Changeset 228589 in webkit
- Timestamp:
- Feb 16, 2018 4:46:52 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r228587 r228589 1 2018-02-16 Ryosuke Niwa <rniwa@webkit.org> 2 3 Add an entitlement check for service worker on iOS 4 https://bugs.webkit.org/show_bug.cgi?id=182865 5 <rdar://problem/37505903> 6 7 Reviewed by Brady Eidson. 8 9 Added an entitlement check to enable service workers on iOS. 10 11 * Shared/mac/SandboxUtilities.h: 12 * Shared/mac/SandboxUtilities.mm: 13 (WebKit::connectedProcessHasEntitlement): Added. 14 * StorageProcess/StorageProcess.cpp: 15 (WebKit::StorageProcess::createStorageToWebProcessConnection): Enforce the entitlement check by crashing 16 when this code is executed without the parent process having the service worker entitlement. This should 17 never happen unless someone is trying to bypass the entitlement check in UI Process since we ordinarily 18 disable service worker gracefully in WKWebView _initializeWithConfiguration. 19 (WebKit::StorageProcess::swServerForSession): Ditto. 20 (WebKit::StorageProcess::registerSWServerConnection): Ditto. 21 * StorageProcess/StorageProcess.h: 22 (WebKit::StorageProcess::parentProcessHasServiceWorkerEntitlement const): Added. 23 * StorageProcess/ios/StorageProcessIOS.mm: 24 (WebKit::StorageProcess::parentProcessHasServiceWorkerEntitlement const): Added. 25 * UIProcess/API/Cocoa/WKWebView.mm: 26 (-[WKWebView _initializeWithConfiguration:]): Disable the service workers when the entitlement is 27 missing from the current process. The entitlement is enforced by WebContent and Storage process. 28 This check avoids crashing WebContent process and gracefully disabling the feature. 29 * WebProcess/WebPage/WebPage.cpp: 30 (WebKit::WebPage::updatePreferences): Enforce the entitlement check. 31 * WebProcess/WebPage/WebPage.h: 32 (WebKit::WebPage::parentProcessHasServiceWorkerEntitlement const): Added. 33 * WebProcess/WebPage/ios/WebPageIOS.mm: 34 (WebKit::WebPage::parentProcessHasServiceWorkerEntitlement const): Added. 35 1 36 2018-02-16 Youenn Fablet <youenn@apple.com> 2 37 -
trunk/Source/WebKit/Shared/mac/SandboxUtilities.h
r215132 r228589 40 40 41 41 bool processHasEntitlement(NSString *entitlement); 42 bool connectedProcessHasEntitlement(xpc_connection_t, NSString *entitlement); 42 43 43 44 } -
trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm
r215132 r228589 93 93 } 94 94 95 bool connectedProcessHasEntitlement(xpc_connection_t connection, NSString *entitlement) 96 { 97 audit_token_t token; 98 xpc_connection_get_audit_token(connection, &token); 99 auto task = adoptCF(SecTaskCreateWithAuditToken(NULL, token)); 100 101 auto value = adoptCF(SecTaskCopyValueForEntitlement(task.get(), (__bridge CFStringRef)entitlement, nullptr)); 102 if (!value) 103 return false; 104 105 if (CFGetTypeID(value.get()) != CFBooleanGetTypeID()) 106 return false; 107 108 return CFBooleanGetValue(static_cast<CFBooleanRef>(value.get())); 95 109 } 110 111 } -
trunk/Source/WebKit/StorageProcess/StorageProcess.cpp
r228564 r228589 255 255 #if ENABLE(SERVICE_WORKER) 256 256 if (isServiceWorkerProcess && !m_storageToWebProcessConnections.isEmpty()) { 257 RELEASE_ASSERT(parentProcessHasServiceWorkerEntitlement()); 257 258 ASSERT(m_waitingForServerToContextProcessConnection); 258 259 m_serverToContextConnection = WebSWServerToContextConnection::create(m_storageToWebProcessConnections.last()->connection()); … … 405 406 SWServer& StorageProcess::swServerForSession(PAL::SessionID sessionID) 406 407 { 408 RELEASE_ASSERT(parentProcessHasServiceWorkerEntitlement()); 407 409 ASSERT(sessionID.isValid()); 408 410 auto result = m_swServers.add(sessionID, nullptr); … … 493 495 void StorageProcess::registerSWServerConnection(WebSWServerConnection& connection) 494 496 { 497 RELEASE_ASSERT(parentProcessHasServiceWorkerEntitlement()); 495 498 ASSERT(!m_swServerConnections.contains(connection.identifier())); 496 499 m_swServerConnections.add(connection.identifier(), &connection); -
trunk/Source/WebKit/StorageProcess/StorageProcess.h
r228564 r228589 85 85 #if ENABLE(SANDBOX_EXTENSIONS) 86 86 void getSandboxExtensionsForBlobFiles(const Vector<String>& filenames, WTF::Function<void (SandboxExtension::HandleArray&&)>&& completionHandler); 87 #endif 88 89 #if PLATFORM(IOS) 90 bool parentProcessHasServiceWorkerEntitlement() const; 91 #else 92 bool parentProcessHasServiceWorkerEntitlement() const { return true; } 87 93 #endif 88 94 -
trunk/Source/WebKit/StorageProcess/ios/StorageProcessIOS.mm
r227941 r228589 31 31 32 32 #import "SandboxInitializationParameters.h" 33 #import "SandboxUtilities.h" 33 34 #import <WebCore/FileSystem.h> 34 35 #import <WebCore/LocalizedStrings.h> … … 59 60 } 60 61 62 bool StorageProcess::parentProcessHasServiceWorkerEntitlement() const 63 { 64 static bool hasEntitlement = connectedProcessHasEntitlement(parentProcessConnection()->xpcConnection(), @"com.apple.developer.WebKit.ServiceWorkers"); 65 return hasEntitlement; 66 } 67 61 68 } // namespace WebKit 62 69 -
trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
r228114 r228589 45 45 #import "RemoteObjectRegistry.h" 46 46 #import "RemoteObjectRegistryMessages.h" 47 #import "SandboxUtilities.h" 47 48 #import "UIDelegate.h" 48 49 #import "VersionChecks.h" … … 605 606 #if ENABLE(LEGACY_ENCRYPTED_MEDIA) 606 607 pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::legacyEncryptedMediaAPIEnabledKey(), WebKit::WebPreferencesStore::Value(!![_configuration _legacyEncryptedMediaAPIEnabled])); 608 #endif 609 610 #if PLATFORM(IOS) && ENABLE(SERVICE_WORKER) 611 if (!WebKit::processHasEntitlement(@"com.apple.developer.WebKit.ServiceWorkers")) 612 pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::serviceWorkersEnabledKey(), WebKit::WebPreferencesStore::Value(false)); 607 613 #endif 608 614 -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp
r228587 r228589 3181 3181 #endif 3182 3182 3183 if (store.getBoolValueForKey(WebPreferencesKey::serviceWorkersEnabledKey())) 3184 RELEASE_ASSERT(parentProcessHasServiceWorkerEntitlement()); 3185 3183 3186 if (m_drawingArea) 3184 3187 m_drawingArea->updatePreferences(store); -
trunk/Source/WebKit/WebProcess/WebPage/WebPage.h
r228523 r228589 1214 1214 void updatePreferencesGenerated(const WebPreferencesStore&); 1215 1215 1216 #if PLATFORM(IOS) 1217 bool parentProcessHasServiceWorkerEntitlement() const; 1218 #else 1219 bool parentProcessHasServiceWorkerEntitlement() const { return true; } 1220 #endif 1221 1216 1222 void didReceivePolicyDecision(uint64_t frameID, uint64_t listenerID, WebCore::PolicyAction, uint64_t navigationID, const DownloadID&, std::optional<WebsitePoliciesData>&&); 1217 1223 void continueWillSubmitForm(uint64_t frameID, uint64_t listenerID); -
trunk/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
r228549 r228589 41 41 #import "PrintInfo.h" 42 42 #import "RemoteLayerTreeDrawingArea.h" 43 #import "SandboxUtilities.h" 43 44 #import "UserData.h" 44 45 #import "VisibleContentRectUpdateInfo.h" … … 390 391 } 391 392 393 bool WebPage::parentProcessHasServiceWorkerEntitlement() const 394 { 395 static bool hasEntitlement = connectedProcessHasEntitlement(WebProcess::singleton().parentProcessConnection()->xpcConnection(), @"com.apple.developer.WebKit.ServiceWorkers"); 396 return hasEntitlement; 397 } 398 392 399 void WebPage::sendComplexTextInputToPlugin(uint64_t, const String&) 393 400 { -
trunk/Tools/ChangeLog
r228587 r228589 1 2018-02-16 Ryosuke Niwa <rniwa@webkit.org> 2 3 Add an entitlement check for service worker on iOS 4 https://bugs.webkit.org/show_bug.cgi?id=182865 5 <rdar://problem/37505903> 6 7 Reviewed by Brady Eidson. 8 9 Added the service worker entitlements to WebKitTestRunner and TestWebKitAPI on iOS. 10 11 * TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements: 12 * WebKitTestRunner/Configurations/WebKitTestRunnerApp-iOS.entitlements: 13 * WebKitTestRunner/Configurations/WebKitTestRunnerApp.xcconfig: 14 * WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj: 15 1 16 2018-02-16 Youenn Fablet <youenn@apple.com> 2 17 -
trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-iOS.entitlements
r220536 r228589 7 7 <string>com.apple.TestWebKitAPI</string> 8 8 </array> 9 <key>com.apple.developer.WebKit.ServiceWorkers</key> 10 <true/> 9 11 </dict> 10 12 </plist> -
trunk/Tools/WebKitTestRunner/Configurations/WebKitTestRunnerApp.xcconfig
r222897 r228589 40 40 41 41 TARGETED_DEVICE_FAMILY = 1,2; 42 43 CODE_SIGN_ENTITLEMENTS[sdk=iphone*] = Configurations/WebKitTestRunnerApp-iOS.entitlements; -
trunk/Tools/WebKitTestRunner/WebKitTestRunner.xcodeproj/project.pbxproj
r225641 r228589 314 314 841CC00E181185BF0042E9B6 /* Options.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Options.h; sourceTree = "<group>"; }; 315 315 8DD76FA10486AA7600D96B5E /* WebKitTestRunner */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = WebKitTestRunner; sourceTree = BUILT_PRODUCTS_DIR; }; 316 9B0D132E2036D346008FC8FB /* WebKitTestRunnerApp-iOS.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = "WebKitTestRunnerApp-iOS.entitlements"; sourceTree = "<group>"; }; 316 317 A18510271B9ADE4800744AEB /* libWebKitTestRunner.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libWebKitTestRunner.a; sourceTree = BUILT_PRODUCTS_DIR; }; 317 318 A18510381B9ADF2200744AEB /* WebKitTestRunner.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = WebKitTestRunner.xcconfig; sourceTree = "<group>"; }; … … 753 754 BC25197111D15E61002EBC01 /* InjectedBundle.xcconfig */, 754 755 A18510381B9ADF2200744AEB /* WebKitTestRunner.xcconfig */, 756 9B0D132E2036D346008FC8FB /* WebKitTestRunnerApp-iOS.entitlements */, 755 757 A18510391B9ADFF800744AEB /* WebKitTestRunnerApp.xcconfig */, 756 758 BC251A1811D16795002EBC01 /* WebKitTestRunnerLibrary.xcconfig */,
Note: See TracChangeset
for help on using the changeset viewer.