Changeset 287276 in webkit


Ignore:
Timestamp:
Dec 20, 2021, 2:04:20 PM (3 years ago)
Author:
achristensen@apple.com
Message:

Prevent test functionality in AdAttributionDaemon when not running tests
https://bugs.webkit.org/show_bug.cgi?id=231258
Source/WebKit:

<rdar://84168088>

Reviewed by Brady Eidson.

adattributiond already has a private entitlement check to make sure that only the network process has permission to connect to it.
This makes it so that the network process can't manipulate state only intended to be manipulated for tests when told to do so by
an application misusing SPI.

  • NetworkProcess/NetworkProcess.cpp:

(WebKit::NetworkProcess::allowsPrivateClickMeasurementTestFunctionality const):
(WebKit::NetworkProcess::setPrivateClickMeasurementOverrideTimerForTesting):
(WebKit::NetworkProcess::simulateResourceLoadStatisticsSessionRestart):
(WebKit::NetworkProcess::markAttributedPrivateClickMeasurementsAsExpiredForTesting):
(WebKit::NetworkProcess::setPrivateClickMeasurementEphemeralMeasurementForTesting):
(WebKit::NetworkProcess::setPrivateClickMeasurementTokenPublicKeyURLForTesting):
(WebKit::NetworkProcess::setPrivateClickMeasurementTokenSignatureURLForTesting):
(WebKit::NetworkProcess::setPrivateClickMeasurementAttributionReportURLsForTesting):
(WebKit::NetworkProcess::markPrivateClickMeasurementsAsExpiredForTesting):
(WebKit::NetworkProcess::setPCMFraudPreventionValuesForTesting):
(WebKit::NetworkProcess::setPrivateClickMeasurementAppBundleIDForTesting):

  • NetworkProcess/NetworkProcess.h:

Tools:

Reviewed by Brady Eidson.

  • TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements:
  • WebKitTestRunner/Configurations/WebKitTestRunner.entitlements:
Location:
trunk
Files:
8 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r287275 r287276  
     12021-12-20  Alex Christensen  <achristensen@webkit.org>
     2
     3        Prevent test functionality in AdAttributionDaemon when not running tests
     4        https://bugs.webkit.org/show_bug.cgi?id=231258
     5        <rdar://84168088>
     6
     7        Reviewed by Brady Eidson.
     8
     9        adattributiond already has a private entitlement check to make sure that only the network process has permission to connect to it.
     10        This makes it so that the network process can't manipulate state only intended to be manipulated for tests when told to do so by
     11        an application misusing SPI.
     12
     13        * NetworkProcess/NetworkProcess.cpp:
     14        (WebKit::NetworkProcess::allowsPrivateClickMeasurementTestFunctionality const):
     15        (WebKit::NetworkProcess::setPrivateClickMeasurementOverrideTimerForTesting):
     16        (WebKit::NetworkProcess::simulateResourceLoadStatisticsSessionRestart):
     17        (WebKit::NetworkProcess::markAttributedPrivateClickMeasurementsAsExpiredForTesting):
     18        (WebKit::NetworkProcess::setPrivateClickMeasurementEphemeralMeasurementForTesting):
     19        (WebKit::NetworkProcess::setPrivateClickMeasurementTokenPublicKeyURLForTesting):
     20        (WebKit::NetworkProcess::setPrivateClickMeasurementTokenSignatureURLForTesting):
     21        (WebKit::NetworkProcess::setPrivateClickMeasurementAttributionReportURLsForTesting):
     22        (WebKit::NetworkProcess::markPrivateClickMeasurementsAsExpiredForTesting):
     23        (WebKit::NetworkProcess::setPCMFraudPreventionValuesForTesting):
     24        (WebKit::NetworkProcess::setPrivateClickMeasurementAppBundleIDForTesting):
     25        * NetworkProcess/NetworkProcess.h:
     26
    1272021-12-20  Alex Christensen  <achristensen@webkit.org>
    228

  • trunk/Source/WebKit/NetworkProcess/NetworkProcess.cpp

    r287229 r287276  
    105105#include "LaunchServicesDatabaseObserver.h"
    106106#include "NetworkSessionCocoa.h"
     107#include <wtf/cocoa/Entitlements.h>
    107108#endif
    108109
     
    24212422}
    24222423
     2424bool NetworkProcess::allowsPrivateClickMeasurementTestFunctionality() const
     2425{
     2426#if !PLATFORM(COCOA) || !USE(APPLE_INTERNAL_SDK)
     2427    return true;
     2428#else
     2429    auto auditToken = sourceApplicationAuditToken();
     2430    if (!auditToken)
     2431        return false;
     2432    return WTF::hasEntitlement(*auditToken, "com.apple.private.webkit.adattributiond.testing");
     2433#endif
     2434}
     2435
    24232436void NetworkProcess::setPrivateClickMeasurementOverrideTimerForTesting(PAL::SessionID sessionID, bool value, CompletionHandler<void()>&& completionHandler)
    24242437{
     2438    if (!allowsPrivateClickMeasurementTestFunctionality())
     2439        return completionHandler();
     2440
    24252441    if (auto* session = networkSession(sessionID))
    24262442        session->setPrivateClickMeasurementOverrideTimerForTesting(value);
     
    24312447void NetworkProcess::simulateResourceLoadStatisticsSessionRestart(PAL::SessionID sessionID, CompletionHandler<void()>&& completionHandler)
    24322448{
     2449    if (!allowsPrivateClickMeasurementTestFunctionality())
     2450        return completionHandler();
     2451
    24332452    // FIXME: Rename this to simulatePrivateClickMeasurementSessionRestart.
    24342453    if (auto* session = networkSession(sessionID)) {
     
    24452464void NetworkProcess::markAttributedPrivateClickMeasurementsAsExpiredForTesting(PAL::SessionID sessionID, CompletionHandler<void()>&& completionHandler)
    24462465{
     2466    if (!allowsPrivateClickMeasurementTestFunctionality())
     2467        return completionHandler();
     2468
    24472469    if (auto* session = networkSession(sessionID)) {
    24482470        session->markAttributedPrivateClickMeasurementsAsExpiredForTesting(WTFMove(completionHandler));
     
    24542476void NetworkProcess::setPrivateClickMeasurementEphemeralMeasurementForTesting(PAL::SessionID sessionID, bool value, CompletionHandler<void()>&& completionHandler)
    24552477{
     2478    if (!allowsPrivateClickMeasurementTestFunctionality())
     2479        return completionHandler();
     2480
    24562481    if (auto* session = networkSession(sessionID))
    24572482        session->setPrivateClickMeasurementEphemeralMeasurementForTesting(value);
     
    24632488void NetworkProcess::setPrivateClickMeasurementTokenPublicKeyURLForTesting(PAL::SessionID sessionID, URL&& url, CompletionHandler<void()>&& completionHandler)
    24642489{
     2490    if (!allowsPrivateClickMeasurementTestFunctionality())
     2491        return completionHandler();
     2492
    24652493    if (auto* session = networkSession(sessionID))
    24662494        session->setPrivateClickMeasurementTokenPublicKeyURLForTesting(WTFMove(url));
     
    24712499void NetworkProcess::setPrivateClickMeasurementTokenSignatureURLForTesting(PAL::SessionID sessionID, URL&& url, CompletionHandler<void()>&& completionHandler)
    24722500{
     2501    if (!allowsPrivateClickMeasurementTestFunctionality())
     2502        return completionHandler();
     2503
    24732504    if (auto* session = networkSession(sessionID))
    24742505        session->setPrivateClickMeasurementTokenSignatureURLForTesting(WTFMove(url));
     
    24792510void NetworkProcess::setPrivateClickMeasurementAttributionReportURLsForTesting(PAL::SessionID sessionID, URL&& sourceURL, URL&& destinationURL, CompletionHandler<void()>&& completionHandler)
    24802511{
     2512    if (!allowsPrivateClickMeasurementTestFunctionality())
     2513        return completionHandler();
     2514
    24812515    if (auto* session = networkSession(sessionID))
    24822516        session->setPrivateClickMeasurementAttributionReportURLsForTesting(WTFMove(sourceURL), WTFMove(destinationURL));
     
    24872521void NetworkProcess::markPrivateClickMeasurementsAsExpiredForTesting(PAL::SessionID sessionID, CompletionHandler<void()>&& completionHandler)
    24882522{
     2523    if (!allowsPrivateClickMeasurementTestFunctionality())
     2524        return completionHandler();
     2525
    24892526    if (auto* session = networkSession(sessionID))
    24902527        session->markPrivateClickMeasurementsAsExpiredForTesting();
     
    24952532void NetworkProcess::setPCMFraudPreventionValuesForTesting(PAL::SessionID sessionID, String&& unlinkableToken, String&& secretToken, String&& signature, String&& keyID, CompletionHandler<void()>&& completionHandler)
    24962533{
     2534    if (!allowsPrivateClickMeasurementTestFunctionality())
     2535        return completionHandler();
     2536
    24972537    if (auto* session = networkSession(sessionID))
    24982538        session->setPCMFraudPreventionValuesForTesting(WTFMove(unlinkableToken), WTFMove(secretToken), WTFMove(signature), WTFMove(keyID));
     
    25032543void NetworkProcess::setPrivateClickMeasurementAppBundleIDForTesting(PAL::SessionID sessionID, String&& appBundleIDForTesting, CompletionHandler<void()>&& completionHandler)
    25042544{
     2545    if (!allowsPrivateClickMeasurementTestFunctionality())
     2546        return completionHandler();
     2547
    25052548    if (auto* session = networkSession(sessionID))
    25062549        session->setPrivateClickMeasurementAppBundleIDForTesting(WTFMove(appBundleIDForTesting));

  • trunk/Source/WebKit/NetworkProcess/NetworkProcess.h

    r287229 r287276  
    314314    void dumpPrivateClickMeasurement(PAL::SessionID, CompletionHandler<void(String)>&&);
    315315    void clearPrivateClickMeasurement(PAL::SessionID, CompletionHandler<void()>&&);
     316    bool allowsPrivateClickMeasurementTestFunctionality() const;
    316317    void setPrivateClickMeasurementOverrideTimerForTesting(PAL::SessionID, bool value, CompletionHandler<void()>&&);
    317318    void markAttributedPrivateClickMeasurementsAsExpiredForTesting(PAL::SessionID, CompletionHandler<void()>&&);

  • trunk/Tools/ChangeLog

    r287275 r287276  
     12021-12-20  Alex Christensen  <achristensen@webkit.org>
     2
     3        Prevent test functionality in AdAttributionDaemon when not running tests
     4        https://bugs.webkit.org/show_bug.cgi?id=231258
     5
     6        Reviewed by Brady Eidson.
     7
     8        * TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements:
     9        * WebKitTestRunner/Configurations/WebKitTestRunner.entitlements:
     10
    1112021-12-20  Alex Christensen  <achristensen@webkit.org>
    212

  • trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements

    r286788 r287276  
    1111        <key>com.apple.Pasteboard.paste-unchecked</key>
    1212        <true/>
     13        <key>com.apple.private.webkit.adattributiond.testing</key>
     14        <true/>
    1315        <key>com.apple.private.webkit.webpush</key>
    1416        <true/>

  • trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements

    r287234 r287276  
    33<plist version="1.0">
    44<dict>
     5        <key>com.apple.private.webkit.adattributiond.testing</key>
     6        <true/>
    57        <key>com.apple.private.webkit.webpush</key>
    68        <true/>

  • trunk/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements

    r270381 r287276  
    77                <string>com.apple.WebKitTestRunner</string>
    88        </array>
     9        <key>com.apple.private.webkit.adattributiond.testing</key>
     10        <true/>
    911        <key>com.apple.security.temporary-exception.sbpl</key>
    1012        <array>

  • trunk/Tools/WebKitTestRunner/Configurations/WebKitTestRunnerApp-iOS.entitlements

    r261972 r287276  
    1111        <key>com.apple.Pasteboard.paste-unchecked</key>
    1212        <true/>
     13        <key>com.apple.private.webkit.adattributiond.testing</key>
     14        <true/>
    1315</dict>
    1416</plist>
Note: See TracChangeset for help on using the changeset viewer.