Changeset 278966 in webkit


Ignore:
Timestamp:
Jun 16, 2021, 4:37:01 PM (4 years ago)
Author:
mark.lam@apple.com
Message:

Adopt com.apple.security.cs.jit-write-allowlist on internal builds.
https://bugs.webkit.org/show_bug.cgi?id=222148
rdar://74284026

Reviewed by Per Arne Vollan.

Source/JavaScriptCore:

This will prevent various pthread permissions switching APIs from working.
We only want to adopt this for internal builds where we use the fast permission
switching macro instead. We can't adopt it for open source builds, where we
still rely on the pthread API.

  • Scripts/process-entitlements.sh:

Source/WebKit:

  • Scripts/process-entitlements.sh:
Location:
trunk/Source
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r278959 r278966  
     12021-06-16  Mark Lam  <mark.lam@apple.com>
     2
     3        Adopt com.apple.security.cs.jit-write-allowlist on internal builds.
     4        https://bugs.webkit.org/show_bug.cgi?id=222148
     5        rdar://74284026
     6
     7        Reviewed by Per Arne Vollan.
     8
     9        This will prevent various pthread permissions switching APIs from working.
     10        We only want to adopt this for internal builds where we use the fast permission
     11        switching macro instead.  We can't adopt it for open source builds, where we
     12        still rely on the pthread API.
     13
     14        * Scripts/process-entitlements.sh:
     15
    1162021-06-16  Robin Morisset  <rmorisset@apple.com>
    217

  • trunk/Source/JavaScriptCore/Scripts/process-entitlements.sh

    r273034 r278966  
    1515    if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
    1616    then
     17        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     18        then
     19            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     20        fi
     21
    1722        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    1823        then
     
    2833        plistbuddy Add :com.apple.security.cs.allow-jit bool YES
    2934        plistbuddy Add :com.apple.rootless.storage.JavaScriptCore bool YES
     35
     36        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     37        then
     38            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     39        fi
     40
    3041        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    3142        then
     
    4253{
    4354    plistbuddy Add :com.apple.security.cs.allow-jit bool YES
     55
     56    if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
     57    then
     58        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     59        then
     60            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     61        fi
     62    fi
     63
    4464    if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    4565    then
     
    5272    plistbuddy Add :com.apple.rootless.storage.JavaScriptCore bool YES
    5373    plistbuddy Add :com.apple.security.cs.allow-jit bool YES
     74
     75    if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     76    then
     77        plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     78    fi
     79
    5480    if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    5581    then

  • trunk/Source/WebKit/ChangeLog

    r278957 r278966  
     12021-06-16  Mark Lam  <mark.lam@apple.com>
     2
     3        Adopt com.apple.security.cs.jit-write-allowlist on internal builds.
     4        https://bugs.webkit.org/show_bug.cgi?id=222148
     5        rdar://74284026
     6
     7        Reviewed by Per Arne Vollan.
     8
     9        * Scripts/process-entitlements.sh:
     10
    1112021-06-16  Wenson Hsieh  <wenson_hsieh@apple.com>
    212

  • trunk/Source/WebKit/Scripts/process-entitlements.sh

    r277834 r278966  
    2828            plistbuddy add :com.apple.QuartzCore.webkit-limited-types bool YES
    2929        fi
    30         if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    31         then
    32             plistbuddy Add :com.apple.private.verified-jit bool YES
    33         fi
    3430    fi
    3531
     
    4743            plistbuddy Add :com.apple.tcc.delegated-services:0 string kTCCServiceCamera
    4844        fi
     45
    4946        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
    5047        then
     
    5249            plistbuddy Add :com.apple.avfoundation.allow-system-wide-context bool YES
    5350            plistbuddy add :com.apple.QuartzCore.webkit-limited-types bool YES
     51        fi
     52
     53        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     54        then
     55            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
    5456        fi
    5557
     
    7880        plistbuddy Add :com.apple.mobileactivationd.bridge bool YES
    7981        plistbuddy Add :com.apple.private.security.bootpolicy bool YES
     82
     83        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     84        then
     85            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     86        fi
    8087    fi
    8188}
     
    94101            plistbuddy Add :com.apple.private.tcc.manager.check-by-audit-token array
    95102            plistbuddy Add :com.apple.private.tcc.manager.check-by-audit-token:0 string kTCCServiceWebKitIntelligentTrackingPrevention
     103        fi
     104
     105        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     106        then
     107            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
    96108        fi
    97109
     
    113125    plistbuddy Add :com.apple.security.print                               bool YES
    114126
    115     if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
    116     then
    117         if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    118         then
    119             plistbuddy Add :com.apple.private.verified-jit bool YES
    120         fi
    121     fi
    122 
    123127    mac_process_webcontent_or_plugin_entitlements
    124128}
     
    135139        fi
    136140
     141        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     142        then
     143            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     144        fi
     145
     146        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
     147        then
     148            plistbuddy Add :com.apple.private.verified-jit bool YES
     149        fi
     150
    137151        if [[ "${WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT}" == YES ]]
    138152        then
     
    157171    plistbuddy Add :com.apple.private.webkit.use-xpc-endpoint bool YES
    158172    plistbuddy Add :com.apple.QuartzCore.webkit-end-points bool YES
     173
    159174    if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
    160175    then
     
    165180        plistbuddy add :com.apple.QuartzCore.webkit-limited-types bool YES
    166181    fi
     182
     183    if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
     184    then
     185        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     186        then
     187            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     188        fi
     189    fi
     190
    167191    if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    168192    then
     
    178202    plistbuddy Add :com.apple.private.memory.ownership_transfer bool YES
    179203    plistbuddy add :com.apple.QuartzCore.webkit-limited-types bool YES
     204
     205    if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
     206    then
     207        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     208        then
     209            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     210        fi
     211    fi
    180212}
    181213
     
    189221    plistbuddy Add :com.apple.private.tcc.manager.check-by-audit-token array
    190222    plistbuddy Add :com.apple.private.tcc.manager.check-by-audit-token:0 string kTCCServiceWebKitIntelligentTrackingPrevention
     223
     224    if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
     225    then
     226        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     227        then
     228            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     229        fi
     230    fi
    191231}
    192232
     
    198238    plistbuddy Add :com.apple.security.files.user-selected.read-write      bool YES
    199239    plistbuddy Add :com.apple.security.print                               bool YES
     240
     241    if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
     242    then
     243        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
     244        then
     245            plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
     246        fi
     247    fi
     248
    200249    if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 120000 ))
    201250    then
Note: See TracChangeset for help on using the changeset viewer.