Changeset 213283 in webkit

Timestamp:

Mar 2, 2017 8:24:30 AM (7 years ago)

Author:

commit-queue@webkit.org

Message:

[WebRTC] Activate ICE candidate privacy policy
​https://bugs.webkit.org/show_bug.cgi?id=168975

Patch by Youenn Fablet <​youenn@apple.com> on 2017-03-02
Reviewed by Alex Christensen.

Source/WebCore:

Test: webrtc/datachannel/filter-ice-candidate.html

• testing/Internals.cpp:

(WebCore::Internals::Internals): Disabling ICE candidate filtering by default for rwt.
(WebCore::Internals::setICECandidateFiltering):

• testing/Internals.h:
• testing/Internals.idl:

Source/WebKit/mac:

• WebView/WebPreferenceKeysPrivate.h:
• WebView/WebPreferences.mm:

(-[WebPreferences enumeratingAllNetworkInterfacesEnabled]):
(-[WebPreferences setEnumeratingAllNetworkInterfacesEnabled:]):
(-[WebPreferences iceCandidateFilteringEnabled]):
(-[WebPreferences setIceCandidateFilteringEnabled:]):

• WebView/WebPreferencesPrivate.h:

Source/WebKit2:

Disabling network enumeration by default.
Enabling ICE candidate filtering by default.
Chaning ICE candidate filtering according userMediaAccess policy:

• If access is denied, filtering is on.
• If access is granted, filtering is off.

• Shared/WebPageCreationParameters.cpp:

(WebKit::WebPageCreationParameters::encode):
(WebKit::WebPageCreationParameters::decode):

• Shared/WebPageCreationParameters.h:
• Shared/WebPreferencesDefinitions.h:
• UIProcess/API/C/WKPreferences.cpp:

(WKPreferencesSetICECandidateFilteringEnabled):
(WKPreferencesGetICECandidateFilteringEnabled):
(WKPreferencesSetEnumeratingAllNetworkInterfacesEnabled):
(WKPreferencesGetEnumeratingAllNetworkInterfacesEnabled):

• UIProcess/API/C/WKPreferencesRefPrivate.h:
• UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::toWebCore):
(WebKit::UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted):

• UIProcess/UserMediaProcessManager.cpp:

(WebKit::UserMediaProcessManager::willCreateMediaStream):
(WebKit::UserMediaProcessManager::endedCaptureSession):

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::creationParameters):

• WebProcess/WebPage/WebPage.cpp:

LayoutTests:

• webrtc/datachannel/filter-ice-candidate-expected.txt: Added.
• webrtc/datachannel/filter-ice-candidate.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/webrtc/datachannel/filter-ice-candidate-expected.txt (added)
• LayoutTests/webrtc/datachannel/filter-ice-candidate.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/testing/Internals.cpp (modified) (2 diffs)
• Source/WebCore/testing/Internals.h (modified) (1 diff)
• Source/WebCore/testing/Internals.idl (modified) (1 diff)
• Source/WebKit/mac/ChangeLog (modified) (1 diff)
• Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h (modified) (1 diff)
• Source/WebKit/mac/WebView/WebPreferences.mm (modified) (1 diff)
• Source/WebKit/mac/WebView/WebPreferencesPrivate.h (modified) (1 diff)
• Source/WebKit2/ChangeLog (modified) (1 diff)
• Source/WebKit2/Shared/WebPageCreationParameters.cpp (modified) (2 diffs)
• Source/WebKit2/Shared/WebPageCreationParameters.h (modified) (1 diff)
• Source/WebKit2/Shared/WebPreferencesDefinitions.h (modified) (1 diff)
• Source/WebKit2/UIProcess/API/C/WKPreferences.cpp (modified) (1 diff)
• Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h (modified) (1 diff)
• Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (modified) (1 diff)
• Source/WebKit2/UIProcess/UserMediaProcessManager.cpp (modified) (2 diffs)
• Source/WebKit2/UIProcess/WebPageProxy.cpp (modified) (1 diff)
• Source/WebKit2/WebProcess/WebPage/WebPage.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2017-03-02  Youenn Fablet  <youenn@apple.com>
+
+        [WebRTC] Activate ICE candidate privacy policy
+        https://bugs.webkit.org/show_bug.cgi?id=168975
+
+        Reviewed by Alex Christensen.
+
+        * webrtc/datachannel/filter-ice-candidate-expected.txt: Added.
+        * webrtc/datachannel/filter-ice-candidate.html: Added.
+
 2017-03-02  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-03-02  Youenn Fablet  <youenn@apple.com>
+
+        [WebRTC] Activate ICE candidate privacy policy
+        https://bugs.webkit.org/show_bug.cgi?id=168975
+
+        Reviewed by Alex Christensen.
+
+        Test: webrtc/datachannel/filter-ice-candidate.html
+
+        * testing/Internals.cpp:
+        (WebCore::Internals::Internals): Disabling ICE candidate filtering by default for rwt.
+        (WebCore::Internals::setICECandidateFiltering):
+        * testing/Internals.h:
+        * testing/Internals.idl:
+
 2017-03-02  Eric Carlson  <eric.carlson@apple.com>
 

trunk/Source/WebCore/testing/Internals.cpp

@@ -461 +461 @@
     enableMockMediaEndpoint();
     useMockRTCPeerConnectionFactory(String());
+#if USE(LIBWEBRTC)
+    if (document.page()) {
+        document.page()->libWebRTCProvider().enableEnumeratingAllNetworkInterfaces();
+        document.page()->rtcController().disableICECandidateFiltering();
+    }
+#endif
 #endif
 
@@ -1165 +1171 @@
     UNUSED_PARAM(testCase);
 #endif
+}
+
+void Internals::setICECandidateFiltering(bool enabled)
+{
+    Document* document = contextDocument();
+    auto* page = document->page();
+    if (!page)
+        return;
+    auto& rtcController = page->rtcController();
+    if (enabled)
+        rtcController.enableICECandidateFiltering();
+    else
+        rtcController.disableICECandidateFiltering();
 }
 

trunk/Source/WebCore/testing/Internals.h

@@ -399 +399 @@
     void emulateRTCPeerConnectionPlatformEvent(RTCPeerConnection&, const String& action);
     void useMockRTCPeerConnectionFactory(const String&);
+    void setICECandidateFiltering(bool);
 #endif
 

trunk/Source/WebCore/testing/Internals.idl

@@ -442 +442 @@
     [Conditional=WIRELESS_PLAYBACK_TARGET, MayThrowException] void setMockMediaPlaybackTargetPickerState(DOMString deviceName, DOMString deviceState);
     [Conditional=MEDIA_STREAM] void setMockMediaCaptureDevicesEnabled(boolean enabled);
+
     [Conditional=WEB_RTC] void emulateRTCPeerConnectionPlatformEvent(RTCPeerConnection connection, DOMString action);
     [Conditional=WEB_RTC] void useMockRTCPeerConnectionFactory(DOMString testCase);
+    [Conditional=WEB_RTC] void setICECandidateFiltering(boolean enabled);
 
     [Conditional=VIDEO] void simulateSystemSleep();

trunk/Source/WebKit/mac/ChangeLog

@@ +1 @@
+2017-03-02  Youenn Fablet  <youenn@apple.com>
+
+        [WebRTC] Activate ICE candidate privacy policy
+        https://bugs.webkit.org/show_bug.cgi?id=168975
+
+        Reviewed by Alex Christensen.
+
+        * WebView/WebPreferenceKeysPrivate.h:
+        * WebView/WebPreferences.mm:
+        (-[WebPreferences enumeratingAllNetworkInterfacesEnabled]):
+        (-[WebPreferences setEnumeratingAllNetworkInterfacesEnabled:]):
+        (-[WebPreferences iceCandidateFilteringEnabled]):
+        (-[WebPreferences setIceCandidateFilteringEnabled:]):
+        * WebView/WebPreferencesPrivate.h:
+
 2017-03-01  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebKit/mac/WebView/WebPreferenceKeysPrivate.h

@@ -222 +222 @@
 #define WebKitMediaDataLoadsAutomaticallyPreferenceKey @"WebKitMediaDataLoadsAutomatically"
 #define WebKitMockCaptureDevicesEnabledPreferenceKey @"WebKitMockCaptureDevicesEnabled"
+#define WebKitEnumeratingAllNetworkInterfacesEnabledPreferenceKey @"WebKitEnumeratingAllNetworkInterfacesEnabled"
+#define WebKitICECandidateFilteringEnabledPreferenceKey @"WebKitICECandidateFilteringEnabled"
 #define WebKitMediaCaptureRequiresSecureConnectionPreferenceKey @"WebKitMediaCaptureRequiresSecureConnection"
 #define WebKitAttachmentElementEnabledPreferenceKey @"WebKitAttachmentElementEnabled"

trunk/Source/WebKit/mac/WebView/WebPreferences.mm

@@ -2835 +2835 @@
 }
 
+- (BOOL)enumeratingAllNetworkInterfacesEnabled
+{
+    return [self _boolValueForKey:WebKitEnumeratingAllNetworkInterfacesEnabledPreferenceKey];
+}
+
+- (void)setEnumeratingAllNetworkInterfacesEnabled:(BOOL)flag
+{
+    [self _setBoolValue:flag forKey:WebKitEnumeratingAllNetworkInterfacesEnabledPreferenceKey];
+}
+
+- (BOOL)iceCandidateFilteringEnabled
+{
+    return [self _boolValueForKey:WebKitICECandidateFilteringEnabledPreferenceKey];
+}
+
+- (void)setIceCandidateFilteringEnabled:(BOOL)flag
+{
+    [self _setBoolValue:flag forKey:WebKitICECandidateFilteringEnabledPreferenceKey];
+}
+
 - (BOOL)mediaCaptureRequiresSecureConnection
 {

trunk/Source/WebKit/mac/WebView/WebPreferencesPrivate.h

@@ -497 +497 @@
 - (BOOL)mockCaptureDevicesEnabled;
 
+- (void)setEnumeratingAllNetworkInterfacesEnabled:(BOOL)flag;
+- (BOOL)enumeratingAllNetworkInterfacesEnabled;
+
+- (void)setIceCandidateFilteringEnabled:(BOOL)flag;
+- (BOOL)iceCandidateFilteringEnabled;
+
 - (void)setMediaCaptureRequiresSecureConnection:(BOOL)flag;
 - (BOOL)mediaCaptureRequiresSecureConnection;

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2017-03-02  Youenn Fablet  <youenn@apple.com>
+
+        [WebRTC] Activate ICE candidate privacy policy
+        https://bugs.webkit.org/show_bug.cgi?id=168975
+
+        Reviewed by Alex Christensen.
+
+        Disabling network enumeration by default.
+        Enabling ICE candidate filtering by default.
+        Chaning ICE candidate filtering according userMediaAccess policy:
+        - If access is denied, filtering is on.
+        - If access is granted, filtering is off.
+
+        * Shared/WebPageCreationParameters.cpp:
+        (WebKit::WebPageCreationParameters::encode):
+        (WebKit::WebPageCreationParameters::decode):
+        * Shared/WebPageCreationParameters.h:
+        * Shared/WebPreferencesDefinitions.h:
+        * UIProcess/API/C/WKPreferences.cpp:
+        (WKPreferencesSetICECandidateFilteringEnabled):
+        (WKPreferencesGetICECandidateFilteringEnabled):
+        (WKPreferencesSetEnumeratingAllNetworkInterfacesEnabled):
+        (WKPreferencesGetEnumeratingAllNetworkInterfacesEnabled):
+        * UIProcess/API/C/WKPreferencesRefPrivate.h:
+        * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+        (WebKit::toWebCore):
+        (WebKit::UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted):
+        * UIProcess/UserMediaProcessManager.cpp:
+        (WebKit::UserMediaProcessManager::willCreateMediaStream):
+        (WebKit::UserMediaProcessManager::endedCaptureSession):
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::creationParameters):
+        * WebProcess/WebPage/WebPage.cpp:
+
 2017-03-02  Tomas Popela  <tpopela@redhat.com>
 

trunk/Source/WebKit2/Shared/WebPageCreationParameters.cpp

@@ -95 +95 @@
     encoder << overrideContentSecurityPolicy;
 #if ENABLE(WEB_RTC)
-    encoder << disableICECandidateFiltering;
+    encoder << iceCandidateFilteringEnabled;
 #if USE(LIBWEBRTC)
-    encoder << enableEnumeratingAllNetworkInterfaces;
+    encoder << enumeratingAllNetworkInterfacesEnabled;
 #endif
 #endif
@@ -223 +223 @@
 
 #if ENABLE(WEB_RTC)
-    if (!decoder.decode(parameters.disableICECandidateFiltering))
+    if (!decoder.decode(parameters.iceCandidateFilteringEnabled))
         return false;
 #if USE(LIBWEBRTC)
-    if (!decoder.decode(parameters.enableEnumeratingAllNetworkInterfaces))
+    if (!decoder.decode(parameters.enumeratingAllNetworkInterfacesEnabled))
         return false;
 #endif

trunk/Source/WebKit2/Shared/WebPageCreationParameters.h

@@ -148 +148 @@
 
 #if ENABLE(WEB_RTC)
-    bool disableICECandidateFiltering { false };
+    bool iceCandidateFilteringEnabled { true };
 #if USE(LIBWEBRTC)
-    bool enableEnumeratingAllNetworkInterfaces { false };
+    bool enumeratingAllNetworkInterfacesEnabled { false };
 #endif
 #endif

trunk/Source/WebKit2/Shared/WebPreferencesDefinitions.h

@@ -226 +226 @@
     macro(MockCaptureDevicesEnabled, mockCaptureDevicesEnabled, Bool, bool, false, "", "") \
     macro(MediaCaptureRequiresSecureConnection, mediaCaptureRequiresSecureConnection, Bool, bool, true, "", "") \
+    macro(EnumeratingAllNetworkInterfacesEnabled, enumeratingAllNetworkInterfacesEnabled, Bool, bool, false, "", "") \
+    macro(ICECandidateFilteringEnabled, iceCandidateFilteringEnabled, Bool, bool, true, "", "") \
     macro(ShadowDOMEnabled, shadowDOMEnabled, Bool, bool, true, "Shadow DOM", "HTML Shadow DOM prototype") \
     macro(FetchAPIEnabled, fetchAPIEnabled, Bool, bool, true, "", "") \

trunk/Source/WebKit2/UIProcess/API/C/WKPreferences.cpp

@@ -1542 +1542 @@
 }
 
+void WKPreferencesSetICECandidateFilteringEnabled(WKPreferencesRef preferencesRef, bool enabled)
+{
+    toImpl(preferencesRef)->setICECandidateFilteringEnabled(enabled);
+}
+
+bool WKPreferencesGetICECandidateFilteringEnabled(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->iceCandidateFilteringEnabled();
+}
+
+void WKPreferencesSetEnumeratingAllNetworkInterfacesEnabled(WKPreferencesRef preferencesRef, bool enabled)
+{
+    toImpl(preferencesRef)->setEnumeratingAllNetworkInterfacesEnabled(enabled);
+}
+
+bool WKPreferencesGetEnumeratingAllNetworkInterfacesEnabled(WKPreferencesRef preferencesRef)
+{
+    return toImpl(preferencesRef)->enumeratingAllNetworkInterfacesEnabled();
+}
+
 void WKPreferencesSetMediaCaptureRequiresSecureConnection(WKPreferencesRef preferencesRef, bool enabled)
 {

trunk/Source/WebKit2/UIProcess/API/C/WKPreferencesRefPrivate.h

@@ -423 +423 @@
 
 // Defaults to true.
+WK_EXPORT void WKPreferencesSetICECandidateFilteringEnabled(WKPreferencesRef, bool);
+WK_EXPORT bool WKPreferencesGetICECandidateFilteringEnabled(WKPreferencesRef);
+
+// Defaults to false.
+WK_EXPORT void WKPreferencesSetEnumeratingAllNetworkInterfacesEnabled(WKPreferencesRef, bool);
+WK_EXPORT bool WKPreferencesGetEnumeratingAllNetworkInterfacesEnabled(WKPreferencesRef);
+
+// Defaults to true.
 WK_EXPORT void WKPreferencesSetMediaCaptureRequiresSecureConnection(WKPreferencesRef, bool);
 WK_EXPORT bool WKPreferencesGetMediaCaptureRequiresSecureConnection(WKPreferencesRef);

trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp

@@ -158 +158 @@
         break;
     }
-    
+
     ASSERT_NOT_REACHED();
     return static_cast<uint64_t>(UserMediaRequest::MediaAccessDenialReason::OtherFailure);

trunk/Source/WebKit2/UIProcess/UserMediaProcessManager.cpp

@@ -129 +129 @@
 
     unsigned currentExtensions = state.sandboxExtensionsGranted();
+
+#if ENABLE(WEB_RTC) && USE(LIBWEBRTC)
+    if (currentExtensions == ProcessState::SandboxExtensionsGranted::None && (withAudio || withVideo))
+        proxy.page().process().send(Messages::WebPage::DisableICECandidateFiltering(), proxy.page().pageID());
+#endif
+
     if (!(requiredExtensions & currentExtensions)) {
         SandboxExtension::HandleArray handles;
@@ -193 +199 @@
         return;
 
+#if ENABLE(WEB_RTC) && USE(LIBWEBRTC)
+    if (currentExtensions == ProcessState::SandboxExtensionsGranted::None && proxy.page().preferences().iceCandidateFilteringEnabled())
+        proxy.page().process().send(Messages::WebPage::EnableICECandidateFiltering(), proxy.page().pageID());
+#endif
+
     state.setSandboxExtensionsGranted(currentExtensions);
     proxy.page().process().send(Messages::WebPage::RevokeUserMediaDeviceSandboxExtensions(params), proxy.page().pageID());

trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp

@@ -5572 +5572 @@
 
 #if ENABLE(WEB_RTC)
-    // FIXME: We should tie ICE filtering with getUserMedia permission.
-    parameters.disableICECandidateFiltering = true;
+    parameters.iceCandidateFilteringEnabled = m_preferences->iceCandidateFilteringEnabled();
 #if USE(LIBWEBRTC)
-    // FIXME: Turn down network interface enumeration by default.
-    parameters.enableEnumeratingAllNetworkInterfaces = true;
+    parameters.enumeratingAllNetworkInterfacesEnabled = m_preferences->enumeratingAllNetworkInterfacesEnabled();
 #endif
 #endif

trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp

@@ -554 +554 @@
 
 #if ENABLE(WEB_RTC)
-    if (parameters.disableICECandidateFiltering)
+    if (!parameters.iceCandidateFilteringEnabled)
         disableICECandidateFiltering();
 #if USE(LIBWEBRTC)
-    if (parameters.enableEnumeratingAllNetworkInterfaces)
+    if (parameters.enumeratingAllNetworkInterfacesEnabled)
         enableEnumeratingAllNetworkInterfaces();
 #endif