Changeset 167603 in webkit


Ignore:
Timestamp:
Apr 21, 2014 12:10:33 PM (10 years ago)
Author:
andersca@apple.com
Message:

Check the com.apple.security.network.client entitlement for all processes
https://bugs.webkit.org/show_bug.cgi?id=131942
<rdar://problem/12354188>

Reviewed by Dan Bernstein.

  • NetworkProcess/EntryPoint/mac/XPCService/NetworkServiceEntryPoint.mm:

(WebKit::NetworkServiceInitializerDelegate::NetworkServiceInitializerDelegate):

  • Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h:
  • Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:

(WebKit::XPCServiceInitializerDelegate::checkEntitlements):

Location:
trunk/Source/WebKit2
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r167586 r167603  
     12014-04-21  Anders Carlsson  <andersca@apple.com>
     2
     3        Check the com.apple.security.network.client entitlement for all processes
     4        https://bugs.webkit.org/show_bug.cgi?id=131942
     5        <rdar://problem/12354188>
     6
     7        Reviewed by Dan Bernstein.
     8
     9        * NetworkProcess/EntryPoint/mac/XPCService/NetworkServiceEntryPoint.mm:
     10        (WebKit::NetworkServiceInitializerDelegate::NetworkServiceInitializerDelegate):
     11        * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h:
     12        * Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:
     13        (WebKit::XPCServiceInitializerDelegate::checkEntitlements):
     14
    1152014-04-20  Dan Bernstein  <mitz@apple.com>
    216

  • trunk/Source/WebKit2/NetworkProcess/EntryPoint/mac/XPCService/NetworkServiceEntryPoint.mm

    r167521 r167603  
    3939    {
    4040    }
    41 
    42 #if PLATFORM(MAC)
    43     virtual bool checkEntitlements() override
    44     {
    45         if (!isClientSandboxed())
    46             return true;
    47 
    48         if (!hasEntitlement("com.apple.security.network.client")) {
    49             NSLog(@"Application does not have the 'com.apple.security.network.client' entitlement.");
    50             return false;
    51         }
    52 
    53         return true;
    54     }
    55 #endif
    56 
    5741};
    5842

  • trunk/Source/WebKit2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.h

    r167521 r167603  
    4343    virtual ~XPCServiceInitializerDelegate();
    4444
     45#if PLATFORM(MAC)
    4546    virtual bool checkEntitlements();
     47#endif
     48
    4649    virtual bool getConnectionIdentifier(IPC::Connection::Identifier& identifier);
    4750    virtual bool getClientIdentifier(String& clientIdentifier);

  • trunk/Source/WebKit2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm

    r167521 r167603  
    5151}
    5252
     53#if PLATFORM(MAC)
    5354bool XPCServiceInitializerDelegate::checkEntitlements()
    5455{
     56    if (!isClientSandboxed())
     57        return true;
     58
     59    // FIXME: Once we're 100% sure that a process can't access the network we can get rid of this requirement for all processes.
     60    if (!hasEntitlement("com.apple.security.network.client")) {
     61        NSLog(@"Application does not have the 'com.apple.security.network.client' entitlement.");
     62        return false;
     63    }
     64
    5565    return true;
     66#endif
    5667}
    5768
Note: See TracChangeset for help on using the changeset viewer.