::String(contentRuleList->dataPointer() + start, length));
+                complete(WTF::String(contentRuleList->data.data() + start, length));
             else {
                 ASSERT(!(length % sizeof(UChar)));
-                complete(WTF::String(reinterpret_cast<const UChar*>(contentRuleList->dataPointer() + start), length / sizeof(UChar)));
+                complete(WTF::String(reinterpret_cast<const UChar*>(contentRuleList->data.data() + start), length / sizeof(UChar)));
             }
             return;

trunk/Source/WebKit/UIProcess/API/APIContentRuleListStore.h

@@ -77 +77 @@
     void getContentRuleListSource(const WTF::String& identifier, CompletionHandler<void(WTF::String)>);
 
-    static RefPtr<WebCore::SharedBuffer> readContentsOfFile(const WTF::String& path);
-
 private:
     WTF::String defaultStorePath(bool legacyFilename);

trunk/Source/WebKit/UIProcess/API/Cocoa/APIContentRuleListStoreCocoa.mm

@@ -65 +65 @@
 }
 
-RefPtr<WebCore::SharedBuffer> ContentRuleListStore::readContentsOfFile(const String& filePath)
-{
-    ASSERT(!isMainThread());
-    NSData *data = [NSData dataWithContentsOfURL:[NSURL fileURLWithPath:filePath isDirectory:NO]];
-    if (!data)
-        return nullptr;
-    return WebCore::SharedBuffer::create(data);
-}
-
 } // namespace API
 

trunk/Source/WebKit/UIProcess/API/Cocoa/WKContentRuleListStore.mm

@@ -127 +127 @@
 // For testing only.
 
-+ (void)_registerPathAsUnsafeToMemoryMapForTesting:(NSString *)filename
-{
-    WebKit::NetworkCache::registerPathAsUnsafeToMemoryMapForTesting(filename);
-}
-
 - (void)_removeAllContentRuleLists
 {

trunk/Source/WebKit/UIProcess/API/Cocoa/WKContentRuleListStorePrivate.h

@@ -32 +32 @@
 - (void)_invalidateContentRuleListVersionForIdentifier:(NSString *)identifier;
 - (void)_getContentRuleListSourceForIdentifier:(NSString *)identifier completionHandler:(void (^)(NSString*))completionHandler;
-+ (void)_registerPathAsUnsafeToMemoryMapForTesting:(NSString *)filename;
 
 // NS_RELEASES_ARGUMENT to keep peak memory usage low.

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKUserContentFilter.mm

@@ -57 +57 @@
 }
 
-- (BOOL)usesCopiedMemory
-{
-    return _contentRuleList->_contentRuleList->usesCopiedMemory();
-}
-
 @end

trunk/Source/WebKit/UIProcess/API/Cocoa/_WKUserContentFilterPrivate.h

@@ -31 +31 @@
 
 - (id)_initWithWKContentRuleList:(WKContentRuleList*)contentRuleList WK_API_AVAILABLE(macos(10.13), ios(11.0));
-@property (nonatomic, readonly) BOOL usesCopiedMemory;
 
 @end

trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj

@@ -3561 +3561 @@
                 5CBC9B8B1C65257300A8FDCF /* NetworkDataTaskCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkDataTaskCocoa.mm; sourceTree = "<group>"; };
                 5CC5DB9121488E16006CB8A8 /* SharedBufferDataReference.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SharedBufferDataReference.h; sourceTree = "<group>"; };
+                5CD150762268F7F0006FB4AF /* NetworkCacheFileSystemCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkCacheFileSystemCocoa.mm; sourceTree = "<group>"; };
                 5CD286491E722F440094FDC8 /* _WKUserContentFilterPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = _WKUserContentFilterPrivate.h; sourceTree = "<group>"; };
                 5CD2864A1E722F440094FDC8 /* WKContentRuleList.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKContentRuleList.h; sourceTree = "<group>"; };
@@ -8945 +8946 @@
                                 E4697CCC1B25EB8F001B0A6C /* NetworkCacheFileSystem.cpp */,
                                 834B250E1A831A8D00CFB150 /* NetworkCacheFileSystem.h */,
+                                5CD150762268F7F0006FB4AF /* NetworkCacheFileSystemCocoa.mm */,
                                 E42E060B1AA7440D00B11699 /* NetworkCacheIOChannel.h */,
                                 E42E060D1AA750E500B11699 /* NetworkCacheIOChannelCocoa.mm */,

trunk/Tools/ChangeLog

@@ +1 @@
+2019-04-24  Alex Christensen  <achristensen@webkit.org>
+
+        WKContentRuleLists should have a maximum FileProtection of CompleteUnlessOpen
+        https://bugs.webkit.org/show_bug.cgi?id=197078
+        <rdar://problem/49564348>
+
+        Reviewed by Geoff Garen.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/WKContentExtensionStore.mm:
+        (TEST_F):
+        (-[TestSchemeHandlerSubresourceShouldBeBlocked webView:startURLSchemeTask:]): Deleted.
+        (-[TestSchemeHandlerSubresourceShouldBeBlocked webView:stopURLSchemeTask:]): Deleted.
+        Unfortunately, setting the NSFileProtectionKey attribute is only supported on iOS devices.
+
 2019-04-24  Alex Christensen  <achristensen@webkit.org>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKContentExtensionStore.mm

@@ -29 +29 @@
 #import "PlatformUtilities.h"
 #import "Test.h"
-#import "TestWKWebView.h"
 #import <WebKit/WKContentRuleList.h>
 #import <WebKit/WKContentRuleListStorePrivate.h>
-#import <WebKit/_WKUserContentFilterPrivate.h>
 #import <wtf/RetainPtr.h>
-#import <wtf/text/StringBuilder.h>
-#import <wtf/text/StringConcatenate.h>
-#import <wtf/text/StringConcatenateNumbers.h>
 
 class WKContentRuleListStoreTest : public testing::Test {
@@ -384 +379 @@
 }
 
-@interface TestSchemeHandlerSubresourceShouldBeBlocked : NSObject <WKURLSchemeHandler>
-@end
-@implementation TestSchemeHandlerSubresourceShouldBeBlocked
-- (void)webView:(WKWebView *)webView startURLSchemeTask:(id <WKURLSchemeTask>)task
-{
-    EXPECT_TRUE([task.request.URL.path isEqualToString:@"/shouldload"]);
-    [task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:0 textEncodingName:nil] autorelease]];
-    [task didFinish];
-}
-- (void)webView:(WKWebView *)webView stopURLSchemeTask:(id <WKURLSchemeTask>)task
-{
-    EXPECT_TRUE(false);
-}
-@end
-
+#if PLATFORM(IOS_FAMILY)
 TEST_F(WKContentRuleListStoreTest, UnsafeMMap)
 {
     RetainPtr<NSString> tempDir = [NSTemporaryDirectory() stringByAppendingPathComponent:@"UnsafeMMapTest"];
     RetainPtr<WKContentRuleListStore> store = [WKContentRuleListStore storeWithURL:[NSURL fileURLWithPath:tempDir.get() isDirectory:YES]];
-    static NSString *identifier = @"TestRuleList";
-    static NSString *fileName = @"ContentRuleList-TestRuleList";
+    static NSString *compiledIdentifier = @"CompiledRuleList";
+    static NSString *copiedIdentifier = @"CopiedRuleList";
     static NSString *ruleListSourceString = @"[{\"action\":{\"type\":\"block\"},\"trigger\":{\"url-filter\":\"blockedsubresource\"}}]";
-    RetainPtr<NSString> filePath = [tempDir stringByAppendingPathComponent:fileName];
-
-    auto runTest = [&] (bool shouldUseCopiedMemory) {
-        EXPECT_FALSE([[NSFileManager defaultManager] fileExistsAtPath:filePath.get()]);
-        
-        __block bool doneCompiling = false;
-        __block RetainPtr<WKContentRuleList> ruleList;
-        [store compileContentRuleListForIdentifier:identifier encodedContentRuleList:ruleListSourceString completionHandler:^(WKContentRuleList *filter, NSError *error) {
-            EXPECT_NOT_NULL(filter);
-            EXPECT_NULL(error);
-            doneCompiling = true;
-            ruleList = filter;
-            EXPECT_TRUE([[[[_WKUserContentFilter alloc] _initWithWKContentRuleList:filter] autorelease] usesCopiedMemory] == shouldUseCopiedMemory);
-        }];
-        TestWebKitAPI::Util::run(&doneCompiling);
-        
-        EXPECT_TRUE([[NSFileManager defaultManager] fileExistsAtPath:filePath.get()]);
-
-        auto handler = adoptNS([TestSchemeHandlerSubresourceShouldBeBlocked new]);
-        auto configuration = adoptNS([WKWebViewConfiguration new]);
-        [configuration setURLSchemeHandler:handler.get() forURLScheme:@"testmmap"];
-        [[configuration userContentController] addContentRuleList:ruleList.get()];
-        auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
-        [webView synchronouslyLoadHTMLString:@"<html>main resource content</html>" baseURL:[NSURL URLWithString:@"testmmap://webkit.org/mainresource"]];
-
-        auto loadingShouldSucceed = [&] (NSString *resourcePath, NSString *shouldSucceed) {
-            __block bool doneEvaluating = false;
-            [webView evaluateJavaScript:[NSString stringWithFormat:@"var caught = false; var xhr = new XMLHttpRequest(); xhr.open('GET', '%@', false); try{ xhr.send() } catch(e) { caught = true; }; caught != %@ ? 'success' : 'failure'", resourcePath, shouldSucceed] completionHandler:^(id result, NSError *error) {
-                EXPECT_NULL(error);
-                EXPECT_TRUE([@"success" isEqualToString:result]);
-                doneEvaluating = true;
-            }];
-            TestWebKitAPI::Util::run(&doneEvaluating);
-        };
-        loadingShouldSucceed(@"/shouldload", @"true");
-        loadingShouldSucceed(@"/blockedsubresource", @"false");
-
-        [[configuration userContentController] removeContentRuleList:ruleList.get()];
-        
-        __block bool doneLookingUp = false;
-        [store lookUpContentRuleListForIdentifier:identifier completionHandler:^(WKContentRuleList *filter, NSError *error) {
-            EXPECT_NOT_NULL(filter);
-            EXPECT_NULL(error);
-            
-            doneLookingUp = true;
-            
-            EXPECT_TRUE([[[[_WKUserContentFilter alloc] _initWithWKContentRuleList:filter] autorelease] usesCopiedMemory] == shouldUseCopiedMemory);
-            ruleList = filter;
-        }];
-        TestWebKitAPI::Util::run(&doneLookingUp);
-
-        [[configuration userContentController] addContentRuleList:ruleList.get()];
-        loadingShouldSucceed(@"/shouldload", @"true");
-        loadingShouldSucceed(@"/blockedsubresource", @"false");
-
-        __block bool doneCheckingSource = false;
-        [store _getContentRuleListSourceForIdentifier:identifier completionHandler:^(NSString *source) {
-            EXPECT_TRUE([source isEqualToString:ruleListSourceString]);
-            doneCheckingSource = true;
-        }];
-        TestWebKitAPI::Util::run(&doneCheckingSource);
-        
-        __block bool doneRemoving = false;
-        [store removeContentRuleListForIdentifier:identifier completionHandler:^(NSError *error) {
+    RetainPtr<NSString> compiledFilePath = [tempDir stringByAppendingPathComponent:@"ContentRuleList-CompiledRuleList"];
+    RetainPtr<NSString> copiedFilePath = [tempDir stringByAppendingPathComponent:@"ContentRuleList-CopiedRuleList"];
+
+    __block bool doneCompiling = false;
+    [store compileContentRuleListForIdentifier:compiledIdentifier encodedContentRuleList:ruleListSourceString completionHandler:^(WKContentRuleList *filter, NSError *error) {
+        EXPECT_NOT_NULL(filter);
+        EXPECT_NULL(error);
+        doneCompiling = true;
+    }];
+    TestWebKitAPI::Util::run(&doneCompiling);
+
+    auto hasCompleteProtection = [] (const RetainPtr<NSString>& path) {
+        NSError *error = nil;
+        NSDictionary<NSFileAttributeKey, id> *attributes = [[NSFileManager defaultManager] attributesOfItemAtPath:path.get() error:&error];
+        EXPECT_NULL(error);
+        return [[attributes objectForKey:NSFileProtectionKey] isEqualToString:NSFileProtectionComplete];
+    };
+    
+    NSError *error = nil;
+    [[NSFileManager defaultManager] copyItemAtPath:compiledFilePath.get() toPath:copiedFilePath.get() error:&error];
+    EXPECT_NULL(error);
+    EXPECT_FALSE(hasCompleteProtection(copiedFilePath));
+    [[NSFileManager defaultManager] setAttributes:@{ NSFileProtectionKey: NSFileProtectionComplete } ofItemAtPath:copiedFilePath.get() error:&error];
+    EXPECT_NULL(error);
+#if !PLATFORM(IOS_FAMILY_SIMULATOR)
+    EXPECT_TRUE(hasCompleteProtection(copiedFilePath));
+#endif
+
+    __block bool doneLookingUp = false;
+    [store lookUpContentRuleListForIdentifier:copiedIdentifier completionHandler:^(WKContentRuleList *filter, NSError *error) {
+        EXPECT_NOT_NULL(filter);
+        EXPECT_NULL(error);
+        doneLookingUp = true;
+    }];
+    TestWebKitAPI::Util::run(&doneLookingUp);
+    EXPECT_FALSE(hasCompleteProtection(copiedFilePath));
+    
+    __block bool doneRemoving = false;
+    [store removeContentRuleListForIdentifier:compiledIdentifier completionHandler:^(NSError *error) {
+        EXPECT_NULL(error);
+        [store removeContentRuleListForIdentifier:copiedIdentifier completionHandler:^(NSError *error) {
             EXPECT_NULL(error);
             doneRemoving = true;
         }];
-        TestWebKitAPI::Util::run(&doneRemoving);
-
-        EXPECT_FALSE([[NSFileManager defaultManager] fileExistsAtPath:filePath.get()]);
-    };
-    
-    runTest(false);
-    [WKContentRuleListStore _registerPathAsUnsafeToMemoryMapForTesting:filePath.get()];
-    runTest(true);
-}
+    }];
+    TestWebKitAPI::Util::run(&doneRemoving);
+}
+#endif // PLATFORM(IOS_FAMILY)